Weekly Cybersecurity Digest [July, Week 2]
Posted on July 14, 2026
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense. Across Europe, cyber risk is increasingly shaped by state-backed activity, cloud exposure, ransomware disruption, AI-driven change, and stronger regulatory pressure on critical digital services.
This week’s developments show a clear pattern: attackers and regulators are both focusing on the systems organisations depend on most — cloud platforms, critical suppliers, infrastructure, data flows, AI tools, and managed service providers. For European organisations, resilience now depends on knowing where exposure sits, who owns the risk, and how quickly leadership can act when disruption, misconfiguration, or enforcement pressure appears.
✅ Top Stories of the Week
i. EU And UK Sanction Russian Cyber Networks Behind European Attacks
The EU and UK imposed coordinated cyber sanctions on Russian state-linked actors, military intelligence units, and associated cybercrime infrastructure accused of attacks across Europe. Targets included networks linked to espionage, sabotage, credential theft, and a failed attack on Poland’s energy grid. The move reflects Europe’s growing use of sanctions as a cyber deterrence tool — and reinforces that hostile-state cyber activity is now treated as a strategic security issue. [Read more via GOV.UK]
ii. European Cloud Provider Nextcloud Exposes 367,000 Internal Records
European cloud and collaboration provider Nextcloud exposed around 367,000 internal records through a misconfigured Elasticsearch database, including invoices, contracts, employee details, emails, setup scripts, and some client-related information. Nextcloud said the issue was fixed and that it had notified the relevant data protection authority. The incident highlights a familiar risk: even privacy-focused or sovereignty-aligned platforms still require disciplined access governance, configuration monitoring, and ownership clarity. [Read more via Cybernews]
iii. Latvian Forestry Company Still Restoring Systems After Ransomware Attack
Latvia’s state-owned forestry company LVM was still restoring systems weeks after a ransomware attack disrupted customer and internal services, including mapping and hunting applications. CERT.LV said the same threat actor continued looking for vulnerabilities across Latvian public and private infrastructure. This is a strong Europe-first operational story with public-sector, ransomware, and critical national-service relevance. [Read more via The Record]
✅ Industry Trends & Insights
Europe Builds AI Cybersecurity Testing Capacity For Critical Sectors
The European Commission is moving to create a secure AI testing platform to identify cybersecurity weaknesses in high-risk sectors such as hospitals, banks, power grids, transport, and public administration. The initiative reflects Europe’s effort to build trusted AI-enabled cyber capability while reducing reliance on foreign systems. For organisations, the trend is clear: AI security is becoming part of critical-sector resilience, not a separate innovation track. [Read more via Cybernews]
Steganography And Fileless Malware Are Making Detection Harder
The APT28 PNG-shellcode campaign is better placed here if you want a broader technical trend. It shows how attackers hide payloads inside ordinary-looking image files and run code in memory, reducing the usefulness of traditional file-based detection. For European organisations handling geopolitical, defence, or public-sector data, behaviour-based detection becomes more important. [Read more via Cyber Security News]
AI Coding Agents Are Blurring Defensive Detection Signals
New security research found that AI coding agents such as Claude Code, Cursor, and Codex can trigger endpoint security rules because their behaviour resembles attacker activity: launching terminals, running scripts, accessing credentials, installing packages, and interacting with cloud environments. The issue is not that the tools are malicious, but that AI-assisted work changes the security baseline. Organisations need clearer permissions, monitoring, and governance around AI agents in development environments. [Read more via The Hacker News]
✅ Regulatory & Policy Updates
EU Takes Four Member States To Court Over NIS2 Delays
The European Commission referred Ireland, Spain, France, and the Netherlands to the Court of Justice of the EU for failing to fully implement the NIS2 Directive. The case shows that NIS2 is moving from policy ambition to enforcement pressure. For organisations in critical and important sectors, the practical message is clear: cyber governance, incident reporting, supplier oversight, and resilience evidence need to be ready before regulators arrive. [Read more via The Record]
UK Brings Major Cloud Providers Under Financial Resilience Oversight
The UK designated AWS, Google Cloud, Microsoft, and Oracle as critical third-party suppliers to the financial sector, bringing them under direct oversight from financial regulators. The framework will require stronger resilience testing, self-assessments, and major incident reporting. For banks, insurers, and payment firms, this confirms a major shift: cloud concentration risk is now a financial stability issue, not only a technology sourcing matter. [Read more via GOV.UK]
UK Cyber Security And Resilience Bill Continues Through Parliament
GovInfoSecurity reported that the UK Cyber Security and Resilience Bill is expected to continue its parliamentary path, with the House of Lords scheduled to review it on July 14. The bill would expand the UK’s NIS-style regime to include data centres, managed service providers, critical suppliers, and 24-hour major incident reporting. Strong fit for Regulatory & Policy. [Read more via GOV Info Security]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz: What is the most effective way to reduce systemic cyber risk across complex digital ecosystems?
A) Add more tools without changing ownership or accountability
B) Map critical services, identities, suppliers, data flows, and response responsibilities
C) Restrict cyber resilience planning to IT and security teams only
D) Wait until regulation is enforced before testing operational readiness
(Answer below)
Smart Security Moves of the Week:
- Edge-device hygiene: Review routers, firewalls, VPNs, and gateways for outdated firmware, weak credentials, exposed management interfaces, and insecure configurations.
- Cloud exposure review: Audit collaboration platforms, dashboards, analytics tools, and databases for public exposure, excessive permissions, and unclear ownership.
- AI-agent governance: Define what AI coding agents can access, execute, modify, and authenticate to within development and cloud environments.
- Regulatory evidence readiness: Prepare documentation for NIS2, DORA, CRA, and critical-third-party expectations before enforcement becomes urgent.
Answer: B) Map critical services, identities, suppliers, data flows, and response responsibilities.
Cyber resilience starts with knowing which systems matter, who depends on them, where data and access flow, and who must act when disruption or exposure occurs.
✅ Conclusion
This week highlights how European cyber resilience is becoming a test of operational visibility. State-linked cyber activity, cloud misconfiguration, ransomware recovery, fileless malware techniques, and AI-enabled development all point to the same reality: cyber risk increasingly moves through trusted platforms, critical services, and everyday digital dependencies.
Regulatory pressure is moving in the same direction. NIS2 enforcement, financial oversight of major cloud providers, and the UK Cyber Security and Resilience Bill show that organisations will be expected to evidence resilience — not simply claim it. The priority now is practical: map critical services, secure access points, govern AI tools, and clarify accountability before disruption or regulatory scrutiny arrives.
Final reflection: If attackers or regulators examined your cloud platforms, AI tools, suppliers, data flows, and critical services today, would your organisation be able to explain who owns the risk and how it is controlled?
At Make Sense, we help organisations turn cyber complexity into practical resilience across Europe’s evolving threat landscape.
Stay secure,
The Make Sense SRL Team & CyberTania
