Search

CPPA Seeks Comments on Opt-out Preference Signals Rulemaking

The California Privacy Protection Agency (CPPA) is seeking preliminary public comments on potential rulemaking regarding Opt-out Preference Signals (OOPS). The agency is gathering information to explore whether regulatory changes are necessary to reduce friction in exercising privacy rights. Comments are due by April 6, 2026.

Accessible Deletion Mechanism for Data Brokers

The California Privacy Protection Agency has finalized regulations establishing an Accessible Deletion Mechanism (DROP) for data brokers, effective January 1, 2026. This system allows consumers to request the deletion of their personal information from registered data brokers through a single request to the agency.

California Adopts CCPA Regulations on Risk Assessments and Cybersecurity

The California Privacy Protection Agency has adopted final regulations updating the CCPA. These regulations implement requirements for risk assessments, annual cybersecurity audits, and consumers' rights regarding automated decision-making technology, effective January 1, 2026.

ENISA Cybersecurity Exercise Methodology Guidance

ENISA has released a new cybersecurity exercise methodology to guide organizations in planning and executing effective cybersecurity exercises. The methodology provides a framework for simulating cyber crises, training response capabilities, and building resilience against cyber threats.

ENISA Report: EU Public Administrations Targeted by DDoS Attacks

ENISA has released a report detailing that EU public administrations are increasingly targeted by cyberattacks, primarily DDoS attacks, with central governments being the most affected. The report analyzes 586 incidents from 2024 and highlights the sector's developing cybersecurity resilience under the NIS2 Directive.

ENISA Seeks Feedback on Software Supply Chain Security Guidance

ENISA has launched public consultations on draft guidance for software supply chain security. Feedback is sought on an SBOM Landscape Analysis and a Technical Advisory for Secure Use of Package Managers, with a deadline of January 23, 2026.

ENISA Report: Cybersecurity Investments and NIS2 Challenges

ENISA's 6th NIS Investments report reveals a shift in cybersecurity spending from personnel to technology and services across 1080 EU organizations. The report highlights persistent talent shortages and challenges in implementing the NIS2 Directive, despite compliance being a key investment driver.

ENISA Updates International Cybersecurity Strategy

ENISA has updated its International Strategy to enhance engagement with international partners and align with the EU's cybersecurity policies. The revised strategy focuses on cooperation with countries sharing EU values and includes specific working arrangements with Ukraine and the US, support for EU candidate countries, and operationalizing the EU Cybersecurity Reserve for third countries.

Joint Advisory on SD-WAN Appliance Exploitation

The NSA, CISA, and international cybersecurity agencies have issued a joint advisory regarding the exploitation of Cisco SD-WAN appliances. Threat actors are exploiting a specific vulnerability (CVE-2026-20127) to gain root access and establish persistence. The advisory includes a threat hunt guide and mitigation recommendations.

NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates

NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.