{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"},{"title":"Compliance Exceptions Tell You More Than Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"},{"title":"GDPR at Eight: Real Law, Fake Compliance Theater","url":"/articles/2026-05-25-gdpr-enforcement-anniversary-eight-years-of-real-privacy-law-and-fake-compliance-theater/","date":"2026-05-25","summary":"Today marks eight years since GDPR enforcement began. Unlike most awareness campaigns we investigate, this anniversary commemorates something that actually works: the world\u0026rsquo;s …"},{"title":"SOC 2 Became a Sales Requirement, Not a Trust Signal","url":"/articles/2026-04-25-soc-2-became-a-sales-requirement-not-a-trust-signal/","date":"2026-05-19","summary":"SOC 2 still matters. That is exactly why the industry has let it become something more misleading than useless.\nThe report was supposed to be a narrow assurance artifact: a way to …"}],"news":[{"title":"CubeSpace CW0057 Reaction Wheel","url":"/news/2026-07-02-cubespace-cw0057-reaction-wheel/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.\nWhy it …"},{"title":"Gardyn IoT Hub","url":"/news/2026-07-02-gardyn-iot-hub/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.\nWhy …"},{"title":"ST Engineering iDirect iQ-Series Terminals","url":"/news/2026-07-02-st-engineering-idirect-iq-series-terminals/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a …"},{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-07-01-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-07-01","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure","url":"/news/2026-07-01-cisa-announces-new-advisory-council-to-strengthen-partnerships-and-secure-critical-infrastructure/","date":"2026-07-01","summary":"Summary: CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure\nWhy it matters: This matters if it changes how teams …"},{"title":"EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing","url":"/news/2026-07-01-edpb-and-amla-to-develop-joint-guidelines-on-partnerships-for-information-sharing/","date":"2026-07-01","summary":"Summary: Brussels/Frankfurt, 1 July – The EDPB and the Anti-Money Laundering Authority (AMLA) are working together to bring greater clarity to a question of …"},{"title":"Delta Electronics DVP12SE PLC","url":"/news/2026-06-30-delta-electronics-dvp12se-plc/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, …"},{"title":"Frangoteam FUXA SCADA/HMI","url":"/news/2026-06-30-frangoteam-fuxa-scada-hmi/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role …"},{"title":"Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M","url":"/news/2026-06-30-mitsubishi-electric-melsoft-update-manager-sw1dnd-udm-m/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected …"},{"title":"OFFIS DCMTK Toolkit","url":"/news/2026-06-30-offis-dcmtk-toolkit/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust …"}]}