This compliance intelligence digest highlights critical vulnerabilities, including an active threat targeting 400,000 WordPress sites and a ransomware attack on a New Jersey medical center. We also cover emerging risks in software update tools and the increasing sophistication of ransomware attacks in Europe. Stay informed about key regulatory updates and compliance frameworks to protect your organization.
Top 5 Critical Compliance Alerts
- Critical Site Takeover Flaw Affects 400K WordPress Sites: Attackers are actively exploiting a vulnerability in the Post SMTP plugin, potentially compromising accounts and websites. Read more
- New Jersey Medical Center Suffers Ransomware Attack: Central Jersey Medical Center experienced a ransomware attack, impacting patient data and operations. Read more
- Risk ‘Comparable’ to SolarWinds Incident Lurks in Popular Software Update Tool: A widely used software update tool contains a risk that could introduce malware, affecting numerous technology companies. Read more
- Europe Sees Increase in Ransomware, Extortion Attacks: European organizations are facing a surge in cyberattacks, with attackers exploiting geopolitical tensions and AI-enhanced social engineering. Read more
- Federal AI Contracts and the New Era of False Claims Act Enforcement: Increased federal investment in AI contracts is leading to greater scrutiny and enforcement under the False Claims Act. Read more
Compliance Frameworks
- What is SOC2 Audit & Can it Replace a Business Associate Agreement?: An explanation of SOC2 audits and their potential role in fulfilling Business Associate Agreement requirements. Read more
- SOC 2 Compliance Checklist: Why it Doesn’t Exist (And What to Do Instead): Discusses the lack of a definitive SOC 2 checklist and offers alternative approaches to prepare for audits. Read more
Regulatory Updates
- Michigan Lawmakers Consider Raising MIOSHA Penalties to Match Federal Levels: Legislation is being considered to increase Michigan Occupational Safety and Health Administration (MIOSHA) penalties to align with federal OSHA standards. Read more
- Rhode Island’s New Hire Notice Requirements Go Live Jan. 1, Impacting All Employers: Starting January 1, 2026, Rhode Island employers must provide new hires with written notices containing key employment terms. Read more
- California Prevailing Wage Compliance: The Three P’s to Know: An overview of California’s prevailing wage requirements for public works projects and how to ensure compliance. Read more
- December 1, 2025 FCC EEO Deadlines for Stations in AL, GA, CO, MN, MT, ND, SD, CT, ME, MA, NH, RI, and VT: Radio and television stations in specified states must prepare and post an annual EEO Public File Report by December 1, 2025. Read more
Third-Party Risk & Due Diligence
- Is Supplier–Manufacturer Collaboration Easier with PartnerQuest by CQ?: Explores how PartnerQuest by CQ can streamline collaboration between suppliers and manufacturers. Read more
