Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

65 articles found · #cybersecurite

Romania: €125,000 fine against Renault for security failures (GDPR Art. 32)

On 25 March 2026, Romania’s ANSPDCP fined Renault Commercial Romania (~€125,000) for GDPR Article 32 failures and processor governance. Modern DLP evidences “appropriate” measures and curbs uncontrolled data transfers.

Clinical Diagnostics (NL): gynecological records leak — GDPR-aligned DLP

After the massive leak at Clinical Diagnostics, a modern DLP aligned with GDPR (Art. 32 and 44–49) reduces exfiltration and provides the evidence authorities expect.

AEPD fines Yoti €950,000 — Automated DPIA becomes essential

On March 10, 2026, the AEPD fined Yoti €950,000 for unlawful biometrics, invalid consent and excessive retention. A tooled, automated DPIA is now key to reduce risk and evidence GDPR compliance.

Outsider Enterprise dismantled: urgent need for phishing‑resistant FIDO2 MFA

FBI, Google, and Black Lotus Labs dismantled “Outsider Enterprise,” a PhaaS linked to >1M URLs and ≈$1.9B in losses. Why FIDO2/WebAuthn MFA is now the “appropriate measure” under GDPR Article 32.

CSSF — Axios compromised (31/03/2026): EDR/XDR to detect and notify under DORA

The CSSF warns about the Axios supply‑chain compromise and reminds firms to notify a major ICT incident under Circular 25/893 (DORA). Here is how an EDR/XDR stack helps detect, contain, and notify on time.

ENISA 2026: Separate, tested backups aligned with DORA

ENISA updates its SME guide: backups separated from production, encrypted and end-to-end tested. How immutable, isolated vaults meet DORA Art. 12 and thwart ransomware.

FortiBleed: 73,932 Fortinet firewalls exposed — FIDO2 is now mandatory

FortiBleed exposed ~74,000 Fortinet firewalls/VPNs via stolen and reused credentials. Phishing-resistant MFA (FIDO2/WebAuthn) meets GDPR Article 32 and blocks initial access.

Kodak hacked: ShinyHunters claims 2.2M records

Kodak confirms an intrusion as ShinyHunters claims 2.2M records. Here’s how RGPD-compliant DLP (Art. 32 and 44‑49) reduces exfiltration and builds evidence.

Foxconn hit by Nitrogen: 8 TB stolen — PAM becomes non-negotiable

On 13/05/2026, Foxconn confirmed an attack claimed by Nitrogen: 8 TB and 11M+ files stolen, with slowdowns at North American plants. A zero-trust PAM meets NIS 2 art. 21 and severs admin access that enables such attacks.

Shai-Hulud: supply-chain token theft — why FIDO2 MFA is non-negotiable

Zscaler documents “Shai-Hulud”: GitHub/npm/PyPI compromises, OIDC abuse, and public IOCs. Phishing-resistant FIDO2/WebAuthn MFA addresses GDPR Article 32 and blocks initial access.

DSG Retail v ICO Broadens the Security Duty: Serious DLP Required

The English Court of Appeal confirms a broadened security duty: anticipate jigsaw identification. Here is how ISO 27001‑aligned DLP meets GDPR Article 32.

AUR compromised: 400+ Arch Linux packages push an eBPF rootkit

On June 12, 2026, over 400 AUR packages were used to distribute an infostealer with an eBPF rootkit. Here’s how an EDR/XDR stack helps detect it quickly and meet NIS 2 and DORA requirements.

← Newer Page 2 / 6 Older →