[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:policy":3},{"tag":4,"articles":8,"awareness":435,"events":436,"tips":437,"focus_items":438,"total_count":439},{"slug":5,"name":6,"description":7},"policy","Policy",null,[9,18,26,35,43,52,60,69,78,87,95,102,111,120,129,138,147,156,164,172,179,188,197,206,213,221,228,235,244,253,262,271,280,289,297,306,313,322,330,339,348,357,364,373,382,390,399,408,417,426],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"9102160f-df06-4142-b0ec-6de866b3354b","APD\u002FGBA (Belgium) - 101\u002F2026","apd-gba-belgium-101-2026-b65f39","Belgian DPA fines tech company €176,946.61 for unlawfully retaining contractor's email account after departure.","The Belgian Data Protection Authority (APD\u002FGBA) issued a fine of €176,946.61 against a tech company for maintaining an active email account belonging to an independent contractor after their collaboration ended in May 2023, and for failing to meet transparency obligations under GDPR Articles 12 and 13. The DPA determined that after a grace period of one month, the controller lacked a valid legal basis (Article 6 GDPR) to continue processing the personal data in the mailbox, violating the lawfulness, purpose limitation, and data minimization principles. The authority ordered the company to grant access to the account, delete personal data, provide access logs, and implement measures to ensure future compliance.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=APD\u002FGBA_(Belgium)_-_101\u002F2026&diff=51698&oldid=0","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F44\u002FLogoBE.png","2026-05-20T19:23:41+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":7,"published_at":25},"b2d03fdb-a589-44a9-a83d-f3d35d14c435","🚨🇺🇾 Uruguay DNIC allegedly leaked: 5.8M citizen database records exposed\n\nhttps:\u002F\u002Ft.co\u002Fn2zsCshQ1r","uruguay-dnic-allegedly-leaked-5-8m-citizen-database-records-exposed-https-t-co-n-544c62","Uruguay's DNIC citizen database with 5.8M records allegedly leaked online.","A database containing 5.8 million records from Uruguay's DNIC (Documento Nacional de Identidad) national identity system has allegedly been exposed and leaked. The breach affects a significant portion of Uruguay's population and raises serious concerns about government data security and citizen privacy. The leaked records likely contain sensitive personal identification information.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057128182663290947","2026-05-20T15:55:52+00:00",{"id":27,"title":28,"slug":29,"brief":30,"ai_summary":31,"url":32,"image_url":33,"published_at":34},"206773cf-0b98-4f79-8c11-e16551f189fc","INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers","interpol-operation-ramz-seizes-53-malware-phishing-servers-355beb","INTERPOL Operation Ramz arrests 200+ individuals, seizes 53 malware and phishing servers across MENA region.","INTERPOL's Operation Ramz resulted in the arrest of over 200 cybercriminals and identification of 382 additional suspects across 13 Middle Eastern and North African countries. Law enforcement seized 53 servers used for phishing, malware distribution, and online fraud that victimized at least 3,867 confirmed victims. The operation, conducted with support from cybersecurity firms including Kaspersky, Group-IB, and TrendMicro, dismantled multiple criminal schemes including investment scams, phishing-as-a-service platforms, and malware distribution networks.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Finterpol-operation-ramz-seizes-53-malware-phishing-servers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F18\u002FINTERPOL.jpg","2026-05-18T22:15:30+00:00",{"id":36,"title":37,"slug":38,"brief":39,"ai_summary":40,"url":41,"image_url":7,"published_at":42},"8fc13a07-6fdf-4c6c-ba8c-d69e802cbce0","Lul...\n\nCISA Admin Leaked AWS GovCloud Keys on GitHub\n\nhttps:\u002F\u002Ft.co\u002FV8j07muRXS","lul-cisa-admin-leaked-aws-govcloud-keys-on-github-https-t-co-v8j07murxs-b16168","CISA administrator accidentally exposed AWS GovCloud credentials on GitHub.","A CISA administrator inadvertently leaked AWS GovCloud access keys to a public GitHub repository. The incident highlights credential management failures and the risk of hardcoded secrets in version control systems. AWS GovCloud provides secure cloud infrastructure for U.S. government agencies, making this exposure a significant security and compliance concern.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2056479796209631536","2026-05-18T20:59:25+00:00",{"id":44,"title":45,"slug":46,"brief":47,"ai_summary":48,"url":49,"image_url":50,"published_at":51},"340aaed9-b730-417d-966f-01496eca3df9","In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws","in-other-news-big-tech-vs-canada-encryption-bill-cisco-s-free-ai-security-spec-a-406051","SecurityWeek roundup covers Nvidia cloud gaming breach, Android 17 security upgrades, and fake Claude Code malware","This weekly cybersecurity roundup highlights multiple threats and developments: a GeForce NOW data breach via Armenian regional partner exposed user PII, the FBI warns of ShinyHunters' Canvas hacks, and a sophisticated infostealer campaign uses fake Claude Code installers to steal browser credentials. Additionally, Google's Android 17 introduces AI-driven security defenses and post-quantum cryptography, while Iran-linked Seedworm targets electronics manufacturers globally using DLL sideloading.","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-05-15T14:52:16+00:00",{"id":53,"title":54,"slug":55,"brief":56,"ai_summary":57,"url":58,"image_url":7,"published_at":59},"0e6deb38-d0f6-4ec3-a6a6-70c8465eafbd","CISA Adds One Known Exploited Vulnerability to Catalog","cisa-adds-one-known-exploited-vulnerability-to-catalog-8f5dc6","CISA adds CVE-2026-42897 Microsoft Exchange XSS vulnerability to KEV Catalog due to active exploitation.","CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation in the wild. The addition falls under Binding Operational Directive (BOD) 22-01, which mandates that Federal Civilian Executive Branch agencies remediate identified vulnerabilities by specified deadlines. CISA urges all organizations to prioritize patching this vulnerability as part of their vulnerability management practices.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F05\u002F15\u002Fcisa-adds-one-known-exploited-vulnerability-catalog","2026-05-15T12:00:00+00:00",{"id":61,"title":62,"slug":63,"brief":64,"ai_summary":65,"url":66,"image_url":67,"published_at":68},"e63d37eb-3dca-4c83-be6e-4602a928f5a1","Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems","taiwan-incident-highlights-cybersecurity-gaps-in-rail-systems-9384b9","Taiwanese student halts three bullet trains for ~1 hour using software-defined radio, triggering anti-terrorism","A Taiwanese student experimenting with software-defined radio (SDR) technology managed to shut down three bullet trains for approximately one hour, exposing critical cybersecurity vulnerabilities in the nation's rail infrastructure. The incident triggered an anti-terrorism response from authorities. The breach highlights systemic security gaps in critical infrastructure systems that rely on legacy and inadequately protected communications protocols.","https:\u002F\u002Fwww.darkreading.com\u002Fics-ot-security\u002Ftaiwan-incident-highlights-cybersecurity-gaps","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltba3a137dbf767ae6\u002F6a061f2f41bd583c0c8882d7\u002Ftaiwan-bullet-trains-eric1207cvb-shutterstock.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-15T01:00:00+00:00",{"id":70,"title":71,"slug":72,"brief":73,"ai_summary":74,"url":75,"image_url":76,"published_at":77},"7364c0d2-bd14-4b5d-9050-8ba4d387cbea","Congress Puts Heat on Instructure After Canvas Outage","congress-puts-heat-on-instructure-after-canvas-outage-f225ed","Congress questions Instructure after Canvas outage linked to ShinyHunters cybercriminal group.","The House Committee on Homeland Security sent a letter to Instructure regarding the Canvas learning platform cyberattack, coinciding with the company's announcement of reaching an agreement with the ShinyHunters threat group. The incident highlights congressional oversight of critical education infrastructure and cybercriminal negotiations.","https:\u002F\u002Fwww.darkreading.com\u002Fcyberattacks-data-breaches\u002Fcongress-instructure-shinyhunters-attacks","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltb9f102c416e36970\u002F6a062de47896f162656ad15c\u002Fcanvas_pictoKraft_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-14T20:19:20+00:00",{"id":79,"title":80,"slug":81,"brief":82,"ai_summary":83,"url":84,"image_url":85,"published_at":86},"86b15f03-c8b1-41e8-8a9e-735a4d701fed","White House cyber official: identity security matters more than ever in the age of AI","white-house-cyber-official-identity-security-matters-more-than-ever-in-the-age-o-2e99c9","White House cyber official: identity security remains critical defense against AI-powered attacks on federal networks.","A White House cybersecurity official stated that while AI tools present unique threats to federal IT systems, they still fundamentally require compromised credentials or trusted access to exploit vulnerabilities effectively. Federal agencies must prioritize identity security, monitoring, and regulating network access to defend against AI-powered attacks that can operate at scale and speed without stealth. Current gaps in identity security are being actively exploited by adversaries using AI, prompting urgent calls for improved detection and response capabilities.","https:\u002F\u002Fcyberscoop.com\u002Fwhite-house-federal-identity-security-ai-risks\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F05\u002FNick-Polk-and-others.jpeg","2026-05-14T20:15:21+00:00",{"id":88,"title":89,"slug":90,"brief":91,"ai_summary":92,"url":93,"image_url":7,"published_at":94},"8a751e5a-93a6-469f-83c1-b5c83dc4a9e0","‼️🇧🇫 Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents E...","burkina-faso-passport-amp-id-records-allegedly-leaked-50k-scanned-identity-docum-40405c","50,000+ scanned Burkina Faso passport and ID records allegedly leaked online.","Over 50,000 scanned identity documents from Burkina Faso, including passports and national ID records, have allegedly been exposed and shared online. The leak represents a significant privacy breach affecting citizens' sensitive biometric and personal identification data. This exposure poses risks for identity theft, fraud, and potential misuse by threat actors.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055010559225901067","2026-05-14T19:41:12+00:00",{"id":96,"title":54,"slug":97,"brief":98,"ai_summary":99,"url":100,"image_url":7,"published_at":101},"ee5d881f-d39a-48f0-8912-e4b500160d50","cisa-adds-one-known-exploited-vulnerability-to-catalog-7a9601","CISA adds CVE-2026-20182 Cisco SD-WAN authentication bypass to KEV Catalog as actively exploited.","CISA has added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability, to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. The vulnerability poses significant risk to federal enterprises and triggers mandatory remediation requirements under Binding Operational Directive BOD 22-01 for Federal Civilian Executive Branch agencies. CISA urges all organizations to prioritize patching this vulnerability as part of their vulnerability management practices.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F05\u002F14\u002Fcisa-adds-one-known-exploited-vulnerability-catalog","2026-05-14T12:00:00+00:00",{"id":103,"title":104,"slug":105,"brief":106,"ai_summary":107,"url":108,"image_url":109,"published_at":110},"5605a5c5-1078-4dda-9f06-4df1bb0eaedb","‼️🇬🇷 Municipality of Agrinio allegedly breached: 28 databases exposed via SQL injection on the...","municipality-of-agrinio-allegedly-breached-28-databases-exposed-via-sql-injectio-f82511","Municipality of Agrinio breached; 28 databases exposed via SQL injection attack.","A threat actor has disclosed the results of an SQL injection attack against the Municipality of Agrinio, Greece's largest city in the Aetolia-Acarnania region, exposing 28 databases. The breach was carried out on the Greek local government portal. The incident highlights critical web application security vulnerabilities in critical infrastructure.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054703616871612717","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIPGC1WWAAAX0hi.jpg","2026-05-13T23:21:31+00:00",{"id":112,"title":113,"slug":114,"brief":115,"ai_summary":116,"url":117,"image_url":118,"published_at":119},"7e577c3a-e081-4f84-99f6-8564473b44fd","German National Indicted Over Money Laundering Tied to Defunct \"Dream Market\" Darknet Marketplace","german-national-indicted-over-money-laundering-tied-to-defunct-dream-market-dark-f384a4","German national indicted for laundering $2M+ from defunct Dream Market darknet marketplace.","Federal prosecutors charged Owe Martin Andresen, 49, with laundering over $2 million in proceeds from Dream Market, a major darknet marketplace he allegedly administered under the handle \"Speedstepper.\" Andresen reactivated dormant cryptocurrency wallets in late 2022 and converted funds into gold bars and other assets between August 2023 and April 2025. U.S. and German authorities coordinated his arrest in May 2025, seizing approximately $1.7 million in gold bars, $23,000 in cash, and identifying another $1.2 million in suspected Dream Market proceeds.","https:\u002F\u002Fdarkwebinformer.com\u002Fgerman-national-indicted-over-money-laundering-tied-to-defunct-dream-market-darknet-marketplace\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002Fdream_market.png","2026-05-13T20:07:20+00:00",{"id":121,"title":122,"slug":123,"brief":124,"ai_summary":125,"url":126,"image_url":127,"published_at":128},"c62ff6aa-7dd6-4c35-92b3-b23dad7f70b0","Government to Scrutinize Instructure Over Canvas Disruption, Data Breach","government-to-scrutinize-instructure-over-canvas-disruption-data-breach-6de7bf","US House Committee demands briefing on Instructure Canvas data breach affecting 275M individuals","The US House Committee on Homeland Security has requested a briefing from Instructure following cyberattacks on its Canvas learning platform in late April and early May. ShinyHunters claimed responsibility for stealing 3.65 terabytes of data affecting approximately 275 million students, teachers, and staff across 9,000 education institutions, with the disruption impacting universities and school districts across 11 states. Instructure has stated the incident is contained and negotiated the return and deletion of stolen data, though it temporarily shut down Free-For-Teacher accounts due to security issues that were exploited in both intrusions.","https:\u002F\u002Fwww.securityweek.com\u002Fgovernment-to-scrutinize-instructure-on-canvas-disruption-data-breach\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F07\u002Fplead-guilty-hacker-court.jpeg","2026-05-13T12:13:14+00:00",{"id":130,"title":131,"slug":132,"brief":133,"ai_summary":134,"url":135,"image_url":136,"published_at":137},"f1059724-6fe7-42b2-b8bd-b9277ecf695c","NAIH (Hungary) - NAIH-3344-1\u002F2026","naih-hungary-naih-3344-1-2026-44b52e","Hungarian DPA fines university HUF 1.5M for excessive data processing in dormitory admissions.","The Hungarian Data Protection Authority (NAIH) fined a Hungarian university HUF 1,500,000 for violating GDPR Articles 5, 6, and 13 in its dormitory admissions process. The university processed excessive personal data (residence card details, identification numbers, full authority decisions) without adequate legal basis, failed to provide proper privacy notices, and misleadingly referenced consent as a legal basis when relying on public interest. The DPA ordered the university to cease unlawful processing, delete improperly collected data, update its privacy notice, and demonstrate compliance within 45 days.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=NAIH_(Hungary)_-_NAIH-3344-1\u002F2026&diff=51650&oldid=0","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F8\u002F85\u002FLogoHU.jpg","2026-05-13T10:31:54+00:00",{"id":139,"title":140,"slug":141,"brief":142,"ai_summary":143,"url":144,"image_url":145,"published_at":146},"2159c6a9-cf2f-47e1-9f23-6e65732d8b41","AP (The Netherlands) - Decision of 11 December 2023 imposing administrative fine on Uber","ap-the-netherlands-decision-of-11-december-2023-imposing-administrative-fine-on--32690e","Dutch DPA fines Uber €10M for lacking transparency and failing data subject rights access.","The Dutch Data Protection Authority (AP) issued a €10,000,000 fine to Uber Technologies Inc. and Uber B.V. on December 11, 2023, for violations of GDPR Articles 12, 13, and 15 involving inadequate transparency in privacy policies and inaccessible mechanisms for data subjects to exercise their rights. The complaint was filed by the French human rights organization Ligue des droits de l'Homme on behalf of 172 Uber drivers, and the DPA upheld the fine after Uber's internal appeal in 2026.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AP_(The_Netherlands)_-_Decision_of_11_December_2023_imposing_administrative_fine_on_Uber&diff=51649&oldid=39950","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F1\u002F14\u002FLogoNL.png","2026-05-13T08:53:39+00:00",{"id":148,"title":149,"slug":150,"brief":151,"ai_summary":152,"url":153,"image_url":154,"published_at":155},"1f1f3aea-4061-4f8a-b196-5e5b751a97bc","BVwG - W171 2303402-1\u002F7E","bvwg-w171-2303402-1-7e-be9784","Austrian court upholds DPA order requiring ORF to redesign cookie banner for equal consent options.","Austria's Federal Administrative Court (BVwG) upheld a Data Protection Authority decision ordering the Austrian public broadcaster ORF to redesign its cookie banner to provide equally prominent 'Accept All' and 'Only Necessary' options. The court found that ORF's original design, which used visual emphasis (blue background) on the 'Accept All' button versus less prominent alternatives, violated GDPR Article 4(11) by nudging users toward consent rather than enabling free and genuine choice. The ruling reinforces that cookie banner design must ensure visual equivalence between consent and rejection options to satisfy GDPR transparency and consent requirements.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=BVwG_-_W171_2303402-1\u002F7E&diff=51648&oldid=51640","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F4c\u002FCourts_logo1.png","2026-05-13T08:50:24+00:00",{"id":157,"title":158,"slug":159,"brief":160,"ai_summary":161,"url":162,"image_url":145,"published_at":163},"ee01ee87-90bb-4585-93f8-7eadd13d0369","AP (The Netherlands) - 2025-005323","ap-the-netherlands-2025-005323-ef4179","Dutch DPA finds Yango app unlawfully transferred EEA user data to Russia without proper safeguards","The Dutch Data Protection Authority (DPA), acting as lead authority with Finnish and Norwegian counterparts, determined that Yango (operated by MLU B.V., a Yandex subsidiary) violated GDPR Articles 44 and 46 by transferring personal data from taxi drivers and customers to Russia without appropriate safeguards. The investigation found that encryption keys were stored alongside data in Russian servers until November 2023, and that continued transfers to Russia even after moving encrypted data to AWS Germany were unlawful because Yandex entities had means to identify EEA data subjects.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AP_(The_Netherlands)_-_2025-005323&diff=51641&oldid=51626","2026-05-13T08:13:29+00:00",{"id":165,"title":166,"slug":167,"brief":168,"ai_summary":169,"url":170,"image_url":154,"published_at":171},"bad3a42d-8469-4a21-83ac-fd7b74797ca3","CE - N. 433539","ce-n-433539-b9c319","French Supreme Administrative Court strikes down ARCOM copyright enforcement decree for lacking GDPR safeguards on","France's Supreme Administrative Court ruled that ARCOM's copyright enforcement system violated EU law by accessing subscriber identity data linked to IP addresses without sufficient safeguards. The court found the decree unlawful because it failed to require judicial or independent administrative authorization before a third data access request, which could reveal sensitive aspects of individuals' private lives. The court ordered repeal of the offending provisions while permitting data access for initial warnings and serious copyright cases.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CE_-_N._433539&diff=51638&oldid=51619","2026-05-13T08:03:55+00:00",{"id":173,"title":149,"slug":174,"brief":175,"ai_summary":176,"url":177,"image_url":154,"published_at":178},"fc491a54-59c7-4446-a51c-18d96bea6ceb","bvwg-w171-2303402-1-7e-5d8472","Austrian court upholds DPA order requiring ORF to redesign cookie banner with equivalent consent options.","On 28 October 2024, Austria's Data Protection Authority issued a decision against the Austrian public broadcaster ORF after finding its cookie banner design unlawfully nudged users toward accepting all cookies by visually highlighting the 'Accept All Cookies' button. The court upheld the DPA's order requiring ORF to redesign the banner within six weeks to ensure both consent and rejection options are equivalent in visual design, color, size, contrast, placement, and highlighting, to obtain valid consent under GDPR Article 4(11).","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=BVwG_-_W171_2303402-1\u002F7E&diff=51634&oldid=51631","2026-05-13T07:56:28+00:00",{"id":180,"title":181,"slug":182,"brief":183,"ai_summary":184,"url":185,"image_url":186,"published_at":187},"d378a243-8ebb-48e3-b1ae-07aab8fa9f85","ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA","ics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa-3f1cb4","Siemens, Schneider Electric, and CISA publish May 2026 Patch Tuesday advisories for ICS vulnerabilities.","Multiple industrial control system (ICS) vendors released security advisories for May 2026 Patch Tuesday, with Siemens publishing 18 advisories covering critical flaws in Sentron, Simatic, Ruggedcom, and other products. Vulnerabilities include device takeover, command execution as root, arbitrary file access, and missing authentication controls. Notable concern: Ruggedcom APE1808 is affected by a recently disclosed Palo Alto Networks PAN-OS vulnerability reportedly exploited by Chinese state-sponsored actors.","https:\u002F\u002Fwww.securityweek.com\u002Fics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F11\u002FICS_Patches.jpg","2026-05-13T06:50:51+00:00",{"id":189,"title":190,"slug":191,"brief":192,"ai_summary":193,"url":194,"image_url":195,"published_at":196},"5c2660b2-362e-4f85-aae2-a02c732247a1","UK fines water supplier $1.3M for exposing data of 664k customers","uk-fines-water-supplier-1-3m-for-exposing-data-of-664k-customers-849dd8","UK ICO fines water supplier £963,900 for 2020-2022 cyberattack exposing 664k customers.","The UK Information Commissioner's Office fined South Staffordshire Water Plc £963,900 ($1.3M) for a cyberattack that exposed personal data of 663,887 customers and employees. The breach, initially claimed by Cl0p ransomware gang, began in September 2020 but remained undetected for 20 months until discovery in July 2022; exposed data included names, addresses, email, phone numbers, dates of birth, bank details, and employee HR information. The ICO identified critical security failures including insufficient privilege escalation controls, inadequate monitoring (5% coverage), obsolete software, poor patch management, and lack of security scans.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fuk-fines-water-supplier-13m-for-exposing-data-of-664k-customers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F03\u002F03\u002FUK-ICO.jpg","2026-05-12T20:17:19+00:00",{"id":198,"title":199,"slug":200,"brief":201,"ai_summary":202,"url":203,"image_url":204,"published_at":205},"38efd127-7134-45cc-a482-1bb4bb531b64","Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days","microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days-40079e","Microsoft May 2026 Patch Tuesday fixes 120 flaws with 17 critical vulnerabilities, no zero-days.","Microsoft released its May 2026 Patch Tuesday update addressing 120 vulnerabilities across its product portfolio, including 17 critical flaws—14 remote code execution, 2 privilege escalation, and 1 information disclosure. No zero-day exploits were disclosed this month. Notable vulnerabilities include remote code execution flaws in Microsoft Office, Windows GDI, SharePoint Server, and Windows DNS Client, with particular emphasis on Office file exploits via preview pane that warrant immediate patching.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fmicrosoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F10\u002F08\u002Fpatch_tuesday_microsoft.jpg","2026-05-12T18:08:06+00:00",{"id":207,"title":149,"slug":208,"brief":209,"ai_summary":210,"url":211,"image_url":154,"published_at":212},"184e9fc7-49dd-4f16-8636-a9df47808738","bvwg-w171-2303402-1-7e-45b6bb","Austrian court upholds DPA order requiring ORF to redesign cookie banner with balanced consent options.","Austria's Federal Administrative Court (BVwG) upheld a Data Protection Authority (DPA) order requiring the Austrian public broadcaster ORF to redesign its cookie banner to ensure valid consent under GDPR. The court found that the original design visually highlighted the \"Accept All Cookies\" button with stronger contrast and color, nudging users toward consent in violation of Article 4(11) GDPR. The court rejected ORF's arguments that the DPA exceeded its jurisdiction and that GDPR lacks binding design rules, confirming that consent mechanisms must offer genuinely equivalent visual treatment between acceptance and rejection options.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=BVwG_-_W171_2303402-1\u002F7E&diff=51630&oldid=0","2026-05-12T15:55:12+00:00",{"id":214,"title":215,"slug":216,"brief":217,"ai_summary":218,"url":219,"image_url":154,"published_at":220},"6952a7d8-dfb6-4000-81ce-df9f1801aa6c","OLG Stuttgart - 4 U 353\u002F24","olg-stuttgart-4-u-353-24-1da7a8","German appeals court partially upholds GDPR data subject rights against social media company tracking via third-party","In OLG Stuttgart case 4 U 353\u002F24, a German appellate court partially upheld a data subject's GDPR claims against a social media platform operator whose 'Business Tools' tracked users across third-party websites without sufficient legal basis. The court found the data processing unlawful, upheld the right to restrict processing and access personal data, but dismissed claims for injunctive relief and erasure. The decision establishes that joint controllers bear the burden of proving consent and cannot rely on inadequate 'self-help tools' to satisfy transparency obligations.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=OLG_Stuttgart_-_4_U_353\u002F24&diff=51625&oldid=51624","2026-05-12T14:31:42+00:00",{"id":222,"title":158,"slug":223,"brief":224,"ai_summary":225,"url":226,"image_url":145,"published_at":227},"d1f10ee3-0084-4bf0-9eea-a46813775f68","ap-the-netherlands-2025-005323-1ecc1d","Netherlands DPA fines Yandex €100M for unlawful data transfers to Russia without adequate safeguards.","The Dutch Data Protection Authority (DPA) issued a €100 million GDPR fine against Yandex.Taxi LLC and Yandex LLC for transferring personal data of Norwegian and Finnish citizens to Russia without demonstrating adequate safeguards. Despite initial storage in AWS Germany, data was forwarded to Russia, and the DPA found that Russian authorities could compel disclosure under local law, while Russia's supervisory authority lacks independence. The DPA also prohibited MLU B.V. from transferring user data via the Yango app to Russia.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AP_(The_Netherlands)_-_2025-005323&diff=51623&oldid=51622","2026-05-12T10:48:42+00:00",{"id":229,"title":158,"slug":230,"brief":231,"ai_summary":232,"url":233,"image_url":145,"published_at":234},"bfd7f49d-f382-4aed-98d8-8bc93080f945","ap-the-netherlands-2025-005323-a401f2","Dutch DPA fines Yango €100M for unlawful data transfers to Russia without safeguards.","The Dutch Data Protection Authority (AP) fined MLU B.V. (Yango taxi app operator) €100 million for transferring personal data of users in Finland and Norway to Russia without implementing appropriate safeguards as required by GDPR. The investigation, initiated jointly with Finnish and Norwegian DPAs in December 2023, found that Yango continued operating and transferring sensitive customer and driver data (location, banking, IDs) to Russian entities despite claims of service cessation. Although data storage moved to AWS in Germany after 2023, unlawful transfers based on standard contractual clauses persisted.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AP_(The_Netherlands)_-_2025-005323&diff=51622&oldid=0","2026-05-12T10:22:39+00:00",{"id":236,"title":237,"slug":238,"brief":239,"ai_summary":240,"url":241,"image_url":242,"published_at":243},"c662ead3-3fe0-4cc4-9d4c-454e14cf1786","‼️🇮🇩 Kementerian Kesehatan Republik Indonesia allegedly leaked exposing 20 million antigen test...","kementerian-kesehatan-republik-indonesia-allegedly-leaked-exposing-20-million-an-3eeff4","Indonesian Ministry of Health data breach exposes 20 million antigen test records.","A threat actor claims to have leaked a database containing 20 million antigen test records from Kementerian Kesehatan Republik Indonesia (Indonesian Ministry of Health). The leaked data reportedly includes sensitive health information linked to COVID-19 antigen testing. This represents a significant privacy breach affecting millions of Indonesian citizens.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053979712037232979","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIEzqR-XUAAUuBO.jpg","2026-05-11T23:24:59+00:00",{"id":245,"title":246,"slug":247,"brief":248,"ai_summary":249,"url":250,"image_url":251,"published_at":252},"bfbff819-612a-48f8-b761-274ab9fd0600","‼️🇫🇷 La Suite Numérique allegedly breached exposing over 18 million records from the French gov...","la-suite-numerique-allegedly-breached-exposing-over-18-million-records-from-the--5446d5","La Suite Numérique breach exposes 18M+ records from French government digital workspace.","A threat actor claims to have breached La Suite Numérique, France's official digital workspace and collaboration platform operated by the French government, exfiltrating over 18 million records. The breach affects a critical government infrastructure service used across French public administration. The incident raises concerns about the security of centralized state digital services and potential access to sensitive government communications and data.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053942217652187460","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIERWPDWsAAMPpm.jpg","2026-05-11T20:55:59+00:00",{"id":254,"title":255,"slug":256,"brief":257,"ai_summary":258,"url":259,"image_url":260,"published_at":261},"9006e7eb-07b2-4c4a-be63-d3bfe7e6825c","Customer data exposure at CB Financial Services (CBFV) prompts material cybersecurity filing","customer-data-exposure-at-cb-financial-services-cbfv-prompts-material-cybersecur-421e4f","CB Financial Services discloses material breach exposing customer names, SSNs, birthdates via unauthorized AI app.","CB Financial Services reported a material cybersecurity incident on May 5, 2026 involving improper handling of non-public customer data (names, social security numbers, birth dates) through an unauthorized AI-based software application at its Community Bank subsidiary. The company stated that banking operations and core systems were not disrupted, and no material financial impact is expected, but is investigating the scope and root cause with external advisors while notifying affected customers and coordinating with regulators.","https:\u002F\u002Fwww.stocktitan.net\u002Fsec-filings\u002FCBFV\u002F8-k-cb-financial-services-inc-reports-material-event-9d71c207862a.html","https:\u002F\u002Fstatic.stocktitan.net\u002Ffiling-covers\u002Fcbfv_8-K.webp","2026-05-11T20:33:48+00:00",{"id":263,"title":264,"slug":265,"brief":266,"ai_summary":267,"url":268,"image_url":269,"published_at":270},"c777fdb2-e469-4042-b4a5-f162c25cb631","‼️ Possible ShinyHunters clearnet domain seizure as of about 7 hours ago detected by my FBI Watch...","possible-shinyhunters-clearnet-domain-seizure-as-of-about-7-hours-ago-detected-b-0d1bd0","ShinyHunters clearnet domain possibly seized by FBI.","A clearnet domain associated with the ShinyHunters threat actor group appears to have been seized approximately 7 hours prior to detection via automated FBI monitoring. The domain is currently inaccessible, suggesting potential law enforcement action. ShinyHunters is known for operating a marketplace for stolen data and conducting various data breach campaigns.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053854498875977843","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIDBw2YW8AAe4yq.png","2026-05-11T15:07:25+00:00",{"id":272,"title":273,"slug":274,"brief":275,"ai_summary":276,"url":277,"image_url":278,"published_at":279},"acd259e6-54ed-45bd-9d7a-072d5710a319","Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested","resurrected-crimenetwork-marketplace-taken-down-administrator-arrested-10426f","German police shut down resurrected Crimenetwork marketplace; administrator arrested in Mallorca.","German law enforcement took down the second iteration of the Crimenetwork dark web marketplace, which had grown to over 22,000 users and 100+ sellers within days of its resurrection following the original platform's December 2024 shutdown. A 35-year-old suspected administrator was arrested in Mallorca by Spanish authorities, and investigators seized €194,000 in assets and extensive user\u002Ftransaction data. The original Crimenetwork had facilitated over $100 million in cryptocurrency transfers across 12 years of operation, trafficking in stolen data, drugs, and forged documents.","https:\u002F\u002Fwww.securityweek.com\u002Fresurrected-crimenetwork-marketplace-taken-down-administrator-arrested\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F12\u002Fdark-web-marketplace.png","2026-05-11T07:25:12+00:00",{"id":281,"title":282,"slug":283,"brief":284,"ai_summary":285,"url":286,"image_url":287,"published_at":288},"bf95f681-9110-48a2-8c1e-9e1d60f25d5c","Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms","two-us-men-jailed-for-helping-north-korean-hackers-infiltrate-us-firms-816c64","Two US men sentenced to 18 months for operating laptop farms enabling North Korean hackers to infiltrate 70+ US firms.","Matthew Knoot and Erick Prince were jailed for 18 months each for facilitating a North Korean hacking operation that compromised over 70 US companies and generated $1.2 million. The duo ran remote laptop farms that allowed North Korean workers using stolen identities to pose as legitimate US-based IT employees, while the men received payment for hosting the equipment and enabling the fraud. Both men have been ordered to repay stolen funds as part of the DoJ's DPRK RevGen: Domestic Enabler Initiative targeting US facilitators of foreign threat actors.","https:\u002F\u002Fhackread.com\u002Fus-men-sentenced-north-korean-hackers-hack-us-firms\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fus-men-sentenced-north-korean-hackers-hack-us-firms.jpg","2026-05-10T19:54:34+00:00",{"id":290,"title":291,"slug":292,"brief":293,"ai_summary":294,"url":295,"image_url":50,"published_at":296},"af02c87f-b031-443e-a35d-2f7028da074b","In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner","in-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-fr-7d43a1","SecurityWeek roundup: US targets 72-hour patch cycles, PamDOORa Linux backdoor, CISA director frontrunner named.","A weekly cybersecurity news roundup covering multiple critical developments: US government proposes reducing federal patch timelines from 14 days to 72 hours for critical vulnerabilities amid faster AI-driven exploitation. Cisco Talos identifies CloudZ malware leveraging Windows Phone Link to steal OTPs and SMS messages. Additional stories include a train network hacker arrested in Taiwan, IBM executive Tom Parker emerging as CISA director candidate, and a Eurasian drone industry spy campaign targeting forum attendees.","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-frontrunner\u002F","2026-05-08T14:30:00+00:00",{"id":298,"title":299,"slug":300,"brief":301,"ai_summary":302,"url":303,"image_url":304,"published_at":305},"95e4f2ca-9cef-4833-8c3c-8f0d6cd4503a","CISA gives feds four days to patch Ivanti flaw exploited as zero-day","cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day-c3640f","CISA mandates four-day patch deadline for zero-day Ivanti EPMM flaw being actively exploited.","CISA issued an emergency directive requiring U.S. federal agencies to patch CVE-2026-6973, a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) being exploited in active zero-day attacks, by May 10, 2026. The flaw allows attackers with admin privileges to execute arbitrary code remotely on EPMM 12.8.0.0 and earlier. Ivanti disclosed that exploitation has been limited so far and provided patched versions (12.6.1.1, 12.7.0.1, 12.8.0.1), while Shadowserver tracks over 800 exposed EPMM appliances online.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F03\u002F10\u002FIvanti.jpg","2026-05-08T12:16:32+00:00",{"id":307,"title":54,"slug":308,"brief":309,"ai_summary":310,"url":311,"image_url":7,"published_at":312},"0fbfe4c4-7570-4097-8af9-39e91d3cf38a","cisa-adds-one-known-exploited-vulnerability-to-catalog-602ea8","CISA adds BerriAI LiteLLM SQL injection vulnerability to Known Exploited Vulnerabilities catalog.","CISA added CVE-2026-42208, a SQL injection vulnerability in BerriAI LiteLLM, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk to federal enterprise networks. While BOD 22-01 mandates remediation for Federal Civilian Executive Branch agencies, CISA urges all organizations to prioritize patching this actively exploited flaw as part of vulnerability management.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F05\u002F08\u002Fcisa-adds-one-known-exploited-vulnerability-catalog","2026-05-08T12:00:00+00:00",{"id":314,"title":315,"slug":316,"brief":317,"ai_summary":318,"url":319,"image_url":320,"published_at":321},"305c89f3-b003-4d84-b809-07b2e4929adb","Former govt contractor convicted for wiping dozens of federal databases","former-govt-contractor-convicted-for-wiping-dozens-of-federal-databases-4328b9","Former federal contractor convicted for destroying 96 government databases after termination.","A 34-year-old Virginia man, Sohaib Akhter, was convicted of conspiring to destroy dozens of U.S. government databases after being fired from his contractor role in February 2025. Along with his twin brother Muneeb, he accessed systems without authorization, deleted approximately 96 databases containing sensitive investigative documents and FOIA records across multiple federal agencies, and attempted to cover their tracks using AI to clear system logs. Sohaib faces up to 21 years in prison at sentencing on September 9, 2026, while Muneeb faces up to 45 years for additional charges including aggravated identity theft and theft of government records.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fformer-govt-contractor-convicted-for-wiping-dozens-of-federal-databases\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F12\u002F04\u002FHackers.jpg","2026-05-08T08:45:04+00:00",{"id":323,"title":324,"slug":325,"brief":326,"ai_summary":327,"url":328,"image_url":7,"published_at":329},"7eb5dcc3-1a36-4709-9988-1dd9e1941ff3","Instructure Status","instructure-status-4a728d","Instructure Canvas suffers confirmed security breach; names, emails, student IDs, and messages compromised.","Instructure disclosed a confirmed cybersecurity incident on May 1, 2026, affecting Canvas and related platforms. The breach exposed user identifying information including names, email addresses, student ID numbers, and user messages across affected institutions. The company revoked credentials, deployed patches, rotated keys, and found no evidence of password, date-of-birth, government ID, or financial data compromise; investigation continues with external forensics support.","https:\u002F\u002Fstatus.instructure.com\u002F","2026-05-08T02:09:00+00:00",{"id":331,"title":332,"slug":333,"brief":334,"ai_summary":335,"url":336,"image_url":337,"published_at":338},"0b76a84d-d0b6-45e7-b944-1554eace47d2","American duo sentenced for hosting laptop farms for North Korean IT workers","american-duo-sentenced-for-hosting-laptop-farms-for-north-korean-it-workers-b2f210","Two U.S. nationals sentenced to 18 months for hosting laptop farms enabling North Korean IT workers.","Matthew Issac Knoot and Erick Ntekereze Prince were each sentenced to 18 months in prison for operating laptop farms that allowed North Korean remote IT workers to appear based in the U.S., defrauding approximately 70 American companies and generating $1.2 million for the North Korean regime. The men installed remote desktop software on laptops hosted at their residences, enabling North Korean operatives to work remotely while masquerading as legitimate U.S.-based employees. This case is part of a broader U.S. enforcement crackdown on sanctions evasion schemes that have infiltrated hundreds of Fortune 500 companies and generated hundreds of millions annually for North Korea's military and weapons programs.","https:\u002F\u002Fcyberscoop.com\u002Fnorth-korea-it-worker-scheme-laptop-farm-facilitators-sentenced\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2024\u002F12\u002FGettyImages-1499131827.jpg","2026-05-07T13:56:52+00:00",{"id":340,"title":341,"slug":342,"brief":343,"ai_summary":344,"url":345,"image_url":346,"published_at":347},"d3d8ca9f-1c40-42ac-905e-8b5a49945769","Americans sentenced for running 'laptop farms' for North Korea","americans-sentenced-for-running-laptop-farms-for-north-korea-07800f","Two Americans sentenced to 18 months for running laptop farms enabling North Korean IT worker fraud at 70+ U.S. firms.","Matthew Isaac Knoot and Erick Ntekereze Prince were each sentenced to 18 months in prison for operating laptop farms that allowed North Korean IT workers to fraudulently obtain remote employment at nearly 70 American companies. The scheme involved receiving company-issued laptops under stolen identities, installing unauthorized remote desktop software, and routing over $1.1 million in combined victim payments overseas. This marks the seventh and eighth U.S. laptop farmer convicted as part of a federal crackdown on North Korea's illicit revenue-generation operations.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Famericans-sentenced-for-running-laptop-farms-for-north-korea\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F07\u002FNorth-Korea.jpg","2026-05-07T13:45:48+00:00",{"id":349,"title":350,"slug":351,"brief":352,"ai_summary":353,"url":354,"image_url":355,"published_at":356},"1cdc1a38-6f15-41a9-ae99-70ed211d037d","World Password Day 2026: The Credential Crisis Hasn’t Gone Away, It’s Just Got More Dangerous","world-password-day-2026-the-credential-crisis-hasn-t-gone-away-it-s-just-got-mor-13a614","World Password Day 2026 report reveals default credentials remain the largest credential exposure vector despite","A World Password Day 2026 analysis reveals that the credential crisis persists with default credentials accounting for ~60% of offensive security findings, outpacing weak password issues. While passkeys gain momentum and AI industrializes credential attacks through phishing and voice cloning, most organizations remain vulnerable due to poor access governance, unsecured credential storage, and lack of enforcement of access control policies. The report emphasizes that password strength alone is insufficient without proper privileged access management, least privilege enforcement, and continuous credential rotation across both human and machine identities.","https:\u002F\u002Fwww.itsecurityguru.org\u002F2026\u002F05\u002F07\u002Fworld-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous\u002F?utm_source=rss&utm_medium=rss&utm_campaign=world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous","https:\u002F\u002Fwww.itsecurityguru.org\u002Fwp-content\u002Fuploads\u002F2016\u002F12\u002Fpassword-1.jpg","2026-05-07T12:54:21+00:00",{"id":358,"title":54,"slug":359,"brief":360,"ai_summary":361,"url":362,"image_url":7,"published_at":363},"0258fa57-63e6-4dbd-a079-5531f3bca754","cisa-adds-one-known-exploited-vulnerability-to-catalog-acf8a2","CISA adds CVE-2026-6973 Ivanti EPMM improper input validation flaw to KEV Catalog.","CISA added CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog based on active exploitation evidence. The addition falls under Binding Operational Directive (BOD) 22-01, which mandates Federal Civilian Executive Branch agencies remediate listed vulnerabilities by specified deadlines. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of routine vulnerability management.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F05\u002F07\u002Fcisa-adds-one-known-exploited-vulnerability-catalog","2026-05-07T12:00:00+00:00",{"id":365,"title":366,"slug":367,"brief":368,"ai_summary":369,"url":370,"image_url":371,"published_at":372},"96e10ede-e9fe-4f41-b9dc-923fbcd9d3c9","CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict","cisa-wants-critical-infrastructure-to-operate-weeks-to-months-in-isolation-durin-bd6041","CISA launches CI Fortify program to help critical infrastructure operate independently for weeks during cyberattacks.","The Cybersecurity and Infrastructure Security Agency (CISA) is initiating the CI Fortify program to help critical infrastructure operators prepare for extended isolation from IT networks and third-party vendors during cyberattacks or conflicts. The initiative responds to ongoing threats from Chinese state-sponsored groups Salt Typhoon and Volt Typhoon, which target electricity, water, and internet sectors. CISA will conduct targeted technical assessments and help organizations develop plans for safe OT operations during disconnection, focusing on isolation and recovery strategies.","https:\u002F\u002Fcyberscoop.com\u002Fcisa-ci-fortify-critical-infrastructure-isolation-recovery-guidance-during-conflict\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2023\u002F04\u002FGettyImages-157403404.jpg","2026-05-05T21:47:34+00:00",{"id":374,"title":375,"slug":376,"brief":377,"ai_summary":378,"url":379,"image_url":380,"published_at":381},"c9fb1005-6179-46ed-8bd5-5d0ed7ab2c86","Karakurt Ransomware Negotiator Sentenced to Prison","karakurt-ransomware-negotiator-sentenced-to-prison-d92cc7","Latvian Karakurt ransomware negotiator sentenced to 8.5 years in US prison.","Deniss Zolotarjovs, a 35-year-old Latvian member of the Karakurt ransomware gang, was sentenced to 8.5 years in prison after pleading guilty to extortion charges. Operating between June 2021 and March 2023, Zolotarjovs served as the group's negotiator and extortion specialist, handling ransom communications and analyzing stolen data from at least 53 victims, resulting in $56 million in losses. He received 10% of negotiated ransoms in cryptocurrency, including proceeds from pressuring a pediatric healthcare company to pay by threatening to publish patient data.","https:\u002F\u002Fwww.securityweek.com\u002Fkarakurt-ransomware-negotiator-sentenced-to-prison\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002Fhacker-prison-sentence.jpeg","2026-05-05T10:55:00+00:00",{"id":383,"title":384,"slug":385,"brief":386,"ai_summary":387,"url":388,"image_url":154,"published_at":389},"8b0819b1-9cb4-4277-81d3-bf8e232fb477","TS - 1590\u002F2026","ts-1590-2026-fe9b6a","Spanish Supreme Court upholds GDPR data minimisation ruling against penitentiary authority over excessive medical data","Spain's Supreme Court affirmed a Data Protection Authority reprimand against the Secretaría General de Instituciones Penitenciarias for violating GDPR Article 5(1)(c) by demanding employees provide medical diagnoses alongside medical notes to justify short-term sick leave. The court clarified that data processing under GDPR occurs at the moment of requesting data, not solely upon collection, establishing that controllers must comply with data minimisation principles even when data is merely requested but not received. The ruling rejected the penitentiary authority's argument that demanding additional clinical information was necessary to prevent fraud and absenteeism, finding a medical note sufficient.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=TS_-_1590\u002F2026&diff=51560&oldid=51559","2026-05-05T09:09:25+00:00",{"id":391,"title":392,"slug":393,"brief":394,"ai_summary":395,"url":396,"image_url":397,"published_at":398},"176d7a82-a6a1-4a6b-86b2-12574d9ef33f","LinkedIn locks your GDPR rights behind a paywall","linkedin-locks-your-gdpr-rights-behind-a-paywall-7fa734","LinkedIn paywalls GDPR Article 15 access to profile visitor data despite monetizing it.","noyb has filed a complaint with the Austrian Data Protection Authority against LinkedIn for refusing to provide free access to profile visitor data under GDPR Article 15, despite making the same data available to paying Premium members. LinkedIn claims data protection concerns justify withholding the information from access requests, but lawyers argue this contradiction is indefensible—the company cannot both sell data and deny it on privacy grounds.","https:\u002F\u002Fnoyb.eu\u002Fen\u002Flinkedin-locks-your-gdpr-rights-behind-paywall","https:\u002F\u002Fnoyb.eu\u002Fsites\u002Fdefault\u002Ffiles\u002Fstyles\u002Ffacebook\u002Fpublic\u002F2026-05\u002Flinkedin_header1.png?h=19fb9a6b&itok=wBMo1b5n","2026-05-05T05:00:00+00:00",{"id":400,"title":401,"slug":402,"brief":403,"ai_summary":404,"url":405,"image_url":406,"published_at":407},"196f4a66-d5f8-415e-878b-f62b6a01e443","DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts","dhs-demanded-google-surrender-data-on-canadian-s-activity-location-over-anti-ice-e55d56","DHS used 1930s customs law to demand Google surrender location and activity data on Canadian critic of immigration","The Department of Homeland Security issued a customs summons to Google seeking location information, activity logs, and identifying data on a Canadian man who posted criticism on X regarding deaths of two people killed by federal immigration agents. The man has not entered the US in over a decade, raising concerns from civil liberties advocates that DHS is misusing the Tariff Act of 1930—designed for customs enforcement—to target political speech and suppress dissent against immigration policies.","https:\u002F\u002Fwww.wired.com\u002Fstory\u002Fdhs-demanded-google-surrender-data-on-canadians-activity-location-over-anti-ice-posts\u002F","https:\u002F\u002Fmedia.wired.com\u002Fphotos\u002F69f3b2974c4a83683f43ca9b\u002Fmaster\u002Fpass\u002FSecurity_DHSDemandedLocationData_1080x1080_02.jpg","2026-05-04T14:45:00+00:00",{"id":409,"title":410,"slug":411,"brief":412,"ai_summary":413,"url":414,"image_url":415,"published_at":416},"8233f25d-f8e8-4fdd-9eb3-7567e2e34716","Microsoft confirms April Windows updates cause backup failures","microsoft-confirms-april-windows-updates-cause-backup-failures-7032f6","Microsoft April 2026 updates block psmounterex.sys driver, breaking third-party backup applications.","Microsoft confirmed that April 2026 Windows security updates added the psmounterex.sys driver to its Vulnerable Driver Blocklist to defend against CVE-2023-43896, a high-severity buffer overflow vulnerability. This security hardening change is causing widespread failures in backup applications from vendors including Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup when attempting to mount or manage disk images. Microsoft recommends affected users update to newer application versions with patched drivers rather than uninstalling the security update.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fmicrosoft-confirms-backup-failures-caused-by-vulnerable-driver-block\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F03\u002F10\u002FWindows.jpg","2026-05-04T10:40:11+00:00",{"id":418,"title":419,"slug":420,"brief":421,"ai_summary":422,"url":423,"image_url":424,"published_at":425},"0aa1f1c7-f993-4578-82c0-2930b729d4e6","Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M","global-crackdown-arrests-276-shuts-9-crypto-scam-centers-seizes-701m-07e616","Global crackdown arrests 276 suspects, shuts 9 crypto scam centers, seizes $701M.","A coordinated international operation led by Dubai Police, FBI, and Chinese Ministry of Public Security arrested 276 suspects and dismantled nine cryptocurrency investment fraud scam centers targeting Americans. The scheme, known as 'pig butchering' or romance baiting, defrauded victims through fake investment platforms while exploiting human trafficking; the operation seized $701 million in cryptocurrency and notified nearly 9,000 victims through Operation Level Up. Additional enforcement actions included U.S. Treasury sanctions against Cambodian Senator Kok An and associates for operating a network of cyber scam compounds.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fglobal-crackdown-arrests-276-shuts-9.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhVrpguh4mhS2wkIhYWPYbS2Nsjl1RPI5gpXYCZwdMyJtKk9uRU1yDIxTq7itnRWazzARvSlJ9oZTsKvGyWqOMjGyOPQ0YX6nNgUuJ9R2dD0X3Mv9Bjc0HvY3TeZHVQfLhXZd-w88FMBV71qJCVedcKQhL0Wd8YH7Jzwbasus9GF6LLzaRGG0tOFxP5TwmS\u002Fs1600\u002FSCAMS.jpg","2026-05-04T05:59:00+00:00",{"id":427,"title":428,"slug":429,"brief":430,"ai_summary":431,"url":432,"image_url":433,"published_at":434},"28849215-fcaa-4c12-b991-d37fbfb20ae3","2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware","2-us-cybersecurity-experts-jailed-for-aiding-alphv-blackcat-ransomware-3920ab","Two US cybersecurity experts sentenced to 4 years for aiding ALPHV BlackCat ransomware group.","Ryan Goldberg and Kevin Martin, a former incident response manager and ransomware negotiator respectively, were sentenced to four years in prison for operating as affiliates of the ALPHV (BlackCat) ransomware gang throughout 2023. The pair exploited their insider expertise to attack over 1,000 victims worldwide, generating approximately $1.2 million from a single victim before the FBI disrupted the BlackCat network in late 2023 and prevented roughly $99 million in ransom payments. A third suspect, Angelo Martino, pleaded guilty to providing sensitive information to increase ransom demands and awaits sentencing.","https:\u002F\u002Fhackread.com\u002Fus-cybersecurity-experts-jail-alphv-blackcat-ransomware\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fus-cybersecurity-experts-jail-alphv-blackcat-ransomware.jpg","2026-05-02T12:28:23+00:00",[],[],[],[],50]