Trending Topics Cybersecurity – November 2025

The BSI Report 2025 paints a picture of a persistently high threat level: public administrations and operators of critical infrastructures remain the particular focus of state-sponsored attackers, while the number of reported incidents and newly discovered vulnerabilities continues to rise. Despite individual advances in KRITIS resilience and ISMS structures, the BSI sees a significant gap between the pace of digitalization and the level of security – particularly in business continuity management, attack detection, and structured vulnerability management.​ Against the backdrop of the NIS 2 Implementation Act recently passed by the Bundestag and Bundesrat, many affected organizations still have considerable ground to make up in terms of cybersecurity.

At the same time, the vulnerability of digital supply chains is increasingly becoming the focus of security managers: Studies by the industry association Bitkom show that attackers are increasingly penetrating otherwise well-protected organizations via suppliers, service providers, and external software components. Almost one in three companies reports (suspected) supply chain attacks. Meanwhile, the OWASP project now officially ranks supply chain risks among the greatest dangers on the web – a clear mandate for CISOs to fully integrate partners, SBOMs (software bills of materials), and third-party integrations into their own security and risk management in the future.​

In addition, the discussion about digital sovereignty is intensifying: the risks of unilateral dependencies on non-European providers are the dominant topic at summit meetings, in studies, and in expert interviews. For decision-makers, this means consistently aligning cloud strategies with European legal jurisdictions, open standards, exit scenarios, and sovereign alternatives – and no longer treating sovereignty as a marketing promise, but as a hard governance and resilience requirement.

The top IT security topics in November:

BSI Report 2025: Focus on public administration and critical infrastructures

According to the latest report from the German Federal Office for Information Security (BSI), public administrations and critical infrastructures in particular are increasingly the target of cyber espionage. These threats come from both criminal organizations and state-sponsored groups. In general, the BSI says that the threat situation remains tense.

Supply chain attacks: Almost one in three companies feels the consequences

According to a Bitkom survey, almost one in three German companies has been directly affected by cyberattacks on suppliers in the past twelve months or suspects that this has been the case. 41 percent of those affected reported concrete impacts such as production downtime, delivery bottlenecks, or damage to their reputation. Attackers specifically target weaker links in the supply chain as a gateway, so even well-protected companies are challenged to strengthen their supply chain security, raise awareness among partners, and establish joint protective measures.

Cybersecurity in Bavaria: More than 48,000 reports of cybercrime

According to this year's report on cybersecurity, the threat level in Bavaria remains high. In 2024, more than 48,000 reports of cybercrime were registered in Bavaria alone. The number of unreported cases is probably many times higher. Politically motivated attacks in particular are on the rise, such as DDoS attacks and disinformation campaigns.

German-French Digital Summit: Joint initiative for a more secure, sovereign cloud

France's ANSSI and Germany's BSI want to expand their cooperation within the framework of the Franco-German Digital Summit in order to further develop common security standards and certifications for cloud environments. The aim is to strengthen European cloud offerings, reduce dependencies on large US hyperscalers, and thus increase digital sovereignty and the protection of sensitive data in Europe.

OWASP Top 10 2025: Supply chain risks are among the greatest dangers

In its new Top 10 list of web risks, the OWASP project has for the first time classified vulnerabilities in the software supply chain as one of the biggest security threats – such as insecure third-party components, dependencies on external providers, and vulnerable update and build processes. For companies, this means that security no longer ends at their own firewall, but must systematically include partners, service providers, and purchased software components in order to prevent outages, data theft, and compliance violations.

US hyperscalers undermine Europe's digital sovereignty

In an interview, university professor and IT expert Harald Wehnes explains that, in his view, many supposedly "sovereign" cloud offerings from large US providers are nothing more than "sovereignty washing." Despite EU data centers, structural dependencies continue to exist here due to US law, proprietary platforms, and kill switch risks. True digital sovereignty, on the other hand, requires a European legal framework, technological independence, transparency, and interoperability – the expert calls for European cloud alternatives and sovereign AI models to be specifically favored.

ShadowV2: Mirai offshoot uses AWS outage as test run for DDoS botnet

The Mirai-based botnet ShadowV2 exploited the AWS outage in October to infect IoT devices in 28 countries via known and new vulnerabilities. Researchers view the activity, which was limited to the outage, as a possible test run to test propagation and command-and-control structures under real-world conditions – with a view to future DDoS campaigns for which ShadowV2 is explicitly designed.

Cyberattacks partially paralyze IT systems in three London boroughs

Three London borough councils (Kensington and Chelsea, Westminster, and Hammersmith and Fulham) shut down their shared IT systems after discovering cyberattacks, leading to restrictions and delays in local government services. It is still unclear what type of attack was behind this, whether data was leaked, and whether the primary target was the shared IT service provider or the administrations themselves.

DDoS attack paralyzes Mainz city website

Following a DDoS attack, the services offered by the city of Mainz were temporarily unavailable. Among other things, appointment booking and digital applications for social benefits were affected. However, citizens were able to access alternative services via a state portal.

Ludwigshafen city administration partially unable to work after IT failure

A suspected cyberattack has led to far-reaching restrictions at Ludwigshafen city administration. On November 6, the systems were taken offline as a precautionary measure "due to anomalies in the data network." Some of the administration's websites and online services are still unavailable weeks later.

Ahead of regional and local elections: attacks on Danish political party websites

Shortly before the regional and local elections in Denmark on November 18, DDoS attacks were launched on the websites of Danish parties and media outlets. The attacks crippled the websites of the Conservative People's Party, the Red-Green Alliance, and the online newspaper Copenhagen Post, among others. The pro-Russian group NoName057(16) claimed responsibility for the attacks on the parties.

Bundestag and Bundesrat pass NIS 2 implementation law

Following the Bundestag, the Bundesrat has also approved the NIS 2 Implementation Act. According to this, federal authorities will also have a greater obligation to increase their IT security standards and become more cyber resilient in the future. The law is expected to come into force in December with its promulgation and will then apply with immediate effect.

Operation Endgame 2025: Europol shuts down over 1,000 cybercrime servers

In the third phase of "Operation Endgame," Europol and international partners shut down 1,025 servers that were used to compromise hundreds of thousands of systems with malware, spy on several million access data and more than 100,000 crypto wallets. The operation continues the dismantling of global cybercrime ecosystems that has been ongoing since 2023, in which over 2,000 domains and crypto assets worth millions have already been seized.

Hesse launches cybersecurity platform

The Hessian Ministry of the Interior has launched the Hessian Cybersecurity Platform (HCSP) to strengthen cybersecurity in the state. The platform brings together experts from administration, research, and business to develop strategies for improving the protection of digital infrastructure in Hesse. One specific goal is to strengthen municipal IT security.

Suspicious USB sticks sent to members' offices in the Bundestag

The Bundestag police have warned parliamentary groups about potentially dangerous USB sticks that have been sent to several MPs' offices by post with an accompanying letter in English. Recipients should not connect the data storage devices to their computers under any circumstances, as they may be infected with malware.

Sovereignty check for companies in the age of the cloud

Geopolitical tensions, increasingly uncertain supply chains, and legal risks are forcing companies to rethink their approach to the cloud. Companies should therefore systematically examine their dependencies on non-European cloud and security providers, the underlying legal jurisdictions, and data flows. Myra's sovereignty scanner provides an initial indication of your company's digital capacity to act – in just a few seconds.