Cybersecurity disclosures under the spotlight, and other cybersecurity news to know this month

"To secure and operate, organizations need facts, not puffery - and few are perfect,” says a Reuters cybersecurity expert, as pressure mounts on companies to communicate confidently about cybersecurity while grappling with complex internal realities.

Amid increasing scrutiny from regulators, investors and clients, organizations face a growing challenge, John Bandler explains: promoting strong cybersecurity postures externally while being honest about internal vulnerabilities.

“There’s a real tension,” he notes, “between teams focused on selling and reassuring, and those tasked with actually securing systems”.

Bandler's commentary highlights not just practical and ethical imperatives for accuracy, but legal ones too, pointing to risks in areas such as:

"Every organization needs to improve its cybersecurity, none can afford to rest on their laurels, and claim everything is perfect, he warns. "Improvement happens only with honest discussion about the current state, to include deficiencies."

The European Commission has outlined a plan to significantly expand the role of Europol, the European Union's (EU) law enforcement cooperation agency, as part of a broader strategy to bolster internal security across the bloc, Reuters reports.

The new strategy will provide more resources for law enforcement, including boosting access to data, increasing resources for cross-border policing and strengthening EU agencies such as Europol, Frontex and Eurojust.

A legislative proposal to formalize Europol’s transformation is expected in 2026.

The Commission is also developing a roadmap for "lawful and effective access to data for law enforcement", recognizing the need for better digital tools while maintaining safeguards.

“It’s very important that we strike the right balance between privacy and access to data,” said Henna Virkkunen, Executive Vice President of European Commission.

Cybersecurity vulnerabilities have been found in some solar power system products from a few of the biggest vendors in the world, based on research by Forescout, as reported in SecurityWeek. With solar power growing in importance, such flaws can "pose a serious threat to electrical grids", it warns.

Poland is seeking to use €6.1 billion of EU post-COVID recovery funds for investments into defence, which includes boosting cybersecurity across the nation. The European Commission has until 20 June to decide on whether to approve the proposal.

An NHS software provider has been fined £3 million for a breach that led to a ransomware attack on the UK's health service, putting the personal information of 79,404 people at risk, the BBC reports. Hackers gained access to patients' phone numbers, medical records, and in the case of 890 patients, how to gain entry to their homes.

Ukrainian state railway Ukrzaliznytsia, targeted by a large-scale cyber-attack in late March, says it has restored about half of its IT services since the attack.

Hackers have stolen $500,000 from a small number of Association of Superannuation Funds of Australia (ASFA) customers, The Guardian reports. The ASFA said it would contact all affected members to notify them of any data compromises.

Researchers warn that package hallucinations in code-generating LLMs could enable new supply chain attacks, reports SecurityWeek. Known as ‘slopsquatting’, this occurs when LLMs reference fictitious packages, which threat actors can exploit by publishing malicious packages under the same names.

Is there a way for China and the West to cooperate in cyberspace? William Dixon, Associate Fellow at the Royal United Services Institute believes there are three primary ways they can cooperate on the cyber crisis:

Learn more in this article.