#infosecurity-europe-2025
#infosecurity-europe-2025

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

fromLondon Business News | Londonlovesbusiness.com

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Cyber incidents now lead to significant financial and reputational damage, necessitating a unified strategy for backup and cyber protection.

Careers

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

DOJ refuses to help French authorities in criminal probe of X

The US Department of Justice supports X amid a French criminal investigation, claiming it aims to regulate the platform's activities unjustly.

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

#privacy

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

EU awards its 180 million sovereign cloud contract

The European Commission awarded a €180 million sovereign cloud contract to four provider groups, emphasizing diversification and resilience in cloud services.

#data-breach

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

Europe's Largest Gym Chain Says Data Breach Impacts 1 Million Members

Basic-Fit experienced a data breach affecting personal information of approximately 1 million members across several European countries.

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

Europe's Largest Gym Chain Says Data Breach Impacts 1 Million Members

Basic-Fit experienced a data breach affecting personal information of approximately 1 million members across several European countries.

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

fromwww.bbc.com

AI minister Kendall says she doesn't use AI at work

Liz Kendall, the AI minister, primarily uses AI in her personal life, not in her official capacity.

Software development

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

London startup

fromBusiness Matters

fromwww.businessinsider.com

The Sectors Quietly Leading UK's Booming Digital Economy

The UK digital economy reached a $1.2 trillion valuation in 2025, driven by fintech and digital entertainment growth.

Europe news

Weeks after TSA chaos in the US, Europe is facing its own airport line problem

The new EU Entry/Exit System is causing significant delays at airports, with waits of 2-3 hours reported for non-EU travelers.

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Healthcare

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

EU data protection

Worried Europeans can now cut Azure's phone cord completely

EU data protection

Euro firms must ditch Uncle Sam's clouds and go EUnative

Europe politics

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

EU data protection

Worried Europeans can now cut Azure's phone cord completely

EU data protection

Euro firms must ditch Uncle Sam's clouds and go EUnative

more#digital-sovereignty

fromNature

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

fromHarvard Gazette

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

fromwww.independent.co.uk

What are EU digital identity wallets? The benefits and risks explained

The Independent provides accessible journalism on critical issues like reproductive rights and digital identity, emphasizing the importance of on-the-ground reporting.

#age-verification

fromAbove the Law

Privacy technologies

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

fromWIRED

fromTNW | Government-Policy

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.

Privacy technologies

The EU says its age verification app is ready

The European Commission's age verification app uses zero-knowledge proof technology to confirm user age without exposing personal data.

fromAbove the Law

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

fromWIRED

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.

fromTNW | Government-Policy

The EU says its age verification app is ready

The European Commission's age verification app uses zero-knowledge proof technology to confirm user age without exposing personal data.

more#age-verification

European startups

fromTNW | Eu

10 hours ago

Europe's 80B public money bet on VC and scaleups faces structural growth barriers

The European Investment Fund is launching a €15 billion fund to enhance scaleup funding in Europe, aiming to unlock €80 billion in total.

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch

Nicholas Moore was sentenced to a year of probation for hacking the U.S. Supreme Court and other government systems.

France news

fromThe Local France

France reports over 40 cryptocurrency kidnappings so far this year

France has experienced over 40 kidnappings linked to cryptocurrencies since January, targeting wealthy individuals and their families.

London startup

One year on from the M&S cyber attack: What did we learn? | Computer Weekly

Marks & Spencer experienced a significant cyber attack in April 2025, disrupting services and highlighting vulnerabilities in third-party tech suppliers.

fromwww.theguardian.com

What are the UK government's plans to regulate social media for under-16s?

Keir Starmer demands social media firms prioritize children's safety and implement stricter regulations to protect them from harmful content.

13 hours ago

Cloudflare can remember it for you wholesale

Agent Memory enhances AI by providing persistent memory for better recall and smarter interactions.

fromwww.theguardian.com

US tech firms successfully lobbied EU to keep datacentre emissions secret

US tech companies influenced EU regulations to conceal environmental impacts of datacentres, limiting public access to crucial data.

fromwww.businessinsider.com

fromLondon Business News | Londonlovesbusiness.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

France news

France draws up crisis plan for London terror scenario as tensions rise over Iran war - London Business News | Londonlovesbusiness.com

French authorities are preparing for potential security incidents in London due to heightened geopolitical tensions, particularly related to the conflict involving Iran.

UK told its Big Tech habit is now a national security risk

Britain's reliance on US Big Tech poses national security risks and economic challenges due to control over critical infrastructure.

fromZDNET

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromNextgov.com

European officials highlight private sector help in major cybercrime takedowns

Private sector partners play a crucial role in cybercrime takedowns, aiding law enforcement in disrupting criminal activities and infrastructure.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromNextgov.com

European officials highlight private sector help in major cybercrime takedowns

Private sector partners play a crucial role in cybercrime takedowns, aiding law enforcement in disrupting criminal activities and infrastructure.

more#cybercrime

#ai-governance

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromeLearning Industry

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

fromwww.bbc.com

Social media leaders called to Downing Street over children's safety

Social media executives are meeting with UK leaders to discuss children's online safety and responsibilities of tech companies.

fromRoute Fifty

Getting privacy policy right in a competitive digital economy

State and local leaders aim to balance privacy protection with economic competitiveness, as inconsistent privacy laws can hinder business operations and consumer trust.

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

The European Commission wants Google to share search engine data with competitors

The European Commission proposed measures for Google to comply with the Digital Markets Act, allowing rivals access to its search data.

EU forces Google's hand on search data, angering Google

Brussels demands Google to share search data with rivals to enhance competition under the Digital Markets Act.

fromEngadget

The European Commission wants Google to share search engine data with competitors

The European Commission proposed measures for Google to comply with the Digital Markets Act, allowing rivals access to its search data.

EU forces Google's hand on search data, angering Google

Brussels demands Google to share search data with rivals to enhance competition under the Digital Markets Act.

Privacy technologies

Microsoft faces fresh Windows Recall security concerns

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

fromTNW | Eu

The EU has told Google what it must do to share search data with rivals

The European Commission proposed measures for Google to share search data with competitors and AI chatbots under the Digital Markets Act.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Google should share search data to break its monopoly, European Commission suggests

The EU requests Google to allow third-party search engines access to its search data under the Digital Markets Act.

fromwww.dw.com

EU data protection

EU age verification app announced to protect children online

A new EU age verification app will allow users to prove their age online without sharing personal data.

fromComputerworld

Google should share search data to break its monopoly, European Commission suggests

The EU requests Google to allow third-party search engines access to its search data under the Digital Markets Act.

fromwww.dw.com

EU age verification app announced to protect children online

A new EU age verification app will allow users to prove their age online without sharing personal data.

Workday is well prepared for the EU AI Act, who will follow?

Workday is prepared for the EU AI Act with ISO 42001 certification and a governance approach for compliance.

fromArs Technica

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

#ai

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

Information security

Runtime security becomes critical as AI accelerates threats

UK businesses must face up to AI threat, says government | Computer Weekly

AI models are rapidly advancing in discovering and exploiting software vulnerabilities, necessitating urgent attention from business leaders.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Europe is dismantling its own rulebook to compete with America

Europe's tech challenges stem from foundational issues, not just regulation, which the Omnibus fails to address.

fromLondon Business News | Londonlovesbusiness.com

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

fromComputerworld

The French government eyes alternatives to Windows

DINUM will coordinate a cross-ministerial plan to reduce dependence on suppliers outside Europe. Each ministry will be required to develop its own plan by this fall, covering the following areas: workstations, collaboration tools, antivirus software, artificial intelligence, databases, virtualization, and network equipment.

EU data protection

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

fromThe Hacker News

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

#cyberattack

Miscellaneous

European Commission Investigating Cyberattack

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.

Miscellaneous

European Commission Investigating Cyberattack

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.

more#cyberattack

fromElectronic Frontier Foundation

EU Parliament Blocks Mass-Scanning of Our Chats-What's Next?

The EU has made progress in privacy by rejecting mandatory scanning of encrypted messages and not extending derogations for mass scanning.

World Cloud Security Day: Breaking Down the State of the Cloud Cybersecurity and Physical Security

World Cloud Security Day emphasizes the importance of securing cloud data, focusing on identity visibility and flexible cloud adoption for physical security.

fromInfoWorld

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

World Cloud Security Day: Breaking Down the State of the Cloud Cybersecurity and Physical Security

World Cloud Security Day emphasizes the importance of securing cloud data, focusing on identity visibility and flexible cloud adoption for physical security.

fromInfoWorld

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

EU law advisor wants cybercrime protections fast-tracked

EU legal advisor urges banks to reimburse cybercrime victims immediately rather than delaying payments pending fraud investigations, regardless of gross negligence claims.

EU's New Cybersecurity Act Could Ban High-Risk Suppliers - TechRepublic

Yesterday (Jan. 20), the Commission unveiled its revised Cybersecurity Act proposal after months of behind-the-scenes negotiations that reportedly caused substantial friction between officials and member states. This sweeping update introduces measures to identify and potentially exclude "high-risk" third countries and companies from Europe's critical digital infrastructure across 18 essential sectors, including energy systems. As cybersecurity threats continue rising since the original Act took effect seven years ago, the EU is essentially drawing new battle lines in the global tech landscape.

Information security

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.

Cyber resilience gap: High confidence, but reality lags behind

Organizations invest heavily in cyber resilience but remain vulnerable to external threats due to perimeter-focused strategies that neglect ecosystem-wide protection.

fromInfoQ

European Initiative for Data Sovereignty Released a Trust Framework

Gaia-X Danube trust framework automates compliance and enables interoperable, scalable federated data ecosystems ensuring trusted cross-sector and cross-border data transactions.