剣 KENSAI
← All posts · security · 2026-03-30 · 3 min

European Commission AWS Breach Exposes 350GB of Data, TP-Link Router Flaws Allow Auth Bypass, BIND DNS Memory Exhaustion, Google Sets 2029 Quantum Deadline

The European Commission is investigating its second major breach in two months after a threat actor exfiltrated over 350GB from its Amazon cloud environment. TP-Link patches high-severity router vulnerabilities enabling authentication bypass and arbitrary command execution. BIND DNS resolvers face memory exhaustion from crafted domains. Google draws a line in the sand with 2029 as its quantum-safe cryptography migration deadline. RSAC 2026 Days 3–4 bring major announcements reshaping the defensive landscape.


1. European Commission AWS Environment Breached — 350GB of Data Stolen

⚠ CRITICAL — Institutional Data Exfiltration

A threat actor has breached the European Commission's Amazon Web Services environment and claims to have stolen over 350GB of data, including multiple databases and employee information. This marks the Commission's second major breach in two months.

The European Commission is actively investigating a security breach affecting at least one of its AWS accounts, BleepingComputer reported on March 27. The threat actor, who contacted journalists directly, claims to have exfiltrated over 350GB of data including employee information, multiple databases, and access to an internal email server.

What We Know

Pattern of EU Breaches

This is the Commission's second breach since January 2026. The first, disclosed in February, involved the compromise of a mobile device management (MDM) platform used to manage staff devices. That breach has been linked to exploitation of Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities and is connected to similar attacks hitting the Dutch Data Protection Authority and Finland's Valtori government agency.

The pattern is clear: EU institutions are being systematically targeted. The Commission proposed new cybersecurity legislation on January 20 to strengthen defenses, and just last week the Council of the EU sanctioned three Chinese and Iranian companies for cyberattacks against member states' critical infrastructure.

Defensive Actions


2. TP-Link Patches High-Severity Router Vulnerabilities

🔶 HIGH — Network Infrastructure at Risk

TP-Link has patched multiple high-severity vulnerabilities in its router firmware that could allow attackers to bypass authentication, execute arbitrary commands, and decrypt configuration files containing credentials.

TP-Link has released firmware updates addressing multiple high-severity vulnerabilities across several router models. The flaws, reported by SecurityWeek, represent a significant risk given TP-Link's massive market share in consumer and small-business networking equipment.

Vulnerability Details

Why This Matters

Compromised routers serve as persistent network footholds. Threat actors — particularly state-sponsored groups like Volt Typhoon — have extensively used compromised SOHO routers to proxy their traffic and maintain access to target networks. TP-Link routers are among the most widely deployed globally, making these flaws high-value targets for botnet operators and APT groups alike.

Defensive Actions


3. BIND DNS Resolver Vulnerabilities Enable Memory Exhaustion Attacks

🔶 HIGH — DNS Infrastructure Denial-of-Service

ISC has released BIND updates patching high-severity vulnerabilities that allow attackers to cause out-of-memory conditions and memory leaks in DNS resolvers using specially crafted domains.

The Internet Systems Consortium (ISC) has patched high-severity vulnerabilities in BIND, the most widely deployed DNS software on the internet. The flaws could be exploited to cause out-of-memory conditions and memory leaks in resolvers, effectively denying DNS resolution for entire networks.

Attack Mechanism

The vulnerabilities can be triggered by specially crafted domain names that cause the resolver to consume excessive memory during processing. Since DNS resolvers must handle queries for arbitrary domains, an attacker simply needs to direct queries toward malicious domains they control — no authentication or special access required.

Impact Scope

Defensive Actions


4. Google Sets 2029 as Quantum-Safe Cryptography Migration Deadline

🔮 STRATEGIC — Cryptographic Transition

Google has publicly committed to 2029 as its target year for completing the migration to quantum-safe cryptography across its services. The announcement, highlighted in SecurityWeek's weekly roundup, signals that one of the world's largest technology companies sees the quantum threat as materially closer than many organizations assume.

The "Harvest Now, Decrypt Later" Clock

The urgency stems from the "harvest now, decrypt later" strategy that nation-states are already executing. Encrypted communications intercepted today — diplomatic cables, corporate strategies, classified intelligence — will become readable once sufficiently powerful quantum computers arrive. If that threshold is crossed by the early 2030s, data encrypted today with traditional algorithms is already at risk.

Industry Context

What Organizations Should Do Now


5. RSAC 2026 Days 3–4: Key Announcements Reshaping Enterprise Security

📡 RSAC 2026 — Industry Intelligence

The final days of RSAC 2026 in San Francisco delivered a wave of product announcements and strategic shifts that will shape enterprise security through the rest of the year and beyond.

Notable Announcements

Trends to Watch

RSAC 2026 reinforced several themes: the acceleration of AI in both offensive and defensive security, the growing consensus that quantum preparedness must begin now, and the increasing sophistication of supply chain attacks targeting developer tooling. The conference also highlighted a growing gap between security vendors' capabilities and most organizations' ability to deploy and operationalize them.


Threat Landscape Summary

ThreatSeverityAction Required
EU Commission AWS breach (350GB)CRITICALAudit cloud IAM; enable CloudTrail anomaly detection
TP-Link router vulnerabilitiesHIGHUpdate firmware immediately; disable remote mgmt
BIND DNS memory exhaustionHIGHPatch BIND; monitor resolver memory usage
Google 2029 quantum deadlineSTRATEGICBegin cryptographic inventory and migration planning
RSAC 2026 announcementsINFORMATIONALEvaluate anti-deepfake solutions; review supply chain