Policy
-
South Korea to require facial scans for new mobile accounts to curb scams
The South Korean government will require facial recognition scans for new mobile accounts to curb scams, using biometric data stored in carriers’ PASS apps, after major data breaches and a large compensation order for SK Telecom customers.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
-
France detains Latvian crew member after malware found on Italian ferry
French authorities detained a Latvian crew member from the ferry Fantastic after discovering malware that investigators say could have enabled remote control; a Bulgarian crewmember was released and probes by the DGSI and Italian authorities are ongoing.
-
Texas sues five TV makers over alleged secret collection of viewing data
Texas Attorney General Ken Paxton sued Sony, Samsung, LG, Hisense and TCL, alleging their smart TVs used Automated Content Recognition to capture and transmit viewing data without consent; Paxton’s office also warned of national security risks tied to China-based companies.
-
Cyberattack Disrupts PDVSA Export Systems, Company Says Operations Unaffected
PDVSA said a weekend cyberattack hit administrative systems but not operations; internal memos and source accounts cited by Bloomberg and Reuters indicate export and terminal systems were offline and cargo deliveries halted, while PDVSA blamed the United States and domestic conspirators.
-
ABA says deepfakes and generative AI are eroding court evidence and procedures
The American Bar Association’s report warns that generative AI and deepfakes are undermining legal procedures and evidence while also offering efficiency gains; the ABA has convened a task force to develop guidance on authenticity, liability and courtroom use.
-
CISA orders immediate patching after active exploitation of critical GeoServer XXE flaw
CISA has ordered federal agencies to patch a critical unauthenticated XML External Entity flaw in GeoServer (CVE-2025-58360) that is being actively exploited; researchers warn the bug can disclose files and enable SSRF, and public scans show thousands of exposed instances.
-
France interior ministry confirms cyberattack on e-mail servers
France’s Interior Ministry confirmed a cyberattack on its e-mail servers that allowed access to some files; investigators have not confirmed whether data was stolen and are probing motives including foreign interference, activists and cybercrime.
-
U.S. sues former Accenture manager over alleged false claims on Army cloud security
The U.S. has sued Danielle Hillmer, a former senior manager tied to Accenture, accusing her of misleading auditors about the security of the NIFMS cloud platform and falsely claiming FedRAMP High and DoD Impact Level compliance while work on Army contracts proceeded.
-
Global privacy laws strengthen rights but enforcement and outcomes remain uneven
A 35-year review by researchers at Dakota State University finds that global privacy laws have expanded rights and obligations but enforcement and measurable reductions in harm are uneven; the study highlights uneven fines and compliance rates, growing technology-driven pressures, cross-border uncertainty and the need for metrics to track outcomes.
