1 May 2026 global threat briefing: CISA/NCSC Volt Typhoon–Flax Typhoon shared botnet advisory in force — network edge ML baseline now baseline control requirement; MITRE ATT&CK v19 (28 Apr) restructures enterprise tactic tree — Stealth TA0005/Defense Impairment TA0112 split requires SOC playbook updates; FCA/PRA operational incident framework live; NIS2 first audit deadline T-60 days (30 Jun 2026); Q1 2026 ransomware pace: 2,165 victims (+18.5% annualised). (CISA/NCSC/MITRE/FCA/EC, 1 May 2026) Global close 30 Apr 2026 (PM update): ENISA-EBA joint DORA supervisory convergence — CTPP joint-examination framework enters operational phase Q3 2026; 3 of 20 designated CTPPs already under enhanced joint review; firms with critical third-party ICT dependencies must self-assess register entry status now. April 2026 ransomware month-end: 220+ victims — approaching all-time monthly record; Qilin leads with 34 posts in final 5-day window 25–29 Apr. MITRE ATT&CK v19 enterprise matrix integration: sub-techniques T1600.003 (Autonomous Tool Orchestration) and T1600.004 (Multi-Agent Lateral Movement) formalised — board AI-risk registers require update for DORA Art. 10 and NIS2 Art. 21 alignment. EU AI Act Digital Omnibus legal scrubbing complete: JOUE publication June 2026; Annex III compliance deadline fixed 2 Dec 2027. EDPB Guidelines 1/2026 on scientific-research processing finalized 15 Apr — AI training lawful-basis framework settled EU-wide (ENISA/EBA/Ransom-DB/MITRE/EC/EDPB, 30 Apr 2026) Global Thursday 30 Apr 2026: CISA ED-26-05 (Apache Tomcat CVE-2026-34141, CVSS 9.8) 48-hour federal remediation window active — Shadowserver confirms 3,400+ exposed instances globally; commercial sector advised to patch immediately. April 2026 ransomware month-end: ~220+ victims listed; Qilin posted 34 victims in 5 days; AI-assisted chains confirmed in 80%+ of incidents. MITRE ATT&CK v19 released 28 Apr: agentic AI sub-techniques T1600.003 and T1600.004 now in enterprise matrix — board risk registers require update for DORA/NIS2 AI-risk alignment. EU AI Act Digital Omnibus enters legal scrubbing phase — JOEU publication target June 2026; Annex III high-risk compliance deadline confirmed 2 Dec 2027. FCA global finfluencer week: Aaron Chalmers (Geordie Shore) guilty plea, 120 social-media takedown requests, 1,267 illegal adverts reaching 2.3M+ UK accounts (CISA/Ransom-DB/MITRE/EC/FCA, 30 Apr 2026) Global practitioner Monday 27 Apr 2026: Weekend threat tally — 47 new ransomware posts Sat–Sun; Qilin 11 victims, DragonForce 8, Akira 6; Booking.com breach forensic update: reservation records of 720K customers confirmed exfiltrated via third-party hotel management portal (SharkStriker, 26 Apr); Vercel breach scope widened — Context.ai compromise now linked to 14 downstream customer environments; MITRE ATT&CK v19 release expected this week with new agentic-AI technique sub-categories; Salt Typhoon weekly total: 61 fresh infrastructure nodes across Apr (Mandiant); EU AI Act Digital Omnibus 2nd political trilogue tomorrow — consensus on Annex III delay holding (Mandiant/SharkStriker/MITRE/EC, 27 Apr 2026) Global threat close 24 Apr 2026: week-ending tally — 198 new ransomware victims on leak sites (Qilin 27, Play 19, Akira 16); Cloudflare mitigates 11.7 Tbps DDoS targeting APAC fintech Thursday; Recorded Future flags LockBit 5.0 affiliate resurgence; Google TAG attributes COLDRIVER spear-phishing wave to 52 NGOs across 14 countries (Ransom-DB/Cloudflare/Recorded Future/Google TAG, 24 Apr 2026) Practitioner Thursday 23 Apr 2026 — CISA ED-26-04 federal deadline EXPIRES 23:59 ET today on Fortinet FortiClient EMS (CVE-2026-35616); Shadowserver closing sweep shows ~1,900 exposed instances, -500 in 24h but non-federal trail remains exposed; Mandiant attribution feed: +8 Salt Typhoon-linked nodes overnight (57 total Apr, post-OFAC retooling); MITRE ATT&CK v19 release T-4; Kyber ransomware variant with Kyber1024 post-quantum encryption now active — detection-engineering teams reworking KEM-aware IOC rules (CISA/Shadowserver/Mandiant/MITRE/BleepingComputer, 23 Apr 2026) Practitioner 22 Apr 2026: Fortinet ED-26-04 T+2 — Shadowserver reports 2,400+ exposed (-500 in 24h) with federal deadline T+1 Thu; Mandiant confirms 8 additional Salt Typhoon-linked nodes overnight (49 total Apr); AI Act Digital Omnibus trilogue T-6; MITRE ATT&CK v19 T-5 (CISA/Mandiant/Shadowserver/MITRE, 22 Apr 2026) Salt Typhoon: Mandiant confirms 14 additional infrastructure nodes overnight 20–21 Apr 2026 — 41 fresh nodes observed across the 18–21 Apr window; defensive operators should refresh blocklists (Mandiant, 21 Apr 2026) CISA 20 Apr 2026: continued Iranian-affiliated APT reconnaissance against US water/wastewater PLCs confirmed over weekend; 27 new Salt Typhoon-linked infrastructure nodes flagged 18–19 Apr (Recorded Future) SEC EDGAR 20 Apr 2026: three US-listed issuers filed weekend 8-K cyber material-incident notices — expect Monday open market volatility on affected tickers IBM Autonomous Security 20 Apr 2026: three Tier-1 banks now in active RFP — defence side organising at offence cadence DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Iran-linked Handala claimed attack on Stryker Corp (11 Mar 2026) disrupting manufacturing and shipping. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026; Axios/TeamPCP hit 60+ packages — CISA KEV Fortinet CVE-2026-35616 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains; PSTI Act fines up to £10M or 4% turnover for non-compliant IoT (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited; Cisco 4 critical flaws in Identity Services & Webex enabling code execution (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records via Snowflake auth tokens; 13.5M McGraw Hill accounts stolen via Salesforce breach (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk; 47% sensitive cloud data unencrypted; SpyCloud 2026: 65.7B identity records recaptured (+23% YoY), 18.1M exposed API keys; IBM X-Force: 300,000+ ChatGPT credentials exposed (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) Microsoft (6 Apr 2026): AI-enabled device-code phishing campaign hits 340+ orgs globally — 10–15 fresh waves every 24 hours since mid-March; AI-personalised lures by role, dynamic codes defeating 15-minute expiry windows, EvilTokens PhaaS kit driving large-scale OAuth abuse on Vercel/Cloudflare Workers/AWS Lambda infrastructure (Microsoft Security, Apr 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Global close 30 Apr 2026 (PM update): ENISA-EBA joint DORA supervisory convergence — CTPP joint-examination framework enters operational phase Q3 2026; 3 of 20 designated CTPPs already under enhanced joint review; firms with critical third-party ICT dependencies must self-assess register entry status now. April 2026 ransomware month-end: 220+ victims — approaching all-time monthly record; Qilin leads with 34 posts in final 5-day window 25–29 Apr. MITRE ATT&CK v19 enterprise matrix integration: sub-techniques T1600.003 (Autonomous Tool Orchestration) and T1600.004 (Multi-Agent Lateral Movement) formalised — board AI-risk registers require update for DORA Art. 10 and NIS2 Art. 21 alignment. EU AI Act Digital Omnibus legal scrubbing complete: JOUE publication June 2026; Annex III compliance deadline fixed 2 Dec 2027. EDPB Guidelines 1/2026 on scientific-research processing finalized 15 Apr — AI training lawful-basis framework settled EU-wide (ENISA/EBA/Ransom-DB/MITRE/EC/EDPB, 30 Apr 2026) Global threat close 24 Apr 2026: week-ending tally — 198 new ransomware victims on leak sites (Qilin 27, Play 19, Akira 16); Cloudflare mitigates 11.7 Tbps DDoS targeting APAC fintech Thursday; Recorded Future flags LockBit 5.0 affiliate resurgence; Google TAG attributes COLDRIVER spear-phishing wave to 52 NGOs across 14 countries (Ransom-DB/Cloudflare/Recorded Future/Google TAG, 24 Apr 2026) Practitioner Thursday 23 Apr 2026 — CISA ED-26-04 federal deadline EXPIRES 23:59 ET today on Fortinet FortiClient EMS (CVE-2026-35616); Shadowserver closing sweep shows ~1,900 exposed instances, -500 in 24h but non-federal trail remains exposed; Mandiant attribution feed: +8 Salt Typhoon-linked nodes overnight (57 total Apr, post-OFAC retooling); MITRE ATT&CK v19 release T-4; Kyber ransomware variant with Kyber1024 post-quantum encryption now active — detection-engineering teams reworking KEM-aware IOC rules (CISA/Shadowserver/Mandiant/MITRE/BleepingComputer, 23 Apr 2026) Practitioner 22 Apr 2026: Fortinet ED-26-04 T+2 — Shadowserver reports 2,400+ exposed (-500 in 24h) with federal deadline T+1 Thu; Mandiant confirms 8 additional Salt Typhoon-linked nodes overnight (49 total Apr); AI Act Digital Omnibus trilogue T-6; MITRE ATT&CK v19 T-5 (CISA/Mandiant/Shadowserver/MITRE, 22 Apr 2026) Salt Typhoon: Mandiant confirms 14 additional infrastructure nodes overnight 20–21 Apr 2026 — 41 fresh nodes observed across the 18–21 Apr window; defensive operators should refresh blocklists (Mandiant, 21 Apr 2026) DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records; 13.5M McGraw Hill accounts stolen (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) Microsoft (6 Apr 2026): AI-enabled device-code phishing campaign hits 340+ orgs globally — 10–15 fresh waves every 24 hours since mid-March; AI-personalised lures by role, dynamic codes defeating 15-minute expiry windows, EvilTokens PhaaS kit driving large-scale OAuth abuse on Vercel/Cloudflare Workers/AWS Lambda infrastructure (Microsoft Security, Apr 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Global · Multi-jurisdictional · Sovereign Authority · DORA · NIS2 · EU AI Act · ISO 42001

Privacy Policy

Effective: 2026-04-18. Minimal data collection, GDPR-aligned, no behavioural tracking.

1. Data Controller

Kieran Sky (kieransky.com) is the data controller for this site. Contact: info@kieransky.com.

2. What This Site Collects

Essential cookies only. No analytics, no advertising, no behavioural tracking, no fingerprinting. We do not sell, share, or transfer personal data to third parties.

Server logs (IP address, user agent, request URL, timestamp) are retained for thirty (30) days for security and abuse prevention, then deleted.

3. Contact Form Data

If you submit a contact request, the message body, your name, and your email are processed solely to respond to your enquiry. Stored encrypted at rest. Retained for the duration of the engagement plus six (6) years for professional record-keeping (regulatory requirement).

4. PDF & Doctrine Downloads

Downloads of governance doctrines, frameworks, and research papers are not tracked at the user level. Aggregate counts may be inferred from server logs but no individual identifiers are retained.

5. Your Rights (GDPR / UK GDPR)

Right of access, rectification, erasure, restriction of processing, data portability, and objection. To exercise any right, email info@kieransky.com. Response within one (1) business day. Right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority.

6. Lawful Bases

Legitimate interests (site security, content delivery), consent (essential cookies, contact submission), and legal obligation (tax, professional record retention).

7. Cross-Border Transfers

Hosted on Netlify edge infrastructure. Standard Contractual Clauses (SCCs) and adequacy decisions apply where data crosses jurisdictional boundaries.

8. Updates

This policy is reviewed quarterly. Material changes will be flagged at the top of this page with revised effective date.

Contact Email Direct