{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"},{"title":"Compliance Exceptions Tell You More Than Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"},{"title":"GDPR at Eight: Real Law, Fake Compliance Theater","url":"/articles/2026-05-25-gdpr-enforcement-anniversary-eight-years-of-real-privacy-law-and-fake-compliance-theater/","date":"2026-05-25","summary":"Today marks eight years since GDPR enforcement began. Unlike most awareness campaigns we investigate, this anniversary commemorates something that actually works: the world\u0026rsquo;s …"},{"title":"SOC 2 Became a Sales Requirement, Not a Trust Signal","url":"/articles/2026-04-25-soc-2-became-a-sales-requirement-not-a-trust-signal/","date":"2026-05-19","summary":"SOC 2 still matters. That is exactly why the industry has let it become something more misleading than useless.\nThe report was supposed to be a narrow assurance artifact: a way to …"}],"news":[{"title":"CubeSpace CW0057 Reaction Wheel","url":"/news/2026-07-02-cubespace-cw0057-reaction-wheel/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.\nWhy it …"},{"title":"FTC and DOJ Issue Fiscal Year 2025 Hart-Scott-Rodino Annual Report","url":"/news/2026-07-02-ftc-and-doj-issue-fiscal-year-2025-hart-scott-rodino-annual-report/","date":"2026-07-02","summary":"Summary: The Federal Trade Commission and the Department of Justice’s (DOJ) Antitrust Division released their 48th Annual Hart-Scott-Rodino (HSR) Report.\nWhy it …"},{"title":"FTC Approves Final Order Against Publishing.com, Settling Allegations It Misled Consumers","url":"/news/2026-07-02-ftc-approves-final-order-against-publishing-com-settling-allegations-it-misled-consumers/","date":"2026-07-02","summary":"Summary: The Federal Trade Commission finalized an order with Publishing.com LLC and its two principals, settling allegations that they misled consumers about …"},{"title":"Gardyn IoT Hub","url":"/news/2026-07-02-gardyn-iot-hub/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.\nWhy …"},{"title":"ST Engineering iDirect iQ-Series Terminals","url":"/news/2026-07-02-st-engineering-idirect-iq-series-terminals/","date":"2026-07-02","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a …"},{"title":"Travel App Hopper to Pay $35 Million to Settle FTC Allegations It Charged Fees Without Consent and Deceived ...","url":"/news/2026-07-02-travel-app-hopper-to-pay-35-million-to-settle-ftc-allegations-it-charged-fees-without-consent-and-deceived/","date":"2026-07-02","summary":"Summary: The companies that operate the Hopper travel apps have agreed to pay $35 million and will be prohibited from deceiving consumers about fees to settle …"},{"title":"SEC Publishes Updated Market Statistics, Highlighting Increase in IPOs and Proceeds Raised","url":"/news/2026-07-01-sec-publishes-updated-market-statistics-highlighting-increase-in-ipos-and-proceeds-raised/","date":"2026-07-01","summary":"Summary: The Securities and Exchange Commission’s Division of Economic and Risk Analysis (DERA) published updated statistics and data visualizations covering …"},{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-07-01-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-07-01","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure","url":"/news/2026-07-01-cisa-announces-new-advisory-council-to-strengthen-partnerships-and-secure-critical-infrastructure/","date":"2026-07-01","summary":"Summary: CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure\nWhy it matters: This matters if it changes how teams …"},{"title":"EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing","url":"/news/2026-07-01-edpb-and-amla-to-develop-joint-guidelines-on-partnerships-for-information-sharing/","date":"2026-07-01","summary":"Summary: Brussels/Frankfurt, 1 July – The EDPB and the Anti-Money Laundering Authority (AMLA) are working together to bring greater clarity to a question of …"}]}