In Case You Missed It: Intel Gets a Hand Up from U.S. Government, Apple Patches Zero Day, Enterprise Risk Gets Redefined

The U.S. government says it will help bail out Intel with $10 billion for a 10 percent equity stake in the company, while Apple patched yet another zero-day and insurers look for ways to reduce their liability with so-called CVE-exclusion clauses.

Intel Gets a Hand from the U.S. Government

The U.S. government will take a 10 percent equity stake in Intel, valued at roughly $10 billion, in an attempt to rescue the venerable chipmaker, which has struggled for some time to find its footing. After calling for Intel CEO Lip-Bu Tan to step down just a two weeks ago, President Trump changed his mind following a meetup in Washington. Commerce Secretary Howard Lutnick call the agreement historic and said it would “strengthen U.S. leadership in semiconductors,” helping to “secure America’s technological edge.”

CISA Offers Updated SBOM Guidance Draft for Comment

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its guide for software bills of material (SBOMs)—and the draft is now ready for public comment. Additional data fields such as hash and tool name are included in the SBOM Minimum Elements draft, as well modifications to sections like automation support. On release, CISA Acting Executive Assistant Director for Cybersecurity Chris Butera said, “This voluntary guidance will empower federal agencies and other organizations to make risk-informed decisions, strengthen their cybersecurity posture, and support scalable, machine-readable solutions. We encourage members of the public to review this guidance and provide comment on how we can improve this list of minimum elements.” Deadline for comments is October 3.

Apple Patches Yet Another Zero-Day

Apple has patched a zero-day vulnerability that it said may have been exploited in “an extremely sophisticated attack against specific, targeted individuals.” The flaw, CVE-2025-43300, is in Apple’s ImageIO framework and puts iOS, iPadOS and macOS at risk. “Processing a malicious image file may result in memory corruption,’ the company said in its alert. Apple employees, not outside researchers, found the vulnerability. It is the most recent zero-days that the company has disclosed since the beginning of the year.

And Speaking of CVEs…Insurers Say Patch or Face Smaller Payouts If They’re Exploited

Insurers are signaling they just might not payout top dollar to organizations that have failed to patch old vulnerabilities or have outdated, insufficient security that gets exploited by bad actors. These “CVE exclusion” clauses are in their nascency and insurers are still mulling how to hold organizations they cover more accountable, perhaps using a sliding scale for payouts. The clauses have met with pushback from organizations and most insurers.

AI and Low-Code Are Redefining Enterprise Risk

As organizations have embraced low-code and AI-driven development to speed software development, they have relinquished centralized control in the name of agility. The shift was very subtle. Currently, to manage decentralized risk, enterprises require governance that adapts to two key factors: context and impact. A retail chatbot and a core payments system should not undergo the same level of compliance scrutiny, but both should be subject to governance. Adaptive governance involves evaluating risk at the feature level, rather than the platform level. It means giving teams the tools and frameworks to make smart decisions in real-time, without reverting to the command-and-control model.