Apr 14, 2026

Subject: France begins shift from Windows to Linux, boosting EU digital sovereignty

Content:

– The French government’s Inter-Ministerial Directorate of Digital Affairs (DINUM) is piloting a migration from Windows to Linux to reduce dependence on US technology.

– DINUM has already sponsored open-source projects such as the Matrix protocol and developed Tchap, a secure messaging app for government employees.

– Additional open-source apps like Visio (video conferencing), FranceTransfert and Fichiers (file sharing), Messagerie (email), Docs and Grist (office suites) form LaSuite, adopted across agencies.

– Other EU countries including Denmark, Germany, Netherlands, and French cities have initiated plans or pilots to switch from Microsoft products citing national security and US political unpredictability.

– Challenges remain, such as lack of native EU operating systems and reliance on cloud hosting from AWS, Azure, or GCP.

– The move aligns with broader European goals for digital sovereignty and reducing reliance on US tech giants.

Subject: ShinyHunters cybercriminal group breaches Rockstar Games; data dump threatened

Content:

– Rockstar Games, known for Grand Theft Auto, was hacked through a third-party cloud provider, with ShinyHunters claiming the breach.

– Rockstar downplayed the impact, stating only limited, non-material company information was accessed.

– ShinyHunters threatens to dump the stolen data publicly due to ransom demands not being met.

– Other recent breaches include Basic-Fit’s exposure of 1 million+ members’ sensitive data in Europe, Booking.com experiencing unauthorized access to customer booking information, and a $45 million cryptocurrency scam disrupted by law enforcement.

– The vulnerable Hyperbridge cross-chain protocol was exploited to mint unauthorized tokens worth approximately $237,000.

– British regulators hold urgent talks assessing cybersecurity risks presented by AI models such as Anthropic’s Claude Mythos.

– Japanese shipping giant NYK detected unauthorized access to its marine fuel procurement system.

– Iran-linked hacker group Handala claimed a large-scale cyberattack on Dubai government entities, destroying petabytes of data.

– Dutch police arrested suspects associated with a multimillion-dollar fake ID platform.

– Critical zero-day vulnerabilities exploited include Marimo Python notebook RCE and Adobe Reader zero-day, emphasizing the urgency for patching.

– North Korea’s APT37 targets defense personnel with social engineering campaigns via Facebook and Telegram.

– OpenAI updated security certificates after a North Korea-linked supply chain attack affecting the Axios JavaScript library.

– Notable business moves include Palo Alto Networks founder’s planned acquisition of Liberty Bank and Cisco’s talks to acquire Israeli AI security startup Astrix Security.

Subject: US and Indonesian law enforcement dismantle $20M phishing platform ‘W3LL’

Content:

– FBI Atlanta and Indonesian National Police shut down the ‘W3LL’ phishing kit platform responsible for stealing over $20 million.

– The developer of W3LL phishing kit was identified and detained; the marketplace facilitated over 25,000 compromised accounts, active until 2023, with activity continuing via encrypted messaging apps.

– W3LL was specifically designed for corporate email account compromise aiding business email compromise (BEC) scams.

– Threat actors rapidly exploited a critical remote code execution vulnerability (CVE-2026-39987) in the Marimo Python notebook platform within 10 hours of disclosure for credential theft campaigns.

– OpenAI disclosed impact from North Korea-linked supply chain attack on the Axios npm library; they are rotating security certificates to mitigate risk.

– Additional updates: upcoming Cato AI Security webinar focuses on AI security challenges; coverage includes recent cyber incidents like Rockstar Games hack and NYK data breach.

Subject: Booking.com confirms data breach affecting user information

Content:

– Hackers accessed customer booking data on Booking.com, including names, emails, addresses, phone numbers, and possibly shared information with accommodations.

– Booking.com responded promptly by updating reservation PINs and notifying affected customers.

– The breach highlights continued risks in large online platforms connecting millions of travelers to accommodation venues worldwide.

– Additional cybersecurity news includes:

– Claims of LinkedIn ‘spying’ contradicted by security researchers.

– Gmail expands end-to-end encryption support to Android and iOS enterprise users.

– Adobe issues patch for a Reader zero-day exploited for months.

– OpenAI affected by North Korea-linked Axios supply chain attack and updates Mac apps certificates.

– International operations target multimillion-dollar cryptocurrency theft schemes.

– CPUID software breached, distributing trojanized downloads.

– New malicious PlugX RAT associated with a fake Claude AI website.

– Expert insights emphasize the role of visibility in improving security decisions and advocate for architectural responses to AI-enabled threats.

Stay Well!