Friday, July 11, 2025

Compliance Roundup - July 11, 2025

         

Compliance Roundup - July 11, 2025

Top 5 Critical Compliance Alerts

  • Assume Enforcement Has Eased? The SEC's $1.8 Billion Hindsight Says Otherwise. — The SEC upheld record fines in April, proving mobile compliance is not a political issue but a permanent regulatory priority. Read more
  • Request for Comments: PCI Secure Software Standard v2.0 — Eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Secure Software Standard v2.0 during a 30-day request for comments (RFC) period, from 10 July to 11 August. Read more
  • Webinar summary: Latest antitrust enforcement tools and guidance on antitrust compliance programs – Tuesday 10 June 2025 — Authorities are stepping up antitrust enforcement, using AI and data scraping to detect infringements. The panel discussed managing cross-border investigations and effective compliance in 2025. Read more
  • Annual Compliance Conference summary: Supply chains – Navigating ESG and Trade-related Risks — The session examined the intensifying ESG and trade-related risks facing global supply chains, shaped by shifting political priorities and evolving regulatory frameworks. Read more
  • What Policymakers Must Prioritize in the Next Decade of Financial Regulation — Technological innovation and cross-border finance are pushing 20th-century regulatory frameworks to their breaking point. Read more

Compliance Frameworks

  • Request for Comments: PCI Secure Software Standard v2.0 — Eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Secure Software Standard v2.0 during a 30-day request for comments (RFC) period, from 10 July to 11 August. Read more

Regulatory Updates

  • Assume Enforcement Has Eased? The SEC's $1.8 Billion Hindsight Says Otherwise. — The SEC upheld record fines in April, proving mobile compliance is not a political issue but a permanent regulatory priority. Read more

Third-Party Risk & Due Diligence

  • Annual Compliance Conference summary: Supply chains – Navigating ESG and Trade-related Risks — The session examined the intensifying ESG and trade-related risks facing global supply chains, shaped by shifting political priorities and evolving regulatory frameworks. Read more

Continue reading

Privacy Insights Digest - July 11, 2025

         

Privacy Insights Digest - July 11, 2025

Critical Privacy Alert

  • Eighth Circuit Vacates FTC Negative Option Rule — The Eighth Circuit vacated the FTC's revised Negative Option Rule, effective upon court mandate. Read more

Privacy Laws & Regulations (GDPR, CPRA, CCPA, AI Acts)

  • How to Build on Washington's "My Health, My Data" Act — EFF suggests ways for legislators and advocates to build on Washington's strong consumer data privacy law. Read more

Continue reading

Security Threat Summary - July 11, 2025

         

Security Threat Summary - July 11, 2025

Top 5 Critical Security Alerts

  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads — A critical vulnerability (CVE-2025-6514, CVSS 9.6) in the mcp-remote project allows attackers to execute arbitrary OS commands. Read more
  • eSIM Bug in Millions of Phones Enables Spying, Takeover — A 6-year-old Oracle vulnerability affects eSIMs, potentially enabling physical and network attacks. Read more

Threat Intelligence

  • UK Arrests Four in 'Scattered Spider' Ransom Group — UK authorities arrested four individuals believed to be members of the Scattered Spider ransomware group, which targeted airlines and retailers. Read more
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord — Cryptocurrency users are targeted by social engineering campaigns using fake AI and gaming companies to distribute malware. Read more
  • New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App — A new variant of the ZuRu macOS malware is targeting developers through trojanized versions of the Termius SSH client. Read more

Security Breaches & Incidents

  • Customer, Employee Data Exposed in Nippon Steel Breach — Customer and employee data from Nippon Steel's NS Solutions subsidiary was exposed in a breach. Read more
  • Ingram Micro Up and Running After Ransomware Attack — Ingram Micro recovered after a ransomware attack disrupted its website and order placement. Read more
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods — UK authorities arrested four individuals in connection with cyberattacks targeting major retailers. Read more

Security Tools & Best Practices

  • Patch, track, repeat — Consistent tracking and patching remain critical in the evolving vulnerability landscape of 2025. Read more
  • SIM Swap Fraud Is Surging — and That's a Good Thing — The surge in SIM swap fraud highlights the need for more robust authentication systems. Read more

Emerging Security Technologies

  • Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors — Vulnerabilities in the Model Context Protocol (MCP) ecosystem pose risks as organizations integrate AI models. Read more
  • What Security Leaders Need to Know About AI Governance for SaaS — Security leaders need to address AI governance as generative AI integrates into SaaS applications. Read more

Vulnerability Roundup

  • Asus and Adobe vulnerabilities — Cisco Talos disclosed vulnerabilities in Asus Armoury Crate and Adobe Acrobat products. Read more

Cloud & Network Security

  • ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs — A high-severity flaw in ServiceNow could lead to data exposure via misconfigured ACLs (CVE-2025-3648). Read more

Security Standards & Frameworks

  • AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs — AMD warns of Transient Scheduler Attacks (TSA), a new set of vulnerabilities affecting a broad range of CPUs. Read more

Continue reading

Thursday, July 10, 2025

🚨 Alert: New Breach Reported via HaveIBeenPwned on July 10, 2025

         
Catwatchful Logo

Catwatchful

Domain: catwatchful.com

Breach Date: 2025-06-09

Record Added: 7/3/2025, 11:04:01 PM

Modified Date: 7/3/2025, 11:04:01 PM

Total Records Exposed: 61,641

Description

In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.

Data Compromised

  • Email addresses
  • Passwords

Verified Breach: Yes

Continue reading

[CVE] 1 change on Microsoft

         
New OpenCVE notification

This email has been sent from the Critical Vulnerabilities notification of the securityinsights/CVE project.

1 vulnerabilities have been updated on 2025-07-10 between 01:00 and 01:59.

Critical Vulnerabilities (1)

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

Changes: first_time, cpes, vendors
Subscriptions: Microsoft

© 2025 OpenCVE, All rights reserved
Update your notifications to unsubscribe this notification

Continue reading

Compliance Roundup - July 10, 2025

         

Compliance Roundup - July 10, 2025

Top 2 Critical Compliance Alerts

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

Anti-Corruption

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

Anti-bribery

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

Corruption

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

Europe

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

North America

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

UK

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

USA

  • Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
  • Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more

Continue reading

Privacy Insights Digest - July 10, 2025

         

Privacy Insights Digest - July 10, 2025

Top 5 Critical Privacy Alerts

  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets — ICE is using a health and car insurance claims database to track down individuals for deportation. Read more
  • Google Settles Privacy Class Action Over Period Tracking App — Google settled a class action alleging it surreptitiously collected sensitive health data from users of the Flo period tracking app. Read more
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges — A Tennessee resident was sentenced to 30 months in federal prison for cyberstalking fourteen victims. Read more
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children — The DOJ has sent subpoenas to doctors and clinics involved in performing transgender medical procedures on children. Read more

Privacy Laws & Regulations (GDPR, CPRA, CCPA, AI Acts)

  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets — ICE is using a health and car insurance claims database to track down individuals for deportation. Read more

Regulatory Fines & Enforcement Actions

  • Google Settles Privacy Class Action Over Period Tracking App — Google settled a class action alleging it surreptitiously collected sensitive health data from users of the Flo period tracking app. Read more
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges — A Tennessee resident was sentenced to 30 months in federal prison for cyberstalking fourteen victims. Read more

Continue reading

Subscribe to: Posts (Atom)