#SEC disclosure
24 stories taggedSEC disclosure · page 2 of 2.

Weekly Recap: Old Tricks, New Victims — Poisoned Packages, a Chatbot Bypass, and a GitHub Worm
A week of loud incidents masked quieter intrusions. The common thread: failures that should have been caught at code review.

AI-Generated Phishing Is Drowning SOC Queues. The Policy Response Is Lagging.
Tier 1 analysts face a volume problem that existing disclosure and reporting regimes were not built to absorb.

Corporate Cyber Readiness Is a Compliance Exercise. The Military Treats It as Combat.
Enterprise incident response still runs on annual tabletops and audit checkboxes. That gap between posture and practice is exactly what attackers count on.

Silent Ransom Group Escalates Vishing Campaign Against U.S. Law Firms
Mandiant tracks rapid data theft following fake IT-support calls, raising fresh questions about Form 8-K Item 1.05 disclosure timing for affected firms.

HD Moore's Pitch to Defenders: Stop Racing Patches, Reshape the Network
The Metasploit creator argues blast-radius control, not patch velocity, is what regulators and boards should be measuring.

Weekly Recap: Linux Privilege Flaw, PAN-OS Exploitation, and OAuth Phishing Surge
A patchy Monday across auth paths, repos, and dev tooling — with regulators watching the disclosure clock.

Shadow AI Is Now a Compliance Problem, Not Just an IT One
Employees are running unsanctioned AI assistants by the handful. Regulators are starting to ask who approved them, and under which control framework.

Twenty Years of Cyber Lessons and We're Still Losing on the Basics
The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.

AI Agent Identities Are Redrawing Enterprise IAM Budgets
New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.