preloader

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

gdpr privacy security compliance europe data-breach phishing nis2

GDPR Fines Surpass €7.1 Billion as ICO Penalises Water Utility for a Phishing Breach That Went Undetected for 20 Months

Cumulative GDPR enforcement since 2018 has crossed €7.1 billion, with European data protection authorities now processing 443 breach notifications per day – a 22 percent year-on-year increase. The UK Information Commissioner’s Office recently fined South Staffordshire Water £963,900 after a 2020 phishing attack was left undetected for nearly two years, allowing attackers to exfiltrate 4.1 terabytes of data on 633,887 customers and employees, which was subsequently published on the dark web.

oauth supply-chain salesforce crm saas-security security cloud europe

Dormant OAuth Token Gave Icarus Hackers Access to Salesforce CRM Data Across Dozens of Organisations

A supply chain attack against market intelligence platform Klue allowed the Icarus threat group to steal customer OAuth tokens and tunnel directly into connected Salesforce and Gong environments. The initial foothold came from a single dormant credential left over from an abandoned prototype integration. Affected organisations include Huntress, Recorded Future, and Tanium, with CRM data including sales communications, pricing, and competitive intelligence exfiltrated and used for extortion.

email deliverability dmarc dkim spf compliance email-security europe

Gmail, Yahoo, and Microsoft Are Now Hard-Rejecting Non-Compliant Bulk Mail: What European Senders Must Fix

Google, Yahoo, and Microsoft have all moved from filtering to permanent rejection of bulk email that fails SPF, DKIM, and DMARC authentication. Microsoft returns a 550 5.7.515 error that sends non-compliant messages to the void, not the spam folder. For European organisations sending transactional email, marketing campaigns, or automated notifications, this means misconfigured DNS records are now causing silent delivery failures rather than inbox noise.

nginx security devops cve rce web-server infrastructure patching

F5 Patches Critical NGINX Vulnerabilities: HTTP/3 Flaw CVE-2026-42530 Enables Unauthenticated Remote Code Execution

F5 has issued out-of-band security patches for two critical vulnerabilities in NGINX Open Source, NGINX Plus, and related products. CVE-2026-42530, rated CVSS 9.2, is a use-after-free flaw in the HTTP/3 QUIC module that allows an unauthenticated remote attacker to achieve code execution or denial of service. Any NGINX deployment with HTTP/3 enabled is exposed and should patch or mitigate immediately.

hetzner cloud infrastructure devops cost-optimisation europe

Hetzner's June 2026 Price Shock: CPX and CCX Instances Rise by Up to 176 Percent

Hetzner raised cloud prices for CPX and CCX instance families by up to 176 percent on 15 June 2026, the fourth pricing action in five months. The root cause is AI-driven DRAM demand pushing memory prices up by roughly 171 percent year on year. For European businesses relying on Hetzner’s RAM-heavy tiers, the cost equation has changed significantly and a cloud strategy review is now overdue.

devsecops devops ci-cd supply-chain vulnerabilities github-actions security dependencies

Datadog DevSecOps 2026: 87 Percent of Organisations Running Known Exploitable Vulnerabilities in Production

Datadog’s State of DevSecOps 2026 report analysed hundreds of thousands of production services and found that 87 percent of organisations are running at least one service with a known, exploitable vulnerability. Dependency lag has grown to a median of 278 days behind the latest major version, and 71 percent of GitHub Actions workflows leave third-party actions completely unpinned, creating a direct and underappreciated supply chain attack surface in CI/CD pipelines.

aws azure eu digital-markets-act cloud sovereignty compliance regulation europe

EU Expected to Issue DMA Gatekeeper Preliminary Findings Against AWS and Azure as Soon as Next Week

The European Commission is set to deliver preliminary findings as early as the week of 22 June 2026, formally designating Amazon Web Services and Microsoft Azure as gatekeepers under the Digital Markets Act. A designation would impose interoperability requirements, data portability obligations, and anti-self-preferencing rules on both platforms, with fines of up to 10 percent of global turnover for non-compliance. European organisations running workloads on either provider face a landscape that is about to change in material ways.

security fortinet vpn firewall credentials europe infrastructure network-security

FortiBleed: Admin Credentials for 75,000 Fortinet FortiGate Firewalls Exposed Across 194 Countries

A large-scale credential harvesting campaign dubbed FortiBleed has exposed verified administrator passwords for approximately 75,000 Fortinet FortiGate firewalls, including devices operated by government agencies, critical infrastructure providers, and major enterprises across 194 countries. The campaign, traced to a Russian-speaking threat group, did not exploit a new vulnerability. Attackers systematically harvested and cracked SSL VPN authentication hashes from internet-facing devices, many of which were fully patched.

cloud aws azure github devops microsoft multicloud infrastructure ai

Microsoft Turns to AWS to Keep GitHub Running as AI Coding Demand Overwhelms Azure

Microsoft has confirmed an agreement to provision AWS infrastructure for GitHub workloads, after GitHub recorded nine service incidents in May 2026 and availability dropped to roughly 88 percent in June. The move reflects a structural shift: AI coding tools have driven GitHub’s weekly commit volume to 275 million and its Actions compute minutes to 2.1 billion per week, growth that Microsoft’s own Azure infrastructure was not provisioned to absorb. The decision is the most public acknowledgement to date that no single cloud provider, including one’s own, can reliably self-contain the infrastructure demands of a major AI-driven platform.

security devops jetbrains developer-tools supply-chain ai ide

Fifteen Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developer Installs

A coordinated campaign on the JetBrains Marketplace placed 15 plugins disguised as AI coding assistants that silently exfiltrate AI provider API keys to an attacker-controlled server. The campaign ran from October 2025 through at least 10 June 2026, accumulated over 70,000 installs across seven vendor accounts, and targeted credentials for OpenAI, DeepSeek, and other AI services. Developers who installed any of the flagged plugins should rotate all AI provider keys immediately.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!