preloader

· ransomware digital-security security europe saas italy supply-chain data-breach

Ransomware Group Bashe Claims Italian Website Builder Flazio, Putting Thousands of Customer Sites at Risk

Source: DeXpose

A ransomware claim against a single Italian SaaS company is, on its face, a local story. But when that company is Flazio, a website-building platform used by thousands of small and medium businesses across Italy and Europe, a single breach claim becomes a multiplier. The group behind it, tracked as Bashe (also known as APT73), publicly claimed the attack on 2 July and says it will leak stolen data unless its demands are met.

Why a website builder is a high-value target

Flazio is not a single company’s infrastructure, it is shared infrastructure for a large customer base of small businesses that never signed up to manage their own security posture, and mostly could not if they tried. A platform like this typically holds customer account credentials, billing and payment details, domain and DNS configuration, and the actual content and data of every hosted site. For an attacker, that is a single point of compromise standing in for thousands of individual targets, exactly the kind of asymmetry that has made managed service providers and SaaS platforms an increasingly favoured entry point for ransomware crews rather than a side effect of it.

Bashe’s pattern this year

Bashe emerged as an active group in late February 2026 and ramped up its operations through March, building a track record of targeting mid-sized organisations that hold outsized amounts of downstream customer data relative to their own security budgets. That profile fits Flazio closely, and it fits a broader pattern European regulators have been tracking all year: recent industry analysis found ransomware incidents across Europe up 55 percent this year, with a third-party supplier increasingly the way attackers get in rather than a direct hit on the ultimate target. A platform breach like this one is the mechanism that statistic describes, not an exception to it.

What customers of any hosted platform should be doing right now

If your organisation’s website, e-commerce store, or customer data sits on any third-party SaaS platform, and for most small and medium businesses in Europe it does, a breach claim against that vendor is your incident too, whether or not your specific account is confirmed as affected. Waiting for an official notification before acting wastes the window in which credential rotation and monitoring actually help.

What we recommend

  • If you use Flazio or any similar hosted website platform, rotate account and admin credentials now rather than waiting for a formal breach notification
  • Review what customer, billing, and domain data your platform provider actually holds, and confirm whether that data is encrypted at rest and access-logged
  • Ask every SaaS and hosting vendor in your stack directly what their incident response and customer notification commitments are, before an incident forces the question
  • Treat vendor security posture as a procurement criterion going forward, not an afterthought raised only after a breach
  • Maintain your own backup of website content and configuration independent of any single hosting platform, so a vendor-side incident does not become a total loss

If you rely on a third-party platform to run your website or online business and want an independent assessment of that exposure, help migrating away from a platform that has suffered a breach, or a broader review of your supply chain security posture, contact Excello Digital. We help European businesses reduce how much of their fate sits in someone else’s incident response plan.

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!