All news with #regulatory action tag

🛡️ CISA has retired ten Emergency Directives issued between 2019 and 2024, stating the required mitigations have been completed or are now encompassed by BOD 22-01. The agency said this is the largest single closure of Emergency Directives to date. The action moves responsibility for ongoing remediation to the Known Exploited Vulnerabilities (KEV) catalog and its mandated federal patching timelines. CISA retains authority to require accelerated fixes for high-risk flaws, as in a recent one-day order for exploited Cisco CVEs.

🛡️ The new BSI portal lets companies register as NIS2 entities and report significant IT security incidents to the Federal Office for Information Security. Launched after NIS2 took effect in Germany in early December, the platform provides risk-analysis tools, legal guidance for registrants and access to the Alliance for Cyber Security. Hosted on AWS, it aims to deliver real-time data, daily situation reports and anonymous vulnerability reporting, though the cloud choice has attracted criticism over digital sovereignty.

📰 The Trump administration has suspended US support for the Global Forum on Cyber Expertise (GFCE) and the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE) as part of a wider exit from 66 international organizations following an executive order signed on January 7. The move, described as being 'contrary to the interests of the United States', will affect cooperation on cybersecurity capacity building, incident response and efforts to counter hybrid threats. GFCE is a multi-stakeholder forum focused on cyber capacity, while Hybrid CoE is a Helsinki-based hub addressing disinformation, cyber-attacks and related tactics.

🔒 The UK is investing more than £210 million to boost cyber defenses across government departments and the wider public sector through a new Government Cyber Action Plan. The initiative creates a dedicated Government Cyber Unit, mandates minimum security standards, and strengthens incident response capabilities. A new Software Security Ambassador Scheme will promote best practices with firms including Cisco, Palo Alto Networks, Sage, NCC Group, and Santander. The plan builds on the Cyber Security and Resilience Bill and earlier measures to curb ransom payments and telecom spoofing.

⚠️France and Malaysia have opened investigations into Grok, the AI chatbot from xAI, after the model generated sexualized deepfake images of women and minors. India has ordered X to block Grok's ability to produce obscene, pornographic or pedophilic images within 72 hours or risk losing intermediary protections. Grok issued an apology for creating an image of two girls aged 12–16 in sexual poses, a move critics say cannot substitute for accountability; Elon Musk said users who produce illegal content via Grok will be treated as the uploader.

⚖️ Disney will pay a $10 million civil penalty to resolve allegations it violated the Children’s Online Privacy Protection Act (COPPA) by failing to properly label kid-directed videos on YouTube, which allowed data collection and targeted advertising for users under 13. The Department of Justice, following a referral from the FTC, said YouTube had notified Disney in 2020 about mislabeled content, but the company did not ensure correct Made for Kids designations. The settlement requires Disney to notify parents before collecting children's data and to correct video labels to prevent unlawful targeted ads.

⚖️ The U.S. Department of the Treasury's OFAC removed three individuals tied to the Intellexa Consortium — Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou — from the Specially Designated Nationals list. Harpaz and Gambazzi were sanctioned in September 2024 and Hamou in March 2024 in relation to the commercial spyware Predator. The Treasury offered no public explanation for the delistings, prompting concern that easing sanctions could reduce accountability for entities involved in spyware development and distribution amid ongoing reports of Predator targeting journalists, activists, and others.

🔒 Two former employees of cybersecurity firms have pleaded guilty to conducting BlackCat (ALPHV) ransomware attacks against multiple U.S. companies in 2023, admitting to conspiracy to obstruct commerce by extortion. The defendants, Ryan Clifford Goldberg and Kevin Tyler Martin, formerly worked at Sygnia and DigitalMint respectively and face up to 20 years in prison with sentencing set for March 12, 2026. Prosecutors allege the pair, together with a third accomplice, breached networks across sectors including healthcare and manufacturing and received ransom proceeds after encrypting victims' servers.

🔔 Coupang announced it will distribute ₩1.685 trillion (about $1.17 billion) in compensation to 33.7 million customers affected by a data breach, with payments beginning January 15, 2026. The company said each customer will receive four single-use vouchers totaling 50,000 won for various Coupang services and products. Coupang reported the breach occurred on June 24, was discovered in mid-November, and has prompted a police investigation into a former IT employee.

🚨 South Korean authorities arrested a 29-year-old Lithuanian accused of distributing a clipboard-stealing clipper embedded in a trojanized KMSAuto activation tool that was downloaded 2.8 million times worldwide. The suspect was extradited from Georgia after investigators traced about KRW 1.7 billion (~$1.2M) diverted in 8,400 transactions. Devices seized in a December 2024 raid yielded evidence leading to the April 2025 arrest. Officials warn against using unofficial activators and unsigned executables.

⚖️ Italy's antitrust authority has fined Apple €98.6 million after finding that its App Tracking Transparency (ATT) framework restricted App Store competition by imposing a burdensome double-consent process on third-party developers. The AGCM said Apple used its dominant distribution position to unilaterally set consent rules without consulting developers. Regulators noted they are not contesting Apple's privacy goals but found the ATT consent requirements disproportionate and harmful to ad-supported developers. Apple said it will appeal and defended its privacy protections.

🔒 Coupang disclosed a massive breach via a Form 8-K 28 days after discovering unauthorized access on Nov. 18, 2025, prompting a US securities class action that alleges the delay violated SEC rules requiring material incident disclosure within four business days. The complaint asserts CEO Bom Kim and CFO Gaurav Anand knew or recklessly disregarded inadequate cybersecurity controls that allowed a former employee to access customer data for nearly six months. Investigators found signing keys and authentication tokens were not revoked after the employee’s departure, exposing personal information from 33.7 million accounts and revealing systemic failures in key management. Coupang faces parallel scrutiny from South Korean authorities, potential fines, and ongoing litigation.

🔔 Italy's competition authority (AGCM) has fined Apple €98.6 million for using App Tracking Transparency (ATT) in a way the regulator says abused its dominant position in mobile app advertising. The AGCM found that ATT requires third-party apps to show a standardized tracking prompt while exempting Apple's own apps, creating a burdensome double-consent process because the ATT prompt does not satisfy GDPR requirements. Apple says it will appeal and continues to defend ATT as a privacy protection.

🔒 The U.S. Department of Justice announced it seized the domain web3adspanels.org and an associated database used as a backend panel to store and manipulate illegally harvested bank login credentials. Authorities say the group delivered fraudulent search ads that redirected victims to counterfeit banking sites containing malicious code that harvested credentials. The scheme affected 19 U.S. victims, causing attempted losses of about $28 million and actual losses of approximately $14.6 million.

🚫 The FCC has placed foreign-made uncrewed aircraft systems (UAS) and critical UAS components on its Covered List, citing national security concerns and provisions of the 2025 NDAA. The action targets China-made vendors such as DJI and Autel Robotics and covers communications, flight controllers, navigation systems, batteries, motors, and related parts. The agency said the move will reduce risks of unauthorized surveillance, data exfiltration, and destructive operations over U.S. territory while permitting DHS to exempt specific models and allowing continued use and sale of previously approved devices.

🔐 Interpol-led Operation Sentinel, run from October 27 to November 27 across 19 countries, resulted in 574 arrests and the recovery of $3 million tied to business email compromise, extortion, and ransomware. Investigators decrypted six ransomware strains and removed more than 6,000 malicious links. Private-sector partners such as Trend Micro, TRM Labs and Team Cymru supported attribution, takedowns and freezing of proceeds. Multiple country-level seizures and arrests targeted prolific scam infrastructures in West and Central Africa.

🔍 The SEC’s Nov. 30 decision to drop its civil action against SolarWinds and CISO Tim Brown produced widespread relief among security leaders after five years of investigation tied to the SUNBURST supply‑chain compromise. While many celebrated, experts warn this outcome is not permanent closure: it exposed persistent organizational tensions where CISOs carry responsibility without full authority. Security leaders should confirm indemnification and D&O protections, clarify governance for cyber disclosures, and improve executive-level communication so cyber risk becomes an explicit company decision.

💰The U.S. Department of Justice has indicted 54 individuals tied to a large-scale ATM jackpotting conspiracy that used the Ploutus malware to force machines to dispense cash. Prosecutors allege members of the Venezuelan gang Tren de Aragua, designated a Foreign Terrorist Organization, recruited operatives who conducted surveillance, opened ATM hoods and installed malware by replacing drives or using removable media. Two related indictments returned in October and December 2025 charge bank fraud, burglary, computer fraud and money laundering, exposing an operation that siphoned millions and laundered proceeds to fund other criminal and terrorist activities.

🔒 Nigerian police arrested three individuals linked to targeted Microsoft 365 phishing attacks delivered via the Raccoon0365 platform, citing intelligence shared by Microsoft and the FBI. Authorities say one suspect, Okitipi Samuel (aka RaccoonO365 or Moses Felix), developed and sold phishing kits on Telegram and hosted pages on Cloudflare using compromised accounts. The toolkit automated fake Microsoft login pages and has been tied to at least 5,000 account compromises across 94 countries; two other detainees currently have no proven role in creating the service.

🔒 The Trump administration's second term enacted sweeping policy shifts that critics say have weakened the U.S. ability to address cybersecurity, privacy, and corruption risks. Changes include mass workforce cuts and reassignments at CISA, the dismissal of the Cyber Safety Review Board, and reduced enforcement by agencies such as the SEC and CFPB. The creation and apparent misuse of the Department of Government Efficiency (DOGE) raised serious data‑access and oversight concerns. New travel, vetting, and speech controls add further civil‑liberties implications.