Gold Eagle Clearinghouse Targets Security Gap, But How Is Unclear

The White House has launched the Gold Eagle Clearinghouse initiative to improve the coordination of vulnerability responses within the rapidly evolving AI landscape. However, significant questions remain regarding the specific implementation details and operational effectiveness of this new program.

Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive

This article discusses the rapid advancements in artificial intelligence, specifically agentic AI, and questions whether current governance, compliance, and security practices are evolving quickly enough to manage these new technologies. It highlights potential security challenges arising from the pace of AI development.

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission has ordered Google to grant rival AI assistants access to Android features currently exclusive to Google's Gemini, including microphone, camera, screen content, and background app control. This mandate requires implementation in the next Android release and by August 1, 2027.

Senior executives are killing your shadow AI strategy

A significant majority of senior executives admit to using unapproved AI tools, a practice known as "shadow AI," despite awareness of security and data privacy risks. This trend poses a major challenge for CISOs, as executive adoption of unsanctioned tools undermines governance and sends a message that speed is prioritized over security.

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include two command injection vulnerabilities in Fortinet FortiSandbox OS and a deserialization vulnerability in Microsoft SharePoint. The update reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04 for federal agencies to prioritize remediation of these high-risk vulnerabilities.

CISA urges software vendors to formalize vulnerability disclosure programs

CISA, alongside international cybersecurity agencies, has released guidance urging software vendors and online service providers to establish formal Coordinated Vulnerability Disclosure (CVD) programs. These programs aim to improve vulnerability management and product security by structuring how organizations receive, assess, and respond to reports from security researchers.

EFF and ARTICLE 19 Submission to the European Commission on the DSA Trusted Flagger Guidelines

The Electronic Frontier Foundation (EFF) and ARTICLE 19 have submitted joint comments to the European Commission regarding draft guidelines for the Digital Services Act's (DSA) trusted flagger mechanism. Their submission aims to strengthen safeguards for freedom of expression, due process, and the impartiality of the system, advocating for caution in cross-border assessments and clarifying that platforms remain responsible for determining content legality.

California Steps Back From Dangerous Expansion of its Age-Gating Law

California's legislature has scaled back a proposed expansion of its age-gating law, specifically removing provisions that would have significantly impacted internet browsers and websites. The amended bill, A.B. 1856, also exempts open-source operating systems, addressing concerns about privacy and security threats previously raised by organizations like the EFF.

Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife

The UK and other countries are considering reducing their reliance on US tech companies due to US government restrictions on AI models from companies like Anthropic and OpenAI. This potential "Tech-xit" has significant implications for cybersecurity as nations seek greater technological sovereignty.

🚫 Don't Let Congress Age-Gate the Internet | EFFector 38.13

The article discusses the renewed effort in Washington to "age gate" the internet, citing the recently passed KIDS Act by the House of Representatives. The EFF argues that while proponents claim the act is for minor protection, it encourages more surveillance instead of prioritizing privacy.

White House launches AI-driven vulnerability clearinghouse to speed cyber remediation

The White House has launched the Gold Eagle initiative, an AI-driven vulnerability clearinghouse designed to accelerate the identification, prioritization, and remediation of software vulnerabilities for government agencies and critical infrastructure operators. This program aims to coordinate vulnerability reporting and remediation efforts across federal agencies, open-source communities, and the private sector, leveraging advanced AI capabilities.

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2023-4346 and CVE-2026-46817, due to evidence of active exploitation. The article emphasizes the importance of the KEV Catalog for federal agencies in prioritizing security updates based on risk, as mandated by Binding Operational Directive (BOD) 26-04, and encourages all organizations to adopt similar risk-based vulnerability management practices.

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

CISA, NSA, and international partners have released guidance on establishing Coordinated Vulnerability Disclosure (CVD) programs. The guidance offers best practices for software manufacturers and online service providers to work with security researchers, including clear policies for reporting, triaging, and remediating vulnerabilities. It also suggests using third-party intermediaries to support these programs.

Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profits

Nigeria has implemented new regulations requiring organizations to report cyberattacks, aligning with a global trend towards mandated transparency in cybersecurity incidents. This move aims to bolster the nation's cybersecurity posture amid rising profits for cybercriminals.

European Court: Apple Can Not Shirk Off its Interoperability Requirements

The General Court of the European Union has ruled against Apple, upholding its obligations under the Digital Markets Act (DMA) regarding interoperability. This decision ensures greater choice for developers and users in Europe by allowing applications from outside Apple's ecosystem and potentially facilitating research into Apple's operating systems.

Don’t Repeat NY’s 3D Printing Blunder

New York has enacted legislation mandating surveillance and censorship features on 3D printers, despite concerns about privacy and free expression. While some provisions were softened, the law still criminalizes access to certain firearm print files, albeit as a misdemeanor rather than a felony.

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities affect SonicWall SMA1000 Appliances and Microsoft Active Directory Federation Services and SharePoint Server. The additions reinforce CISA's Binding Operational Directive 26-04, which requires federal agencies to prioritize the remediation of these high-risk vulnerabilities.

US sanctions VPN, malware providers for enabling ransomware attacks

The U.S. Treasury Department has sanctioned two individuals and one entity for providing services that facilitated ransomware attacks. These sanctioned entities allegedly supplied VPN and malware services, thereby enabling cybercriminals to target U.S. organizations.

Weak Security Continues to Fuel Russian Cyberattacks

The UK and EU have jointly imposed sanctions on Russian individuals and entities, marking the first time such actions have been taken together. These sanctions are a response to alleged cyberattacks and disinformation campaigns conducted by Russia in the region. This coordinated action signifies a significant diplomatic move to hold Russia accountable for its cyber activities.

EPIC, CFA, Fairplay Submit Recommendations Ahead of Potential Rulemaking for Colorado Automated Decision-Making and Chatbot Laws

Digital rights organizations EPIC, the Consumer Federation of America, and Fairplay have submitted recommendations to the Colorado Department of Law. These recommendations are in response to the state's request for stakeholder input on upcoming rulemaking for new laws concerning chatbot safety and the use of automated decision-making technology (ADMT) in consequential decisions.

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2008-4128, a Cisco IOS Cross-Site Request Forgery Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This action reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04, which mandates federal agencies prioritize the remediation of vulnerabilities listed in the KEV Catalog on publicly exposed assets.

EU sanctions Russian GRU military hackers over cyberattacks

The European Union and the United Kingdom have jointly imposed sanctions on numerous Russian individuals and entities. These sanctions are in response to Russia's alleged coordination of hacking groups responsible for cyberattacks across Europe.

AI Data Centers and the Concentration of Wealth

Opposition to AI data centers has become a bipartisan political theme in the US, with communities debating the trade-offs between economic benefits and costs. However, the authors argue that this focus distracts from the broader impacts of AI, such as the concentration of power and financial influence within AI companies.

Frontier AI: The Genie's Out of the Bottle, But Where's the Rulebook?

Cutting-edge artificial intelligence models are increasingly being deployed with greater independence and reduced human oversight. In response, several state governments are enacting legislation aimed at ensuring transparency in the use of these advanced AI systems.

Building Our Future Together

The new Executive Director of EFF reflects on the pivotal moment for digital rights, highlighting recent Supreme Court victories in privacy and expressing concern over expanded executive power and potential internet access restrictions. The article emphasizes the critical need for EFF's work to counter growing government and corporate surveillance capabilities.

EU extends mass scanning of messages without a warrant

The European Parliament has failed to block a proposal to extend mass scanning of private communications without a warrant. Despite opposition, the motion to reject did not achieve the necessary majority, allowing the "Chat Control 1.0" law to be extended through 2028. This measure allows service providers to scan private messages on various platforms, raising concerns about privacy and potential impacts on businesses.

More Countries Jump on the Social Media Ban Wagon

Governments worldwide are increasingly implementing social media bans and age restrictions for online platforms, but tech companies are finding it challenging to comply with these new regulations. The effectiveness of these measures is also being questioned as compliance falls short of expectations.

PRESS RELEASE: EPIC Applauds Introduction of Privacy-Centered Federal Chatbot Bill

Federal lawmakers have introduced the People-First Chatbot Act, a bill aimed at creating a framework for safer AI chatbots and addressing the harms caused by their rapid, often unmonitored deployment. The advocacy group EPIC has praised the introduction of this bill, highlighting the need for oversight and transparency in AI chatbot technology.

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities, CVE-2026-48939 and CVE-2026-56291, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities, found in iCagenda and Balbooa Forms respectively, allow unrestricted file uploads of dangerous types. CISA urges all organizations, especially federal agencies, to prioritize the remediation of these and other KEV Catalog vulnerabilities.

The House Passed The KIDS Act—The Senate Should Reject It

The House of Representatives has passed the KIDS Act, a package of legislation aimed at controlling minors' online activities, which includes provisions for age verification on websites and apps. The Electronic Frontier Foundation (EFF) opposes the bill, arguing that its age-gating mechanisms will compromise user privacy and free expression without accurately protecting children.

EPIC Applauds the Massachusetts Senate for Passing Platform Design Regulations

The Massachusetts Senate has passed the "Protecting Children from Addictive Social Feeds Act," which aims to protect children from harmful platform features on social media. EPIC, an advocacy group, applauds this legislation for regulating social media platform design to prevent invasive data collection and manipulative practices.

European Commission Chooses to Keep EU Users Locked Up Behind Big Tech’s Gates

The European Commission has decided not to extend the Digital Markets Act's (DMA) interoperability mandate to social networking platforms, a move criticized by the EFF. This decision, announced in its first review of the DMA, is seen as a missed opportunity to enhance user choice, improve privacy practices, and foster competition by allowing users to switch platforms more easily. The EFF argues that Big Tech platforms benefit from this delay, maintaining their 'walled gardens' and hindering user freedom.

EU 'Chat Control' snoopfest returns after vote to kill it falls short

The EU's controversial 'Chat Control' legislation, aimed at scanning private messages for child sexual abuse material (CSAM), is poised to move forward after a parliamentary vote failed to reach the necessary threshold to kill the interim rule. Despite opposition from civil liberties advocates, the legislation's proponents secured enough support to advance the scanning mandate.

Police arrests 5,800 suspects in global anti-fraud crackdown

Law enforcement agencies worldwide have arrested 5,811 suspects and confiscated $293 million in assets as part of a global anti-fraud operation. The crackdown, involving 97 countries, targeted various forms of fraud, including business email compromise (BEC) and romance scams.

Srsly Risky Biz: Supreme Court Undermines Section 702

The Supreme Court's ruling on Section 702 of the Foreign Intelligence Surveillance Act (FISA) has raised significant concerns about government surveillance capabilities. This decision could potentially undermine the effectiveness of current intelligence-gathering programs.

Mexico's New Cyber Plan Faces Its First Real Test

Mexico's recently launched cybersecurity plan is set to face its initial major challenge during the upcoming FIFA World Cup. The plan, currently in its expansion phase, will be tested by the significant increase in digital traffic and potential for cyber threats associated with such a large-scale global event.

CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

CISA has added four newly disclosed critical vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch them by July 10. The vulnerabilities affect Adobe ColdFusion, Langflow, and Joomla extensions. Agencies that fail to patch by the deadline may face restrictions.

State IDs for AI Agents: Will Estonia Set a Precedent?

Estonia is developing a system to assign unique digital identities to AI agents, allowing them to access government services and interact with citizens. This initiative aims to ensure accountability and transparency in the use of AI for public administration.

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2026-48282, an Adobe ColdFusion path traversal vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This addition reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04, which mandates federal agencies to prioritize the remediation of vulnerabilities listed in the KEV Catalog on publicly exposed assets.