Spain's plan to curb encryption sparks controversy: an in-depth look at global cybersecurity issues

In a document recently exposed, it was unveiled that Spanish officials are looking to impose restrictions on end-to-end encryption across the European Union. This came to light as part of a wider European investigation concerning proposals to scrutinize private messages for material related to child sexual abuse. In the midst of these events, Meta was hit with an unprecedented fine of $1.3 billion under GDPR legislation due to its data transfers to the US.

In a significant development, a group of investigators claim to have discovered the use of advanced spyware within a war-stricken region for the first time. Their evidence suggests the use of Pegasus, a product of the NSO Group, to compromise Armenian governmental staff, journalists, and at least one UN official within the disputed Nagorno-Karabakh territory.

On May 24, American and global intelligence agencies, as well as researchers from Microsoft, revealed that a hacking group supported by the Chinese government had launched attacks on crucial infrastructure networks within several US states and Guam. This activity is especially worrying, given indications that the group may be preparing for more disruptive strikes beyond espionage. A brief history of the infamous Russian state-backed hacking group Turla was also highlighted, with a legacy that spans 25 years and includes ingenious computer worm developments and satellite attacks.

bcrypt, a widely-used password hashing function, celebrated its 25th anniversary, with its creators expressing both pride in its long-standing use and disappointment in the stagnation of password security advancements over the past quarter-century. In related news, researchers warn about the possibility of indirect prompt-injection attacks being used to enable scams and data theft in generative AI systems. Google’s introduction of new top-level domains such as ".zip" and ".mov" also created uproar due to their association with common file types, raising fears that they could be used to facilitate phishing attacks.

A recent analysis revealed that Chinese laboratories have been selling fentanyl precursor ingredients wholesale on the internet, with 90% of these companies accepting cryptocurrency payments. In cryptocurrency news, an internal security audit from the hacked cryptocurrency exchange Bitfinex exposed how assailants manipulated weaknesses in the platform to steal millions of dollars worth of bitcoin.

On a more positive note, software supply chain company Chainguard researchers have unveiled a fresh method for securing an often overlooked segment of cloud infrastructure, known as "container registries".

In other stories, Netflix, the video streaming behemoth, has been taking steps to discourage account sharing outside of individual households. The company is set to introduce this policy in the US, informing users who seem to be sharing their accounts outside their homes that such users will be locked out.

According to Netflix's plans, customers with a Standard plan can add one external user to their account for a monthly fee of $7.99, while those with a Premium plan can add two additional members for the same price each. Netflix will offer a Transfer Profile tool for individuals to establish their own accounts if they lose access to the shared account.

Separately, employees at TikTok were found to have been sharing sensitive user data via Lark, an internal productivity and communication platform. Thousands of employees from ByteDance, TikTok’s parent company, use Lark daily, raising concerns about potential access to users' personal information.

Finally, an Android app called iRecorder Screen Recorder, which has over 50,000 downloads on Google Play, was found to be displaying malicious behavior following an update in August 2022. The app was found to misuse its access to device microphones to record audio every 15 minutes and transmit this data to a harmful server. The incident attracted attention from various digital rights, pro-privacy, and civil liberties groups, who are now advocating for Slack, the workplace communication platform, to implement end-to-end encryption as a protection measure for targeted communities.