The European Union Agency for Cybersecurity has released an updated international strategy to reinforce the EU’s cybersecurity ecosystem and strengthen cooperation beyond Europe’s borders. The revised ENISA International Strategy refreshes the agency’s approach to working with global partners while ensuring stronger alignment with the European Union’s international cybersecurity policies, core values, and long-term objectives.  Cybersecurity challenges today rarely stop at national or regional borders. Digital systems, critical infrastructure, and data flows are deeply intertwined across continents, making international cooperation a necessity rather than a choice. Against this backdrop, ENISA has clarified that it will continue to engage strategically with international partners outside the European Union, but only when such cooperation directly supports its mandate to improve cybersecurity within Europe.

ENISA International Strategy Aligns Global Cooperation With Europe’s Cybersecurity Priorities 

Under the updated ENISA International Strategy, the agency’s primary objective remains unchanged: raising cybersecurity levels across the EU. International cooperation is therefore pursued selectively and strategically, focusing on areas where collaboration can deliver tangible benefits to EU Member States and strengthen Europe’s overall cybersecurity resilience. ENISA Executive Director Juhan Lepassaar highlighted the importance of international engagement in achieving this goal. He stated: “International cooperation is essential in cybersecurity. It complements and strengthens the core tasks of ENISA to achieve a high common level of cybersecurity across the Union.   Together with our Management Board, ENISA determines how we engage at an international level to achieve our mission and mandate. ENISA stands fully prepared to cooperate on the global stage to support the EU Member States in doing so.”  The strategy is closely integrated with ENISA’s broader organizational direction, including its recently renewed stakeholders’ strategy. A central focus is cooperation with international partners that share the EU’s values and maintain strategic relationships with the Union.

Expanding Cybersecurity Partnerships Beyond Europe While Supporting EU Policy Objectives 

The revised ENISA International Strategy outlines several active areas of international cooperation. These include more tailored working arrangements with specific countries, notably Ukraine and the United States. These partnerships are designed to focus on capacity-building, best practice exchange, and structured information and knowledge sharing in the field of cybersecurity.  ENISA will also continue supporting the European Commission and the European External Action Service (EEAS) in EU cyber dialogues with partners such as Japan and the United Kingdom. Through this role, ENISA provides technical expertise to inform discussions and to help align international cooperation with Europe’s cybersecurity priorities.  Another key element of the strategy involves continued support for EU candidate countries in the Western Balkans region. From 2026 onward, this support is planned to expand through the extension of specific ENISA frameworks and tools. These may include the development of comparative cyber indexes, cybersecurity exercise methodologies, and the delivery of targeted training programs aimed at strengthening national capabilities. 

Strengthening Europe’s Cybersecurity Resilience Through Multilateral Frameworks 

The updated strategy also addresses the operationalization of the EU Cybersecurity Reserve, established under the 2025 EU Cyber Solidarity Act. ENISA plans to support making the reserve operational for third countries associated with the Digital Europe Programme, including Moldova, thereby extending coordinated cybersecurity response mechanisms while maintaining alignment with EU standards.  In addition, ENISA will continue contributing to the cybersecurity work of the G7 Cybersecurity Working Group. In this context, the agency provides EU-level cybersecurity expertise when required, supporting cooperation on shared cyber threats and resilience efforts. The strategy also leaves room for exploring further cooperation with other like-minded international partners where mutual interests align.  Finally, the ENISA International Strategy reaffirms the principles guiding ENISA’s international cooperation and clarifies working modalities with the European Commission, the EEAS, and EU Member States. These principles were first established following the adoption of ENISA’s initial international strategy in 2021 and have since been consolidated and refined based on practical experience and best practices. 

As the first week of February 2026 concludes, The Cyber Express weekly roundup examines the developments shaping today’s global cybersecurity landscape. Over the past several days, governments, technology companies, and digital platforms have confronted a wave of cyber incidents ranging from disruptive attacks on public infrastructure to large-scale data exposures and intensifying regulatory scrutiny of artificial intelligence systems.  This week’s cybersecurity reporting reflects a broader pattern: rapid digital expansion continues to outpace security maturity. High-profile breaches, misconfigured cloud environments, and powerful AI tools are creating both defensive opportunities and significant new risks.  

The Cyber Express Weekly Roundup 

Cyberattack Disrupts Spain’s Ministry of Science Operations 

Spain’s Ministry of Science, Innovation, and Universities confirmed that a cyberattack forced a partial shutdown of its IT systems, disrupting digital services relied upon by researchers, universities, students, and businesses nationwide. Initially described as a technical incident, the disruption was later acknowledged as a cybersecurity event that required the temporary closure of the ministry’s electronic headquarters. Read more.. 

OpenAI Expands Controlled Access to Advanced Cyber Defense Models 

OpenAI announced the launch of Trusted Access for Cyber, a new initiative designed to strengthen defensive cybersecurity capabilities while limiting the potential misuse of highly capable AI systems. The program provides vetted security professionals with controlled access to advanced models such as GPT-5.3-Codex, which OpenAI identifies as its most cyber-capable reasoning model to date. Read more.. 

French Authorities Escalate Investigations Into X and Grok AI 

French police raided offices belonging to the social media platform X as European investigations expanded into alleged abuses involving its Grok AI chatbot. Authorities are examining claims that Grok generated nonconsensual sexual deepfakes, child sexual abuse material (CSAM), and content denying crimes against humanity, including Holocaust denial. Read more.. 

AI-Generated Platform Moltbook Exposes Millions of Credentials 

Security researchers disclosed that Moltbook, a viral social network built entirely using AI-generated code, exposed 1.5 million API authentication tokens, 35,000 user email addresses, and thousands of private messages due to a database misconfiguration. Wiz Security identified the issue after discovering an exposed Supabase API key embedded in client-side JavaScript, which granted unrestricted access to the platform’s production database. Read more.. 

Substack Discloses Breach Months After Initial Compromise 

Substack revealed that attackers accessed user email addresses, phone numbers, and internal metadata in October 2025, though the breach went undetected until February 3, 2026. CEO Chris Best notified affected users, stating, “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.” Read more.. 

Weekly Takeaway 

This Cyber Express weekly roundup highlights a clear takeaway for the global cybersecurity community: digital expansion without equivalent security investment increases organizational and systemic risk. AI-built platforms, advanced security tooling, and large-scale public-sector systems are being deployed rapidly, often without adequate access controls, monitoring, or testing. As recent incidents show, these gaps lead to data exposure, prolonged breach detection, and service disruption. To reduce risk, organizations must embed security controls, clear ownership, and continuous monitoring into system design and daily operations, rather than relying on post-incident fixes or policy statements.

During a recent Threat Watch Live session, Adam Pilton challenged Morten Kjaersgaard, Heimdal’s Chairman and Founder, to predict three cyber security trends for 2026.  Adam added his own predictions, drawing from this experience as a former cybercrime detective. Spoiler: Both Morten and Adam agreed that 2026 will bring a sharper focus on compliance.   Here’s what they predict.  SMBs catch a break if they’ve done compliance right  Hackers recently discovered there’s no use in targeting […]

The post Five Predictions for Cyber Security Trends in 2026  appeared first on Heimdal Security Blog.

The third week of 2026 highlights a series of cybersecurity events affecting businesses, critical infrastructure, and regulatory compliance. This week, network administrators are grappling with the exploitation of a previously patched FortiOS vulnerability, while ransomware attacks continue to expose sensitive data across major corporations.   Meanwhile, hacktivist groups are targeting industrial systems and government networks, and the European Union has introduced new rules to phase out high-risk telecom and ICT products from non-EU suppliers.  These incidents demonstrate that cybersecurity risks are no longer confined to IT systems. They now intersect with national security, operational continuity, and regulatory oversight, requiring organizations to adopt both technical defenses and strategic risk management measures.  

The Cyber Express Weekly Roundup 

Active Exploits Hit “Patched” FortiOS 7.4.9 

Administrators report active exploitation of CVE-2025-59718 on FortiGate devices running FortiOS 7.4.9. Attackers bypass authentication through forged FortiCloud SSO logins, creating local admin accounts to maintain access. Evidence suggests that the patch may be incomplete or bypassed. Experts advise manually disabling FortiCloud SSO via CLI and auditing logs for unusual SSO activity, new admin accounts, and configuration exports. Read more… 

Ingram Micro Data Breach Exposes 42,521 Individuals 

A ransomware attack in July 2025 compromised sensitive employee and job applicant data at Ingram Micro, affecting 42,521 individuals. Exposed information includes names, contact details, dates of birth, Social Security numbers, and employment records. The attack disrupted logistics operations for about a week and was discovered in December 2025. Affected individuals have been notified and offered two years of credit monitoring and identity protection. Read more… 

One in Ten UK Businesses Could Fail After Major Cyberattack 

A Vodafone Business survey found over 10% of UK business leaders fear their organizations could fail after a major cyberattack. While 63% acknowledge rising cyber risks and 89% say high-profile breaches increased alertness, only 45% provide basic cyber-awareness training to all staff. Weak passwords, phishing, and emerging AI/deepfake scams heighten vulnerabilities. Read more… 

EU Proposes Rules on “High-Risk” Telecom Products 

The European Commission proposed updates to the Cybersecurity Act to phase out “high-risk” ICT products from mobile, fixed, and satellite networks supplied by risky countries, including China and Russia. Mobile networks have 36 months to comply; timelines for other networks will follow. Read more… 

Hacktivist Activity Surges, Targeting Critical Infrastructure 

The Cyble 2025 Threat Landscape report shows hacktivists targeting ICS, OT, and HMI/SCADA systems. Groups like Z-Pentest, Dark Engine, and NoName057(16) focused on industrial sectors in Europe and Asia. Hacktivist activity rose 51% in 2025, driven largely by pro-Russian and pro-Palestinian collectives. Many groups aligned with state interests, including GRU-backed Russian operations and Iranian-linked teams. Read more… 

NCSC Warns UK Organizations of Russian-Aligned Hacktivists 

The UK National Cyber Security Centre (NCSC) warned that Russian-aligned hacktivists, including NoName057(16), increasingly target UK organizations with denial-of-service attacks on local government and critical infrastructure. While technically simple, these attacks can severely disrupt services. Read more… 

Weekly Roundup Takeaway 

This week’s events highlight that cybersecurity in 2026 continues to influence business continuity, infrastructure integrity, and regulatory compliance. From FortiOS exploits and large-scale ransomware breaches to rising hacktivist activity and evolving EU telecom rules, organizations must integrate operational, technical, and strategic measures to mitigate risk and protect assets across sectors. 

Germany and Israel have taken an important step toward deepening their long-standing security partnership by expanding cooperation in the field of cybersecurity. During a weekend visit to Jerusalem, German Interior Minister Alexander Dobrindt and Israeli Prime Minister Benjamin Netanyahu signed a new cyber and security pact aimed at reinforcing existing frameworks and addressing growing digital threats facing both countries.   The security relationship between Germany and Israel has been described by both sides as close, stable, and built on trust. In the area of cybersecurity in particular, cooperation has already reached an advanced level. Outside of NATO and the EU, Israel is considered Germany’s most important security partner, a status that reflects Israel’s technical expertise and operational experience in cyber defense.  

Germany and Israel's Cybersecurity Plans

A central focus of the agreement is Germany’s plan to develop what is known as the German Cyber Dome. The Federal Ministry of the Interior (BMI) is working to establish this system as a semi-automated framework capable of detecting, analyzing, and responding to cyberattacks in real time. Rather than being a single off-the-shelf product, the German Cyber Dome is designed as a comprehensive defense concept that integrates multiple tools, processes, and institutions to strengthen national cyber resilience.  Germany is looking to Israel’s experience to support the development of the German Cyber Dome. During his visit, Interior Minister Dobrindt was given a virtual demonstration in Tel Aviv that showcased Israel’s innovative capabilities in cyber defense. Following the presentation, Dobrindt emphasized Germany’s interest in learning from Israel’s approach, stating, “We have a strong interest in learning how Israel built the Cyber Dome.” The knowledge exchange is expected to benefit not only large-scale critical infrastructure operators but also small and medium-sized businesses, which are increasingly targeted by cybercriminals.  Under the terms of the pact, Germany and Israel agreed to exchange expertise and operational experience in defending against cyberattacks, jointly develop advanced cyber defense technologies, and promote collaborative research in the cyber domain. These efforts are intended to enhance early warning systems, improve coordinated responses, and strengthen overall digital security architectures. The cooperation complements Germany’s commitments within NATO and the EU while recognizing Israel’s unique role as a key partner outside those frameworks. 

Broader Security Cooperation in the Middle East 

Beyond cybersecurity, the visit also addressed broader security and stabilization efforts in the Middle East. To support a peaceful solution in the region, the German Federal Ministry of the Interior has deployed a high-level team of experts from the Federal Police to the US-led Office of the Security Coordinator for Israel and the Palestinian Authority (OSC).   The German team is tasked with assisting local civilian security authorities in rebuilding and strengthening police and security forces. Germany is also contributing personnel to police missions conducted under the auspices of the EU, reinforcing its broader international engagement.  During his stay, Minister Dobrindt also held talks with Israeli Foreign Minister Gideon Sa’ar, further highlighting the political dimension of the visit. These discussions complemented the cyber and security agreement and reflected the wider scope of bilateral relations between Germany and Israel.  Prime Minister Benjamin Netanyahu addressed the significance of the agreement on Sunday, 11 January 2026. He stated, “I attach enormous importance to the overall cooperation between Israel and Germany, and especially Israel and Germany on this question of cybersecurity, which is one of the main threats to our internal security, and in many ways also our infrastructure and other threats.” Netanyahu described Germany and Israel as “natural partners,” pointing to past cooperation on defense projects such as Arrow III and ongoing technological collaboration.  Following the signing, Netanyahu added that the cyber defense agreement reflected the growing closeness between Israel and major powers such as Germany. He noted that many countries are seeking cooperation with Israel not only in security matters but also in economic fields, describing the agreement as another indication of Israel’s rising international standing.

By Srinivas Shekar, CEO and Co-Founder, Pantherun Technologies Cyberattacks powered by artificial intelligence are moving faster, spreading wider, and targeting businesses with unprecedented precision. As we look toward Cybersecurity 2026, security teams must rethink how they protect what matters most: their data. Traditional defenses are struggling to keep pace with the speed, intelligence, and persistence of modern threats. Protecting sensitive information is no longer limited to a few industries, it has become a universal priority for organizations of all sizes. Cybersecurity in 2026 is no longer only about stopping intrusions. It is about ensuring that even if attackers gain access, they walk away with nothing of value. This calls for a shift from perimeter-focused security to continuous protection of the data itself. With businesses rapidly adopting cloud platforms and SaaS applications, the amount of sensitive information being shared and stored online continues to rise. Each new application, integration, or workflow expands the attack surface, giving threat actors more opportunities to exploit weaknesses.

Key Cybersecurity 2026 Trends to Watch Out For 

• Supply-chain and insider threats will grow, elevating device-level security: As reliance on vendors, partners, and automated systems increases, attackers will exploit trusted channels more frequently. Insider risks, both accidental and intentional, will also rise. In this landscape, network security alone will not be enough. Protection must move with the data, regardless of where it travels or who accesses it
• Real-time data protection will take center stage: Cyberattacks unfold in seconds. Traditional tools that rely on detection and response often move too slowly against AI-driven threats. SaaS environments, in particular, have become frequent targets due to misconfigurations, weak access controls, and third-party integrations. By 2026, organizations will focus less on stopping every attack and more on ensuring that data remains protected at all times. Real-time encryption will play a critical role, rendering stolen data unreadable and unusable even when systems are breached
• Ransomware will shift from disruption to pressure tactics: Ransomware attacks will evolve beyond simply locking systems. Attackers will study the data they steal and use it to apply pressure through reputational damage, operational disruption, or regulatory exposure. This form of targeted extortion will force organizations to strengthen data protection across endpoints and devices, ensuring sensitive information is never exposed in plain form at any point
• Identity-based security will give way to data-centric approaches: Stolen credentials, hijacked sessions, and impersonation attacks are becoming easier for adversaries to execute. When identities can no longer be fully trusted, securing the data itself becomes the most reliable defense. By 2026, organizations will place greater emphasis on protecting information even when user accounts are compromised
• Quantum computing will put existing encryption to the test: Advancements in quantum computing will eventually threaten many current encryption standards. Attackers may already be collecting encrypted data with the intention of decrypting it in the future. To stay ahead, enterprises will begin preparing for quantum-safe encryption, especially for long-term sensitive data. Real-time encryption and robust key management will become increasingly important

Cybersecurity in 2026 is entering a decisive phase. AI-powered attacks, expanding digital ecosystems, and growing internal and external risks are pushing traditional security models to their limits. The organizations that succeed will be those that protect what truly matters, the data itself. By embracing real-time encryption and continuous data protection, businesses can strengthen resilience and limit the damage from inevitable breaches. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

Cyber attacks on retail surged in 2025, with rising breach costs and increasingly sophisticated threats highlighting the sector’s growing exposure. Explore this 2025 retail cybersecurity statistics rundown to see how these trends are evolving—and how the insights can help strengthen your defenses in 2026. For cyber criminals, the retail sector makes for a very attractive […]

The post Retail cybersecurity statistics for 2026 appeared first on Heimdal Security Blog.

Cyber insurance in 2025 showed slowing market growth, fewer overall claims, and rising attack severity—signaling a maturing but increasingly high-stakes landscape. As premiums climb again and ransomware continues to dominate losses in 2026, these trends will shape how businesses recalibrate their risk strategies and determine the true value of coverage in the year ahead. Investing […]

The post Cyber Insurance Statistics for 2026 appeared first on Heimdal Security Blog.

Your senior analyst stares at alert number 47. It’s not even lunch. Another “suspicious login detected.” They switch to the third dashboard of the morning, cross-reference the user activity, and confirm what they already knew. Bob from accounting is working late again. Meanwhile, three dashboards over, actual lateral movement is happening on a client’s network. […]

The post Agent Fatigue Is Real and Your Security Stack Is to Blame appeared first on Heimdal Security Blog.

Researched and written by Heimdal founder Morten Kjaersgaard, this article exposes how even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost for cybercriminals. This article serves as a wake-up call. Even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost […]

The post Where Ransomware Profits Go and How to Cut Them Off appeared first on Heimdal Security Blog.

Small businesses are a big target for cyber criminals. Read our small business statistics rundown to get a true picture of how the sector is being affected in 2025. Until relatively recently, cybercrime wasn’t perceived as a major risk for small businesses. Hackers traditionally focused on larger companies or government bodies with more money and […]

The post Small Business Cybersecurity Statistics in 2025 appeared first on Heimdal Security Blog.

At Heimdal we’re constantly monitoring the latest industry alerts, media reports, academic research and government data to keep track of password breaches. It’s a crucial part of our work, and means we can advise our customers on emerging threats.  To help you get up to speed, we’ve compiled this collection of some of the most […]

The post Password breach statistics in 2025 appeared first on Heimdal Security Blog.

As Dame Margeret Beckett, a member of the House of Lords recently put it: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations”. Calculating exactly how many cyber attacks there are per country is extremely difficult (not least because many attacks go unnoticed). But reliable cybersecurity sources estimate the […]

The post UK Cybersecurity Statistics for 2025 appeared first on Heimdal Security Blog.

COPENHAGEN, Denmark  – August 11, 2025 – Security tools meant to protect managed service providers are instead overwhelming them. A new study from Heimdal and FutureSafe reveals that 89% of MSPs struggle with tool integration while 56% experience alert fatigue daily or weekly. The research exposes a dangerous paradox. MSPs experiencing high alert fatigue are […]

The post Agent Fatigue Crisis Hits 89% of MSPs as Security Tools Backfire appeared first on Heimdal Security Blog.