VulnHub

Real-time Cybersecurity News

Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

Security Affairs
Actively Exploited
VulnerabilityData BreachCriticalIBM

Overview

In April 2026, Sistemi Informativi, an IBM Italy subsidiary responsible for IT infrastructure management for various public and private institutions, suffered a significant breach. This incident is believed to be linked to the Chinese cyber operation known as Salt Typhoon. The breach raises alarms about the vulnerability of European digital defenses, especially as it targets a company managing critical infrastructure. The attack underscores the ongoing risks posed by state-sponsored cyber activities and highlights the need for enhanced cybersecurity measures across Europe. Organizations that rely on Sistemi Informativi for IT services may face increased risks as a result of this incident, prompting a review of their security protocols and defenses.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Sistemi Informativi (IBM Italy), public and private institutions relying on IT infrastructure management services.
  • Action Required: Organizations should review and strengthen their cybersecurity measures, particularly those relying on Sistemi Informativi for services.
  • Timeline: Newly disclosed

Original Article Summary

April 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The […]

Impact

Sistemi Informativi (IBM Italy), public and private institutions relying on IT infrastructure management services.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review and strengthen their cybersecurity measures, particularly those relying on Sistemi Informativi for services.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability, Data Breach, Critical, and 1 more.

Read Original Article

Related Coverage

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

The Hacker News

A major international operation has led to the arrest of at least 276 individuals involved in cryptocurrency investment scams that targeted American citizens. The crackdown was spearheaded by Dubai Police, in collaboration with the U.S. Federal authorities, and resulted in the closure of nine scam centers. These operations had reportedly caused millions of dollars in losses to unsuspecting investors. This coordinated effort underscores the growing issue of cryptocurrency fraud, which has become increasingly prevalent as more people engage in digital investments. The significant amount seized, totaling $701 million, indicates the scale of these scams and the need for ongoing vigilance in the crypto space.

May 4, 2026

Instructure confirms data breach, ShinyHunters claims attack

BleepingComputer

Instructure, an educational technology company, has confirmed that it suffered a data breach after a cyberattack. The ShinyHunters group, known for its extortion tactics, claims responsibility for the attack. Users of Instructure's platforms, which include tools like Canvas, may have had their personal data compromised. This incident raises concerns about the security of educational technologies and the potential risks to students and educators. As cyberattacks on educational institutions become more frequent, stakeholders need to ensure that proper security measures are in place to protect sensitive information.

May 3, 2026

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

Hackread – Cybersecurity News, Data Breaches, AI and More

VECT 2.0 ransomware is a new and dangerous strain that has been discovered to have serious flaws that can irreversibly destroy files. Victims of this ransomware will find that paying the ransom is futile, as the data is lost permanently, making recovery impossible. This situation poses a significant risk to individuals and organizations worldwide, as it undermines the traditional hope of recovering data through ransom payments. The emergence of VECT 2.0 highlights the evolving tactics of cybercriminals and the need for better preventive measures. Users and organizations are urged to strengthen their cybersecurity defenses to avoid falling victim to this destructive ransomware.

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

BleepingComputer

Recent research has revealed that scammers are exploiting Telegram's Mini App feature to conduct crypto scams and distribute Android malware. These operations involve impersonating reputable brands to trick users into providing personal information or investing in fraudulent schemes. The use of Telegram's platform allows these scams to reach a wide audience, putting many users at risk of financial loss and malware infections. This situation raises concerns about the security measures in place on social media platforms and highlights the need for users to be cautious when engaging with unfamiliar applications or links. Overall, this incident serves as a reminder for users to verify the legitimacy of offers and be vigilant against potential scams online.

May 3, 2026

Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

In a recent development, two U.S. cybersecurity experts have been sentenced for their involvement in a ransomware case. Their actions contributed to the growing issue of ransomware attacks that have been plaguing various sectors, highlighting the ongoing struggles law enforcement faces in combating cybercrime. A third individual connected to the case is awaiting a ruling scheduled for July. Additionally, Trellix has disclosed a breach that raises concerns about the security of its systems, though specific details about the breach have not been shared. These incidents serve as a reminder of the persistent threats in the cybersecurity landscape and the need for organizations to bolster their defenses against such attacks.

May 3, 2026

Trellix discloses the breach of a code repository

Security Affairs

Trellix has reported a security breach involving unauthorized access to a portion of its source code repository. The company has stated that there are no indications of the compromised code being misused. In response to the incident, Trellix quickly initiated an investigation with forensic experts and has notified law enforcement to assist in the matter. While the breach raises concerns about the security of the company’s intellectual property, Trellix assures that no customer data has been affected. This incident serves as a reminder for companies to continually monitor and secure their source code environments to prevent potential exploitation in the future.

May 2, 2026