Cryptohack Roundup: UK Crypto Firms Tied to Iran Sanctions
- U.K. crypto exchanges linked to Iranian sanctions evasion.
- FBI alert on North Korean QR-code phishing campaign.
Public regulatory intelligence
What changed and why it matters
A source-linked regulatory intelligence feed for Texas credit union compliance and executive leadership. Use it to catch up quickly before diving into the underlying material.
Start with the clearest developments below, then open the original source material when you need the governing detail. The source remains the authority.
Trump's National Fraud Enforcement Plan Falls Short
• The new National Fraud Enforcement division focuses on public programs but does not address private sector fraud.
• Coordination with banks and payment platforms is lacking, which could limit its effectiveness.
Incorporating Geopolitical Risk Into Your IT Strategy
• IT organizations must incorporate geopolitical risk into their scenario planning.
• Strengthening cyber basics and building redundancy are essential steps.
Court Axes Investor Lawsuit Over CrowdStrike Software Update
• Judge dismissed most claims of misrepresentation in a class-action lawsuit against CrowdStrike related to its software testing procedures before an outage. • Two statements about federal compliance were deemed potentially misleading, but the...
PharMerica Will Pay at Least $5.2M to Settle Hack Lawsuit
PharMerica will pay at least $5.27 million as part of a preliminary class action settlement for a 2023 data theft incident affecting 5.8 million individuals; the company must also enhance its security measures.
Verizon Outage Felt Across United States
- Verizon experienced a significant outage affecting mobile phone connectivity in the Eastern Seaboard and Southern parts of the U.S., with the peak around 1 p.m. - The cause is unknown, but previous outages...
Seraphic Acquisition Arms CrowdStrike for AI Browser Threats
- Seraphic acquisition by CrowdStrike enhances web detection and response capabilities for AI-driven browser activity.
- The technology secures browsers against data leakage, session hijacking, and other web-based threats.
The Difference Between Answering for and Owning It
- In cybersecurity organizations, the person with influence on decisions may not have formal authority.
- Strategies are available for individuals in such roles to enhance their impact and responsibilities.
Flaw in AI Libraries Exposes Models to Remote Code Execution
- Remote code execution vulnerabilities found in AI libraries from Apple, Salesforce, and Nvidia.
- These libraries are widely used by models with tens of millions of Hugging Face downloads.
DeadLock Ransomware Group Utilizes Polygon Smart Contracts
- DeadLock ransomware group uses blockchain smart contracts to store proxy server addresses for facilitating negotiations with victim organizations.
- This technique indicates the group's sophistication and suggests they are experienced cybercriminals.
Building a Solid IT Strategy in an Unstable World
- CIOs must develop IT strategies that are resilient to geopolitical instability.
- Strategies should consider the risks associated with global supply chains in AI, cloud services, and cybersecurity.
WitnessAI Secures $58M to Grow Global AI Security Reach
- WitnessAI has secured $58 million to expand its AI security platform globally.
- The funding will support the development of MSSP-ready offerings and enhanced capabilities for detecting unauthorized AI agents.
Lawmakers Urged to Let US Take on 'Offensive' Cyber Role
- Analysts warn that the U.S.' cyber deterrence efforts are failing, allowing foreign adversaries like China to embed in critical infrastructure networks with minimal cost. - There is a call for faster, coordinated offensive...
Minimizing Attack Surface in IT-OT Converged Manufacturing Environments
- Emphasizes the importance of minimizing attack surface in IT-OT converged manufacturing environments.
- Highlights the need for robust cybersecurity measures to protect against potential threats.
Cancer Center: Hackers Stole Research Files, Encrypted Data
- Ransomware hackers stole research files from the University of Hawaii Cancer Center in an August 2025 incident.
- This highlights risks involving compromises of medical research data.
Overcoming Machine Identity Overload
• Modernization through AI and DevOps introduces a larger attack surface due to increased machine identities.
• Experts from CyberArk and Accenture discuss the challenges of managing identity sprawl in enterprises adopting new technologies.
Magecart Hits Continue: Stripe Spoofing, Supply Chain Risks
• Magecart-style attacks continue targeting payment card data through spoofed Stripe payment forms.
• ConnectPOS exposes its code repository for years, posing a supply-chain risk for customers.
Dark Patterns, Children's Data and Corporate Fiduciary Risk
• Dark patterns and manipulative UX practices are now considered core security risks for credit unions.
• Fiduciary duty breaches can occur through poor consent flows, defaults, and data monetization choices.
One Simple Trick to Knock Out the Wi-Fi Network
- A flaw in Broadcom chipsets used in wireless routers allows attackers to repeatedly knock offline the 5 GHz band.
- Security settings do not prevent this attack.
AI Supply Chain Risk: Will CIOs Be Held Accountable?
Modern AI environments introduce new risks due to dynamic external models and open-source components; IT processes for vendor risk reduction are insufficient in this era.
Inside the Growing Problem of Identity Sprawl
- Modern enterprises are struggling with a systemic drift in identity management, leading to an expanded attack surface.
- Adversaries are increasingly exploiting this lack of control over identities.
SAP Defense in Focus as Zerlang Takes Over at SecurityBridge
- Jesper Zerlang, CEO of SecurityBridge, highlights SAP security as a weak link in enterprise risk strategies.
- Zerlang plans global expansion and US push for the company.
NIST Calls for Public to Help Better Secure AI Agents
- NIST is seeking public input on security threats from agentic AI systems.
- The focus is on potential vulnerabilities such as hijacking, backdoors, and misaligned behavior across federal networks.
1Password Focuses on Identity Security in Agentic AI Era
1Password has appointed Nancy Wang as chief technology officer to oversee the development of AI-driven security strategies; 'Agents' are described as a new class of identities in this context.
California Fines, Bans Data Broker in Privacy Crackdown
- California regulators fined and banned a Texas company for selling sensitive health and demographic data.
- The firm is prohibited from selling personal information of all Californians.