This compliance intelligence digest highlights critical updates, focusing on the Akira ransomware’s new targeting of Nutanix VMs and a massive NPM registry attack. We also cover the new Cybersecurity Maturity Model Certification (CMMC) requirements for DoD contractors and expanding state ‘junk fees’ laws. Stay informed about these pressing issues to enhance your organization’s compliance and security posture.
Top 5 Critical Compliance Alerts
- Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs: The Akira ransomware group is actively experimenting with new attack methods, successfully targeting critical sectors through Nutanix VMs. Read more
- 150,000 Packages Flood NPM Registry in Token Farming Campaign: A self-replicating attack has led to a massive influx of malicious packages in the NPM registry, specifically targeting tokens for the tea.xyz protocol. Read more
- They’re Here! The Cybersecurity Maturity Model Certification Requirements for DoD Solicitations and Contracts Are Live: Contractors must now adhere to the Cybersecurity Maturity Model Certification (CMMC) requirements for DoD solicitations and contracts. Read more
- Expanding Patchwork of State “Junk Fees” Laws Presents Compliance Challenges: Companies face compliance challenges due to expanding state laws regulating fee disclosures and total price advertising, often termed “junk fees” laws. Read more
- FERC Staff Audit Report Identifies CIP Standard Compliance Risks in FY2025: A FERC staff audit report highlights risks to electric grid reliability based on Critical Infrastructure Protection (CIP) audits of NERC registered entities. Read more
Regulatory Updates
- Fall 2025 Financial Conferences Reveal the Rules That Will Shape 2026: Insights from Fall 2025 financial conferences reveal upcoming regulatory changes expected to shape financial services compliance in 2026. Read more
Third-Party Risk & Due Diligence
- Compliance and Social Media: What You Need to Know About Influencer Content: Companies face growing risks from influencer content, particularly concerning third-party intellectual property rights infringements. Read more
Policy & Governance Updates
- Preparing for Jersey’s new whistleblowing regime: Key insights and next steps: Insights and practical steps for employers in Jersey and Guernsey to prepare for the forthcoming whistleblowing regime. Read more
- Oregon’s Recycling Modernization Act: What Businesses Need to Know: Businesses need to understand Oregon’s Plastic Pollution and Recycling Modernization Act (RMA), which extends producer responsibility for packaging disposal. Read more
Other
- Cybersecurity Outlook 2026: Preview of the Cybersecurity Outlook 2026 virtual event. Read more
- Healthcare Compliance Essentials Workshop: Announcement for the Healthcare Compliance Essentials Workshop, providing foundational education on compliance program elements. Read more
- New Security Tools Target Growing macOS Threats: New tools aim to combat increasing malware threats targeting macOS, an area researchers say lacks attention. Read more
- Hardened Containers Look to Eliminate Common Source of Vulnerabilities: Companies are working to slim down containers to eliminate common vulnerabilities introduced by the “kitchen-sink” approach to building them. Read more
