Data Privacy Labels for Mobile Apps: Current Limitations and Compliance Challenges

The BrowserGate report reveals that Microsoft's LinkedIn uses hidden JavaScript to scan visitors' browser extensions and collect device data, raising privacy concerns. Although not a traditional vulnerability, this data collection can aid profiling and tracking, urging organizations to consider mitigation strategies.

Since mid-2025, the China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations after a two-year lull. The group employs spear-phishing, exploits Microsoft Office vulnerabilities, and uses multi-stage malware to conduct espionage. Detection and defense require patch management, email filtering, and endpoint monitoring.

Microsoft Defender researchers uncovered a method where PHP web shells on Linux servers use HTTP cookies as covert channels for remote code execution. This technique bypasses traditional detection methods, enabling stealthy attacks that complicate incident response.

Organizations have disclosed breaches stemming from TeamPCP's supply chain compromise, with threat actors ShinyHunters and Lapsus$ claiming involvement. These attacks exposed sensitive data through injected malicious code in software updates, affecting numerous enterprises. Affected users should audit software integrity, reset credentials, and enable multi-factor authentication.

Chainguard's rebuilt platform introduces continuous reconciliation of open source artifacts across containers, libraries, agent skills, and GitHub Actions to strengthen supply chain security. This update supports compliance with cybersecurity frameworks and mitigates risks from supply chain attacks.

A water treatment facility was hit by ransomware exploiting a CVE-2023-34362 vulnerability, resulting in data encryption and leakage. Concurrently, a ChatGPT data leak exposed user logs, and a new Android rootkit exploiting CVE-2024-21045 was discovered. Additional security updates and FBI incident classifications were reported.

Microsoft and CrowdStrike have shifted from competitors to partners through a collaboration rooted in their shared involvement in Formula 1. This alliance integrates their cybersecurity tools and threat intelligence, enhancing protection for enterprise customers. Organizations using both platforms should prepare to leverage combined capabilities and update configurations accordingly.

North Korean APT group UNC1069 targeted the Axios npm package via a tailored social engineering attack against its maintainer. The campaign aimed to insert malicious code into this critical open-source library, posing risks to global software supply chains. Detection methods include MFA, cryptographic signing, and vigilant monitoring of package updates.

The mobile attack surface is expanding as shadow AI embedded in applications, outdated devices, and zero-click exploits converge to create new security risks. Enterprises must update devices, monitor AI components, and strengthen detection to mitigate these threats.

Microsoft has begun force-upgrading unmanaged Windows 11 24H2 Home and Pro devices to version 25H2 to address critical vulnerabilities including CVE-2023-28252. Unmanaged devices not enrolled in enterprise management tools will be automatically updated starting June 2024. Organizations should audit unmanaged endpoints and enforce patch management to maintain security compliance.

RSAC 2026 surfaced AI-assisted attack tooling, enforcement of EU NIS2 and the incoming EU AI Act, and structural shifts in U.S. and allied cyber leadership as the defining issues for security practitioners. SOC teams and CISOs face active NIS2 enforcement since October 2024, EU AI Act high-risk system deadlines in August 2026, and ongoing CISA KEV remediation obligations. Organizations must audit AI product compliance, validate vulnerability remediation workflows, and document NIS2 risk management measures now.