Lawmaker urges passage of Homeland Security funding bill, cites cybersecurity and Middle East risks A lawmaker accused House and Senate Democrats of blocking Department of Homeland Security funding and urged passage, saying the bill funds the Coast Guard, TSA and cybersecurity efforts and warning of heightened risks tied to conflict in the Middle East and recent cyber activity.

A lawmaker is calling out Democrats for blocking crucial funding for the Department of Homeland Security, emphasizing that our national security—and cybersecurity—are at risk amid rising tensions in the Middle East.

Learn more here

#US #DepartmentOfHomelandSecurityFunding #CybersecurityRisks

Techno DJ jailed after selling 60,000 fake plane parts to major airlines For years, Jose Alejandro Zamora Yrala forged safety documents tied to engines that power Boeing and Airbus jets.

Techno DJ jailed after selling 60,000 fake plane parts to major airlines #Technology #Business #AcquisitionsandMergers #AviationFraud #TechCrime #CybersecurityRisks

www.popsci.com/technology/dj-fake-plane...

Maryland panel hears industry and regulator briefing on autonomous vehicles; lawmakers press on safety, liability and cyberrisk Maryland regulators, Waymo and industry representatives briefed the Judicial Proceedings Committee on Jan. 29 about testing permits, safety data and operational models for autonomous vehicles; lawmakers pressed witnesses on a school-bus inquiry, cybersecurity, remote operators and how liability and fees would be handled under future legislation.

Maryland lawmakers are demanding answers on the safety and liability of autonomous vehicles, as concerns about crashes and cybersecurity continue to rise.

Click to read more!

#MD #CybersecurityRisks #MarylandAutonomousVehicles #CitizenPortal #EconomicImpact #PublicSafety

Residents press Sierra Vista council to reconsider Flock Safety camera network over privacy and security concerns Multiple public commenters told the council the recently installed Flock Safety camera network raises privacy, security and misuse risks; speakers urged the city to require stricter controls, preferred plate-only readers, or to end the contract. A company presentation is scheduled for Feb. 24.

Sierra Vista residents are raising alarms over the new Flock Safety cameras, arguing they invade privacy and pose serious cybersecurity risks.

Read the full story

#AZ #PrivacyConcerns #SierraVistaCouncil #SurveillanceEthics #CitizenPortal #CybersecurityRisks

Panel advances wide-ranging foreign-influence bill that would ban certain contracts, require registrations and terminate some sister-city ties HB 905 would require foreign-agent registration, ban gifts and some government contracts with 'foreign sources of concern,' and terminate certain sister-city agreements effective July 1, 2026. National-security researchers testified in favor; the committee adopted a clarifying amendment and reported the bill favorably 17–0.

Florida's new FIRE Act is set to crack down on foreign influence, requiring registrations and banning contracts that threaten national security.

Get the details!

#FL #GovernmentAccountability #CitizenPortal #TransnationalRepression #CybersecurityRisks

agentic AI cybersecurity risks: Safeguarding Digital Finance Learn how to protect enterprises from AI risks. Join us!

Agentic AI Exposes New Cybersecurity Risks for Enterprises
fintech.tv/agentic-ai-e...

#Infosec #Security #Cybersecurity #CeptBiro #AgenticAI #CybersecurityRisks

Cybersecurity 2026: The $5M Ransomware Risk for Nepali Banks | Nepal Economy Evolution Podcast 🚨 Cybersecurity Alert! 🚨 By 2026, Nepali banks face a staggering $5M ransomware risk due to AI-driven phishing attacks targeting SWIFT credentials. 🔒 Discover how "Zero Trust" architecture can...

🎙️ 🚨 Nepali banks are facing a staggering $5M ransomware risk in 2026—this isn't just a tech issue, it's a financial time bomb! Are you prepared to invest in cybersecurity? #CybersecurityRisks
nepaleconomyevolution.podbean.com/e/cybersecur...

NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices New York City's 2026 mayoral inauguration of Zohran Mamdani has published a list of banned items for the event, specifically prohibiting the Flipper Zero and Raspberry Pi devices.

NYC's mayoral inauguration banned devices like Flipper Zero and Raspberry Pi over hacking concerns, highlighting growing fears around portable tech and cybersecurity at public events. #CybersecurityRisks

A Year of Unprecedented Cybersecurity Incidents Redefined Global Risk in 2025  The year 2025 marked a turning point in the global cybersecurity landscape, with the scale, frequency, and impact of attacks surpassing anything seen before. Across governments, enterprises, and critical infrastructure, breaches were no longer isolated technical failures but events with lasting economic, political, and social consequences. The year served as a stark reminder that digital systems underpinning modern life remain deeply vulnerable to both state-backed and financially motivated actors.  Government systems emerged as some of the most heavily targeted environments. In the United States, multiple federal agencies suffered intrusions throughout the year, including departments responsible for financial oversight and national security. Exploited software vulnerabilities enabled attackers to gain access to sensitive systems, while foreign threat actors were reported to have siphoned sealed judicial records from court filing platforms. The most damaging episode involved widespread unauthorized access to federal databases, resulting in what experts described as the largest exposure of U.S. government data to date. Legal analysts warned that violations of established security protocols could carry long-term legal and national security ramifications.  The private sector faced equally severe challenges, particularly from organized ransomware and extortion groups. One of the most disruptive campaigns involved attackers exploiting a previously unknown flaw in widely used enterprise business software. By silently accessing systems months before detection, the group extracted vast quantities of sensitive employee and executive data from organizations across education, healthcare, media, and corporate sectors. When victims were finally alerted, many were confronted with ransom demands accompanied by proof of stolen personal information, highlighting the growing sophistication of data-driven extortion tactics.  Cloud ecosystems also proved to be a major point of exposure. A series of downstream breaches at technology service providers resulted in the theft of approximately one billion records stored within enterprise cloud platforms. By compromising vendors with privileged access, attackers were able to reach data belonging to some of the world’s largest technology companies. The stolen information was later advertised on leak sites, with new victims continuing to surface long after the initial disclosures, underscoring the cascading risks of interconnected software supply chains.  In the United Kingdom, cyberattacks moved beyond data theft and into large-scale operational disruption. Retailers experienced outages and customer data losses that temporarily crippled supply chains. The most economically damaging incident struck a major automotive manufacturer, halting production for months and triggering financial distress across its supplier network. The economic fallout was so severe that government intervention was required to stabilize the workforce and prevent wider industrial collapse, signaling how cyber incidents can now pose systemic economic threats.  Asia was not spared from escalating cyber risk. South Korea experienced near-monthly breaches affecting telecom providers, technology firms, and online retail platforms. Tens of millions of citizens had personal data exposed due to prolonged undetected intrusions and inadequate data protection practices. In one of the year’s most consequential incidents, a major retailer suffered months of unauthorized data extraction before discovery, ultimately leading to executive resignations and public scrutiny over corporate accountability.  Collectively, the events of 2025 demonstrated that cybersecurity failures now carry consequences far beyond IT departments. Disruption, rather than data theft alone, has become a powerful weapon, forcing governments and organizations worldwide to reassess resilience, accountability, and the true cost of digital insecurity.

A Year of Unprecedented Cybersecurity Incidents Redefined Global Risk in 2025 #CyberSecurity #Cyberattacks #cybersecurityrisks

AI cybersecurity risks and deepfake scams on the rise - CyberGuy AI is fueling a new wave of cybercrime. From deepfakes to poisoned models and stolen accounts, here’s what the 2025 report reveals.

AI cybersecurity risks and deepfake scams on the rise
cyberguy.com/security/ai-...

#Infosec #Security #Cybersecurity #CeptBiro #AI #CybersecurityRisks #DeepfakeScams

CountLoader and GachiLoader Malware Campaigns Target Cracked Software Users  Cybersecurity analysts have uncovered a new malware campaign that relies on cracked software download platforms to distribute an updated variant of a stealthy and modular loader known as CountLoader. According to researchers from the Cyderes Howler Cell Threat Intelligence team, the operation uses CountLoader as the entry point in a layered attack designed to establish access, evade defenses, and deploy additional malicious payloads.  CountLoader has been observed in real-world attacks since at least June 2025 and was previously analyzed by Fortinet and Silent Push. Earlier investigations documented its role in delivering widely used malicious tools such as Cobalt Strike, AdaptixC2, PureHVNC RAT, Amatera Stealer, and cryptomining malware. The latest iteration demonstrates further refinement, with attackers leveraging familiar piracy tactics to lure victims.  The infection process begins when users attempt to download unauthorized copies of legitimate software, including productivity applications. Victims are redirected to file-hosting platforms where they retrieve a compressed archive containing a password-protected file and a document that supplies the password. Once extracted, the archive reveals a renamed but legitimate Python interpreter configured to run malicious commands. This component uses the Windows utility mshta.exe to fetch the latest version of CountLoader from a remote server.   To maintain long-term access, the malware establishes persistence through a scheduled task designed to resemble a legitimate Google system process. This task is set to execute every 30 minutes over an extended period and relies on mshta.exe to communicate with fallback domains. CountLoader also checks for the presence of endpoint protection software, specifically CrowdStrike Falcon, adjusting its execution method to reduce the risk of detection if security tools are identified.  Once active, CountLoader profiles the infected system and retrieves follow-on payloads. The newest version introduces additional capabilities, including spreading through removable USB drives and executing malicious code entirely in memory using mshta.exe or PowerShell. These enhancements allow attackers to minimize their on-disk footprint while increasing lateral movement opportunities. In incidents examined by Cyderes, the final payload delivered was ACR Stealer, a data-harvesting malware designed to extract sensitive information from compromised machines.  Researchers noted that the campaign reflects a broader shift toward fileless execution and the abuse of trusted, signed binaries. This approach complicates detection and underscores the need for layered defenses and proactive threat monitoring as malware loaders continue to evolve.   Alongside this activity, Check Point researchers revealed details of another emerging loader named GachiLoader, a heavily obfuscated JavaScript-based malware written in Node.js. This threat is distributed through the so-called YouTube Ghost Network, which consists of hijacked YouTube accounts used to promote malicious downloads. The campaign has been linked to dozens of compromised accounts and hundreds of thousands of video views before takedowns occurred.  In some cases, GachiLoader has been used to deploy second-stage malware through advanced techniques involving Portable Executable injection and Vectored Exception Handling. The loader performs multiple anti-analysis checks, attempts to gain elevated privileges, and disables key Microsoft Defender components to avoid detection. Security experts say the sophistication displayed in these campaigns highlights the growing technical expertise of threat actors and reinforces the importance of continuously adapting defensive strategies.

CountLoader and GachiLoader Malware Campaigns Target Cracked Software Users #CyberAttacks #CyberDefender #cybersecurityrisks

Conversely, critics argue that open firmware repositories can be a double-edged sword. While transparent, they might also expose potential attack vectors to malicious actors more easily, creating a security risk. #CyberSecurityRisks 4/6

Sha1-Hulud Malware Returns With Advanced npm Supply-Chain Attack Targeting Developers  A new wave of the Sha1-Hulud malware campaign has unfolded, indicating further exacerbation of supply-chain attacks against the software development ecosystem. The recent attacks have hit the Node Package Manager, or npm, one of the largest open-source package managers that supplies JavaScript developers around the world. Once the attackers compromise vulnerable packages within npm, the malicious code will automatically be executed whenever targeted developers update to vulnerable versions, oblivious to the fact. Current estimates indicate nearly 1,000 npm packages have been tampered with, thereby indirectly affecting tens of thousands of repositories.  Sha1-Hulud first came into light in September 2025, when it staged its first significant intrusion into npm's ecosystem. The past campaign included the injection of trojanized code into weakly-secured open-source libraries that then infected every development environment that had the components installed. The malware from the initial attack was also encoded with a credential harvesting feature, along with a worm-like mechanism intended for the proliferation of infection.  The latest rendition, seen in new activity, extends the attack vector and sophistication. Among others, it includes credential theft, self-propagation components, and a destructive "self-destruct" module that aims at deleting user data in case interference with the malware is detected. The malware now demonstrates wide platform compatibility, running across Linux, macOS, and Windows systems, and introduces abuse of GitHub Actions for remote code execution.  The infection chain starts with a modified installation sequence. Inside the package.json file, the compromised npm packages bear a pre-install script named setup_bun.js. Posing as a legitimate installer for the Bun JavaScript runtime, the script drops a 10MB heavily obfuscated payload named bun_environment.js. From there, malware begins searching for tokens, API keys, GitHub credentials, and other sensitive authentication data. It leverages tools like TruffleHog to find more secrets. After stealing the data, it automatically gets uploaded into a public repository created under the victim's GitHub account, naming it "Sha1-Hulud: The Second Coming," thus making those files accessible not just to the attackers but to actually anyone publicly browsing the repository.  The malware then uses the stolen npm authentication tokens to compromise new packages maintained by the victim. It injects the same malicious scripts into those packages and republishes them with updated version numbers, triggering automatic deployment across dependent systems. If the victim tries to block access or remove components, the destructive fail-safe is initiated, which wipes home directory files and overwrites data sectors-this significantly reduces the chances of data recovery.  Security teams are encouraged to temporarily stop updating npm packages, conduct threat-hunting activities for the known IoCs, rotate credentials, and reevaluate controls on supply-chain risk. The researchers recommend treating any system showing signs of infection as completely compromised.

Sha1-Hulud Malware Returns With Advanced npm Supply-Chain Attack Targeting Developers #CyberAttacks #cybersecurityrisks #Developers

Audit committee moves to executive session to discuss cybersecurity vulnerabilities at Springfield Public Schools The Springfield City Audit Committee voted in open session to enter executive session to discuss cybersecurity vulnerabilities at Springfield Public Schools; legal counsel cited an open-meeting-law exemption for security measures and the committee did not return to open session.

Springfield Public Schools is facing serious cybersecurity vulnerabilities that officials deem too sensitive to share with the public.

Get the details!

#SpringfieldCityHampdenCounty #MA #ExecutiveSession #CitizenPortal #CybersecurityRisks #SpringfieldPublicSchools #PublicMeetingLaw

Unpowered SSDs in Your Drawer Are Slowly Losing Data An anonymous reader shares a report: Solid-state drives sitting unpowered in drawers or storage can lose data over time because voltage gradually leaks from their NAND flash cells, and consumer-grade...

Unpowered SSDs in Your Drawer Are Slowly Losing Data #Technology #Hardware #StorageDevices #DataLoss #SSDs #CybersecurityRisks

MCIT tells McLeod County rising reinsurance, inflation and cyber risk are driving higher costs A Minnesota Counties Insurance Trust representative told McLeod County commissioners that rising reinsurance rates, higher property values and cyberattacks are the primary drivers of recent insurance cost increases, and highlighted a $500,000 cyber extortion sublimit and the county's favorable workers' compensation experience modification.

Rising reinsurance rates, soaring property values, and a spike in cyberattacks are pushing insurance costs to new heights for Minnesota counties.

Get the details!

#MN #CitizenPortal #PublicSafety #CybersecurityRisks #MinnesotaCounties #InsuranceCosts

Alabama committee weighs cybersecurity, costs and timelines if foreign‑made drones are restricted Trade groups and state officials told the Joint Interim Committees that restricting purchases of foreign‑made drones would address cybersecurity concerns but carry major cost and capability implications. Industry representatives urged a phased transition and federal audits; state law‑enforcement leaders warned of capability gaps and multi‑million‑d

Alabama officials are grappling with the high costs and long timelines of phasing out foreign-made drones to boost national security and cybersecurity.

Learn more here

#AL #PublicSafety #CybersecurityRisks #ManufacturingReform

City IT outlines $48.2M recommended budget, cyber risks and multi‑year TIP projects including ERP and 3‑1‑1 replacement Chief Information Officer Paul Cameron told the Budget Committee the IT department’s recommended 2026 budget is roughly $48.2 million with 108 FTEs; he outlined cyber‑security risks, 11 current vacancies and technology improvement plan projects including a $4.5 million 3‑1‑1 CRM replacement and a $16.6 million ERP implementation over multiple years

Minneapolis is gearing up for a tech transformation with a $48.2M budget aimed at enhancing cybersecurity and modernizing key systems—are you ready for the future?

Learn more here

#MinneapolisCityHennepinCounty #MN #CitizenPortal #MinneapolisIT #PublicAwareness #CybersecurityRisks

Chat Control Faces Resistance from VPN Industry Over Privacy Concerns   The European Union is poised at a decisive crossroads when it comes to shaping the future of digital privacy and is rapidly approaching a landmark ruling which will profoundly alter the way citizens communicate online.  A final vote on October 14 is expected to take place on September 12, 2025, as Member States will be required to state their position on the proposed Child Sexual Abuse Regulation — commonly referred to as "Chat Control" — in advance of its final vote. Designed to combat the spread of child abuse content, the regulation would place an onus on the providers of messaging services such as WhatsApp, Signal, and iMessage to scan every private message sent between users, even those messages protected from being read by third parties.  The supporters of the legislation argue that it is a necessary step for ensuring the safety of children, but critics argue that it would effectively legalise mass surveillance, thereby denying citizens access to secure communication and exposing their personal data to the possibility of being misused by government agents or exploited by malicious actors.  Many observers warn that this vote will set a precedent that could have profound implications for the privacy and democratic freedoms of the continent as a whole if its outcome were to turn out favorably.  The proposal is called “Chat Control” by its critics, since it requires all messaging platforms operating in Europe to actively scan user conversations, including those that are protected by end-to-end encryption, in search of child sexual abuse material that is well-known and previously unknown.  In their opinion, such obligations threaten to undermine the very foundations of secure digital communication, creating the possibility of unprecedented levels of monitoring and abuse, which advocates argue could undermine the very foundations of secure digital communication. The VPN Trust Initiative (VTI), an organisation which represents a group of major VPN providers, has been pushing back strongly against the draft regulation, stating that any attempt to weaken encryption would erode the very basis of the Internet's security. VTI co-chair, Emilija Beranskait, emphasised that "encryption either protects everybody or it doesn't," imploring governments to preserve strong encryption as a cornerstone of privacy, trust, and democratic values, urging them to adopt stronger encryption.  According to NordVPN's privacy advocate, Laura Tyrylyte, while client-side scanning is indeed a safety and security concern, it is not an acceptable compromise between an organisation's safety and security, contending that solutions must not be compromised in the interest of addressing a single issue alone.  Moreover, NymVPN's CEO, Harry Halpin, condemned the proposal as “a major step backwards for privacy” and warned that, once normalised, such surveillance tools could be used against journalists, activists, or political opponents. In addition, experts have raised significant technical concerns with the introduction of mandatory scanning mechanisms, stating that such mechanisms will fundamentally undermine the technology underlying online security.  Moreover, they are concerned that client-side scanning infrastructure could be repurposed so that surveillance is widened far beyond what it was originally intended to do, which runs counter to the European Union's own commitments under initiatives such as the Cyber Resilience Act and efforts to prepare for quantum cryptography in the future.  However, a deeply divided political debate is ongoing in the EU. Eight member states have formally opposed the proposal, including Germany and Luxembourg, while fifteen others, including France, Italy, and Spain, are still in favour of the proposal.  There is still some uncertainty regarding the outcome of the October vote because only Estonia, Greece, and Romania have not decided. In addition to the pressure being put on the EU Council, more than 500 cryptography experts and researchers have signed an open letter urging it to reconsider the risks associated with introducing what they consider a dangerous precedent for the future of the digital world in Europe.  It has been suggested that under the Danish-led proposal, messaging platforms such as WhatsApp, Signal, and ProtonMail would have to scan private communications without discrimination. In their current form, the proposal would violate end-to-end encryption in an irreparable way, according to experts.  A direct analysis of links, photos, and videos is part of the system that will run directly on the users' devices before messages are encrypted.  Only government and military accounts are exempt from this analysis, with the draft regulation last circulated to EU delegations on July 24, 2025, claiming to safeguard encryption. Still, privacy specialists are of the opinion that true security cannot be maintained using client-side scanning.  Laura Tyrylyte, NordVPN's privacy advocate, observed that "Chat Control's client-side scanning provisions create a false choice between security and safety." The solution to one problem, even a serious one like child safety, cannot be at the expense of creating systemic vulnerabilities that are more dangerous to everyone."  Several other industry leaders expressed similar concerns as well, including Harry Halpin, CEO of NymVPN, who condemned the measure as “a significant step backwards for privacy.” He explained that the indiscriminate scans of private communications are disproportionate in nature, creating a backdoor that could be exploited if it is normalised.  There is a risk that such infrastructure could easily be redirected towards attacking journalists, political opponents, or activists while also exposing ordinary citizens to hostile cyberattacks. In Halpin's view and the opinion of others, it is more effective to carry out targeted, warrant-based investigations, to take down illegal material swiftly, and to use properly resourced specialist teams rather than universal surveillance as a means of detecting illegal activity.  However, despite the simple concessions made in the latest draft, such as restricting the detection to visual contents and excluding audio and text, the scientific community has remained steadfast in its criticism regardless of the concessions made.  The researchers point out that there are four critical flaws to the system: the inability to scan billions of messages accurately; the inevitable weakening of encryption through the monitoring of devices on-device; the high risk that surveillance can expand beyond its stated purpose due to "function creep"; and the danger that mass monitoring in the name of child protection will erode democratic norms.  While the EU has promised oversight and consent mechanisms, cryptography experts claim that secure and reliable client-side scanning cannot be performed at scale, despite promises of EU oversight and consent mechanisms. This proposal, therefore, is technically flawed as well as politically perilous.  VPN providers are also signalling that they will not stand on the sidelines if the regulation is passed. Several leading companies, including Mullvad, a popular privacy-focused service, have expressed concern about the possibility of withdrawing from the European market altogether if the proposed legislation is passed.  If this happens, millions of users will be impacted, and innovation in this field may be curtailed. Similar advocacy groups, including Privacy Guides, have sounded the alarm in the past weeks, warning that the new regulations threaten to undermine the privacy of all citizens, not only those suspected of wrongdoing, and they urge all citizens to take notice before the September 12 deadline.  A growing number of social media platforms are also being criticised, and voices like Telegram founder Pavel Durov have pointed out that comparable laws have failed in the past, as determined offenders have simply moved to smaller applications or VPNs to avoid these weaker protections, which leaves ordinary users to bear the brunt.  The debate carries significant economic weight. The Security.org website indicates that more than 75 million Americans already use VPN services to keep their privacy online. As Chat Control advances, this demand is expected to grow rapidly in Europe. As per Future Market Insights, by 2035, the VPN industry is expected to grow to a value of $481.5 billion; however, experts caution that heavy regulation may fragment the market and stifle technological development. Denmark has continued to lobby for the proposal despite mounting opposition from civil society groups, technology companies, and several member states as the EU Council prepares to vote on October 14, as tensions are increasing. In recent weeks, citizens have taken to online platforms such as X to voice their concerns about the proposed legislation, warning that Europeans would not have fundamentally secure digital privacy.  Analysts point out that in order to adapt to this changing environment, VPN providers may need to use quantum-resistant technologies faster or explore decentralised models, as highlighted in recent forward-looking studies, which point to the existential stakes of the industry.  However, one central fear remains across all debates: once surveillance infrastructure is embedded in the environment, its scope is unlikely to be limited to combating child abuse. In their view, it could create a framework for broad and permanent monitoring, reshaping the global norms of digital privacy in a way that undermines both the rights of users and technological innovation in the process.  A key question to be answered before the EU's vote on October 14 is whether it can successfully balance child protection with its longstanding commitments to privacy and digital rights while maintaining a sense of security.  It is noted that decisions made in Brussels will have a global impact, potentially setting global standards for how governments deal with encryption, surveillance, and online safety, as experts warn. For legislators, the challenge is to devise effective solutions that protect vulnerable groups without dismantling the secure infrastructures that rely on modern communication, commerce and civic participation.  One possible path forward, according to observers, could be bolstering cross-border investigative collaboration, strengthening rapid takedown protocols for harmful material, and building specialised law enforcement units which are equipped with advanced tools that are able to target perpetrators rather than citizens collectively, to achieve a better outcome.  In addition to the fact that private measures would prove better at combating criminal networks, privacy advocates argue that they would also preserve the trust and innovation that Europe has championed for decades, as well as the sense of security that Europe has promoted for decades.  There will be a clear indication of the EU's global leadership position in safeguarding both child safety and civil liberties through this decision, or whether it will serve as a model for other nations to emulate in terms of surveillance frameworks to maintain secure neighbourhoods.

Chat Control Faces Resistance from VPN Industry Over Privacy Concerns #ChatControlRegulation #ClientSideScanning #cybersecurityrisks

EU Data Act Compliance Deadline Nears With Three Critical Takeaways   A decisive step forward in shaping the future of Europe's digital economy has been taken by the regulation of harmonised rules for fair access to and use of data, commonly known as the EU Data Act, which has moved from a legislative text to a binding document.  The regulation was first adopted into force on the 11th of January 2024 and came into full effect on the 12th of September 2025, and is regarded as the foundation for the EU’s broader data strategy. Its policymakers believe that this is crucial to the Digital Decade's goal of accelerating digital transformation across industries by ensuring that the data generated within the EU can be shared, accessed, and used more equitably, as a cornerstone of the Digital Decade's ambition.  The Data Act is not only a technical framework for creating a more equitable digital landscape, but it is also meant to rebalance the balance of power in the digital world, giving rise to new opportunities for innovation while maintaining the integrity of the information. With the implementation of the Data Act in place from 12 September 2025, the regulatory landscape will be dramatically transformed for companies that deal with connected products, digital services, or cloud or other data processing solutions within the European Union, regardless of whether the providers are located within its borders or beyond.  It seems that businesses were underestimating the scope of the regime before it was enforced, but as a result, the law sets forth a profound set of obligations that go well beyond what was previously known. In essence, this regulation grants digital device and service users unprecedented access rights to the data they generate, regardless of whether that data is personal or otherwise. Until recently, the rights were mostly unregulated, which meant users had unmatched access to data.  The manufacturer, service provider, and data owner will have to revise existing contractual arrangements in order to comply with this regulation. This will be done by creating a framework for data sharing on fair and transparent terms, as well as ensuring that extensive user entitlements are in place.  It also imposes new obligations on cloud and processing service providers, requiring them to provide standardised contractual provisions that allow for switching between services. A violation of these requirements will result in a regulatory investigation, civil action, or significant financial penalties, which is the same as a stringent enforcement model used by the General Data Protection Regulation (GDPR), which has already changed the way data practices are handled around the world today.  According to the EU Data Act, the intention is to revolutionise the way information generated by connected devices and cloud-based services is accessed, managed and exchanged within and across the European Union. In addition to establishing clear rules for access to data, the regulations incorporate obligations to guarantee organisations' service portability, and they embed principles of contractual fairness into business agreements as a result.  The legislation may have profound long-term consequences, according to industry observers. It is not possible to ignore the impact that the law could have on the digital economy, as Soniya Bopache, vice president and general manager for data compliance at Arctera, pointed out, and she expected that the law would change the dynamics of the use and governance of data for a long time to come.  It is important to note that the EU Data Act has a broader scope than the technology sector, with implications for industries that include manufacturing, transportation, consumer goods, and cloud computing in addition to the technology sector. Additionally, the regulation is expected to benefit both public and private institutions, emphasising how the regulation has a broad impact.  Cohesity's vice president and head of technology, Peter Grimmond, commented on the law's potential by suggesting that, by democratising and allowing greater access to data, the law could act as a catalyst for innovation. It was suggested that organisations that already maintain strong compliance and classification procedures will benefit from the Act because it will provide an environment where collaboration can thrive without compromising individual rights or resilience.  Towards the end of the EU regulation, the concept of data access and transparency was framed as a way to strengthen Europe's data economy and increase competitiveness in the market, according to EU policymakers. It is becoming increasingly evident that connected devices generate unprecedented amounts of information.  As a result of this legislation, businesses and individuals alike are able to use this data more effectively by granting greater control over the information they produce, which is of great importance to businesses and individuals alike. Additionally, Grimmond said that the new frameworks for data sharing between enterprises are an important driver of long-term benefits for the development of new products, services, and business models, and they will contribute to the long-term development of the economy.  There is also an important point to be made, which is that the law aims to achieve a balance between the openness of the law and the protected standards that Europe has established, aligned with GDPR's global privacy benchmark, and complementing the Digital Operational Resilience Act (DORA), so that the levels of trust and security are maintained.  In some ways, the EU Data Act will prove to be even more disruptive than the EU Artificial Intelligence Act, as it will be the most significant overhaul of European data laws since the GDPR and will have a fundamental effect on how businesses handle information collected by connected devices and digital services in the future.  Essentially, the Regulation is a broad-reaching law that covers both personal data about individuals as well as non-personal data, such as technical and usage information that pertains to virtually every business model associated with digital products and services within the European Union. This law creates new sweeping rights for users, who are entitled to access to the data generated by their connected devices at any time, including real-time, where it is technically feasible, as per Articles 4 and 5.  Additionally, these rights allow users to determine who else may access such data, whether it be repairers, aftermarket service providers, or even direct competitors, while allowing users to limit how such data is distributed by companies. During the years 2026 and 2030, manufacturers will be required to make sure that products have built-in data accessibility at no extra charge, which will force companies to reconsider their product development cycles, IT infrastructure, and customer contracts in light of this requirement.  Moreover, the legislation provides guidelines for fair data sharing and stipulates that businesses are required to provide access on reasonable, non-discriminatory terms, and prohibits businesses from stating terms in their contracts that impede or overcharge for access in a way that obstructs it. As a result of this, providers of cloud computing and data processing services face the same transformative obligations as other companies, such as mandatory provisions that allow customers to switch services within 30 days, prohibit excessive exit fees, and insist that contracts be transparent so vendors won't get locked into contracts.  There are several ways in which these measures could transform fixed-term service contracts into rolling, short-term contracts, which could dramatically alter the business model and competitive dynamics in the cloud industry. The regulation also gives local authorities the right to request data access in cases of emergency or when the public interest requires it, extending its scope beyond purely commercial applications.  In all Member States, enforcement will be entrusted to national authorities who will be able to impose large fines for non-compliance, as well as provide a new path for collective civil litigation, opening doors to the possibility of mass legal actions similar to class actions in the US. Likely, businesses from a broad range of industries, from repair shops to insurers to logistics providers to AI developers, will all be able to benefit from greater access to operational data.  In the meantime, sectors such as the energy industry, healthcare, agriculture, and transportation need to be prepared to respond to potential government requests. In total, the Data Act constitutes an important landmark law that rebalances power between companies and users, while redrawing the competitive landscape for Europe's digital economy in the process. In the wake of the EU Data Act's compliance deadline, it will not simply be viewed as a regulatory milestone, but also as a strategic turning point for the digital economy as a whole.  Business owners must now shift from seeing compliance as an obligation to a means of increasing competitiveness, improving customer trust, and unlocking new value through data-driven innovation to strengthen their competitiveness and deepen customer relationships. In the future, businesses that take proactive steps towards redesigning their products, modernising their IT infrastructure, and cultivating transparent data practices are better positioned to stay ahead of the curve and develop stronger relationships with their users, for whom information is now more in their control.  Aside from that, the regulation has the potential to accelerate the pace of digital innovation across a wide range of sectors by lowering barriers to switching providers and enforcing fairer contractual standards, stimulating a more dynamic and collaborative marketplace. This Act provides the foundation for a robust public-interest data use system in times of need for governments and regulators.  In the end, the success of this ambitious framework will rest on how quickly the business world adapts and how effective its methods are at developing a fairer, more transparent, and more competitive European data economy, which can be used as a global benchmark in the future.

EU Data Act Compliance Deadline Nears With Three Critical Takeaways #CloudServices #cybersecurityrisks #Dataprotection

Cloud Security Falls Behind Amid Hybrid and AI Expansion: CSA/Tenable Report -- Virtualization Review A new survey-based report from Tenable and the Cloud Security Alliance warns that hybrid, multi-cloud and AI adoption is accelerating faster than security strategies, exposing organizations to identit...

A new report warns that hybrid, multi-cloud, and AI adoption is accelerating faster than security strategies, exposing organizations to identity gaps, skills shortages, and preventable breaches.
virtualizationreview.com/Articles/202...

#CloudSecurity #HybridCloud #AIAdoption #CybersecurityRisks

Cybersecurity Landscape Shaken as Ransomware Activity Nearly Triples in 2024   Ransomware is one of the most persistent threats in the evolving landscape of cybercrime, but its escalation in 2024 has marked an extremely alarming turning point. Infiltrating hospitals, financial institutions, and even government agencies in a manner that has never been attempted before, attackers extended their reach with unprecedented precision, as if they were no longer restricted to high-profile corporations. These sectors tend to be vulnerable to such crippling disruptions in the first place.  As cybercriminals employed stronger encryption methods and more aggressive extortion tactics, they demonstrated a ruthless pursuit of maximising damages and financial gain. This shift is demonstrated in the newly released data from threat intelligence firm Flashpoint, which reveals that the number of ransomware attacks observed in the first half of 2025 increased by 179 per cent in comparison to 2024 during the same period, almost tripling in size in just a year.  Throughout the years 2022 and 2023, the ransomware landscape offered little relief due to the relentless escalation of threat actors’ tactics. As a result of the threat of public exposure and data infiltration, attackers increasingly used threats of data infiltration to force companies to conform to regulations.  Even companies that managed to restore their operations from backups were not spared, as sensitive information was often leaking onto underground forums and leak sites controlled by criminal groups, which led to an increase in ransomware incidence of 13 per cent in 2021 compared to 2021 – an increase far greater than the cumulative increases of the past five years combined.  Verizon’s Data Breach Investigations Report underscored the severity of this trend. It is important to note that Statista has predicted that about 70 per cent of businesses will face at least one ransomware attack in 2022, marking the highest rate of ransomware attacks ever recorded. In the 2022 year-over-year analysis, it was highlighted that education, government, and healthcare were the industries with the greatest impact in 2022.  By 2023, healthcare will emerge as one of the most targeted sectors due to attackers' calculated strategy to target industries that are least able to sustain prolonged disruption. In light of the ongoing ransomware crisis, small and mid-sized businesses are considered to be some of the most vulnerable targets.  As part of Verizon’s research, 832 ransomware-related incidents were documented by small businesses by 2022, 130 of these incidents resulted in confirmed data loss, and nearly 80 per cent of these events were directly related to the ransomware attacks. In an effort to compound the risks, the fact that only half of U.S. small businesses maintain a formal cybersecurity plan, according to a report quoted by UpCity Globally, amplifies the risks.  A survey conducted by Statista found that 72 per cent of businesses were impacted by ransomware, with 64.9% of those organisations ultimately yielding to ransom demands. In a recent survey of 1,500 cybersecurity professionals conducted by Cyberreason, there was a similar picture of concern. More than two-thirds of all organisations reported experiencing a ransomware attack, a 33 per cent increase over the previous year, with almost two-thirds of the attacks associated with compromised third parties.  The consequences for organisations were severe and went beyond financial losses in the most significant way. Approximately 40% of companies had to lay off employees following an attack, 35 percent reported resignations of senior executives, and one third temporarily suspended operations as a result of an attack.  Unfortunately, the persistence of attackers within networks often went undetected for long periods of time. There was a reported 63 per cent of organisations that had been attacked for as long as six months, and others reported that they had been accessed for a period of over a year without being noticed. The majority of companies decided to pay ransoms despite the risks involved, with 49 per cent doing so to avoid revenue losses and 41 per cent to speed up recovery.  In spite of this, even payment provided no guarantee of data recovery; over half of all companies paying ransom reported corrupted or unusable data after the decryption, while the majority of financial damages were between $1 million and $10 million. The use of generative artificial intelligence within ransomware operations is also an emerging concern.  Even though the scope of these experiments remains limited, some groups have begun to explore large language models that have the potential to reduce operational burdens, such as automating the generation of phishing templates.To develop a more comprehensive understanding of this capability, researchers have identified Funksec, a group that surfaced in late 2024 and is believed to have contributed to the WormGPT model, as one of the first groups to experiment with it, so more gangs will likely start incorporating artificial intelligence into their tactics in the near future. Furthermore, analysts at Flashpoint found that gang members are recycling victims from other ransomware groups in order to gain a foothold on underground forums, long after initial breaches. The first half of 2025 has been dominated by a few particularly active operators based on scale: 537 attacks were committed by Akira, 402 attacks were committed by Clop/Cl0p, 345 attacks were committed by Qilin, 233 attacks were committed by Safepay Ransomware, and 23 attacks were performed by RansomHub.  A significant amount of attention has also been drawn to DragonForce in the United Kingdom after the company targeted household names, including Marks & Spencer and the Co-op Group. Despite being the top target, the United States remained the most vulnerable, with 2,160 attacks, far exceeding Canada’s 249 attacks, Germany’s 154 attacks, and the UK’s 148 attacks—but Brazil, Spain, France, India, and Australia also had high numbers.  A perspective from the manufacturing and technology industries indicates that these were the industries that were most lucrative, causing 22 and 18 per cent of incidents, respectively. Retail, healthcare, and business services, on the other hand, accounted for 15 per cent. The report also highlighted how the boundaries between hacktivist groups and state-sponsored actors are becoming increasingly blurred, thus illustrating the complexity of today's threat environment.  During the first half of 2025, 137 threat actor activities tracked were attributed to state-sponsored groups, 9 per cent to hacktivists, while the remaining 51 per cent were attributed to cybercriminal organisations. The Iranian government has shown that a growing focus has been placed on critical infrastructure through entities affiliated with the Iranian state, such as GhostSec and Arabian Ghosts.  In an attempt to target critical infrastructure, these entities are reported to have targeted programmable logic controllers connected to Israeli media and water systems. As a result, groups such as CyberAv3ngers sought to spread unverified narratives in advance of disruptive technology attacks. As a result, state-aligned operations are often resurfacing under a new identity, such as APT IRAN, demonstrating their shifting strategies and adaptive nature.  There is a sobering picture of the challenges that lie ahead in light of the increase in ransomware activity as well as the diversification of threat actors. Even though no sector, geography, or organisation size is immune to disruption, it appears that cybercriminals will be able to innovate more rapidly than ever, as well as utilise state-linked tactics to do so in the future, which indicates that the stakes will only get higher as time goes on.  Proactively managing security goes beyond ensuring compliance or minimising damage; it involves cultivating a culture of security that anticipates threats rather than reacts to them, rather than merely reacting to them. By investing in modern defences like continuous threat intelligence, real-time monitoring, and zero-trust architectures, as well as addressing fundamental weaknesses in supply chains and third-party partnerships, which frequently open themselves up to attacks, companies can significantly reduce their risk exposure as well as their vulnerability to attacks.  Moreover, it is equally important to address the human aspect of cybersecurity resilience: employees must be aware, incidents should be reported quickly, and leadership needs to be committed to cybersecurity resilience.  Even though the outlook may seem daunting, organisations that make sure they are prepared rather than complacent will have a better chance of dealing with ransomware as well as the wider range of cyber threats that are reshaping the digital age. A resilient security approach remains the ultimate defence in an environment defined by a persistent attacker and the innovative actions of the attacker.

Cybersecurity Landscape Shaken as Ransomware Activity Nearly Triples in 2024 #BusinessResilience #cybersecurityrisks #DataBreach

Study warns of security risks as ‘OS agents’ gain control of computers and phones New research reveals how OS agents — AI systems that control computers like humans — are rapidly advancing while raising serious security and privacy concerns.Read More

Study warns of security risks as ‘OS agents’ gain control of computers and phones #Technology #Cybersecurity #CyberSecurityRisks #OSAgents #TechNews

Security expert warns: don't list defense work on LinkedIn - or you could be at risk of getting hacked Experts warned to maybe not list all of their experience onlineDoing so could open them up to attacks and scamsLinkedIn might be a good place to advertise yourself - but have some limits A top security...

Security expert warns: don't list defense work on LinkedIn - or you could be at risk of getting hacked #Technology #Cybersecurity #CybersecurityRisks #LinkedInSecurity #DataProtection

Britons Risk Privacy by Sharing Sensitive Data with AI Chatbots Despite Security Concerns   Nearly one in three individuals in the UK admits to sharing confidential personal details with AI chatbots, such as OpenAI’s ChatGPT, according to new research by cybersecurity firm NymVPN. The study reveals that 30% of Britons have disclosed sensitive data—including banking information and health records—to AI tools, potentially endangering their own privacy and that of others. Despite 48% of respondents expressing concerns over the safety of AI chatbots, many continue to reveal private details. This habit extends to professional settings, where employees are reportedly sharing internal company and customer information with these platforms. The findings come amid a wave of high-profile cyberattacks, including the recent breach at Marks & Spencer, which underscores how easily confidential data can be compromised. NymVPN reports that 26% of survey participants have entered financial details related to salaries, mortgages, and investments, while 18% have exposed credit card or bank account numbers. Additionally, 24% acknowledged sharing customer data—such as names and email addresses—and 16% uploaded company financial records and contracts. “AI tools have rapidly become part of how people work, but we’re seeing a worrying trend where convenience is being prioritized over security,” said Harry Halpin, CEO of NymVPN. Organizations such as M&S, Co-op, and Adidas have already made headlines for data breaches. “High-profile breaches show how vulnerable even major organizations can be, and the more personal and corporate data that is fed into AI, the bigger the target becomes for cybercriminals,” Halpin added. With nearly a quarter of people admitting to sharing customer data with AI tools, experts emphasize the urgent need for businesses to establish strict policies governing AI usage at work. “Employees and businesses urgently need to think about how they’re protecting both personal privacy and company data when using AI tools,” Halpin warned. Completely avoiding AI chatbots might be the safest option, but it’s not always realistic. Users are advised to refrain from entering sensitive information, adjust privacy settings by disabling chat history, or opt out of model training. Using a VPN can provide an additional layer of online privacy by encrypting internet traffic and masking IP addresses when accessing AI chatbots like ChatGPT. However, even with a VPN, risks remain if individuals continue to input confidential data.

Britons Risk Privacy by Sharing Sensitive Data with AI Chatbots Despite Security Concerns #AIChatbots #ChatGPTsafety #cybersecurityrisks

County Council approves increased cybersecurity coverage amid potential liability concerns Council votes for enhanced cybersecurity insurance following assessment of current coverage limitations.

Humboldt County just approved a massive boost in cybersecurity insurance coverage to $1 million, ensuring better protection against potential threats!

Learn more here

#HumboldtCounty #IA #CitizenPortal #NonprofitCoverage #CybersecurityRisks #CommunitySafety

Boston industry group criticizes social media bill over data privacy and cybersecurity risks Industry leaders express concerns about age verification and data privacy in social media legislation

A controversial bill aimed at regulating social media for minors could jeopardize user privacy and cybersecurity, sparking fierce debate among industry leaders.

Read the full story

#MA #YouthProtection #CitizenPortal #DataPrivacy #CybersecurityRisks

Get the dunce's cap - experts warn pathetically weak passwords in the education sector leave classrooms at risk Schools are being left exposed by weak passwords within their organizationHackers are increasingly targeting education institutions'123456' and 'password' are both in the top 5 of most used passwords...

Get the dunce's cap - experts warn pathetically weak passwords in the education sector leave classrooms at risk #Technology #Cybersecurity #WeakPasswords #EducationSector #CybersecurityRisks

Representative Loudermilk critiques government data security amid GLBA discussion Loudermilk emphasizes federal government's privacy risks during GLBA consumer rights discussion.

Representative Loudermilk warns that the federal government poses a greater risk to your data privacy than you might think, urging a much-needed reevaluation of existing laws.

Learn more here

#US #CitizenPortal #DataPrivacy #CybersecurityRisks #ConsumerRights #USFinancialServices

Montreal Scientific expands cybersecurity team with decades of military experience Montreal Scientific emphasizes risk mitigation and governance in cybersecurity strategy.

Montreal Scientific is bolstering its cybersecurity team with military veterans, emphasizing the urgent need for robust risk mitigation and governance strategies.

Learn more here!

#VT #CybersecurityRisks #DigitalInfrastructure #GovernanceOversight #CitizenPortal #VermontCybersecurity