cybersecurity law

Microsoft’s Zero-Day Disclosure Backlash: Did Legal Threats Go Too Far?

Microsoft Threatens Legal Action Over Exploit Disclosure

| | BitLocker, bug bounty, Cybersecurity, cybersecurity law, Digital Privacy, Episodes, full disclosure, GitHub, Microsoft security, MSRC, Podcast, Privacy, Proof-Of-Concept Exploit, responsible disclosure, Security Community, security researchers, surveillance, Vendor Accountability, Vulnerability Disclosure, Weekly Edition, zero-day vulnerabilities
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare ...
Shared Security Podcast
ai governance, vatican, artificial intelligence

Magnifica Humanitas – Pope Leo’s Take on Intelligence – Artificial and Otherwise

| | AI decision infrastructure, AI Governance, artificial intelligence policy, cybersecurity law, Magnifica Humanitas, Pope Leo XIV
A comparative analysis of global AI governance strategies (US, EU, UK, China, and others) contrasted against the Vatican's 2026 encyclical Magnifica Humanitas, framing AI as critical decision infrastructure rather than just a ...
Security Boulevard
PTFM? Is It Legal to Pay the Hacker? Canvas, Uber and the Criminal Law of Cyber Extortion

PTFM? Is It Legal to Pay the Hacker? Canvas, Uber and the Criminal Law of Cyber Extortion

| | aml compliance, Canvas breach, cyber extortion, cybersecurity law, Instructure cyberattack, OFAC, Ransomware legality, Sanctions violation
This article highlights how the Canvas/Instructure breach exposes the complex and treacherous legal landscape of ransomware payments, moving beyond the business ethics of negotiation to the potential violations of sanctions regimes, anti-money ...
Security Boulevard
DOJ cryptocurrency scams

Sue The Hackers – Google Sues Over Phishing as a Service

| | CFAA, civil cyber litigation, cyber defense strategy, cybercrime infrastructure, cybersecurity law, domain seizures, hacking lawsuits, Meta legal actions, Microsoft botnets, Phishing as a Service, private right of action, RICO
Google’s Lighthouse lawsuit signals a new era in cybersecurity, where companies use civil litigation—including the CFAA, Lanham Act, and RICO—to dismantle phishing networks, seize malicious infrastructure, and fight hackers when criminal prosecution ...
Security Boulevard
disclosure, WAFs, compliance, GRC automation, platforms, compliance, risks, security, GhangorCloud AML regulatory Security GDPR Compliance

No Good Deed Goes Unpunished: Why Voluntary Disclosure of Cybersecurity Violations Doesn’t Mean You Won’t Be Punished for Bad Security

| | Aero Turbine case, cisa, compliance programs, CUI, CYBERSECURITY COMPLIANCE, cybersecurity contracting, cybersecurity law, cybersecurity liability, Data Security, defense contractors, DFARS 252.204-7012, disclosure penalties, DoD Voluntary Disclosure Program, DOJ Corporate Enforcement Policy, DOJ policy, false certification, False Claims Act, federal contracts, fedramp compliance, Gallant Capital Partners, government enforcement, legal risk management, NIST SP 800-171, self-reporting, Universal Health Services v. Escobar, voluntary disclosure
Voluntary cybersecurity disclosure reduces penalties but not liability. In compliance, honesty helps—but it’s no safe harbor ...
Security Boulevard
Facebook Accused of Violating Vietnam’s Cyber Law

Facebook Accused of Violating Vietnam’s Cyber Law

| | cybersecurity law, Data Privacy, facebook, Industry News, online censorship, Social networks, Vietnam
Vietnam’s controversial cybersecurity law that tightens government control of the online environment just came into effect on Jan. 1 and it’s already claiming its first victim, writes the Financial Times. On Tuesday, ...
HOTforSecurity