#NIS2
13 stories taggedNIS2.

Microsoft Tightens Teams Meeting Controls for External AI Bots
A new admin policy requires organizer approval before automated external participants can join Teams meetings — a quiet but consequential shift in how enterprises govern AI access to sensitive calls.

Behavioral AI Pitched as Answer to Identity-Abuse Phishing, But Regulators Still Set the Bar
A vendor webinar makes the case for behavioral detection against BEC and account takeover. The compliance questions sit underneath.

Adobe Ships Emergency Fixes for Seven CVSS 10.0 Bugs in ColdFusion, Campaign Classic
Out-of-band advisories cover arbitrary code execution and privilege escalation paths. Administrators face a short remediation window before public exploit code is likely.

Active Exploitation Reported Against Progress Kemp LoadMaster Pre-Auth RCE (CVE-2026-8037)
Threat responders flag in-the-wild attempts against a 9.6-rated OS command injection flaw in the load balancer, days after Progress issued a fixed build.

Tailscale and OpenSSH Became a Junior Operator's Back Door After His Havoc C2 Went Dark
An intrusion at a small French auto-sector firm shows how commodity remote-access tooling defeats the assumption that killing the C2 ends the incident.

Sovereign Cloud Gives You a Data Center. Identity Governance Gives You Control.
European enterprises spent two years and real money on sovereign cloud deployments. What they found is that data residency is the easy part — and that AI agent identities are the part nobody governed.

MDR's AI Reckoning: When the Old Service Model Stops Keeping Up
Managed detection and response solved a staffing problem. It is not, by itself, an answer to adversaries who automate reconnaissance and intrusion at machine speed.

Harvest Now, Decrypt Later: Most Organizations Still Aren't Ready for the Quantum Cryptography Shift
NIST published its first three post-quantum standards in 2024. A year later, only 5% of security teams have a defined strategy. The clock is running whether they know it or not.

AI-Generated Phishing Is Drowning SOC Queues. The Policy Response Is Lagging.
Tier 1 analysts face a volume problem that existing disclosure and reporting regimes were not built to absorb.

HD Moore's Pitch to Defenders: Stop Racing Patches, Reshape the Network
The Metasploit creator argues blast-radius control, not patch velocity, is what regulators and boards should be measuring.

Weekly Recap: Linux Privilege Flaw, PAN-OS Exploitation, and OAuth Phishing Surge
A patchy Monday across auth paths, repos, and dev tooling — with regulators watching the disclosure clock.

GREYVIBE: New Russian-Speaking Cluster Tied to Sustained Operations Against Ukraine
Researchers attribute an August 2025 campaign wave to a previously undocumented actor whose tasking patterns align with Kremlin interests.

Operators Warn AI-Generated Traffic Is Outpacing Static DDoS Defences as Regulators Eye Disclosure Rules
Machine-learning-driven flood attacks are reshaping volumetric thresholds faster than current incident-reporting frameworks anticipated.