At the last CSIRTs Network meeting we got treated to a powerpoint versions of the statistics that ENISA publishes under https://ciras.enisa.europa.eu/

The mathematician inside me was not impressed, and as I’m prone to do, I did not withhold my opinion. This blog post explains why I’m so unhappy with ENISA’s analysis.

Last week, I wrote a blog post on why the problem of lawful access to encrypted data is so tricky, this week I want to continue with a discussion on the general considerations you should keep in mind when thinking about this topic.

An interesting train of thought turned out to be the question “We managed to give Law Enforcement (LE) wiretapping powers in old-style phone networks, but not in modern, Internet-based communication services. Why?”

I came up with the following reasons:

CERT.at gained access to a toolkit of an unknown threat actor targeting FortiCloud SSO bypass in Fortinet appliances (CVE-2025-59718/CVE-2025-59719). We are releasing under TLP:CLEAR key findings about likely post-exploitation goals of the attacker.

In December last year, Fortinet disclosed a vulnerability in SAML processing, which allowed full bypass of authentication to management interfaces with FortiCloud SSO enabled. According to new, still not officially confirmed reports, the vulnerability may not have been fully patched. As affected devices are represented in my small high-interactive honeypots network, we have an opportunity to take a look at what the attackers do.

Who says that only software needs regular updates? Laws are similar, the process is just much more complicated.

What can Monty Python's "Life of Brian" tell us about LLM security?

Typosquatting is a popular method using similarly looking names to draw people into malicious content – such as phishing websites or fake software packages. It leverages our “brain optimization” that matches what we see with what we already know – even if it’s not exactly the same. I haven’t installed any shady software, but it’s still a good example how easily our brain could be used against us by utilizing our biases.

As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective law enforcement” has summarized the problems for law enforcement and developed a list of recommendations. Let’s have a look at this report.

There are some new developments in the EU policy sphere. Here are the main points.