Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 6th July and 12th July 2026.7th July
Accenture Data Allegedly Listed for Sale on Hacking Forum, 35GB Source Code Claimed Stolen
AI agent executes first known ransomware attack, but the humans haven’t left the building
An AI Agent Ran a Ransomware Attack Almost Entirely by Itself
Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)
Australia records highest data breach notifications since 2018
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and Privileged Remote Access (PRA)
BeyondTrust Patches Critical Remote Support and Privileged Remote Access Flaws
BeyondTrust warns of critical flaws in remote access software
Canada's Spy Agency Reveals Secret Cyber Strikes on Drug Traffickers, Extremists and Ransomware Networks
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
Delivery drivers losing tens of thousands to phishing scam across Australia
Deutsche Bank data breach fears rise after ransomware group posts “evidence”
Device Code Phishing Abuses Microsoft OAuth 2.0 to Steal Tokens
Dutch spy agencies are training AI with citizens’ data, watchdog warns
EtherRAT Campaign Uses Fake System Administrator Teams Call to Compromise Employees
Fake Interview Phishing Campaign Impersonates Top Brands to Steal Gmail Credentials
FBI and Spanish Police Arrest Alleged Cyber Army of Russia Reborn Member
First AI Ransomware Attack Still Needed Human Oversight
Five Eyes Intelligence warns of rising AI-Powered Cyber Attacks on Businesses and Governments
Gemini Live API Flaw Lets Attackers Inject Code Execution Through Unconstrained Tokens
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Gmail Credential Phishing Campaign Uses Nested Redirects Across Legitimate Platforms
Hackers Exploit Maximum Severity Adobe ColdFusion Flaw
Hackers Use uxtheme.dll Sideloading to Launch Cavern Agent on Compromised Systems
Hacktivists call out Trump by hacking and defacing US Army websites
Institute of Chartered Accountants of India (ICAI) denies data breach, calls hacking claims 'false and malicious'
Institute of Chartered Accountants of India (ICAI) Denies Student Records, Exam Data Breach; Warns Against Rumours
Iran-linked hackers used Israeli IT providers to target government bodies
Japanese Teen Arrested Over Bandai Channel ChatGPT-Assisted Cyberattack, Possibly Exposing up to 1.3 Million Users
Microsoft Edge Use-After-Free Flaw Lets Attackers Execute Code Remotely
New Januscape Linux flaw allows VM escape on Intel, AMD devices
Notorious hacker's arrest sparks backlash over Microsoft’s excessive device tracking
Researchers detect the world's first AI-driven ransomware attack: here’s what you need to know
Researchers Log the First Ransomware Attack Run Entirely by AI Agent
Researchers track down world's first AI agent ransomware attack, here's what you should know
South Korea: Unsolved Fraud Cases Surge 11-Fold Nationwide
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
Teen allegedly used ChatGPT to wipe out 46,000 anime accounts
The ‘first’ AI-run ransomware attack still needed a human: New details emerge
UK cyber pledge draws only a handful of top firms despite ministerial appeal
UK Government Launches Cyber Resilience Pledge, Claiming 60+ Signatories
US cyber agency uses Anthropic's Mythos to hunt for government code flaws
Where Organizations Fall Short with Multi-Factor Authentication (MFA)
Why Bangladesh’s new data protection law may fail to protect your data
Windows Device Identifier Helped FBI Trace and Arrest Alleged Scattered Spider Member
Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
Your Windows PC has a secret ID number, and Microsoft just used one to unmask a hacker
6th July
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
70,000 people affected in Singapore Land Authority (SLA) data breach
A Hacker's Arrest Reveals Microsoft Can Track Users Via a Windows Device ID
A new AI agent can hack systems and deploy ransomware without human intervention
AdaptHealth Data Breach Compromises Patient Personal and Health Info
AI agent carries out ransomware attack independently
AI agent completes full ransomware attack chain
AI Agent Conducts First Fully Autonomous Ransomware Attack
AI agent exploits Langflow in first fully autonomous ransomware attack
AI Agent Pulls Off Full Ransomware Attack Without Human Help, Researchers Say
AI Can Forge Documents in Minutes - “Looks Right” Is No Longer Enough
AI Independently Automated An Entire Ransomware Attack – Should We Be Concerned?
AI-Speed Attacks Are Forcing a Rethink of Incident Response
Attackers Use Password-Protected PDF Lures to Launch Microsoft Device Code Phishing
Australia: Data Breach Alerts Hit Record High in 2025
Australia: Film festival dumps address requirement after hack
Automated AI Phishing Networks Hijack Enterprise Systems Using Match Hype
Azure CLI Password Spray Attack Exposes Microsoft 365 MFA Gap
Bad Epoll Zero-Day Linux Kernel Flaw Lets Unprivileged Users Escalate to Root
Be careful entering one-time codes in Microsoft's login flow, you could be getting phished
Belgium: Police arrest 19-year-old suspected key player of international phishing network
Canada’s spy agency conducted state-authorized cyberattacks against drug traffickers and ransomware gangs
Canadian spy agency reports hacking three criminal groups in 2025
Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year
Centers for Dialysis Care Data Breach Impacts 8k People
ClickFix Scams Abuse Google, Cloudflare Checks to Deliver 7 Malware Families
ClickFix spear-phishing technique tops Q2 malware charts
Credit Acceptance Corp. Data Breach Exposes SSNs
Cyber Insurance Demand Jumps in 2026 as Ransomware Costs Keep Climbing
Cybersecurity Experts Warn: Your Biggest Risk May Be a Vendor, Not a Hacker
Cybersecurity firm says it found 'the first documented case' of AI agentic ransomware
Department of Homeland Security (DHS) Confirms Breach of Homeland Security Information Network
Fake Booking.com travel credit scam targets travelers
Fake IT support calls on Microsoft Teams push EtherRAT malware
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data
Finding focus: Strategic approach to cyber security for small and medium companies
First 'agentic ransomware' run entirely by a large language model discovered
First AI-run ransomware attack highlights emerging cyber threat landscape
First Autonomous AI Ransomware Attack Confirmed by Security Researchers
First Fully Autonomous AI Ransomware Campaign Raises the Stakes for Enterprise Cybersecurity
Gaslight Malware Abuses Prompt Injection to Trick Automated AI Cybersecurity Agents
Gibraltar: Attorney General denies Royal Gibraltar Police (RGP) request to prosecute former Police Commissioner for possible data breach
Go-Based Gentlemen Ransomware Uses PsExec, WMIC, and PowerShell Remoting for Network Propagation
Hackers Use Fake World Cup Reward Pages to Capture Names, Addresses, PAN, CVV, and Expiry Data
Hackers Use Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts
Henry Rossi Data Breach Exposes Social Security Numbers
Hong Kong: Two investors lost over $550k in fake Futu Securities phishing attack
How to prioritize AI agent security by business impact
INC Ransom Adds City of Acworth, Georgia, and City of Oak Park, Michigan, to Dark Web Leak Site
Indirect Prompt Injection Attacks Hide Malicious Instructions in Websites to Target AI Agents
Indirect Prompt Injection in Web Content Targets AI Agents
Institute of Chartered Accountants of India (ICAI) Dismisses Chartered Accountant (CA) Exam Data Breach Claims, Calls Viral Notice 'False and Malicious'
Institute of Chartered Accountants of India (ICAI) dismisses claims of data breach, says members' and students' records remain secure
Institute of Chartered Accountants of India (ICAI) dismisses viral 'data breach' notice as fake, says records of students and members remain secure
INTERPOL Report Warns of Sharp Rise in AI-Powered Cybercrime Across Asia-Pacific
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
JadePuffer: The First Complete LLM-Driven Ransomware Attack
JADEPUFFER AI Can Break into Servers and Launch Ransomware All on its Own, Researchers Warn
JadePuffer Demonstrates How AI Agents Can Automate Ransomware Attack
JadePuffer seen in the wild: it may be the first fully autonomous ransomware
Japanese teen arrested over cyberattack that disrupted anime streaming service
Kaspersky Details Microsoft Device Code Phishing Attack Using OAuth Flow
KDDI Suffers Massive Data Breach: Up to 12.23 Million Email Addresses, 7.61 Million Passwords Leaked via ISP System Vulnerability
Lake Region Healthcare Data Breach Exposes Social Security Numbers and Health Information
Major medical device manufacturer notifies nearly 4 million of breach
Max severity Adobe ColdFusion flaw now exploited in attacks
Meet JadePuffer: The AI Ransomware That Can Hack Systems Without Human Help
Microsoft Device Code Phishing Attack Steals Tokens Through Legitimate Login Page
Microsoft device telemetry key to unmasking alleged Scattered Spider hacker
ModSecurity Flaws Let Attackers Bypass WAF Rules and Request-Body Inspection
Moody Bible Institute Data Breach Exposes 2.3 Million Email Addresses
Moody Bible Institute data breach exposes 2.3 million individuals
Moody Bible Institute Data Breach Exposes 2.3 Million Users’ Personal Data
National Crime Agency (NCA) Issues Warning to Parents As Shared Child Photos Exploited by AI Tools
New AI agent can hack systems and deploy ransomware without human help
New ClamAV security patch closes seven scanner bugs dating back two decades
New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors
New Java-Based QuimaRAT Malware-as-a-Service (MaaS) Built to Run on Windows, Linux, and macOS
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Nissan data breach in Oracle PeopleSoft attack offers cybersecurity lessons
'No hacker needed': New AI ransomware can automate database attacks from start to finish, warns cybersecurity firm
NTN Bearing Data Breach Compromises Information of Individuals in U.S.
OAuth, guest accounts, and weak MFA drive SaaS risk
One of Windows' most hated features just helped catch a 19-year-old hacker
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
Opera GX Flaw Let Sites Auto-Install Mods to Steal Data
Opera GX Universal CSS Injection Flaw Enabled Zero-Click XSLeak Attacks
Ousaban Banking Trojan Uses Daily-Changing DDNS Domains to Hide C2 Infrastructure
Pennington County, South Dakota, Closes Public Offices July 6 After Cybersecurity Incident Ahead of July 28 Runoff Election
Personal details of about 70,000 people exposed in Singapore Land Authority (SLA) cloud security incident, investigations ongoing
Phishing Campaigns Now Adapt to Victims’ Devices, Raising the Stakes for Enterprise Security
Phishing poses as big-brand job interview to steal Google accounts
Ransomware Campaign Uses Fake Interpol Notices to Target Small Businesses
Ransomware without borders: Why cyber resilience has become a global business imperative
RedLine C2 Pivot Reveals Seven Fraudulent Domains Used in Maritime Phishing Attacks
Renting The Exploits: How Fraud-As-A-Service Platforms Turned Digital Crime Into A Subscription Business
Researchers Claim First Fully Agentic Ransomware: JadePuffer
Researchers Discover First Documented Case of Agentic Ransomware
Researchers Uncover First Fully Agentic AI Ransomware Attack
Russian hackers expose UK government logins in FortiBleed credential breach
Securing the inbox: Where identity, brand and security meet
Seven FatFs Vulnerabilities Exposing Embedded Devices to Code Execution
SilverFox ValleyRAT Campaign Uses Eight-Stage Chain to Deploy Kernel Rootkit
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Software Is Now Written at the Speed of Thought. Security Isn't
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
Sysdig clocks first documented case of agentic ransomware
T.A. Solberg Data Breach Exposes Social Security Numbers and Health Information
Teenage Hacker Arrested After Using ChatGPT To Crash Major Streaming Network
The Biggest Cybersecurity Mistake Many Small Businesses Don't Realise They're Making
The Canvas Breach: Lessons for SaaS Security Governance
The ‘first’ AI-run ransomware attack still needed a human
The first known ‘agentic ransomware’ has arrived
The future of payment fraud could be automated
The Gentlemen Ransomware Uses 21 Remote Execution Techniques to Encrypt Entire Networks
The Gentlemen Ransomware-as-a-Service (RaaS) Turns Infected Hosts Into SMB Distribution Points for Rapid Spread
The operational challenge: What the Mackay Sugar cyber attack reveals about Australia’s cyber readiness
The Two-Minute Exploit: How AI Closed the Skills Gap for App Attackers
This AI agent autonomously hacked a network, adapted on the fly, and demanded a ransom
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Types of Cyberattacks: The Complete 2026 Guide to Threats and Defenses
UK Foreign Office logins stolen in Fortibleed cyberattack, sold on dark web
UK Government Credentials Reportedly Stolen in FortiBleed Campaign Targeting Fortinet Devices
Ukrainian media outlets now among 'priority targets' for Russian hackers
US law firm Blank Rome faces class action over data breach
Vect and TeamPCP Cybercrime Groups Link for Ransomware Hits
Veeam Backup RCE Flaw Lets Low-Privileged Domain Users Gain SYSTEM Access
What Is BYOD? 9 Security Risks Businesses Are Racing to Fix in 2026
When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
Why Ransomware, Identity Theft Top Nigeria’s Growing Digital Threats
Windows 11’s User Tracking Helped FBI Arrest Notorious Spider Hacker
Women's Wellness of Southern Delaware discloses data breach tied to former provider
World's First AI Agent Ransomware Attack Comes to Light: Automated Crime Chain Without Human Intervention
Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 22nd June and 28th June 2026, kindly assisted by our partners.