Security Affairs
Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Twelve Norwegian ministries were hacked using a zero-day vulnerability

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software. Local authorities launched an investigation into the attack that […]

Norwegian ministries

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries.

The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software.

Local authorities launched an investigation into the attack that was reported by the Norwegian Security and Service Organization (DSS) to the National Security Authority (NSM).

The DSS has set up a crisis team to investigate the incident with the NSM and other security agencies.

Norwegian ministries

“We have uncovered a previously unknown vulnerability in the software of one of our suppliers. This vulnerability has been exploited by an unknown actor. We have now closed this vulnerability. It is too early to say anything about who is behind it and the scale of the attack.” reads the statement published by DSS. “Our investigations and the police’s investigation will be able to provide more answers” says Erik Hope, director of the Departments’ Security and Service Organization (DSS).”

The Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs were not impacted by the attack because don’t use the platform.

The DSS also notified the Norwegian Data Protection Authority, a circumstance that suggests that threat actors may have stolen data from the ICT platform used by the Norwegian government.

In response to the incident, the DSS adopted several security measures; employees in the impacted ministries do not have access to DSS’s common mobile services, however, they can still work as normal on their computers in the office or at home.

“We monitor the systems continuously, and we introduce further measures if necessary. For the sake of the investigation, we cannot go out with more information at this time”, continues Hope.

The zero-day flaw exploited by the attackers has now been fixed.

At this time the Norwegian government has yet to attribute the attack to any threat actors.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Norwegian ministries)