Tag: eu-nexus
All items tagged eu-nexus.
- Swiss Federal Audit Office: federal cyber-governance split leaves strategic oversight without a complete incident picture
- CVE-2026-55803 / CVE-2026-55804 — Drupal core: PHP object-injection chain in JSON:API, BSI-rated critical
- DORA Year 1 — the ESAs' first annual ICT-incident report: 3,383 major incidents, a third cross-border, only ~10% cyber
- EDPB adopts a harmonised GDPR Article 33 breach-notification template — consultation open to 5 August
- CRA reporting obligation lands 11 September — ENISA Single Reporting Platform access manual due, dry-runs before go-live
- NIS2 transposition remains incomplete — France and Spain still among the laggards
- G7 Évian cybersecurity declaration calls PQC an "urgent priority" — and the expected hacktivist DDoS materialised on day one
- UK Information Commissioner resigns with immediate effect — regulator left leaderless mid-restructure
- HCRG Care Group first notifies patients of a February 2025 Medusa breach — 16 months on `[SINGLE-SOURCE]`
- CVE-2026-55803 / CVE-2026-55804 — Drupal core: PHP object-injection chain in JSON:API, BSI-rated critical
- European Commission refers France and Spain to the CJEU over NIS2 non-transposition `[SINGLE-SOURCE]`
- Germany's Bundestag opens first reading of the CRA domestic-implementation bill
- ENISA publishes the first EU-wide SBOM Adoption State of Play — consumption lags generation
- EDPB adopts a harmonised GDPR Article 33 breach-notification template
- Cyber Europe 2026 tests the revised EU Cyber Blueprint and triggers the first live activation of the EU Cybersecurity Reserve
- EDPB adopts a harmonised GDPR Article 33 breach-notification template; consultation open to 5 August
- UPDATE: EU Cyber Resilience Act reaches its first hard deadline — notifying-authority designation due 11 June
- CNIL fines IQVIA Operations France €5M for health data warehouse security failures: no MFA, no log monitoring, no network segmentation
- Dutch Police + NCSC dismantle Asocks residential-proxy botnet (~17 M devices, 200 NL-hosted servers seized)
- Germany's federal cabinet approves the Cybersicherheitsstärkungsgesetz — BKA, BSI and Federal Police gain authority to redirect traffic and disable attacker infrastructure
- Asocks residential-proxy botnet — Dutch Police + NCSC dismantle ~17M-device infrastructure hosted in the Netherlands
- Germany's Cybersicherheitsstärkungsgesetz — federal cabinet approves active-cyber-defence powers; Bundestag passage still ahead
- EU 20th-package managed-security-services ban in force from 25 May — Switzerland adopted listings only; MSS prohibition deferred
- ENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone"
- EU Cyber Resilience Act — 11 June notifying-authority deadline, then September reporting obligations [SINGLE-SOURCE]
- Netherlands FIOD arrests two over EU sanctions evasion for Stark Industries front; 800 servers seized; NoName057(16) DDoS plumbing dismantled
- Keycloak 26.6.2 — 16 CVEs including OIDC session fixation (CVE-2026-7507), WebAuthn execute-actions token replay (CVE-2026-37982), introspection audience bypass (CVE-2026-37979) and cross-realm IDOR in Authorization Services (CVE-2026-4630)
- UPDATE: Drupal SA-CORE-2026-004 / CVE-2026-9082 ships — "highly critical" pre-auth SQL injection in core database API, PostgreSQL-only
- INTERPOL Operation Ramz — 13-country MENA cybercrime sweep: 201 arrests, 53 servers seized, Algerian PhaaS server takedown
- CVE-2026-7507 (+15) — Keycloak 26.6.2: identity-provider cluster including OIDC session fixation and cross-realm IDOR
- EU 20th Russia sanctions package — managed-security-services prohibition effective 25 May; Switzerland adopted most measures 22 May
- EU Digital Omnibus political agreement — AI Act high-risk Annex III compliance deadline extended to 2 December 2027
- EU CRA milestones — 11 June 2026 CAB notification, 11 September 2026 Article 14 reporting obligations
- DORA first oversight cycle — 19 designated CTPPs under Joint Examination Team activity
- EDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency
- KRITIS-DachG — German registration deadline 17 July 2026 is now 61 days out
- ENISA CVE Numbering Authority Root — 4 new CNAs onboarded, identities undisclosed; 7 existing CNAs migrated from MITRE Root
- NIS2 transposition — status update; no Court of Justice referral announced this week
- CERT-PL CVE-2026-44088 — SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper
- CVE-2026-41553 — DHTMLX PDF Export Module: unauthenticated server-side JavaScript injection RCE (CVSS 4.0 score 10.0), with CVE-2026-41552 and CVE-2026-7182 path-traversal companions
- DENIC .de DNSSEC outage — 3.5 h registry-side trust failure traced to keytag 33834 collision and an alerting-layer fire-without-page
- Europol IOCTA 2026
- ENISA expands CVE Numbering Authority root — 4 new CNAs, 7 migrated from MITRE; ~90 European CNAs eligible for transfer
- Polish NIS2 transposition + ABW recommendation to expand essential-entity coverage below headcount threshold
- Europol shadow-IT — LIBE committee MEPs call for mandate-expansion pause; EDPS sanctioning toolkit identified as binary
- EU Cybersecurity Package 2026 — NIS2 amendment (COM(2026) 13) + Cybersecurity Act 2 enter EP preparatory phase; PQC obligation embedded
- Germany KRITIS-DachG in force — public administration first time in critical-infrastructure scope; registration deadline 17 July 2026
- EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14)
- Poland NIS2 transposition in force 3 April 2026 — water-sector essential-entity status would now apply to the ABW-named facilities
- UPDATE: DENIC .de DNSSEC outage post-mortem — three private keys generated with the same Key Tag (33834); only one DNSKEY published
- DENIC .de DNSSEC outage — faulty key rollover; 3.5 h disruption for German government and public-sector .de domains
- ENISA expands CVE Root: four new European organisations onboarded as CVE Numbering Authorities