Risk
-
Romanian oil pipeline operator reports cyberattack that took website offline
Conpet reported a cyberattack that disrupted its corporate IT systems and disabled its website on Tuesday. Operational technology remained unaffected and authorities were notified. A ransomware group using the Qilin name posted files presented as proof.
-
Italy thwarts cyberattacks tied to Russia ahead of Milano Cortina Games
Italy has begun defending against cyberattacks that targeted foreign ministry sites and some Milano Cortina Winter Olympics locations. The attacks were described as of Russian origin and mitigations were put in place before the Games.
-
NIST center issues RFI seeking input on security for autonomous AI agents
A Request for Information from NIST’s CAISI asked for input on secure practices for autonomous AI agents on Jan. 8, focusing on novel risks, assessment methods, and deployment constraints as agencies push toward operational standards.
-
Microsoft issues emergency patch for Office zero-day CVE-2026-21509
Microsoft issued out-of-band patches for Office zero-day CVE-2026-21509, rated 7.8. Service-side protection covers newer builds and a registry workaround is provided for older Office versions. Federal agencies must remediate by February 16, 2026.
-
CISA publishes post-quantum procurement guidance but experts warn it lacks operational detail
CISA published guidance on Jan. 23 listing federal products for post-quantum cryptography. Experts warned the document lacks operational detail on inventories, timelines and authentication support, complicating procurement and migration efforts.
-
GDPR fines pass £1 billion as daily breach reports top 400
Europe’s GDPR fines topped £1 billion in 2025 and authorities recorded an average of 443 breach notifications a day, a 22 percent rise and the first time daily reports passed 400 since GDPR took effect.
-
NCSC alert warns pro-Russian DDoS groups targeting UK local government and operational technology
On January 21, 2026 the UK’s National Cyber Security Centre issued an alert warning that pro-Russian DDoS attacks are targeting British organisations, especially local government and operational technology, and advised steps to harden defences.
-
British Army to base 13 Signal Regiment at Gloucestershire site with £279 million spending
The British Army will base 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire with £279 million funding. Plans cover new cyber facilities, accommodation for service families, and construction from 2027 to 2030.
-
Belgian hospital shuts down servers and cancels procedures after cyberattack
A Belgian hospital operating in Antwerp and Deurne disconnected servers at 6:32 AM after a cyberattack, cancelling scheduled procedures and transferring seven critical patients. Authorities have been notified and an investigation is under way.
-
FBI warns Kimsuky used malicious QR codes in 2025 quishing campaigns
An FBI flash alert warned that North Korea linked group Kimsuky used malicious QR codes in 2025 spear phishing to target think tanks, academia, and government entities. The attacks aimed to steal session tokens and bypass multi factor authentication.
