Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

European Telecommunications Standards Institute (ETSI) suffered a data breach

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI). The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization […]

ETSI

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users.

Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI).

The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization focuses on developing global standards for information and communications technology (ICT) and telecommunications, such as: GSM™, TETRA3G4G5GDECT™.

ETSI plays a crucial role in ensuring interoperability, compatibility, and effective communication in the rapidly evolving field of telecommunications and digital technologies.

ETSI has more than 900 member organizations worldwide from 65 countries.

The French-based organization launched an investigation into the incident with the help of the French National Cybersecurity Agency (ANSSI).

“Following a cyberattack observed on ETSI portal, the IT system dedicated to its members’ work, the ETSI IT team worked in close collaboration with the French National Cybersecurity Agency (ANSSI) to investigate and repair the information systems. The vulnerability on which the attack was based has been fixed.” reads the data breach notification published by the European Telecommunications Standards Institute. “ETSI believes the database containing the list of their online users have been exfiltrated. Since the attack and under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures.” ù

In response to the incident, ETSI prompted its users to change their passwords. The organization also reported the incident to the French data protection authority (CNIL) as required by the General Data Protection Regulation (GDPR).

“Transparency is at the root of ETSI, in our governance and technical work. We have already proved to be quick to react and adapt to crises, Covid being one of them. The shutdown challenged our working procedures and IT systems and we managed to ensure business continuity for both our staff and our members whilst limiting the risks. They were able to keep working without disturbance during that period. For this new crisis, we are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken, and to strengthen the security of our systems,” says Luis Jorge Romero, ETSI Director-General.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, European Telecommunications Standards Institute)