{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"},{"title":"Compliance Exceptions Tell You More Than Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"},{"title":"GDPR at Eight: Real Law, Fake Compliance Theater","url":"/articles/2026-05-25-gdpr-enforcement-anniversary-eight-years-of-real-privacy-law-and-fake-compliance-theater/","date":"2026-05-25","summary":"Today marks eight years since GDPR enforcement began. Unlike most awareness campaigns we investigate, this anniversary commemorates something that actually works: the world\u0026rsquo;s …"},{"title":"SOC 2 Became a Sales Requirement, Not a Trust Signal","url":"/articles/2026-04-25-soc-2-became-a-sales-requirement-not-a-trust-signal/","date":"2026-05-19","summary":"SOC 2 still matters. That is exactly why the industry has let it become something more misleading than useless.\nThe report was supposed to be a narrow assurance artifact: a way to …"}],"news":[{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-07-01-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-07-01","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure","url":"/news/2026-07-01-cisa-announces-new-advisory-council-to-strengthen-partnerships-and-secure-critical-infrastructure/","date":"2026-07-01","summary":"Summary: CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure\nWhy it matters: This matters if it changes how teams …"},{"title":"Delta Electronics DVP12SE PLC","url":"/news/2026-06-30-delta-electronics-dvp12se-plc/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, …"},{"title":"Frangoteam FUXA SCADA/HMI","url":"/news/2026-06-30-frangoteam-fuxa-scada-hmi/","date":"2026-06-30","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role …"},{"title":"Schneider Electric EcoStruxure IT Data Center Expert","url":"/news/2026-06-30-schneider-electric-ecostruxure-it-data-center-expert/","date":"2026-06-30","summary":"Summary: View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert.\nWhy it matters: This matters if it changes …"},{"title":"XZ Utils vulnerability impacting B＆R Products","url":"/news/2026-06-30-xz-utils-vulnerability-impacting-b-r-products/","date":"2026-06-30","summary":"Summary: View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory.\nWhy it matters: This …"},{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-06-29-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-06-29","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","url":"/news/2026-06-25-cisa-adds-two-known-exploited-vulnerabilities-to-catalog/","date":"2026-06-25","summary":"Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"SEC, CFTC Seek Public Input on Data Reporting Frameworks for Security-Based Swap and Swap Markets","url":"/news/2026-06-18-sec-cftc-seek-public-input-on-data-reporting-frameworks-for-security-based-swap-and-swap-markets/","date":"2026-06-18","summary":"Summary: The Securities and Exchange Commission and Commodity Futures Trading Commission today issued a joint request for public comment on potential …"},{"title":"Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT","url":"/news/2026-06-18-apollo-pharmacy-blood-glucose-monitoring-system-apg-01-bt/","date":"2026-06-18","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent …"}]}