Any questions? Get in touch!

Weekly Cybersecurity Digest [May, Week 4]

Posted on May 27, 2025

Dear Valued Clients,

Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you informed about the latest developments in information security across Europe. Our goal is to provide you with actionable insights to enhance your security posture.

Top Stories of the Week

i. New Details Emerge on Russian Hacking Group Linked to 2024 Espionage

Dutch intelligence agencies have identified a previously unknown cyber-espionage group, nicknamed “Laundry Bear,” believed to be backed by Russian state actors. The group is reportedly behind a 2024 campaign that targeted networks belonging to NATO, the Dutch police, and high-tech firms across Europe. This week’s disclosure sheds new light on the group’s objectives, including the pursuit of sensitive information related to defense, sanctions, and Western arms shipments. [Read more at Reuters]

ii. ESA Inaugurates New Cyber Security Operations Centre

On May 27, 2025, the European Space Agency (ESA) inaugurated a new Cyber Security Operations Centre (C-SOC) at its European Space Operations Centre (ESOC) in Germany. This dedicated facility aims to ensure the continued security of ESA’s critical infrastructure, including mission-critical systems that control spacecraft and process scientific data. The dual-site design ensures operational resilience and redundancy, with each site capable of supporting the other if needed. [Read more at European Space Agency]

iii. Marks & Spencer Faces £300 Million Loss Due to Ransomware Attack

Marks & Spencer (M&S) reported a ransomware attack that disrupted online operations, leading to a projected loss of £300 million in the 2025/26 financial year. The attack also resulted in the theft of some customer data, though no payment information was compromised. Cybercriminal group DragonForce claimed responsibility for the attack. This incident highlights the vulnerabilities in the retail sector and underscores the importance of robust cybersecurity measures. [Read more at Vogue Business]

Industry Trends and Insights

GCHQ Criticizes UK Businesses for Ignoring Cybersecurity Advice

Richard Horne, chief executive of the UK’s National Cyber Security Centre (NCSC), has criticized British businesses for not adhering to freely available cybersecurity guidance, despite rising cyber threats. Following a spike in cyberattacks targeting major retailers and institutions, Horne emphasized the widening gap between cyber risks and organizational preparedness. He urged business leaders to adopt NCSC’s advice, including the Cyber Essentials program, which can significantly reduce the likelihood of a cyber incident. [Explore more at The Times]

Regulatory Updates

European Commission Publishes Q&A on AI Literacy Under the AI Act

On May 7, 2025, the European Commission published a Q&A on the AI literacy obligation under Article 4 of the AI Act. The document clarifies that AI literacy requirements apply to all providers and deployers of AI systems, necessitating organizations to train anyone directly dealing with AI systems. The Q&A outlines key considerations for compliance and notes that enforcement by national market surveillance authorities will commence on August 3, 2026. [Check out more at Inside Privacy]

Cyber IQ Challenge + Proactive Security Hacks

What’s Your Cyber IQ?

What is the primary benefit of the EU Cybersecurity Act’s certification framework?

  1. It replaces all national cybersecurity laws.

  2. It centralizes vulnerability information to enhance EU digital security.

  3. It establishes a common certification framework for ICT products and services across the EU.

While you ponder the answer, here are some quick hacks to boost your security:

  • Regularly Update Systems: Ensure all software and systems are up-to-date to patch known vulnerabilities.

  • Implement Multi-Factor Authentication (MFA): Add an extra layer of security to user logins.

  • Conduct Regular Security Audits: Periodically assess your organization’s security posture to identify and address potential weaknesses.

Answer to Cyber IQ Challenge:
The correct answer is 3. It establishes a common certification framework for ICT products and services across the EU.

Conclusion

As the cybersecurity landscape continues to evolve, staying informed and proactive is more crucial than ever. We encourage you to consider how these developments might impact your organization and explore how our training programs can support your security objectives. Have ideas for future digests or want to share your Cyber IQ answer? Drop us a line at info@makesensegrc.com.

Stay secure,
The Make Sense SRL Team & CyberTania