Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.



Thursday, 16 July 2026

Ransomware Operator Claims - Week 28 2026

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 6th July and 12th July 2026, kindly assisted by our partners.

DBD discovered and researched 164 Ransomware Victims over 41 Countries and Islands claimed by 35 Data-Leaking Ransomware Operators, including 2 Newly Discovered Ransomware Operators last week.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Download PDF



Data Source: Data Breaches Digest. Flag Icons created by Freepik and provided by Flaticon.


Monday, 13 July 2026

Data Breaches Digest - Week 29 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th July and 19th July 2026.


16th July

23andMe to pay $18 million in new genetics data breach settlement

AI Can Find Bugs, But Human Knowledge Still Proves Them

Attackers keep using GitHub to distribute malware

Australia: Bassendean food supplier caught up in cyber attack

Australia: Cardiff GP Clinic affected by cyber attack

Australia: Information of patients hacked in breach that hit medical company's clinics

Australia: Patient health records exposed in Noosaville data breach

Australian GP network hit in data breach

Australian patients’ medical records could be sold on dark web after clinics’ data breach

Campers exposed in Secureholiday data breach defrauded, thousands of dollars lost

Cayman Islands a top target for phishing scams

CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance

CISA orders feds to patch actively exploited Oracle flaw by Saturday

ClaudeFix Campaign Abuses Shared Claude Chats to Deliver MacSync Stealer

Companies keep getting breached by vulnerabilities they already knew about

Critical NGINX vulnerability discovered: hackers can attempt to crash servers or even gain code execution

Critical Zoom for Windows vulnerability allows hackers to hijack accounts without a password

Cyberattack on Japan's largest cold-chain operator disrupts KFC, supermarket supplies

Data breach reportedly targets India’s Kudankulam nuclear power plant

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

Department of Justice (DOJ) Charges Russians Who Ran Hosting Infrastructure for LockBit, Cl0p, Play

Dutch Police Arrest Key Suspect in €100 Million Global Crypto Investment Scam

Electronic Frontier Foundation (EFF) warns that feds can snoop on your smartwatch data, and vendors won’t share where and when

Files relating to India’s largest nuclear power plant exposed in data breach

Files relating to India’s largest nuclear power plant Kudankulam exposed in data breach

Finance phishing works because it sounds boringly normal

Fraudulent Ads Generate 304 Million Impressions Across Europe in Under One Month

Google Sues Chinese AI “Phishing Phactory”

Hacker Abused Google Gemini CLI to Run Botnet, Automate C2 Migration and Support Cyber Operations

Hackers who livestreamed £29 million Transport for London cyber attack jailed

How ‘text salting’ confuses AI-powered email defenses

India: Data breach at Kudankulam plant rings alarm bells on cybersecurity of critical infrastructure

India: Kudankulam Nuclear Power Plant Files Exposed In Data Breach

India nuclear power plant data breach exposes blueprints and supplier files

Industrial-Scale Cyber Fraud Expands in the Philippines; Phishing Websites Surge 423%

‘Keys to the kingdom’: hackers who gained access to heart of London transport network jailed

Kratos Phishing-as-a-Service (PhaaS) Attacking Microsoft 365 Users Across the US, Europe to Steal Credentials

Kratos Uses Cloudflare Turnstile, Obfuscated Login Pages, and PHP Endpoints to Exfiltrate Credentials

MacOS users, beware: newly discovered stealthy stealer requires no exploits

Modular macOS Stealer Uses Kill Loops to Force Password Entry

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

New IoT Botnet Uses 1,496 Default Passwords and Seven Persistence Mechanisms

New Spirals ransomware encrypts victim network in under 24 hours

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Nichirei Cyberattack Hits KFC Japan, Disrupts Frozen Food Supply

Notorious Israeli hacker suspected in massive investment fraud

Nuclear Power Corporation of India Limited (NPCIL) Clarifies Kudankulam Plant Data Breach Reports, Says 'Core Nuclear Systems Untouched'

Nuclear Power Corporation of India Limited (NPCIL) cyber attack explained: What was leaked in the Kudankulam data breach?

OkoBot Malware Uses ClickFix, Hidden Browser Extensions to Steal Crypto Data

Partnered Health: Delay in cyber attack notification ‘not acceptable’

Partnered Health confirms dozens of clinics potentially compromised by cyber attack

Phishing Campaign Hides Lua Loader as TrueType Font File

Phishing Scheme Targets Massachusetts Homeowners With Fake Zoning Fee Demands

Police take down investment fraud network that stole €100 million a month

Qantas Did Everything “Right” - And Got Breached Anyway. Regulators Say That’s the Point

Ransom demands are down, email is the top way attackers get in

Ransomware attacks more likely to start with stolen identity than software flaw

Ransomware attacks on healthcare jump 14%

Ransomware Breach Exposes India's Nuclear Plant Data: A Security Catastrophe in Waiting

Ransomware Group Leaks 19,000 Kudankulam Files From Reliance Server, Nuclear Power Corporation of India Limited (NPCIL) Denies 'Sensitive' Breach

Ransomware group leaks data stolen from India’s largest nuclear plant

Ransomware Uses AI To Amp Up Negotiations

Reading between the lines of a cyber insurance policy

Reliance and Kudankulam Nuclear Power Plant data breach: What we found on the dark web

Romania’s land registry hit by cyber attack, data allegedly for sale

Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

RustDuck Malware Makes Case for Security-By-Design

Sandworm hackers have a CAPTCHA trick for Ukrainians

SANS Warns of AI Governance Gap as Use by Security Teams Surges

Scattered Spider hackers sentenced to 5.5 years over £29 million Transport for London hack

Scattered Spider members behind Transport for London (TfL) hack get five years in prison

Scattered Spider members jailed over Transport for London hack that cost £29 million

"Selfish Bravado" Behind Transport for London (TfL) Cyber-Attack, Judge Says as Pair Jailed

Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain, Researchers Claim

Stealthy Daxin Malware Hijacks Legitimate TCP Connections to Evade C2 Detection

Teen hackers who live streamed cyber-attack on Transport for London (TfL) jailed

Tech support scam caused massive data breach at Australian airline Qantas

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

US Launches Gold Eagle to Coordinate AI-Driven Vulnerability Management

Vision Care Providers Settle Data Breach Class Actions

What the World Food Programme (WFP) cyber-attack has in common with visa scandals

You Can’t Secure a Ship Like a Laptop

Young hackers jailed for devastating £39million TfL cyber attack

Zoom Patches Critical Windows Flaw That Could Enable Account Takeover

15th July

23andMe reaches $18 million settlement with states for massive breach

74% of Organizations Remediate Vulnerabilities Within a Week

858,000 Files and Confidential Blueprints: Inside Data Breach at India's Largest Nuclear Plant in Tamil Nadu's Kudankulam

AI used to help plan the break-in, now it’s doing the break-in

AI-driven bug hunting fuels record Microsoft Patch Tuesday

AI-Powered Phishing Kits Fuel 1,380% Surge in Attacks Targeting Microsoft 365

Amazon Web Services (AWS) retools Security Hub for AI and multicloud threats

Americans are ignoring scam calls, but phishing emails still fool many

An AI overthinking attack can tie a robot up for over a minute

Apple Warns Millions of iPhone Users: FaceTime Scams Are Spreading

AsyncAPI npm packages infected with credential-stealing malware

Australia: Medical records and personal details stolen in GP network cyber attack

Australia: Tax and superannuation data allegedly stolen in data breach

Australia-India Partnership on Cyber, Critical Technologies and Supply Chains (PACTS) to Deepen Cybersecurity and Tech Collaboration

Britons told to stockpile food and water in case of Russian cyberattack

CISA Adds SonicWall SMA1000 Vulnerabilities to KEV Catalog Following Active Exploitation

CISA warns admins to patch actively exploited SharePoint flaws

ClickFix is changing the economics of social engineering

CMMC Assessment Pause Leaves Defense Contractors Facing a New Risk

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks

Critical Data For India’s Largest Nuclear Plant Exposed In Massive Breach

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Cyber insurance now covers more than 95% of data breach losses

Data Breach At India's Biggest Nuclear Plant: 19,000 Files Exposed On Dark Web, Anil Ambani’s Reliance Group Confirms 'Leak'

Data Breach Exposes Files Linked to India’s Largest Kudankulam Nuclear Power Plant

Dutch police bust investment fraud ring stealing over €100 million

Dutch police dismantle global crypto investment scam, arrest alleged mastermind

Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass

Engineering The Internet For Resilience

EtherHiding Attack Hides ClickFix Payload Infrastructure Inside Polygon Blockchain

EU sanctions Trickbot boss ‘Stern’ over $300 Million in ransomware payments

Everything we know as Walsall hacker faces jail over Transport for London cyber attack

FaceTime Scams Impersonate Apple Support and Banks to Steal Account Credentials

Fake NVIDIA Software Distributes New LabubaRAT Malware to Hijack Windows PCs

FBI warns Kali365 phishing platform is targeting Microsoft 365 users; Floridians report $12 million in losses

Files Linked to India’s Largest Nuclear Plant Exposed in Data Breach

Files relating to India’s largest nuclear power plant Kudankulam exposed in data breach

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

First VPN administrators sanctioned by US Treasury over ransomware attacks

Fortinet Patches FortiOS Authentication Bypass and FortiSandbox Command Injection Flaws

FreeRDP 3.29.0 security update resolves 22 advisories

Google Gemini CLI abused as a hacking agent, malware botnet operator

Goose Creek data breach exposes 6.6 million customer records

Government Updates UK’s National Risk Register with Cyber Warnings

Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access

Hackers breach TRICARE West, exposing health data of thousands of US military beneficiaries

Hackers data breach patient records from one of Australia’s Largest Healthcare Providers

Hackers leak data from India’s largest nuclear plant

Healthcare ransomware attacks surge 14% amid growing cyberthreats

How Bangladesh can stop the next data breach

Identity Attacks Overtake Exploits as Top Ransomware Cause

Identity Is Now The Leading Ransomware Entry Point

India: Files relating to Kudankulam nuclear power plant exposed in data breach

India: Files relating to Kudankulam nuclear power plant exposed in ransomware data breach

India: Kudankulam nuclear power plant documents exposed in ransomware data breach

India: Kudankulam nuclear power plant’s files exposed in data breach

India: Ransomware Group Reportedly Leaks Kudankulam Nuclear Plant Blueprints

India: Reliance confirms partial data breach after hackers claim Kudankulam nuclear plant files leaked

India's biggest nuclear plant blueprints posted online after contractor refuses ransom

India’s largest nuclear power plant hit by data breach, files exposed

India’s Largest Nuclear Plant Hit by Major Data Leak on the Dark Web

India's largest nuclear plant suffers data breach, blueprints of facility leaked on dark web

India’s nuclear security under scrutiny after data breach

Iowa joins multi-state settlement over 23andMe data breach after company’s bankruptcy

Iran Exploited SS7 Mobile Network Flaws to Track US Troops, Coinciding With Strikes on US Forces

Is this the last of FirstVPN? Law Enforcement Targets Infrastructure’s Role in Cybercrime

Jalisco and OmegaLord Phishing Kits Target Microsoft 365 With MFA Bypass

Jalisco, OmegaLord Phishing Kits Target Microsoft 365 Accounts

LabubaRAT malware infiltrates Windows systems while posing as NVIDIA software

LastPass and Bitwarden Users Targeted by Phishing Campaign

Law firm WilmerHale sued in class action after data breach

Lidl Warns Customers Over Third-party Data Breach

Loan scam phishing surges in South Korea as attackers favor messengers

Los Angeles Police Department (LAPD) sidelines relationship with license-plate reader company Flock Safety

Louisiana to get $258,668 in 23andMe data breach settlement

Loyalist College: Cyber attack confirmed

Major Cyber Attack Targets Network of GP Practices and Skin Cancer Clinics, Stolen Medical Records Confirmed

Major German bank says a third party may have been hit following claims of ransomware attack

Massive data breach at India's largest nuclear plant: Kudankulam blueprints, supplier details among 19,000 leaked files on dark web

Microsoft Fixes Record 570 Security Flaws in Biggest Patch Tuesday Ever

Microsoft July Patch Tuesday Fixes Record 570 Vulnerabilities and Three Exploited Zero-Days

Microsoft Patches 570 CVEs in Record Patch Tuesday

Microsoft patches record 570 Windows security bugs with two exploited zero days - update now

Microsoft patches record number of security vulnerabilities, citing its use of AI

Microsoft smashes Patch Tuesday record for second successive month

Microsoft Urges Windows 11 Users to Install Updates Within Three Days

Microsoft's largest Patch Tuesday ever: 570 flaws, Kerberos encryption overhaul

Microsoft’s Largest Patch Tuesday Fixes 622 Vulnerabilities, Two Under Active Attack

Minnesota Included in Major 23andMe Data-Breach Settlement

Multistate settlement reached with 23andMe for 2023 data breach

New 'Jalisco' and 'OmegaLord' Phishing Kits Advance Attack Methods, Can Bypass Microsoft 365 MFA

New Jersey to receive nearly $410K in 23andMe genetic data breach settlement

New Mac malware masquerades as Apple's crash reporter: 3 ways to dodge the threat

New phishing campaign hits LastPass, Bitwarden users - password manager customers warned not to fall for this scam

Nightmare Eclipse drops 9th Windows security issue amid ongoing personal vendetta against Microsoft

North Carolina to receive $666K in 23andMe settlement over 2023 data breach

Notepad++ Security Update Patches Buffer Overflow and Updater Code Execution Flaws

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

Pakistan’s National CERT warns organizations over Fortinet firewall cyber intrusion campaign

Partnered Health cyber attack exposes patient medical records across clinic network

Partnered Health Data Breach Exposes Patient Records at Family Clinics

Partnered Health hack: Major health network hit in cyber attack, impacted centres named

Partnered Health hit by major cyber attack, impacted centres named

Patient records stolen in cyber-attack on Australian healthcare provider

Pennsylvania Receiving Nearly $492,000 in 23andMe National Data Breach Deal

Phishing Campaign Abuses eCards to Deploy RMM Tools

Phishing toolkits target Microsoft 365 MFA in surge

Physicians Primary Care of Southwest Florida Agrees to Data Breach Settlement

Progress Restores ShareFile Storage Zones Access After Vulnerability Exploit Concerns

PromptFiction Flaw Auto-Submitted Hidden Prompts in Claude Desktop

Protecting Manufacturers from 'Kiss of Death' Ransomware Threats

Proton VPN in its Transparency Report Says It Has Rejected All 458 Swiss Court-Approved Data Requests Since 2017

Ransomware attacks rose 20% in the first half of 2026

Ransomware Breach: Reliance's Nuclear Files Exposed

Ransomware gang posts 19,000 files allegedly linked to India's largest nuclear plant in Tamil Nadu

Ransomware group claims breach of chip design firm Synopsys, alleges access to Bosch data

Ransomware Group Claims Leak Of Files Linked To India's Largest Nuclear Plant, Kudankulam

Ransomware Hackers Dump Kudankulam Nuclear Plant Blueprints Online After Reliance Group Server Breach

Ransomware Storm: Reliance Group Data Breach at India's Largest Nuclear Plant

Researcher Drops New Windows Zero-Day Proof-of-Concept (PoC) Hours After Microsoft Patch Tuesday

Russian Hackers Are Turning Doorbell and Security Cameras Into Spy Tools to Track NATO Military Logistics, Dutch Intelligence Warns

Secure Access Service Edge (SASE) Has An AI Blind Spot. Inspecting Packets Is No Longer Enough

'Serious risk' to India's largest nuclear plant after sensitive files leaked on dark web

Singapore data breach highlights supply chain vulnerability as IBM-managed test system leaks sensitive records

Singapore SMB ransomware rate rises despite regional low

South Korea: Loan Phishing Texts Surge 162% in Q2

Spanish police dismantle €140 million cybercrime network

Suspected Chinese Hackers Use Claude Code and DeepSeek to Breach Government Systems in Three Countries

Synopsys denies data breach allegations

Sysdig Details First Fully Agentic AI Ransomware Operation JadePuffer

Teen hackers to be sentenced for massive Transport for London (TfL) cyber attack

The Agentic Insider: Why AI Tech Stacks Are the Ultimate Insider Threat

The Managed Detection and Response (MDR) renewal question: What changes when AI can handle the alerts

The State of Ransomware 2026: Payments are dropping but encryption is climbing

Threat actor impersonated hundreds of brands on GitHub to push infostealer malware

Three Russians charged with attacks on US infrastructure - $62 million in losses

Three Russians Indicted in $62 Million Cybercrime Scheme Targeting U.S. Infrastructure

Trump administration unveils AI-supported clearinghouse for cyber vulnerabilities

Trump's new AI-powered Gold Eagle will find cyber flaws at unprecedented pace - but can defenders keep up?

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

U.S. Cracks Down on Russian Ransomware Trio

U.S. Hits Ransomware Supply Chain With New Sanctions

U.S. sanctions VPN provider and cryptor seller for aiding ransomware gangs

UK: How Walsall 'bedroom hacker with no friends' caused £29 million chaos in online cyber attack

UK Households Told to Stockpile Food, Water and Medicines as Russia Cyber Attack Threat Grows

US charges alleged operators of Russian bulletproof hosting service

US charges Russian ‘bulletproof’ web hosts over cyberattacks that netted $62 Million from cybercrime victims

US Indicts Russian Bulletproof Hosting Provider Media Land and Three Operators

US sanctions First VPN and its administrator for supporting ransomware attacks

US Treasury sanctions a VPN provider and its administrator for the first time

US Treasury Targets VPN Provider That Shielded Ransomware Groups for 12 Years

Vermont, New Hampshire, New York part of multistate settlement over 23andMe data breach

Washington DC: Housing Authority says systems still recovering weeks after cyber attack

Why AI Phishing Gets Four Times More Clicks

Zoom warns of critical account takeover vulnerability

14th July

5 charged in UK investigation into Russian Coms scam platform

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

23andMe customers in dozens of states will get paid after $150M data breach settlement

23andMe settlement: Georgia joins 42-state alliance over data breach

23andMe Settles with 42 States for 2023 Data Breach

140+ Malicious npm Packages Turned Web Proxies for Students Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

8,400 Phishing Domains Targeted Turkish Banks

A Ransomware Sanction Accidentally Took Down Telegram's Domain

A U.S. Sanctions Entry for a Ransomware VPN Appears to Have Accidentally Broken Telegram Links Worldwide

Alleged Russian cybercriminals indicted in Ohio helped conceal ransomware gangs

American Express “Sign-In Alert” phishing email leads to fake multi‑step credential harvesting pages

Apple Accuses Ex-Engineer of Exploiting ‘Rare’ Zero-Day to Steal Trade Secrets for OpenAI

Arizona receives slice of 42-state, $18 Million settlement over 23andMe genetic data breach

Australia: Lifeline confirms data breach

Australian Enterprises At Risk as Anthropic Finds Hackers In Claude Code

Canada: Cyber attack at Loyalist College

China opposes spreading false cybersecurity information for political purposes, Foreign Ministry on US, Paraguay’s claims of so-called ‘hacker threat’ from China

China rejects US-Paraguay ‘hacker threat’ allegation

CISA Shares Lessons Learned from Own Data Breach

CISA Warns 18-Year-Old Cisco IOS Vulnerability Exploited for Arbitrary Command Execution

Clinical Care Resilience Goes Beyond Having the Right Security Tools

Comcast to pay $117.5 million in class-action settlement over 2023 data breach affecting Xfinity customers

“Context bombs” can frustrate AI-driven attacks, researchers found

Cybercriminals Exploit AI Hallucinations To Launch Advanced Phishing Campaigns

Cybercriminals Target Turkish Banks With 8,400 Phishing Domains and 6,600 Scam Ads

Cybersecurity Researchers Identify First Fully Autonomous AI-Driven Ransomware Attack

Data Breach Hits AssuranceAmerica Exposing Personal Information of Nearly 7 Million People

Delaware Reach Settlement in 23andMe Data Breach Case

Delaware settles 23andMe data breach lawsuit, 16K+ residents affected

Department of Justice charges three Russians in $63 Million cybercrime scheme tied to ransomware infrastructure

EU Blacklists Russian Hackers and Firms Over Cyberattacks on Europe and Ukraine

EU sanctions Russian hackers and firms over cyberattacks

EU sanctions Russian surveillance firms behind state-controlled tracking app

EU, UK Attribute Russia Cyberattack to FSB, Announce Sanctions

EU, UK Sanction VKontakte Over FSB-Linked MaxApp Surveillance Tool, Lumma Stealer Operators, GRU Members

Every cybersecurity team needs a hacker mindset

Fiesta Insurance Data Breach Compromises Social Security Numbers

Finland issues wanted notice for hacker behind massive psychotherapy data breach

Five Charged in “Russian Coms” Fraud Platform Case

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forg365: New phishing platform targets Microsoft 365 accounts

Forg365 industrializes Microsoft 365 phishing with AI-generated lures

FortiSandbox Flaw Lets Unauthenticated Attackers Access VNC Server on Scanning VMs

Georgia Medical Firm Paying $4,000,000 In Data Breach Settlement Affecting Thousands

German Foreign Ministry Calls Russian Ambassador Regarding Cyber Attack Operation

Germany Among the Top Three Countries for Ransomware

Giant Telegram user database just hit hacker forums: here's why that's bad news

Global cyber attacks rise 17% as ransomware activity accelerates

Google Follows Microsoft to Remove ModHeader Extension from Store Following Reports of Covert Exfiltration Capability

Hacked DNA: 23andMe Strikes $18 Million Settlement Over Massive Genetic Data Breach

Hackers Abuse Fake OAuth Client IDs to Validate Microsoft Entra Accounts and Passwords

Hackers steal Lidl customer data from external service provider

He negotiated with ransomware gangs - Then joined them. Now he's headed to prison

How Post-Quantum Cryptography is Gaining Adoption

Immutable backup: Why it matters for ransomware recovery

Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says

JADEPUFFER: The emergence of Agentic AI in ransomware operations

Japan's largest taxi company knocked offline by cyberattack as dispatch systems go dark

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LastPass, Bitwarden users targeted with fake security alerts

Lidl Confirms Customer Data Breach at IT Service Provider

Lidl Confirms Data Breach After Third-Party IT Provider Hack

Lidl data breach: Supermarket chain warns customers after third-party 'IT incident' exposes customer information - here's what we know so far

Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands

Lidl Notifies Customers of Third-Party Data Breach

Lifeline Australia confirms staff data compromised following hacking claims

Lucent Health Solutions to Pay Up to 1.95 Million to Settle Data Breach Litigation

Major data breach at Tata Electronics exposes Apple’s confidential files, raising global supply chain security concerns

Match Group Breach: ShinyHunters Claim 10 Million Records

May 2026 Healthcare Data Breach Report

Michigan settles bankruptcy claims against 23andMe over data breach

Microsoft ditches SMS and voice authentication for Entra ID, passkeys rolling out as default

Microsoft Entra ID authentication overhaul to start in September 2026

Microsoft Entra ID gets passkeys default authentication starting September

Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Saw 18.7 Million QR Phishing Attacks in March Alone - Here’s Why Defenders Keep Missing Them

Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns

Minnesota, North Dakota among 42 states in settlement with 23andMe over 2023 genetic data breach

Moody Bible Institute Data Breach: What 2.3 Million Donors Must Do Right Now

Mountain View warns of phishing scam targeting planning project applicants

NATO logistics, Ukrainian troops are top subjects of Russian camera hacks, advisory says

Nearly 300 GitHub repos pose as legit software to push malware

Nearly 12,000 TRICARE Beneficiaries Warned of Data Breach

New Hampshire Attorney General (AG) announces multistate settlement of bankruptcy claims against 23andMe over genetic data breach

New Jersey to Receive $410K in 23andMe data breach

New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter

New macOS malware steals passwords by posing as Apple’s crash-reporting tool

New phishing kits target Microsoft 365 accounts, evade MFA

New Qilin Ransomware Attack Uses DCSync Technique to Abuse AD Replication Protocol

New tutorials on underground hacking forums have roughly doubled

New York: 23andMe hit with $18 million penalty after massive DNA data breach

Nigeria Data Protection Commission (NDPC) Claims It Acts on Every Data Breach Complaint, Yet There’s No Outcome in 3 Major Cases

Nihon Kotsu Cyberattack Disrupts Japan’s Largest Taxi Operator

No-one knows how many old shims can still bypass UEFI Secure Boot

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

Oklahoma: Mystery deepens over data breach of inmate info

Oregon to get half a million in settlement for 23andMe data breach

Pennsylvania and New Jersey each receive over $400,000 in 23andMe settlement

Phishing for dummies: Forg365 lowers barrier to M365 account takeovers

Phishing Toolkits Harvest Entra Tokens in Real Time

Phishing, UPI Scams and Remote Access Fraud on the Rise, Experts Warn

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Vulnerability Exposes OAuth Secrets to Attackers

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Russia slams EU's cyber-attack accusations

Russian hackers are targeting routers to infiltrate critical infrastructure, CISA warns

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP warns of critical flaws in NetWeaver and Commerce Cloud

Scammers Use 8,400 Phishing Domains to Target Turkish Banking Customers

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

South Africa records over 2,000 weekly cyber attacks

South Dakota to receive nearly $150K in 23andMe bankruptcy settlement following 2023 data breach

Spanish Police take down €140 million cyber fraud ring, arrest four

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Surplus Line Association of California Data Breach Exposes SSNs

Suvida Healthcare Data Breach Affects 2,109: Medical Info Exposed

Synopsys denies data breach claims by new ransomware group D1R

Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims

Tennessee to receive $348K in 23andMe data breach settlement

The best defense against AI attacks turns out to be a skeptical human

The inside job that cost ransomware victims millions

The negotiator was the leak: insider who betrayed ransomware victims gets 70 months

Turkish Banks Targeted by 8,400 Phishing Domains and 6,600 Social Media Scam Ads

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Treasury Just Hit Ransomware’s Supply Chain Where It Hurts

U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses

U.S., Allies: Russia Abusing Network Devices to Attack Critical Infrastructure

UK: Public to be told how to prepare for cyber-attack and weather emergencies

UK: Public to be told to stockpile food in case of cyber attack from Russia

UK charges five persons linked to fraud platform behind more than a million scam calls

Uninstall this Chrome extension now: it contains surveillance code

Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm Packages

US: Government healthcare administrator offers free credit monitoring after data breach

US: Pentagon Suspends Cybersecurity Maturity Model Certification (CMMC) Phase II Requirements for Defense Contractors

US police now armed with Israeli spy vans simulating mobile phone towers

US Sanctions VPN Provider 1VPNS Over Alleged Role in Supporting Hospital Ransomware Attacks

US sanctions VPN, malware providers for enabling ransomware attacks

US Treasury sanctions First VPN Service, others for abetting ransomware gangs

US Treasury sanctions VPN and cryptor operators linked to ransomware

US Treasury Sanctions VPN Provider Linked to Ransomware

US unseals indictment against alleged operators of Russian bulletproof hosting service

What the Transport for London Data Breach Reveals About Cyber Risk

Woman charged in $68,000 phishing scam against Southern Door Schools

World Cup scams are a glimpse of the cybersecurity future

World War 3 (WW3) warning as Britons will be told to stockpile food ready for Russian cyber attack

Your phishing defense was built for 2016, but attackers are operating in 2026

13th July

65% of Organisations Think a Serious Cyber Attack Could Threaten their Survival

99.9% of fixable AI vulnerabilities remain unpatched

A ransomware negotiator who colluded with attackers to scam victims was sentenced to 70 months in prison

A zeroed signature let a hacker drain nine million dollars from Hedera's biggest lender

After years on the run, alleged Ryuk ransomware operator pleads guilty

Agentic Ransomware Is Real and Getting Cheaper: What Comes After JadePuffer

AI & Service Management Company, Serviceaide Inc, Agrees to Pay $1.8 Million For Data Breach of 400,000 Health Patients’ Information

AI Phishing Surge Forces New Zealand Casinos to Fight Back

ApolloMD agrees to multi-million-dollar settlement over 2025 data breach

Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory

Australian Cyber Agency Warns of Global CMS Exploitation Campaign

California: State can’t seek damages from 23andMe successor over data breach

California Gay & Lesbian Services Center Data Breach Affects 75,500 Individuals

Cambodian Voice Phishing Ringleader Sentenced to 14 Years for $44.3 Billion Fraud

Carle Health Data Breach Exposes Sensitive PHI and PII

Centers Laboratory Data Breach Affects 540,000 Individuals

Centers Laboratory New Jersey discloses data breach incident impacting 542,000 people

CISA Warns of Actively Exploited Joomla Zero-Day Vulnerabilities

CISA warns of actively exploited RCE flaws in Joomla extensions

Columbia Orthopaedic Group Data Breach Exposes PHI

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cyber Attack at Mount Royal University Disrupts Operations, Cybercrime Gang Demands $1.9 Million Ransom

Cyber incidents - a 'litmus test' of a company’s management capability

Cybersecurity gaps leave small businesses vulnerable

Dark Web Profile: Krybit Ransomware

Data Breach at Aflac Japan Impacts 4.38 Million Customers and Sales Agents

Data breach at Lidl: online store customer data stolen

Difficult to detect: Phishing campaign uses Microsoft infrastructure

Doing Its Job: Large Majority of Cyber Losses Covered by Insurance, Says Willis

Estée Lauder Data Breach Exposes Health Information and SSNs

EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe

EU imposes new sanctions against Russian cyber espionage

EU sanctions Russian GRU military hackers over cyberattacks

European Parliament Revives Controversial Chat Scanning Law

Evilginx: Three phishing operations revealed by mistake

Ex-ransomware negotiator gets 70 months for betraying clients to hackers

Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens

Fake Bank Apps Let Scammers Control Android Phones in Southeast Asia

Fake OAuth client IDs are helping attackers slip past sign-in logs

Fake ‘Vote for Me’ links on X target users in new phishing campaign

Feds Slam Ransomware Supply Chain: US And Allies Cut Off Cybercriminals’ Digital Lifelines

Fiji: Phishing attack surge

Finland: Police issue wanted notice for Vastaamo hacker Aleksanteri Kivimäki

Finland: Vastaamo hacker wanted after appeal rejected

Foreign National Admits Guilt in $15,000,000 Bitcoin Ransomware Attacks on U.S. Firms

Forg365 Phishing-as-a-Service (PhaaS) Targets Microsoft 365 with Device Code and Adversary-in-the-Middle (AitM) Session Theft

GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges

Hackers backdoor Jscrambler npm package with infostealer malware

Hackers blackmail Bosch as secret engineering files surface on the dark web

Hackers breach Lidl’s IT service provider, steal customer data

Healthcare ransomware attacks rose 14% in first half of 2026

Healthcare Services Group Agrees to $3 Million Settlement Over 2024 Data Breach

Hong Kong: Securities and Futures Commission (SFC) Mandates Phishing-Resistant Authentication Methods for Internet Brokers and Virtual Asset Trading Platforms (VATPs) to Protect Client Accounts

How small businesses get hacked through employees

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

India: Government Confirms No Critical Data Loss In Tata Electronics Cyber Attack, Vows Continued Vigilance Amid Rising Digital Threats

India: Government examining alleged Tata Electronics data breach

Is that QR code a trap? How to spot quishing scams before it's too late

It’s a First: An AI Agent Carries Out a Ransomware Attack on AI App Builder

Japan's largest taxi operator shuts systems after cyberattack

Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials

Lake Region Healthcare Alerts Patients of Data Breach

Law Firms Launch Investigations Into Frontier Airlines Following Data Breach Tied to Ransomware Group

Lawyers Investigate Frontier Airlines Over Data Breach That May Have Exposed ‘Sensitive’ Personal Information

LIA Insurance Data Breach Exposes Financial Account Info

Lidl Confirms Data Breach at Third-Party IT Provider

Lidl customers across Europe hit in suspected data breach - here's what we know

Lidl customers' bank details at risk after third-party security failure

Lidl discloses online shop breach after service provider hack

Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach

Lidl reports data breach affecting online customers in Germany, Belgium, and the Netherlands

Lidl Warns of Phishing Risk After Customer Data Theft

Los Angeles Police Department (LAPD) lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy

Marlboro-Chesterfield Pathology Agrees to Settle Lawsuit Over 2025 Ransomware Attack

Meridian Health Plan of Illinois Data Breach Affects 21,027

Meta Removes Muse Image Instagram Feature After Consent Backlash

Microsoft Patches Zero-Day RoguePlanet Defender Flaw that Allows SYSTEM-Level Access

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

Nearly 12,000 military Tricare beneficiaries warned of data breach

New CrashStealer malware poses as Apple crash reporting tool

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

New ransomware leader emerges as global cyberattacks rise in June 2026

Nigeria: Zenith Bank, Others To Be Arraigned Over Alleged Data Breach

Nihon Kotsu Confirms Malware Infection, Taxi Dispatch Systems Disrupted

Novel OAuth Client ID Spoofing Technique Targets Cloud Environments

Office of Foreign Assets Control (OFAC) Sanctions FirstVPN and Ransomware Enablers Behind Attacks on Americans

One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers

Open Directory Exposes Three Evilginx Phishing Operators

Pakistan: International Hacker accused of stealing 5 Million Bank Records arrested in Karachi

Pakistan: Karachi hacker arrested for alleged theft of millions of foreign citizens’ financial data

Pakistan: National Cyber Crime Investigation Agency (NCCIA) Busts International Hacker in Major Data Breach Case

Pakistani Police Systems Hit by Chinese and Indian Espionage

PennyMac Data Breach Affects 3k Individuals: PHI Exposed

Progress Software Warns of "External Security Threat" to ShareFile

Progress warns ShareFile Users: shut down on-premises servers immediately

Prolific hacker 2019 selling alleged HotToner Australia customer data online

Public Key Infrastructure (PKI) Under Pressure: AI, PQC and Shorter Lifecycles Drive New Security Challenges

Ransomware ecosystem grows, but ‘four-headed monster’ dominates

Ransomware Groups Change Identities to Evade Cybercops

Ransomware negotiator jailed for 70 months after he just helped infect victims with malware

Ransomware negotiator who betrayed clients sentenced to 70 months in prison

Ransomware Targets 2.74% Of Malaysian Firms In 1Q26

RokRAT Malware Hides Behind Academic Event PDFs and Cloud Storage Links

Russia's FSB blamed for Poland grid attack as UK and EU impose first joint cyber sanctions

Russian celebrity journalist Ksenia Sobchak says hackers accessed Telegram channels via email breach

Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns

Ryuk ransomware operator pleads guilty in $15 Million bitcoin extortion

Samsung Health users who refuse AI training get their data deleted

Security Leaders Discuss Exposure of 24 Billion Credentials

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers

ShinyHunters' PeopleSoft Zero-Day Rampage: 100+ Organizations Breached Before Oracle Even Published an Advisory

Siggen Backdoor Hits Windows Developers Via Infected Visual Studio Projects

Social Media Users Warned Against Phishing Campaign on X

South Korea Military Faces Highest Cyberattack Volume Since 2021

Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace

St. Paul, Minnesota, Notifies People Affected by 2025 Cyber Attack

Sturdy Health Data Breach Affects 1k Individuals

Supply Chain Attack: jscrambler npm Package Compromised, Targeting Wallets, AI Tools, Cloud Credentials

The Decision Burden Behind SOC Alert Fatigue and How Experts Would Reduce It

The ransomware negotiator who was working for the other side

The Rising Tide of AI-Enabled Social Engineering Scams: What Organizations Need to Know

This one cyber crime group accounted for nearly a fifth of all ransomware attacks in June

TriWest Healthcare Alliance Notifies 11,844 Beneficiaries of Data Breach Affecting Health Information

U.S. sanctions First VPN Service over ransomware support

U.S. Treasury sanctions cybercrime enablers tied to ransomware attacks

UK charges suspects linked to Russian Coms call spoofing platform

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts

Ukraine: OPORA has been targeted by a coordinated phishing attack. Attackers are attempting to gain access to Gmail accounts via OAuth

United States: Sanctioning Ransomware Enablers In Coordinated International Action

US: Millions of Drivers in 12 States May Have Had Their Driver’s License Info Exposed in a Data Breach - Were You One of Them?

US and allies warn of Russian critical infrastructure attacks

US Imposes Sanctions on Belarusian Man in Ransomware Case

US Treasury Sanctions Malware and Infrastructure Providers Supporting Ransomware Attacks Against Americans

US Treasury sanctions malware providers tied to cyberattacks

Vermont: Funds recovered in recycling-related phishing scam

Vishing Call Becomes Key Lead in Massive Odido Cyberattack

VPN service favored by ransomware groups is sanctioned by US

Why cybercrime is becoming everyone’s problem in Ghana

Why Software Bill of Materials (SBOMs), signing, and provenance still don’t tell you if software is safe

Wildwood Surgical Data Breach Exposes Social Security Numbers

Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims

YKK AP Data Breach Highlights Ongoing Cyber Risks Facing Glass Industry