Risky Bulletin Risky Bulletin: EU finally imposes more cyber sanctions
Mar 18, 2026
New EU cyber penalties against Iranian and Chinese hacking networks are unpacked. A high-ranking Iranian cyber official's killing and Canada's proposed online tracking law get coverage. A UK company registry bug, massive data theft in the Netherlands, and hijacked Denver crosswalks make the list. Stories of athlete phishing, banking fraud on Android, and a large IoT botnet round out the roundup.
AI Snips
Chapters
Transcript
Episode notes
EU Targets State-Linked Hackers And Tooling
- The EU expanded cyber sanctions to target threat groups and companies tied to state-linked attacks.
- Sanctions named Iranian group M&A Pasigad for the Paris Olympics hack, China's Integrity Technology Group for the Raptor botnet, and iSoon for espionage.
Leader Of Iranian Cyber Unit Killed After Destructive Attacks
- A high-ranking Iranian cyber official linked to coordinating multiple hacking groups was reportedly killed in US-Israeli strikes.
- Sayed Yahya Hosseini Panjaki led a cyber unit controlling groups including Handala, which struck US firm Stryker.
Patch UI Flow Edge Cases In Public Registries
- Investigate and patch unforeseen UI logic flaws even in low-risk flows like "File for another company."
- The UK registry bug let attackers press back four times to gain edit permissions for other organisations.