These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
Cumulative GDPR enforcement since 2018 has crossed €7.1 billion, with European data protection authorities now processing 443 breach notifications per day – a 22 percent year-on-year increase. The UK Information Commissioner’s Office recently fined South Staffordshire Water £963,900 after a 2020 phishing attack was left undetected for nearly two years, allowing attackers to exfiltrate 4.1 terabytes of data on 633,887 customers and employees, which was subsequently published on the dark web.
A supply chain attack against market intelligence platform Klue allowed the Icarus threat group to steal customer OAuth tokens and tunnel directly into connected Salesforce and Gong environments. The initial foothold came from a single dormant credential left over from an abandoned prototype integration. Affected organisations include Huntress, Recorded Future, and Tanium, with CRM data including sales communications, pricing, and competitive intelligence exfiltrated and used for extortion.
Google, Yahoo, and Microsoft have all moved from filtering to permanent rejection of bulk email that fails SPF, DKIM, and DMARC authentication. Microsoft returns a 550 5.7.515 error that sends non-compliant messages to the void, not the spam folder. For European organisations sending transactional email, marketing campaigns, or automated notifications, this means misconfigured DNS records are now causing silent delivery failures rather than inbox noise.
F5 has issued out-of-band security patches for two critical vulnerabilities in NGINX Open Source, NGINX Plus, and related products. CVE-2026-42530, rated CVSS 9.2, is a use-after-free flaw in the HTTP/3 QUIC module that allows an unauthenticated remote attacker to achieve code execution or denial of service. Any NGINX deployment with HTTP/3 enabled is exposed and should patch or mitigate immediately.
Hetzner raised cloud prices for CPX and CCX instance families by up to 176 percent on 15 June 2026, the fourth pricing action in five months. The root cause is AI-driven DRAM demand pushing memory prices up by roughly 171 percent year on year. For European businesses relying on Hetzner’s RAM-heavy tiers, the cost equation has changed significantly and a cloud strategy review is now overdue.
Datadog’s State of DevSecOps 2026 report analysed hundreds of thousands of production services and found that 87 percent of organisations are running at least one service with a known, exploitable vulnerability. Dependency lag has grown to a median of 278 days behind the latest major version, and 71 percent of GitHub Actions workflows leave third-party actions completely unpinned, creating a direct and underappreciated supply chain attack surface in CI/CD pipelines.
The European Commission is set to deliver preliminary findings as early as the week of 22 June 2026, formally designating Amazon Web Services and Microsoft Azure as gatekeepers under the Digital Markets Act. A designation would impose interoperability requirements, data portability obligations, and anti-self-preferencing rules on both platforms, with fines of up to 10 percent of global turnover for non-compliance. European organisations running workloads on either provider face a landscape that is about to change in material ways.
A large-scale credential harvesting campaign dubbed FortiBleed has exposed verified administrator passwords for approximately 75,000 Fortinet FortiGate firewalls, including devices operated by government agencies, critical infrastructure providers, and major enterprises across 194 countries. The campaign, traced to a Russian-speaking threat group, did not exploit a new vulnerability. Attackers systematically harvested and cracked SSL VPN authentication hashes from internet-facing devices, many of which were fully patched.
Microsoft has confirmed an agreement to provision AWS infrastructure for GitHub workloads, after GitHub recorded nine service incidents in May 2026 and availability dropped to roughly 88 percent in June. The move reflects a structural shift: AI coding tools have driven GitHub’s weekly commit volume to 275 million and its Actions compute minutes to 2.1 billion per week, growth that Microsoft’s own Azure infrastructure was not provisioned to absorb. The decision is the most public acknowledgement to date that no single cloud provider, including one’s own, can reliably self-contain the infrastructure demands of a major AI-driven platform.
A coordinated campaign on the JetBrains Marketplace placed 15 plugins disguised as AI coding assistants that silently exfiltrate AI provider API keys to an attacker-controlled server. The campaign ran from October 2025 through at least 10 June 2026, accumulated over 70,000 installs across seven vendor accounts, and targeted credentials for OpenAI, DeepSeek, and other AI services. Developers who installed any of the flagged plugins should rotate all AI provider keys immediately.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.