Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 8th June and 14th June 2026.9th June
10 million Discord users named in data breach report nobody can explain
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs
A giant Instagram phone number database just surfaced. Should you be worried?
AI being used to diversify attacks beyond phishing and email
AI Coding Adoption Hits 97% but Governance Lags Behind
AI strengthens phishing fraudsters by making ‘dodgy’ invoice emails word-perfect
Android Malware MagicAd Delivers Aggressive Ad Flooding Campaign
Anthropic’s Mythos Can Serve Up N-Day Exploits in Minutes or Hours
Anubis group claims a ransomware attack on Singing River Health System
Australian farming group launches investigation following Qilin cyber attack claims
Budget Saudi detects limited customer data breach on app
Check Point says VPN attacks caused by Qilin ransomware group - who had a month's head start on them
Check Point VPN 0-Day Exploited to Deploy Ransomware Attacks
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
Check Point Warning: Actively Exploited VPN Zero-Day Linked to Qilin Ransomware
Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Check Point warns of zero-day flaw targeted by ransomware affiliate
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Critical Check Point zero-day exploited in the wild, Qilin ransomware already at work
Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request
Cyber Governance: The Pressure Point in Ransomware Incidents
Cybercriminals Abuse AI Brand Trust to Launch Sophisticated Credential Harvesting Scams
Cybercriminals Weaponize Banking Apps to Spread NFCShare Malware
Data from 35 Million OkCupid users leaked online, hackers claim everyone’s exposed
Decade-old login opens door to massive 10 Million student data breach
Email and text phishing scams have moved to calendar invites
Expired domains let hacker snoop through debt clients’ emails
Fake Grand Theft Auto 6 (GTA 6) Malware Campaigns Spread Globally Ahead of Launch
French government messaging platform breached through account hijacking
French government messaging service breached in account hijacking attack
Ghost-Sender Flaw Enables Sender Spoofing in Exchange Online
GitHub disables Microsoft repos pushing password-stealing malware
Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize
Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)
Google patches new Chrome zero-day flaw exploited in the wild
Google Releases Patch for Chrome Vulnerability Exploited in the Wild
Hacker claims breach of Australian travel agency FirstClass, 53k customers potentially impacted
Hackers hijack Microsoft packages to steal developer logins
Hackers pose as women seeking romance to spy on Russian soldiers
Hackers steal $1.7 Million worth of condoms after hijacking Walmart shipment - here’s how they did it
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel
Healthcare data fuels underground cybercrime economy
Hidden camera found in ceiling of government building renews UK’s spying fears
How Enterprises are Adapting Governance, Risk and Compliance (GRC) For a More Complex Risk Environment
Indonesian Media Outlet Tempo Targeted by 24.9 Million DDoS Requests
Japan: Improper hard drive disposal triggers major data breach at Hokkaido hospitals
Japan: Massive data breach feared at Kyushu Power as SSD missing
Kuwait and Oman Sign Cybersecurity Pact to Counter Rising Digital Threats
Lansing Community College data breach impacts more than 170K people
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
LiteLLM RCE Vulnerability Exploited in the Wild to Run Commands
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
Maine Government Portal Lists 10 Million Discord Data Breach Notice, But Filing Shows Red Flags
Malware ships with bugs that defenders could use against it
Manzil Data Breach Exposes Social Security Numbers
Marin County, California, warns of phishing scam targeting building permit applicants
Meta AI data breach impacts over 20,000 Instagram users
Meta blasts facial recognition claims, then deletes the code from its app
Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts
Meta Moves to Hold NSO Group in Contempt Over New WhatsApp Phishing Campaign
Meta to Use Off-Site Business Data for Feed and AI Personalization
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft shuts down its open source projects hosted on GitHub as it investigates a data breach
MP staffer’s account sent almost 2,000 phishing emails after suspected hack
New Browser-in-the-Browser Phishing Attack Targets Microsoft 365 Login Credentials
New Browser-in-the-Browser (BitB) Phishing Attack Targets Microsoft 365 Logins
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
New Linux Kernel Vulnerability Enables Root Privilege Escalation
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
New Veeam vulnerability exposes backup servers to RCE attacks
New WhatsApp Phishing Attempts Rekindle High-Profile Spyware Fight
NHS Trust reveals thousands of records were stolen during cyber attack
North Korea-Linked Hackers Infect Developers via GitHub
OEConnection Data Breach: Social Security Numbers Compromised
Operational Technology (OT) Cybersecurity Is Maturing, But Visibility Is Still a Challenge
Oxford University Discloses Data Breach
Oxford University discloses second data breach of 2025 after career services platform compromised
Privacy complaints spike in the Netherlands, driven by data breaches and camera surveillance
Qilin NHS breach tally grows as Essex trust confirms stolen records
Security Debt Rarely Arrives All at Once but its Consequences Often Do
Shai-Hulud Attack Compromises 23 PyPI Packages Targeting MCP Developers
ShinyHunters Secret to Success: Breaking the Trust Barrier
Signal, DuckDuckGo, NordVPN threaten to pull services if Canada passes “surveillance” bill
South Africa: Official suspended as labour department probes job seekers’ data breach
Spyware Alert: WhatsApp thwarts NSO Group-sponsored spear phishing attack
Stolen NHS Patient Data linked to Synnovis Data Breach reportedly appears on Dark Web
Suspicious Assistive Agent Behavior Detected Through Microsoft Entra Agent ID Logs
The security questions around Chinese AI coding models in U.S. software
Ultrahuman data breach compromised users' contact info and health data
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Vulnerabilities Can Be Found in Minutes While Safe Remediation Requires More Than Speed
Wales: Conwy Council's website down as pro-Russia group makes cyber attack claim
Wales: Conwy high school investigates data breach
Wales: School investigating data breach after parent received files on pupils
Weedhack Malware Targets Minecraft Players in Credential Theft Campaign
Wells Fargo Phishing Scam Seeks Banking, Email, and Identity Details
WhatsApp Claims NSO Group-Linked Entity Unsuccessfully Carried Out Fresh Phishing Attacks Against Users
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
WhatsApp Disrupts New NSO Group Spyware Campaign, Files Contempt Order
WhatsApp Disrupts NSO-Linked Pegasus Spyware Campaign
WhatsApp Flags New Spyware-Linked Attacks Targeting Users
Why Jaguar Land Rover’s CISO Enforced In-Person Password Resets Following Cyber-Attack
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
8th June
52% of direct-to-IP threats are missing from intelligence feeds
America's Healthcare Data Breach Problem Has Reached Its Worst Level in History - And Chicago's Hospital Systems Are Among the Most Frequent Targets
BGF Networks Reports Personal Data Breach in CU Convenience Store Delivery Service
CenterWell Data Breach Impacts 9,651 Patients
Check Point links VPN zero-day attacks to Qilin ransomware gang
Chicago-Area High School Closed After Ransomware Attack
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
Cisco Warns of Active Exploitation of Catalyst SD-WAN Flaw With No Patch Available
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Critical UniFi OS bug lets hackers gain root without authentication
Cyber Attack Exposes Vulnerabilities as Hackers Target Kenyan Investment Platform
Cyber-attack targets Gaza aid recipients
Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup
Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams
Did Handala Disrupt Israeli Radar Systems?
Evanston Township High School (ETHS) to reopen Wednesday after ransomware attack forces two-day closure
Even your physical offices aren't safe from hackers - experts warn of Silent Ransom Group breaking into businesses to launch ransomware and extortion campaign
Everything in One Place: Best Practices for Keeping Mobile Devices Secure
Fake Stores and Phishing Campaigns Exploit 2026 FIFA World Cup Hype
Federal Trade Commission (FTC) orders Illuminate Education to improve data security after student data breach
Fintech Holdco Data Breach: Social Security Numbers Exposed
Forget Phishing: This Dangerous Hacker Group Is Physically Walking Into Offices to Steal Data - How the Scheme Works
Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Gogs patches critical zero-day enabling remote code execution
Google Patches 429 Chrome Vulnerabilities in Major Browser Update
Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware
Hackers Exploit 2026 FIFA World Cup With Phishing and Ticket Scams
Hackers Exploit Claude Code MCP to Steal OAuth Credentials
Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts
How Department of Science, Innovation and Technology (DSIT) Protects Thousands of UK Orgs from Cyber Vulnerabilities
Hull school in data breach over new pupils' details
India: Central Board of Secondary Education (CBSE) Re-Evaluation Portal Goes Live After Final Cybersecurity Clearance
India: IIT-Roorkee denies JEE Advanced data breach, calls report 'misleading'
Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?
LinkedIn, Indeed and Upwork Leveraged for Chinese Spying Threat
Massachusetts votes to pass new privacy rights bill that bans sale of precise location data
Meta: NSO Tried Targeting WhatsApp Users Despite Court Order
Meta AI Bug Exposes Over 20,000 Instagram Accounts
Meta AI Support Data Breach Affects Over 20,000 Instagram Accounts
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta claims NSO Group still targets WhatsApp users despite court order
Meta confirms critical vulnerability in account recovery tool exposed over 20K Instagram users
Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks
Meta Says Israeli Spyware Firm Targeted WhatsApp Users in Spear-Phishing Campaign
Microsoft’s open source tools were hacked to steal passwords of AI developers
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
NFCShare Android malware spreads via fake banking app updates on GitHub
NJ Pain Care Specialists Data Breach Exposes PHI and PII
No backdoor shenanigans: Grindr denies data breach claims
North Korean Hackers Use Fake Coding Tasks to Steal Crypto
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
OpenAI Expands ChatGPT Lockdown Mode to Millions of Eligible Users
OpenAI is locking down parts of ChatGPT to reduce data theft risks
OpenAI Unveils ChatGPT Account Security Controls
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Over 20,000 Instagram accounts stolen in Meta AI support hack
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Oxford University discloses data breach after careers platform hack
Password Reset Bug Leaked Instagram Emails and Phone Numbers
pfSense Firewall Compromised in VerdantBamboo Cyberattack Deploying BRICKSTORM
PhishByte warns spear phishing drives payment fraud losses
Prompt Injection Remains Unsolved, OWASP Researcher Warns
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
Qilin ransomware claims hack of major New York/New Jersey Shipping Association
Ransomware Attack Knocks Evanston Township High School (ETHS) Offline, Scraps Summer School In Evanston
Research says Phishing overtakes Dark Web as primary source of stolen Personal Information
Russia upgrades rules for its digital spy system to better track citizens online
Second theft: How scammers use a lost iPhone to steal your identity
Securing the AI-Driven Public Sector: Why Data Governance and Trust Must Come First
ShinyHunters dump 400K BCD Travel customers data online
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites
Sitefinity Vulnerabilities Allow Hackers to Steal Plaintext Credentials
Smart TV Apps Found Converting Samsung and LG Devices Into AI Proxy Nodes
SoFi confirms third-party data breach at Hong Kong subsidiary
South Africa: Cyber Attack Disrupts AVBOB Funeral Services’ Digital Platforms
South Africa: Cyber attack hits funeral services provider AVBOB as systems go offline
South Korea: Police Launch Probe Into CU Convenience Store Parcel Data Breach
South Korea police probe CU parcel data breach, pursue hacker
Strategic Education data breach exposes social security numbers of more than 176,000 people
Summer classes canceled at Evanston Township High School after ransomware attack
Sun Life subsidiary faces lawsuits after mass data breach
Texas Capital Bank data breach puts 91,000 customers' social security numbers at fraud risk
The hacking mastermind behind the 2026 FIFA World Cup
The Hidden Security Risks Behind Popular AI Tools
The New Face of Cybercrime: When the Criminal Isn’t the Hacker
Thousands of Essex NHS patient records taken in cyber attack
Thousands of NHS patient test results stolen in cyber attack
Trinidad and Tobago: New Ministry of Finance (MoF) based phishing scheme in play
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
UNC3753 Targeted US Law Firms in Vishing Extortion Campaign, Possibly Used Physical Access
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
University of Oxford discloses data breach via third-party career platform
Upper Township, New Jersey, Data Breach Exposed Personal Info
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp says NSO targeted users with spearfishing attacks in violation of court order
Whistleblower Accuses IBM, AT&T of Covering Up Breaches
Xsolis Data Breach Exposes Social Security Numbers and Medical Information
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 25th May and 31st May 2026, kindly assisted by our partners.
Welcome to last month's DLR Report, an exclusive presentation of Data-Leaking Ransomware Operator's Global and US Victims that were claimed between 1st May and 31st May 2026.
