Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

Security Affairs
Actively Exploited

Overview

In April 2026, Sistemi Informativi, an IBM Italy subsidiary responsible for IT infrastructure management for various public and private institutions, suffered a significant breach. This incident is believed to be linked to the Chinese cyber operation known as Salt Typhoon. The breach raises alarms about the vulnerability of European digital defenses, especially as it targets a company managing critical infrastructure. The attack underscores the ongoing risks posed by state-sponsored cyber activities and highlights the need for enhanced cybersecurity measures across Europe. Organizations that rely on Sistemi Informativi for IT services may face increased risks as a result of this incident, prompting a review of their security protocols and defenses.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Sistemi Informativi (IBM Italy), public and private institutions relying on IT infrastructure management services.
  • Action Required: Organizations should review and strengthen their cybersecurity measures, particularly those relying on Sistemi Informativi for services.
  • Timeline: Newly disclosed

Original Article Summary

April 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The […]

Impact

Sistemi Informativi (IBM Italy), public and private institutions relying on IT infrastructure management services.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review and strengthen their cybersecurity measures, particularly those relying on Sistemi Informativi for services.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability, Data Breach, Critical, and 1 more.

Related Coverage

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

The Hacker News

This week's security updates reveal a series of vulnerabilities across various systems, including browsers, AI tools, and email services. Researchers discovered that many of these weaknesses stem from small permission gaps and inadequate security checks, which attackers can exploit. Notably, the article mentions the BlueHammer ransomware, which targets businesses by leveraging these types of vulnerabilities. This situation underscores the need for organizations to regularly assess their security measures and patch any identified weaknesses to prevent potential breaches. Overall, the findings serve as a reminder that even seemingly secure systems can harbor significant risks if not properly maintained.

Jul 2, 2026

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

SecurityWeek

Hackers have begun exploiting a newly disclosed vulnerability known as CitrixBleed, targeting NetScaler appliances. This vulnerability allows attackers to access arbitrary memory content through HTTP responses, putting sensitive information at risk. The exploitation started almost immediately after the vulnerability was publicly disclosed, indicating a rapid response from malicious actors. Organizations using affected NetScaler devices need to be vigilant, as this could lead to significant data breaches or unauthorized access. It's crucial for companies to take immediate action to safeguard their systems and protect sensitive information from being compromised.

Jul 2, 2026

FEMA clarifies rules for cybersecurity grant funding

SCM feed for Latest

FEMA has issued new guidelines regarding the use of federal cybersecurity grant funds by state and local governments. The agency has made it clear that these funds cannot be used to cover membership fees that include bundled cybersecurity or technical services. This decision stems from FEMA's inability to assess the reasonableness of these bundled costs. As a result, local governments must be more careful in how they allocate these funds, focusing on specific cybersecurity needs rather than bundled services. This clarification aims to ensure that federal money is spent effectively and transparently, enhancing the overall cybersecurity posture of state and local governments.

Jul 2, 2026

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The Hacker News

A new malware called Umbrij, linked to the cyber group ToddyCat, is targeting corporate Gmail accounts by exploiting the Google API. According to Kaspersky's recent report, the malware allows attackers to gain stealthy access to email communications, raising significant concerns for businesses that rely on Gmail for their operations. This tactic of compromising access through APIs highlights potential vulnerabilities in how companies manage their email systems. As email remains a primary communication tool for organizations, the implications of such breaches could be severe, resulting in sensitive information leaks and potential financial losses. Companies using Gmail should enhance their security measures to safeguard against this type of attack.

Jul 2, 2026

Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits

Infosecurity Magazine

A cybersecurity researcher has released over 30 proof-of-concept exploits without revealing the underlying vulnerabilities first. This action, known as 'Exploitarium,' raises significant concerns within the cybersecurity community as it could enable malicious actors to exploit these vulnerabilities before they are patched. The researcher argues that this approach can pressure vendors to address security flaws more quickly. However, this practice may also put many users and organizations at risk, as they might not be aware of the potential threats posed by these exploits. The implications of this release emphasize the ongoing tension between security research and responsible disclosure, highlighting the need for better communication between researchers and vendors.

Jul 2, 2026

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

SecurityWeek

Researchers have identified that credentials stolen from FortiGate firewalls are being misused in ransomware attacks linked to the INC and Lynx groups. This breach, known as the FortiBleed campaign, has compromised hundreds of thousands of firewall credentials, allowing attackers to launch targeted ransomware operations. This situation poses a significant risk, as organizations relying on FortiGate firewalls may find themselves vulnerable to further exploitation. Companies should take immediate action to secure their devices and monitor for unusual activity. The findings underscore the importance of maintaining strong security practices and regularly updating credentials to mitigate these risks.

Jul 2, 2026