Germany’s NIS2 law becomes mandatory in December and obligates approximately 29,500 companies to implement standardized information security management, risk governance, and incident reporting.
Three chained bugs in Microsoft 365 Copilot allowed attackers to exfiltrate corporate data via a legitimate microsoft.com link, as traditional anti-phishing filters did not block legitimate sources.
The NIS2 Directive covers approximately 30,000 additional companies that must align their cybersecurity governance and technical controls with EU-wide standards.
Poisoned documents can turn reasoning-based AI guardrails into DoS weapons by leveraging security systems themselves as resource sinks—a new attack vector with concentration risks in shared governance infrastructure.
Attackers can exploit reasoning guardrails of AI agents through deliberately manipulated inputs to cause resource exhaustion without bypassing the security mechanisms themselves.
Langflow instances are under active attack via CVE-2026-5027 (patch available since April), which enables arbitrary file writes and remote code execution – particularly critical with default authentication and internet accessibility.