Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th July and 19th July 2026.15th July
74% of Organizations Remediate Vulnerabilities Within a Week
858,000 Files and Confidential Blueprints: Inside Data Breach at India's Largest Nuclear Plant in Tamil Nadu's Kudankulam
AI used to help plan the break-in, now it’s doing the break-in
AI-driven bug hunting fuels record Microsoft Patch Tuesday
AI-Powered Phishing Kits Fuel 1,380% Surge in Attacks Targeting Microsoft 365
Amazon Web Services (AWS) retools Security Hub for AI and multicloud threats
Americans are ignoring scam calls, but phishing emails still fool many
An AI overthinking attack can tie a robot up for over a minute
Australia: Medical records and personal details stolen in GP network cyber attack
Australia: Tax and superannuation data allegedly stolen in data breach
Australia-India Partnership on Cyber, Critical Technologies and Supply Chains (PACTS) to Deepen Cybersecurity and Tech Collaboration
Britons told to stockpile food and water in case of Russian cyberattack
CISA Adds SonicWall SMA1000 Vulnerabilities to KEV Catalog Following Active Exploitation
CISA warns admins to patch actively exploited SharePoint flaws
ClickFix is changing the economics of social engineering
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Cyber insurance now covers more than 95% of data breach losses
Data Breach At India's Biggest Nuclear Plant: 19,000 Files Exposed On Dark Web, Anil Ambani’s Reliance Group Confirms 'Leak'
Data Breach Exposes Files Linked to India’s Largest Kudankulam Nuclear Power Plant
Engineering The Internet For Resilience
EtherHiding Attack Hides ClickFix Payload Infrastructure Inside Polygon Blockchain
EU sanctions Trickbot boss ‘Stern’ over $300 Million in ransomware payments
Everything we know as Walsall hacker faces jail over Transport for London cyber attack
FaceTime Scams Impersonate Apple Support and Banks to Steal Account Credentials
Fake NVIDIA Software Distributes New LabubaRAT Malware to Hijack Windows PCs
Files Linked to India’s Largest Nuclear Plant Exposed in Data Breach
Files relating to India’s largest nuclear power plant Kudankulam exposed in data breach
First VPN administrators sanctioned by US Treasury over ransomware attacks
Fortinet Patches FortiOS Authentication Bypass and FortiSandbox Command Injection Flaws
FreeRDP 3.29.0 security update resolves 22 advisories
Goose Creek data breach exposes 6.6 million customer records
Government Updates UK’s National Risk Register with Cyber Warnings
Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access
Hackers leak data from India’s largest nuclear plant
How Bangladesh can stop the next data breach
Identity Is Now The Leading Ransomware Entry Point
India: Files relating to Kudankulam nuclear power plant exposed in data breach
India: Files relating to Kudankulam nuclear power plant exposed in ransomware data breach
India: Kudankulam nuclear power plant documents exposed in ransomware data breach
India: Kudankulam nuclear power plant’s files exposed in data breach
India: Ransomware Group Reportedly Leaks Kudankulam Nuclear Plant Blueprints
India: Reliance confirms partial data breach after hackers claim Kudankulam nuclear plant files leaked
India’s largest nuclear power plant hit by data breach, files exposed
India’s Largest Nuclear Plant Hit by Major Data Leak on the Dark Web
India's largest nuclear plant suffers data breach, blueprints of facility leaked on dark web
India’s nuclear security under scrutiny after data breach
Iowa joins multi-state settlement over 23andMe data breach after company’s bankruptcy
Iran Exploited SS7 Mobile Network Flaws to Track US Troops, Coinciding With Strikes on US Forces
Is this the last of FirstVPN? Law Enforcement Targets Infrastructure’s Role in Cybercrime
Jalisco and OmegaLord Phishing Kits Target Microsoft 365 With MFA Bypass
LastPass and Bitwarden Users Targeted by Phishing Campaign
Lidl Warns Customers Over Third-party Data Breach
Loan scam phishing surges in South Korea as attackers favor messengers
Loyalist College: Cyber attack confirmed
Major Cyber Attack Targets Network of GP Practices and Skin Cancer Clinics, Stolen Medical Records Confirmed
Major German bank says a third party may have been hit following claims of ransomware attack
Massive data breach at India's largest nuclear plant: Kudankulam blueprints, supplier details among 19,000 leaked files on dark web
Microsoft July Patch Tuesday Fixes Record 570 Vulnerabilities and Three Exploited Zero-Days
Microsoft Patches 570 CVEs in Record Patch Tuesday
Microsoft smashes Patch Tuesday record for second successive month
Microsoft's largest Patch Tuesday ever: 570 flaws, Kerberos encryption overhaul
Microsoft’s Largest Patch Tuesday Fixes 622 Vulnerabilities, Two Under Active Attack
Minnesota Included in Major 23andMe Data-Breach Settlement
Multistate settlement reached with 23andMe for 2023 data breach
New 'Jalisco' and 'OmegaLord' Phishing Kits Advance Attack Methods, Can Bypass Microsoft 365 MFA
New Jersey to receive nearly $410K in 23andMe genetic data breach settlement
Nightmare Eclipse drops 9th Windows security issue amid ongoing personal vendetta against Microsoft
North Carolina to receive $666K in 23andMe settlement over 2023 data breach
Notepad++ Security Update Patches Buffer Overflow and Updater Code Execution Flaws
Pakistan’s National CERT warns organizations over Fortinet firewall cyber intrusion campaign
Partnered Health cyber attack exposes patient medical records across clinic network
Partnered Health Data Breach Exposes Patient Records at Family Clinics
Partnered Health hack: Major health network hit in cyber attack, impacted centres named
Partnered Health hit by major cyber attack, impacted centres named
Patient records stolen in cyber-attack on Australian healthcare provider
Pennsylvania Receiving Nearly $492,000 in 23andMe National Data Breach Deal
Phishing toolkits target Microsoft 365 MFA in surge
Physicians Primary Care of Southwest Florida Agrees to Data Breach Settlement
Progress Restores ShareFile Storage Zones Access After Vulnerability Exploit Concerns
PromptFiction Flaw Auto-Submitted Hidden Prompts in Claude Desktop
Proton VPN in its Transparency Report Says It Has Rejected All 458 Swiss Court-Approved Data Requests Since 2017
Ransomware attacks rose 20% in the first half of 2026
Ransomware Breach: Reliance's Nuclear Files Exposed
Ransomware gang posts 19,000 files allegedly linked to India's largest nuclear plant in Tamil Nadu
Ransomware group claims breach of chip design firm Synopsys, alleges access to Bosch data
Ransomware Group Claims Leak Of Files Linked To India's Largest Nuclear Plant, Kudankulam
Ransomware Hackers Dump Kudankulam Nuclear Plant Blueprints Online After Reliance Group Server Breach
Ransomware Storm: Reliance Group Data Breach at India's Largest Nuclear Plant
Researcher Drops New Windows Zero-Day Proof-of-Concept (PoC) Hours After Microsoft Patch Tuesday
Russian Hackers Are Turning Doorbell and Security Cameras Into Spy Tools to Track NATO Military Logistics, Dutch Intelligence Warns
Secure Access Service Edge (SASE) Has An AI Blind Spot. Inspecting Packets Is No Longer Enough
'Serious risk' to India's largest nuclear plant after sensitive files leaked on dark web
Singapore data breach highlights supply chain vulnerability as IBM-managed test system leaks sensitive records
Singapore SMB ransomware rate rises despite regional low
South Korea: Loan Phishing Texts Surge 162% in Q2
Spanish police dismantle €140 million cybercrime network
Suspected Chinese Hackers Use Claude Code and DeepSeek to Breach Government Systems in Three Countries
Synopsys denies data breach allegations
Sysdig Details First Fully Agentic AI Ransomware Operation JadePuffer
Teen hackers to be sentenced for massive Transport for London (TfL) cyber attack
The Agentic Insider: Why AI Tech Stacks Are the Ultimate Insider Threat
The Managed Detection and Response (MDR) renewal question: What changes when AI can handle the alerts
The State of Ransomware 2026: Payments are dropping but encryption is climbing
Three Russians charged with attacks on US infrastructure - $62 million in losses
Three Russians Indicted in $62 Million Cybercrime Scheme Targeting U.S. Infrastructure
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
U.S. Cracks Down on Russian Ransomware Trio
U.S. Hits Ransomware Supply Chain With New Sanctions
UK: How Walsall 'bedroom hacker with no friends' caused £29 million chaos in online cyber attack
UK Households Told to Stockpile Food, Water and Medicines as Russia Cyber Attack Threat Grows
US charges alleged operators of Russian bulletproof hosting service
US Indicts Russian Bulletproof Hosting Provider Media Land and Three Operators
US sanctions First VPN and its administrator for supporting ransomware attacks
US Treasury sanctions a VPN provider and its administrator for the first time
US Treasury Targets VPN Provider That Shielded Ransomware Groups for 12 Years
Vermont, New Hampshire, New York part of multistate settlement over 23andMe data breach
14th July
5 charged in UK investigation into Russian Coms scam platform
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
23andMe customers in dozens of states will get paid after $150M data breach settlement
23andMe settlement: Georgia joins 42-state alliance over data breach
23andMe Settles with 42 States for 2023 Data Breach
140+ Malicious npm Packages Turned Web Proxies for Students Into a DDoS Botnet
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
8,400 Phishing Domains Targeted Turkish Banks
A Ransomware Sanction Accidentally Took Down Telegram's Domain
A U.S. Sanctions Entry for a Ransomware VPN Appears to Have Accidentally Broken Telegram Links Worldwide
Alleged Russian cybercriminals indicted in Ohio helped conceal ransomware gangs
American Express “Sign-In Alert” phishing email leads to fake multi‑step credential harvesting pages
Apple Accuses Ex-Engineer of Exploiting ‘Rare’ Zero-Day to Steal Trade Secrets for OpenAI
Arizona receives slice of 42-state, $18 Million settlement over 23andMe genetic data breach
Australia: Lifeline confirms data breach
Australian Enterprises At Risk as Anthropic Finds Hackers In Claude Code
Canada: Cyber attack at Loyalist College
China opposes spreading false cybersecurity information for political purposes, Foreign Ministry on US, Paraguay’s claims of so-called ‘hacker threat’ from China
China rejects US-Paraguay ‘hacker threat’ allegation
CISA Shares Lessons Learned from Own Data Breach
CISA Warns 18-Year-Old Cisco IOS Vulnerability Exploited for Arbitrary Command Execution
Clinical Care Resilience Goes Beyond Having the Right Security Tools
Comcast to pay $117.5 million in class-action settlement over 2023 data breach affecting Xfinity customers
“Context bombs” can frustrate AI-driven attacks, researchers found
Cybercriminals Exploit AI Hallucinations To Launch Advanced Phishing Campaigns
Cybercriminals Target Turkish Banks With 8,400 Phishing Domains and 6,600 Scam Ads
Cybersecurity Researchers Identify First Fully Autonomous AI-Driven Ransomware Attack
Data Breach Hits AssuranceAmerica Exposing Personal Information of Nearly 7 Million People
Delaware Reach Settlement in 23andMe Data Breach Case
Delaware settles 23andMe data breach lawsuit, 16K+ residents affected
Department of Justice charges three Russians in $63 Million cybercrime scheme tied to ransomware infrastructure
EU Blacklists Russian Hackers and Firms Over Cyberattacks on Europe and Ukraine
EU sanctions Russian hackers and firms over cyberattacks
EU sanctions Russian surveillance firms behind state-controlled tracking app
EU, UK Attribute Russia Cyberattack to FSB, Announce Sanctions
EU, UK Sanction VKontakte Over FSB-Linked MaxApp Surveillance Tool, Lumma Stealer Operators, GRU Members
Every cybersecurity team needs a hacker mindset
Fiesta Insurance Data Breach Compromises Social Security Numbers
Finland issues wanted notice for hacker behind massive psychotherapy data breach
Five Charged in “Russian Coms” Fraud Platform Case
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards
Forg365: New phishing platform targets Microsoft 365 accounts
Forg365 industrializes Microsoft 365 phishing with AI-generated lures
FortiSandbox Flaw Lets Unauthenticated Attackers Access VNC Server on Scanning VMs
Georgia Medical Firm Paying $4,000,000 In Data Breach Settlement Affecting Thousands
German Foreign Ministry Calls Russian Ambassador Regarding Cyber Attack Operation
Germany Among the Top Three Countries for Ransomware
Giant Telegram user database just hit hacker forums: here's why that's bad news
Global cyber attacks rise 17% as ransomware activity accelerates
Google Follows Microsoft to Remove ModHeader Extension from Store Following Reports of Covert Exfiltration Capability
Hacked DNA: 23andMe Strikes $18 Million Settlement Over Massive Genetic Data Breach
Hackers Abuse Fake OAuth Client IDs to Validate Microsoft Entra Accounts and Passwords
Hackers steal Lidl customer data from external service provider
He negotiated with ransomware gangs - Then joined them. Now he's headed to prison
How Post-Quantum Cryptography is Gaining Adoption
Immutable backup: Why it matters for ransomware recovery
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
JADEPUFFER: The emergence of Agentic AI in ransomware operations
Japan's largest taxi company knocked offline by cyberattack as dispatch systems go dark
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
LastPass, Bitwarden users targeted with fake security alerts
Lidl Confirms Customer Data Breach at IT Service Provider
Lidl Confirms Data Breach After Third-Party IT Provider Hack
Lidl data breach: Supermarket chain warns customers after third-party 'IT incident' exposes customer information - here's what we know so far
Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands
Lidl Notifies Customers of Third-Party Data Breach
Lifeline Australia confirms staff data compromised following hacking claims
Lucent Health Solutions to Pay Up to 1.95 Million to Settle Data Breach Litigation
Major data breach at Tata Electronics exposes Apple’s confidential files, raising global supply chain security concerns
Match Group Breach: ShinyHunters Claim 10 Million Records
May 2026 Healthcare Data Breach Report
Michigan settles bankruptcy claims against 23andMe over data breach
Microsoft ditches SMS and voice authentication for Entra ID, passkeys rolling out as default
Microsoft Entra ID authentication overhaul to start in September 2026
Microsoft Entra ID gets passkeys default authentication starting September
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
Microsoft Saw 18.7 Million QR Phishing Attacks in March Alone - Here’s Why Defenders Keep Missing Them
Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns
Minnesota, North Dakota among 42 states in settlement with 23andMe over 2023 genetic data breach
Moody Bible Institute Data Breach: What 2.3 Million Donors Must Do Right Now
Mountain View warns of phishing scam targeting planning project applicants
NATO logistics, Ukrainian troops are top subjects of Russian camera hacks, advisory says
Nearly 300 GitHub repos pose as legit software to push malware
Nearly 12,000 TRICARE Beneficiaries Warned of Data Breach
New Hampshire Attorney General (AG) announces multistate settlement of bankruptcy claims against 23andMe over genetic data breach
New Jersey to Receive $410K in 23andMe data breach
New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter
New macOS malware steals passwords by posing as Apple’s crash-reporting tool
New phishing kits target Microsoft 365 accounts, evade MFA
New Qilin Ransomware Attack Uses DCSync Technique to Abuse AD Replication Protocol
New tutorials on underground hacking forums have roughly doubled
New York: 23andMe hit with $18 million penalty after massive DNA data breach
Nigeria Data Protection Commission (NDPC) Claims It Acts on Every Data Breach Complaint, Yet There’s No Outcome in 3 Major Cases
Nihon Kotsu Cyberattack Disrupts Japan’s Largest Taxi Operator
No-one knows how many old shims can still bypass UEFI Secure Boot
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
Oklahoma: Mystery deepens over data breach of inmate info
Oregon to get half a million in settlement for 23andMe data breach
Pennsylvania and New Jersey each receive over $400,000 in 23andMe settlement
Phishing for dummies: Forg365 lowers barrier to M365 account takeovers
Phishing Toolkits Harvest Entra Tokens in Real Time
Phishing, UPI Scams and Remote Access Fraud on the Rise, Experts Warn
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
RabbitMQ Vulnerability Exposes OAuth Secrets to Attackers
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
Russia slams EU's cyber-attack accusations
Russian hackers are targeting routers to infiltrate critical infrastructure, CISA warns
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
SAP warns of critical flaws in NetWeaver and Commerce Cloud
Scammers Use 8,400 Phishing Domains to Target Turkish Banking Customers
SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
South Africa records over 2,000 weekly cyber attacks
South Dakota to receive nearly $150K in 23andMe bankruptcy settlement following 2023 data breach
Spanish Police take down €140 million cyber fraud ring, arrest four
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
Surplus Line Association of California Data Breach Exposes SSNs
Suvida Healthcare Data Breach Affects 2,109: Medical Info Exposed
Synopsys denies data breach claims by new ransomware group D1R
Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims
Tennessee to receive $348K in 23andMe data breach settlement
The best defense against AI attacks turns out to be a skeptical human
The inside job that cost ransomware victims millions
The negotiator was the leak: insider who betrayed ransomware victims gets 70 months
Turkish Banks Targeted by 8,400 Phishing Domains and 6,600 Social Media Scam Ads
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
U.S. Treasury Just Hit Ransomware’s Supply Chain Where It Hurts
U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses
U.S., Allies: Russia Abusing Network Devices to Attack Critical Infrastructure
UK: Public to be told how to prepare for cyber-attack and weather emergencies
UK: Public to be told to stockpile food in case of cyber attack from Russia
UK charges five persons linked to fraud platform behind more than a million scam calls
Uninstall this Chrome extension now: it contains surveillance code
Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm Packages
US: Government healthcare administrator offers free credit monitoring after data breach
US: Pentagon Suspends Cybersecurity Maturity Model Certification (CMMC) Phase II Requirements for Defense Contractors
US police now armed with Israeli spy vans simulating mobile phone towers
US Sanctions VPN Provider 1VPNS Over Alleged Role in Supporting Hospital Ransomware Attacks
US sanctions VPN, malware providers for enabling ransomware attacks
US Treasury sanctions First VPN Service, others for abetting ransomware gangs
US Treasury sanctions VPN and cryptor operators linked to ransomware
US Treasury Sanctions VPN Provider Linked to Ransomware
US unseals indictment against alleged operators of Russian bulletproof hosting service
What the Transport for London Data Breach Reveals About Cyber Risk
Woman charged in $68,000 phishing scam against Southern Door Schools
World Cup scams are a glimpse of the cybersecurity future
World War 3 (WW3) warning as Britons will be told to stockpile food ready for Russian cyber attack
Your phishing defense was built for 2016, but attackers are operating in 2026
13th July
65% of Organisations Think a Serious Cyber Attack Could Threaten their Survival
99.9% of fixable AI vulnerabilities remain unpatched
A ransomware negotiator who colluded with attackers to scam victims was sentenced to 70 months in prison
A zeroed signature let a hacker drain nine million dollars from Hedera's biggest lender
After years on the run, alleged Ryuk ransomware operator pleads guilty
Agentic Ransomware Is Real and Getting Cheaper: What Comes After JadePuffer
AI & Service Management Company, Serviceaide Inc, Agrees to Pay $1.8 Million For Data Breach of 400,000 Health Patients’ Information
AI Phishing Surge Forces New Zealand Casinos to Fight Back
ApolloMD agrees to multi-million-dollar settlement over 2025 data breach
Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Australian Cyber Agency Warns of Global CMS Exploitation Campaign
California: State can’t seek damages from 23andMe successor over data breach
California Gay & Lesbian Services Center Data Breach Affects 75,500 Individuals
Cambodian Voice Phishing Ringleader Sentenced to 14 Years for $44.3 Billion Fraud
Carle Health Data Breach Exposes Sensitive PHI and PII
Centers Laboratory Data Breach Affects 540,000 Individuals
Centers Laboratory New Jersey discloses data breach incident impacting 542,000 people
CISA Warns of Actively Exploited Joomla Zero-Day Vulnerabilities
CISA warns of actively exploited RCE flaws in Joomla extensions
Columbia Orthopaedic Group Data Breach Exposes PHI
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cyber Attack at Mount Royal University Disrupts Operations, Cybercrime Gang Demands $1.9 Million Ransom
Cyber incidents - a 'litmus test' of a company’s management capability
Cybersecurity gaps leave small businesses vulnerable
Dark Web Profile: Krybit Ransomware
Data Breach at Aflac Japan Impacts 4.38 Million Customers and Sales Agents
Data breach at Lidl: online store customer data stolen
Difficult to detect: Phishing campaign uses Microsoft infrastructure
Doing Its Job: Large Majority of Cyber Losses Covered by Insurance, Says Willis
Estée Lauder Data Breach Exposes Health Information and SSNs
EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe
EU imposes new sanctions against Russian cyber espionage
EU sanctions Russian GRU military hackers over cyberattacks
European Parliament Revives Controversial Chat Scanning Law
Evilginx: Three phishing operations revealed by mistake
Ex-ransomware negotiator gets 70 months for betraying clients to hackers
Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens
Fake Bank Apps Let Scammers Control Android Phones in Southeast Asia
Fake OAuth client IDs are helping attackers slip past sign-in logs
Fake ‘Vote for Me’ links on X target users in new phishing campaign
Feds Slam Ransomware Supply Chain: US And Allies Cut Off Cybercriminals’ Digital Lifelines
Fiji: Phishing attack surge
Finland: Police issue wanted notice for Vastaamo hacker Aleksanteri Kivimäki
Finland: Vastaamo hacker wanted after appeal rejected
Foreign National Admits Guilt in $15,000,000 Bitcoin Ransomware Attacks on U.S. Firms
Forg365 Phishing-as-a-Service (PhaaS) Targets Microsoft 365 with Device Code and Adversary-in-the-Middle (AitM) Session Theft
GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges
Hackers backdoor Jscrambler npm package with infostealer malware
Hackers blackmail Bosch as secret engineering files surface on the dark web
Hackers breach Lidl’s IT service provider, steal customer data
Healthcare ransomware attacks rose 14% in first half of 2026
Healthcare Services Group Agrees to $3 Million Settlement Over 2024 Data Breach
Hong Kong: Securities and Futures Commission (SFC) Mandates Phishing-Resistant Authentication Methods for Internet Brokers and Virtual Asset Trading Platforms (VATPs) to Protect Client Accounts
How small businesses get hacked through employees
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
India: Government Confirms No Critical Data Loss In Tata Electronics Cyber Attack, Vows Continued Vigilance Amid Rising Digital Threats
India: Government examining alleged Tata Electronics data breach
Is that QR code a trap? How to spot quishing scams before it's too late
It’s a First: An AI Agent Carries Out a Ransomware Attack on AI App Builder
Japan's largest taxi operator shuts systems after cyberattack
Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials
Lake Region Healthcare Alerts Patients of Data Breach
Law Firms Launch Investigations Into Frontier Airlines Following Data Breach Tied to Ransomware Group
Lawyers Investigate Frontier Airlines Over Data Breach That May Have Exposed ‘Sensitive’ Personal Information
LIA Insurance Data Breach Exposes Financial Account Info
Lidl Confirms Data Breach at Third-Party IT Provider
Lidl customers across Europe hit in suspected data breach - here's what we know
Lidl customers' bank details at risk after third-party security failure
Lidl discloses online shop breach after service provider hack
Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach
Lidl reports data breach affecting online customers in Germany, Belgium, and the Netherlands
Lidl Warns of Phishing Risk After Customer Data Theft
Los Angeles Police Department (LAPD) lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy
Marlboro-Chesterfield Pathology Agrees to Settle Lawsuit Over 2025 Ransomware Attack
Meridian Health Plan of Illinois Data Breach Affects 21,027
Meta Removes Muse Image Instagram Feature After Consent Backlash
Microsoft Patches Zero-Day RoguePlanet Defender Flaw that Allows SYSTEM-Level Access
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
Nearly 12,000 military Tricare beneficiaries warned of data breach
New CrashStealer malware poses as Apple crash reporting tool
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
New ransomware leader emerges as global cyberattacks rise in June 2026
Nigeria: Zenith Bank, Others To Be Arraigned Over Alleged Data Breach
Nihon Kotsu Confirms Malware Infection, Taxi Dispatch Systems Disrupted
Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
Office of Foreign Assets Control (OFAC) Sanctions FirstVPN and Ransomware Enablers Behind Attacks on Americans
One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers
Open Directory Exposes Three Evilginx Phishing Operators
Pakistan: International Hacker accused of stealing 5 Million Bank Records arrested in Karachi
Pakistan: Karachi hacker arrested for alleged theft of millions of foreign citizens’ financial data
Pakistan: National Cyber Crime Investigation Agency (NCCIA) Busts International Hacker in Major Data Breach Case
Pakistani Police Systems Hit by Chinese and Indian Espionage
PennyMac Data Breach Affects 3k Individuals: PHI Exposed
Progress Software Warns of "External Security Threat" to ShareFile
Progress warns ShareFile Users: shut down on-premises servers immediately
Prolific hacker 2019 selling alleged HotToner Australia customer data online
Public Key Infrastructure (PKI) Under Pressure: AI, PQC and Shorter Lifecycles Drive New Security Challenges
Ransomware ecosystem grows, but ‘four-headed monster’ dominates
Ransomware Groups Change Identities to Evade Cybercops
Ransomware negotiator jailed for 70 months after he just helped infect victims with malware
Ransomware negotiator who betrayed clients sentenced to 70 months in prison
Ransomware Targets 2.74% Of Malaysian Firms In 1Q26
RokRAT Malware Hides Behind Academic Event PDFs and Cloud Storage Links
Russia's FSB blamed for Poland grid attack as UK and EU impose first joint cyber sanctions
Russian celebrity journalist Ksenia Sobchak says hackers accessed Telegram channels via email breach
Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Ryuk ransomware operator pleads guilty in $15 Million bitcoin extortion
Samsung Health users who refuse AI training get their data deleted
Security Leaders Discuss Exposure of 24 Billion Credentials
Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
ShinyHunters' PeopleSoft Zero-Day Rampage: 100+ Organizations Breached Before Oracle Even Published an Advisory
Siggen Backdoor Hits Windows Developers Via Infected Visual Studio Projects
Social Media Users Warned Against Phishing Campaign on X
South Korea Military Faces Highest Cyberattack Volume Since 2021
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
St. Paul, Minnesota, Notifies People Affected by 2025 Cyber Attack
Sturdy Health Data Breach Affects 1k Individuals
Supply Chain Attack: jscrambler npm Package Compromised, Targeting Wallets, AI Tools, Cloud Credentials
The Decision Burden Behind SOC Alert Fatigue and How Experts Would Reduce It
The ransomware negotiator who was working for the other side
The Rising Tide of AI-Enabled Social Engineering Scams: What Organizations Need to Know
This one cyber crime group accounted for nearly a fifth of all ransomware attacks in June
TriWest Healthcare Alliance Notifies 11,844 Beneficiaries of Data Breach Affecting Health Information
U.S. sanctions First VPN Service over ransomware support
U.S. Treasury sanctions cybercrime enablers tied to ransomware attacks
UK charges suspects linked to Russian Coms call spoofing platform
UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts
Ukraine: OPORA has been targeted by a coordinated phishing attack. Attackers are attempting to gain access to Gmail accounts via OAuth
United States: Sanctioning Ransomware Enablers In Coordinated International Action
US: Millions of Drivers in 12 States May Have Had Their Driver’s License Info Exposed in a Data Breach - Were You One of Them?
US and allies warn of Russian critical infrastructure attacks
US Imposes Sanctions on Belarusian Man in Ransomware Case
US Treasury Sanctions Malware and Infrastructure Providers Supporting Ransomware Attacks Against Americans
US Treasury sanctions malware providers tied to cyberattacks
Vermont: Funds recovered in recycling-related phishing scam
Vishing Call Becomes Key Lead in Massive Odido Cyberattack
VPN service favored by ransomware groups is sanctioned by US
Why cybercrime is becoming everyone’s problem in Ghana
Why Software Bill of Materials (SBOMs), signing, and provenance still don’t tell you if software is safe
Wildwood Surgical Data Breach Exposes Social Security Numbers
Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims
YKK AP Data Breach Highlights Ongoing Cyber Risks Facing Glass Industry
Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 29th June and 5th July 2026, kindly assisted by our partners.