Trending Topics Cybersecurity – December 2025

Entering the new year with NIS-2: For around 30,000 affected organizations in Germany, the entry into force of the NIS-2 Implementation Act on December 6 brings new security requirements for systems and processes into focus—accompanied by clear liability and fine risks. At the same time, the current threat situation with serious cyberattacks on local authorities, insurance companies, and social services shows that attackers continue to target critical processes and sensitive data.

Meanwhile, the new top 25 list of the most dangerous software vulnerabilities from the cybersecurity research organization MITRE provides a technical basis for security managers to sharpen security-by-design approaches and vulnerability management for their own organizations. Vulnerabilities that allow attackers to perform cross-site scripting or SQL injections continue to top the list of the most critical security gaps – they are responsible for the majority of real-world attacks. For security and development teams, the list provides a concrete prioritization framework for focusing limited resources on the most frequently exploited weaknesses and securing their own applications with dedicated protection solutions.

New Myra Fact Sheet: Underestimated risks in TLS termination

Anyone who breaks the encryption of TLS connections for traffic cleansing gains complete technical insight into confidential data streams. This results in considerable risks in terms of data protection, legal jurisdiction, and potential access by authorities. The situation becomes particularly critical when non-European providers or complex, non-transparent supply chains are involved – in such cases, there is a risk of covert third-party access, extraterritorial legal claims, and dependencies that are virtually impossible to control in an emergency. In a new fact sheet on TLS termination, Myra explains precisely these often underestimated aspects and shows how CISOs can sustainably reduce data protection and supply chain risks through consistent, European, transparently designed TLS termination.

The top IT security topics in December:

Austria sees slight decline in cybercrime

The Austrian Federal Ministry of the Interior's recently published “Cyber Crime Report 2024” shows a decline in the number of cases for the first time in a decade. Nevertheless, the total number of crimes remains high: last year, a total of 62,328 crimes were reported, representing a decrease of 5.4 percent compared to the previous year. The clearance rate was 31.7 percent.

MITRE: Top 25 list of the most dangerous software vulnerabilities

The non-profit cybersecurity research organization MITRE, in collaboration with the US Cybersecurity and Infrastructure Security Agency (CISA), has published the “CWE Top 25” for 2025 – a list of the most dangerous software vulnerabilities, evaluating over 39,000 CVEs from June 2024 to June 2025. Cross-site scripting continues to top the list, followed by SQL injection and cross-site request forgery. MITRE and CISA recommend that developers and security teams use the list specifically for security-by-design approaches, app security testing, and vulnerability management.

Gartner warns against the use of AI browsers in companies

Gartner currently classifies AI browsers with AI sidebars and agentic functions as too risky because sensitive browser data flows to AI backends and autonomous actions can be abused through prompt injection or phishing.  Gartner also warns that faulty LLM output can lead to problems in procurement logistics. Due to these risks, companies should block AI browsers for the time being or only allow them after a strict risk analysis and with significantly restricted usage scenarios.

Russian ambassador summoned due to attacks and disinformation campaigns

The German government has summoned Russian Ambassador Sergey Nechayev to the Foreign Office. This is in response to a cyberattack on German air traffic control in August 2024 and a disinformation campaign surrounding the last federal election. Both incidents are linked to the Russian group APT28 and the military intelligence service GRU.

2026: Three cyber risks Europe should keep an eye on

For Europe's IT sector, 2025 was particularly marked by digital sovereignty. 2026 will challenge both Europe's political and social resilience in several ways. The upcoming elections in numerous European countries will certainly be the target of external influence. And the topic of artificial intelligence will also keep IT security managers on their toes with new attack vectors via Agentic AI.

Parked domains become a security risk

A recent study shows that most parked or typosquatting domains today no longer display neutral parking pages, but in over 90 percent of cases redirect to fraud, malware, or other malicious content. Attackers exploit typos in brand and government domains, profile users based on their connection type, and specifically redirect private users without VPNs to fraudulent landing pages via several intermediate stations.

NATO pushes for sovereign infrastructure with maximum speed

Cloud sovereignty as a turning point: NATO sees itself in a race to build a sovereign, secure cloud and data infrastructure in order to be able to network and evaluate data faster than its opponents and translate it into mission-relevant decisions. Digital and cloud sovereignty are seen as a balancing act between national autonomy and alliance capability, in which speed, cooperation with industry, and new operating models—from isolated to globally networked clouds—are equally critical to success.

After cyberattack: City of Fürth warns of phishing emails

Following a cyberattack on the IT infrastructure of the city's drainage system, the city of Fürth is warning its citizens of possible fraud attempts, particularly in the form of phishing emails. This is because the attackers may have viewed or copied data. Despite the incident, the city says there are no restrictions on the security of supply.

Denmark blames Russia for cyber attacks on infrastructure and elections

Denmark sees Russia as the source of several state-sponsored cyber attacks. Specifically, these include an attack on the water infrastructure in 2024 and DDoS attacks on government and election websites in the fall of 2025. The incidents are seen as part of a broader hybrid campaign by pro-Russian groups against European countries, aimed at disrupting critical infrastructure, putting pressure on elections, and undermining the population's sense of security.

Cyberattack with Akira ransomware partially paralyzes Ideal Group

The Berlin-based Ideal Group, which specializes in retirement and long-term care insurance, has been the victim of an Akira ransomware attack, which is why several IT systems have been taken offline as a precautionary measure and business operations are currently restricted. There is no evidence of customer data being misused, but a possible data leak cannot be ruled out. The company is working with external specialists and investigative authorities to restore the affected systems.

Data published on the darknet after ransomware attack on town hall

Following a ransomware attack on the town hall of Untereisesheim in the Heilbronn district in October, sensitive data has now appeared on the darknet. This includes personnel files and image files of administrative staff. According to the mayor, account data from old invoices may also have been compromised. However, sensitive citizen data is not believed to have been affected.

Caritas association reports theft of sensitive data

An attack on the servers of the Caritas Association in Dinslaken and Wesel has led to significant communication disruptions and data leaks. A total of 2 to 3 TB of sensitive data was stolen, including controlling reports, business, communication, and patient data. The association does not intend to respond to the perpetrators' ransom demand and has reported the incident to the police.

NIS-2 Implementation Act enters into force

On December 6, the NIS-2 Implementation Act officially entered into force one day after its publication in the Federal Law Gazette. Since then, new security requirements have been in effect for approximately 30,000 organizations, including federal authorities, which must be implemented immediately. Violations are punishable by fines of up to ten million euros or up to two percent of total annual turnover, whichever is higher.

Investigators crack down on crypto money laundering with “Operation Olympia”

German and Swiss authorities have shut down the Bitcoin mixer platform “cryptomixer.io,” which had been active since 2016, and seized its server infrastructure in Switzerland and associated email accounts; cryptocurrencies worth around 25 million euros were seized. Investigators accuse the operators of commercial money laundering and operating a criminal trading platform, as the service is said to have been systematically used to conceal financial flows and assets that were presumably obtained through criminal activity.

Digital Ministry gets more rights to control federal IT

The Digital Ministry under Karsten Wildberger (CDU) is getting the right to approve or reject significant IT expenditures by the federal administration. This is intended to ensure more efficient control of federal IT and avoid duplication of development efforts. Exceptions to this approval requirement exist for areas such as military, security, and police tasks, intelligence services, and tax administration.

What CISOs should know about TLS termination

Achieving secure and sovereign TLS termination: Our fact sheet provides a concise overview of why choosing the right provider is crucial for data protection, compliance, and digital sovereignty. It explains the key risks associated with non-EU providers and shows how Myra protects sensitive data, strengthens supply chains, and meets the highest requirements of highly regulated industries through fully EU-compliant TLS termination.