Weekly Cybersecurity Digest [October, Week 1]
Posted on October 7, 2025
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense, your partner in strengthening resilience against evolving digital risks. Europe opened October with ENISA’s new threat landscape, an EU-wide awareness push, and fresh research on state-aligned activity against public bodies, alongside market momentum in open-source defence tooling. Our goal is not only to inform but to turn insight into measurable, auditable action.
✅ Top Stories of the Week
i. “Almost 1B Salesforce records” claim targets customer tenants
A cybercrime group claimed to have breached nearly one billion Salesforce customer records through compromised tenant credentials rather than Salesforce’s core systems. European enterprises using the platform were warned to tighten access governance, enable MFA, and review API keys. The incident underscores the growing SaaS security blind spot across distributed data ecosystems. [Read more via Reuters]
Quick exercise: List your top three SaaS applications and name one compensating control per app (e.g., SSO + MFA, least-privilege tokens, anomaly alerts).
ii. European parliamentarians implore EU leadership to stop funding spyware
Thirty-nine MEPs wrote to EU Commission leaders demanding transparency on taxpayer and EU funds directed to spyware firms like Cy4Gate and Intellexa. The criticism stems from investigations that have shown public subsidies fueling surveillance tools used against civil society and journalists. The letter calls for funding reforms and accountability in EU grant programmes. [Read more via The Record]
iii. Suspected China-linked cyber-espionage hits Serbian aviation
Researchers detailed a phishing-led campaign against a Serbian aviation agency, with related activity observed in Hungary, Belgium, Italy and the Netherlands. The activity highlights persistent targeting of transport and state bodies, lateral movement via trusted email, and the need for identity-first controls and mailbox forensics. [Read more via The Record]
Note down: Name one identity-first control (e.g., phishing-resistant MFA, token binding, conditional access) you will tighten this quarter.
✅ Industry Trends & Insights
ENISA unveils Threat Landscape 2025
ENISA’s latest report analyses over 4,800 cyber incidents recorded between July 2024 and June 2025. It highlights persistent ransomware, AI-enabled intrusion campaigns, and cross-border exploitation of critical infrastructure. The report urges European entities to enhance supply chain visibility and workforce preparedness to counter evolving threats targeting industrial, transport, and healthcare sectors. [Read more via ENISA]
Circle two: From ENISA’s list, mark two threat trends you’ll test against your current detections in the next 30 days.
European Cybersecurity Month 2025 launches
The Commission launched the EU-wide campaign, focusing on phishing, and provided practical guidance and materials for citizens, SMEs, and public bodies. It’s a timely moment to align internal communications, tabletop exercises, and metrics with EU messaging to enhance baseline hygiene across suppliers and staff. [Read more via European Commission (Digital Strategy)]
✅ Regulatory & Policy Updates
EU prolongs sanctions against Russian hybrid threats
The Council extended restrictive measures by one year (to 9 Oct 2026) against persons/entities involved in Russia’s destabilising hybrid activities, including cyber operations and FIMI. The move maintains legal pressure while member states strengthen coordination under NIS2 and related frameworks. [Read more via Council of the EU]
Signal calls on Germany to vote against ‘Chat Control’
Signal’s president warned Germany that if it supports the EU’s Chat Control regulation, which requires scanning of encrypted messages, Signal may exit the European market entirely. The campaign frames the law as mass surveillance under the guise of child protection and claims to weaken encryption for all users. [Read more via The Record]
Reflection: If client-side scanning were mandated, state one compensating control or policy stance you would adopt—and why.
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz:
Which shared-responsibility layer most often exposes EU organisations to SaaS data loss in large multi-tenant breaches?
A) Provider hosting
B) Tenant identity & access
C) Provider network
D) End-user devices
(Answer below)
Smart Security Moves of the Week:
- Harden SaaS tenants: Enforce SSO + phishing-resistant MFA, rotate API keys, restrict token scopes, and enable anomaly alerts.
- Cyber Threat Intelligence → controls: Convert one ENISA-listed TTP into a concrete detection this week; validate with a tabletop.
- Supplier tabletop: Simulate loss of a critical third-party workflow (aviation-style dependency you don’t control).
- ECM alignment: Ship two micro-lessons on phishing and rapid incident reporting.
Answer: B) Tenant identity & access.
✅ Conclusion
From ENISA’s mapping and the EU’s awareness drive to parliamentary scrutiny of spyware funding, SaaS-tenant exposure, and aviation-focused espionage, this week underscores that Europe’s risks are operational, not abstract.
Final reflection for you: Which dependency—vendor, integration, or identity control—would make the most prominent headline if it failed tomorrow?
At Make Sense, we convert intelligence into prioritised action: tightening identity controls, rehearsing supplier scenarios, improving detection and response, and hardening shared services across teams and partners to deliver measurable, auditable resilience.
Stay secure,
The Make Sense SRL Team & CyberTania
