Weekly Cybersecurity Digest [July, Week 3]
Posted on July 15, 2025
Dear Valued Clients,
This week’s cybersecurity digest highlights a pivotal shift in Europe’s digital threat landscape. From a confirmed data breach at Louis Vuitton to escalating hacktivist intrusions on critical infrastructure, the risks are growing more complex—and more targeted. Meanwhile, European institutions are responding with new strategic and regulatory moves, including ENISA’s formation of a dedicated Cyber Advisory Group and the release of the EU’s first General-Purpose AI Code of Practice.
We bring you the most important updates from the past week to help your team stay ahead of evolving threats, anticipate compliance shifts, and improve operational cyber readiness.
✅ Top Stories of the Week
i. Louis Vuitton Confirms UK Customer Data Breach
On July 2, Louis Vuitton disclosed that UK customer data—including names, contact information, and purchase history—was stolen in a cyber-attack. While no financial data was taken, the breach forms part of a broader wave of cyber incidents impacting major European retailers. Investigations are underway, with implications for GDPR and notification obligations. [Read more via The Guardian]
ii. Hacktivists Escalate to Critical Infrastructure Attacks in Europe
On July 14, Cyble highlighted a significant shift in hacktivist tactics—growing attacks on European Operational Technology (OT) systems. The so-called Z-Pentest group struck 31 ICS-focused intrusions in the last quarter, including data breaches and malware injections into energy, transport, and water infrastructure. [Read more via Industrial Cyber]
iii. “DoNot” APT Targets European Foreign Ministries with LoptikMod
On July 9, Trellix reported that the Indian-linked DoNot APT group (aka APT‑C‑35) has started targeting European foreign ministries with its custom LoptikMod malware. Deployed via phishing emails impersonating diplomatic officials, the malware establishes persistence, conducts surveillance, and exfiltrates sensitive diplomatic communications. [Read more via The Hacker News]
✅ Industry Trends & Insights
EU Publishes General‑Purpose AI Code of Practice
On July 10, the European Commission published the final General‑Purpose AI Code of Practice, marking a pivotal step ahead of the EU AI Act’s enforcement. Although voluntary, the AI Code sets clear expectations for transparency, safety, copyright compliance, and security for large AI models like ChatGPT. Adopting it allows companies to demonstrate good-faith alignment with the AI Act and may reduce compliance overhead. [Read the full report on the official EU website]
✅ Regulatory & Policy Updates
ENISA Launches New Cyber Advisory Group
On July 14, ENISA announced the formation of its inaugural Cyber Advisory Group, a panel of 33 leading experts tasked with guiding the agency’s strategy through 2025. This group will advise on critical issues, including implementation of NIS2, the Cyber Resilience Act, and market security certification, ensuring that ENISA’s policy roadmap aligns with real-world cybersecurity priorities across Europe. [Read more via ENISA]
✅ Cyber IQ Challenge + Proactive Security Hacks
Cyber IQ Quiz: Which recent development aims to align cybersecurity policy with real-world implementation challenges?
A) EU Chat Control Bill
B) ENISA Cyber Advisory Group
C) LoptikMod Malware Campaign
D) AI Code of Practice
Answer revealed below!
Smart Security Move of the Week: Prioritize OT-Specific Cyber Hardening
Hacktivist and APT campaigns are no longer just about defacements and DDoS—they’re targeting real-world systems. Here’s what to do if you operate in or depend on critical infrastructure:
-
Map your OT network to understand device visibility and interdependencies.
-
Apply network segmentation between IT and OT environments to limit lateral movement.
-
Deploy anomaly detection tools designed specifically for industrial protocols like Modbus and DNP3.
-
Run a tabletop exercise simulating ICS malware or breach scenarios with cross-functional teams.
✅ Quiz Answer: B) ENISA Cyber Advisory Group
Launched on July 14, this new expert panel will shape how Europe implements major frameworks like NIS2 and the Cyber Resilience Act through practical, industry-aligned advice.
✅ Conclusion
Europe’s cybersecurity landscape is entering a decisive phase. Between intensifying geopolitical threats, active targeting of diplomatic and critical infrastructure, and the rollout of complex regulatory frameworks, the balance between risk and resilience is under pressure.
Whether you’re navigating a potential supply chain breach, evaluating AI risk governance, or preparing for sector-specific mandates, Make Sense trainings and toolkits are built to support your next step.
Stay secure,
The Make Sense SRL Team & CyberTania
