Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

53 articles found · #nis-2

Qilin exploits a Check Point zero-day: VPNs breached, patch within 72h

A critical zero-day (CVE‑2026‑50751) in Check Point VPNs is being actively exploited by Qilin. CISA mandates a fix by June 11, 2026. Luxembourg NIS 2 entities must check IKEv1, patch, and notify via SERIMA if an incident occurs.

ENISA updates crypto mechanisms: public review open until July

ENISA opens the public consultation of ACM v3 until the end of July 2026. Companies can comment on suites and key sizes that will guide EUCC and the European security “state of the art.”

SMEs under NIS 2: defensive AI more effective and cheaper than a classic SOC

Classic antivirus, EDR and SIEM miss the 0-day and the attack that diverts legitimate tools. An on-premise defensive AI that reasons on behaviour rather than signatures detects those unknown attacks, reacts in under 30 seconds and costs a fraction of a traditional SOC. Demonstrated on a concrete case, minute by minute.

Microsoft: cryptominer via SEO/AI — EDR/XDR and NIS 2 in action

Microsoft disclosed an active cryptomining campaign spread via SEO poisoning and AI recommendations. Here’s how an EDR/XDR stack detects, contains, and evidences compliance with NIS 2 and DORA.

WFP Gaza: warning for your enrollment portals (600,000 households)

On 2 June 2026, the WFP confirmed its self‑registration app in Palestine was compromised: data of ~600,000 Gaza households (names, IDs, mobiles, location) exfiltrated. Breach dated 14 May.

Dashlane: fewer than 20 vaults copied — lessons from a 2FA attack

On May 31, 2026, a brute-force campaign targeting 2FA allowed attackers to copy encrypted Dashlane vaults from “fewer than 20” users. Here’s what this means for your IAM controls and GDPR/NIS 2 obligations.

ILR — NIS 2 guidelines for governing bodies (17/02/2026)

ILR reiterates the 24‑hour early warning via SERIMA, then 72 hours and 1 month. See how a managed SOC/SIEM helps meet NIS 2 deadlines without stress.

Tycoon 2FA: device code campaign bypasses Microsoft MFA

On May 12, 2026, eSentire detailed a Tycoon 2FA campaign abusing the OAuth Device Code flow to steal tokens without passwords. Why phishing-resistant FIDO2/WebAuthn MFA is required to meet GDPR Article 32.

Instructure/Canvas: 275M users at risk — 24/7 SOC to meet NIS2 Art. 23

ShinyHunters breached Instructure/Canvas, threatening up to 275M records. How a managed SOC/SIEM enables 24h qualification and ILR notification under NIS2 Art. 23.

FlowerStorm (KrakVM) evades email filters and the NIS 2 stakes

The FlowerStorm phishing kit runs obfuscated JavaScript in KrakVM to intercept MFA. Here is how an email gateway, DMARC/SPF/DKIM, and a 24/7 SOC help meet NIS 2 in Luxembourg.

ChipSoft ransomware: why immutable, isolated backups are non-negotiable

The ChipSoft (HiX) attack disrupted hospital services and exposed data. Here’s how immutable backups and an isolated backup network meet DORA/NIS 2 and prevent prolonged outages.

AZ Monica crippled by ransomware: why immutable backups matter

Belgium’s AZ Monica hospital shut down its servers after a cyberattack. Here’s how immutable, isolated backups enable fast recovery aligned with DORA/NIS 2.

← Newer Page 3 / 5 Older →