France’s Interior Ministry said a cyberattack on the ANTS platform may have exposed personal data linked to passport, identity card, residence permit and driving licence applications [EMEA]. Because the affected service sits inside a national identity-document workflow, investigators now face a high-consequence evidence, notification and credential-assessment exercise while establishing whether applicant records or account-linked data were actually accessed (Source: The Record, 20-04-2026).

The New South Wales government declared a significant cyber incident after internal monitoring detected the suspected transfer of more than 5,600 confidential Treasury documents to an external server [APAC]. Authorities said there was no external compromise of government systems, but the case still demands forensic reconstruction of user activity, device usage and document movement across multiple departments and commercially sensitive projects (Source: NSW Government, 21-04-2026).

Ukrainian authorities said they dismantled a bot farm that was supplying more than 3,000 fake Telegram accounts each month to Russian intelligence clients for disinformation activity [EMEA]. The case shows how investigators are now treating account-creation infrastructure, mobile-number sourcing and resale channels as operational components of influence campaigns rather than as peripheral online fraud activity (Source: The Record, 20-04-2026).

Police in Rajasthan widened an Aadhaar fraud probe after alleging that operators used dummy fingerprints to generate or authenticate records through an illegal enrolment workflow [APAC]. Investigators are now mapping compromised identities, analysing seized biometric equipment and testing whether weaknesses in enrolment controls allowed manipulated digital identities to move into wider financial or document-use channels (Source: The Times of India, 22-04-2026).

Bluesky said a sophisticated DDoS attack caused intermittent outages across feeds, notifications, threads and search, with disruption lasting for roughly a day [AMER]. The incident shows how traffic-based attacks against a fast-growing social platform can still produce wide operational disruption even without evidence of private data access or deeper application compromise (Source: The Record, 20-04-2026).

Three U.S. healthcare organisations disclosed breaches affecting nearly 600,000 people, with the largest case involving the North Texas Behavioral Health Authority and exposed personal information including Social Security numbers [AMER]. The notices point to older intrusions whose investigative and regulatory consequences are still unfolding, illustrating how delayed scoping can leave health-sector organisations managing both evidential uncertainty and mass-notification obligations at the same time (Source: SecurityWeek, 21-04-2026).

Microsoft released .NET 10.0.7 as an out-of-band security update to fix CVE-2026-40372, warning that vulnerable ASP.NET Core Data Protection deployments could allow network attackers to gain SYSTEM privileges [Global]. The issue is operationally important because it affects non-Windows deployments that load the impacted package at runtime, making rapid version verification and patch validation essential across cross-platform application estates (Source: Microsoft .NET Blog, 22-04-2026).

Researchers disclosed 22 BRIDGE:BREAK flaws affecting Lantronix and Silex serial-to-IP converters, with exposure estimates running to nearly 20,000 internet-reachable devices [Global]. The warning matters beyond ordinary network hygiene because these converters frequently bridge older operational or healthcare equipment into modern networks, so device takeover could enable tampering with data flows at critical trust boundaries (Source: The Hacker News, 21-04-2026).

The U.S. Justice Department said a Florida man working as a ransomware negotiator pleaded guilty to conspiring with BlackCat operators while abusing his role at an incident response company [AMER]. Prosecutors said he used his trusted access to help deploy ransomware and shared in the proceeds, exposing a serious insider-risk dynamic inside a function organisations often treat as a defensive control by default (Source: U.S. Department of Justice, 20-04-2026).

A British national pleaded guilty in California to hacking into at least a dozen companies via text-message phishing and stealing at least $8 million in virtual currency from victims in the United States [AMER]. Court records describe a coordinated social-engineering campaign that turned credential theft into broader account compromise and cryptocurrency fraud, providing another clear example of how SMS-based intrusion pathways remain highly effective against well-known brands (Source: U.S. Department of Justice, 17-04-2026).

The head of the UK’s cyber agency warned that Britain faces a “perfect storm” for cyber security, linking escalating geopolitical tension with rapid AI-driven technological change [EMEA]. The message pushes leadership attention toward resilience and severe-threat planning, signalling that cyber governance is increasingly being framed as an executive responsibility rather than a narrow technical matter for specialist teams alone (Source: NCSC, 22-04-2026).

ENISA released National Capabilities Assessment Framework 2.0 and its accompanying online tool to help Member States assess and strengthen implementation of national cybersecurity strategies [EMEA]. For practitioners, the update matters because it provides a more structured maturity baseline for governance, capability development and prioritisation that can influence future national requirements, benchmarking and funding expectations (Source: ENISA, 22-04-2026).