Policy
-
Texas sues TP-Link over alleged deceptive labeling and security risks
Texas sued TP-Link, accusing the company of deceptive “Made in Vietnam” labeling and security failures that allowed state-backed hackers to exploit firmware flaws. The suit seeks monetary penalties and injunctions to force disclosure and change data practices.
-
Spanish court orders NordVPN and ProtonVPN to block 16 LaLiga piracy sites
A Spanish court ordered NordVPN and ProtonVPN to block 16 websites used to pirate LaLiga matches in Spain. The precautionary measures apply to a dynamic list of IP addresses and were issued inaudita parte without opportunity for appeal.
-
Law firm sues Lenovo over alleged bulk transfer of US data to China
A law firm filed a class action accusing Lenovo of exposing 100,000 or more US consumers’ data to Chinese entities via website trackers. The suit seeks class action relief, restitution, disgorgement and statutory damages.
-
CISA orders federal agencies to patch BeyondTrust flaw within three days
CISA ordered federal agencies to secure BeyondTrust Remote Support instances by February 16 after CVE-2026-1731 was added to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated remote command execution and on-premises patches must be installed manually.
-
Russia moves to block WhatsApp after national DNS exclusions limit access
Russian authorities moved to block WhatsApp by excluding its domains from the national DNS, leaving the service reachable only via VPNs or external DNS. The move follows earlier throttling and registration restrictions.
-
European Commission discloses breach of mobile device management platform
The European Commission detected a cyber-attack on its mobile device management system on January 30 that may have exposed staff names and mobile numbers. The system was cleaned within nine hours and investigations are under way.
-
NIST center issues RFI seeking input on security for autonomous AI agents
A Request for Information from NIST’s CAISI asked for input on secure practices for autonomous AI agents on Jan. 8, focusing on novel risks, assessment methods, and deployment constraints as agencies push toward operational standards.
-
CISA publishes post-quantum procurement guidance but experts warn it lacks operational detail
CISA published guidance on Jan. 23 listing federal products for post-quantum cryptography. Experts warned the document lacks operational detail on inventories, timelines and authentication support, complicating procurement and migration efforts.
-
EU opens DSA investigation into X after Grok generated sexual images
The EU opened DSA proceedings against X after its Grok AI tool produced sexually explicit images, including possible child sexual abuse material. UK and US regulators are also examining the platform while X limited Grok image features to paid subscribers.
-
CISA adds four vulnerabilities to KEV catalog and sets federal patch deadline
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on January 22, 2026, citing active exploitation. Federal agencies must apply fixes by February 12, 2026 under BOD 22-01 to secure networks.
