COMPROMISSION OF SOME EU COMMISSION PORTALS
According to CERT EUROPE, the attack which this Newsletter has reported two weeks ago, has gone via a compromised system, normally used to test and deploy new applications. THe default has been exploited by the TEAM PCP gang. It has led to leverage an access key to the AWS cloud system, then to a major user account. 340 Gigabytes have been stolen, a part of which are now published on the Russian site SkinyHunter.
BIG DATA LEAK ON ALUMNFORCE
ALUMNFORCE is a platform which helps many French Alumni associations to manage their membership. A recent attack has resulted in the leak of some 2,7 million users’ data, including identity data and cursus. Phishing campaign ahead…
ANTHROPIC TO RESERVE CLAUDE MYTHOS TO CYBER DEFENDERS
CLAUDE MYTHOS, the last born ANTHROPIC model, is the best system to detect vulnerabilities in any sort of software. That is true for cyber defaults, which is a good news for defenders but can also become a bonanza for attackers. Hence the decision to reserve, at least for a while, the use of this system to GLASSWING partners (CISCO, Amazon, Crowdstrike and Palo Alto, Microsoft, Apple, Broadcom and the Linux Foundation), which have committed to share their results to the cybersecurity community.
NEW RUSSIAN MALICIOUS CAMPAIGN TARGETING SMEs
According to a report by MICROSOFT, a new campaign tied to Russia’s GRU Military Unit 26165 has been hacking SOHO (small offices and home offices) routers. The settings are modified in a manner that lets intelligence agents spy on normally encrypted Transport Layer Security traffic. Since at least August 2025, more than 200 organizations and 5,000 consumer devices have been exposed to the attackers. In this campaign, hackers remotely gained initial access to SOHO routers and changed the default settings, pointing them to an attacker-controlled DNS resolver. “Exploiting SOHO devices requires minimal investment while providing wide visibility on compromised devices, allowing the actor to collect DNS traffic and passively observe DNS requests,” Microsoft said.
DUTCH HOSPITALS DISTURBED AFTER A RANSOMWARE ATTACK AGAINST A SOFTWARE PROVIDER
ChipSoft is a major supplier of electronic health record (EHR) systems in the Netherlands. Its flagship platform, HiX, is used by roughly 70% of Dutch hospitals and is widely deployed to manage patient records and facilitate communication between healthcare providers and patients. ChipSoft was hit by a ransomware attack on April 7, according to a statement from Z-CERT, the attack forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands. The company told local media that the incident involved “possible unauthorized access” and said it could not rule out that patient data may have been accessed or stolen. ChipSoft said it was taking steps to limit potential damage. Z-CERT said the disruption has so far caused mostly logistical problems rather than critical medical issues.
