{"id":5235,"date":"2026-05-24T17:48:06","date_gmt":"2026-05-24T22:48:06","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5235"},"modified":"2026-05-25T17:49:26","modified_gmt":"2026-05-25T22:49:26","slug":"the-ciso-brief-may-24-2026","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5235","title":{"rendered":"The CISO Brief &mdash; May 24, 2026"},"content":{"rendered":"<style>\n.single .entry-title,\n.single .entry-header .entry-title,\n.single .post-title,\n.single header.entry-header h1,\n.single h1.entry-title,\n.single .page-title,\n.post-template-default h1.entry-title,\n.post-template-default .entry-header,\narticle .entry-header,\narticle .entry-title { display: none !important; }\n.single .entry-header { margin: 0 !important; padding: 0 !important; }\n.single .entry-content { margin-top: 0 !important; padding-top: 0 !important; }\n<\/style>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"background-color:#f4f5f7;\">\n<tr>\n<td align=\"center\" style=\"padding:24px 12px;\">\n<table role=\"presentation\" width=\"680\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"max-width:680px;width:100%;background-color:#ffffff;border-radius:8px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.08);\">\n<tr>\n<td style=\"background-color:#1e3a8a;background:linear-gradient(135deg,#0f172a 0%,#1e3a8a 100%);padding:32px 28px 24px;color:#ffffff;\">\n<div style=\"font-size:12px;letter-spacing:2px;text-transform:uppercase;margin-bottom:8px;color:white\">CISO Bulletin &middot; Issue May 24, 2026<\/div>\n<div style=\"margin:0;font-size:28px;line-height:1.2;font-weight:700;color:#ffffff !important;mso-line-height-rule:exactly;\">The CISO Brief<\/div>\n<p style=\"margin:8px 0 0;font-size:14px;opacity:0.85;color: white;\">Regulation, board-level strategy, and the evolving CISO role<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 4px;\">\n<h2 style=\"margin:0 0 12px;font-size:18px;color:#0f172a;border-bottom:2px solid #1e3a8a;padding-bottom:6px;\">This week at a glance<\/h2>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">A bruising week for the agency CISOs report to. KrebsOnSecurity broke that a CISA contractor (Nightwing) had left AWS GovCloud admin tokens and plaintext credentials for dozens of internal CISA systems in a public GitHub repo for six months, prompting Senator Hassan to demand answers and an &ldquo;urgent&rdquo; classified briefing &mdash; an object lesson in contractor governance and secret-scanning every CISO will be asked about. Underneath that headline, an AI-governance reality-check cluster landed: the Verizon 2026 DBIR put vulnerability exploitation past credential theft for the first time in 19 years; TrustedTech&rsquo;s Shadow AI report found 65% of decision-makers using unapproved AI tools (vs. 31% of rank-and-file); Splunk pegged downtime at $600B for the Global 2000; CIO magazine called out the AI-confidence trap (84% say AI is exceeding expectations, only 39% review safety post-deployment); and Thai Vong&rsquo;s operating-model piece gives boards the playbook to pair with that data. Critical-infrastructure governance moved in parallel &mdash; the C2 ISAC launched for telecom, CISA&rsquo;s &ldquo;CI Fortify&rdquo; pushes operators to plan for sustained offline operations, the Debevoise two-year SEC 8-K tracker reframes what counts as &ldquo;material,&rdquo; cyber-insurance claim severity tightened renewals, and Microsoft Threat Intel walked an F5\/Confluence multi-stage Linux intrusion. Policy and enforcement filled out the week: the White House postponed its AI cybersecurity EO, Ofcom fast-tracked UK deepfake rules with 10%-of-revenue fines, Europol&rsquo;s Operation Saffron dismantled the First VPN bulletproof service serving 25 ransomware crews, and Interpol&rsquo;s Operation Ramz produced 201 MENA cybercrime arrests.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:18px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Entity graph &mdash; people, organizations, regulators, and how they cross-correlate<\/h2>\n<div style=\"height:3px;width:48px;background-color:#1e3a8a;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 8px;font-size:11px;color:#64748b;\">Every named entity extracted from this week&#8217;s 20 articles, with the CISO role at the center and edges showing direct relationships.<\/p>\n<div style=\"background-color:#ffffff;border:1px solid #e2e8f0;border-radius:8px;padding:14px;\">\n<img decoding=\"async\" src=\"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-content\/uploads\/2026\/05\/topic-map-ciso-2026-05-24-1.png\" alt=\"Topic map for ciso\" style=\"width:100%;max-width:880px;height:auto;display:block;margin:0 auto;\" \/>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Article index<\/h2>\n<div style=\"height:3px;width:48px;background-color:#1e3a8a;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:14px 0 8px;font-size:15px;color:#0891b2;text-transform:uppercase;letter-spacing:1px;\">CISA contractor credential leak &amp; congressional pressure<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\" style=\"color:#1d4ed8;text-decoration:none;\">CISA Admin Leaked AWS GovCloud Keys on Github<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">KrebsOnSecurity<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak\/\" style=\"color:#1d4ed8;text-decoration:none;\">Lawmakers Demand Answers as CISA Tries to Contain Data Leak<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">KrebsOnSecurity<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.axios.com\/2026\/05\/19\/cisa-credential-leak-classified-briefing-hassan\" style=\"color:#1d4ed8;text-decoration:none;\">Senator requests &ldquo;urgent&rdquo; classified briefing on CISA&#8217;s internal credential leaks<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Axios<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#9333ea;text-transform:uppercase;letter-spacing:1px;\">Critical-infrastructure governance, resilience &amp; insurance<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.cybersecuritydive.com\/news\/c2-isac-telecom-launch\/2026-05-19\/\" style=\"color:#1d4ed8;text-decoration:none;\">Telecom sector launches its own private ISAC (C2 ISAC)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Cybersecurity Dive<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.carriermanagement.com\/news\/2026\/05\/22\/cyber-insurance-claim-severity-pressure\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cyber Insurance Market Faces Pressure as Claims Severity Climbs<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Carrier Management<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.debevoisedatablog.com\/2026\/05\/21\/cybersecurity-incident-disclosure-form-8-k-tracker-two-year-update\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cybersecurity Incident Disclosure: Form 8-K Tracker (Two-Year Update)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Debevoise Data Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/github-grafana-labs-tanstack-supply-chain\/\" style=\"color:#1d4ed8;text-decoration:none;\">GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages\/\" style=\"color:#1d4ed8;text-decoration:none;\">CISA tells critical organizations to prepare for cyber outages (CI Fortify)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Federal News Network<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Week of May 18, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/therecord.media\/cisa-critical-infrastructure-offline-cyberattacks-targeted-assessments\" style=\"color:#1d4ed8;text-decoration:none;\">New CISA initiative aims for critical infrastructure to operate offline during cyberattacks<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Record<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Week of May 18, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/22\/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence\/\" style=\"color:#1d4ed8;text-decoration:none;\">From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Microsoft Security Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#16a34a;text-transform:uppercase;letter-spacing:1px;\">Threat landscape &amp; ransomware economics<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.securityweek.com\/verizon-dbir-2026-vulnerability-exploitation-overtakes-credential-theft-as-top-breach-vector\/\" style=\"color:#1d4ed8;text-decoration:none;\">Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">SecurityWeek<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/securityaffairs.com\/2026\/05\/23\/why-pure-extortion-is-replacing-traditional-ransomware.html\" style=\"color:#1d4ed8;text-decoration:none;\">Why pure extortion is replacing traditional ransomware<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Security Affairs<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 23, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#dc2626;text-transform:uppercase;letter-spacing:1px;\">AI-governance reality check<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/25\/trustedtech-shadow-ai-decision-makers\/\" style=\"color:#1d4ed8;text-decoration:none;\">Turns out the C-suite loves shadow AI<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 25, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/22\/splunk-hidden-costs-of-downtime-2026\/\" style=\"color:#1d4ed8;text-decoration:none;\">Downtime has become a $600 billion business problem<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.cio.com\/article\/2026\/05\/21\/cios-should-beware-the-ai-confidence-trap.html\" style=\"color:#1d4ed8;text-decoration:none;\">CIOs should beware the AI confidence trap<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CIO (Grant Gross)<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.cio.com\/article\/2026\/05\/20\/ai-can-write-code-but-the-cio-still-owns-the-operating-model.html\" style=\"color:#1d4ed8;text-decoration:none;\">AI can write code, but the CIO still owns the operating model<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CIO (Thai Vong)<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#475569;text-transform:uppercase;letter-spacing:1px;\">Policy, regulation &amp; law enforcement<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/techcrunch.com\/2026\/05\/21\/law-enforcement-shuts-down-vpn-service-used-by-two-dozen-ransomware-gangs\/\" style=\"color:#1d4ed8;text-decoration:none;\">Law enforcement shuts down VPN service used by two dozen ransomware gangs (Operation Saffron)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">TechCrunch<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2026-05-21\/white-house-postpones-ai-cybersecurity-order-signing\" style=\"color:#1d4ed8;text-decoration:none;\">White House Postpones AI Cybersecurity Order Signing by Trump<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Bloomberg<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/therecord.media\/uk-ofcom-online-safety-deepfakes-non-consensual-intimate-images\" style=\"color:#1d4ed8;text-decoration:none;\">UK regulator to require tech firms to tackle deepfakes, non-consensual intimate images<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Record<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/therecord.media\/interpol-operation-ramz-middle-east-cybercrime-201-arrests\" style=\"color:#1d4ed8;text-decoration:none;\">More than 200 arrested in cyber raids aimed at Middle East scam network (Operation Ramz)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Record<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 18, 2026<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Detailed write-ups<\/h2>\n<div style=\"height:3px;width:48px;background-color:#1e3a8a;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">CISA contractor leaked AWS GovCloud keys on GitHub &mdash; and the political pressure has begun<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Brian Krebs reported that a contractor account named &ldquo;Private-CISA&rdquo; &mdash; tied to Nightwing &mdash; sat on a public GitHub repo since November 2025 containing AWS GovCloud admin tokens, plaintext credentials for dozens of internal CISA systems, and 844 MB of artifacts across git history. GitHub&rsquo;s native secret-scanning had been disabled on the repo, and the AWS keys reportedly remained valid for 48 hours after the takedown notice. The leak is now the cleanest available case study on contractor governance: it pierces every assumption boards make about how a federal cyber agency&rsquo;s own supply chain manages secrets.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Follow-on Krebs reporting added that other researchers found additional exposed credentials during the cleanup, that Nightwing&rsquo;s onboarding\/offboarding controls did not catch the public-repo configuration, and that CISA is still working through the blast radius. For CISOs, the action list is short and specific: re-baseline secret-scanning on every contractor and vendor org you can see, force a rotation of long-lived cloud keys, mandate OIDC trusted-publishing or short-lived workload identity for any CI\/CD that touches production, and have legal review your contractor MSAs for explicit secret-management and breach-notification clauses.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The political dimension matters too. Senator Hassan sent CISA a 12-question letter demanding a briefing by June 5 and separately requested an &ldquo;urgent&rdquo; classified briefing. Whatever your federal exposure, expect customers and auditors to ask &ldquo;could this happen to us?&rdquo; in the next 30 days &mdash; have the secret-scanning, key-rotation, and contractor-repo inventory numbers ready before they do.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\" style=\"color:#1d4ed8;text-decoration:none;\">KrebsOnSecurity (May 19)<\/a> &middot; <a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak\/\" style=\"color:#1d4ed8;text-decoration:none;\">KrebsOnSecurity (May 22)<\/a> &middot; <a href=\"https:\/\/www.axios.com\/2026\/05\/19\/cisa-credential-leak-classified-briefing-hassan\" style=\"color:#1d4ed8;text-decoration:none;\">Axios<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Verizon DBIR 2026: vulnerability exploitation finally overtakes credential theft<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">For the first time in 19 years of DBIR data, vulnerability exploitation (31%) edged past credential abuse (13%) as the top initial-access vector. Third-party-related breaches jumped roughly 60% year-over-year. Ransomware appeared in 48% of incidents. The harder data point: organizations patched only 26% of CISA KEV entries in the reporting window, down from 38% in the prior year &mdash; in a window when AI is compressing time-to-exploit from months to hours.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">For board narratives, this is a thesis-shifting year. The decade-long &ldquo;identity is the new perimeter&rdquo; framing isn&rsquo;t wrong, but the marginal dollar now also has to go into KEV-aligned remediation velocity, third-party blast-radius modeling, and exposure-management programs that actually translate scan-to-fix lead times into something measurable on a board pack.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.securityweek.com\/verizon-dbir-2026-vulnerability-exploitation-overtakes-credential-theft-as-top-breach-vector\/\" style=\"color:#1d4ed8;text-decoration:none;\">SecurityWeek<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">The AI-governance reality-check cluster: the C-suite is the shadow-AI problem<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">TrustedTech&rsquo;s 2026 Shadow AI in the Workplace report flipped the conventional story: 65% of decision-makers admit using unapproved AI tools versus 31% of employees below decision-maker level. 78% of decision-makers describe themselves as &ldquo;confident&rdquo; using AI vs. 43% of staff; 44% acknowledge their organization lacks any AI-safety training; and roughly a third say they would keep using their AI of choice even if the company explicitly banned it. The people writing the AI policies are bypassing them.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Two companion data points reinforce the picture. CIO&rsquo;s &ldquo;AI confidence trap&rdquo; piece (Grant Gross) cites Economist Impact survey work showing 84% of IT leaders say their AI projects are exceeding estimates, while only 43% require teams to track impact and 39% review AI projects for safety risks after deployment. Eddie Milev&rsquo;s warning lands: &ldquo;If companies don&rsquo;t sustain governance after they deploy AI systems, they run a massive risk to have these systems go rogue.&rdquo; Splunk&rsquo;s Hidden Costs of Downtime 2026 then quantifies the consequence side &mdash; $600B across the Global 2000 (a 50% jump in two years), $300M average per company, 63% of outages now caused by third parties (up from 24%), and a median $24.5M annual spend on AI outage-prevention tooling that doesn&rsquo;t yet exist on most CISO budget lines.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Thai Vong&rsquo;s CIO piece is the operating-model complement: a three-question intake (what data, what action, what consequence if it&rsquo;s wrong?), mapped to four criticality tiers from &ldquo;read approved info and summarize&rdquo; up to &ldquo;move files, trigger workflows, approve transactions, touch production.&rdquo; Pair it with NIST AI RMF and OWASP&rsquo;s Agentic AI threats list for the formal references. Together these four pieces give you a usable board narrative: the data showing why governance is failing, plus a practical structure for fixing it before the next quarterly review.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/25\/trustedtech-shadow-ai-decision-makers\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (TrustedTech)<\/a> &middot; <a href=\"https:\/\/www.cio.com\/article\/2026\/05\/21\/cios-should-beware-the-ai-confidence-trap.html\" style=\"color:#1d4ed8;text-decoration:none;\">CIO (confidence trap)<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/22\/splunk-hidden-costs-of-downtime-2026\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (Splunk)<\/a> &middot; <a href=\"https:\/\/www.cio.com\/article\/2026\/05\/20\/ai-can-write-code-but-the-cio-still-owns-the-operating-model.html\" style=\"color:#1d4ed8;text-decoration:none;\">CIO (Thai Vong)<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">CISA &ldquo;CI Fortify&rdquo;: plan to run offline, for days<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">CISA&rsquo;s new &ldquo;CI Fortify&rdquo; initiative pushes critical-infrastructure operators &mdash; utilities, transportation, water, communications &mdash; to plan for sustained offline operations during a geopolitical cyber crisis, not just rapid recovery from a contained incident. The Record adds that CISA plans &ldquo;targeted assessments&rdquo; of defense-critical infrastructure to validate that BCPs aren&rsquo;t silently dependent on cloud, SaaS, or third-party telemetry.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">CISO action items: rehearse a 72-hour degraded-mode tabletop with the BCP team; identify silent SaaS dependencies in your IR runbook; validate that your detection-and-response stack has a working offline mode; and check that any &ldquo;break-glass&rdquo; admin paths actually work when SSO is unreachable. This guidance also gives you board cover to invest in the unglamorous operational resilience line items that compete poorly with shinier AI projects.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages\/\" style=\"color:#1d4ed8;text-decoration:none;\">Federal News Network<\/a> &middot; <a href=\"https:\/\/therecord.media\/cisa-critical-infrastructure-offline-cyberattacks-targeted-assessments\" style=\"color:#1d4ed8;text-decoration:none;\">The Record<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Telecom sector launches the C2 ISAC &mdash; a model for sector self-governance<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">AT&amp;T, Verizon, T-Mobile, Charter, Comcast, Cox, Lumen, and Zayo jointly launched the Communications Cybersecurity ISAC (C2 ISAC) to share intel on state-sponsored and AI-powered campaigns &mdash; a direct response to Salt Typhoon and its successors. The marquee point for CISOs in other sectors: an ISAC stand-up that gets eight major competitors aligned in months, after a year of public regulatory pressure, is a template for what voluntary sector governance can look like before legislation forces it.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">If your sector lacks an ISAC or has one that doesn&rsquo;t produce machine-readable intel, this is a useful comparable to bring to your industry association. Worth tracking how C2 ISAC&rsquo;s indicator-sharing cadence and TLP discipline develop &mdash; success or failure here will shape what other sectors propose.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.cybersecuritydive.com\/news\/c2-isac-telecom-launch\/2026-05-19\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cybersecurity Dive<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Debevoise 8-K tracker: two years in, the line on &ldquo;material&rdquo; has shifted<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Two years after the SEC&rsquo;s cyber disclosure rule took effect, Debevoise&rsquo;s data shows only 29 Item 1.05 &ldquo;material&rdquo; filings against 50 voluntary Item 8.01 filings &mdash; meaning most public-company disclosures are still being made on a non-material, &ldquo;informational&rdquo; basis. Debevoise reads SEC enforcement trajectories as tightening, with a sharper line on what counts as material and what doesn&rsquo;t.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Practical implication: refresh your 8-K materiality determination playbook with audit, legal, and IR; make sure your CFO and audit-committee chair can articulate why a given incident did or did not cross the threshold; and tie this exercise to your incident-classification rubric so the materiality decision is a continuation of the IR workflow rather than a side-process.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.debevoisedatablog.com\/2026\/05\/21\/cybersecurity-incident-disclosure-form-8-k-tracker-two-year-update\/\" style=\"color:#1d4ed8;text-decoration:none;\">Debevoise Data Blog<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Cyber-insurance claim severity is climbing into 2026 renewals<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Carrier Management reports on Travelers&rsquo; enterprise cyber lead detailing rising frequency and severity of claims, which is pressuring what had been a soft market on pricing. For CISOs, this directly affects renewal economics: expect tighter sub-limits on ransomware and business-interruption, more rigorous control attestations, and harder conversations on segmentation, EDR coverage, and identity hygiene as gating items for preferred terms.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Prep work to do before your next renewal cycle: a clean inventory of identity controls (phishing-resistant MFA coverage, privileged-access lifecycle, service-account hygiene), an honest patch SLA report against CISA KEV, evidence of working backups with restore tests, and a tabletop result you can hand the underwriter. This pairs with the Security Affairs &ldquo;pure extortion&rdquo; piece &mdash; exfiltration detection and outbound DLP are now line items insurers will ask about.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.carriermanagement.com\/news\/2026\/05\/22\/cyber-insurance-claim-severity-pressure\/\" style=\"color:#1d4ed8;text-decoration:none;\">Carrier Management<\/a> &middot; <a href=\"https:\/\/securityaffairs.com\/2026\/05\/23\/why-pure-extortion-is-replacing-traditional-ransomware.html\" style=\"color:#1d4ed8;text-decoration:none;\">Security Affairs<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">F5 + Confluence: edge-to-AD compromise as a board-relevant story<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Microsoft Threat Intel walked through a real-world intrusion in which an end-of-life F5 BIG-IP appliance was used to pivot through an internet-exposed Confluence instance, and from there into Active Directory. The technical chain is familiar &mdash; what makes it board-relevant is the simple framing: EOL appliances and unpatched collaboration tools are quietly carrying enterprise-grade attack chains in 2026, and many organizations still don&rsquo;t have a clean inventory of EOL network gear or a forced-retirement policy.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Use this case to push edge-appliance lifecycle policy onto your next ops\/risk-committee agenda: a current EOL inventory, a forced-replacement budget line, and a measurable burn-down. Pair with the TanStack\/Grafana root-cause analysis &mdash; both stories underline that a single missed credential or expired appliance turns into a major IP-loss event.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/22\/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft Security Blog<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/github-grafana-labs-tanstack-supply-chain\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (TanStack root cause)<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Policy this week: postponed AI EO, UK deepfake rules, two big takedowns<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Bloomberg reported that internal White House disagreements postponed a planned AI cybersecurity executive order &mdash; the draft would have touched on AI lab disclosure, Pentagon hardening, cyber hiring, and federal-to-private threat sharing. The postponement is itself the signal: federal AI cyber policy is in flux, and CISOs planning 12-month roadmaps should not assume any specific mandate is imminent. Across the Atlantic, UK Ofcom moved to fast-track Online Safety Act rules requiring hash-matching for non-consensual intimate imagery and AI deepfakes, 48-hour takedown obligations, and fines of up to 10% of global revenue. Any CISO at a UGC platform or general counsel team should be scoping their content-moderation, hash-database, and incident workflow against those numbers now.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">On enforcement, Europol&rsquo;s Operation Saffron dismantled First VPN &mdash; a bulletproof service used by 25 ransomware crews since 2014, including Avaddon-lineage groups &mdash; seizing 33 servers in 27 countries plus a Ukrainian admin and a ~5,000-account user database. Interpol&rsquo;s Operation Ramz delivered its first MENA-region cybercrime takedown: 201 arrests, 53 servers seized, 3,867 victims identified, intel shared across 13 countries. Neither is a one-time win &mdash; the user\/operator lists from both operations will feed pre-positioned IOC and TTP intel into ISACs for months. Watch for ISAC bulletins referencing both operations and feed them into your threat-intel pipeline.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2026-05-21\/white-house-postpones-ai-cybersecurity-order-signing\" style=\"color:#1d4ed8;text-decoration:none;\">Bloomberg<\/a> &middot; <a href=\"https:\/\/therecord.media\/uk-ofcom-online-safety-deepfakes-non-consensual-intimate-images\" style=\"color:#1d4ed8;text-decoration:none;\">The Record (Ofcom)<\/a> &middot; <a href=\"https:\/\/techcrunch.com\/2026\/05\/21\/law-enforcement-shuts-down-vpn-service-used-by-two-dozen-ransomware-gangs\/\" style=\"color:#1d4ed8;text-decoration:none;\">TechCrunch (Saffron)<\/a> &middot; <a href=\"https:\/\/therecord.media\/interpol-operation-ramz-middle-east-cybercrime-201-arrests\" style=\"color:#1d4ed8;text-decoration:none;\">The Record (Ramz)<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Calls to action for the next 7 days<\/h2>\n<div style=\"height:3px;width:48px;background-color:#1e3a8a;margin-bottom:14px;\"><\/div>\n<ol style=\"margin:0 0 12px 18px;padding:0;font-size:14px;color:#374151;\">\n<li style=\"margin-bottom:8px;\"><strong>Force a contractor-repo and secret-scanning audit.<\/strong> Confirm GitHub\/GitLab secret-scanning and push-protection are on for every contractor\/vendor org, rotate any long-lived cloud keys touching production, and require OIDC or short-lived workload identity for CI\/CD. Bring the inventory to your next risk committee &mdash; that&rsquo;s the question CISA-leak coverage will trigger from auditors and customers.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Run a 72-hour offline-mode tabletop<\/strong> aligned to CISA&rsquo;s &ldquo;CI Fortify&rdquo; framing. Validate that your BCP doesn&rsquo;t silently assume cloud\/SaaS availability, your detection stack has an offline mode, and break-glass admin paths work when SSO is down.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Refresh the AI-governance board slide<\/strong> with the new triangulation: TrustedTech (decision-makers are the shadow-AI problem), CIO confidence trap (84% report success, 39% review safety), Splunk ($600B downtime, 63% third-party-caused), and Thai Vong&rsquo;s three-question intake. Pair with NIST AI RMF and OWASP Agentic AI as the formal references.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Re-baseline your 8-K materiality playbook<\/strong> against the Debevoise two-year data. Walk audit, legal, IR, and the CFO through 2&ndash;3 plausible scenarios and document why each does or doesn&rsquo;t cross the threshold &mdash; before you have to do it under deadline.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Prep cyber-insurance renewal evidence early.<\/strong> Phishing-resistant MFA coverage, privileged-access lifecycle, service-account hygiene, KEV remediation SLA, restore-tested backups, and a recent tabletop result &mdash; with exfiltration-detection and outbound DLP added to the package given the shift to pure-extortion tradecraft.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Open an EOL appliance &amp; collaboration-tool inventory.<\/strong> Driven by the F5\/Confluence intrusion case, build a current EOL list across edge appliances and collaboration tools, assign owners, and put a forced-retirement budget line in front of the CFO this cycle.<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 32px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:12px;text-align:center;\">\n<p style=\"margin:0 0 6px;color:#6b7280;\">The CISO Brief &middot; a Newshunter publication<\/p>\n<p style=\"margin:0 0 6px;color:#6b7280;\">Weekly news items are from the previous seven days. Foundational reading is refreshed each week.<\/p>\n<p style=\"margin:0 0 10px;color:#6b7280;\"><a href=\"*|UNSUB|*\" style=\"color:#1d4ed8;text-decoration:none;\">Unsubscribe<\/a> &middot; <a href=\"*|ARCHIVE|*\" style=\"color:#1d4ed8;text-decoration:none;\">View in browser<\/a><\/p>\n<p style=\"margin:14px 0 4px;font-size:11px;color:#9ca3af;\">Newsletter design, layout, and editorial curation &copy; 2026 Security Radar LLC. All rights reserved.<\/p>\n<p style=\"margin:0;font-size:11px;color:#9ca3af;\">Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>CISO Bulletin &middot; Issue May 24, 2026 The CISO Brief Regulation, board-level strategy, and the evolving CISO role This week at a glance A bruising week for the agency CISOs report to. KrebsOnSecurity broke that a CISA contractor (Nightwing) had left AWS GovCloud admin tokens and plaintext credentials for dozens&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,12,42],"tags":[],"class_list":["post-5235","post","type-post","status-publish","format-standard","hentry","category-editorial","category-regulations","category-security-industry-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5235"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5235\/revisions"}],"predecessor-version":[{"id":5257,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5235\/revisions\/5257"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}