Threats Affecting Belgium

European governments are transitioning from encrypted messaging applications like Signal and WhatsApp to sovereign Matrix-based solutions. This shift follows successful phishing campaigns, primarily attributed to Russian intelligence services, exploiting Signal's linked devices feature to gain persistent access to political communications. While Signal was initially recommended for external communications, scope creep led to its widespread use for sensitive statecraft discussions. Matrix-based systems offer advantages including federated architecture, government-controlled identity platforms, and customizable data retention policies. However, these homegrown solutions introduce new security vulnerabilities and implementation challenges. The walled-garden nature of current sovereign systems limits their utility for international diplomacy, suggesting Signal will continue to be used for communications with external parties despite the security concerns.

MediumMalwareUnited StatesBelgiumFrance+2#fast16#phishing attacks#sovereign messaging

A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.

HighVulnerabilityUnited StatesGermanyFrance+10#cve#cve-2025-10559#cwe-22

The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek .

MediumVulnerabilityBelgiumFranceGermany+13

A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on the user’s behalf.

MediumVulnerabilitySpainItalyFrance+7#cve#cve-2026-5010#cwe-79

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user with basic addressbook access to extract arbitrary data from the database — including active session tokens of other users. This enables full account takeover of any user, including the System Administrator, without knowing their password. Versions 6.8.158, 25.0.92, and 26.0.17 fix the issue.

HighVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2026-33755#cwe-89

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. Versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contain a patch.

MediumVulnerabilityUnited StatesGermanyFrance+7#cve#cve-2026-33486#cwe-918

CVE-2026-33550 is a low-severity vulnerability in Alinto's SOGo email and collaboration platform versions before 5. 12. 5. The issue involves improper handling of one-time passwords (OTPs) used for multi-factor authentication (MFA). Specifically, when a user disables and then re-enables OTP-based MFA, the system fails to renew the OTP secret, and the OTP length is only 12 digits instead of the recommended 20 digits. This weakness effectively reduces the strength of the second authentication factor, increasing the risk of unauthorized access through OTP guessing or replay attacks. Exploitation requires high privileges and user interaction, and no known exploits exist in the wild. Organizations using vulnerable SOGo versions should upgrade to 5. 12. 5 or later and enforce stronger OTP configurations to mitigate this risk.

LowVulnerabilityUnited StatesFranceGermany+7#cve#cve-2026-33550#cwe-308

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.

HighVulnerabilityItalyGermanyFrance+7#cve#cve-2025-67260

CVE-2026-30695 is a medium severity Cross-Site Scripting (XSS) vulnerability affecting the web-based configuration interface of Zucchetti Axess access control devices, including models XA4, X3/X3BIO, X4, X7, and XIO/i-door/i-door+. The vulnerability arises from improper sanitization of user input in the dirBrowse parameter of the /file_manager. cgi endpoint. Exploitation requires user interaction but no authentication, allowing an attacker to inject malicious scripts that can compromise confidentiality and integrity. There are no known exploits in the wild and no patches currently available. The vulnerability impacts the confidentiality and integrity of the device management interface but does not affect availability. Organizations using these access control devices should be aware of the risk of session hijacking, credential theft, or unauthorized actions via injected scripts. Mitigation involves restricting access to the management interface, implementing web application firewalls with XSS protections, and monitoring for suspicious activity. Countries with significant deployments of Zucchetti Axess devices, particularly in Europe and Italy, are most at risk. This vulnerability requires prompt attention to prevent potential targeted attacks on physical access control systems.

MediumVulnerabilityItalyGermanyFrance+7#cve#cve-2026-30695

The sanctions target two Chinese individuals, two Chinese companies, and one Iranian firm involved in hacking EU member states. The post EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations appeared first on SecurityWeek .

MediumVulnerabilityChinaIranUnited States+10