Cyber Toolkit Ltd, a UK Registered Company - 16938415
This is the Cyber Toolkit weekly roundup of key cyber security news, covering the most relevant vulnerabilities, breaches and incidents affecting organisations in the UK and beyond over the past week (12th – 19th May 2026).
This week saw a mix of significant vulnerabilities, data breaches and patch releases, reinforcing familiar themes across the threat landscape: exposed online systems, third-party platforms, and vulnerabilities that can be rapidly exploited once publicly disclosed.
One of the more notable incidents involved Škoda, which confirmed a data breach following a compromise of its online shop. Attackers exploited a vulnerability in the software underpinning its e-commerce platform, gaining access to customer information including names, contact details, addresses, order histories and, in some cases, login credentials (stored in hashed form). While no payment card data appears to have been affected, the exposure remains significant, particularly from a phishing and identity risk perspective. The key issue here is less the organisation itself and more the entry point, widely used e-commerce infrastructure that can become a scalable route to customer data if not properly maintained and patched.
In the vulnerability space, Fortinet issued advisories for critical remote code execution (RCE) vulnerabilities affecting FortiSandbox and FortiAuthenticator. These products are particularly sensitive as they sit within authentication and security inspection layers in enterprise environments. As a result, vulnerabilities in these systems carry elevated impact, particularly where they support core security functions.
Microsoft’s May 2026 Patch Tuesday also took place this week, addressing 120 vulnerabilities across its product range. While no zero-days were disclosed this month, the overall volume highlights the continued scale and complexity of today’s attack surface across organisations. Patch management therefore remains a continuous operational requirement rather than a periodic task.
In the UK, a water supplier was fined £13 million after exposing the personal data of 664,000 customers. The incident highlights the ongoing cyber risk facing critical infrastructure providers. Organisations in utilities and other essential services continue to manage large-scale data environments, where control failures can result in both fines and reputational impact.
Finally, a newly disclosed Windows BitLocker vulnerability attracted attention following the release of a proof-of-concept exploit demonstrating potential access to protected drives. Given BitLocker’s widespread use across enterprise and public sector environments, vulnerabilities in this area are taken seriously. While exploitation may require local access, the availability of a PoC increases the urgency for organisations to assess patching and endpoint security posture.
Across these incidents, several consistent themes emerge, third-party platforms remain a frequent entry point, vulnerabilities in security tooling continue to carry high impact, and the volume of disclosed issues reinforces the need for continuous rather than reactive patching.
We’ll see what next week brings!