Cyber Toolkit Ltd, a UK Registered Company - 16938415
This is the Cyber Toolkit weekly roundup of key cyber security news, covering the most relevant vulnerabilities, breaches and incidents affecting organisations in the UK and beyond over the past week (30th June - 7th July 2026).
While not believed to be the result of a cyber attack, Boeing experienced a multi-day IT systems outage that disrupted operations across several manufacturing facilities, including sites in St. Louis, Michoud and Tulsa. The outage forced the suspension of a number of production activities that relied on affected IT systems, with employees instructed to coordinate with managers while engineers worked to restore services. Security researcher Kevin Beaumont reported that the issue appears to be related to failures involving Siemens industrial control system equipment rather than malicious activity. The incident serves as a reminder that operational resilience depends not only on protection from cyber attacks but also on the reliability of critical IT and operational technology infrastructure, where outages can have significant business impacts regardless of the root cause.
Organisations using Progress Kemp LoadMaster appliances were urged to apply security updates after researchers disclosed a pre-authentication remote code execution vulnerability affecting the widely deployed load balancer. The flaw could allow attackers to execute arbitrary code on vulnerable devices without authentication, making internet-facing deployments particularly attractive targets. As network appliances continue to be a favourite target for threat actors, organisations should prioritise patching externally exposed infrastructure and ensure these critical systems are included within regular vulnerability management.
Adobe released security updates addressing multiple vulnerabilities across several of its enterprise products, including seven critical flaws carrying the maximum CVSS score of 10.0. The most severe issues affect Adobe Experience Manager Forms and could allow attackers to achieve remote code execution on vulnerable systems. Organisations using Adobe enterprise platforms should review the advisories carefully and deploy updates as soon as possible, particularly where affected services are accessible from the internet.
Researchers continued to discuss the active credential theft campaign dubbed "FortiBleed", which has now been linked to the Lynx ransomware operation. Attackers are exploiting exposed Fortinet devices to harvest credentials before using them to gain access to victim networks and ultimately deploy ransomware. The campaign demonstrates the increasingly common approach of combining credential theft with ransomware operations, reinforcing the importance of multi-factor authentication and rapidly patching internet-facing appliances.
The U.S. Department of Homeland Security confirmed that attackers breached the Homeland Security Information Network (HSIN), a platform used to share sensitive but unclassified information between federal, state, local and private sector partners. While officials stated there is currently no evidence that classified information was compromised, the incident highlights the ongoing targeting of government collaboration platforms and trusted information-sharing environments.
We'll see what next week brings.