This compliance digest highlights critical threats, including a surge in AI-driven phishing attacks and a critical Fortinet WAF vulnerability under active exploitation. Key regulatory updates include insights into the SEC’s operations post-shutdown and the implications of the UK’s Data (Use and Access) Act. Additionally, the digest covers third-party risks in Gibraltar and new AI cybersecurity guidance for the healthcare sector.
Top 5 Critical Compliance Alerts
- Phishing Season 2025: How AI is Supercharging Cyber Crime : AI-generated phishing has moved from a niche tactic to an everyday tool for cyber criminals, increasing the intensity of phishing campaigns. Read more
- Critical Fortinet FortiWeb WAF Bug Exploited in the Wild : A vulnerability in Fortinet’s FortiWeb WAF could allow unauthenticated remote attackers to execute administrative commands. Read more
- US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns : Individuals admitted to helping foreign IT workers gain employment at US companies using false identities and remote access. Read more
- Cyberattack Volume Increases Fueled by 48% YOY Increase in Ransomware Attacks : October saw a rise in cyberattack volume, driven by a significant year-over-year increase in ransomware attacks. Read more
- St. Anthony Hospital in Chicago Notifies Patients About February Data Breach : St. Anthony Hospital in Chicago is notifying patients about a data breach that occurred in February. Read more
Regulatory Updates
- Q&A: The SEC Is Up & Running After Shutdown; Now What? : Registrants should prepare for future delays as shutdowns become increasingly likely. Read more
Third-Party Risk & Due Diligence
- Gibraltar at a crossroads: What two landmark inquiries reveal about a jurisdiction under strain : Landmark inquiries reveal strain on Gibraltar’s jurisdiction due to alleged sabotage of a national security system. Read more
Policy & Governance Updates
- The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR : The Data (Use and Access) Act 2025 marks a significant moment in UK data protection legislation, reforming UK GDPR, DPA 2018, and PECR. Read more
- What You Need to Know About Maryland’s New Data Privacy Law : Maryland’s new data privacy law shifts focus to providing collection as a service benefiting consumers. Read more
Compliance Frameworks
- HSCC Publishes Preview of Health Sector AI Cybersecurity Risk Guidance : The Health Sector Coordinating Council (HSCC) plans to publish AI cybersecurity guidelines for the healthcare sector in Q1 2026. Read more
- Discovery Practice Management Settle Lawsuit Over 2020 Data Breach : Discovery Practice Management settles a class action lawsuit stemming from a June 2020 data breach. Read more
