ORANGE CYBERDEFENSE OPENS IN SPAIN
The specialized branch will rely on the commercial implantation of MAS Orange, the Spanish TELCO subsidiary of ORANGE Group. In order to be as close as possible to the cybersecurity needs of the companies shaping the Spanish territory, the Orange Cyberdefense teams will initially be located in Madrid and Barcelona, with a dedicated local Security Center (CyberSOC) to ensure human, continuous monitoring and, above all, a rapid response to incidents. Initially, 100 experts will be recruited to support this development.
A FRENCH COMPANY HELPS THE US CISA TO RECOVER EXPOSED CREDENTIALS
On May 15, a researcher at GitGuardian (a Parisian startup specializing in detecting secrets in code, and also friend of the ECA and sponsor of our European vendors MAPPING), spotted a public GitHub repository with a rather paradoxical name: “Private-CISA.” Inside, there were dozens of plaintext credentials giving access to the internal systems of the Cybersecurity & Infrastructure Security Agency, the federal agency designed to protect the United States’ critical infrastructures. The repository had existed since November 13, 2025, meaning more than six months of exposure without anyone on the American side noticing. Among the exposed files, a document soberly titled “importantAWStokens” contained the administrative credentials of three AWS GovCloud accounts, the cloud infrastructure reserved for U.S. government agencies. Another file, “AWS-Workspace-Firefox-Passwords.csv,” listed in plain text the passwords of dozens of CISA internal systems.
VERIZON DISCLOSES FINDINGS ON CYBERSECURITY BREACHES
According to the VERIZON report published on May 19, some one third of breaches started with the exploitation of a vulnerability a figure which can probably be connected to the dual impact of AI ability to discover such vulnerabilities. Abuse of credentials follows with 13%, then phishing. The report also finds organizations patched just roughly a quarter of critical vulnerabilities last year, down from 38% the prior year, and took longer to do so 43 days on average, up from 32 days the previous year. An evolution probably due to the tidewave of vulnerabilities now uncovered thanks to AI, again. Finally, it appears that remediating security shortcomings in third-party cloud services remains challenging, with researchers seeing a widespread failure to enforce the use of multifactor authentication, complex passwords and correct configurations.
TRUST VALLEY TO DISCLOSE THE AWARD WINNERS OF ITS 2026 PROMOTION NEXT JUNE 4
The anticipated event of the TRUST VALLEY acceleration program takes place on Thursday, 4 June at the unlimitrust campus, Lausanne.
Lennig Pedron and the team will crown the top three startups of the cohort and reveal the winners awarded by strategic partners.
