On April 22, 2026, a series of significant cybersecurity incidents disrupted critical infrastructure and corporate data systems across Europe and North America. The most prominent breach targeted Venice’s MOSE (Modulo Sperimentale Elettromeccanico) flood protection system. Technical reports indicate that unauthorized actors gained access to the Supervisory Control and Data Acquisition (SCADA) systems responsible for managing the 78 mobile barriers at the Lido, Malamocco, and Chioggia inlets. The breach resulted in a four-hour lockout of manual override controls, though automated safety protocols remained functional. Italian authorities confirmed that the intrusion originated from a vulnerability in a legacy VPN gateway used by a maintenance contractor.
In the private sector, European fitness giant Basic-Fit and global fashion retailer Inditex reported separate data exfiltration events. Basic-Fit disclosed that an unauthorized party accessed a database containing personal information for approximately 850,000 members across its Benelux operations. The compromised data included names, IBAN numbers, and gym access logs. Simultaneously, Inditex confirmed a breach affecting its e-commerce backend for several subsidiary brands. While payment card data was encrypted, the company stated that shipping addresses and contact details for roughly 1.1 million customers were exposed through an insecure API endpoint. These incidents have been reported to the relevant national data protection authorities.
The day’s disruptions extended to major cloud service providers. Salesforce issued a technical bulletin regarding a widespread misconfiguration in its Experience Cloud, formerly known as Community Cloud. The issue involved Guest User permission sets that inadvertently allowed public access to internal objects. Salesforce security teams identified that approximately 4,500 enterprise instances were configured with overly permissive access controls, potentially exposing sensitive internal documents and CRM records. The company began rolling out automated permission resets at 09:00 UTC to mitigate the risk and notified affected administrators via the Security Health Check dashboard.
Additionally, Vercel reported a security incident stemming from a third-party integration breach. A compromised credential from a popular analytics plugin allowed attackers to inject malicious scripts into the build pipeline of several high-traffic websites hosted on the platform. Vercel’s security operations center detected the anomaly after identifying unauthorized modifications to environment variables in 320 production deployments. The company revoked all affected API tokens and forced a redeployment of the impacted sites. According to Vercel’s official status page, the incident was contained within six hours of the initial detection. Forensic investigations are ongoing across all affected entities to determine the full scope of the data exposure.