Curated reading from the last six months. Every article on this page describes some version of the same problem. The asset register is short. The unmanaged half of the network is where the breach starts. Continuous device inventory has become a hard control gate, and that is what CybrIQ produces.
About these citations. Each item links to a publicly accessible source. Pull-quotes shown in orange are verbatim from the source; pull-quotes shown in italic gray are paraphrased summaries and should be verified against the original article. Cards are tagged Primary source for government and regulator publications, Trade press for journalism, Industry analysis for research firms and policy outlets, and Vendor analysis for company blogs. CybrIQ has no commercial relationship with the linked publications. Inclusion is editorial.
Maintained from data/news.json. Last refreshed 2026-05-15. 17 articles. New items get added monthly via the data/refresh-news.php cron job.
"CI Fortify is not just another best practices document; it is a mobilization effort designed to harden the critical infrastructure sectors most vulnerable to cross-domain attacks." And: "They can no longer secure the IT office while ignoring the OT floor… Professionals must gain cross-visibility to detect 'living off the land' techniques where attackers use legitimate admin tools for malicious purposes." (Cam Sivesind)
Canvas LMS breach affected approximately 275 million users across more than 8,800 higher-education institutions. Canvas serves roughly 41 percent of higher-education institutions across North America. Instructure paid the ShinyHunters ransom; the compromised data was returned and reportedly destroyed. Every institution that uses Canvas inherited exposure from a single-vendor compromise it had no local ability to detect.
"Field deployments of chip-level Independent Verification and Validation (IV&V) technology have identified substantial hardware-level anomalies in 53% of the tested equipment." And: "Supply chains now span dozens of countries, with individual devices containing components from multiple manufacturers across different continents. These global networks enable cost efficiency and rapid innovation, but they also create unprecedented vulnerabilities." (Trent R. Teyema, DSc & David Bray, PhD)
Initial disclosure of the Canvas LMS compromise. ShinyHunters claimed responsibility and demanded payment by May 12. The first incident statement on May 1 was followed by a second compromise on May 7 in which the login page itself was replaced with a ransomware message. Higher-ed institutions inherited the exposure without any local opportunity to detect or contain it.
China-nexus actors are running large-scale "covert networks" of compromised SOHO routers and IoT devices for command-and-control and data exfiltration. Joint advisory with NCSC-UK, Australian Cyber Security Centre, Canadian Centre for Cyber Security, and German agencies. Unmanaged edge devices are the established initial-access vector.
Read the article →cisa.gov/news-events/cybersecurity-advisories/aa26-113a
"Bugs don't go unpatched because no one can find them. They go unpatched because no one is being paid to patch them fast enough." (Marcus Hutchins, security researcher) And: "A hospital can't push a patch to electronic health records any more than a homeowner can reinforce a levee owned by the county that may break in a hurricane." (Andrea Downing, STAT News)
Asset visibility is positioned as the foundation of cybersecurity. Every security control, policy, and response action depends on accurate knowledge of which assets exist, how they are configured, and what they are exposed to. The article cites the average cost of a data breach now exceeding $4.4 million globally and over $10 million in the U.S.
78 percent of public-sector organizations carry significant "security debt," meaning software with flaws that remain unpatched for more than a year. The public-sector backlog is now measured in years, not weeks. Visibility is the load-bearing prerequisite for any prioritization at all.
NIST's National Cybersecurity Center of Excellence is launching an operational-technology visibility project. OT inventory and asset identification are named as the load-bearing prerequisites for the rest of the OT-security stack. The federal cyber-policy stack is converging on inventory-first as the default expectation.
Q1 2026 healthcare ransomware roundup: 201 ransomware attacks were recorded in the healthcare sector during Q1 2026, of which 120 hit hospitals, clinics, and healthcare providers directly. More than 60 percent of confirmed healthcare breaches in 2025 involved ransomware (up from 34 percent in 2021). Fewer than 30 percent of health systems have deployed any dedicated solution for discovering and monitoring their connected device population.
Q1 2026 financial-services breach exposing roughly 1.2 million bank accounts. Coverage in this period continues a pattern: NYDFS now requires institutions to attest annually that they maintain accurate IT asset inventories with owner, location, sensitivity, vendor support expiration, and recovery time objectives for every asset. The first annual certification was due April 15, 2026. Penalties up to $250,000 per day for ongoing non-compliance.
AVIXA named cybersecurity the number-one AV industry trend for 2026. ISE 2026 launched the first dedicated AV CyberSecurity Summit. The pro-AV industry has officially acknowledged what enterprise security teams have been discovering for years: AV infrastructure is now a serious security domain, and treating it otherwise creates measurable organizational risk.
Hospitals run thousands of connected endpoints, many unmanaged, many legacy, many without modern authentication. The Nippon Medical School Musashi Kosugi Hospital incident (February 2026, claimed by NetRunner) affected 131,700 people and is one of several real-world demonstrations of how unmanaged-device exposure becomes a clinical-operations crisis.
Networked AV devices appear with increasing frequency in post-breach forensic reports as the initial point of entry or the lateral-movement path. Control rooms, conferencing platforms, digital signage, smart buildings, event venues. The organizational disconnect between AV and IT teams is the actual exposure: pure AV integrators stop at the equipment, never the network switch.
2026 cyber-insurance renewal applications now run 12 to 20 pages with line-by-line control questions. Underwriting has moved from questionnaire-based to evidence-based. Documented controls move premiums by 20 to 40 percent in either direction. Asset inventory is one of the gating questions. Missing basic controls now triggers claim denials and coverage exclusions, not just premium increases.
The original Volt Typhoon advisory: PRC actors are pre-positioning on IT networks to enable lateral movement to OT assets to disrupt functions during a potential geopolitical contingency. Cited continuously through the 2026 follow-up advisories. Some U.S. critical-infrastructure targets had been compromised for as long as five years before detection.
Read the article →cisa.gov/news-events/cybersecurity-advisories/aa24-038a
No articles match this filter yet.
Check back next month. Auto-discovered items get added on the 1st of every month, so the categories that are currently sparse will fill in as new coverage publishes.
The articles converge on continuous device inventory.
Every citation on this page describes some version of the same control gap, and every remediation path runs through Layer 1 visibility. CybrIQ’s 30-day no-fee pilot ships the artifact the auditor, the carrier, and the IG keep asking for: a signed inventory, a controls-mapped evidence pack, and a deviation log.
