Weekly Cybersecurity Digest [July, Week 1]
Posted on July 7, 2026
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense. Across Europe, cyber risk continues to evolve at the intersection of trust, governance, and geopolitical pressure. Recent incidents show how attackers are increasingly targeting trusted individuals, platforms, and information channels, while organisations face growing exposure through cloud services, data flows, and digital dependencies.
At the same time, emerging trends such as AI governance gaps, professionalised fraud operations, and the security of space infrastructure are expanding the cyber risk landscape beyond traditional IT boundaries.
Regulatory developments further reinforce this shift, as governments and institutions move toward stronger resilience measurement, active defence, and scrutiny of cross-border data frameworks.
✅ Top Stories of the Week
i. Former European Parliament Member Targeted With Pegasus Spyware
A former European Parliament member who served on the committee investigating spyware abuse was reportedly infected with Pegasus spyware multiple times. The case has renewed concerns about commercial spyware, democratic oversight, and the protection of politicians, journalists, civil society actors, and other high-risk individuals. It also shows how surveillance technologies can undermine institutional trust when used against those responsible for scrutinising them. [Read more via DataBreachToday]
ii. Dutch University Discloses Year-Long Power BI Data Exposure
Avans University of Applied Sciences disclosed that sensitive personal data was exposed for almost a year through a Microsoft Power BI-based management application. The issue reportedly followed a Microsoft environment change and was discovered in June 2026. The university notified affected individuals and Dutch data protection authorities. The incident highlights a growing governance issue: cloud analytics tools can create serious exposure when access controls, monitoring, and ownership responsibilities are unclear. [Read more via Cybernews]
iii. Ukrainian Media Outlets Become Priority Targets For Russian Hackers
Ukraine’s security agency warned that Russian-linked hackers are increasingly targeting Ukrainian media organisations, including television broadcasters. Officials described attempts involving DDoS attacks, phishing, connected infrastructure access, and propaganda publication through compromised platforms. The threat matters beyond Ukraine because attacks on media infrastructure are attacks on public trust, information integrity, and democratic resilience — areas that remain strategically relevant across Europe. [Read more via The Record]
✅ Industry Trends & Insights
Europe To Test Space Cyber-Shield With CyberCUBE Mission
Europe is preparing to test cybersecurity technologies in orbit through the ESA’s CyberCUBE mission, designed to protect future satellite systems from digital threats. The CubeSat will assess defences against unauthorised access, jamming, spoofing, software compromise, and cryptographic risks. The story highlights how space infrastructure is becoming part of Europe’s cyber resilience and digital sovereignty agenda. [Read more via Escudo Digital]
Business Email Compromise Remains A Highly Operational Fraud Model
New underground research highlighted how business email compromise actors continue to professionalise fraud operations, including the use of call centres, payment-pressure tactics, and regional activity across parts of Europe. The trend matters because BEC is rarely just a “phishing problem.” It exploits approval processes, supplier relationships, executive urgency, and payment workflows — making finance, procurement, legal, and leadership teams part of the security perimeter. [Read more via BleepingComputer]
European AI Crisis Exercises Highlight Governance Gaps
RAND Europe, the UK AI Security Institute, and Mila ran tabletop exercises with senior officials in Germany, the Netherlands, and France to test responses to AI-enabled cyber crises. The exercises highlighted gaps around escalation thresholds, independent technical capability, and open-weight model governance. For European organisations, the message is clear: AI cyber risk requires prepared governance, not only technical controls. [Read more via RAND Europe]
✅ Regulatory & Policy Updates
Germany Seeks Expanded Powers To Hack And Disrupt Foreign Attackers
Germany is preparing draft legislation that would give intelligence agencies greater powers to hack, disrupt, deceive, and disable foreign attackers’ infrastructure under strict oversight. The proposed reform reflects Berlin’s effort to move from passive monitoring toward more active cyber defence in response to Russian-linked and hybrid threats. For European organisations, the shift signals a broader policy direction: governments are rethinking how far defensive action should go in cyberspace. [Read more via Reuters]
ENISA Launches NIS360 Survey For High-Criticality Sectors
ENISA launched a new NIS360 survey for national authorities and high-criticality entities under NIS2, supporting the next edition of its EU cybersecurity maturity assessment. The initiative reflects Europe’s shift toward more evidence-based resilience measurement across critical sectors. For organisations, it reinforces the importance of benchmarking maturity, documenting controls, and aligning security governance with sector-level expectations. [Read more on ENISA]
EU-US Data Transfer Framework Faces Renewed Legal Pressure
A US Supreme Court decision has raised new concerns about the independence of oversight mechanisms underpinning the EU-US Data Privacy Framework. Privacy advocate Max Schrems has indicated plans to challenge the framework, arguing that the basis for trusted EU-US data transfers has been weakened. For European organisations relying on US cloud, SaaS, analytics, or advertising platforms, the issue could reopen strategic questions around data residency, vendor risk, and digital sovereignty. [Read more via The Record]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz: Which capability gives organisations the strongest foundation for protecting digital trust?
A) More tools without ownership clarity
B) Strong visibility over identities, data flows, suppliers, and decision points
C) Treating mobile and cloud platforms as outside the security perimeter
D) Waiting for regulators before reviewing digital dependencies
(Answer below)
Smart Security Moves of the Week:
- High-risk user protection: Strengthen device security, threat notifications, and travel-risk procedures for executives, board members, legal teams, journalists, and public-facing roles.
- Cloud analytics governance: Review Power BI, dashboarding, reporting, and data-visualisation tools for unintended access, oversharing, and unclear ownership.
- Payment workflow resilience: Recheck supplier payment changes, urgent transfer approvals, and executive impersonation scenarios before fraud pressure is applied.
- Mobile attack-surface review: Include proximity-sharing features, unmanaged devices, mobile transfer protocols, and personal-device workflows in risk assessments.
Answer: B) Strong visibility over identities, data flows, suppliers, and decision points.
Digital trust depends on knowing who can access what, how data moves, which systems support decisions, and where attackers could exploit credibility or authority.
✅ Conclusion
This week highlights how cyber risk in Europe is increasingly shaped by trust, governance, and strategic autonomy. Attacks on individuals, media platforms, and business processes show that credibility itself is becoming a primary target. At the same time, organisations must manage expanding exposure across cloud services, AI systems, and emerging domains such as space infrastructure. Regulatory developments reinforce the need for measurable resilience, stronger oversight, and clearer accountability.
The key takeaway is practical: organisations that understand their identities, data flows, suppliers, and decision pathways will respond faster and more effectively. Building this visibility is no longer optional—it is essential for maintaining trust and resilience in a rapidly evolving threat landscape.
Stay secure,
The Make Sense SRL Team & CyberTania
