Connecticut lawmakers have introduced legislation that, if enacted, would significantly expand breach-response obligations for organizations affected by large-scale cybersecurity incidents. As proposed, Raised Senate Bill 117 (SB 117), would create a new category of “massive” data breaches and impose mandatory forensic investigation and reporting requirements that go well beyond Connecticut’s existing breach notification framework. What […]
CISA Warns Organizations to Harden Endpoint Management Systems Following Cyberattack on Stryker Corporation
On March 18, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (the Alert) urging U.S. organizations to harden their endpoint management systems following the March 11, 2026 cyberattack against medical technology firm Stryker Corporation (Stryker), which disrupted Stryker’s internal Microsoft environment. CISA stated that it is conducting enhanced coordination with federal partners, […]
A New U.S. Cyber Strategy: President Trump’s Cyber Strategy for America
A newly released U.S. government cyber strategy (available here) outlines a more assertive and coordinated national posture toward cybersecurity. The strategy acknowledges that cyberspace is central to economic security, national defense, and everyday life. In doing so, it warns that cyber threats now affect everything from critical infrastructure to small businesses and individuals. These cyber […]
NYDFS Revises Prescriptive FAQs on Multifactor Authentication
Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that further clarify 23 NYCRR § 500.12. As we previously reported, the FAQs from December 2025 provided prescriptive guidance, including clarifications on technical requirements […]
Threat Actors Exploit Google’s Gemini to Accelerate Cyberattacks
Google Threat Intelligence Group (GTIG) recently reported that cybercriminals—in particular, state-sponsored threat actors from North Korea, Iran, China, and Russia—are misusing Gemini, Google’s large language model (LLM), to support all stages of their attack lifecycle. Specifically, GTIG observed threat actors using Gemini to code and script tasks, accelerate reconnaissance, research publicly known vulnerabilities, and enable […]