Any questions? Get in touch!

Weekly Cybersecurity Digest [May, Week 3]

Posted on May 20, 2025

Dear Valued Clients,

Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you informed about the latest developments in information security across Europe. Our goal is to provide you with actionable insights to enhance your security posture.

Top Stories of the Week

i. Spain Investigates Cyberattack Link in Recent Blackout

Spain is investigating cyber vulnerabilities in small renewable energy generators following an April 28 blackout that caused a major grid collapse. Authorities have not ruled out a cyber attack and are probing potential weaknesses in decentralized power systems. [Learn more on Financial Times]

ii. ENISA Releases Cyber Stress Testing Handbook

The European Union Agency for Cybersecurity (ENISA) has published a comprehensive handbook to guide national and sectoral authorities in assessing the cybersecurity and resilience of critical infrastructure under the NIS2 Directive. The handbook provides a structured approach to evaluating the ability of organizations to withstand and recover from significant cybersecurity incidents. [Check out on Industrial Cyber and ENISA website]

iii. Meta Faces Legal Action Over AI Training on EU User Data

Privacy advocacy group noyb has issued a cease-and-desist letter to Meta, threatening legal action over the company’s plans to train AI models using public data from EU users without explicit opt-in consent. Meta’s reliance on “legitimate interest” for data processing is under scrutiny, with concerns about compliance with the General Data Protection Regulation (GDPR). [See more at Reuters]

Industry Trends and Insights

CompTIA Targets OT Cyber Skills Gap with New SecOT+ Certification

CompTIA has announced the development of a new certification focused on core cybersecurity skills for operational technology (OT) environments. The upcoming SecOT+ certification aims to bridge the persistent gap between OT and IT expertise, equipping professionals with a unified skill set to detect, mitigate, and respond to security threats in manufacturing and critical infrastructure environments. [Learn more on Industrial Cyber]

Regulatory Updates

Italy’s Data Watchdog Fines AI Company Replika’s Developer $5.6 Million

Italy’s data protection authority has imposed a €5 million ($5.64 million) fine on Luka Inc., the developer of the AI chatbot Replika, for violating data privacy regulations. The investigation revealed that Replika processed user data without a legal basis and lacked an effective age-verification system, leading to the financial penalty. Additionally, Garante has initiated a separate probe to determine if Replika’s use of generative AI complies with European Union privacy standards. [Read more on Reuters]

Cyber IQ Challenge + Proactive Security Hacks

What’s Your Cyber IQ?

Q. What is the primary benefit of the European Vulnerability Database (EUVD)?

  1. It replaces all existing vulnerability databases globally.

  2. It centralizes vulnerability information to enhance EU digital security.

  3. It eliminates the need for incident response teams.

While you ponder the answer, here are some quick hacks to boost your security:

  • Regularly Update Systems: Ensure all software and systems are up-to-date to patch known vulnerabilities.

  • Implement Multi-Factor Authentication (MFA): Add an extra layer of security to user logins.

  • Conduct Regular Security Audits: Periodically assess your organization’s security posture to identify and address potential weaknesses.

Answer to Cyber IQ Challenge:
The correct answer is 2. It centralizes vulnerability information to enhance EU digital security.

Conclusion

As the cybersecurity landscape continues to evolve, staying informed and proactive is more crucial than ever. We encourage you to consider how these developments might impact your organization and explore how our training programs can support your security objectives.

Stay secure,
The Make Sense SRL Team & CyberTania