{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Asset Inventory Is Still an Embarrassing Problem","url":"/articles/2026-05-01-why-asset-inventory-is-still-the-most-embarrassing-security-problem-in-large-organizations/","date":"2026-07-07","summary":"For an industry that loves the word visibility, security remains remarkably bad at answering the oldest infrastructure question in the room: what do we actually have?\nThat should …"},{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"},{"title":"Compliance Exceptions Tell You More Than Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"},{"title":"GDPR at Eight: Real Law, Fake Compliance Theater","url":"/articles/2026-05-25-gdpr-enforcement-anniversary-eight-years-of-real-privacy-law-and-fake-compliance-theater/","date":"2026-05-25","summary":"Today marks eight years since GDPR enforcement began. Unlike most awareness campaigns we investigate, this anniversary commemorates something that actually works: the world\u0026rsquo;s …"}],"news":[{"title":"SEC Forms New Retail Fraud Working Group","url":"/news/2026-07-07-sec-forms-new-retail-fraud-working-group/","date":"2026-07-07","summary":"Summary: The Securities and Exchange Commission today announced the creation of the Retail Fraud Working Group designed to strengthen the Division of …"},{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-07-07-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-07-07","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"CISA Adds Three Known Exploited Vulnerabilities to Catalog","url":"/news/2026-07-07-cisa-adds-three-known-exploited-vulnerabilities-to-catalog/","date":"2026-07-07","summary":"Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it …"},{"title":"Digi International PortServer TS, Digi One SP IA","url":"/news/2026-07-07-digi-international-portserver-ts-digi-one-sp-ia/","date":"2026-07-07","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted …"},{"title":"Hitachi Energy e-mesh EMS","url":"/news/2026-07-07-hitachi-energy-e-mesh-ems/","date":"2026-07-07","summary":"Summary: View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document.\nWhy it …"},{"title":"Hitachi Energy PROMOD V","url":"/news/2026-07-07-hitachi-energy-promod-v/","date":"2026-07-07","summary":"Summary: View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document.\nWhy it …"},{"title":"Hydro-Québec Le Circuit Electrique charging station backend","url":"/news/2026-07-07-hydro-qu%C3%A9bec-le-circuit-electrique-charging-station-backend/","date":"2026-07-07","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack.\nWhy it …"},{"title":"Siemens Mendix Studio Pro","url":"/news/2026-07-07-siemens-mendix-studio-pro/","date":"2026-07-07","summary":"Summary: View CSAF Summary Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application …"},{"title":"SEC Names Paul Knight as Chief Operating Officer","url":"/news/2026-07-06-sec-names-paul-knight-as-chief-operating-officer/","date":"2026-07-06","summary":"Summary: The Securities and Exchange Commission today announced that Paul Knight has been named as the agency’s Chief Operating Officer (COO).As COO, Mr.\nWhy it …"},{"title":"FTC Warns Companies Making Questionable ‘Made in the USA' Claims","url":"/news/2026-07-06-ftc-warns-companies-making-questionable-made-in-the-usa-claims/","date":"2026-07-06","summary":"Summary: The Federal Trade Commission today issued warning letters to seven companies that appear to have misrepresented certain products as “Made in the USA,” …"}]}