Weekly Cybersecurity Digest [July, Week 2]
Posted on July 8, 2025
Dear Valued Clients,
Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you updated on critical developments shaping digital risk across Europe. In this edition, we spotlight the EU’s renewed push for encrypted chat scanning, rising ransomware threats to essential sectors, and new findings that expose alarming cybersecurity gaps within EU institutions.
You’ll also find urgent insights into the state of AI regulation, healthcare cyber defense demands, and evolving tactics by APT groups targeting European infrastructure. As always, our goal is to provide actionable intelligence to support your operational resilience and regulatory readiness.
✅ Top Stories of the Week
i. EU Revives Controversial Chat Scanning Bill Under Denmark’s Leadership
Denmark has reintroduced the contentious CSAM scanning bill as it takes over the EU Presidency, aiming to mandate chat surveillance—even on encrypted platforms—by October 2025. Despite years of failed attempts and strong privacy backlash, lawmakers are again pushing for “Chat Control,” risking encryption protections across Europe. [Read more via Tech Radar]
ii. BERT Ransomware Hits European Healthcare & Tech Firms
Trend Micro confirmed that the new BERT ransomware is actively targeting hospitals and tech companies across Europe, using evasion techniques and concurrent encryption threads—including the capability to shut down ESXi virtual machines for maximum impact. [Read analysis on Trend Micro]
iii. APT Attacks Surge Globally, Targeting Critical Sectors and Using New Tactics
Intel 471 reports a sharp rise in cyber campaigns by APT groups in June, with targets spanning finance, infrastructure, and governments. Threat actors used stealthy malware, phishing via Teams and Signal, and even destructive tools like PathWiper. Iran, Russia, and China-linked groups are ramping up global cyber disruption efforts. [Read more on Industrial Cyber]
✅ Industry Trends & Insights
Europe’s AI Law Needs Tweaking, Not Stopping
Calls to pause the EU’s AI Act ignore key nuance. Experts argue only the vague, hastily drafted rules on general-purpose AI—like ChatGPT—need a delay, not the entire law. High-risk AI regulations for sectors like healthcare remain clear and essential, while unclear FLOPs thresholds risk confusion and compliance issues. [Read the full report on Mint]
✅ Regulatory & Policy Updates
EU Regions Demand Stronger Cyber Defenses for Healthcare
Europe’s regions urged immediate action to bolster healthcare cybersecurity amid rising attacks. The EU’s Committee of the Regions called for national law transposition of the Critical Resilience Directive, more training, funding clarity, and inclusion of local authorities in cybersecurity planning—warning that hospitals face growing threats amid geopolitical tensions and digital vulnerabilities. [Read more on official website of the European Union]
Two-Thirds of EU Institutions Fail Cybersecurity Test
A new report shows 67% of EU bodies scored D or F for cybersecurity, with widespread breaches, poor password hygiene, and critical system flaws. Nearly all low-rated institutions had recent data leaks, and 85% of their employees reused compromised passwords—underscoring urgent gaps in cyber readiness despite EU-level resilience initiatives. [Read more via Cyber News]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz:
True or False: Encrypted messaging services like Signal or WhatsApp may be legally required to scan user chats in the EU under the proposed Chat Control bill.
Answer revealed below.
Smart Security Move of the Week:
Ban Password Reuse—Now. With 85% of employees in low-rated EU institutions reusing breached credentials, this practice remains one of the weakest cybersecurity links.
- Use a password manager to generate strong, unique passwords.
- Implement automated checks for exposed credentials (e.g., via Have I Been Pwned API).
- Educate teams on why reusing one password can unlock everything.
⚕️ Sector Spotlight: Healthcare Edition
Hospitals are being hit by ransomware like BERT and APT-led disruptions—many without basic training in cybersecurity. If you’re in health or social care:
- Enforce multi-factor authentication (MFA) across systems.
- Segment networks to isolate critical infrastructure.
- Launch tabletop simulations for ransomware scenarios before an actual breach forces your hand.
✅ Quiz Answer:
True. Under the EU’s proposed CSAM scanning bill, even end-to-end encrypted services could be required to scan private chats—raising major concerns about privacy and the future of secure messaging.
✅ Conclusion
This week’s developments make one thing clear: Europe’s digital defenses are being tested on multiple fronts—from legislative shakeups and regulatory gaps to increasingly aggressive threat actor campaigns.
Now is the time to invest in technical hardening, staff awareness, and vendor accountability. Whether you’re navigating compliance with the AI Act, preparing for healthcare resilience mandates, or managing ransomware risks, Make Sense trainings are designed to empower your team with the tools and clarity needed for modern cybersecurity challenges.
Stay secure,
The Make Sense SRL Team & CyberTania
