Policy
-
Google rolls out Android developer verification to all developers
Google is rolling out Android developer verification to all developers, with new identity checks for apps distributed outside Google Play. The move starts in four countries in September and expands globally next year.
-
Dutch finance ministry takes treasury banking portal offline after breach
The Dutch Ministry of Finance has taken its treasury banking portal offline while investigating a cyberattack detected on March 19. About 1,600 public institutions are unable to view balances online, though payments continue through regular banking channels.
-
European Commission says attackers breached public web infrastructure
The European Commission said attackers broke into cloud systems hosting its Europa websites on March 24 and may have taken data. The sites stayed online, but officials gave few details about what was exposed.
-
Intellexa founder says he will appeal Greek spyware conviction
Intellexa founder Tal Dilian said he will appeal his Greek conviction over a mass-wiretapping case tied to Predator spyware, which was used to hack phones belonging to ministers, opposition leaders, military officials and journalists.
-
UK sanctions Xinbi marketplace linked to Southeast Asian scam centres
The U.K. has sanctioned Xinbi, a Chinese-language marketplace accused of selling stolen data and cryptocurrency services to scam centres in Southeast Asia, and targeted the operators of a large scam compound known as #8 Park, as part of efforts to disrupt crypto-based money laundering and large-scale investment fraud.
-
EU sanctions three firms and two individuals over cyberattacks
The EU Council sanctioned three firms and two individuals for cyberattacks on critical infrastructure and devices. One Chinese firm enabled hacking of over 65,000 devices across six EU states and an Iranian firm ran influence operations.
-
European Parliament extends temporary CSAM detection exemption until August 2027
The European Parliament extended a temporary ePrivacy derogation allowing voluntary CSAM detection until 3 August 2027. Lawmakers imposed limits and exclusions for end-to-end encryption as they work to negotiate a permanent legal framework.
-
CISA adds three vulnerabilities to Known Exploited Vulnerabilities catalog and sets federal patch dates
CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, covering Workspace One UEM, SolarWinds Web Help Desk, and Endpoint Manager. Federal civilian agencies must apply fixes by mid and late March.
-
UK automated scanner cuts DNS fix times from 50 days to eight
An automated Vulnerability Monitoring System cut DNS vulnerability remediation in the UK public sector from 50 days to eight and sped other fixes. Firefox added a Sanitizer API and the FTC updated COPPA policy on age verification.
-
U.S. sanctions Russian exploit broker for buying stolen zero day tools
Matrix LLC and its owner were sanctioned under the Protecting American Intellectual Property Act after purchasing stolen zero day exploits. The action freezes U.S. assets and follows the sentencing of a former defense contractor executive.
