Microsoft is preparing to bring another change to the humble Notepad app. According to Windows Latest, internal testing on Windows 11 shows that the classic text editor is gaining full image support.

Notepad was once just a simple tool for typing plain text, but that simplicity has steadily evolved over multiple updates. Microsoft has modernized Notepad with autosave, undo history, and Markdown formatting. You can now apply basic styling, such as bold text, italics, and links.

WordPad, the older rich text editor that could handle images, has been removed from Windows, leaving Notepad to fill the gap. With WordPad gone, Microsoft appears to be expanding Notepad’s capabilities to cover more use cases.

The new image support will be part of Notepad’s extended formatting features. Microsoft sources told Windows Latest that image support is being tested in internal versions of Notepad. You’d be able to turn the feature off in Settings if you prefer the classic text-only experience.

How Notepad has been quietly changing

Image support in Notepad can be seen as a natural step toward a more capable note-taking tool, similar to Apple’s Notes or other built-in apps that support text formatting and images.

Microsoft has also added major features to Notepad, including artificial intelligence to automatically summarize notes and built-in spell check and autocorrect support.

However, adding too many features could dilute what made Notepad appealing to users in the first place. Adding visual elements risks blurring the line between Notepad and more complex apps like OneNote.

Notepad’s evolution reflects broader changes in how people use built-in apps. If image support rolls out widely, the simple editor could become a more flexible space for jotting down ideas, links, and pictures all in one place.

TCS’s Gavin McPaul discusses how he got his start in cyber and the benefits of working out of picturesque Donegal.

“From an early age, I’ve always been fascinated by technology: phones, laptops, any new gadgets really,” says Gavin McPaul, the head of enterprise vulnerability management at Tata Consultancy Services (TCS).

His family soon noticed his skill in the area of IT and at home he became the go-to person for all things tech related. “And I still am, unfortunately,” he jokes. “Towards the end of secondary school, I knew I wanted to pursue a career in IT.”

But like many young people at that stage of their lives, he was unsure of the educational direction he wanted to take, especially as his research showed him just how vast the IT sector was, indicated by the sheer volume of courses available at his chosen college, ATU Letterkenny. 

He explains: “One course immediately jumped out at me because of its title, Computing with Computer Security and Digital Forensics. It sounded incredibly interesting, and I’m certainly glad I made that choice. It was towards the end of my degree that I realised I wanted to specialise in penetration testing.”

How have you progressed in your career as quickly as you have?

I believe my quick progression comes down to curiosity. I’ve always been driven to learn new things, take on more responsibility, question the status quo to find better ways of working, and I’m always interested in helping other people.

When I first started at TCS, we had a large team, but much of the work was individual projects. I made an effort to speak to everyone, understanding how they approached their tasks. I quickly realised everyone had their own methods. This led me to create a central collaboration space where ideas could be shared, benefiting the entire team and new joiners alike.

My curiosity and fresh perspective straight out of college meant that within my first five months, I identified an opportunity for improvement with one of our applications. This was a significant career boost, demonstrating my ability and knowledge. It got me noticed by senior leadership and opened doors to new projects.

What aspects of the TCS culture do you believe make it an attractive place to begin a career?

What I truly appreciate about TCS is the incredible team environment. An office space with genuine collaboration and where you can learn from team members is invaluable, especially early in your career. Nobody at TCS wants to see you fail. There’s a robust support system ready to guide you in the right direction.

As a large consultancy, our core goal at TCS is to support clients through their technology transformation journeys. Working with numerous clients across diverse sectors means there are always opportunities to explore and specialise in areas of interest. Our clients are often undergoing significant transformations, actively seeking fresh ideas and innovative solutions, and they truly value the insights and solutions we bring.

What does a typical day look like for you?

The most exciting aspect of cybersecurity and penetration testing is that no two days are the same; you truly never know what challenges might arise. I’m fortunate to work with one of our financial services clients in the US, collaborating with an excellent team spread across the US, Ireland and India. As a lead within their offensive security team, I’m currently helping them transform their entire penetration testing programme.

As the technical lead for our teams in Ireland and India, I provide advice, guidance and support on all aspects of penetration testing. Our core goal for the client is to secure their applications and data from external threats.

Beyond that, my work is diverse and includes meeting potential new clients, building out new capabilities, developing internal training programmes, interviewing and onboarding new resources, and helping manage our team of 10 people, which we’re looking to expand by another six.

What do you enjoy most about living and working in the north-west?

I love the beauty and quiet of living in Donegal. We’re fortunate to have several large organisations here, which is fantastic for our county. These provide great opportunities for people living in the area, especially with a local university like ATU Letterkenny feeding directly into places like TCS.

I feel incredibly fortunate to have found a cybersecurity career in Donegal, working here since college and still being given opportunities to further my career with TCS, even after six years.

What advice would you give someone looking to start a career in cybersecurity or penetration testing?

We all leave college with the same degree after four years, but what truly sets you apart from everyone else? Most students haven’t considered this question, so they often don’t have an immediate answer. When I interview graduates, I’m really looking for passion and genuine interest in cybersecurity. Often, this shines through in what they’ve done outside of their degree. Here are a few things I always recommend to students.

Sign up for any IT or cybersecurity societies at your college. If there isn’t one, take the initiative to start it. Attend conferences like BSides, IRISSCON, or OWASP local chapters. Get involved in ‘capture the flag’ competitions, like Zero Days CTF or the many free online options. These are fantastic for hands-on experience and for networking with other students and industry professionals. You can even prepare for them through your college society.

Create a LinkedIn account. It’s an excellent way to connect with like-minded people, and recruiters are always on the lookout there. During summer, reach out to companies about internship programmes. They offer invaluable insight and hands-on industry experience.

If you can, pursue certifications. In Ireland, anyone can access industry-recognised certs like CompTIA Security+ or Pentest+ for free, funded by the Irish government. Research areas you’re interested in, read blogs, follow specialists, or even start a personal project.

If application penetration testing interests you, get to know OWASP – it will become your best friend in this field.

TCS are currently recruiting for application penetration testing roles. Click here to apply.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

High refresh rate gaming monitors have slowly become more affordable, but Dell’s latest launch takes that trend to a new extreme. The company has introduced two new 27-inch gaming monitors with 240Hz refresh rates starting at roughly $130, a price that would have seemed impossible for this spec just a few years ago.

The two models, the SE2726HG and SE2726HGS, focus on delivering fast, responsive gameplay at a budget-friendly price. Both displays are built around a 27-inch Full HD panel, a combination that prioritizes high frame rates and smooth motion over ultra-high resolution. For competitive gaming, that trade-off makes sense. Lower resolution reduces GPU strain and helps players reach the high frame rates needed to fully take advantage of a 240Hz refresh rate.

Speaking of which, the high refresh rate is also paired with 0.5ms response time, which is designed to minimize motion blur and input delay. For fast shooters and esports titles, this can translate into smoother tracking, clearer movement, and a more responsive feel overall. Add to that, there’s support for AMD FreeSync to help eliminate screen tearing and keep gameplay fluid when frame rates fluctuate.

Dell has also paid attention to everyday usability. The panels cover 99% of the sRGB color space, which means they are capable of delivering reasonably accurate colors for media consumption, casual content creation, and general desktop work. The only difference between the two monitors is mainly in ergonomics and design. The SE2726HGS includes an adjustable stand that allows height and tilt changes. The SE2726HG, meanwhile, sticks with a simpler stand to keep the design straightforward and accessible.

The bigger takeaway from these monitors is how much high-refresh displays have evolved. Not long ago, 240Hz screens were niche products aimed almost exclusively at professional esports players. Now, they are becoming part of the mainstream gaming conversation. Dell’s new models highlight how competitive gaming features are gradually moving into everyday setups. Smooth motion, low latency, and adaptive sync are no longer luxury upgrades but features that more players can realistically consider. For gamers building or upgrading a setup, this release signals a shift in expectations.

from the to-be-fair,-a-coup-is-ALSO-a-way-to-secure-power dept

Trump couldn’t accept the fact that he lost the 2020 election. So he stood idly by (if you believe his narrative) or urged on (if you believe your own eyes and ears) his supporters to raid the Capitol building to seize the election from the electorate. If that meant killing his own vice president, so be it.

Eventually, Trump left office, replaced by Joe Biden for a whole four years of relative sanity. Then Trump returned to office and immediately pardoned nearly every one of his supporters who had been criminally charged with federal crimes for participating in the January 20th insurrection attempt.

Since then, he and his GOP enablers have been doing everything they can to rig the next election, despite claiming to have been victims of similar election-rigging in 2020. Aggressive gerrymandering has now been superseded by seizures of voting records, attempted prosecutions of Trump’s political enemies, threats to send ICE out to engage in election suppression, and more.

The GOP has a very slim majority at the moment. GOP legislators opting to retire are now derailing pro-MAGA legislation. Democratic opposition is finally showing some signs of life. And California has responded with pro-Dem gerrymandering of its own, limiting the effectiveness of GOP members running for congressional seats.

Now that it’s starting to look like a fair fight out there in the electorate with the mid-term elections approaching, the administration is making a push to seize election power from the states in order to give Trump the congressional majority he needs to keep being as awful as he’s been since his return to office.

President Trump doubled down on his extraordinary call for the Republican Party to “nationalize” voting in the United States, even as the White House tried to walk it back and members of his own party criticized the idea.

Mr. Trump said on Tuesday that he believed the federal government should “get involved” in elections that are riddled with “corruption,” reiterating his position that the federal government should usurp state laws by exerting control over local elections.

If states “can’t count the votes legally and honestly, then somebody else should take over,” he said in the Oval Office, accusing several Democratic-run cities of corruption. “Look at some of the places — that horrible corruption on elections — and the federal government should not allow that,” he added. “The federal government should get involved.”

A nationalized election process is just a welcome wagon for autocracy. That’s why it’s never happened before, thanks to the foresight of the founding fathers who definitely weren’t interested in going back to being the subjects of a king, even if the king pretended a captive process was actually a democratic election.

And that’s why it’s being bandied about by this administration — one that clearly doesn’t care what happens to America as long it continues to remain in power. That’s also why Trump isn’t necessarily angling for a full takeover of midterm elections. He just wants to interfere in places where his lackeys have a real chance of losing elections.

During a podcast interview with Dan Bongino, his former deputy F.B.I. director, on Monday, Mr. Trump called for Republican officials to “take over” voting procedures in 15 states, though he did not name them. “The Republicans should say, ‘We want to take over,’” he said. “We should take over the voting, the voting in at least many — 15 places. The Republicans ought to nationalize the voting.”

No sentence should ever begin with “during a podcast interview with Dan Bongino” and end with an actual sitting president stating he should be allowed to “take over” the midterm elections in a select number of areas where his supporters aren’t likely to win.

None of this matters to Trump, however. Blessed with a lack of foresight or hindsight, Trump ventured out into the relative safety of his favorite conflict of interest — Truth Social — to ensure Americans that he hasn’t ruled anything out when it comes to actually stealing an election. (h/t Derek Guy and his preservation efforts)

If you can’t see/read the embed, consider yourself blessed. Consider yourself cursed (and feel free to do as much cursing as you feel is necessary) if you choose to read on. Here’s the entirety of Trump’s “it’s coup time baby!” Truth Social post:

The Democrats refuse to vote for Voter I.D., or Citizenship. The reason is very simple — They want to continue to cheat in Elections. This was not what our Founders desired. I have searched the depths of Legal Arguments not yet articulated or vetted on this subject, and will be presenting an irrefutable one in the very near future. There will be Voter I.D. for the Midterm Elections, whether approved by Congress or not! Also, the People of our Country are insisting on Citizenship, and No Mail-In Ballots, with exceptions for Military, Disability, Illness, or Travel. Thank you for your attention to this matter! PRESIDENT DONALD J. TRUMP

These are not the words of a well person. These are certainly not the words of anyone you’d want to have the driver’s keys to a nation, much less the access code to an apartment pool.

Someone who thinks the answer to his hostile takeover of the American election process can be justified by “Legal Arguments not yet articulated or vetted” is the same sort of person who thinks they’re only days away from perfecting a perpetual motion machine or discovering the secret to eternal life.

But while that part of the post may be comically delusional, it’s the next sentence that’s far more worrying. This is the president claiming he will mandate his version of “Voter I.D.” at the polls, whether it’s legal or not.

And it definitely won’t be legal. Almost every effort the administration has made to disenfranchise voters, alter long-standing election rules, and eliminate voters not likely to side with Trump and the GOP has resulted in lawsuits. Very little of this litigation is settled. And what little of it has been settled has resulted in a loss for Trump.

The GOP’s efforts to codify Trump’s baseless voter fraud conspiracy theories haven’t had much more success. What has managed to move forward is largely redundant, but with the added bonus of allowing Trump’s DOJ to prosecute election officials if the administration believes (hallucinates) local officials didn’t do enough (whatever that means) to dissuade non-citizens from voting.

But this is exactly the sort of thing Trump loves, even if he possibly knows there’s no factual basis for the accusations and insinuations he’s making. If his GOP counterparts lose elections during the midterm, he’ll be the first to start mouthing off about immigrants and “illegal” votes. If his boys win, he’ll take credit for the “fair” election. And the conspiracy theories will return to the slow boil until they’re needed in 2028.

Filed Under: bullshit, donald trump, election interference, gop, losers, trump administration, voter intimidation

The creator economy is evolving fast, and ad revenue alone isn’t cutting it anymore. YouTubers are launching product lines, acquiring startups, and building actual business empires. In fact, MrBeast’s company bought fintech startup Step, and his chocolate business is outearning his media arm. This isn’t just one creator’s strategy. For many, it’s the new playbook. 

On this episode of TechCrunch’s Equity podcast, hosts Kirsten Korosec, Anthony Ha, and Rebecca Bellan unpack how creators are diversifying beyond ads, whether their model can scale beyond the top 1%, everything happing at India’s AI Impact Summit, and more of the week’s headlines.

Google is trying out something different: conversational AI on YouTube’s TV apps.

This big move brings the “Ask” feature to your smart TVs, gaming consoles, and streaming devices. It’s a game-changer because for the first time, you can actually use your TV remote’s microphone to ask questions about the video you’re watching, with Gemini doing the heavy lifting to give you the answers.

This chatty AI tool has been on the YouTube website and mobile apps for a bit, but now TVs are finally getting some love.

from the despots-gonna-despot dept

It’s all well and good that we have a system of laws and rules in place. For the most part, the bumpers on the bowling lane help keep a lot of stuff on the field of play (to mix metaphors), even if powerful politicians would rather have the rules apply to everyone else but them.

This simply isn’t working during Trump’s second term in office. The rules and laws (and the oft-referenced “rule of law”) are still in place. But they don’t mean much when there are no meaningful methods of enforcement.

Trump continues to staff the DOJ with prosecutors who have never been subjected to the legally required confirmation process. To be fair, it’s always been a struggle to staff Trump’s DOJ. Those who haven’t quit because they refuse to engage in vindictive prosecutions are being fired because they either won’t engage in vindictive prosecutions or they’re simply not doing it as hard and as fast as Trump would like.

Plenty of people who used to serve Trump personally as his attorneys have been elevated into top-level prosecution roles, despite their complete lack of relevant experience. None of these people have been appointed legally.

Judges have been pushing back, which has led to Trump’s former insurance lawyer, Lindsey Halligan being unceremoniously ousted from her role as a US attorney. Alina Habba spent most of a year generating massive conflicts of interest after being quasi-appointed to the position of US Attorney. She did this while still employed by Trump as his personal lawyer. Last December, she resigned from the position she never held legally and is now just another Trump lawyer who gets to hang around in the West Wing.

John Sarcone — Trump’s former campaign lawyer — was disqualified by a judge in January because he, too, had not been legally appointed to his position because Trump (and AG Pam Bondi) decided anyone who Trump wanted to be a US attorney could be one, even if that meant skipping the confirmation process entirely.

That didn’t bode well for Trump’s revenge fantasies. Sarcone being benched by the bench meant that all of his subpoenas targeting NY state attorney general Letitia James were no longer valid.

If the president decides he doesn’t want to subject his prosecutorial appointees to the confirmation process, that’s fine. But they only get to serve for so long (120 days) before they have to be replaced with a confirmed nominee. If that doesn’t happen, the court system gets to appoint a prosecutor to the now-open position.

The courts did this. And here’s where it gets supremely sticky. It didn’t take, as Brendan Lyons reports for the Times Union:

The White House on Wednesday evening fired a new interim U.S. attorney in New York’s Northern District less than five hours after a panel of federal judges had appointed Donald T. Kinsella to the position.

The swift termination of Kinsella, a former longtime federal prosecutor, underscored the ongoing tensions in federal districts where the administration of President Donald J. Trump has clashed with judges who have declined to appoint his interim appointments of U.S. attorneys who have not been confirmed by the Senate.

That’s insane. It probably took more time to discuss the appointment than it did for Trump to fire Kinsella. Kinsella was the court-appointed placeholder — one that could only be replaced by a nominee confirmed by the Senate.

But that’s not happening here. Not only did the administration fire Kinsella, but it immediately declared John Sarcone was still the acting US Attorney, no matter what the court had declared. And rather than caution the administration against ritually abusing the process to keep former Trump lawyers in positions of government power, Trump’s high-level officials got up on the socials to make sure everyone knew this president is actually a king.

On Wednesday evening, after the Times Union first reported Kinsella’s appointment as well as his subsequent firing by the White House, the U.S. deputy attorney general, Todd Blanche, posted on X: “Judges don’t pick U.S. Attorneys, @POTUS does. See Article II of our Constitution. You are fired, Donald Kinsella.”

Hopefully, the court will just appoint someone else and force the administration to keep showing its autocratic ass until one of the White House bumblefucks says or does something that can’t be walked back. Attrition is the name of the game here. And I think there are more than enough qualified prosecutors available to outlast Trump’s revolving door of personal lawyers willing to accept government positions in lieu of a personal check from Trump.

And let’s not forget that Sarcone was probably picked not just for his allegiance to Trump, but because Trump is always willing to help out a fellow grifter.

Sarcone ran for Westchester County district attorney as a Republican in 2024 but lost to eventual winner Susan Cacace, a Democrat. He was later nominated by the Trump Administration to be U.S. attorney for the Northern District of New York, which covers the Capital region, North Country, Central New York and parts of the Southern Tier and Hudson Valley. But neither the U.S. Senate nor federal judges confirmed him, so the Trump Administration made him a special attorney for the region, devoid of term limits and traditional oversight. 

Questions were eventually raised about his residence, since he had lived and campaigned in Westchester just a year before being named U.S. attorney for the Northern District of New York. The Times Union reported that Sarcone’s listed address was a boarded-up building. Following that report, Sarcone ordered his staff to remove Times Union journalists from the office’s press distribution list.

That’s who Sarcone is. And that’s who he is going to be. If the courts are serious about standing up to abuses of executive power, it might be time to engage in a war of attrition.

Filed Under: doj, illegal appointments, john sarcone, pam bondi, trump administration, vindictive prosecution

Written by Ivan Milenkovic, Vice President Risk Technology EMEA, Qualys

For the better part of the last decade,we have engaged in a comfortable fiction around security and development. If we could only “shift left” and get developers to take a modicum more responsibility for security alongside their coding, testing and infrastructure deployment, the digital world would become a safer, faster and cheaper place. Instead, the fundamental conflict between speed and security has got worse.

Why did this fail? Developers are under crushing pressure. The classic triangle of project management – Fast, Good, Cheap; pick two – has been smashed to pieces.

Businesses demand fast, good, cheap and secure. When push comes to shove, “fast” always wins. At the same time, we pushed too much cognitive load onto developers who were already drowning.

When they choose to use public container images to speed up development, they are trying to meet their goals, but they are also open to potential risk. So how can we understand what the real problem is, and then work to solve that?

Business demands beat security recommendations

There is a pervasive narrative in the security industry that developers are lazy or careless. This is absolutely not true. Developers are not lazy; they are overloaded, pragmatic professionals reacting to the incentives placed before them. If their bonus depends on shipping features by Friday and the security scan takes four hours to run and blocks the build, they will find a way around the scan.

Businesses demand results faster and faster, which has created an environment where security protocols are seen as a barrier to productivity rather than an integral part of engineering. When security tools are noisy, slow, and disconnected from the workflow, they are a barrier.

However, the result of this is that organisations have lost control of what is actually running in their environments. We have pipelines that deploy code automatically, infrastructure that scales up and down without human intervention, and AI agents that can now write and execute their own scripts.

Into this high-speed, automated chaos, we treat public registries like curated libraries, assuming that because an image is on Docker Hub, it must be safe. But pulling a container from a public registry like Docker Hub is a trust decision.

The likes of Docker, Amazon, Google and Microsoft all operate public container registries, so there is a natural assumption that they are safe.

This trust is misplaced. By the time that container image makes it to the deployment pipeline, it is already a trusted artifact, baked into the application.

The 34,000 Image Reality Check

Qualys Threat Research Unit (TRU) recently conducted an exhaustive analysis of over 34,000 container images pulled from public repositories to see what is really going on beneath the manifest.

Of that total, around 2,500 images – approximately 7.3 percent of the sample – were malicious. Of the malicious images, 70 percent contained cryptomining software.

On top of this, 42 percent of images contained more than five secrets that could be used to get access to other resources or accounts. This includes valuable items like AWS access keys, GitHub API tokens, and database credentials baked directly into the image layers.

In our analysis, the biggest issues around malicious containers are still very simple. Typosquatting is one of the most common methods that attackers use to get their malicious containers downloaded. The standard advice to “check the spelling” is essential, yes, but it is also a low-energy response to a high-stakes problem.

Telling a developer to “be more careful” is not a security strategy. While public registries are handy for speed, we should not be letting developers pull from public registries at all.

In a mature environment, every external image should be proxied through an internal artifact repository that acts as a quarantine zone. Yet that need for speed is not going to go away. Instead, we have to work on how to help developers move faster while keeping security in place.

This does mean more work for the infrastructure team, but that work should enable developers to move ahead faster and with less risk.

Shift down

The logic is that it is cheaper to fix a bug during design or coding than in production. Therefore, moving security earlier in the Software Development Life Cycle (SDLC) should reduce risks later. While this makes sense in theory, it asks developers to scan their own code, check their own dependencies, and manage their own infrastructure.

In reality, we just shifted the pain onward. It asks developers to manage vulnerabilities, configuration hardening, secret detection, compliance auditing, and so on. At the same time, those developers are measured primarily on feature velocity.

“Shift left” was supposed to make security collaborative. Instead, it simply moved the problem into every developer’s IDE. To fix this problem, we have to make security within infrastructure the default, rather than by design.

This involves real collaboration between developers and security – developers have to understand what they want to achieve and what will be required of what they build, while security will have to work around those requirements so they can be delivered securely. Both teams are responsible, but they both have to work at the speed that the business needs.

In practice, we can create a “golden path” for developers. If they use the standard templates, the pre-approved base images, and the official CI pipelines, security is free. If they want to go “off-road” and build something custom, then they have to do the additional work of security reviews and manual configurations.

This is also something that should be flagged back to the business from the start, so security and development present a united front around what the cost is.

Taking this approach incentivises secure deployment by making it the path of least resistance. It moves the responsibility down the stack to the infrastructure layer, managed by a specialised Platform Engineering team. And if something different is needed, that work can be done collaboratively to ensure it is right first time, rather than leading to more issues that need to be remediated.

For example, instead of asking a developer to please enable versioning on a specific S3 bucket, the platform team writes a policy using Terraform modules, Crossplane compositions, or Open Policy Agent that simply doesn’t allow a bucket to exist without versioning. The developer literally cannot make the mistake.

The platform corrects it automatically or rejects the request. Similarly, developers shouldn’t have to remember container scanning in their workflows, the CI pipeline should do it automatically. The admission controller should reject non-compliant images before they ever hit a cluster. The developer doesn’t need to know how the scan works, only that if they try to deploy a critical vulnerability, the door will be locked.

“Shift down” also means automating the fix. For instance if a vulnerability is found in a base image, the platform should automatically generate a Pull Request to upgrade it. If a runtime security tool detects a container behaving badly (e.g., spawning a shell for persistence), it shouldn’t just send an alert. It should kill the pod and isolate the node autonomously.

Rather than sticking with existing ways of running across security and development, we have to react to what is happening. This can mean we fundamentally change how we operate across teams.

If we continue with the “shift left” mentality of piling cognitive load onto developers, we will fail. We will burn them out, and they will bypass our controls simply so they can get what needs to be done for the business.

Instead, security has to be proactive around how to implement and support the right platforms for the business, so they can be made secure automatically.

Sponsored and written by Qualys.

The French Ministry of Finance has disclosed a cybersecurity incident that impacted data associated with 1.2 million user accounts.

The investigation discovered that hackers gained access to the national bank account registry (FICOBA) and stole a database containing sensitive information.

The Ministry’s announcement notes that in late January, a threat actor used credentials stolen from a civil servant with access to the interministerial information sharing platform.

The credentials gave the hacker access to part of a database that contained all bank accounts opened in French banking institutions and personal data:

• Bank account details, including RIBs/IBANs
• Account holder identity
• Physical address
• Taxpayer identification number (only in some cases)

The Ministry states that it took immediate action to restrict the threat actor’s access to its systems immediately after detecting the incident. However, it is believed that data of about 1.2 million accounts were already exposed to potential exfiltration.

FICOBA is a centralized state-managed registry of bank accounts in France, operated by the French tax authority, the Direction générale des Finances publiques (DGFiP).

It operates as a database that records the existence and identifiers of accounts, with data provided by French banking institutions in accordance with tax enforcement law requirements.

The cyberattack has disrupted the system’s operations, and work is underway to restore it with enhanced security. However, there is no estimation of when FICOBA will be back online.

The Ministry also stated that users affected by the incident will be notified individually over the next few days.

Banking institutions in the country have been informed accordingly, and they are expected to take action to raise awareness among their customers of the need for increased vigilance.

The announcement mentions numerous scam attempts circulating via email and SMS that aim to steal data or money directly from recipients, and citizens are advised not to respond to them.

“The tax administration never asks for your login credentials or bank card number via message,” the French ministry warns.

The French data protection authority, CNIL, has also been informed about the incident.

DGFiP’s IT team is currently working with the Ministry of Finance and the National Cybersecurity Agency of France (ANSSI) to strengthen system security and bring it back to full operational status.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide