The SEC's cybersecurity disclosure rule requires public companies to report material incidents on Form 8-K within four business days of a materiality determination, and to disclose risk management programs and board oversight annually in 10-K filings. Large accelerated filers have been subject to incident reporting requirements since December 18, 2023, with enforcement precedent already set through the SEC's fraud charges against SolarWinds and CISO Timothy Brown. Security teams must build materiality determination workflows, align IR playbooks to disclosure triggers, and ensure 10-K disclosures accurately reflect internal security posture.

Drift Protocol, a Solana-based decentralized perpetuals exchange, lost at least $280 million after an attacker compromised the signing keys of its Security Council multisig and used administrative privileges to drain protocol-controlled vaults. The attack targeted the governance layer rather than a smart contract vulnerability, exploiting insufficient key management practices among Security Council signers. Affected users should withdraw remaining funds, revoke token approvals, and avoid unofficial recovery contracts.

Adversa AI discovered a critical vulnerability in Anthropic's Claude Code agentic coding assistant within days of Anthropic accidentally leaking the product's source code. Claude Code operates with elevated system privileges in developer environments, making exploitation potentially severe — including credential theft, CI/CD pipeline manipulation, and lateral movement. Organizations should audit deployments, rotate credentials, and apply patches immediately once Anthropic releases a fix.

The FCC now requires pre-approval for all foreign-manufactured routers before they can be imported, marketed, or sold in the United States, with applicants required to disclose foreign investor relationships and submit a U.S. manufacturing relocation plan. The rule targets supply chain risks tied to documented exploitation campaigns by groups including Volt Typhoon and Salt Typhoon, which compromised SOHO and enterprise routers to gain persistent access to U.S. critical infrastructure. CISOs, procurement teams, and network engineers must audit hardware pipelines, monitor DoD and DHS exemption lists, and pressure vendors for compliance timelines now.

Apple has expanded mitigations against the DarkSword exploit kit to additional devices after the toolkit was used in operations by state-sponsored threat groups and commercial spyware vendors. The expansion follows Apple's standard model of phased protection rollouts across its device ecosystem. All Apple device owners should apply the latest OS updates immediately, and high-risk individuals should enable Lockdown Mode.

CVE-2024-6387 (regreSSHion) is a signal handler race condition in OpenSSH sshd versions 8.5p1 through 9.7p1 that allows unauthenticated remote code execution as root. Discovered by Qualys, the flaw affects an estimated 700,000 publicly exposed servers. Administrators should upgrade to OpenSSH 9.8p1 immediately or set LoginGraceTime 0 as a temporary workaround.

Cisco has patched CVE-2026-20093, a critical authentication bypass vulnerability in the Cisco Integrated Management Controller (IMC) with a CVSS score of 9.8. An unauthenticated remote attacker can exploit the flaw to bypass authentication and gain elevated privileges over affected hardware management interfaces. Administrators should apply Cisco's patch immediately and restrict IMC network access to isolated management VLANs.

CVE-2025-30208 is a path traversal vulnerability in Vite's development server that allows unauthenticated remote attackers to read arbitrary files from the host filesystem by crafting a malicious URL query string. Affected versions span Vite 4.x through 6.2.x, with patched releases available across all supported branches. Teams running Vite dev servers with network exposure should patch immediately and rotate any secrets that may have been accessible.

Flare research documents how threat actors register vacant properties as mail drop addresses by abusing USPS Change of Address mechanisms and synthetic identities to intercept physical mail containing PII, financial credentials, and authentication material. The methodology chains public foreclosure data, dark web identity documents, and reshipping mules into a functional fraud pipeline targeting bank card deliveries, government correspondence, and OTP letters. Individuals should enroll in USPS Informed Delivery and freeze their addresses online; security teams should re-evaluate physical mail as a weak authentication channel.

Two vulnerabilities in Progress ShareFile can be chained to allow unauthenticated remote attackers to exfiltrate files from affected enterprise environments without valid credentials. The attack requires no user interaction and targets a platform historically exploited by ransomware groups including Cl0p. Organizations running self-hosted ShareFile Storage Zones Controller components should apply vendor patches immediately and audit file access logs for signs of prior exploitation.

Researchers are documenting active exploitation of chained vulnerabilities where multiple medium-severity flaws combine to enable full system compromise, alongside continued targeting of legacy software past end-of-life support. Security teams must cross-reference CVE IDs against shared product versions, treat vulnerability chains as elevated-priority findings, and apply vendor patches within tightened SLA windows for internet-exposed assets.

Cisco has patched multiple critical and high-severity vulnerabilities affecting enterprise networking and security products, covering authentication bypass, remote code execution, information disclosure, and privilege escalation. These flaws expose widely deployed Cisco infrastructure to unauthenticated remote exploitation and full device compromise. Administrators should apply patches immediately and restrict management plane access to trusted networks.