If you are a Signal user, be on the alert for a new phishing campaign that attempts to steal recovery keys used to access cloud backups.
If successful, the attackers could have access to entire message archives, conversations, photos and documents shared through the Signal platform. Signal is often used for highly sensitive communications, so…
On May 27, 2026, Connecticut Governor Ned Lamont signed Senate Bill 5 (“the Bill”) into law, creating a broad framework for artificial intelligence oversight in the state. The Bill reaches beyond any single category of AI use and touches consumer disclosures, employment tools, AI companions, synthetic media, workforce issues, state agency AI use, and privacy-related…
A California court just gave companies facing website tracking claims under the California Invasion of Privacy Act (CIPA) a very helpful ruling. In Blaker v. NetScout Systems, Inc., Case No. 25STCV31283 (May 27, 2026), the plaintiff claimed that NetScout violated California’s trap-and-trace law by using a software development kit (SDK) on its website that allegedly captured…
A new report by Wired states that customer data from “more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.” According to the report, travelers’ information and booking data may have been stolen from the hotels and are being used by threat actors to launch social engineered phishing…
I am a big fan of Verizon’s yearly Data Breach Investigations Report. I follow it closely, as it confirms what we are seeing in the field, and provides validation for defense strategies employed to protect against attacks. The 2026 Report was recently published, and as I have mentioned before, it is well worth reading.…
Colorado has now significantly revised its AI governance framework before the law ever takes effect. SB 26-189, approved by Governor Jared Polis on May 14, 2026, repeals and reenacts key portions of the Colorado Artificial Intelligence Act (CAIA) and reframes the law around “automated decision-making technology” (ADMT) used to materially influence consequential decisions in areas such…
As you can tell, I am obsessed with Verizon’s Data Breach Investigations Report. It is worthy of full immersion, and I am picking it apart with precision (here and here). I always spend a lot of time delving into it as it informs and confirms strategies to assist others with prevention and resilience.…
Verizon recently published its 2026 Data Breach Investigations Report, which is full of helpful information for cybersecurity professionals to implement strategies for protection of systems. For a summary, click here.
The Report notes that a whopping “67% of users are using non-corporate accounts on their corporate devices to access AI services” and “45%…
On May 20, 2026, in Zelma v. Wonder Group Inc. (D.N.J. May 20, 2026), a federal court in New Jersey largely dismissed Telephone Consumer Protection Act (TCPA) claims against food-tech company Wonder Group Inc. (Wonder), holding that two bare verification-code text messages were not “telephone solicitations” or “unsolicited advertisements.”
The TCPA regulates certain calls and…
A recent Third Circuit decision gives companies another strong defense point in the wave of website tracking and session replay litigation, including claims brought under the California Invasion of Privacy Act (CIPA). In Smidga v. Spirit Airlines, the plaintiffs alleged that Spirit used session replay code to record website visitors’ interactions, including text entries, clicks, and…
