March Newsletter
In this newsletter, find our new publication and some of the latest cyber news!
New Article: Securing the Future of 5G: Addressing IoT Vulnerabilities and Regulatory Gaps
Source : Creative Commons, FMT
Make sure to check out our newest article on our website here on the Internet of Things (IoT) and the challenges it introduces to the 5G network, written by our very own Andrea Favalessa!
Cybernews
3.9 Billion Passwords Exposed in Massive Malware Breach
World
A massive cybersecurity breach has exposed nearly 3.9 billion passwords after infostealer malware infected over 4.3 million devices. According to threat intelligence firm KELA, three malware variants—Lumma, StealC, and Redline—were responsible for 75% of these infections. The stolen credentials are now circulating on dark web marketplaces, increasing the risk of credential-stuffing attacks on bank accounts, social media, and corporate systems. Cybercriminals use phishing emails, malicious downloads, and fake software updates to spread these infostealers. Experts urge users to enable multi-factor authentication (MFA), avoid password reuse, and monitor accounts for suspicious activity. With billions of credentials now compromised, this breach serves as a critical warning for stronger cybersecurity practices.
SecurityScorecard and KPMG Canada Partner to Strengthen Cybersecurity in Critical Sectors
Canada
SecurityScorecard, a leader in supply chain detection and response (SCDR) solutions, has entered a strategic agreement with KPMG in Canada to enhance cybersecurity across critical sectors. This collaboration introduces SecurityScorecard MAX to the Canadian market, offering a managed service that provides proactive threat hunting, continuous monitoring, and rapid incident response throughout vendor and supplier networks. KPMG's expertise in mitigating third-party cybersecurity risks complements SecurityScorecard's real-time insights, aiming to strengthen supply chain security. The partnership focuses on proactive risk management, improved vendor collaboration, and increased resilience against supply chain attacks, ensuring clients can operate securely in an increasingly digital landscape.
Iranian-Linked Hackers Target UAE Aerospace Sector with « Sosano » Backdoor
United Arab Emirates, India
A recent cybersecurity investigation has revealed a targeted phishing campaign against UAE-based aviation and satellite communication firms, exploiting a compromised email account from an Indian electronics company. The attackers, suspected to be linked to Iranian state-backed groups, leveraged a fake domain and polyglot files to deliver a new Golang-based backdoor called Sosano. This malware enables remote command execution, file access, and further payload deployment, posing a significant espionage threat. The adversaries, tracked under the moniker UNK_CraftyCamel, exploited a compromised email account belonging to the Indian electronics company INDIC Electronics. Leveraging this trusted relationship, they sent tailored phishing emails to their U.A.E. targets. These emails contained URLs leading to a counterfeit domain resembling INDIC Electronics which hosted a ZIP archive comprising an XLS file and two PDF files. Analysis suggests that this campaign is likely the work of an Iranian-aligned adversary, possibly affiliated with the Islamic Revolutionary Guard Corps (IRGC). The targeted sectors are crucial for both economic stability and national security, making them valuable intelligence targets in the broader geopolitical landscape.
OpenAI Cracks Down on Malicious ChatGPT Use in Global Cyber Threats
World
OpenAI has announced the ban of multiple accounts misusing ChatGPT for nefarious purposes, including the development of an AI-powered surveillance system linked to China. The so-called Qianyue Overseas Public Opinion AI Assistant was designed to track social media discussions on anti-China protests in Western nations, providing real-time intelligence to authorities. The actors leveraged ChatGPT to refine and debug the system’s source code, raising concerns about AI’s role in state-sponsored surveillance. Beyond this case, OpenAI also dismantled networks engaged in other cyber threats, including a North Korean scheme that used ChatGPT to craft fake job applicant profiles and a Chinese-origin influence operation producing anti-U.S. propaganda.
EDPB Launches 2025 Coordinated Action on the Right to Erasure
European Union
The European Data Protection Board (EDPB) has initiated its 2025 Coordinated Enforcement Framework (CEF) action, focusing on the enforcement of the right to erasure, commonly known as the "right to be forgotten," as outlined in Article 17 of the General Data Protection Regulation (GDPR). This initiative involves 32 Data Protection Authorities (DPAs) across Europe, reflecting the high frequency of complaints related to this right. Throughout 2025, participating DPAs will engage with various data controllers across sectors to assess their procedures for handling erasure requests. This assessment will examine how controllers process these requests, including the application of relevant conditions and exceptions. The collective findings will be analyzed to identify compliance challenges and best practices, facilitating targeted follow-up actions at both national and EU levels.
UK ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Use
United Kingdom
The UK's Information Commissioner's Office (ICO) has launched investigations into TikTok, Reddit, and Imgur over their handling of children's personal data. The inquiry aims to assess whether these platforms comply with data protection regulations and effectively safeguard young users' privacy. The investigation into TikTok focuses on how it processes the personal information of teenagers aged 13 to 17 to fuel its content recommendation algorithms. Meanwhile, the probes into Reddit and Imgur examine their overall use of children's data, including the effectiveness of their age verification tools. If violations are found, the ICO could impose fines or enforcement actions to compel stricter compliance.
The European Union announces big investment in AI industry
European Union
The EU has announced a €200 billion investment push to boost its AI industry. In detail, €50 billion will be invested by the EU and the rest by other private investors and industry leaders. The European Commission President, Ursula von der Leyen, disclosed the plan at the AI Action Summit in Paris, emphasizing that Europe aims to become a leader in AI innovation along the US and China. The investment includes €20 billion for AI gigafactories and access to public supercomputers for startups and scientists. More than 60 European companies, including Airbus and Volkswagen, have pledged support through the “EU AI Champions Initiative”. While defending the EU's AI regulations, von der Leyen highlighted the need for both competition and collaboration, responding to US Vice President JD Vance's warning about overregulation.
The European Union plans Major Regulatory Overhaul to Boost AI, Biotech, and Clean Energy Investments
European Union
The European Commission plans to introduce at least five legislative packages this year to reduce bureaucracy and encourage investment, particularly in AI, biotech, and clean energy. More specifically, EU digital chief Henna Virkkunen highlighted concerns over excessive administrative burdens and emphasized the need for streamlined regulations. One package, expected later this year, will address overlaps between the EU's AI Act, Digital Services Act, Digital Markets Act, and GDPR in an attempt to maintain their core objectives. The move comes amid pressure from EU countries like France to ease regulations and challenges from the U.S., where some tech companies have lobbied against EU fines.
Microsoft argues the quick development of quantum computers within the next years
World
Microsoft has announced the construction of the Majorana 1 chip. This chip is alleged to accelerate the development of quantum computers capable of solving industrial-scale problems within years rather than decades. This chip is based on a topological conductor, also known as a photoconductor, a new material that Microsoft believes could be as transformative as semiconductors were for classical computing. Experts acknowledge Microsoft's breakthrough but point out that more data is needed to validate its impact. While some, like Nvidia's Jensen Huang, predict that useful quantum computing is still 20 years away, Microsoft insists that its progress brings that timeline much closer.
US congressional committee urges Americans to stop using routers made in China
US/China
The House of Representatives Select Committee on China has requested the Commerce Department to investigate China’s TP-Link Technology Co., the top world sellers of WiFi routers by unit volume. Government authorities from both parties have informed the public of the risks of using TP-Link routers, claiming that such devices expose individuals to cyber intrusion which hackers could leverage in order to attack critical infrastructure. According to Rob Joyce, former director of cybersecurity at the National Security Agency, the US Commerce Department was considering a ban on the sale of the company’s routers. In light of the growing capacity of Chinese hackers, Democratic Representative Raja Krishnammorthi commented that the US should consider enlisting private sector actors for retaliatory measures, using “fire against fire.”
Industry urges adoption of EU cybersecurity label favoring big tech companies
European Union
Twenty three industry groups across Europe wrote joint letter to demand EU tech chief Henna Virkkunnen to adopt a draft cybersecurity certification scheme (EUCS) for cloud services, which initially has favored Amazon, Google, and Microsoft. The scheme aims to help governments and companies select a secure and trusted vendor for their cloud computing needs. Signatories to the letter include Allied for StartUps, the American Chamber of Commerce in Estonia, Finland, Italy, Romania and Spain, the Association of German Banks, Germany's Association of the Internet Industry, Italian startup group InnovUp, the Irish Business and Employers Confederation, Dutch group Nederland Digitaal, and Portugal's Association for the Promotion and Development of the Information Society.