These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
Adobe fixed 11 vulnerabilities across ColdFusion 2025, ColdFusion 2023, and Campaign Classic 7.4.3, seven of them rated a full CVSS 10.0, covering improper authorization, path traversal, and unsafe file upload flaws that chain into arbitrary code execution. Adobe assigned its highest Priority 1 rating to both updates, its own signal that exploitation is expected soon even though no public exploit exists yet.
CISA added CVE-2026-45659, an authenticated remote code execution flaw in on-premises SharePoint Server, to its Known Exploited Vulnerabilities catalog on 1 July, setting a remediation deadline of 4 July for US federal agencies. Microsoft shipped the fix in May, but SharePoint Server Subscription Edition, 2019, and 2016 remain widely deployed across European government bodies, law firms, and manufacturers that have not migrated to SharePoint Online.
Black Kite’s first report dedicated to Europe found 2,066 ransomware and data extortion incidents across 31 countries between January 2025 and April 2026, a 55.1 percent year-over-year increase driven largely by attacks that entered through a supplier rather than the victim’s own systems. Germany, the UK, France, Italy, and Spain account for nearly 70 percent of all recorded incidents, with manufacturing the hardest-hit sector.
Citrix bulletin CTX696604 fixes six NetScaler ADC and Gateway vulnerabilities, among them CVE-2026-8451, an out-of-bounds memory read in the SAML IdP XML parser that researchers are already comparing to the notorious CitrixBleed flaw, and CVE-2026-13474, a denial-of-service bug in HTTP/2 request handling that needs a manual configuration step even after patching. It is the second critical load balancer vulnerability in three days, after Kemp LoadMaster’s CVE-2026-8037.
Cato AI Labs disclosed DuneSlide, two CVSS 9.8 vulnerabilities in Cursor, the AI code editor used across more than half of the Fortune 500. Zero-click prompt injection from a connected MCP service or a page an agent reads during a web search is enough to escape the sandbox and reach unsandboxed remote code execution, no file opened and no command typed by the developer. Both flaws are fixed in Cursor 3.0, but every version before it is vulnerable.
The European Commission’s Cloud and AI Development Act, adopted on 3 June as the centrepiece of its Tech Sovereignty Package, creates four assurance levels for cloud services and would bar the three American hyperscalers, who hold roughly 70 percent of the EU cloud market between them, from the highest tiers reserved for defence, banking, energy, and healthcare. Trilogue negotiations could stretch past 2027, but the direction of travel for European public sector and regulated-industry procurement is already clear.
Progress Software’s Kemp LoadMaster, ECS Connection Manager, ObjectScale Connection Manager, and MOVEit WAF are affected by CVE-2026-8037, a CVSS 9.8 pre-authentication root command injection rooted in an uninitialized heap buffer inside the escape_quotes() sanitisation function. WatchTowr Labs published a full exploit chain on 29 June. Patches have existed since early June, but internet-facing load balancers are notoriously slow to update.
Qilin, now the most prolific ransomware-as-a-service operation of 2026, listed German legwear maker Kunert Fashion and French firm KALIACT ANCHETA et Associes on its leak site on 29 June. The group has claimed more than 500 victims this year alone, with manufacturing the single most targeted sector and stolen VPN credentials, often protected by no multi-factor authentication, as its favoured way in.
GitGuardian’s State of Secrets Sprawl 2026 report recorded 28.65 million new hardcoded secrets in public GitHub commits in 2025, a 34 percent year-over-year increase. AI-assisted commits leak credentials at twice the baseline rate, 24,000 secrets were found in MCP configuration files, and 64 percent of valid secrets from 2022 remain unrevoked.
Apple has confirmed that Siri AI will not launch in the EU on iOS 27 or iPadOS 27 after the European Commission rejected every compliance proposal Apple put forward under the Digital Markets Act. EU iPhone and iPad users have no timeline for the feature, and both sides publicly disagree about who is responsible.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.