Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Due to growing awareness of data privacy risks, organizations face mounting pressure from regulators to safeguard sensitive personal information. This can be particularly challenging for US companies, which must adhere to both domestic regulations, such as the CCPA and HIPAA, as well as international frameworks in their target global markets.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! You might want to get on to this…

A leading insurance and asset management company was hit by a large-scale data breach, impacting more than four million customer and employee records and resulting in widespread media attention. Through an accelerated response with emergency call center support, a dedicated support website and expedited notice mailing, Kroll’s Breach Notification services ensured the business was able to take quick and decisive action following this globally significant security event.

By Omry Farajun, President and CEO, Storage Guardian Storage Guardian, in partnership with Acronis, has launched the Incident Response Planner to help organizations meet CIS Control 17 – Incident Response Management. The solution uses out-of-band SMS communication and predefined response templates to rapidly engage key stakeholders, host a centralized incident response plan and execute validation drills and tabletop exercises with confidence.

The persistence of decades-old technology in industrial settings is a fact of life. Operational technology (OT) environments in factories, power plants and critical infrastructure facilities are studded with industrial PCs running operating systems that the corporate IT world retired years ago.

Following the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers, Outpost24’s threat intelligence team has compiled a comprehensive analysis of the incident based on publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements.

The VMware virtual machine disks consolidation is needed error usually appears when snapshots fail to merge correctly with the main virtual disk. This problem often occurs after incomplete backups, canceled snapshot deletions, or low storage space. Left unresolved, it can slow down your VM or even risk data corruption. Read this blog to learn why the virtual machine consolidation needed status occurs and how to resolve it safely.

Today, we’re excited to share that Cloudflare has acquired Human Native, a UK-based AI data marketplace specializing in transforming multimedia content into searchable and useful data.

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn’t new, but Microsoft has observed a surge in these attacks since May 2025. “Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally,” the researchers write.

As we step into 2026, Bitsight researchers are closely watching key developments across the cyber risk landscape. Their insights reveal a dynamic tension between rising threats and new opportunities to strengthen defenses. Here's what they predict for the year ahead, and what security teams should be prepared to navigate.