< ciso
brief />
Tag Banner

All news with #regulatory action tag

353 articles · page 2 of 18

US Government's Expanding Use of AI Raises Oversight Questions

📰 The Trump administration disclosed an inventory of 3,611 active or planned AI use cases across the federal government, a 70% increase from the Biden-era list, including controversial proposals ranging from grant screening to inmate risk assessment and nuclear reactor control. The brief disclosures lack meaningful context, public consultation, and consistent impact labeling, limiting oversight. The authors argue for rigorous transparency, public comment, and risk assessment frameworks, citing France and Canada as stronger models, while acknowledging some beneficial uses like machine translation.
read more →

UK to require ID or face scan for new social accounts

🔒 The UK will ban under-16s from social media and require age checks for new accounts, likely via ID upload or facial age scans, with regulations due before Christmas and rules effective spring 2027. Longstanding accounts are largely grandfathered, but new account creation will typically need verification. Experts warn checks are easy to circumvent, risk exposing ID/biometric data, and were pushed through with limited scrutiny. The government cites parental support and aims to restrict high-risk features and certain AI chatbot functions.
read more →

DOJ seizes deepfake nude sites under new law

🔒 The U.S. Department of Justice seized CFAKE.com and SOCFAKE.com after finding they hosted nonconsensual AI-generated nude images and videos, marking the first publicly announced domain seizures under the TAKE IT DOWN Act. The sites allegedly displayed sexually explicit deepfakes of politicians, celebrities, athletes, and others. The action followed a multinational probe involving Italy and France and led to an arrest in Nice and seizure of related cryptocurrency. The law, enacted in May 2025, criminalizes publishing intimate altered images without consent and requires prompt takedowns.
read more →

FCC Proposal Would End Anonymous 'Burner' Phones

🛡️ The FCC has proposed a rule that would eliminate so-called burner phones by requiring telecom providers to collect and retain detailed personal information from virtually all phone customers. The rule would mandate submission of government-issued ID numbers, physical addresses, and additional data for business and foreign accounts, raising alarm among privacy and civil rights advocates. Supporters argue the changes target scammers and illicit activity, while critics warn of significant privacy, surveillance, and cybersecurity consequences if carriers must store this expanded dataset.
read more →

Experts Urge US to Reconsider Ban on Anthropic Models

🛡️ Over 50 cybersecurity professionals have urged the US government to lift its export-control directive that suspended access to Anthropic’s Mythos 5 and Fable 5 LLMs. The directive, issued on June 12, led Anthropic to suspend access to both models while it complies with the government order, which cited national security concerns tied to alleged guardrail bypass research. The signees argue the ban removes valuable defensive capabilities and call for a transparent, scientific AI risk-assessment process.
read more →

Maine takes breach reporting portal offline after hoax

🔒 The state of Maine has temporarily taken its public-facing breach reporting database offline after two fraudulent reports impersonating VRChat and Discord were published. The Attorney General's office removed the fake submissions and said it is reviewing procedures to reduce such abuse while keeping legitimate reporting available. Historic notifications can be requested via the consumer protection division.
read more →

US asks Anthropic to block foreign access to Fable

🔒 Anthropic suspended access to its two most capable models, Fable 5 and Mythos 5, after receiving a US government export control directive on June 12 ordering it to block access by any foreign national. The order, citing national security, applies to foreign nationals inside and outside the United States and forced Anthropic to disable both models for all customers; other models such as Claude Opus 4.8 remain available. Anthropic says the directive followed a reported narrow jailbreak demo and is working to restore access while disputing the government's assessment.
read more →

U.S. Orders Anthropic to Suspend Claude Fable 5 Access

🔒 Anthropic said it will "abruptly disable" its latest models, Claude Fable 5 and Mythos 5, for all users after receiving a U.S. government directive to suspend access for foreign nationals due to national security concerns. The company said it believes the order reflects a "misunderstanding" and is working to restore access while noting other models remain available. Anthropic said a demonstrated narrow jailbreak identified minor, publicly discoverable vulnerabilities, and emphasized its safety classifiers and guardrails to limit misuse. The move follows findings that Mythos-class models can rapidly convert disclosed software flaws into working exploits, raising concerns about fast weaponization of vulnerabilities.
read more →

Maine Shuts Public Breach Portal After Hoax Filings

🔒 Maine has taken its public data breach reporting portal offline after fraudulent disclosures impersonating Discord and VRChat were published. The Attorney General's Office confirmed the reports were hoaxes and removed them, stating there is no evidence of actual breaches by the named companies. Public access to the database is temporarily disabled while the office reviews procedures; companies may still submit notices but the public must request disclosures directly.
read more →

Short lapse in Section 702 surveillance affects US monitoring

🔍 Congress failed to extend Section 702 of the Foreign Intelligence Surveillance Act, creating a short pause in warrantless monitoring of foreign communications. The extension vote was rejected, leaving surveillance put on hold until the next possible vote on June 28, and creating uncertainty about immediate intelligence collection practices. CISOs should note potential impacts on cross-border communications and legal challenges ahead.
read more →

Palo Alto Networks PBMM Assessment Expands Cloud Coverage

🔒 Palo Alto Networks announced successful completion of a Cloud Medium security assessment by the Canadian Centre for Cyber Security, expanding PBMM coverage across Cortex®, Cortex Cloud and Strata. The assessment validates these cloud services for Protected B / Medium Integrity / Medium Availability environments, enabling organizations handling sensitive Canadian data to use a unified, AI-driven security architecture while maintaining compliance and operational resilience. This milestone highlights PBMM's growing relevance beyond government into critical infrastructure and private sector organizations.
read more →

South Korea levies record fine after Coupang breach

🔒 The Personal Information Protection Commission (PIPC) fined e-commerce firm Coupang 624.6 billion won (~$409M) after a major data breach that exposed about 37.55 million people’s information. A subsidiary, Coupang Fulfillment Service, was also fined 248 million won for unlawful handling of personal and sensitive data. Investigators cited poor authentication key management, inadequate access controls, delayed breach disclosure, interference with the data protection officer’s independence, and obstruction of the probe.
read more →

CISA Directive Pushes Risk-Based, Contextual Patching

🔒 CISA issued Binding Operational Directive 26-04 to prioritize vulnerabilities by contextual risk rather than CVSS alone. The directive uses four factors — internet exposure, KEV listing, exploit automation, and post-exploitation impact — to set dynamic remediation timelines, including a three-day requirement for the highest-risk cases. The guidance aims to help agencies focus scarce resources on flaws most likely to be exploited amid faster discovery driven by AI.
read more →

White House EO Aligns AI Policy with Cybersecurity

🔒 The White House Executive Order on advanced AI seeks practical public–private coordination to address AI-driven cyber risks while preserving innovation. It prioritizes voluntary model assessments, improved federal defenses, faster vulnerability discovery and remediation, and expanded cybersecurity talent. Successful implementation will hinge on operationalizing AI-assisted defense, translating insights into timely guidance and mitigations, and supporting resource-constrained critical infrastructure operators.
read more →

IG Report Criticizes NIST Over NVD Backlog

🔍 A U.S. Commerce Department inspector general report faults NIST for management and strategy shortcomings that contributed to a growing backlog in the National Vulnerability Database (NVD). The report cites duplicated effort with CISA, insufficient communication, and inconsistent severity scoring as key issues, while NIST points to budget cuts and disputed the report’s tone. Industry experts say the backlog reflects broader funding and process failures and warn that AI-driven increases in vulnerability discovery demand rethinking NVD processes.
read more →

OpenAI Proposes Federal Evaluations for Frontier AI

🔎 OpenAI proposed mandatory federal evaluations for the most capable AI models before public release while arguing regulators should not have authority to approve or block deployments. The company urged pre-release assessments by the Center for AI Standards and Innovation (CAISI) alongside audits, transparency reports, incident reporting, and whistleblower protections. OpenAI framed this approach as a middle ground that enhances government visibility and preserves developer responsibility for release decisions.
read more →

Police dismantle fake ID marketplace aiding smugglers

🔍 French and Spanish authorities dismantled an online marketplace selling counterfeit identity documents used by migrant smuggling rings across the EU. On May 27, police arrested a suspect in Alicante and seized document-production equipment and about 800 fake European IDs from an apartment rented under a false name. Europol said the platform provided forged physical and digital documents to facilitate border evasion, fraudulent residence claims, and secondary movements within the Schengen Area.
read more →

US Sanctions Nobitex Exchange Over Ties to IRGC

🛡️ The U.S. Treasury's OFAC has sanctioned Nobitex, Iran's largest crypto exchange, accusing it of facilitating payments for terrorist activities and sanctions evasion. The designation names several Nobitex executives and founders and is part of the broader "Economic Fury" campaign that also targets Wallex, Bitpin, and Ramzinex. OFAC cites Chainalysis data showing Iran's crypto ecosystem received nearly $7.8 billion in 2025, with IRGC-linked addresses receiving over half of Q4 inflows. Sanctions freeze U.S.-jurisdiction assets and bar U.S. persons from transacting with the designated entities.
read more →

Police dismantle nine groups in illegal streaming crackdown

🔎 European and international law enforcement agencies concluded a seven-month operation that dismantled nine organised crime groups and arrested 29 suspects tied to illegal streaming services. Coordinated by Bulgaria with Europol support and involving 13 countries, the action identified over 18,000 IPs, 4,370 piracy-linked domains, and removed more than 27,000 illegal streaming URLs. Authorities conducted 148 searches, referred 59 cases for prosecution, and continue work on dozens of related investigations.
read more →

Law enforcement seizes hosting tied to Iranian campaigns

🔎 On May 22, 2026, Dutch investigators seized roughly 800 servers from WorkTitans B.V., a hosting provider that allegedly operated as a successor to a sanctioned ISP. The seized infrastructure supported multiple Iranian cyber espionage groups—MuddyWater, Agrius (UNC2428), and Nimbus Manticore—each using the provider for command-and-control, lure hosting, and scanning. This takedown disrupted active operations and highlights the need to evaluate hosting environments, ASNs, and passive DNS history rather than relying solely on individual IP flags.
read more →