Weekly Cybersecurity Digest [June, Week 3]
Posted on June 23, 2026
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense. This week highlights how cyber risk across Europe is being shaped by three key forces: attacks on critical industries, hostile-state pressure on essential services, and the rapid rise of AI-enabled cyber capabilities.
From a major extortion claim targeting a leading pharmaceutical company to law enforcement action against Russian-linked malware infrastructure and warnings about threats to UK critical systems, the message is clear: cyber resilience is now directly tied to operational continuity and trust in essential services.
✅ Top Stories of the Week
i. Hacking Group Claims Major Novo Nordisk Breach And $25 Million Extortion Attempt
A cyber extortion group claimed it stole more than 1TB of data from Danish pharmaceutical giant Novo Nordisk, including alleged proprietary drug information, source code, clinical trial data, employee data, and internal AI-related material. Novo Nordisk said it was aware of claims involving data allegedly copied without authorisation and maintained that its main platforms remained operational. The case shows how cyber extortion against European life-sciences leaders can quickly become a strategic business, intellectual-property, and patient-trust issue. [Read more via Reuters]
ii. Police Raid Malware Network Linked To Russia’s Evil Corp Group
An international law enforcement operation disrupted the SocGholish malware network, linked to Russia-based cybercrime group Evil Corp. Authorities from the Netherlands, Germany, Canada, and the United States took down more than 100 servers and helped disinfect nearly 15,000 compromised websites used to spread malware through fake browser and software update prompts. The operation matters because compromised legitimate websites continue to act as entry points for ransomware, espionage, and wider criminal campaigns. [Read more via The Record]
iii. UK Critical Infrastructure Faces Heavy Hostile-State Cyber Pressure
The UK’s National Cyber Security Centre warned that three-quarters of cyberattacks affecting organisations within the UK’s critical infrastructure over the past year can be linked to hostile state actors. NCSC said it managed more than 200 incidents involving critical national infrastructure and supporting systems in the year to May 2026. The warning reinforces that energy, transport, healthcare, communications, and public services must treat cyber resilience as a board-level operational and national-security priority. [Read more via NCSC]
✅ Industry Trends & Insights
AI-Assisted Development Needs Risk-Based Security Oversight
The UK NCSC published guidance on the “vibe coding spectrum”, warning that AI-assisted software development requires different levels of oversight depending on the sensitivity and criticality of the code being produced. Internal tools and prototypes may carry lower risk, but authentication logic, customer-data processing, critical infrastructure code, and safety-sensitive systems require stronger controls. For European organisations, AI-assisted development is becoming a software governance issue, not just a productivity trend. [Read more via NCSC]
Europe Pushes Security And Privacy Into 6G Development
Europe is investing early in cybersecurity and privacy for 6G, with EU-funded projects exploring AI-enabled threat intelligence, digital twins, quantum-resistant data sharing, and privacy-preserving network sensing. The work reflects a broader strategic trend: future telecom infrastructure will not only be faster and more connected, but also more complex to secure. For European organisations, 6G security is already becoming a digital sovereignty, critical infrastructure, and compliance issue. [Read more via GovInfoSecurity]
✅ Regulatory & Policy Updates
Five Eyes Agencies Warn AI Is Accelerating Cyber Risk
Cybersecurity agencies from the Five Eyes alliance warned that AI is rapidly transforming cyber risk and shrinking the window between vulnerability discovery and exploitation. Published by the UK NCSC, the statement urges leaders to reduce attack surfaces, accelerate patching, address legacy systems, strengthen identity controls, and test incident response. For European organisations, the message is highly relevant: AI risk is becoming a leadership, resilience, and market-confidence issue — not simply a technical concern. [Read more via NCSC]
EU Digital Decade Report Urges Progress On Structural Digital Gaps
The European Commission’s 2026 State of the Digital Decade report highlighted progress toward Europe’s 2030 digital goals, while urging action to close structural gaps in connectivity, digital skills, advanced technologies, and trusted digital services. Although broader than cybersecurity alone, the report matters for resilience because digital sovereignty, secure infrastructure, cloud capability, public-sector digitalisation, and trust services increasingly shape Europe’s cyber-risk baseline. Cyber maturity is now part of Europe’s wider competitiveness and autonomy agenda. [Read more via European Commission]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz: What is the most important cybersecurity principle organisations should prioritise to strengthen resilience?
A) AI-assisted development removes the need for secure coding review
B) Cyber resilience is mainly about endpoint protection
C) Critical infrastructure, AI-enabled exploitation, monitoring platforms, and ransomware tooling can all become operational risk pathways
D) Hostile-state cyber activity only affects government agencies
(Answer below)
Smart Security Moves of the Week:
- Critical infrastructure dependency review: Identify which suppliers, platforms, and services support your most important operations.
- AI development governance: Define where AI-assisted coding is acceptable, where human review is mandatory, and where stronger security testing is required.
- Security-tool hardening: Treat SIEM, monitoring, EDR, VPN, and identity platforms as high-value targets requiring rapid patching and access control.
- Hostile-state readiness: Review incident-response plans for scenarios involving disruption, espionage, disinformation, and critical-service pressure.
Answer: C) Critical infrastructure, AI-enabled exploitation, monitoring platforms, and ransomware tooling can all become operational risk pathways.
This week’s developments show that cyber risk increasingly moves through the systems organisations depend on most: critical infrastructure, trusted software platforms, security tools, and AI-enabled development or attack workflows.
✅ Conclusion
This week highlights how cyber risk is expanding beyond isolated incidents into broader operational and strategic exposure. Attacks on critical industries, hostile-state activity, and evolving AI capabilities are increasing both the speed and impact of cyber threats across Europe.
Organisations must strengthen governance, secure critical dependencies, and ensure leadership can respond quickly to disruption.
Final reflection: If your organisation were exposed through a critical supplier, AI-assisted development process, security platform, or hostile-state campaign, would leadership understand the impact quickly enough to act?
At Make Sense, we help organisations turn cyber complexity into practical resilience across Europe’s evolving threat landscape.
Stay secure,
The Make Sense SRL Team & CyberTania
