FITNESS CHAIN ATTACKED
Basic Fit, which is with its sister company Clever Fit a leading chain of fitness places in Western Europe, has been hit by a cyber attack, resulting in the leak of some 1 million members, including names and personal address, banking details and other personal data. The leak concerns the Netherlands, Belgium, France, Germany, Spain and Luxemburg.
BOOKING.COM CONFIRMS HAVING BEEN ATTACKED
This Newsletter has reported the attack on Booking.com. The company has finally confirmed this information, admitting that a number of customers’ data had leaked, but without precising the size of the leak. It appears that phishing campaigns have already started. Booking.com has already been fined by the Dutch privacy Authority for a previous data leak which it did not report in due time.
FRANCE: A CYBERSECURITY ROADMAP FOR ADMINISTRATIONS
Multifactor authentication, mandatory within 10 months for sensitive systems; attack detection systems(EDR, XDR) before the end of 2026; introduction of post quantum cryptography, starting with a mapping of applications resorting to encryption… The new roadmap is rather ambitious. Let’s see by the end of this year where it stands.
OPEN AI COUNTERS CLAUDE MYTHOS
OPEN AI has just launched GPT 5.4 Cyber, which also detects anomalies and vulnerabilities, but opposite to ANTHROPIC’s CLAUDE MYTHOS, will be made “as widely available as possible. Internal safeguards, know your customer verification and “trust signals” will safeguard the world from misuse, the company asserted. We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves. Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability” says OPEN AI. OpenAI said it is, like ANTHROPIC, worried about the potential for misuse and in fact will start allowing access to the new model a chatbot “purposely fine-tuned for additional cyber capabilities” to vetted security vendors, organizations, and researchers. But access to the model won’t be restricted to a pre-selected coalition, OpenAI averred. Interested parties can ask to join its “Trusted Access for Cyber” program.
ANOTHER REPORT ON MYTHOS ABILITY TO FOSTER A REAL CYBER ATTACK
Tribute to Raphaël Marichez who has pinpointed this report
The UK AI Security Institute (#AISI) responsible for assessing the risks of advanced AI systems observes a ‘rapid’ and ‘worrying’ evolution in offensive capabilities in #cybersecurity. Their latest report places #Mythos at an unprecedented level: the first AI model capable of completing an end to end ‘cyber range’ simulating a 32-step corporate attack, from reconnaissance to full network takeover.
In this scenario, the model autonomously went through several phases (scanning, exploitation, lateral movement, privilege escalation…), tasks that typically take a human expert around twenty hours. On the AISI CTF suite, Mythos achieves about 73% success on ‘expert’ tasks, a threshold no model had crossed before April 2025.
More here : Post | Fil d’actualité | LinkedIn
RUBRIK, COMVAULT AND OTHER US VENDORS MAY SEEK TO BECOME PRIVATE
Probably due to the volatility of share prices triggered by the expectations on AI tools replacing a lot of specific cybersecurity established software, some US companies seem leaning to becoming private (be purchased by Private Investment Funds). Among others COMVAULT is said to consider such evolution.
WALLIX ENTERS THE US MARKET
The French scale up will focus on OT protection, with a software specifically adapted to industrial environment requirements, including secure identification and aministration of connected equipments.
