preloader

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

security devops cve patch-management enterprise europe digital-security vulnerability email

Adobe Patches Seven Maximum-Severity Flaws in ColdFusion and Campaign Classic: This Is a 72-Hour Patch, Not a Backlog Item

Adobe fixed 11 vulnerabilities across ColdFusion 2025, ColdFusion 2023, and Campaign Classic 7.4.3, seven of them rated a full CVSS 10.0, covering improper authorization, path traversal, and unsafe file upload flaws that chain into arbitrary code execution. Adobe assigned its highest Priority 1 rating to both updates, its own signal that exploitation is expected soon even though no public exploit exists yet.

devops security digital-security cve microsoft sharepoint patch-management enterprise europe vulnerability

CISA Adds On-Premises SharePoint RCE CVE-2026-45659 to Its Exploited Vulnerabilities List, Three-Day Patch Deadline

CISA added CVE-2026-45659, an authenticated remote code execution flaw in on-premises SharePoint Server, to its Known Exploited Vulnerabilities catalog on 1 July, setting a remediation deadline of 4 July for US federal agencies. Microsoft shipped the fix in May, but SharePoint Server Subscription Edition, 2019, and 2016 remain widely deployed across European government bodies, law firms, and manufacturers that have not migrated to SharePoint Online.

security digital-security ransomware europe supply-chain compliance nis2 incident-response vendor-risk

Ransomware Incidents Across Europe Rose 55 Percent This Year, and a Third-Party Supplier Is Increasingly the Way In

Black Kite’s first report dedicated to Europe found 2,066 ransomware and data extortion incidents across 31 countries between January 2025 and April 2026, a 55.1 percent year-over-year increase driven largely by attacks that entered through a supplier rather than the victim’s own systems. Germany, the UK, France, Italy, and Spain account for nearly 70 percent of all recorded incidents, with manufacturing the hardest-hit sector.

security devops digital-security cve citrix netscaler load-balancer infrastructure europe

Citrix Patches Six NetScaler Flaws, Including a CitrixBleed Sequel and a New 'HTTP/2 Bomb'

Citrix bulletin CTX696604 fixes six NetScaler ADC and Gateway vulnerabilities, among them CVE-2026-8451, an out-of-bounds memory read in the SAML IdP XML parser that researchers are already comparing to the notorious CitrixBleed flaw, and CVE-2026-13474, a denial-of-service bug in HTTP/2 request handling that needs a manual configuration step even after patching. It is the second critical load balancer vulnerability in three days, after Kemp LoadMaster’s CVE-2026-8037.

security devops ai agentic-ai cve supply-chain developer-tools prompt-injection europe

DuneSlide: A Web Page Your AI Coding Agent Reads Could Take Over the Whole Machine

Cato AI Labs disclosed DuneSlide, two CVSS 9.8 vulnerabilities in Cursor, the AI code editor used across more than half of the Fortune 500. Zero-click prompt injection from a connected MCP service or a page an agent reads during a web search is enough to escape the sandbox and reach unsandboxed remote code execution, no file opened and no command typed by the developer. Both flaws are fixed in Cursor 3.0, but every version before it is vulnerable.

cloud aws azure digital-security sovereignty eu regulation compliance europe hetzner digital-ocean

The EU's Cloud and AI Development Act Would Lock AWS, Azure, and Google Cloud Out of Europe's Most Sensitive Contracts

The European Commission’s Cloud and AI Development Act, adopted on 3 June as the centrepiece of its Tech Sovereignty Package, creates four assurance levels for cloud services and would bar the three American hyperscalers, who hold roughly 70 percent of the EU cloud market between them, from the highest tiers reserved for defence, banking, energy, and healthcare. Trilogue negotiations could stretch past 2027, but the direction of travel for European public sector and regulated-industry procurement is already clear.

devops security digital-security cve load-balancer network-infrastructure patch-management cloud

CVE-2026-8037: A Single Crafted Request Gives Attackers Root on Kemp LoadMaster Load Balancers

Progress Software’s Kemp LoadMaster, ECS Connection Manager, ObjectScale Connection Manager, and MOVEit WAF are affected by CVE-2026-8037, a CVSS 9.8 pre-authentication root command injection rooted in an uninitialized heap buffer inside the escape_quotes() sanitisation function. WatchTowr Labs published a full exploit chain on 29 June. Patches have existed since early June, but internet-facing load balancers are notoriously slow to update.

security digital-security ransomware qilin manufacturing vpn incident-response devops

Qilin Ransomware Claims a German Fashion Manufacturer and a French Law Firm as Its 2026 Tally Passes 500 Victims

Qilin, now the most prolific ransomware-as-a-service operation of 2026, listed German legwear maker Kunert Fashion and French firm KALIACT ANCHETA et Associes on its leak site on 29 June. The group has claimed more than 500 victims this year alone, with manufacturing the single most targeted sector and stolen VPN credentials, often protected by no multi-factor authentication, as its favoured way in.

devops security credentials ai cicd github secrets-management digital-security

29 Million Secrets Leaked to GitHub in 2025: AI Coding Tools Are Doubling the Rate of Credential Exposure

GitGuardian’s State of Secrets Sprawl 2026 report recorded 28.65 million new hardcoded secrets in public GitHub commits in 2025, a 34 percent year-over-year increase. AI-assisted commits leak credentials at twice the baseline rate, 24,000 secrets were found in MCP configuration files, and 64 percent of valid secrets from 2022 remain unrevoked.

apple dma eu privacy ai europe compliance digital-markets-act

EU Blocks Siri AI on iOS 27 in Europe: Apple and Commission Reach a Dead End

Apple has confirmed that Siri AI will not launch in the EU on iOS 27 or iPadOS 27 after the European Commission rejected every compliance proposal Apple put forward under the Digital Markets Act. EU iPhone and iPad users have no timeline for the feature, and both sides publicly disagree about who is responsible.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!