The SEC has dropped its lawsuit against SolarWinds and its CISO, which accused them of misleading investors about security practices related to the 2020 SUNBURST attack. SolarWinds claims the decision is a vindication, easing concerns among CISOs about regulatory repercussions in cyber incidents. The case highlighted the challenges of holding executives accountable after cyberattacks.

A defamation lawsuit filed by Chris Hadnagy against the Def Con cybersecurity conference was dismissed by a court, which ruled that the conference's Transparency Reports regarding Hadnagy's misconduct were protected by the truth defense. Despite Hadnagy's claims of false implications regarding sexual misconduct, the court found that evidence revealed subsequent to the reports supported the claims made by Def Con, affirming that true statements cannot be deemed defamatory.

The University of Maryland Medical Center (UMMC) is facing a class action lawsuit from former and current employees after a pharmacist allegedly used keyloggers and spyware to access personal information and conduct a cyberstalking campaign against approximately 80 female co-workers. The lawsuit claims UMMC failed to implement adequate cybersecurity measures, which allowed the pharmacist to exploit sensitive data over nearly a decade.

Microsoft-owned Nuance has agreed to pay $8.5 million to settle a class action lawsuit related to the MOVEit Transfer data breach, which exposed the personal information of over 1.2 million individuals. While Nuance denies any liability, the settlement aims to resolve claims that the company failed to secure data against the vulnerabilities exploited by the Clop ransomware gang. The case highlights ongoing concerns regarding cybersecurity and liability in supply-chain breaches.

A former security chief of WhatsApp, Attaullah Baig, has filed a whistleblower lawsuit against Meta, alleging that the company failed to address significant cybersecurity flaws that jeopardized user data privacy. The lawsuit claims that around 1,500 engineers had unrestricted access to personal user information, violating a previous Federal Trade Commission order. Meta has denied the allegations presented in the lawsuit.

Clorox has filed a lawsuit against its IT provider, Cognizant, claiming that hackers accessed employee passwords through basic social engineering tactics. The lawsuit alleges that Cognizant failed to manage cybersecurity effectively and allowed unauthorized access to Clorox's network. Cognizant counters that it only provided limited help desk services and is not responsible for the cybersecurity breach.