Policy

Belgian DPA fines tech company €176,946.61 for unlawfully retaining contractor's email account after departure.

Uruguay's DNIC citizen database with 5.8M records allegedly leaked online.

INTERPOL Operation Ramz arrests 200+ individuals, seizes 53 malware and phishing servers across MENA region.

CISA administrator accidentally exposed AWS GovCloud credentials on GitHub.

White House cyber official: identity security remains critical defense against AI-powered attacks on federal networks.

50,000+ scanned Burkina Faso passport and ID records allegedly leaked online.

CISA adds CVE-2026-20182 Cisco SD-WAN authentication bypass to KEV Catalog as actively exploited.

Municipality of Agrinio breached; 28 databases exposed via SQL injection attack.

German national indicted for laundering $2M+ from defunct Dream Market darknet marketplace.

US House Committee demands briefing on Instructure Canvas data breach affecting 275M individuals

Hungarian DPA fines university HUF 1.5M for excessive data processing in dormitory admissions.

Dutch DPA fines Uber €10M for lacking transparency and failing data subject rights access.

Austrian court upholds DPA order requiring ORF to redesign cookie banner for equal consent options.

Dutch DPA finds Yango app unlawfully transferred EEA user data to Russia without proper safeguards

French Supreme Administrative Court strikes down ARCOM copyright enforcement decree for lacking GDPR safeguards on

Austrian court upholds DPA order requiring ORF to redesign cookie banner with equivalent consent options.

Siemens, Schneider Electric, and CISA publish May 2026 Patch Tuesday advisories for ICS vulnerabilities.

UK ICO fines water supplier £963,900 for 2020-2022 cyberattack exposing 664k customers.

Microsoft May 2026 Patch Tuesday fixes 120 flaws with 17 critical vulnerabilities, no zero-days.

Austrian court upholds DPA order requiring ORF to redesign cookie banner with balanced consent options.

German appeals court partially upholds GDPR data subject rights against social media company tracking via third-party

Netherlands DPA fines Yandex €100M for unlawful data transfers to Russia without adequate safeguards.

Dutch DPA fines Yango €100M for unlawful data transfers to Russia without safeguards.

Indonesian Ministry of Health data breach exposes 20 million antigen test records.

La Suite Numérique breach exposes 18M+ records from French government digital workspace.

CB Financial Services discloses material breach exposing customer names, SSNs, birthdates via unauthorized AI app.

ShinyHunters clearnet domain possibly seized by FBI.

German police shut down resurrected Crimenetwork marketplace; administrator arrested in Mallorca.

Two US men sentenced to 18 months for operating laptop farms enabling North Korean hackers to infiltrate 70+ US firms.

SecurityWeek roundup: US targets 72-hour patch cycles, PamDOORa Linux backdoor, CISA director frontrunner named.

CISA mandates four-day patch deadline for zero-day Ivanti EPMM flaw being actively exploited.

CISA adds BerriAI LiteLLM SQL injection vulnerability to Known Exploited Vulnerabilities catalog.

Former federal contractor convicted for destroying 96 government databases after termination.

Instructure Canvas suffers confirmed security breach; names, emails, student IDs, and messages compromised.

Two U.S. nationals sentenced to 18 months for hosting laptop farms enabling North Korean IT workers.

Two Americans sentenced to 18 months for running laptop farms enabling North Korean IT worker fraud at 70+ U.S. firms.

World Password Day 2026 report reveals default credentials remain the largest credential exposure vector despite

CISA adds CVE-2026-6973 Ivanti EPMM improper input validation flaw to KEV Catalog.

CISA launches CI Fortify program to help critical infrastructure operate independently for weeks during cyberattacks.

Latvian Karakurt ransomware negotiator sentenced to 8.5 years in US prison.

Spanish Supreme Court upholds GDPR data minimisation ruling against penitentiary authority over excessive medical data

LinkedIn paywalls GDPR Article 15 access to profile visitor data despite monetizing it.

DHS used 1930s customs law to demand Google surrender location and activity data on Canadian critic of immigration

Microsoft April 2026 updates block psmounterex.sys driver, breaking third-party backup applications.

Global crackdown arrests 276 suspects, shuts 9 crypto scam centers, seizes $701M.

Two US cybersecurity experts sentenced to 4 years for aiding ALPHV BlackCat ransomware group.

Alleged Silk Typhoon hacker extradited to US for cyberespionage charges.

15-year-old detained for selling 11.7M records stolen from French ANTS govt agency.

Two US cybersecurity experts sentenced to 4 years prison for aiding BlackCat/Alphv ransomware gang.

NCSC warns organisations to prepare for incoming 'vulnerability patch wave' addressing decades of technical debt.