On April 22, 2026, a series of significant cybersecurity incidents and technical failures were reported across Europe and North America, impacting critical infrastructure, retail logistics, and global cloud service providers. The events, ranging from targeted intrusions to systemic misconfigurations, have prompted immediate remediation efforts from the affected organizations and heightened scrutiny of third-party software dependencies.
In Italy, the Experimental Electromechanical Module (MOSE) system, which protects the Venetian Lagoon from high tides, was the target of a sophisticated cyber intrusion. According to a statement from the Venice Water Authority, unauthorized actors gained access to the supervisory control and data acquisition (SCADA) systems that manage the 78 mobile barriers. While the physical integrity of the barriers was not compromised, the breach forced engineers to transition to manual control protocols. Technical analysis indicates the attackers exploited a vulnerability in a remote maintenance portal, though no specific group has claimed responsibility for the incident.
Simultaneously, European fitness giant Basic-Fit confirmed a major data breach involving its member management platform. The company reported that an unauthorized third party accessed a database containing the personal information of approximately 1.8 million users across five countries. Compromised data includes full names, home addresses, and International Bank Account Numbers (IBANs). Basic-Fit officials stated that the breach originated from a compromised administrative credential and that they are working with the Dutch Data Protection Authority to notify affected individuals.
In the retail sector, Inditex, the parent company of Zara, reported an unauthorized access event within its internal supply chain management software. The incident, detected during a routine security audit on the morning of April 22, affected inventory synchronization between distribution centers and retail outlets in Southern Europe. While the company emphasized that customer credit card data is stored on a separate, unaffected network, the breach resulted in a temporary suspension of automated logistics, leading to projected delivery delays for approximately 250,000 online orders.
The technology sector also faced significant challenges as Salesforce and Vercel addressed separate security vulnerabilities. Salesforce issued a technical bulletin regarding a misconfiguration in its Experience Cloud platform, version 252.1. The error allowed unauthenticated external users to view internal object records that were intended to be private. Salesforce confirmed that the issue was localized to specific permission sets and has since deployed a global patch to enforce stricter access controls.
Concurrently, Vercel disclosed a security breach involving a third-party integration used in its deployment pipeline. The incident allowed attackers to intercept environment variables and API keys for approximately 600 active projects. Vercel’s security team identified the breach at 11:15 UTC and immediately rotated all potentially compromised secrets. The company has advised all users to audit their deployment logs for any unauthorized build activity occurring between April 20 and April 22.