Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

EU Lays Out AI Code of Practice to Guide Companies on Compliance

By Kim S. Nash
 

Hello. The European Union said it published the final version of a voluntary code of practice for general-purpose artificial intelligence that is meant to make it easier for companies to comply with AI legislation in the bloc.

The EU's AI Act bans certain uses of AI, rolls out new transparency guidelines and requires risk assessments for AI systems that are deemed high-risk. Companies that breach the law risk fines of up to 7% of their annual global revenue. Read the full story.

More news below, along with our weekly Executive Insights from across WSJ Pro. 
 

‏‏‎ ‎
CONTENT FROM: Zscaler
Why Ransomware is Winning Despite Billions Spent on Security

Zscaler CEO Jay Chaudhry shares insights on how embracing Zero Trust AI stops ransomware at all four stages of an attack. Like a bank robbery, ransomware attacks find weaknesses, break in, move laterally, and steal or encrypt data. Attacks succeed because companies rely on firewalls as their primary defense. Firewalls expose public IPs, inviting attacks. Take back control of your security.

Watch Now

 

More Cyber News

PHOTO: CHRIS RATCLIFFE/BLOOMBERG NEWS

Arrests in retail hacking spree: U.K. police arrested four people—all under age 21—in connection with April cyberattacks on Marks & Spencer and other retailers. The suspects were arrested at their homes and the investigation continues, Britain's National Crime Agency said Thursday. 

Related from WSJ: M&S Expects $400 Million Hit From Hack

Haveli Investments, a private-equity shop, raked in $4.5 billion for its first main buyout fund before closing the vehicle, according to people familiar with the matter. The firm is targeting providers of software to specific industries as well as tech that can be used across multiple sectors, infrastructure applications and cybersecurity services. (WSJ) 

Hiring bot easily hacked: McDonald's blamed AI provider Paradox.ai for building it a vulnerable hiring bot that security researchers broke into with obvious passwords. (Wired)

Cardiac-device company Artivion is notifying an undisclosed number of current and former employees that their or their families' personal, direct-deposit and health-insurance information was breached in a November cyberattack. The incident disrupted ordering, shipping and some corporate functions. 
61%

Percentage of 858 local election officials surveyed by the Brennan Center for Justice who are concerned about the Trump administration's cuts to the U.S. Cybersecurity and Infrastructure Security Agency.

Eighty-one percent said they are concerned about false information about elections spreading on social media.

Related from WSJ Pro: Top U.S. Cyber Agency Faces Staff and Funding Cuts in New Budget
 

Regulation & Enforcement

PHOTO: MARTIN BUREAU/AFP/GETTY IMAGES

Ireland's data-privacy watchdog is investigating TikTok over where the Chinese company stores the data of European users. TikTok owner ByteDance said recently that some European data was temporarily put on servers in China and has since been deleted. (Reuters)

A civilian employee of the U.S. Air Force pleaded guilty Thursday to conspiring to send classified information related to Russia's war in Ukraine to someone on a foreign online dating service in 2022, the Justice Department said. The man, facing up to 10 years in prison, is due to be sentenced on Oct. 8.

A Russian man was sentenced to three years in prison in the Netherlands for violating international sanctions by sharing files from Dutch chip-machine maker ASML with someone in Russia. (Associated Press)
 

Executive Insights

Our weekly roundup of stories from across WSJ Pro that we think you'll find useful
  • A failed GOP effort to block a jumble of state AI privacy and security laws has tech companies calling for consistent standards.
  • The private-equity industry has almost all the pieces in place to start managing Americans’ 401(k) money—everything but the customers.
  • Some creators say their work has been wrongly tagged as AI on tech platforms, hurting their reputation, while some all-artificial ads get through undisclosed.

‘Vibe Coding’ Has Arrived for Businesses: It’s never been easier to create your own app with vibe coding. Now, professional software engineers are bringing it into the enterprise.
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe