< ciso
brief />
Tag Banner

All news with #regulatory action tag

353 articles

Global Operation First Light 2026 Targets Cybercrime

🛡️ A global anti-fraud operation, Operation First Light 2026, ran from January 15 to April 30, 2026, coordinated by Interpol with support from regional partners and funding from China’s Ministry of Public Security. The crackdown targeted social engineering scams such as romance fraud and BEC, leading to over 5,800 arrests, identification of 15,606 suspects and interception of $293m in illicit assets. Actions included raids, freezing 31,014 bank accounts, seizing devices and using Interpol’s I-GRIP stop-payment mechanism.
read more →

Spain arrests suspected member of pro‑Russian hacktivists

🛡️ Spain's National Police arrested a man suspected of active roles in the pro‑Russian hacktivist groups CyberArmy of Russia Reborn and Z‑Pentest. Authorities say he provided logistical and operational support to a CARR-linked Ukrainian hacker and attempted to facilitate the hacker’s escape to Russia. Investigators seized computers and cryptocurrency devices during a March 2026 raid and froze wallets tied to stolen data sales. The suspect is under investigation for alleged links to terrorist group membership, glorification of terrorism, and computer damage.
read more →

France ends certification of non-quantum encryption

🔒 France’s cybersecurity agency ANSSI announced it will stop certifying security products that lack quantum-resistant encryption beginning in 2027, accelerating a national shift to post-quantum cryptography. ANSSI’s decision effectively forces French government bodies and critical operators to adopt quantum-safe solutions, as its approval is required for official use. The agency advised businesses to purchase only quantum-safe products by 2030 to ensure compliance and future-proofing.
read more →

CJEU upholds €4.1B antitrust fine against Google

📢 The Court of Justice of the European Union has dismissed Google's final appeal against a €4.1 billion antitrust fine related to Android. The ruling affirms that Google used pre-installation, anti-fragmentation agreements, and certain revenue-sharing deals to strengthen its dominant position and restrict competition. Google contests the decision, noting changes to its practices since 2018 and arguing that market realities have shifted.
read more →

FTC fines Amazon for withholding fraud victims’ records

🔎 The FTC says Amazon will pay a $2.25 million penalty after allegedly blocking identity-theft victims from obtaining transaction records required under Section 609(e) of the FCRA. The complaint claims Amazon customer service denied record requests citing "privacy" or "security," often delivered records after the 30-day statutory window, and sometimes refused law enforcement requests. The order requires Amazon to provide requested records within 30 days and notify affected consumers who previously requested records since April 2024.
read more →

Bill would require mandatory AI incident reporting

📝 A proposed AI Incident Reporting Act would obligate developers of designated high-capability models to report major safety and security incidents to the Commerce Department. Reports would be required within seven days of discovery, with 48-hour notifications to congressional leaders for imminent or ongoing serious harm. The bill tasks the Secretary of Commerce with defining capability thresholds and grants the department investigative and enforcement powers, including fines up to $2 million per violation.
read more →

Ten years of the GDPR: mixed outcomes and lessons

📄 Ten years after the GDPR came into force, data protection is far more established across Europe and beyond, raising consumer awareness and making privacy a competitive factor for businesses. Record fines against major tech firms underline enforcement seriousness, even as many penalties remain disputed. Companies increasingly view the regulation as burdensome and legally uncertain, complicating innovation, notably in AI development.
read more →

AI Liability and the Publisher–Carrier Distinction

📰 The German court found Google liable for AI-generated search summaries, rejecting defenses that users should verify AI output themselves. This ruling highlights the historical distinction between carriers and publishers and argues that AI summaries act like editorial content. Past cases, like Air Canada’s chatbot ruling, reinforce that organizations are responsible for their AI agents. The decision could force companies to improve AI accuracy or curtail certain commercial uses.
read more →

International takedown of Amadey and StealC networks

🛡️ A multinational law enforcement operation, coordinated with private-sector partners such as Bitdefender, ESET, and Microsoft, dismantled infrastructure powering the Amadey and StealC malware ecosystems. Authorities identified and restricted over $47 million in criminal cryptocurrency, recovered 27 million stolen credentials, and dismantled hundreds of servers and domains. The action disrupted loader-and-stealer chains used to fuel ransomware and fraud.
read more →

DOJ Seizes Cloud Account Linked to HuiOne Group

📰 The U.S. Department of Justice announced the seizure of a cloud computing account used by subsidiaries of Cambodia-based HuiOne Group, as the Treasury sanctioned individuals and entities tied to Prince Group. The account hosted backend infrastructure for illicit marketplaces, including HuiOne Guarantee, which facilitated large-scale crypto fraud, money laundering services, and the sale of crimeware and exploitative tools. Authorities say these platforms enabled conversion of stolen cryptocurrency into the legitimate banking sector and supported human trafficking and violent control measures at scam compounds.
read more →

MPs Warn UK Museums Face Cybersecurity Shortfalls

🛡️ Parliament’s Public Accounts Committee has criticised the Department for Culture, Media and Sport for a reactive approach to cybersecurity, leaving national galleries and museums exposed. The PAC highlighted incidents including a ransomware attack on the British Library and thefts from the British Museum as evidence of systemic failings. It calls on DCMS to set out concrete actions, share lessons across the sector, and address skills shortages and legacy technology.
read more →

Executive Order Accelerates Post‑Quantum Readiness

🔒 The White House Executive Order signed June 22, 2026 mandates migration of federal systems to NIST‑approved post‑quantum cryptography, setting milestones for key establishment by 2030 and digital signatures by 2031. It extends urgency to critical infrastructure, federal contractors, and procurement, highlights "harvest now, decrypt later" risk, and calls for cryptographic bill of materials guidance to drive visibility and operational readiness.
read more →

US issues post-quantum crypto deadlines, launches quantum push

🔒 The White House signed two executive orders to accelerate federal migration to post-quantum cryptography and expand investment in quantum technologies. The crypto order sets firm deadlines for replacing vulnerable algorithms, requires cryptographic inventories and a CBOM, and signals future procurement rules for contractors. The companion order creates a coordinated federal quantum initiative to drive research, commercialization, workforce development, and defenses for sensitive research.
read more →

U.S. Executive Order Accelerates PQC Adoption

🔒 On June 22, 2026, President Trump signed Executive Order 14409, setting federal deadlines to adopt post-quantum cryptography: key establishment by December 31, 2030, and authentication by December 31, 2031, with contractors required to comply by 2030. Cloudflare supports the EO, noting federal procurement has historically driven industry adoption and highlighting that post-quantum encryption deployment is already widespread across its services while authentication work continues. The EO focuses on NIST-standardized PQC, excludes National Security Systems, and directs OMB and agencies to plan and report migration progress.
read more →

U.S. Sets 2030–2031 Deadlines for PQC Migration

🔐 President Trump signed an executive order on June 22 directing federal agencies to migrate high-value assets to post-quantum cryptography with key establishment required by December 31, 2030 and digital signatures by December 31, 2031. The EO accelerates the federal timeline by four to five years and aligns agency schedules with NIST's 2024 FIPS for ML-KEM and ML-DSA/SLH-DSA. Agencies must name migration leads, inventory cryptographic assets, and submit plans; OMB, NIST, CISA and FAR will issue guidance to enforce timelines and contractor requirements.
read more →

US Executive Order Accelerates PQC Migration by 2031

🔐 The US has issued Executive Order 14409 requiring federal agencies to migrate to post-quantum cryptography (PQC) for key establishment by December 31, 2030 and for digital signatures by December 31, 2031. The EO mandates a Commerce-led PQC pilot to finish by December 31, 2027 and directs OMB and the National Cyber Director to accelerate a nationwide transition while coordinating with other agencies and international partners. It also tasks agencies to find cost efficiencies and ensures contractors meet federal cybersecurity standards by 2030.
read more →

Google expands EU financial advertiser verification

🔒 Google is expanding its financial services advertiser verification program to cover all EU and EEA member states, adding 24 countries to its rollout. The program builds on existing advertiser identity checks and Gemini-powered defenses to block harmful or unauthorized ads. Advertisers must complete verification against national registries within 30 days or face restrictions on financial ads. This aims to increase trust in online financial advertising and reduce scams.
read more →

UK Information Commissioner Resigns After Probe

📰 The UK’s information commissioner, John Edwards, resigned on June 19 after an internal HR investigation concluded there was a case to answer for conduct that fell short of expected standards. Secretary of state Liz Kendall cited vulgar, sexualized language and thanked those who came forward. The ICO reiterated its commitment to a safe workplace and said it does not accept harassment, bullying or discrimination. Edwards acknowledged poor judgement, described his role as untenable and announced his resignation.
read more →

Telegram admits limits detecting exam leak channels

📄 India's government told the Delhi High Court that it warned Telegram roughly two weeks before blocking the app amid allegations channels were selling leaked NEET-UG 2026 exam papers. The Ministry of Electronics and Information Technology and the National Testing Agency identified groups, channels and bots circulating stolen material and reported them to Telegram. The affidavit says Telegram acknowledged limited proactive detection and relied on reported content, while India's block—initially framed as a measured step—remains in effect pending the court's ruling.
read more →

New PCI Rules Force Runtime Script Controls

🔒 An independent PCI assessor evaluated Reflectiz against the updated PCI DSS requirements and found it effectively supports merchant compliance. Modern checkouts load many third-party scripts, any of which can be turned into skimmers, and PCI DSS v4.0.1 introduces controls to inventory, authorize, and detect tampering of payment-page scripts. The QSA highlighted Reflectiz’s behavior-based detection, agentless deployment, and one-click QSA-ready evidence as key strengths, while SAQ A exemptions remain limited for iframe integrations.
read more →