Cyber News
Stay informed on the latest cybersecurity threats, incidents and regulatory updates across Sweden, the Nordics, and Europe.
ShinyHunters Steals Student Data From 275 Million Canvas Users
May 6, 2026
May 6, 2026 
Salt Typhoon Hits IBM Italy Subsidiary in Silent Two-Week Espionage Campaign
May 5, 2026
May 5, 2026 cPanel Zero-Day Exploited for Months Before Patch 44,000 Servers Hit
A critical authentication bypass vulnerability in cPanel has been under active exploitation since February, two months before the vendor issued a patch. CVE-2026-41940 carries a…
May 5, 2026 
Region Sörmland IT Disruption Grounds Mammography Services for Hours
May 5, 2026
May 5, 2026 CISA Fast-Tracks Nine-Year-Old Linux Root Bug to Known Exploited List
CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalogue on Friday, confirming that a nine-year-old Linux kernel flaw is being exploited in live attacks. The…
May 4, 2026 
Bluekit Phishing Kit Turns Session Hijacking into a Point-and-Click Operation
May 4, 2026
May 4, 2026 
Single Git Push Could Have Compromised Millions of GitHub Repositories
April 30, 2026
April 30, 2026 ShinyHunters Claims Udemy, Zara and 7-Eleven in Latest Extortion Wave
ShinyHunters claimed to have stolen 1.4 million records from online learning platform Udemy and has threatened to release the data alongside stolen information from Zara…
April 28, 2026 Trigona Ransomware Builds Custom Data Theft Tool to Evade Security
Trigona ransomware affiliates have abandoned off-the-shelf data exfiltration tools in favour of custom-built malware that steals files faster and evades security detection. The move marks…
April 27, 2026 CrowdStrike LogScale Critical Path Traversal Flaw Exposes Files to Unauthenticated Attackers
CrowdStrike has disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote…
April 27, 2026 CrowdStrike Patches Critical LogScale Vulnerability Exposing Server Files Without Authentication
CrowdStrike disclosed a critical unauthenticated path-traversal vulnerability in its LogScale platform on 21 April 2026. CVE-2026-40050 carries a CVSS v3.1 score of 9.8 and was…
April 27, 2026 CrowdStrike LogScale Critical Flaw Let Attackers Read Any Server File
CrowdStrike fixed a critical vulnerability in LogScale that let unauthenticated attackers read arbitrary files from the server filesystem. CVE-2026-40050 carries a CVSS score of 9.8…
April 27, 2026 
Microsoft Defender Targeted by Three Zero-Days, Two Remain Unpatched
April 24, 2026
April 24, 2026 
NCSC Handles 200 State Cyber Attacks as Britain Faces Four Weekly Incidents
April 23, 2026
April 23, 2026 North Korean Hackers Hijacked Axios Package for 100 Million Users
North Korean state hackers compromised the Axios npm package on 31 March 2026, inserting a cross-platform remote access trojan into one of JavaScript's most widely…
April 22, 2026 
French Identity Document Agency Hit by Cyberattack, 19 Million Records at Risk
April 21, 2026
April 21, 2026 Italian Regulator Fines Poste Italiane €12.5 Million for Mobile App Data Overreach
Italy's data protection authority has hit Poste Italiane and its payments subsidiary Postepay with a combined €12.5 million fine for forcing millions of users to…
April 21, 2026 
Cargo Thieves Exploit RMM Tools to Steal Freight Worth £5 Billion
April 20, 2026
April 20, 2026 Automotive Data Giant Autovista Confirms Ransomware Attack Disrupts European Operations
Autovista, a London-based automotive data and analytics firm, confirmed this week that a ransomware attack has disrupted its systems across Europe and Australia. The company,…
April 17, 2026 
UK Government Warns Businesses After Anthropic AI Finds Thousands of Unpatched Vulnerabilities
April 16, 2026
April 16, 2026 
Swedish Security Police Identify Pro-Russian Group Behind Failed Power Plant Attack
April 16, 2026
April 16, 2026