Any questions? Get in touch!

Weekly Cybersecurity Digest [June, Week 2]

Posted on June 10, 2025

Dear Valued Clients,

Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you informed about the latest developments in information security across Europe. Our goal is to provide you with actionable insights to enhance your security posture.

Top Stories of the Week

i. EU Adopts Coordinated Cyber Crisis Management Blueprint
The Council of the EU officially adopted a cyber crisis management framework to help member states respond collectively to large-scale cyber incidents. The blueprint outlines joint action steps for detection, escalation, containment, and recovery, with roles for national authorities, ENISA, and the European Cyber Crisis Liaison Organization Network (EU-CyCLONe). [Read more on Consilium Europe]

ii. ENISA Maps Europe’s Cyber Risk Exposure With New Sector Matrix
ENISA released its “NIS360” quadrant this week, classifying sectors by criticality and cyber maturity. Maritime, space, public services, and gas were flagged as “high criticality, low maturity” sectors—urging targeted investment and risk management. [Read more on Industrial Cyber]

iii. Microsoft Launches European Security Program in Berlin
On June 4, Microsoft announced a major initiative to enhance cyber threat information-sharing across Europe. The program includes AI-based early warning systems, collaboration with Europol, and tailored security alerts for regional infrastructure providers. [Read the full story on Microsoft]

Industry Trends and Insights

Rust‑Based Info‑Stealer Hits Chromium Browsers

Simultaneously, security researchers confirmed the emergence of a new Rust-built browser stealer (“RustStealer”), which extracts cookies, credentials, and session tokens from Chrome and Chromium browsers across Europe. Its obfuscation techniques make detection by traditional AV tools challenging. [Explore the technical report on Cyber Press]

Chinese APT41 Exploits Google Calendar for Stealthy Malware Control in Taiwan Government Attack

Chinese state-backed group APT41 is using Google Calendar for covert malware command-and-control in a new campaign targeting Taiwanese government entities. By embedding encrypted commands in calendar events, the group bypasses traditional detection using trusted cloud services. This sophisticated attack showcases growing threats that exploit common platforms for stealthy, persistent cyberespionage operations. [Read more via Cyber Security News]

✅ Regulatory Updates

Mandatory EU Cybersecurity Standards for Wireless Devices (RED)

Under the Radio Equipment Directive (RED with Delegated Regulation 2022/30), cybersecurity requirements for wireless devices become mandatory August 1, 2025, covering default password management, update mechanisms, and data privacy protections. [Read more on SGS]

Cyber IQ Challenge + Proactive Security Hacks

What’s Your Cyber IQ?

Question: Which sector was identified by ENISA as both highly critical and low in cyber maturity?

  1. E-commerce

  2. Maritime transport

  3. Financial services

  4. Media & Entertainment

While you think it over, here are 3 quick security hacks:

  • Use Network Segmentation: Isolate critical assets from less secure systems to reduce breach impact.

  • Patch Early, Patch Often: Prioritize zero-day vulnerabilities like CVE-2025-24993 affecting Windows NTFS.

  • Limit Browser Credential Storage: Encourage use of password managers instead of browser autofill.

Answer to Cyber IQ Challenge:
The correct answer is 2. Maritime transport

Conclusion

As the digital threat landscape continues to evolve, Europe is stepping up with collaborative policies, technical innovation, and new certification schemes. We encourage you to evaluate how these developments may affect your organization and consider our tailored training programs to strengthen your resilience.

Stay secure,
The Make Sense SRL Team & CyberTania