Italian Regulator Fines National Postal Service Orgs $15 Million for Data Privacy Violations
Italy’s data protection authority fined Poste Italiane and its digital‑payments subsidiary Postepay a total of €12.5 million ($14.7 million) for privacy breaches. The regulator said the Postepay and BancoPosta apps forced users to authorize invasive monitoring of device data, including installed applications, to detect malware. Poste Italiane argued the measures were needed for fraud prevention, but the authority found the data collection excessive, insufficiently disclosed, and retained too long. The penalties split into €6.6 million ($7.8 million) for Poste Italiane and €5.9 million ($7 million) for Postepay.
Crypto Infrastructure Company Blames $290 Million Theft on North Korean Hackers
Crypto infrastructure firm LayerZero says a North Korean hacking group, TraderTraitor, stole nearly $290 million from the Kelp platform by exploiting a single‑verifier (DVN) setup. The attackers minted counterfeit rsETH tokens without collateral, used them as loan collateral on platforms like...
Cyberattack at French Identity Document Agency May Have Exposed Personal Data
France’s National Agency for Secure Documents (ANTS) suffered a cyberattack on its portal that manages passports, ID cards, residence permits and driver’s licences. The breach, detected on April 15, may have exposed login credentials, names, email addresses, dates of birth and...
Ransomware Attack Continues to Disrupt Healthcare in London Nearly Two Years Later
In June 2024 a Qilin‑linked ransomware attack on Synnovis crippled blood‑testing services across South East London, forcing hospitals to cancel surgeries and postpone thousands of appointments. More than 18 months later South London and Maudsley NHS Foundation Trust (SLaM) still...
Ukraine Confirms Suspected APT28 Campaign Targeting Prosecutors, Anti-Corruption Agencies
Ukrainian officials confirmed that a Russian‑linked APT28 campaign has compromised more than 170 email accounts belonging to prosecutors and investigators. The attacks exploited a zero‑day in the open‑source Roundcube webmail platform, allowing code execution simply by opening an email. CERT‑UA...
In Defeat for Trump, House Extends Electronic Spying Program for Just 10 Days
The U.S. House approved a stopgap measure extending the warrantless Section 702 surveillance authority for just 10 days, after a failed effort by President Trump and GOP leaders to secure an 18‑month clean reauthorization. The Senate quickly passed the short‑term extension...
Cargo Thieving Hackers Running Sophisticated Remote Access Campaigns, Researchers Find
Proofpoint researchers observed sophisticated cybercriminal campaigns infiltrating load‑board platforms used by trucking and logistics firms. After compromising a load board, the attackers deployed six remote‑access tools, including four ScreenConnect instances, and leveraged a novel "signing‑as‑a‑service" to auto‑sign malware with trusted...
Ukrainian Emergency Services and Hospitals Hit by Espionage Campaign Using New AgingFly Malware
Ukrainian hospitals, emergency services and municipal authorities have been hit by a coordinated espionage campaign using a new malware suite dubbed AgingFly. The attacks, attributed to the Russian‑linked APT28 group, began with phishing emails masquerading as humanitarian‑aid proposals and delivered...
NIST to Limit Work on CVE Entries as Submissions Surge
The National Institute of Standards and Technology (NIST) announced it will limit enrichment of CVE entries to those meeting a new risk‑based threshold, ending its practice of adding details to every vulnerability. Submissions in the first quarter of 2026 are...
New ‘JanaWare’ Ransomware Targeting Turkish Citizens as Cybercriminal Ecosystem Fragments
Acronis has identified a new ransomware strain called JanaWare that exclusively targets computers in Turkey by checking system locale and IP geolocation. The malware, delivered mainly through phishing emails with malicious Java archives, demands low ransoms of roughly $200 to...
Russia Appears to Block Social Media Platform Bluesky Amid Wider Internet Restrictions
Russia’s communications watchdog Roskomnadzor has added the decentralized social network Bluesky to its registry of banned websites, extending a crackdown that has already targeted Telegram, WhatsApp, Discord, Signal and Viber. The move comes as the Kremlin tightens online controls amid...
Hack at Dutch Gym Chain Basic-Fit Exposes Customer Data in Several EU Countries
Dutch gym chain Basic‑Fit confirmed a cyber‑attack that led to the unauthorized download of personal data belonging to roughly 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany. The compromised information includes names, contact details, dates of birth,...
Senator Launches Inquiry Into 8 Tech Giants for Failures to Adequately Report CSAM
Senate Judiciary Committee chair Chuck Grassley has opened a congressional inquiry into eight major tech firms—Meta, Amazon AI Services, TikTok, Snapchat, Discord, X.AI, Grindr and Roblox—over alleged failures to provide complete child sexual abuse material (CSAM) reports to the National...
UK Government Threatens Tech Bosses with Jail Time if They Do Not Adequately Fight Nudification Tools
The UK government has tabled an amendment to its crime bill that would imprison tech executives who fail to remove non‑consensual intimate images from their platforms. The move follows the Grok scandal, which saw millions of "nudified" photos of women...
Russia Accuses Former Radio Free Europe Journalist of Aiding Cyberattacks for Ukraine
Russian Federal Security Service detained a former freelance journalist who contributed to Radio Free Europe, accusing him of treason for allegedly passing information to Ukraine that facilitated cyberattacks on Russian targets. The suspect reportedly joined a Telegram channel run by...