GRC & Regulatory Intelligence

CERT-In · SEBI CSCRF · DPDP · RBI · IRDAI · NIST · SOC 2 · ISO 27001

Plain-English regulatory updates for compliance professionals.
Last updated: 7/18/2026, 6:48:47 AM (Updates every 2 hours)

Featured Updates

India RegulatorySEBI Official CircularSEBI Official Circularyesterday

SEBI Mandates New CSCRF Cyber Framework for Stock Brokers

SEBI has issued the final Cybersecurity and Cyber Resilience Framework (CSCRF) which unifies previous guidelines. Organizations now have to strictly segregate duties and implement real-time SOC monitoring.

SEBICSCRFIndiaCompliance

Practitioner's Take

This is a massive shift for Indian brokers. The transition period is short, and the cost of non-compliance (both operational and regulatory) is extremely high. Focus on vendor risk management first.

Latest News

Cybersecurity

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it.

The Hacker NewsThe Hacker News9 hours ago
Cybersecurity

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.

The Hacker NewsThe Hacker News10 hours ago
Cybersecurity

Inc Ransomware Exploits SonicWall SMA Zero-Days

When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall's mobile access appliances.

Breach
Dark ReadingDark Reading11 hours ago
Cybersecurity

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.

The Hacker NewsThe Hacker News12 hours ago
Cybersecurity

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, ...

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

The Real AI Threat Is Blind Trust

AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.

Dark ReadingDark Readingyesterday
Cybersecurity

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine.

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges.

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

Gold Eagle Clearinghouse Targets Security Gap, but How Is Unclear

The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it's being implemented.

Dark ReadingDark Readingyesterday
Cybersecurity

Google Bets 'Agentic Defense' Strategy Can Outpace Attackers

Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.

Dark ReadingDark Readingyesterday
Cybersecurity

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating ta...

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U. S.

Breach
The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pr...

The Hacker NewsThe Hacker Newsyesterday
Cybersecurity

Agentic AI: Taming the Unpredictable

Agentic artificial intelligence is creating enough risks for organizations to demand a security reframe.

Dark ReadingDark Readingyesterday
Cybersecurity

1M+ Emails Use Hidden Text to Dupe AI Security Filters

Artificial intelligence and LLMs can be surprisingly ineffective against text salting, allowing phishing emails to slide right into your inbox.

Dark ReadingDark Readingyesterday
Cybersecurity

Police Disrupt a €140M Cyber Fraud Ring in Spain

Iberian hackers carried out a variety of cyberattacks and laundered the winnings through complex financial networks.

Breach
Dark ReadingDark Reading2 days ago
Cybersecurity

Forgotten Bootloaders Expose Secure Boot Blind Spot

Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to bypass Secure Boot.

Dark ReadingDark Reading2 days ago
Cybersecurity

Identity Attacks Overtake Exploits as Top Ransomware Cause

Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.

Breach
Dark ReadingDark Reading2 days ago
Cybersecurity

Guten Tag, Bonjour, Hola to Our European Cyber Defenders!

We're thrilled to unveil the latest evolution of Dark Reading's DR Global section — your go-to source for region-specific cybersecurity intelligence beyond North America.

Dark ReadingDark Reading3 days ago
💡

Spotted an update we missed?

Submit a news tip and we'll add it to the feed.

By submitting, you agree to our Terms of Use and Privacy Policy. We process data for compliance analysis, newsletters, reports, and updates. Contact details may be shared with partners as business leads.

WEEKLY DIGEST

Get this feed in your inbox

Join 5,000+ compliance professionals who receive our weekly curated GRC update.

By subscribing, you agree to our Terms of Use and Privacy Policy. We process data for compliance analysis, newsletters, reports, and updates.