惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
S
SegmentFault 最新的问题
D
DataBreaches.Net
博客园_首页
罗磊的独立博客
B
Blog
T
Threat Research - Cisco Blogs
C
Cisco Blogs
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
G
GRAHAM CLULEY
H
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
SecWiki News
SecWiki News
T
Threatpost
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
Google Online Security Blog
Google Online Security Blog
T
Tor Project blog
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Y
Y Combinator Blog
H
Hacker News: Front Page
V
V2EX
Security Latest
Security Latest
Cloudbric
Cloudbric
Simon Willison's Weblog
Simon Willison's Weblog
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
NISL@THU
NISL@THU
S
Secure Thoughts
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
P
Palo Alto Networks Blog
IT之家
IT之家
MyScale Blog
MyScale Blog
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
D
Docker
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog

Security Affairs

Agent’s claims on WhatsApp access spark security concerns Meta accused of violating DSA by failing to safeguard minors Large-scale Roblox hacking operation shut down by Ukrainian authorities CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure Internet censorship index reveals Russia’s lead and widespread content blocking All supported cPanel versions hit by critical auth bug, now patched U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog ShinyHunters exploit Anodot incident to target Vimeo CVE-2026-3854 GitHub flaw enables remote code execution Signal Phishing Campaign Targets German Officials in Suspected Russian Operation Microsoft fixes Entra ID flaw enabling privilege escalation New Android spyware Morpheus linked to Italian surveillance firm NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software LINKEDIN BROWSERGATE Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting Fast16: Pre-Stuxnet malware that targeted precision engineering software Italy moves to extradite Chinese national to the U.S. over hacking charges U.S. utility giant Itron discloses a security breach Critical bug in CrowdStrike LogScale let attackers access files GopherWhisper: new China-linked APT targets Mongolia with Go-based malware SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94 Trigona ransomware adopts custom tool to steal data and evade detection Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network 12-year-old Pack2TheRoot bug lets Linux users gain root privileges Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner China-linked threat actors use consumer device botnets to evade detection, warn UK and partners Luxury cosmetics giant Rituals discloses data breach impacting member personal details iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog Microsoft Graph API misused by new GoGra Linux malware for hidden communication DDoS wave continues as Mastodon hit after Bluesky incident Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters Venezuela energy sector targeted by highly destructive Lotus wiper Ransomware negotiator caught secretly assisting BlackCat extortion scheme North Korea’s Lazarus APT stole $290M from Kelp DAO The US NSA is using Anthropic’s Claude Mythos despite supply chain risk U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility France’s ANTS ID System website hit by cyberattack, possible data breach Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft CVE-2023-33538 under attack for a year, but exploitation still unsuccessful Third-party AI hack triggers Vercel breach, internal environments accessed AI Model Claude Opus turns bugs into exploits for just $2,283 Cyber attacks fuel surge in cargo theft across logistics industry SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93 Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence DraftKings hacker sentenced to prison, ordered to pay $1.4 Million Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered Inside ZionSiphon: politically driven malware aims at Israeli water systems U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog Cisco fixed four critical flaws in Identity Services and Webex Cookeville Regional Medical Center hospital data breach impacts 337,917 people AI platform n8n abused for stealthy phishing and malware delivery From clinics to government: UAC-0247 expands cyber campaign across Ukraine Sweden reports cyberattack attempt on heating plant amid rising energy threats CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog Mirax malware campaign hits 220K accounts, enables full remote control PHP Composer flaws enable remote command execution via Perforce VCS Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day Personal data of 1 million gym members compromised in Basic-Fit security incident US, UK and Canada disrupt $45M crypto theft in Operation Atlantic ShinyHunters claim the hack of Rockstar Games breach and started leaking data Attackers target unpatched ShowDoc servers via CVE-2025-0520 U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog Fake Claude AI installer abuses DLL sideloading to deploy PlugX Hackers access Booking.com user data, company secures systems iPhone forensics expose Signal messages after app removal in U.S. case Citizen Lab: Webloc tracked 500M devices for global law enforcement Iran-linked group Handala claims to have breached three major UAE organizations CPUID watering hole attack spreads STX RAT malware Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621 Hackers claim control over Venice San Marco anti-flood pumps SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92 Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with Zig dropper to infect multiple developer tools CVE-2026-39987: Marimo RCE exploited in hours after disclosure Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions EngageLab SDK flaw opens door to private data on 50M Android devices Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials Eurail data breach impacted 308,777 people Malicious PDF reveals active Adobe Reader zero-day in the wild Masjesu botnet targets IoT devices while evading high-profile networks The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences Internet-Exposed ICS Devices Raise Alarm for Critical Sectors U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short
Pierluigi Paganini · 2026-06-02 · via Security Affairs

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone.

ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The more important finding is that the improvement is uneven, slow where it matters most, and being outpaced by a threat landscape that’s getting harder faster than defenses are getting better.

Banking, electricity, and telecommunications remain the most mature and most critical sectors, as they have been since the assessment began. Three sectors moved up into the high maturity band for the first time: trust services, aviation, and financial market infrastructures. Four more strengthened their position within the moderate band: gas, road, maritime, and health.

The drivers behind this progress are consistent across the board: cybersecurity legislation that organizations are actually using to unlock investment rather than just checkbox compliance, increased political attention translating into guidance and resources, and gradual improvements in information sharing and incident preparedness.

“Since the previous edition of this report, cybersecurity maturity across sectors of high criticality in the EU, has been steadily improving as organisations respond to evolving policy requirements and cyber threats they face.” reads the report published by ENISA. “Banking, electricity and telecommunications remain the most mature and critical sectors, while three sectors, trust services, aviation, and financial market infrastructures (FMIs) moved into the high maturity band. Four sectors strengthened their maturity within the moderate band: gas, road, maritime, and health.”

The risk zone is where the report gets harder to read. It includes sectors with criticality that exceeds their maturity, meaning they’re more important to society and the economy than they’re currently prepared to protect. This year, that zone includes health, railway, maritime, ICT service management, space, public administrations, and drinking and waste water.

Rail, drinking water, and waste water moved into the risk zone this year, not because they got worse, but because overall maturity improved across other sectors and the bar moved.

The one piece of positive news is that gas has started moving out of the risk zone, driven by better information sharing and stronger risk management implementation.

“Combining and jointly interpreting the criticality and maturity dimensions helps identify mismatches between the two and helps define the risk zone. The risk zone includes sectors with lower-thanaverage maturity and criticality that exceeds their maturity. Its composition changes over time as overall maturity improves across sectors.” continues the report. “This is one of the reasons why three sectors previously at the risk zone boundary – rail, drinking water, and waste water are now within the risk zone. The positive development is that the gas sector has started moving out of the risk zone. This shift is driven by improved information sharing, stronger collaboration, and better implementation of risk management measures that are to higher maturity.”

Health deserves particular attention because it illustrates how a sector can be getting better on paper while remaining fundamentally exposed. Pharmaceutical manufacturers are raising the overall numbers. Hospitals and healthcare providers, which are the parts of the sector most likely to be attacked and where the human consequences of a disruption are most direct, are still struggling with basic asset tracking, legacy systems, budget constraints, and cybersecurity awareness levels that most other sectors left behind years ago. One in three water sector entities surveyed has never conducted a risk assessment. In public administrations, about one third of entities have no structured process for ensuring cybersecurity expertise at management level, and about half don’t provide cybersecurity training to management at all. This is the sector that receives nearly 63% of all hacktivist attacks and is the most consistently targeted sector in Europe.

The report identifies three dynamics that are reshaping the environment across all sectors. AI is making offensive capabilities more accessible and more effective faster than it’s helping defenders, which means organizations need to detect and respond to threats at timescales that most of them aren’t currently capable of. Supply chain risk is growing because every trusted vendor relationship is also implicitly a trust relationship with everyone that vendor trusted, and the compromise of a single widely-used dependency can now cascade across entire sector landscapes in ways that weren’t possible five years ago. Geopolitical volatility is increasing the frequency and sophistication of state-aligned attacks while simultaneously creating pressure to reduce dependency on technology from outside the EU.

“With the benefits of AI thus far materialising faster for attackers than defenders, and the further proliferation and commoditisation of AI-enabled offensive capabilities being a matter of time, sectoral stakeholders are currently faced with mounting pressure when it comes to effectively adapting to the more dynamic threat environment brought forward by AI.” states ENISA.

The space sector’s situation is particularly worth noting given how much Europe is depending on it. Space underpins positioning and navigation used by financial systems for timestamping trades, telecommunications networks for synchronisation, agriculture, emergency response, border surveillance, and military communications. Its criticality score was revised upward this year to reflect this growing dependency. Its maturity score sits at the lower end of moderate, with enormous variation across entities depending on whether they fall under NIS2 scope or not. Some entities have mature, proactive security practices. Others struggle to define cybersecurity roles and responsibilities at all. There’s no dedicated EU-level forum for cybersecurity collaboration in the space sector, and information sharing remains limited. A sector that’s being positioned as a cornerstone of European strategic autonomy is also one of the least cybersecurity-mature sectors in the assessment.

The finance sector, by contrast, shows what sustained regulatory pressure and enforcement actually produces. Banking has long experience with compliance as a floor rather than a ceiling, and it shows. The FMI sector jumped a full maturity band this year, driven in substantial part by DORA implementation giving organizations a structured framework to work from and supervisory authorities the tools to hold them accountable. The lesson isn’t that more regulation automatically produces better security, but that regulation with teeth, clear requirements, and supervisory capacity actually changes behavior at scale. The contrast with ICT service management, where national authorities are often new to the sector, lack sector-specific expertise, and have limited resources, makes this point in the opposite direction.

Progress is real. It’s also not fast enough, and it’s not evenly distributed. The sectors that can least afford to be underprepared are the ones with the most ground to cover.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ENISA NIS360 2026)