Russian-linked hackers escalate attacks on European energy infrastructure

Sweden has revealed that Russian state-linked hackers attempted to disrupt operations at a thermal power plant in early 2025, marking another escalation in attacks against European critical infrastructure. While the intrusion was ultimately unsuccessful due to built-in protections, officials have warned that the nature of these threats is shifting. According to Civil Defence Minister Carl-Oskar Bohlin, groups previously associated with low-level disruption are now attempting far more destructive cyberattacks.

This incident reflects a broader pattern of increasingly aggressive activity targeting energy and utility systems. Similar operations have been reported across Europe, including attempts to interfere with Poland’s power grid and a breach of a Norwegian dam, where floodgates were briefly opened. Ukraine has also faced repeated attacks on its energy infrastructure in recent years.

The trend highlights a growing convergence between cyber operations and real-world disruption, reinforcing the need for stronger resilience across critical national infrastructure.

Microsoft Patch Tuesday fixes 167 flaws, including two zero-days

Microsoft’s April 2026 Patch Tuesday delivered security updates for 167 vulnerabilities, including two zero-day flaws and eight rated Critical. The majority of issues centre on elevation of privilege vulnerabilities, alongside 20 remote code execution bugs that could enable attackers to take control of affected systems.

Of particular concern is an actively exploited zero-day, CVE-2026-32201, impacting SharePoint Server and allowing spoofing attacks that could expose or manipulate sensitive data. A second zero-day, CVE-2026-33825, affects Microsoft Defender and enables privilege escalation to SYSTEM level, significantly increasing the risk of full system compromise.

Multiple critical vulnerabilities were also identified across Microsoft Office, including Word and Excel, where malicious documents or even preview pane interactions could trigger exploitation. This makes email-based attack vectors especially dangerous.

The update highlights the continued scale and complexity of patch management, with organisations urged to prioritise updates across SharePoint, Defender, and Office to reduce exposure to active threats.

Rockstar Games data breach linked to third-party SaaS compromise

Rockstar Games has confirmed a data breach following a wider security incident involving Anodot, with the ShinyHunters gang now leaking what it claims are 78.6 million records. The attackers allege the data was accessed via compromised authentication tokens tied to Snowflake environments, highlighting the growing risk posed by third-party SaaS integrations.

According to Rockstar, the breach involved a limited amount of non-material company information and has not impacted operations or players. However, the leaked datasets reportedly include internal analytics tied to Grand Theft Auto Online and Red Dead Online, such as revenue metrics, player behaviour tracking, and support system data.

The incident forms part of a broader campaign targeting organisations connected to Anodot, where stolen tokens were used to access cloud services including Snowflake and AWS environments. It reinforces the increasing focus of threat actors on supply chain weaknesses and identity-based attacks, rather than direct system exploitation.

Basic-Fit breach exposes data of one million members

European gym giant Basic-Fit has disclosed a cyberattack that exposed personal data belonging to approximately one million members across Europe. The breach, which impacted customers in multiple countries including the Netherlands, France, and Spain, involved unauthorised access to a system tracking gym visits.

Although the intrusion was detected and stopped within minutes, an investigation confirmed that attackers were able to exfiltrate sensitive information. This includes names, addresses, email details, phone numbers, dates of birth, bank account information, and membership data. The company stated that passwords and identification documents were not compromised, and franchise member data remained unaffected due to system separation.

Basic-Fit has notified regulators and affected individuals, and continues to monitor for potential misuse of the data. The incident highlights the ongoing risk to large consumer platforms holding extensive personal and financial information, even where detection and response measures are in place.

Booking.com breach exposes customer booking data

Booking.com has confirmed a data breach that exposed customer booking information after attackers gained unauthorised access to parts of its system. While the company stated that financial data was not compromised and the incident is now contained, personal and travel-related details were accessed.

The exposed data includes names, email addresses, phone numbers, physical addresses, and detailed booking information such as travel dates and accommodation notes. This type of data presents a significant risk, as it enables highly targeted phishing and social engineering attacks timed around upcoming trips.

Security experts warn that the real danger lies in the “context” of stolen data, allowing attackers to craft convincing messages such as fake booking issues or urgent payment requests. Some users have also raised concerns over the company’s response timeline.

Customers are advised to verify communications directly through official channels and remain alert to suspicious messages linked to their bookings.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.