Free trial
For a Limited Time — Try it Free for Two Weeks
Full access. Card required. Starting at $149/mo. after trial. Cancel anytime.
Tracking all new major AI, data, privacy, and cybersecurity legal developments for you.
No noise. No gaps. Just the intelligence attorneys need.
Plans starting at $149/mo. No commitment required.
Built by an Attorney. Reviewed by an Attorney. Built for Attorneys.
Jan. 1, 2026 through today (newest to oldest)
More from the digest
Summary
Summary
Summary
Summary
The digests under each category are attorney reviewed and confirmed. You can view results by category as well as by subcategory under each law category.
Jurisdiction
Search
Summary
Cybersecurity and Infrastructure Security Agency — Addition of One Known Exploited Vulnerability to the KEV Catalog (June 16, 2026): CVE-2026-48907 (Widget Factory Joomla Content Editor)
Plain English
Cybersecurity law
On June 16, 2026, CISA added one actively exploited vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-48907, an improper access control flaw in the Widget Factory Joomla Content Editor (JCE), a content-editor extension for the Joomla CMS. The vulnerability allows the upload and execution of PHP code through the creation of new editor profiles for unauthenticated users, enabling remote code execution on affected sites. Listing in the KEV Catalog reflects evidence of active exploitation in the wild and triggers binding remediation obligations for Federal Civilian Executive Branch (FCEB) agencies, while serving as a priority-patching signal for private industry; the JCE developer has issued a security update and patch. Under Binding Operational Directive (BOD) 26-04, which updates BOD 22-01, federal agencies must rapidly remediate KEV-listed vulnerabilities on publicly exposed assets within the catalog's prescribed timelines, follow BOD 26-04 cloud-service guidance, or discontinue use of the product where mitigations are unavailable.
Contextual review
Cybersecurity law
CISA KEV Catalog addition issued June 16, 2026, adding CVE-2026-48907 (Widget Factory Joomla Content Editor — improper access control; unauthenticated creation of editor profiles permitting upload/execution of PHP code / remote code execution). The catalog operates under Binding Operational Directive (BOD) 26-04, "Prioritizing Security Updates Based on Risk," which updates and reinforces the BOD 22-01 framework and requires Federal Civilian Executive Branch agencies to remediate KEV-listed CVEs on publicly exposed assets per the directive's deadlines (or follow cloud-service guidance / discontinue the product if mitigations are unavailable). Authority derives from 44 U.S.C. ch. 35 (FISMA) and 6 U.S.C. § 659. Recorded as guidance; operative compliance obligation flows from BOD 26-04 as a binding directive on FCEB agencies. Cross-references: JCE vendor advisory (joomlacontenteditor.net) and NVD record (nvd.nist.gov/vuln/detail/CVE-2026-48907).
Always verify this source before using it or citing it in legal work
See what changed in your focus areas without manually checking dozens of sources each morning.
Follow the jurisdictions you care about in one workspace. Each digest entry is attorney-reviewed.
Surface high-signal items so your team spends less time sorting noise and more time on analysis.
Align technical, privacy, and security teams with a shared view of the legal environment.
Founder
Bradley J. Martineau · Pennsylvania Attorney · AI Governance Author
Docket Daily was built by an attorney who lived the problem firsthand. Brad is a Pennsylvania-licensed lawyer, Amazon best-selling AI governance author, and the only person in legal tech who built this platform because no adequate tool existed. Every design decision comes from real legal and AI governance experience — not engineering assumptions.
“You're already paying for the library. Docket Daily is the attorney who researches and reads everything overnight and has the well-organized briefing ready when you arrive.” — Bradley J. Martineau, Founder & Attorney
Included with every plan
A structured Tuesday briefing — Top 5 scored highlights, trending states, and every qualifying federal and state development from the past seven days, organized by instrument type and jurisdiction.
Published each Tuesday by email. Included with Essential, Professional, and Enterprise plans.
Versus general-purpose AI
General AI tools like ChatGPT and Claude are powerful, but they can't do what Docket Daily does.
No real-time awareness. AI chatbots have knowledge cutoffs and no access to bills introduced yesterday, rulings issued this morning, or executive orders signed this week.
No daily source coverage. Replicating Docket Daily manually means checking hundreds of sources daily. All 50 state legislatures, Congress, the Federal Register, federal and state courts, and all 50 governors' offices. Nobody does it as comprehensively.
Citation hallucination risk. Studies show leading legal AI tools hallucinate citations up to 33% of the time. Every Docket Daily entry links directly to the verified official government source.
No structured intelligence. A chatbot returns a wall of text. Docket Daily gives you a searchable, filterable brief with attorney-confirmed pillar tags, jurisdiction, and quality signals—ready for client briefings.
Docket Daily doesn't compete with AI. It pairs carefully crafted automation with verified government sources and attorney review that confirms how each item maps to AI, Data, Privacy, and Cybersecurity law plus safeguards a general chatbot was never built to offer.
Already have Westlaw? LexisNexis? Harvey?
When you run a keyword alert on Westlaw or LexisNexis, you are still doing the work and deciding what to search, building the right query, and reading every result to separate signal from noise. Alerts fire on whatever their crawlers index, which is far weaker for state administrative rulemaking, governor executive orders, and proposed legislation than it is for published case law. The fatal flaw of keyword alerts is unknown unknowns.
Harvey is in a different category entirely. Harvey answers questions you ask. Docket Daily surfaces what you need to know before you know you need it. Reactive research and proactive monitoring are fundamentally different jobs.
A library. The best research tools ever built — for looking things up when you have a question. Not built for watching.
AI research assistants. Brilliant at answering questions you ask. Silent on everything you didn't know to ask about.
Proactive legal intelligence. 2,800+ sources. All 50 states, D.C. & Federal. All attorney-reviewed.
A focused stream of new proposed bills, statutes, regulations, court opinions, and executive orders (all 50 states, D.C., and federal). attorney confirmed.
Proposed bills and laws surfaced through structured and attorney trained AI agents that ingest from official governmental sources and are scoped to the four legal pillars Docket Daily covers.
Federal Register final rules, proposed rules, and NPRMs, plus direct monitoring of CISA (KEV, Directives, Advisories), FTC enforcement orders, OMB memoranda, NIST AI and cybersecurity publications, SEC cybersecurity enforcement, HHS/OCR HIPAA settlements, TSA Security Directives, FDA AI/ML medical device guidance, and DOJ data security program publications. State regulatory coverage includes the California Privacy Protection Agency (CPPA), New York DFS, and NAIC alongside 50-state AG enforcement actions.
Recent opinions from the U.S. Supreme Court, every federal circuit, every federal district court, and U.S. Bankruptcy Courts, plus every state supreme and appellate court opinion.
Presidential executive orders and Governor executive orders from all 50 states.
Find instruments quickly by term search, jurisdiction, and/or law category.
Before anything reaches a subscriber's digest, an attorney reviews each entry while automated passes and attorney-written and trained criteria narrow the funnel first.
After pillar placement is attorney-confirmed, then Plain English and Contextual Summaries are written for each applicable pillar - AI, Data, Privacy, and Cybersecurity.
Professional and Enterprise subscribers can export full PDF summaries by practice area or individual entry.
Subscription and account tools suitable for small teams through larger groups with shared access models.
Headlines and links from a leading news outlet on AI, Data, Privacy, and Cybersecurity giving you the up to date news context to pair with the primary legal sources.
Docket Daily tracks governance, compliance, and regulatory law. The rules that determine what organizations must do, disclose, and avoid when building and deploying technology. We monitor proposed legislation, enacted statutes, administrative regulations, executive orders, and court decisions that create legal obligations for businesses, government agencies, and technology developers. We do NOT track general criminal enforcement actions, routine civil litigation, or court decisions where technology appears incidentally in an otherwise unrelated legal matter.
SEE IT IN ACTION
