<?xml version="1.0" encoding="UTF-8"?>        <rss version="2.0"
             xmlns:atom="http://www.w3.org/2005/Atom"
             xmlns:dc="http://purl.org/dc/elements/1.1/"
             xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
             xmlns:admin="http://webns.net/mvcb/"
             xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
             xmlns:content="http://purl.org/rss/1.0/modules/content/">
        <channel>
            <title>
									NHIMG Forum - Recent Topics				            </title>
            <link>https://nhimg.org/community/</link>
            <description>NHIMG Discussion Board</description>
            <language>en-US</language>
            <lastBuildDate>Sat, 18 Jul 2026 00:50:27 +0000</lastBuildDate>
            <generator>wpForo</generator>
            <ttl>60</ttl>
							                    <item>
                        <title>Silk Typhoon arrest and exposed credentials: what do teams need to watch?</title>
                        <link>https://nhimg.org/community/nhi-breaches/silk-typhoon-arrest-and-exposed-credentials-what-do-teams-need-to-watch/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:41 +0000</pubDate>
                        <description><![CDATA[TL;DR: The arrest of an alleged Silk Typhoon member underscores how state-linked operators combine vulnerability exploitation, password spraying, and exposed credentials to reach downstream ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> The arrest of an alleged Silk Typhoon member underscores how state-linked operators combine vulnerability exploitation, password spraying, and exposed credentials to reach downstream targets, according to Swarmnetics. The case reinforces that identity exposure, not just patch cadence, shapes espionage risk across NHI, VPN, and managed-service access paths.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics: Chinese hacker nabbed on Italian vacation accused of being part of Silk Typhoon</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>When AWS credentials are exposed publicly, attackers <a href="https://swarmnetics.com/blog/chinese-hacker-nabbed-on-italian-vacation-accused-of-being-part-of-silk-typhoon/?utm_source=nhimg&amp;utm_medium=NHIForum">attempt access within an average of 17 minutes</a>.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-exposed-credentials-are-not-revoked-quickly/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when exposed credentials are not revoked quickly?</a></strong></p>
<p><strong>A:</strong> Exposed credentials create a standing access window that attackers can exploit before defenders notice.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-managed-service-provider-accounts-create-outsized-risk/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do managed service provider accounts create outsized risk?</a></strong></p>
<p><strong>A:</strong> Because they often bridge multiple clients and control planes, so one compromise can reach many environments.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-security-teams-get-wrong-about-password-spraying/?utm_source=nhimg&amp;utm_medium=NHIForum">What do security teams get wrong about password spraying?</a></strong></p>
<p><strong>A:</strong> They treat it as an authentication nuisance instead of an identity reconnaissance method.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Hunt exposed secrets across public and private channels</strong> Scan code repositories, ticketing systems, chat exports, and logs for credentials that could be used for password spraying or direct reuse.</li>
<li><strong>Review downstream trust paths from managed service providers</strong> Map which client environments, admin consoles, and support workflows a partner account can reach, then remove unnecessary breadth.</li>
<li><strong>Tighten authentication against sprayable accounts</strong> Enforce stronger authentication on accounts that touch internet-facing systems, especially where MFA coverage is incomplete or fallback authentication exists.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full article covers the incident details this post intentionally leaves for the source:</p>
<ul>
<li>Arrest chronology and the US charges tied to the alleged Silk Typhoon operator.</li>
<li>Background on the group’s history, target set, and activity across multiple countries.</li>
<li>Source reporting on the group’s use of vulnerabilities, password spraying, and exposed credentials.</li>
<li>The article’s discussion of the broader intelligence and law-enforcement implications.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/chinese-hacker-nabbed-on-italian-vacation-accused-of-being-part-of-silk-typhoon/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' analysis of the Silk Typhoon arrest and credential-driven intrusion patterns →</a></strong></p>
<p><em>Silk Typhoon arrest and exposed credentials: what do teams need to watch?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/silk-typhoon-arrest-and-exposed-credentials-what-do-teams-need-to-watch/</guid>
                    </item>
				                    <item>
                        <title>xAI API key leaks: what does this mean for AI access governance?</title>
                        <link>https://nhimg.org/community/nhi-breaches/xai-api-key-leaks-what-does-this-mean-for-ai-access-governance/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:29 +0000</pubDate>
                        <description><![CDATA[TL;DR: A July 13 GitHub commit exposed an API key with access to at least 52 xAI models, and security researchers said it continued to function after removal, underscoring how quickly leaked...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> A July 13 GitHub commit exposed an API key with access to at least 52 xAI models, and security researchers said it continued to function after removal, underscoring how quickly leaked secrets can outlive detection according to Swarmnetics and GitGuardian. Access review without rapid revocation is no longer a meaningful control when credentials remain valid after exposure.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics covering the second xAI API key leak: Second API Key Slip for Musk’s AI Models by DOGE Staffer Raises Questions About Security</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>A July 13 GitHub commit came bundled with <a href="https://swarmnetics.com/blog/second-api-key-slip-for-musks-ai-models-by-doge-staffer-raises-questions-about-security/?utm_source=nhimg&amp;utm_medium=NHIForum">another unprotected API key for over 50 AI models</a>.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-govern-api-keys-used-for-generative-ai-access/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams govern API keys used for generative AI access?</a></strong></p>
<p><strong>A:</strong> Treat them as machine identities with lifecycle controls, not as disposable developer conveniences.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-leaked-ai-credentials-create-a-larger-governance-problem-than-a-simple-co/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do leaked AI credentials create a larger governance problem than a simple code mistake?</a></strong></p>
<p><strong>A:</strong> Because the secret is the authority.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-ai-access-is-governed-separately-from-human-and-nhi-access/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when AI access is governed separately from human and NHI access?</a></strong></p>
<p><strong>A:</strong> Separate governance creates inconsistent policy enforcement, slower revocation, and blind spots in review.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Classify AI model API keys as governed NHIs</strong> Assign <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">explicit owners, expiry dates, and revocation paths</a> to every model access key stored in code, scripts, or deployment variables.</li>
<li><strong>Block secrets from source control before merge</strong> Use pre-commit and CI checks to prevent API keys from entering GitHub commits, then quarantine any repository findings until the credential is replaced and verified inactive.</li>
<li><strong>Measure exposed-secret dwell time</strong> Track the interval between first exposure, discovery, revocation, and confirmed invalidation.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The exact GitHub commit context and how the key was discovered in the repository flow.</li>
<li>The sequence of notification, response, and delayed key invalidation that followed the exposure.</li>
<li>The scope of the affected xAI model access and why the key's continued validity mattered.</li>
<li>The surrounding staff and federal adoption context that changes how practitioners should interpret the exposure.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/second-api-key-slip-for-musks-ai-models-by-doge-staffer-raises-questions-about-security/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' analysis of the second xAI API key leak and model access exposure →</a></strong></p>
<p><em>xAI API key leaks: what does this mean for AI access governance?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/xai-api-key-leaks-what-does-this-mean-for-ai-access-governance/</guid>
                    </item>
				                    <item>
                        <title>Yocto Project 5.0.11: what the CVE-heavy release means for teams</title>
                        <link>https://nhimg.org/community/nhi-breaches/yocto-project-5-0-11-what-the-cve-heavy-release-means-for-teams/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:26 +0000</pubDate>
                        <description><![CDATA[TL;DR: Yocto Project 5.0.11 is a point release that bundles fixes across core build components and libraries, including binutils, busybox, glibc, libxml2, python packages, sudo, and linux-yo...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Yocto Project 5.0.11 is a point release that bundles fixes across core build components and libraries, including binutils, busybox, glibc, libxml2, python packages, sudo, and linux-yocto-6.6, according to Cybertrust Japan. The release reinforces that embedded Linux programs need disciplined patch intake, dependency tracking, and supply chain validation rather than relying on upstream release cycles alone.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Cybertrust Japan: Yocto Project 5.0.11 release notes and vulnerability fixes</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li><a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum#key-research-and-survey-results">Only 20% have formal processes</a> for offboarding and revoking API keys, and even fewer have procedures for rotating them.</li>
<li><a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum#key-research-and-survey-results">96% of organisations store secrets outside</a> of secrets managers in vulnerable locations including code, config files, and CI/CD tools.</li>
<li><a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum#key-research-and-survey-results">97% of NHIs carry excessive privileges</a>, increasing unauthorised access and broadening the attack surface.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-teams-secure-build-pipelines-that-produce-embedded-linux-images/?utm_source=nhimg&amp;utm_medium=NHIForum">How should teams secure build pipelines that produce embedded Linux images?</a></strong></p>
<p><strong>A:</strong> Treat build pipelines as privileged infrastructure, not just automation.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-point-releases-still-leave-organisations-exposed-after-cve-fixes/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do point releases still leave organisations exposed after CVE fixes?</a></strong></p>
<p><strong>A:</strong> Because fixing the code is only one part of the problem.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-security-teams-get-wrong-about-software-supply-chain-risk/?utm_source=nhimg&amp;utm_medium=NHIForum">What do security teams get wrong about software supply chain risk?</a></strong></p>
<p><strong>A:</strong> They often focus on known vulnerabilities inside dependencies and miss the trust path that delivers the software.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Map every build-time identity to an owner</strong> Inventory <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">CI jobs, repository tokens, signing keys</a>, mirror credentials, and release automation accounts that touch Yocto builds.</li>
<li><strong>Verify fix provenance at the recipe layer</strong> Confirm that CVE remediation landed in the relevant layer or recipe, not just in a version string.</li>
<li><strong>Tighten secret scope around build and signing systems</strong> Use short-lived credentials where possible and remove broad access from pipeline accounts, mirrors, and signing services.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Cybertrust Japan's full article covers the release artefacts, repository revisions, and package-by-package CVE fixes this post intentionally leaves at a strategic level:</p>
<ul>
<li>Detailed list of the affected packages and the specific CVEs fixed in each one.</li>
<li>Release artefact names, repository tags, and Git revisions for reproducing the exact build baseline.</li>
<li>Download locations for the tarballs, useful when validating supply chain integrity or mirroring the release.</li>
<li>The original Japanese release note context and cross-reference to the announcement page.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.cybertrust.co.jp/blog/iot/yocto/5-0-11.html?utm_source=nhimg&amp;utm_medium=NHIForum">Read Cybertrust Japan's Yocto Project 5.0.11 release note and CVE fix list →</a></strong></p>
<p><em>Yocto Project 5.0.11: what the CVE-heavy release means for teams?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/yocto-project-5-0-11-what-the-cve-heavy-release-means-for-teams/</guid>
                    </item>
				                    <item>
                        <title>Accidental spreadsheet leaks: what it means for identity governance</title>
                        <link>https://nhimg.org/community/nhi-breaches/accidental-spreadsheet-leaks-what-it-means-for-identity-governance/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:18 +0000</pubDate>
                        <description><![CDATA[TL;DR: A mistaken spreadsheet email in 2022 exposed Afghans linked to UK military operations, prompting secret relocations, a superinjunction, and a resettlement bill already around £2 billi...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> A mistaken spreadsheet email in 2022 exposed Afghans linked to UK military operations, prompting secret relocations, a superinjunction, and a resettlement bill already around £2 billion, according to Swarmnetics. The case shows how a single disclosure can become an identity protection crisis when access, distribution, and offboarding controls fail together.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics: Billions Spent on Thousands of Rapid and Secret Relocations of Afghans to UK After Accidental Data Leak</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li><a href="https://swarmnetics.com/blog/billions-spent-on-thousands-of-rapid-and-secret-relocations-of-afghans-to-uk-after-accidental-data-leak/?utm_source=nhimg&amp;utm_medium=NHIForum">About 4,500 Afghans</a> have already been resettled prior to this news breaking.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-sensitive-identity-data-is-accidentally-shared-outside-controll/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when sensitive identity data is accidentally shared outside controlled channels?</a></strong></p>
<p><strong>A:</strong> The main failure is loss of containment.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-leaked-identity-records-create-risks-beyond-privacy-compliance/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do leaked identity records create risks beyond privacy compliance?</a></strong></p>
<p><strong>A:</strong> Because some records are operationally dangerous, not just personal.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-teams-know-if-identity-security-controls-are-actually-working/?utm_source=nhimg&amp;utm_medium=NHIForum">How do teams know if identity security controls are actually working?</a></strong></p>
<p><strong>A:</strong> Identity security controls are working when teams can show a current view of high-risk entitlements, detect privilege drift quickly, and remove access before exposure spreads.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Map sensitive identity datasets before they move</strong> <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">Catalogue spreadsheets, exports, and working files</a> that contain names, roles, screening data, or protection-related attributes.</li>
<li><strong>Restrict outbound sharing of high-risk records</strong> Apply recipient validation, external sharing limits, and case-level approval for files that could expose at-risk individuals.</li>
<li><strong>Build post-disclosure remediation workflows</strong> Define who contacts affected people, who assesses harm, who freezes further distribution, and who tracks remediation status after exposure.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full article covers the operational and political detail this post intentionally leaves for the source:</p>
<ul>
<li>The chronology of the 2022 leak, the 2023 Facebook exposure, and the later legal suppression.</li>
<li>The reported relocation process and why the response became a national policy issue.</li>
<li>The claimed Taliban access path and the unresolved questions around downstream sharing.</li>
<li>The class action context and the scale of compensation sought by affected Afghans.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/billions-spent-on-thousands-of-rapid-and-secret-relocations-of-afghans-to-uk-after-accidental-data-leak/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' analysis of the Afghanistan spreadsheet leak and resettlement response →</a></strong></p>
<p><em>Accidental spreadsheet leaks: what it means for identity governance?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/accidental-spreadsheet-leaks-what-it-means-for-identity-governance/</guid>
                    </item>
				                    <item>
                        <title>SIM farms and mobile network disruption: what practitioners need to know</title>
                        <link>https://nhimg.org/community/nhi-breaches/sim-farms-and-mobile-network-disruption-what-practitioners-need-to-know/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:16 +0000</pubDate>
                        <description><![CDATA[TL;DR: A New York SIM farm raid showed how a setup with 300 SIM boxes and about 100,000 SIM cards could, at relatively low cost, overwhelm towers or emergency communications if used offensiv...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> A New York SIM farm raid showed how a setup with 300 SIM boxes and about 100,000 SIM cards could, at relatively low cost, overwhelm towers or emergency communications if used offensively, according to Swarmnetics. The real lesson is that scale, rotation, and residential concealment can turn ordinary telecom abuse into critical infrastructure risk.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics covering the New York SIM farm raid: NYC SIM Farm Bust Demonstrates Major Threat to Mobile Networks</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>The NYC SIM farm used <a href="https://swarmnetics.com/blog/nyc-sim-farm-bust-demonstrates-major-threat-to-mobile-networks/?utm_source=nhimg&amp;utm_medium=NHIForum">300 SIM boxes running about 100,000 SIM cards</a>.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-telecom-abuse-is-treated-as-only-a-fraud-problem/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when telecom abuse is treated as only a fraud problem?</a></strong></p>
<p><strong>A:</strong> Teams miss the resilience and public-safety dimension.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-rotating-subscriber-identities-make-detection-harder/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do rotating subscriber identities make detection harder?</a></strong></p>
<p><strong>A:</strong> Rotation reduces the usefulness of simple thresholds because each identity looks low volume on its own.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-security-teams-get-wrong-about-sim-farms/?utm_source=nhimg&amp;utm_medium=NHIForum">What do security teams get wrong about SIM farms?</a></strong></p>
<p><strong>A:</strong> They often assume the threat is limited to fraud or nuisance calling.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Build cross-domain telecom identity inventories</strong> Track <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">SIM cards, boxes, rental sites</a>, and carrier accounts in one correlation view so rotating identities cannot hide behind physical fragmentation.</li>
<li><strong>Flag high-turnover subscriber patterns</strong> Detect rapid reuse, unusual rotation density, and coordinated traffic bursts across many numbers rather than relying on single-number thresholds.</li>
<li><strong>Link fraud telemetry to resilience planning</strong> Include swatting, mass calling, and emergency communications disruption scenarios in business continuity and public-safety playbooks.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full article covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The site-by-site breakdown of how the SIM farm was distributed across five residential locations.</li>
<li>The investigative detail behind the swatting calls that led the Secret Service to the operation.</li>
<li>The equipment smuggling and concealment methods that helped the operators avoid attention.</li>
<li>The specific law-enforcement and criminal indicators found at the sites, including related activity and seized material.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/nyc-sim-farm-bust-demonstrates-major-threat-to-mobile-networks/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' analysis of the New York SIM farm and mobile network risk →</a></strong></p>
<p><em>SIM farms and mobile network disruption: what practitioners need to know?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/sim-farms-and-mobile-network-disruption-what-practitioners-need-to-know/</guid>
                    </item>
				                    <item>
                        <title>Browser prompt injection attacks: are your LLM controls keeping up?</title>
                        <link>https://nhimg.org/community/nhi-breaches/browser-prompt-injection-attacks-are-your-llm-controls-keeping-up/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:14 +0000</pubDate>
                        <description><![CDATA[TL;DR: Browser-based prompt injection can turn a single malicious or hijacked extension into a covert data theft path for ChatGPT, Google Gemini, and other LLM-connected tools, according to ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Browser-based prompt injection can turn a single malicious or hijacked extension into a covert data theft path for ChatGPT, Google Gemini, and other LLM-connected tools, according to Swarmnetics. The practical problem is not the model alone but the browser permissions and connected data sources that let attackers read, log, and erase sensitive content without obvious detection.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics: Browsers are Wide Open to LLM Prompt Injection Attacks</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-control-browser-prompt-injection-risk-in-llm-tools/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams control browser prompt injection risk in LLM tools?</a></strong></p>
<p><strong>A:</strong> Start by treating browser extensions, connector permissions, and session telemetry as a single control surface.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-cryptographic-changes-matter-to-iam-and-nhi-programmes/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do cryptographic changes matter to IAM and NHI programmes?</a></strong></p>
<p><strong>A:</strong> IAM and NHI programmes rely on certificates, signing keys, and token trust to establish who or what is authenticated.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-extensions-can-issue-hidden-prompts-to-llms/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when extensions can issue hidden prompts to LLMs?</a></strong></p>
<p><strong>A:</strong> Auditability breaks first, because background interactions can erase the user-visible trail by deleting chats or hiding activity in tabs.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Inventory and approve browser extensions</strong> Maintain a living inventory of extensions allowed on endpoints that access GenAI tools, and remove anything that no longer has a clear business need.</li>
<li><strong>Restrict LLM connector scope</strong> Limit which mail, document, messaging, and contact sources an LLM can reach, then <a href="https://nhimg.org/meta-ai-instagram-account-takeover-20225-accounts-hijacked-via-ai-support-chatbot?utm_source=nhimg&amp;utm_medium=NHIForum">review connector permissions</a> as part of access recertification.</li>
<li><strong>Monitor DOM and extension behaviour</strong> Add telemetry for unusual DOM interaction patterns, <a href="https://nhimg.org/nhi-lifecycle-management-guide?utm_source=nhimg&amp;utm_medium=NHIForum">background tab activity</a>, and repeated prompt execution from the same extension.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics's full article covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Proof-of-concept attack flow showing how a malicious extension injects commands into ChatGPT and Google Gemini sessions.</li>
<li>Specific examples of how browser history and chat cleanup can hide the evidence trail after exfiltration.</li>
<li>Discussion of DOM permission abuse and why existing browser trust models fail to flag the behaviour.</li>
<li>Practical monitoring ideas for teams that need to validate browser-to-LLM interactions in their own environment.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/browsers-are-wide-open-to-llm-prompt-injection-attacks/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics's analysis of browser prompt injection attacks on LLMs →</a></strong></p>
<p><em>Browser prompt injection attacks: are your LLM controls keeping up?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/browser-prompt-injection-attacks-are-your-llm-controls-keeping-up/</guid>
                    </item>
				                    <item>
                        <title>ToolShell in SharePoint Server: what IAM and security teams need to act on</title>
                        <link>https://nhimg.org/community/nhi-breaches/toolshell-in-sharepoint-server-what-iam-and-security-teams-need-to-act-on/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:06 +0000</pubDate>
                        <description><![CDATA[TL;DR: ToolShell, a CVE-2025-53770 zero-day in on-premises SharePoint Server, enables unauthenticated remote code execution and is already being exploited in the wild, according to SentinelO...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> ToolShell, a CVE-2025-53770 zero-day in on-premises SharePoint Server, enables unauthenticated remote code execution and is already being exploited in the wild, according to SentinelOne. The real lesson is that internet-facing application servers can become identity-adjacent footholds for lateral movement before traditional access controls or patch cycles catch up.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by SentinelOne: ToolShell, the critical SharePoint Server zero-day affecting on-premises deployments</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-a-sharepoint-zero-day-gives-unauthenticated-remote-code-executi/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when a SharePoint zero-day gives unauthenticated remote code execution?</a></strong></p>
<p><strong>A:</strong> The login boundary breaks first, because the attacker does not need credentials to execute code on the server.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-internet-facing-collaboration-servers-increase-lateral-movement-risk/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do internet-facing collaboration servers increase lateral movement risk?</a></strong></p>
<p><strong>A:</strong> They often sit between users, content, and internal services, so a single exploit can expose more than the application itself.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-teams-know-whether-sharepoint-exploitation-has-already-happened/?utm_source=nhimg&amp;utm_medium=NHIForum">How do teams know whether SharePoint exploitation has already happened?</a></strong></p>
<p><strong>A:</strong> Look for file writes in high-risk application directories, web shell indicators, unusual child processes from the IIS worker process, and suspicious compiler activity.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Isolate public SharePoint exposure immediately</strong> <a href="https://nhimg.org/52-non-human-identity-breaches?utm_source=nhimg&amp;utm_medium=NHIForum">Remove on-premises SharePoint servers</a> from direct public access where business design allows it, and place compensating controls around any unavoidable exposure.</li>
<li><strong>Enable AMSI in full mode and verify detection coverage</strong> Confirm that Antimalware Scan Interface integration is active in full mode and that endpoint protection can inspect SharePoint execution paths.</li>
<li><strong>Run retroactive threat hunting on SharePoint telemetry</strong> Search for web shell artifacts, unusual IIS worker process children, compiler activity, and file writes in the <a href="https://nhimg.org/52-non-human-identity-breaches?utm_source=nhimg&amp;utm_medium=NHIForum">LAYOUTS directory</a>.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>SentinelOne's full post covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Specific platform detection rules for web shell creation and suspicious SharePoint worker-process activity.</li>
<li>IOC listings including hashes and attacker IP addresses for use in SIEM, EDR, and threat hunting.</li>
<li>Implementation guidance for Singularity Vulnerability Management users who need environment-specific scoping.</li>
<li>The technical breakdown of the spinstall0.aspx execution traces and related exploit indicators.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.sentinelone.com/blog/defending-against-toolshell-sharepoints-latest-critical-vulnerability/?utm_source=nhimg&amp;utm_medium=NHIForum">Read SentinelOne's analysis of ToolShell exploitation in SharePoint Server →</a></strong></p>
<p><em>ToolShell in SharePoint Server: what IAM and security teams need to act on?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/toolshell-in-sharepoint-server-what-iam-and-security-teams-need-to-act-on/</guid>
                    </item>
				                    <item>
                        <title>Social Security data on cloud servers: what controls are missing?</title>
                        <link>https://nhimg.org/community/nhi-breaches/social-security-data-on-cloud-servers-what-controls-are-missing/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:01 +0000</pubDate>
                        <description><![CDATA[TL;DR: A whistleblower report says a live copy of NUMIDENT, the Social Security database, was moved into a private cloud testing environment, creating alleged risk around access oversight, a...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> A whistleblower report says a live copy of NUMIDENT, the Social Security database, was moved into a private cloud testing environment, creating alleged risk around access oversight, approval rigor and catastrophic misuse even though no breach has been reported, according to Swarmnetics. The issue is not only location but governance: sensitive identity data without independent monitoring turns a test environment into an accountability problem.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics: DOGE whistleblower report on cloud handling of Social Security data</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-fails-when-a-live-identity-dataset-is-copied-into-a-cloud-test-environment/?utm_source=nhimg&amp;utm_medium=NHIForum">What fails when a live identity dataset is copied into a cloud test environment?</a></strong></p>
<p><strong>A:</strong> The main failure is governance continuity.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-large-personal-identity-datasets-create-more-risk-than-ordinary-test-data/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do large personal identity datasets create more risk than ordinary test data?</a></strong></p>
<p><strong>A:</strong> Because they combine persistent identifiers with biographical detail that can support fraud, impersonation and account takeover.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-security-teams-know-if-cloud-access-to-sensitive-identity-data-is-actuall/?utm_source=nhimg&amp;utm_medium=NHIForum">How do security teams know if cloud access to sensitive identity data is actually controlled?</a></strong></p>
<p><strong>A:</strong> Look for named ownership, role-scoped access, immutable logs, periodic access reviews and evidence that the environment is verified after every data move.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Define clone-handling rules for sensitive identity datasets</strong> Require written approval criteria, purpose limitation and expiry for any copied population-scale identity dataset in a test environment.</li>
<li><strong>Apply least-privilege access to cloud test copies</strong> Restrict access to named roles, remove broad admin browsing rights and verify that <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">every access path is logged</a> and reviewable.</li>
<li><strong>Mask or tokenise identity data before testing</strong> Use <a href="https://nhimg.org/52-non-human-identity-breaches?utm_source=nhimg&amp;utm_medium=NHIForum">masked subsets, tokenisation or synthetic records</a> unless the business case explicitly requires real personal data.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full article covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The whistleblower framing and the sequence of approvals around the NUMIDENT copy.</li>
<li>The specific federal statutes and policy concerns raised by SSA officials.</li>
<li>The agency-level debate over who can monitor access to the testing environment.</li>
<li>The potential worst-case impact model if the dataset were exposed or misused.</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/doge-whistleblower-report-lambastes-risk-created-by-live-copy-of-social-security-data-on-cloud-server/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' report on the cloud handling of Social Security data →</a></strong></p>
<p><em>Social Security data on cloud servers: what controls are missing?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/social-security-data-on-cloud-servers-what-controls-are-missing/</guid>
                    </item>
				                    <item>
                        <title>ShinyHunters and Scattered Spider: what CRM trust gaps mean now</title>
                        <link>https://nhimg.org/community/nhi-breaches/shinyhunters-and-scattered-spider-what-crm-trust-gaps-mean-now/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:01 +0000</pubDate>
                        <description><![CDATA[TL;DR: Recent attacks on LVMH companies, Adidas, Qantas and Allianz Life suggest a repeatable path into local environments through a third-party CRM platform, with social engineering used to...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Recent attacks on LVMH companies, Adidas, Qantas and Allianz Life suggest a repeatable path into local environments through a third-party CRM platform, with social engineering used to enroll malicious tooling and reach connected systems such as Okta and Microsoft 365, according to Swarmnetics and Google Threat Intelligence Group. The pattern shows that delegated trust, not the CRM platform itself, is the weak point in many identity and access controls.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics covering the attribution debate between ShinyHunters and Scattered Spider: Have ShinyHunters and Scattered Spider Teamed Up? New Cyber Attack Attributions Paint a Complex Picture</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-handle-trust-decisions-in-saas-connected-app-workflows/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams handle trust decisions in SaaS connected-app workflows?</a></strong></p>
<p><strong>A:</strong> Security teams should treat connected-app approval as a privileged control point, not a user convenience feature.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-crm-and-saas-integrations-increase-lateral-movement-risk/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do CRM and SaaS integrations increase lateral movement risk?</a></strong></p>
<p><strong>A:</strong> Because one approved connection can extend identity trust across multiple systems, including SSO, collaboration, and data platforms.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-organisations-get-wrong-about-social-engineering-defence/?utm_source=nhimg&amp;utm_medium=NHIForum">What do organisations get wrong about social engineering defence?</a></strong></p>
<p><strong>A:</strong> They often treat it as an awareness problem instead of a workflow problem.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Harden connected-app approval workflows</strong> Require step-up verification for any new Data Loader, OAuth, or connected-app approval in CRM and adjacent SaaS platforms.</li>
<li><strong>Map downstream SaaS trust chains</strong> Inventory which identity platforms and collaboration tools inherit access from CRM systems, including Okta and Microsoft 365.</li>
<li><strong>Train staff on support impersonation patterns</strong> Educate employees with CRM or admin access about fake IT support calls, malicious connector prompts, and urgent code-sharing requests.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics' full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The article’s line-by-line attribution clues for why the attacks were initially misread as Scattered Spider activity</li>
<li>The attack sequence around Salesforce CRM access, malicious Data Loader trust establishment, and the eight-digit code workflow</li>
<li>The reasoning behind the hypothesis that ShinyHunters focused on exfiltration and private ransom negotiation rather than ransomware</li>
<li>The context on how contractor posture and English-language support impersonation factor into the intrusion chain</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/have-shinyhunters-and-scattered-spider-teamed-up-new-cyber-attack-attributions-paint-a-complex-picture/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics' analysis of the ShinyHunters and Scattered Spider attribution pattern →</a></strong></p>
<p><em>ShinyHunters and Scattered Spider: what CRM trust gaps mean now?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/shinyhunters-and-scattered-spider-what-crm-trust-gaps-mean-now/</guid>
                    </item>
				                    <item>
                        <title>ForcedLeak and Agentforce: what this means for AI agent governance</title>
                        <link>https://nhimg.org/community/nhi-breaches/forcedleak-and-agentforce-what-this-means-for-ai-agent-governance/</link>
                        <pubDate>Tue, 14 Jul 2026 18:08:01 +0000</pubDate>
                        <description><![CDATA[TL;DR: Salesforce patched the ForcedLeak flaw in Agentforce after researchers showed that indirect prompt injection could exfiltrate CRM data through a whitelisted domain, with exploitation ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Salesforce patched the ForcedLeak flaw in Agentforce after researchers showed that indirect prompt injection could exfiltrate CRM data through a whitelisted domain, with exploitation enabled by an expired allowlisted domain and Web-to-Lead workflows. The incident shows that approval boundaries and input trust assumptions collapse when generative systems execute instructions from untrusted content.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Swarmnetics covering the ForcedLeak vulnerability in Salesforce Agentforce</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>ForcedLeak was discovered and published in July 2025, and assigned a <a href="https://swarmnetics.com/blog/forcedleak-vulnerability-in-agentforce-platform-addressed-by-salesforce/?utm_source=nhimg&amp;utm_medium=NHIForum">CVE score of 9.4</a> given its potential severity.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-reduce-indirect-prompt-injection-risk-in-ai-systems/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams reduce indirect prompt injection risk in AI systems?</a></strong></p>
<p><strong>A:</strong> Security teams should limit what AI systems can read, separate untrusted content from privileged actions, and apply least privilege to every connected agent.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-allowlisted-domains-increase-risk-in-ai-agent-workflows/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do allowlisted domains increase risk in AI agent workflows?</a></strong></p>
<p><strong>A:</strong> Allowlisted domains can become trusted delivery channels for exfiltration when an agent is allowed to send data outward without strong destination governance.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-security-teams-get-wrong-about-prompt-guardrails/?utm_source=nhimg&amp;utm_medium=NHIForum">What do security teams get wrong about prompt guardrails?</a></strong></p>
<p><strong>A:</strong> Teams often treat prompt guardrails as if they were authorisation controls, but they are only one layer of defence.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Isolate untrusted inputs from action-capable agents</strong> Route lead submissions and other external content through a non-executing validation layer before any agent can interpret or act on them.</li>
<li><strong>Review allowlisted domains as identity assets</strong> Check which approved domains can receive agent output, who owns them, and whether <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">expired or third-party-controlled destinations</a> still exist in the trust boundary.</li>
<li><strong>Require manual review before external transmission of CRM data</strong> Block any workflow that lets an agent send customer or lead records outside the environment without a human review step.</li>
</ul>
<h2>What's in the full analysis</h2>
<p>Swarmnetics's full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Step-by-step explanation of how the Web-to-Lead workflow became an exfiltration path</li>
<li>Technical discussion of why the expired allowlisted domain enabled the attack</li>
<li>Vendor guidance on input validation, manual review, and email tool restrictions</li>
<li>The CVE context and patching details for Agentforce and Einstein AI</li>
</ul>
<p>&#x1f449; <strong><a href="https://swarmnetics.com/blog/forcedleak-vulnerability-in-agentforce-platform-addressed-by-salesforce/?utm_source=nhimg&amp;utm_medium=NHIForum">Read Swarmnetics's analysis of the ForcedLeak Agentforce vulnerability →</a></strong></p>
<p><em>ForcedLeak and Agentforce: what this means for AI agent governance?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/"></category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/nhi-breaches/forcedleak-and-agentforce-what-this-means-for-ai-agent-governance/</guid>
                    </item>
							        </channel>
        </rss>
		