1. Cybercrime & Cybersecurity
Cybersecurity: ClickFix is a new form of phishing that encourages victims to manually copy and paste a command into their terminal, causing malware to be installed. This technique bypasses antivirus software because the execution comes directly from the user. Cybersecurity authorities and services, including the Ohio State University IT Security Office, are warning of an increase in these attacks targeting Windows systems. (Press release dated 11 November 2025)
Digital hygiene: A sophisticated phishing campaign is currently targeting Sephora customers under the guise of a fake ‘free’ offer for an Advent calendar from the brand. The message, with its polished design and credible visual identity, redirects to a fraudulent site aimed at collecting victims’ bank details. (Press release dated 13 November 2025)
Cybersecurity & crime prevention: 1,025 servers belonging to a cybercrime infrastructure used for DDoS, phishing and spear phishing attacks have been dismantled in a coordinated operation led by Europol with national authorities in eight countries. (Press release dated 13 November 2025)
Child sexual abuse: The Directorate-General for Competition, Consumer Affairs and Fraud Control (DGCCRF) has referred the matter to the public prosecutor after finding that Shein was selling child-like sex dolls, which are proven to be child pornography, reminding the public that the distribution of such content is punishable by up to seven years in prison and a fine of €100,000. (Press release dated 1 November 2025)
Cybercrime: Following an operation carried out by the French National Court for Combating Organised Crime and the judicial authorities in Belgium and Cyprus, nine individuals were arrested at their homes on European arrest warrants for fraud involving fake cryptocurrency investments. A total of nearly €1,615,000 was seized. (Press release from the Paris Judicial Court dated 3 November 2025)
Cybercrime: A preliminary investigation has been launched into offences related to the provision of online platforms facilitating organised illegal transactions, organised cyberattacks and pro-suicide propaganda. The investigations aim in particular to verify whether the algorithms comply with their transparency obligations towards users and whether they disseminate content promoting suicide. (Press release from the Paris Judicial Court dated 4 November 2025)
Cybercrime: According to a recent study conducted by Bitdefender, pro-Russian hackers are using virtual environments to discreetly infiltrate their targets’ networks. The Curly COMrades group deploys virtual machines on Windows systems in order to maintain a lasting and invisible presence within the targeted infrastructures. (Press release dated 4 November 2025)
2. Disinformation & Information Warfare
Disinformation: The European Commission presents a ‘democratic shield’ aimed at strengthening resilience against foreign interference, information manipulation and deepfakes, notably through the creation of a European crisis centre and a multilingual network of fact-checkers. (European Commission press release dated 12 November 2025)
Disinformation: A report recently published by Norma analyses French and European legal tools for combating information manipulation, highlighting their limitations in the face of evolving threats (fake news, foreign interference). It emphasises the importance of the European Digital Services Act (DSA) and the need for better cooperation between states and platforms to protect democracy and trust in information. (Report entitled ‘Legal aspects of information manipulation’ dated 26 September 2025)
Disinformation: Disinformation ‘made in the USA’, promoted in particular by the Trump administration, poses a serious threat to global health by promoting dangerous treatments, questioning vaccines on the basis of flawed studies, and appointing controversial figures to key positions, thereby undermining decades of scientific consensus. (Press release from the Observatory of Information and Influence Strategies dated 3 November 2025)
Disinformation: A study conducted by NATO’s Strategic Communications Centre of Excellence analysed the links between Russian propaganda (official texts and television media) and military actions during the war in Ukraine between October 2021 and March 2022. Despite extensive investigation, no clear warning signs of hostile information activities heralding the invasion were identified. (Press release dated 5 November 2025)
3. Personal Data & Privacy
Data breach: The French Shooting Federation (FFTir) suffered a cyberattack in October 2025, exposing the personal data (civil status, contact details, licence number) of 274,000 licence holders. Cybermalveillance.gouv.fr warns of the risks of identity theft and scams by fake police officers or gendarmes and calls for vigilance in the face of suspicious calls or messages. (Press release dated 7 November 2025)
Digital sovereignty: In observations published on 31 October 2025, the Court of Auditors highlighted the danger and issues posed using non-European IT solutions by certain ministries in France for the management of sensitive data. It noted that the State favours a level of trust rather than absolute sovereignty, while allowing private operators to offer public services without the same constraints. (Observations by the First Chamber of the Court of Auditors dated 31 October 2025)
Personal data protection: The decree of 31 October modifies the school bullying survey by allowing pupils (from Year 3 to Year 13) to voluntarily provide their first and last names to facilitate their care in the event of a report. Identifying data is then kept for up to three years for follow-up purposes, while other questionnaires are destroyed at the end of the school year. (Decree No. 2025-1037 of 31 October 2025 modifying the processing of personal data referred to as the ‘Bullying Survey’)
4. Digital Economy & Competition
Digital economy: Michael Burry warns of a possible speculative bubble in the field of AI linked to artificially extended depreciation and the growing weight of debt in the technology sector. At the same time, he has shorted the market to the tune of around $1 billion, believing that current valuations do not reflect the structural risks in the sector. (Press release dated 12 November 2025).
Complaint: 13 online marketplace executives have written to the EU in support of the DSA and GPSR, which they consider essential to a secure and innovative digital economy. They call for these recent rules to be stabilised before new ones are added, in order to ensure clarity and efficiency for businesses and consumers in Europe. (Press release dated 3 November 2025)
Cooperation: The United States has signed a series of new agreements on technological prosperity with Japan and South Korea. These agreements have various defined objectives: to increase US interaction with the scientific and technological ecosystems of Japan and South Korea, to harmonise regulatory approaches and to strengthen the national security of the countries in question. (Sector briefings from the Treasury Department dated 7 November 2025, No. 2025-37)
5. Artificial Intelligence
Complaint/AI: The Social Media Victims Law Centre and the Tech Justice Law Project have filed seven complaints against OpenAI, accusing ChatGPT of emotionally manipulating users, amplifying dangerous delusions and acting as a ‘suicide coach’, contributing to psychological crises and suicides. The lawsuits specifically target the GPT-4o version, designed to maximise engagement through artificial empathy and complacent responses, without directing users to professional help. (Open letter dated 6 November 2025)
Complaint/AI: Amazon has filed a lawsuit against Perplexity, accusing it of using its artificial intelligence, Comet, to illegally scrape and reproduce content from its online store. Perplexity subsequently posted a message on its browser accusing Amazon of intimidating it and seeking to stifle innovation. (Perplexity press release dated 4 November 2025)
6. Intellectual Property & Counterfeiting
Intellectual property: A German court ruled in favour of the collective management organisation GEMA in a case against OpenAI, finding that the latter had used protected song lyrics without authorisation to train its artificial intelligence models. The ruling requires OpenAI to pay damages and marks a first in terms of copyright law applied to generative AI. (Press release dated 11 November 2025)
Intellectual property: SACD has brought summary proceedings against TikTok before the Paris Court of Justice, arguing that the platform has been distributing protected works from its repertoire for many years without authorisation and without compensation, and is requesting disclosure of TikTok’s turnover. (SACD press release dated 13 November 2025).
Intellectual property: A federal court in New York has ordered OpenAI to hand over 20 million ‘anonymised’ logs in connection with its dispute with the New York Times over alleged copyright infringement. OpenAI is contesting this measure, citing risks to user privacy. (Press release from the United States District Court Southern District Of New York dated 12 November 2025)
Copyright/AI: Meta, accused by two porn production studios of illegally downloading more than 2,000 films to train its AI, defends itself by claiming that these downloads, made from its IP addresses, were for the ‘personal use’ of employees, contractors or visitors, and not for commercial use for its algorithms. (Motion to dismiss filed by Meta with the US District Court for the Northern District of California on 27 October 2025)
Counterfeiting: Nintendo won its lawsuit against streamer Jesse ‘EveryGameGuru’ Keighin, accused of live streaming pirated Switch games before their official release and sharing links to emulators. The court ordered Keighin to pay £17,500 in damages but rejected Nintendo’s requests to destroy his circumvention tools or ban unidentified ‘third parties’. (Decision dated 29 October 2025)
7. Regulation & Justice
Regulation and privacy: A draft regulation from the European Commission would relax certain provisions of the GDPR to facilitate the development of artificial intelligence, in particular by authorising the training of models on sensitive data. (Press release dated 10 November 2025)
Regulation & privacy: The European Union is considering merging the GDPR and the ePrivacy Directive into a single Article 88a to create a clearer and more modern legal framework for cookies and trackers. The draft would allow certain data processing operations to be carried out without users’ consent for technical or security reasons, but this has raised concerns about the protection of internet users. (Press release dated 10 November 2025)
Platform regulation: The Paris Public Prosecutor’s Office has opened a preliminary investigation into TikTok, following a report by MP Arthur Delaporte. The investigation, entrusted to the cybercrime unit, targets offences related to moderation, the recommendation algorithm, the exposure of suicidal content and the collection of data from minors. (Press release from the Paris Public Prosecutor’s Office dated 4 November 2025).
Money laundering: JUNALCO coordinated with Belgium and Cyprus to dismantle a network of fake cryptocurrency investments involving $700 million. Nine people were arrested and a judicial investigation was opened for aggravated money laundering and organised fraud. (Press release dated 3 November 2025)
Platform regulation: The Irish regulator Coimisiún na Meán has opened a formal investigation against X (formerly Twitter) for alleged non-compliance with the Digital Services Act, particularly with regard to the mechanisms for appealing moderation decisions. (Coimisiún na Meán press release dated 12 November 2025)
Regulation: The French government obtained Shein’s agreement to remove all illegal products (child pornography dolls, knives, medicines, etc.) sold on its platform after issuing a 48-hour ultimatum. The Directorate-General for Competition, Consumer Affairs and Fraud Control (DGCCRF) confirmed that no illegal products were still on sale, but Shein remains under close surveillance and legal proceedings are continuing. (Press release dated 7 November 2025)
Suspension procedure: The French government has announced that it has initiated a suspension procedure against the e-commerce platform Shein, pending the latter’s demonstration to the public authorities of its compliance with French laws and regulations. (Press release dated 5 November 2025)
