Major Cybersecurity Incidents and Regulatory Updates in Europe and France

An unprotected database containing 149 million credentials (emails, passwords, authorization links) has been discovered. The Lazarus group targeted European defense subcontractors specializing in drones. Shiny Hunters claims to have stolen user data from Match Group (Tinder, Meetic) and is negotiating a ransom. A 500 GB data leak (ID cards, contracts, bank details) affects 11 real estate agencies. A zero-day vulnerability in Microsoft Office bypasses OLE protections and is actively exploited. Ivanti has patched two critical flaws (CVE-2026-1281, CVE-2026-1340). The FBI seized the servers of the RAMP forum and three hacking domains. The CNIL (French data protection authority) sanctions France Travail for a breach exposing 37 million individuals. France adopts a law banning social media access for minors under 15 and unveils its National Cybersecurity Strategy 2026-2030.