Category: Industry News

Industry News

EU Space Act - Strengthening Safety, Resilience and Sustainability in Space

Agency News, Industry News, Space Sector
The EU Space Act is a legislative initiative by the European Commission that introduces a harmonised framework for space activities across the Union. The proposal, launched on 25 June 2025, aims to ensure safety, resilience, and environmental sustainability, while boosting the competitiveness of the EU space sector.
Europe’s current regulatory landscape is fragmented—13 different national approaches increase complexity and costs for businesses. The EU Space Act will create a single market for space activities, making it easier for companies, particularly start-ups and SMEs, to grow and operate across borders.
What will the EU Space Act do?
The proposal is structured around three key pillars:
- Safety
The Act introduces robust rules for tracking space objects and mitigating space debris, preserving Europe’s secure and uninterrupted access to space.
- Resilience
Tailored cybersecurity requirements will strengthen protection of European space infrastructure and ensure business continuity.
- Sustainability
Operators will need to assess and reduce the environmental impact of their space activities, while benefiting from support for innovation in emerging technologies like in-orbit servicing and debris removal.
The new rules will apply to both EU and non-EU operators providing space services in Europe. Proportional requirements will be scaled based on company size and risk profile, ensuring a fair, innovation-friendly regulatory environment.
Support for Industry and Member States
A targeted support package will help businesses and Member States transition smoothly. Special attention is given to reducing administrative burdens and facilitating compliance, especially for start-ups, SMEs and small mid-caps.
Next Steps
The legislative proposal will be negotiated under the ordinary legislative procedure by the European Parliament and the Council.
For more details visit: EU Space Act - European Commission
Leave a comment

ENISA develope European Vulnerability Database (EUVD) as provided for by the NIS2 Directive

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) has developed the European Vulnerability Database - EUVD as provided for by the NIS2 Directive. The EUVD service, to be maintained by ENISA, is now operational.
The database provides aggregated, reliable, and actionable information such as mitigation measures and exploitation status on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services.
The objective of the EUVD is to ensure a high level of interconnection of publicly available information coming from multiple sources such as CSIRTs, vendors, as well as existing databases. In order to meet this objective, the platform is building on a holistic approach. As an interconnected database the EUVD allows for better analysis and facilitates the correlation of vulnerabilities by facilitating the open-source software Vulnerability-Lookup, thereby enabling enhanced cybersecurity risk management.
The EUVD offers therefore a trusted, more transparent and broader source of information and further improves situational awareness while limiting exposure to threats.
The aggregated information of the database is displayed through dashboards. The EUVD offers three dashboard views: for critical vulnerabilities, for exploited ones, and for EU coordinated ones. The EU Coordinated Vulnerabilities lists the vulnerabilities coordinated by European CSIRTs and includes the members of the EU CSIRTs network.
The collected and referenced vulnerability information comes from open-source databases. Additional information is added via advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, together with exploited vulnerability markings. EUVD data records may include:
- A description of the vulnerability;
- ICT products or ICT services affected and/or affected versions, the severity of the vulnerability and how it could be exploited;
- Information of existing relevant available patches or guidance provided by competent authorities including CSIRTs, and addressed to users on how to mitigate risks.
To meet the requirement of the NIS2 Directive, ENISA initiated a cooperation with different EU and international organisations including MITRE’s CVE Programme. ENISA is in contact with MITRE to understand the impact and next steps following the announcement on the funding to the Common Vulnerabilities and Exposures Program. CVE data, data provided by ICT vendors disclosing vulnerability information via advisories, and relevant information such as CISA’s Known Exploited Vulnerability Catalogue are automatically transferred into the EUVD. This will also be achieved with the support of Member States who established national Coordinated Vulnerability Disclosure (CVD) policies and who designated one of their CSIRTs as the coordinator, ultimately making the EUVD a trusted source for enhanced situational awareness in the EU.
As a CVE Numbering Authority (CNA), ENISA can register vulnerabilities and support vulnerability disclosure since January 2024, in relation to:
- vulnerabilities in IT products discovered by EU CSIRTs themselves; and
- vulnerabilities reported to EU CSIRTs for coordinated disclosure as long they are not in the scope of another CVE Numbering Authority.
Leave a comment

20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown

Agency News, Cyber Security CII sector, Industry News
More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure.
During Operation Secure law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns.
Ahead of the operation, INTERPOL cooperated with private-sector partners Group-IB, Kaspersky and Trend Micro to produce Cyber Activity Reports, sharing critical intelligence with cyber teams across Asia. These coordinated efforts resulted in the takedown of 79 per cent of identified suspicious IP addresses.
Participating countries reported the seizure of 41 servers and over 100 GB of data, as well as the arrest of 32 suspects linked to illegal cyber activities.
Infostealer malware is a primary tool for gaining unauthorized access to organizational networks. This type of malicious software extracts sensitive data from infected devices, often referred to as bots. The stolen information typically includes browser credentials, passwords, cookies, credit card details and cryptocurrency wallet data.
Additionally, logs harvested by infostealers are increasingly traded on the cybercriminal underground and are frequently used as a gateway for further attacks. These logs often enable initial access for ransomware deployments, data breaches, and cyber-enabled fraud schemes such as Business Email Compromise (BEC).
Following the operation, authorities notified over 216,000 victims and potential victims so they could take immediate action - such as changing passwords, freezing accounts, or removing unauthorized access.
Vietnamese police arrested 18 suspects, seizing devices from their homes and workplaces. The group's leader was found with over VND 300 million (USD 11,500) in cash, SIM cards and business registration documents, pointing to a scheme to open and sell corporate accounts.
House raids were carried out by authorities in Sri Lanka leading to 12 arrests and the identification of 31 victims.
The Hong Kong Police analysed over 1,700 pieces of intelligence provided by INTERPOL and identified 117 command-and-control servers hosted across 89 internet service providers. These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud and social media scams.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
Leave a comment

From heatwaves to cyber threats: a comprehensive new guide to today’s hazards

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The United Nations Office for Disaster Risk Reduction (UNDRR) and the International Science Council (ISC) have released an updated edition of their comprehensive hazard guide, offering clear, standardized information on 282 hazards - from wildfires and earthquakes to cyberattacks and pandemics.
The new edition reflects the complex and interconnected nature of today's global risk landscape. Hazards increasingly occur together, cascade across systems, and amplify one another. In response, the updated profiles emphasize a multi-hazard approach-critical for effective early warning systems, emergency planning, and disaster resilience. Originally launched in 2021 as the first resource of its kind, the hazard definitions and classification provide an authoritative technical foundation for disaster risk reduction efforts worldwide. This updated edition builds on that foundation with:
- 282 reviewed hazards across 8 types and 39 clusters
- Improved, machine-readable format to support their use across digital tools and systems. E.g. the updated hazard taxonomy with standard definitions enables the new generation UNDRR-UNDP-WMO disaster tracking system.
- Clearer articulation of hazard interactions and multi-hazard scenarios
- User-informed revisions and new content to support real-world planning and response
"From local governments to humanitarian agencies, the need for consistent, science-based hazard information is universal. These profiles reflect the best available scientific understanding of hazards and offer a foundation for evidence-based policies that reduce risk and build resilience," said Salvatore Aricò, CEO, International Science Council.
"Reliable and standardized hazard data are essential for informing disaster risk reduction strategies. This update helps countries implement the Sendai Framework for Disaster Risk Reduction to reduce losses by 2030," said Kamal Kishore, the Special Representative of the United Nations Secretary-General for Disaster Risk Reduction.
"This updated edition reflects what we've learned: hazards are not standalone events. They are part of a complex web of risk. By bringing together diverse expert and user input, we've made these profiles more actionable, more interconnected, and more immediately useful," said Professor Virginia Murray, Chair of the Hazard Information Profiles Steering Group.
The revision process engaged over 270 experts, reviewers, and users from across sectors and regions. A dedicated User Group, Multi-Hazard Group, and Machine Actionability Group ensured the profiles remain practical, future-ready, and inclusive of diverse perspectives and needs.
Since the initial release, the hazard profiles have been widely used by national disaster management agencies, UN bodies, researchers, and humanitarian organizations for planning, monitoring, risk assessments, and training. This success has prompted the current update to ensure that they remain relevant and up to date.
Leave a comment

UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations

Agency News, Cyber Security CII sector, Industry News
The UK government and international allies have today exposed Russia’s military intelligence service for a campaign of malicious cyber activity against western logistics entities and technology companies.
In a new advisory, the UK's National Cyber Security Centre – a part of GCHQ – and partners from ten countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a malicious cyber campaign against both public and private organisations since 2022.
This has included targeting of organisations involved in the co-ordination, transport and delivery of support to Ukraine, and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO members.
Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.
The UK’s support for Ukraine remains steadfast as it continues to suffer Russia’s barbaric war. In total, the UK has committed £13 billion in military aid, and this week 100 new sanctions on Russia were announced, targeting entities supporting its military, energy, and financial institutions. This followed Russia launching its biggest drone attack of the war last weekend.
Supporting UK organisations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world. Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity.
Executives and network defenders at technology and logistics companies should recognise the elevated threat of targeting and take immediate action to protect themselves.
Actions include increasing monitoring, using multi-factor authentication with strong factors – such as passkeys – and ensuring security updates are applied promptly to manage vulnerabilities.
The NCSC has co-sealed this advisory alongside agencies from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands.
Leave a comment

First Interoperability Milestone Achieved: sBMS and VIS4EES Go Live

Agency News, Cyber Security CII sector, Industry News
eu-LISA has successfully launched the shared Biometric Matching Service (sBMS), the EU’s central biometric matching system, and upgraded the Visa Information System (VIS4EES). These two systems mark the completion of the first milestone of the Interoperability Roadmap, ensuring that Member States and EU Agencies are well prepared for future developments.
The technical activities enabling the go-live were carried out overnight by eu-LISA experts, in collaboration with external partners. Both systems are now fully operational and accessible to Member States and competent EU Agencies.
The Visa Information System (VIS) is a large-scale IT system that supports the implementation of the EU’s common visa policy and facilitates checks at external borders. It allows Schengen States to exchange data on short-stay visas and connects consulates in non-EU countries with border crossing points. The upgraded VIS4 introduces enhanced functionalities, improved performance, and greater readiness for future interoperability.
The shared Biometric Matching Service (sBMS) is a centralised system that stores and compares biometric data—such as fingerprints and facial images—across multiple EU information systems. As the first operational component of the interoperability architecture, sBMS enables biometric searches and identity checks across systems, contributing to the accuracy, security, and efficiency of EU border and migration management.
Together, VIS4 and sBMS represent a major step forward in reinforcing the EU’s external border security. They constitute the first operational element of interoperability and lay the groundwork for the upcoming integration of the Entry/Exit System (EES).
Leave a comment

Network Monitoring Program Needs Further Guidance and Actions

Agency News, Cyber Security CII sector, Industry News
The Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program gives agencies cybersecurity tools to strengthen the networks and systems they use to meet their missions.
A key aspect of a rigorous cybersecurity program is continuously monitoring networks and systems to identify and manage risks. Consistent with the FISMA requirement for agency network monitoring, the CISA-led CDM program provides tools to agencies to assist in this effort.
FISMA includes a provision for GAO to periodically report on agencies' implementation of the act. Among its objectives, this report examines the extent to which the CDM program is (1) meeting its goals, and (2) supporting other federal cybersecurity initiatives.
While the program has met two of its goals, it lacks sufficient guidance for managing network security and data protection. The program generally supports government-wide cybersecurity initiatives, but DHS's Cybersecurity and Infrastructure Security Agency hasn't finalized all plans for how CDM can provide support. For example, the agency hasn't fully updated the program's cloud asset management guidance.
The Department of Homeland Security (DHS) established the Continuous Diagnostics and Mitigation (CDM) program in 2012 to strengthen the cybersecurity of government networks and systems. Its goals are to: (1) reduce exposure to insecure configurations or known vulnerabilities; (2) improve federal cybersecurity response capabilities; (3) increase visibility into the federal cybersecurity posture; and (4) streamline Federal Information Security Modernization Act of 2014 (FISMA) reporting. The Cybersecurity and Infrastructure Security Agency (CISA) manages these goals across four capability areas (see figure). The program is meeting two of its four goals and partially meeting the other two, as discussed below.
CDM has met two goals. First, it is reducing exposure to insecure configurations and known vulnerabilities—22 of 23 agencies reported that the program was helpful in accomplishing this. CDM is also meeting its incident response capability goal.
The program, however, has been less successful in meeting the other two goals.
Although CISA developed dashboards to visualize and provide insight to the federal cybersecurity posture and the associated capability areas noted above, officials from 21 of 23 agencies stated that they had not yet fully implemented network security and data protection capabilities. Several agencies cited a lack of guidance as contributing to the slow implementation.
While officials from four agencies stated that CDM helped to automate FISMA reporting, officials from seven other agencies said that data quality issues were adversely affecting efforts to streamline reporting leading to manual updates to correct data errors.
Regarding supporting other initiatives, the Office of Management and Budget (OMB) established expectations that CDM would support federal cybersecurity efforts on zero trust architecture, endpoint detection and response, and cloud asset management. CDM has generally met expectations for the zero trust architecture program. However, CISA had not finalized key activities to support endpoint detection and cloud asset management. CISA's actions to implement an endpoint solution for all agencies and issue updated guidance on cloud asset management would improve the cybersecurity posture of federal agencies.
GAO selected for review the 23 civilian agencies covered in the Chief Financial Officers Act of 1990 (CFO Act). GAO compared CDM program documentation against relevant guidance, and summarized survey results from the 23 civilian CFO Act agencies. GAO also interviewed CISA and OMB officials.
GAO is making four recommendations to DHS and CISA to (1) issue guidance on implementing network security and data protection capabilities, (2) address data quality issues, (3) implement an endpoint solution, and (4) issue updated guidance on cloud asset management. DHS, on behalf of CISA, concurred with the recommendations.
Leave a comment

DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

Agency News, Cyber Security CII sector, Industry News
In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.
The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.
The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.
Global law enforcement response
The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.
Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.
The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.
Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.
What are stresser and booter services?
Stresser and booter services offer on-demand cyberattacks, often disguised as tools for legitimate testing but widely used to cause deliberate disruption. These services let users flood a target server or website with enormous volumes of fake traffic, making them inaccessible to real users – a technique known as distributed denial of service.
Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure. They are often advertised on underground forums and the dark web, and transactions are typically anonymised.
This coordinated action is part of Operation PowerOFF, an ongoing international law enforcement effort targeting the infrastructure behind DDoS-for-hire activity.
Leave a comment

New Best Practices Guide for Securing AI Data Released

Agency News, Cyber Security CII sector, Industry News

CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.

This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation.

Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators are encouraged to review this information sheet and implement the recommended best practices and mitigation strategies to protect sensitive, proprietary, and mission critical data in AI-enabled and machine learning systems. These include adopting robust data protection measures; proactively managing risks; and strengthening monitoring, threat detection, and network defense capabilities.

As AI systems become more integrated into essential operations, organizations must remain vigilant and take deliberate steps to secure the data that powers them.

Leave a comment

Primary Mitigations to Reduce Cyber Threats to Operational Technology

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States. The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.
Mitigations
The authoring organizations recommend critical infrastructure asset owners and operators implement the following mitigations[1] to defend against OT cyber threats.
- Remove OT connections to the public internet. OT devices are easy targets when connected to the internet. OT devices lack authentication and authorization methods that are resistant to modern threats and are quickly found by searching for open ports on public IP ranges with search engine tools to target victims with OT components [CPG 2.X].
- Cyber threat actors use simple, repeatable, and scalable toolsets available to anyone with an internet browser. Critical infrastructure entities should identify their public-facing assets and remove unintentional exposure.
- Change default passwords immediately and use strong, unique passwords. Recent analysis of this cyber activity indicates that targeted systems use default or easily guessable (using open source tools) passwords. Changing default passwords is especially important for public-facing internet devices that have the capability to control OT systems or processes [CPG 2.A][CPG 2.B][CPG 2.C].
- Secure remote access to OT networks. Many critical infrastructure entities, or contractors working on their behalf, make risk-based tradeoffs when implementing remote access to OT assets. These tradeoffs deserve careful reevaluation. If remote access is essential, upgrade to a private IP network connection to remove these OT assets from the public internet and use virtual private network (VPN) functionality with a strong password and phishing-resistant multifactor authentication (MFA) for user remote access.
- Document and configure remote access solutions to apply principles of least privilege for the specific asset and user role or scope of work [CPG 2.H]. Further, disable dormant accounts.
- Segment IT and OT networks. Segmenting critical systems and introducing a demilitarized zone for passing control data to enterprise logistics reduces the potential impact of cyber threats and reduces the risk of disruptions to essential OT operations [CPG 2.F].
- Practice and maintain the ability to operate OT systems manually. The capability for organizations to revert to manual controls to quickly restore operations is vital in the immediate aftermath of an incident. Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident.
The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT.
- Misconfigurations may be introduced during standard operations, by the system integrator, by a managed service provider, or as part of the default product configuration by the system manufacturer. Working with the relevant groups to address these issues may prevent future unintentional vulnerabilities from being introduced.
Leave a comment
1 2 3 57