Today’s compliance intelligence digest highlights critical security and regulatory updates. Key alerts include a new malware campaign leveraging the OpenAI API, a significant healthcare data breach affecting over 92,000 patients, and indictments related to BlackCat ransomware attacks. Also covered are regulatory updates from the FCA and new compliance requirements in Rhode Island.
Top 5 Critical Compliance Alerts
- SesameOp Backdoor Uses OpenAI API for Covert C2: New malware campaign uses OpenAI API for command and control, demonstrating misuse of generative AI services. Read more
- Oglethorpe Hacking Incident Affects More Than 92,000 Patients: A Tampa, FL-based mental health network disclosed a security incident affecting over 92,000 patients. Read more
- U.S. Nationals Indicted for BlackCat Ransomware Attacks on Healthcare Organizations: Two U.S. nationals have been indicted for using BlackCat ransomware to target healthcare organizations. Read more
- Android Malware Mutes Alerts, Drains Crypto Wallets: New Android malware, BankBot-YNRK, targets Indonesian users by masquerading as legitimate applications to steal cryptocurrency. Read more
- Training failures leave UK firms exposed under new data law: VinciWorks survey reveals that fewer than 2% of organizations are fully ready for the Data Use and Access Act, with staff training emerging as the single biggest compliance gap. Read more
Compliance Frameworks
- How DORA fits with ISO 27001, NIS2 and the GDPR: Article discusses how DORA builds on existing frameworks like ISO 27001, NIS2, and GDPR for ICT risk governance in the EU financial sector. Read more
Regulatory Updates
- AML in practice: What the Law Society’s SARs review means for Scottish legal firms: The Law Society of Scotland’s SARs Thematic Review examines AML reporting obligations for Scottish legal practices. Read more
- FCA Updates Treasury Select Committee on Non-Financial Misconduct: Now is The Time to Take Action: The FCA updates its approach to non-financial misconduct, emphasizing it as a regulatory issue. Read more
- Rhode Island’s New Hire Notice Requirements Go Live Jan. 1, Impacting All Employers: Effective Jan. 1, 2026, Rhode Island employers must provide new hires with written notice of employment terms. Read more
Third-Party Risk & Due Diligence
- On the Road Again: Hackers Hijack Physical Cargo Freight: Attackers are using remote monitoring tools to steal physical cargo in the trucking and freight supply chain. Read more
Policy & Governance Updates
- AdvaMed modernizes its code of ethics for the digital era: AdvaMed updates its Code of Ethics on Interactions with US Health Care Professionals. Read more
- Bermuda: New Beneficial Ownership Framework: Bermuda implements a new beneficial ownership framework with the Beneficial Ownership Act 2025. Read more
