California FEHA AI rules make policies mandatory

South Korea fines Coupang $400M after breach

A record fine against Coupang signals a shift in global privacy enforcement, with regulators willing to apply maximum penalties across borders after insider-driven breaches. For security and IT leaders, this changes how breach risk is modeled. Insider access is now a primary threat vector, and global enforcement is no longer theoretical. At the same time, Shadow AI and developer-targeted malware are expanding how data leaves organizations, often outside traditional controls. We also cover new AI-driven attack delivery methods, Microsoft 365 detection changes, and rising pressure to adopt governed AI tools. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

ServiceNow bug exposed customer instance data online

A ServiceNow vulnerability exposed how quickly SaaS platforms can become part of your attack surface, while new federal guidance is shrinking vulnerability response windows to just three days. This episode breaks down what the ServiceNow incident means in practice, why CISA's seventy two hour remediation expectation is a major shift, and how AI agents are quietly expanding identity risk inside most organizations. The common thread is speed and visibility. Teams are being forced to make faster decisions with less margin for error, while managing identities and data they often cannot fully see. We also cover Cyera's major funding round and what it signals about data security becoming the control layer for AI, along with key updates from Microsoft, Fortinet, and others. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Anthropic adds mandatory 30-day traffic retention

Frontier AI access is starting to look like a gated system, and the price is visibility. Anthropic's latest model release makes thirty day data retention a requirement, signaling a broader shift in how advanced AI will be governed and consumed. For security and IT leaders, this is not just a policy change. It directly affects how AI can be used in sensitive workflows, what data is exposed to vendors, and how much control teams retain. At the same time, Apple is pushing automated password rotation, and CISA is redefining how vulnerability prioritization should work, both pointing toward more automation and more selective control. We also cover DTEX's push into intent level monitoring, along with key updates from Check Point, Google, Dataminr, Elastic, and JPMorgan. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Check Point VPN flaw bypasses passwords in IKEv1

Today's episode focuses on two failures that point to the same root issue: identity controls breaking under outdated assumptions. A Check Point VPN flaw shows how legacy configurations like IKEv1 can silently become open doors, while Meta's AI-powered recovery flow demonstrates how automation can bypass core verification entirely. For security and IT leaders, the takeaway is direct. Identity is no longer confined to login systems. Any workflow that can modify access or user attributes is now part of your attack surface. That includes AI agents, support tooling, and recovery processes. At the same time, configuration debt is proving just as dangerous as unpatched software. We also cover new data on AI governance gaps, a major healthcare-related breach, MFA bypass tactics, and a critical Linux privilege escalation flaw. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Miasma worm hit 73 Microsoft GitHub repos

A new supply chain attack shows that simply opening a code repository can now execute malware inside common developer tools. At the same time, AI search is beginning to surface fraudulent websites, and outages in upstream models are breaking features inside everyday SaaS platforms. For firm leaders, this is a shift in where risk lives. It is no longer just at the network edge. It sits inside tools your teams use every day, from coding environments to research workflows to automation platforms. That means controls, verification, and redundancy need to move closer to how work actually happens. We also cover AI native job roles, tokenized IPO access, and the rise of prediction markets as decision tools. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]