Italian cybersecurity startup Exein has signed an agreement with Taiwan’s MediaTek to embed its security technology into the chipmaker’s Genio platform. The partnership will provide advanced security features for billions of chips used in mobile, home, automotive, and healthcare industries worldwide.
Exein expects its technology to be implemented in over 3 billion devices as a result of the deal. The partnership, valued at more than 5 million euros, is projected to double in worth by 2028. The company views MediaTek as a key strategic partner and sees this collaboration as a step towards expanding into automotive and robotics sectors globally.
Italy has been striving to foster a stronger tech startup ecosystem, and this agreement marks a significant milestone. Exein previously raised $15 million in Series B funding and counts major companies like Daikin, Seco, and Kontron among its clients.
At the World Economic Forum in Davos, Europol’s executive director, Catherine De Bolle, urged tech companies to provide law enforcement access to encrypted messages, citing public safety concerns. While she argued this is necessary to combat crime and protect democracy, critics highlighted the risks of undermining encryption, which is essential for privacy and individual freedoms.
De Bolle compared accessing encrypted communications to executing a search warrant in a locked house. However, this analogy oversimplifies the issue, as encryption safeguards sensitive data and ensures private communication, even under authoritarian regimes. Weakening it could lead to widespread misuse, enabling mass surveillance and suppression, as seen in places like Russia.
Advocates for privacy stress that encryption is not merely a barrier to crime but a cornerstone of democracy, enabling free speech and safeguarding against state overreach. While law enforcement has other tools for crime-fighting, creating backdoors to encryption would expose everyone to cyber risks and potentially render digital security obsolete.
If governments succeed in weakening encryption, decentralised solutions backed by blockchain technology could rise, making such access nearly impossible in the future. The debate underscores the critical balance between security and preserving fundamental rights.
A hacking group, named as GamaCopy, has been imitating the tactics of the Russia-linked threat actor Gamaredon to target Russian-speaking victims, according to research by Chinese cybersecurity firm Knownsec.
GamaCopy’s latest campaign employed phishing documents disguised as reports on Russian armed forces’ locations in Ukraine, along with the open-source software UltraVNC for remote access.
However, while GamaCopy mirrors many techniques used by Gamaredon, researchers identified notable differences. For example, GamaCopy primarily uses Russian-language victims, whereas Gamaredon typically targets Ukrainian speakers. Additionally, GamaCopy’s use of UltraVNC represents a unique element in its attack chain.
Since June 2023, GamaCopy has targeted Russia’s defense and critical infrastructure sectors. However, the group is believed to have been active even earlier, i.e. since August 2021. Knownsec’s analysis suggests that GamaCopy’s operations are part of a deliberate false-flag campaign and links the group to another state-sponsored actor known as Core Werewolf, which has similarly targeted Russian defense systems since 2021.
This discovery follows recent reports of other hacker groups, conducting cyber-espionage campaigns against Russian entities, highlighting the increasing complexity and state-backed nature of these threats.
CTM360, a Bahrain-based cybersecurity platform, has partnered with the ISACA Singapore Chapter to enhance Singapore’s cybersecurity landscape. By signing a Memorandum of Understanding (MoU) during the first members’ event of 2025, this collaboration aims to elevate cybersecurity through capacity development, professional development, and fostering a culture of knowledge exchange.
The partnership focuses on hosting joint events, training programs, and workshops designed to advance cybersecurity expertise, support certification advancements, and develop innovative strategies to address evolving cyber threats. By combining their expertise, both organisations are working to enhance cybersecurity ecosystem in Singapore and equip professionals with the tools required to tackle modern challenges, ensuring cybersecurity remains a priority across industries.
The collaboration reflects a shared commitment to creating meaningful opportunities for professional growth and strengthening the cybersecurity community. It underscores the importance of equipping professionals with the necessary knowledge and tools to thrive in a rapidly evolving digital landscape.
The partnership also aims to drive impactful initiatives, promoting a safer and more resilient digital environment through collective responsibility and a focus on addressing current and future cyber threats.
Thailand is strengthening its digital partnerships with Japan and Vietnam to drive innovation, enhance connectivity, and position itself as a Southeast Asia digital economy leader. These collaborations focus on emerging technologies such as 5G, AI, 3D printing, and cybersecurity and foster innovation through startup promotion in gaming, entertainment, and other sectors.
Both partnerships prioritise developing digital skills to build a proficient workforce and improve regional connectivity, including submarine cable networks. Thailand has invited Japan to invest in the ‘Thailand Digital Valley’ project, which aims to make Chonburi Province a hub for digital innovation.
Furthermore, Thailand and Vietnam are advancing cooperation through a new Memorandum of Understanding (MoU), while Japan continues its collaboration under the 2022 Memorandum of Understanding (MoC). These agreements provide a structured framework for initiatives in digital transformation, regulatory development, cybersecurity, and regional infrastructure.
Through these efforts, Thailand aims to establish itself as a regional hub for digital technology, promoting sustainable growth and innovation across ASEAN. By leveraging these strategic partnerships, Thailand is building a connected and digitally advanced society, reflecting its commitment to becoming a key player in shaping the region’s digital future.
Progress on the EU Cybersecurity Certification Scheme (EUCS), stuck in a deadlock since 2019, remains uncertain as discussions are unlikely to advance in the first half of 2025. Despite efforts by Poland, which is leading the EU ministerial meetings until July, disagreements over sovereignty requirements continue to stall the process. The EUCS aims to help companies demonstrate that their ICT solutions meet cybersecurity standards for the EU market but has faced resistance, particularly from France, which wants to preserve its certification system, SecNum Cloud.
The European Cybersecurity Certification Group (ECCG) from ENISA has yet to provide an opinion on the scheme, with its next meeting possibly taking place in February. Poland plans to prioritise cybersecurity during its presidency, hosting key events like an informal telecom minister meeting in March and a conference on ENISA standardisation, though industry groups remain sceptical about a breakthrough.
Lobbyists, including the global software industry group BSA, have criticised the delays. They argue that cybersecurity standards should focus on technical protections rather than political considerations and have urged the Commission to adopt the scheme quickly to strengthen Europe’s cybersecurity resilience.
Further complicating matters, the EU Cybersecurity Act (CSA), which underpins ENISA’s authority to create certification schemes, is under evaluation but has not yet been revised. Of the three certification schemes proposed since 2019, only one has been adopted, with another for 5G still in progress. New EU Commissioner Henna Virkkunen has pledged to improve the adoption process for cybersecurity certification schemes as part of her mission to bolster Europe’s technological sovereignty and security.
Unacast has informed Norwegian authorities of a data breach involving its subsidiary Gravy Analytics. The announcement was revealed in a notice published by Norwegian broadcaster NRK.
The breach involved a compromised web server using a misappropriated key, with some stolen files potentially containing personal data. Unacast’s legal representatives, BakerHostetler, confirmed the breach was discovered on 4 January, though the exact timing remains under investigation.
Repeated attempts to reach Unacast and its legal team for comment have gone unanswered. Norway’s data protection authority also could not be reached for further statements after business hours on Friday.
Education technology provider PowerSchool has suffered a major data breach, exposing the personal information of millions of students and teachers. Hackers gained access to its systems by exploiting stolen credentials, using a tool within the company’s PowerSource support portal to export sensitive data.
The stolen records include names, addresses, and potentially more sensitive details such as Social Security numbers and medical information in the US and Canada. PowerSchool, which manages academic records for over 60 million K-12 students, assured customers that not all users were affected. However, the breach has left schools scrambling to assess the damage.
PowerSchool insists the hack wasn’t due to a flaw in its software but was a result of unauthorised access using legitimate credentials. The company has engaged cybersecurity experts to investigate and taken steps to improve security, including deactivating compromised accounts and strengthening password controls.
Critics argue that PowerSchool was slow to inform customers, potentially putting students, parents, and educators at greater risk of identity theft. While PowerSchool is offering affected users credit monitoring and identity protection services, the incident has sparked calls for stricter regulations on data security in the education sector.
President Joe Biden is preparing to introduce a new executive order aimed at strengthening cybersecurity standards for federal agencies and contractors. The proposed measures address growing threats from Chinese-linked cyber operations and criminal cyberattacks, which have targeted critical infrastructure, government emails, and major telecom firms. Under the draft order, contractors must adhere to stricter secure software development practices and provide documentation to be verified by the Cybersecurity and Infrastructure Security Agency (CISA).
The order highlights vulnerabilities exposed by recent cyber incidents, including the May 2023 breach of US government email accounts, attributed to Chinese hackers. New guidelines will also focus on securing access tokens and cryptographic keys, which were exploited during the attack. Contractors whose security practices fail to meet standards may face legal consequences, with referrals to the attorney general for further action.
While experts like Tom Kellermann of Contrast Security support the initiative, some criticise the timeline as insufficient given the immediate threats posed by adversaries like China and Russia. Brandon Wales of SentinelOne views the order as a continuation of efforts across the past two administrations, emphasising the need to enhance existing cybersecurity frameworks while addressing a broad range of threats.
The order underscores Biden’s commitment to cybersecurity as a pressing national security issue. It comes amid escalating concerns about foreign cyber operations and aims to solidify protections for critical US systems before the transition to new leadership.
Business email compromise (BEC) scams are on the rise, targeting companies through highly deceptive tactics. These scams involve cybercriminals hacking into legitimate email accounts and tricking victims into transferring large sums of money. Recently, a small business narrowly avoided a major financial loss when a scammer posed as its owner, sending fraudulent wiring instructions to the company’s bank. Quick action by the business owner and a vigilant banker prevented the funds from being transferred.
Experts warn that BEC scams rely less on technical vulnerabilities and more on exploiting trust between businesses and their partners. Hackers often gain access through phishing attacks, installing malicious software, or guessing weak passwords. Once inside an email account, they may create hidden rules to intercept or forward messages, concealing their activities until it’s too late.
To counter these threats, cybersecurity professionals recommend measures such as enabling two-factor authentication, regularly updating passwords, and monitoring email account activity for unusual changes. Businesses are also advised to verify financial transactions using secondary methods, such as phone calls, to confirm the legitimacy of requests.
With global losses from BEC scams amounting to billions, the stakes are high. By taking proactive steps to enhance security, businesses can protect themselves from falling victim to these sophisticated schemes.
