Europa.eu breach confirmed after ShinyHunters claim

The European Commission has confirmed a data breach affecting its Europa.eu platform following a cyberattack attributed to the ShinyHunters extortion group. The incident reportedly involved at least one compromised AWS account, with early investigations indicating that data was exfiltrated. While the Commission stated that its internal systems remain unaffected and no service disruption occurred, it has begun notifying potentially impacted EU entities as the full scope is assessed.

Threat actors claim to have accessed over 350GB of data, including databases, contracts, and sensitive internal materials, with a portion already published online. Screenshots shared with media appear to validate access to employee-related data. The group has a track record of high-profile breaches, often leveraging social engineering and SSO compromise tactics.

This incident follows a separate February breach involving the Commission’s mobile device management platform, reinforcing concerns around persistent threats targeting European institutions.

Fourth chrome zero-day patched as active exploits continue

Google has issued emergency updates to patch a newly discovered Chrome zero-day vulnerability (CVE-2026-5281), actively exploited in the wild. The flaw, a use-after-free issue within Dawn, Chromium’s WebGPU implementation, could allow attackers to trigger crashes, data corruption, or abnormal browser behaviour.

While Google confirmed exploitation, technical details remain restricted to limit further abuse. The fix has been rolled out to Chrome’s Stable Desktop channel across Windows, macOS, and Linux, with users urged to update immediately or ensure automatic updates are enabled.

This marks the fourth actively exploited Chrome zero-day addressed in 2026, following vulnerabilities in CSS font handling, the Skia graphics library, and the V8 engine. The trend highlights the continued focus by threat actors on browser-based attack vectors, often used in targeted campaigns.

With browsers remaining a primary entry point for attacks, rapid patching and proactive vulnerability management remain critical to reducing exposure.

Read our insight HERE

Cisco breach linked to Trivy supply chain attack

Cisco has suffered a cyberattack after threat actors leveraged stolen credentials from the recent Trivy supply chain compromise to infiltrate its internal development environment. The breach, reportedly contained by Cisco’s security teams, involved a malicious GitHub Actions plugin used to extract credentials and data from build systems.

Attackers are believed to have accessed multiple AWS accounts using stolen keys and cloned over 300 GitHub repositories, including source code tied to AI-driven products and unreleased technologies. Some of the compromised repositories reportedly belong to enterprise customers, including financial institutions and government entities.

The incident is linked to a wider campaign attributed to the TeamPCP group, which has targeted developer ecosystems via platforms such as GitHub, PyPI, and Docker. This follows related compromises involving LiteLLM and Checkmarx tools.

While containment measures and credential rotation are underway, the breach highlights the escalating risk posed by supply chain attacks targeting development pipelines and trusted security tools.

CareCloud breach exposes patient data after network disruption

Healthcare IT provider CareCloud has disclosed a cyberattack that resulted in a temporary network disruption and unauthorised access to sensitive data. The incident, which occurred on 16 March, impacted one of the company’s six electronic health record environments, causing reduced functionality for approximately eight hours before systems were fully restored.

CareCloud confirmed that patient health data stored within the affected environment may have been accessed, although the full scope of the breach and the number of individuals impacted remain under investigation. The company has engaged external cybersecurity specialists to conduct forensic analysis and secure its systems.

The organisation stated that the intrusion was contained and that no other platforms or environments were affected. While operations have returned to normal, the incident highlights the continued targeting of healthcare systems, where sensitive data and operational disruption can have significant downstream impact.

UK manufacturers hit hard as cyber incidents surge

UK manufacturers are facing sustained cyber pressure, with 78% experiencing a serious incident in the past year, according to new research from ESET. The findings highlight the scale of operational and financial impact across the sector, with 95% of affected organisations reporting direct business disruption.

Over half (53%) suffered financial losses, while supply chain disruption (44%) and missed commitments (39%) were also common. Among those hit by shutdowns, most experienced between one and seven days of downtime, underlining the real-world consequences of cyber incidents on production environments.

AI-enabled attacks are now viewed as the top threat (46%), surpassing phishing and ransomware, as adversaries adopt more advanced tactics. Despite this, many organisations still lack maturity in their approach, with 21% relying on reactive security measures and only 22% assigning cyber risk accountability at board level.

The data reinforces a growing concern that cybersecurity is still not being treated as a strategic business priority within manufacturing.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.