Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

65 articles found · #cybersecurite

ILR — NIS 2 guidelines for governing bodies (17/02/2026)

ILR reiterates the 24‑hour early warning via SERIMA, then 72 hours and 1 month. See how a managed SOC/SIEM helps meet NIS 2 deadlines without stress.

Tycoon 2FA: device code campaign bypasses Microsoft MFA

On May 12, 2026, eSentire detailed a Tycoon 2FA campaign abusing the OAuth Device Code flow to steal tokens without passwords. Why phishing-resistant FIDO2/WebAuthn MFA is required to meet GDPR Article 32.

French Supreme Court (Mar 5, 2026) reshapes qualified e-signatures

Since March 5, 2026, only a Qualified Electronic Signature (QES) shifts the burden of proof. How to evidence QTSP, QSCD and LTV to secure contracts and compliance.

West Pharmaceutical (4 May 2026): why immutable, isolated backups are vital (DORA)

On 4 May 2026, West Pharmaceutical suffered a ransomware attack with data theft and encryption, halting manufacturing and shipping. Here is the backup architecture that prevents prolonged outages and meets DORA.

Instructure/Canvas: 275M users at risk — 24/7 SOC to meet NIS2 Art. 23

ShinyHunters breached Instructure/Canvas, threatening up to 275M records. How a managed SOC/SIEM enables 24h qualification and ILR notification under NIS2 Art. 23.

ENISA 2026: Exercise Methodology to Operationalize DORA Article 24

ENISA releases a cybersecurity exercise methodology with ready-to-use kits. In practice: DORA Article 24–aligned tabletop tests to speed decision-making and reduce ransomware impact.

FlowerStorm (KrakVM) evades email filters and the NIS 2 stakes

The FlowerStorm phishing kit runs obfuscated JavaScript in KrakVM to intercept MFA. Here is how an email gateway, DMARC/SPF/DKIM, and a 24/7 SOC help meet NIS 2 in Luxembourg.

CSSF — Circular 25/893: tightened ICT alerting and reporting under DORA

The CSSF tightens ICT incident classification and notification under DORA via eDesk. Here is how an EDR/XDR stack enables timely detection, qualification, and reporting with harmonized deadlines.

CSSF 25/883 amends 22/806: continuous cloud oversight

On 9 April 2025, the CSSF adjusted 22/806 via 25/883 to align ICT outsourcing with DORA. Here’s how a robust CSPM prevents cloud leaks and demonstrates compliance.

ChipSoft ransomware: why immutable, isolated backups are non-negotiable

The ChipSoft (HiX) attack disrupted hospital services and exposed data. Here’s how immutable backups and an isolated backup network meet DORA/NIS 2 and prevent prolonged outages.

Okta/SSO hit by vishing: how FIDO2 blocks MFA bypass

In January 2026, Okta/Entra accounts were breached via vishing and AiTM proxies capturing OTP/push in real time. Phishing-resistant FIDO2/WebAuthn meets GDPR Article 32 requirements.

AZ Monica crippled by ransomware: why immutable backups matter

Belgium’s AZ Monica hospital shut down its servers after a cyberattack. Here’s how immutable, isolated backups enable fast recovery aligned with DORA/NIS 2.

← Newer Page 4 / 6 Older →