Compliance

Belgian DPA fines tech company €176,946.61 for unlawfully retaining contractor's email account after departure.

Industry develops verification standards for autonomous AI agents operating in enterprise systems.

Hungarian DPA fines university HUF 1.5M for excessive data processing in dormitory admissions.

Dutch DPA fines Uber €10M for lacking transparency and failing data subject rights access.

Austrian court upholds DPA order requiring ORF to redesign cookie banner for equal consent options.

Dutch DPA finds Yango app unlawfully transferred EEA user data to Russia without proper safeguards

French Supreme Administrative Court strikes down ARCOM copyright enforcement decree for lacking GDPR safeguards on

Spain's AEPD fined sports retailer €120K for data breach affecting 300K+ people

Austrian court upholds DPA order requiring ORF to redesign cookie banner with equivalent consent options.

Microsoft patches 137 vulnerabilities including 30 critical; Adobe addresses 52 vulnerabilities with 27 critical in May

Austrian court upholds DPA order requiring ORF to redesign cookie banner with balanced consent options.

MBet Brazilian betting platform allegedly breached exposing 200K+ KYC docs and 300K+ PII records

Netherlands DPA finds GDPR violations in data transfers to Russia via inadequate safeguards

German appeals court partially upholds GDPR data subject rights against social media company tracking via third-party

Netherlands DPA fines Yandex €100M for unlawful data transfers to Russia without adequate safeguards.

Dutch DPA fines Yango €100M for unlawful data transfers to Russia without safeguards.

GM settles $12.75M California CCPA violation over illegal sale of drivers' location and behavior data.

Password resets alone don't remove attackers from AD; cached credentials and Kerberos tickets enable persistence.

Purple team security model fails due to process friction, tool fragmentation, and inability to match AI-powered

AEPD fines Spanish sports retailer €120K for data breach affecting 300K+ customers

Google Chrome silently installs 4GB Gemini Nano AI model without user consent.

QA and test environments pose production-grade security risks through misconfigurations and excessive permissions.

Austrian court rules company violated GDPR by recording client conversation without prior informed consent.

FTC bans data broker Kochava from selling location data without explicit consumer consent.

SCA tools miss vulnerabilities in EOL software; 5.4M EOL package versions lack CVE coverage.

Spanish Supreme Court upholds GDPR data minimisation ruling against penitentiary authority over excessive medical data

LinkedIn paywalls GDPR Article 15 access to profile visitor data despite monetizing it.

Disney deploys face recognition at Disneyland; NSA tests Anthropic's Mythos AI tool; Scattered Spider member arrested.

Questrade breach exposes 186,515 investor records offered for sale by ijpys.

Finland DPA reprimands insurance company for e-invoice system lacking check digit verification, exposing customer data

noyb sues Hamburg DPA for inaction against PimEyes facial recognition engine collecting billions of biometric data.

Spanish DPA fines bank €400K for CCTV access via shared credentials violating GDPR Article 32.

Italian DPA fines Poste Italiane and PostePay €12.5M for unlawful malware detection data collection.

Belgian DPA fines employer €8,500 for unlawfully retaining former employee email and accessing private communications.

French court upholds €40M GDPR fine against Criteo for cookie consent violations.

CNIL fines Mobius Solutions €1M for data retention, unauthorized processing, and record-keeping failures.

Italian DPA fines Poste Italiane and PostePay €12.5M for unlawful malware detection data processing.

Spain's AEPD fined EVO Banco €240K for API vulnerability causing 1.27M data breach.

Cyber insurance data links security failures to financial losses, helping CISOs justify budgets to boards.

CNIL fines American Express Carte France €1.5M for cookie consent violations.

German court rules payment service illegally processed sensitive health and sexual data without lawful basis.

Spain's AEPD fines EVO Banco €240K for API vulnerability exposing 1.27M customers' data.

Italian DPA fines Italian Post and PostePay for unlawful device data access via Bancaposta and PostePay apps.

82 Chrome extensions found selling user data to third parties, affecting 6.5M users.

Italian DPA fines Ediscom €300K for GDPR violations in marketing data collection.

Italian DPA fines Poste Italiane and PostePay €12.5M for GDPR violations in device data collection.

Spanish DPA fines bank €400K for CCTV system shared credentials violating GDPR Article 32.

US launches crackdown on Southeast Asian cyberscam operations, sanctions Cambodian senator and 28 others.

Microsoft rolls out Entra passkeys on Windows in late April for phishing-resistant authentication.

DORA Article 9 mandates credential management and MFA for EU financial institutions.