Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.



Thursday, 2 July 2026

Data-Leaking Ransomware Report - June 2026

Welcome to last month's DLR Report, an exclusive presentation of Data-Leaking Ransomware Operator's Global and US Victims that were claimed between 1st June and 30th June 2026.


DBD discovered and researched 791 Global Ransomware Victims over 87 Countries and Islands, including 281 US Ransomware Victims over 41 States and Districts, claimed by 64 Data-Leaking Ransomware Operators in June 2026.

DBD also discovered and researched 5 New Active Ransomware Operators called Black X, Booba Project, DeadLock, REDACT and SETTRA in June 2026.

Download PDF



Data Source: Data Breaches Digest.


Wednesday, 1 July 2026

Ransomware Operator Claims - Week 26 2026

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 22nd June and 28th June 2026, kindly assisted by our partners.

DBD discovered and researched 137 Ransomware Victims over 43 Countries and Islands claimed by 33 Data-Leaking Ransomware Operators, including 3 Newly Discovered Ransomware Operators last week.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Download PDF



Data Source: Data Breaches Digest. Flag Icons created by Freepik and provided by Flaticon.


Monday, 29 June 2026

Data Breaches Digest - Week 27 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th June and 5th July 2026.


2nd July

950 Oracle E-Business Suite Instances Exposed as Critical Flaw Faces Exploitation

2025 major $2.5 Billion Jaguar Land Rover (JLR) cyber attack was conducted by Russian hackers

430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link

A Microsoft Defender flaw is now being linked to ransomware attacks

Aflac Japan data breach affects 4.38 million customers

Agentic Ransomware JADEPUFFER Uses Base64 Python Payloads to Harvest Cloud and API Keys

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

AI Ransomware Abuses Chromium API on Windows and Android

Alleged Scattered Spider hacker arrested in Finland

Alleged Scattered Spider hacker extradited to the United States

Alleged Scattered Spider Hacker Extradited to U.S. for 100+ Network Intrusions

Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges

Alleged Scattered Spider Hacker Extradited to US Over $8 Million Crypto Ransom

Alleged Scattered Spider hacker snared in Finland, extradited to US

Alleged Scattered Spider Member Arrested in Finland, Extradited to U.S.

Alleged Scattered Spider Member Extradited to US

ARToken Phishing Kit Uses Cloudflare Workers and SharePoint Lures to Target Microsoft 365 Users

Billion-Dollar Lender Suffers Data Breach, Warns ‘Unauthorized Threat Actor’ Launched Ransomware Attack

Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos

Browser-Only Ransomware Uses File System Access API to Encrypt Files Without Malware Installation

Busted! Alleged Scattered Spider hacker arrested, extradited to the United States

Capitec tells specific customers to replace bank cards following Pick n Pay data breach

Catching ransomware on the wire before it locks the file server

CISA: Microsoft SharePoint RCE flaw now actively exploited

CISA Warns Actively Exploited Microsoft SharePoint RCE Flaw Requires Urgent Patch

Cisco finally confirms attackers exploiting Unified Communications Manager (Unified CM) flaw

Claude Desktop Hijacked for Remote Code Execution, DeepSeek Generates In-Browser Ransomware

Claude Helped a Hacker Find a Way To Issue Tickets to Almost Every US Music Festival

Cop this! Hackers observed posing as Interpol to deploy ransomware

Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware

Cursor IDE Critical RCE Flaws Let Attackers Overwrite System Files via Prompt Injection

Data Breach Exposes Apple iPhone 18 Pro Information Months Before Launch

DeepSeek-Generated Malware Shows How AI Can Build Browser-Native Ransomware Workflows

Department of Justice (DOJ) Extradites Alleged Scattered Spider Hacker Linked To $100 Million In Crypto Ransom Attacks

Dutch spy agency slammed for almost unlawfully bad handling of citizens’ private data

Dutch university discloses year-long data breach in Microsoft Power BI application

ECBM LP Data Breach Exposes Info of 8k Individuals

EvilTokens-Linked ARToken Panel Exposes 80+ APIs for Microsoft 365 Token Theft

Finland extradites hacker to the US

FortiBleed: Credential Theft Linked to INC and Lynx Ransomware

FortiBleed Campaign Linked to INC and Lynx Ransomware Operations

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

FortiBleed campaign traced to INC and Lynx ransomware operations

FortiBleed Confirmed as Ransomware Pipeline: INC and Lynx Linked to 430,000 Firewalls

FortiBleed Credential Theft Campaign Tied to INC and Lynx Ransomware Attacks

FortiBleed Credential Theft Connected to INC and Lynx Ransomware

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

FortiBleed linked to ransomware groups INC and Lynx

FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations

Foxconn Cyberattack: Nitrogen Steals 8TB, 11 Million Files

German spies could soon move from watching to hacking attackers

Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation

Hacker says Claude AI helped to get VIP tickets to America’s most wanted festivals for free

Hackers are using FIFA World Cup 2026 hype to infect football fans with Voidrift malware

Hackers Hide ChocoPoC Malware in Python Dependencies to Compromise Pentesters

Hackers Use Dropbox URLs and TryCloudflare Tunnels to Deliver AsyncRAT Malware

Hong Kong: Shun Hing Group faces data breach affecting over 920,000 customers, privacy watchdog investigates

How a Hacker Remained Undetected in the Latvian State Forests System for Almost Two Weeks: New Details of the Cyber Attack

India Orders WhatsApp to Freeze Username Feature Rollout Over Fraud Concerns

‘Interpol’ emails spread custom ransomware with decryption key left inside

JADEPUFFER: AI agent executed ransomware via Langflow RCE

JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion

JADEPUFFER Uses MinIO Default Credentials and Nacos Takeover to Breach Production Database

JADEPUFFER, the First Documented Agentic Ransomware Operation

Japan’s Aflac, KDDI, Sapporo, Nidec: Four Breaches, One Common Entry Point

JetBrains Patches Authentication Bypass and Code Execution Attacks in YouTrack and Kotlin

Latvia: Hacker remained undetected in “Latvijas valsts meži” system for several days

LSHIY Password Spray Campaign Targets Microsoft 365 Accounts With 81 Million Login Attempts

Malaysia: Flexi Parking app is now up after “cyber attack”

Medtronic: Notifications for recent data breach have begun

Medtronic Confirms Data Breach - Hackers Gained Access to Corporate IT Systems

Medtronic data breach impacted close to 300,000 healthcare customers

Medtronic notifies customers impacted by ShinyHunters data breach

Medtronic Notifies Customers of Data Breach Claimed by ShinyHunters

Medtronic Notifies Patients of ShinyHunters Data Breach

NATO Contractor Indra Group Hit by Ransomware, Hackers Threaten Data Leak in 9 Days

New ChocoPoC RAT Targets Vulnerability Researchers via Fake Proof-of-Concept (PoC) Exploit Repos

New Chrome Update Fixes 382 Security Bugs Across Desktop, Mobile

Ousaban Banking Trojan Targets Spain and Portugal With Geofenced Phishing Campaign

Over 80% of WordPress sites are out of date, and hackers are noticing

Pakistani Hacker Group Claims Cyberattack on India’s Sun TV Network

Phishing Campaign Uses Fake Invoice PDF to Drop AsyncRAT, VenomRAT, and XWorm

Ransomware attack at Abans Financial Services' overseas entities

Ransomware group leaks iPhone 18 Pro data after breaching Tata Electronics' systems

Ransomware Trends in 2026: What Directors and Officers Need to Know

Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits

Retailers see sharp uptick in ransomware attacks

Sainsbury’s installs more facial recognition tech in stores: Should shoppers be worried?

Scattered Spider Hacker Arrested in Finland and Extradited to U.S. Over Cyber Intrusion Charges

Scattered Spider suspect extradited over $8 million ransom scheme

Scattered Spider teen hacker “Bouquet” extradited to US to face charges

Schools now fair game for cyber criminals as inside ‘moral code’ dissolves

ScreenConnect Malware Campaign Uses SEO Poisoning to Target Freeware Downloads

Security Lessons from the Nidec Ransomware Attack

Serviceaide Pays $1.8 Million to Settle Data Breach Litigation

Several ISPs and Millions of Customers Compromised in KDDI’s Email System Data Breach

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

Suspected Scattered Spider Member Peter Stokes Extradited to the US

Tata Electronics Data Breach Reportedly Exposes 630.4GB of Confidential Apple-Related Internal Data on Dark Web

Texas industrial giant under pressure, with hackers claiming to have stolen entire corporate database

The endpoint recovery gap many teams discover during an incident

The Gentlemen Ransomware targets prominent European NATO Contractor

Threat Actor Uses Steganographic Webshell and Mimikatz After Disabling Endpoint Defenses

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

U.S. House Panel Report Sparks South Korean Regret Over Coupang Data Breach Probe

UK: New national cyber security campaign warns businesses of the increased risk from ransomware

US government says it got hacked - again

ValleyRAT Campaign Uses Fake Installers and Japanese Malicious Emails to Infect Windows Users

Vect and TeamPCP partner for ransomware campaigns

Waited So Long - Two Tickets to Data Breach Litigation

What the AI patch gap means for enterprise security

WhatsApp Username Reservations Go Live – What Are the Security Concerns for 2 Billion Users

When AI Invents the Attack: Browser-Native Ransomware

Yellow Corporation Data Breach Impacts 13k: PHI and PII Exposed

Yorozu Automotive Data Breach Affects 20,627 Individuals: PHI and PII Exposed

1st July

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

219,000 documents exposed: US retirement firm exposes deeply personal financial records

A CISO’s Guide to Robocall Mitigation: Applying MITRE ATT&CK to Voice-Based Threats

A cyber attack on Tata Electronics exposed confidential information about the iPhone 18 Pro and Pro Max, including drop tests and technical specifications

Adobe ColdFusion Critical Flaws Enable Arbitrary Code Execution and File Read Attacks

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

Adobe patches seven max severity ColdFusion, Campaign flaws

Aflac Data Breach: Over 4 Million Customers in Japan May Be at Risk

Aflac discloses data breach at Japan subsidiary after unauthorized access to customer information

AI Cyber Attacks Emerge as Biggest Threat to Indian Banking

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

AI-generated code risks reach security, legal, and compliance teams

Amazon fined $2.25 Million for withholding evidence from fraud victims

Android RAT Glitch SPY Adds Crypto Clipper and Remote Browser for Account Takeover

Anthropic buffa Library Hit by Zero-Day DoS Flaw in Rust Protobuf Decoder

Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls

Anthropic Says U.S. Commerce Lifts Export Controls on Claude Fable 5 and Mythos 5

Anthropic's Fable 5 and Mythos 5 Are Back with New Security Guardrails

Anubis ransomware exploits CitrixBleed 2 and RMM tools

Apache Tomcat Flaws Expose Servers to Authentication Bypass and Authorization Risks

Apple “Hide My Email” leaks email addresses, researcher claims

Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims

Around Half of All UK Businesses Have Experienced a Cyber Attack

Arrest of Iranian Hacker Spotlights Iran’s Movement into Economic Espionage and IP Theft

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

Attackers Register AI-Hallucinated Domains to Deliver Phishing Kits and Malware

Attackers Using Fake Interpol Warning in Ransomware Attacks on SMBs

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81 Million+ Attempts

BioShocking Technique Can Manipulate AI Browsers into Exposing Credentials

Brazilian Banking Trojan Ousaban Targets Spain and Portugal

Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique

BumbleBee and AdaptixC2 Deliver Akira Ransomware via Bing SEO

Cargo thieves target big tech in $1.3 Million data center heist

Citrix NetScaler ADC and Gateway Flaws Expose Appliances to DoS and File Read Attacks

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

Claude Sonnet 5 includes safeguards against dangerous cyber use

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Custom Go Backdoor Lets The Gentlemen Operators Execute Commands and Pivot With SOCKS Proxy

Department of Homeland Security (DHS) confirms hackers breached HSIN info-sharing platform

Disney+ “Your membership is on hold” phishing email leads to fake login and payment pages

EMA Engineering & Consulting Data Breach Exposes SSNs

‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer - and nearly half of firms don’t realize until data is stolen

EvilTokens Campaign Reveals Device Code Phishing Ticks Up 1,380%, Powered by AI

EvilTokens device-code phishing kit totally more evil than we all thought

Fake “Google Notes” Browser Extension Caught Swapping Crypto Wallet Addresses

Fake Interpol Investigation Emails Push Ransomware at Small Businesses Globally

Fake Interpol investigation emails target small businesses with ransomware

Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory

Fluentd Patches Critical RCE, SSRF, DoS, and Sensitive Data Exposure Flaws

Focusing on Vulnerability Prioritization Is Missing the AI-Era Point

FortiBleed credential-theft campaign linked to Lynx ransomware

Google Chrome Update Fixes 382 Security Flaws, Including Critical UAF Vulnerabilities

Hacker Uses Claude to Score Free Tickets to Nearly Every Major Music Festival In the US

Hackers spray passwords at Azure accounts using a legacy login method, and the doors are still open

Hackers target Microsoft 365 accounts with 81 million login attempts

Hackers threaten to leak data from NATO contractor Indra, as company investigates

Hackers Use Vulnerable Windows Drivers to Kill EDR in Ransomware Attacks

Hong Kong: Fake 'support local' food shops lure buyers into phishing scam

How Ransomware syndicates are evolving into Corporate Businesses

Huntress CEO defends threat researcher at the heart of firm's “insider threat” allegations

Insomnia ransomware group announces major data theft from Tennessee pathology lab

Insurance Giant Aflac Discloses Data Breach Impacting Millions

iPhone 18 Pro leaks in data breach ahead of expected launch

Japanese insurer, brewer, manufacturer and telecom disclose cyber breaches

Kubota says hackers had month-long access to network systems

LLM-Driven Analysis Accelerates EDR Evasion and Endpoint Security Reverse Engineering

Major win for Anthropic as US lifts Mythos, Fable export controls

Medtronic notifies impacted patients of data breach tied to April hack

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

Microsoft Accelerates Quantum-Safe Push with New Timeline

Microsoft Teams Adds Smarter Bot Protection to Block Unauthorized Meeting Bots

Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan

Microsoft wants to stop unwanted bots from entering Teams meetings

Model Context Protocol (MCP) Tool Poisoning Hijacks AI Agents to Steal Data

Montana Empire Phishing Kit Abuses AI-Hallucinated Domain to Steal Credentials

Most Defense Industrial Base (DIB) Firms Fear AI-Powered Cyber Attack

Nearly all Kensington and Chelsea Council services restored following cyber attack

Nearly Half of Organizations Lack "Full" Visibility Into Employee AI Usage

New ChocoPoC malware targets researchers via trojanized Proof-of-Concept (PoC) exploits

New phishing-as-a-service platform ARToken offers advanced BEC capabilities

North Los Angeles County Regional Center (NLACRC) Data Breach Compromises Medical Info and More: 298k Impacted

O2 issues warning over new ‘inactive SIM’ phishing scam

O2 Warns Customers About New SIM Expiry Phishing Scam Targeting MyO2 Accounts

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

Over 1 million customers affected in AssuranceAmerica MGA data breach

Over 900 Oracle E-Business instances exposed to ongoing attacks

Patient sues Huntsville Hospital over data breach

"Phantom squatting” uses AI hallucinated domains for cyber attacks

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Phishing in the Balkans: Fake Traffic Fines, Real Losses

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

Proofpoint warns AI is widening email security gaps at India's largest companies

Ransomware is exploiting factory VPNs: Manufacturers should rethink OT remote access governance

Ransomware Operators Abuse Signed Windows Drivers to Disable Security Software

Ransomware-Proof Backup: 7 Strategies for Enterprise IT Teams

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

Russian hackers use phishing to get access to message backups, Dutch spy agencies say

RustDuck Botnet Exploits Telnet, SSH, Android ADB, TP-Link, ZTE, and Jenkins Flaws

Security Breach at Tata Electronics Affects Apple, Tesla, and Other Technology Giants

Sensitive documents on unreleased iPhone 18 leaked after data breach at Tata Electronics

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Silent Swap Crypto Clipper Extension Hijacks Wallet Addresses in Chromium Browsers

Singapore reports decline in phishing cases but warns figures may understate threat

Somebody told DeepSeek to build in-browser ransomware and it gleefully complied

Supreme Court just made it harder for authorities to get location data from Google and Apple

Taiwan digital ministry to inspect Pi Mobile after alleged data breach

Teen suspect in Scattered Spider hacks is extradited to US

The ARToken phishing panel targets Microsoft 365 accounts

The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative

The New Hacktivists: How Global Conflict Turned a Nuisance Into a Security Threat

This new Android security setting spots bad networks and fake cell towers - enable it ASAP

This phishing kit looks more like BEC-as-a-service

Transport for London (TfL) Cyber Attack: Two Men Convicted for 2024 Hack That Crippled London Transport

Trump’s grip on the Federal Trade Commission (FTC) puts EU-US data transfer at risk

UK: Stone and Staffordshire organisations urged to protect themselves from ransomware

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

US lifts export controls on Anthropic’s frontier cybersecurity AI models

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Wales: Conwy council data breach sees social services worker sacked

WhatsApp usernames are already raising impersonation red flags

Why every cyber security team needs a hacker mindset

30th June

3 in 4 consumers would ditch a company if it suffered a major cyber attack

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

A ransomware leak exposed Apple's iPhone 18 Pro supply chain secrets

A simple Bing search led to an Akira ransomware attack

Aflac Japan data breach affects 4.38 million policyholders

Aflac Japan Data Breach Exposes Sensitive Customer Information

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Japan reports data breach affecting over 4 million customers

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin

Alberta, Centurion Project sued over alleged data breach that affected millions of voters

Another Claude Code attack allows full takeover of developers’ systems

Anthropic to restore Claude Fable access on Wednesday

Apple iPhone 18 Pro Design and Component Data Leaked in Tata Electronics Data Breach

Apple iPhone 18 Pro images and details leak in Tata Electronics data breach

Apple iPhone 18 Pro Leak Exposes Supplier Network, Components and Prototype Images After Tata Data Breach

Apple iPhone 18 Pro Supplier List Exposed in Tata Data Leak

Apple iPhone 18 Pro supplier list, component details leaked in Tata data breach

Apple iPhone 18 Pro supplier list, parts leaked in Tata Electronics ransomware attack

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP

Apple Says It's 'Concerned' as Massive Tata Electronics Data Breach Exposes Secret iPhone 18 Pro Details

Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

Apple Speeds iPhone Security Patches to Counter AI-Driven Hacking Threats

Apple’s AirDrop and Android’s Quick Share vulnerable: nearby hackers initiate connection, crash devices, or worse

Apple's iPhone 18 Pro Files Leaked Online In Ransomware Attack

Apple's iPhone 18 Pro supplier data leaked after Tata Electronics data breach

Apple's Secret iPhone 18 Pro Files 'Stolen' in Massive Tata Data Breach as Dark Web Leak Sparks Global Alarm

Apple's Upcoming iPhone 18 Pro Details Leaked Online After Cyber Attack

AssuranceAmerica Suffers Third-Party Data Breach, Customer Data Exposed

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

Barracuda warns of Microsoft phishing and malware rise

BioShocking Attack Lets Hackers Bypass AI Browser Guardrails and Steal Credentials

Blackfield ransomware asks Nidec Corporation for $2 million ransom

Blackfield seeks $2 million from Nidec after ransomware attack

BlueHammer Vulnerability Exploited in Ransomware Attacks

BumbleBee and AdaptixC2 Deliver Akira Ransomware Through Bing SEO Poisoning

Canada: Lawsuit filed in Alberta over data breach that affected almost three million voters

Canada: Proposed class-action lawsuit launched in Alberta over alleged elector data breach

CISA: Windows BlueHammer flaw now exploited by ransomware gangs

CISA Says Microsoft Defender BlueHammer Flaw Is Now Used in Ransomware Attacks

Class action filed in alleged Alberta data breach that exposed millions of voters’ private information

ClickFix Now Cybercriminals' Favorite Malware Delivery Technique

Critical Cacti Vulnerabilities Expose Servers to Pre-Auth SQL Injection Attacks

Critical SimpleHelp Vulnerability Exploited For Malware Delivery

Cross Resource Group Data Breach Affects Current and Former Employees

Cybersecurity & Data Breach Statistics 2026: The Year Cybercrime Stopped Breaking In

Daktronics Controller Flaws Expose Highway Signs to Remote Hacking

Data Breach Scandal: Ernst & Young (EY) Employees Access Top Politician's Banking Details

Doxim Data Breach Settlement Underscores Third-Party Data Security Risk

Dutch regulator warns users are “pouring their hearts into chatbots” over data risks

Every search you make, it’s watching: this malicious Chrome extension captures AI query keystrokes

Exeter Finance Data Breach Compromises Financial Account Information

Fake Perplexity AI Chromium Extension Hijacks Browser Search via Typosquatted Domain

Fake Perplexity extension on Chrome Web Store tracked searches

FBI and Southampton County, Virginia, warns of phishing scam

Fly Phishing: How Business Aviation Can Fight AI-Supercharged Cybertheft

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

Hacked! Automotive giant Nissan discloses multi-country data breach

Hackers claim breach of 1-800-Dentist, threaten to leak health data of millions

Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing

Hackers say they have GameStop customers' personal data

Hackers Steal Data of 4.38 Million Aflac Japan Customers

Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware

Half the defense base still builds security around compliance

Home Office security warning for sponsors: phishing scams on the rise – is your SMS account secure?

How Hackers Just Dumped Apple’s Tightly Guarded iPhone 18 Pro Secrets on the Dark Web

How ransomware syndicates weaponize corporate-style organization

Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware criminal about law enforcement probe

India leads Asia-Pacific Ransomware Target List with 165% surge in attacks

India tops Asia-Pacific (APAC) ransomware target list

Insurance giant Aflac discloses data breach after subsidiary hack

iPhone 18 Pro photos 'leaked on dark web' after data breach involving 20,000 files

iPhone 18 Pro Supplier Details, Photos Leaked After Tata Electronics Data Breach

iPhone 18 Pro supplier list and photos leaked following Tata Electronics ransomware breach

iPhone Security Fixes May Arrive Sooner as AI Speeds Up Threats

Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails

Kaspersky Warns of The Gentlemen Ransomware Group Expanding Operations with New Malware

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Large U.S. dental referral firm hit with cyberstrike

Malicious PyPI packages give hackers control of Telegram bot servers

Meta Adds WhatsApp Usernames: Here’s What You Need to Know

Microsoft accelerates quantum-safe roadmap as risks grow

Microsoft adds smarter bot protection to Teams meetings

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Midland Care Connection Data Breach Exposes Social Security Numbers

Montenegro Detains Islamic Revolutionary Guard Corps (IRGC)-Linked Hacker Behind $3.4 Billion US University Breach

New BioShocking attack manipulates AI browser into data theft

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs

Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks

Nissan Confirms Employee Data Breach After Oracle PeopleSoft Zero-Day Attack

Nissan Confirms Employee Data Breach Following Oracle PeopleSoft Exploit

Nissan data breach: ShinyHunters-linked attack may expose staff records

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day

Nissan Employee Data Breached in Oracle PeopleSoft Hack

Nissan employee data exposed in Oracle PeopleSoft zero-day attacks

Nissan the latest victim in Oracle’s PeopleSoft attack: sensitive data stolen

Nissan Traces Data Breach to PeopleSoft Zero-Day Exploit

Optalis Management Solutions Data Breach Exposes Social Security Numbers

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

Over 300 UK Firms Hit by Ransomware in a Year

Pakistan: Massive Ransomware Attack Hits Capital Development Authority (CDA) Billing System

Park Dental Research Data Breach Exposes Social Security Numbers

Peruzzi Buick GMC Data Breach Exposes SSNs and Driver's Licenses

Phishing-resistant authentication can prevent tax-time fraud

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Ransomware gangs exploit Microsoft Defender's BlueHammer vulnerability

Ransomware Group Claims Alleged Attack on 1-800-Dentist

Ransomware Is About Leverage: Return on Risk Takes It Away

Recently acquired radiology group reports data breach

River Bank & Trust Data Breach Potentially Exposes PII

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

Scotland: Cops prepare for Commonwealth Games cyber attack as fears mount over ticket fraud

Security Organizations Reveal Threat Management Fails to Match Visibility

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

SonicWall: NHS hospitals hit by 10x cyber attack surge

South Korea: 22 Arrested for Laundering 41.5 Billion Won in Fraud, Voice Phishing Proceeds

South Korea: Suspicious Accounts Used in New Phishing Scams Like No-Show Fraud to Be Immediately Blocked...Up to 60 Additional Business Days of Suspension

South Korea expands account freezes beyond voice phishing to cover new fraud schemes

SystemBC Malware Turns Windows Machines Into SOCKS5 Proxies for Ransomware Attacks

Tata data breach exposes iPhone 18 Pro supplier details, prototype images

Tata Electronics Data Breach Leaks Apple iPhone 18 Pro Secrets

Texas Hearing Institute Data Breach: PHI and PII Exposed

Texas Parks Data Breach Exposes Over 3 Million Hunters and Anglers

‘The Gentlemen’ Group Expands Global Attacks

The Gentlemen RaaS Uses New Ransomware Variant, Backdoor, Encryption

The Gentlemen Ransomware: 483 Victims, 90% Cut

The National Association of Insurance Commissioners (NAIC) Data Breach: A Turning Point for Data Collection and Privacy in the Insurance Industry

The Readiness Gap: What Wimbledon Reveals About Modern Cyber Defense

Thousands of Washington state residents affected in data breach by former Department of Social and Health Services (DSHS) employee

Trenitalia cyber attack exposes sensitive customer data

Trump drops restrictions on Anthropic’s Mythos and Fable models

UK: Barnham family left horrified after Home Office data breach

UK: Businesses warned as over 300 ransomware attacks reported last year

UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks

Ukraine Makes History With First $8.3 Million Seized Crypto Transfer to Asset Recovery and Management Agency (ARMA)

US offers $10 Million reward over Signal attacks on NATO officials

Vulnerability reports are arriving faster than GitHub can review them

Washington State Department of Social and Health Services (DSHS) investigating data breach involving former employee

What the Numbers Say About FIFA 2026 Cyber Risk

XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t

29th June

2.7 Million Sysco Emails Leaked Following ShinyHunters Data Breach

212 New Venezuela Earthquake Domains Prompt Donation Scam Warnings

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

A Data Breach Rarely Ends with the Breach Itself - Leaked Data Is Used in Travel and Ticket Scams During the Summer

Agentic AI Has an Identity Problem and Attackers Know It

AI Will Test Identity Infrastructure, Organizations Need More Prep

AI-Driven Identity Attacks Are Surging

Apple supplier Tata tightens internal controls post-data breach

ATM Jackpotting Gang Members Sentenced for Ploutus Malware Attacks

Australia: NSW Rural Fire Service admits security incident

Bluekit Phishing Kit Uses Browser-in-the-Middle Attacks to Evade Detection

Bradford Health Services settles class action lawsuit over 2023 data breach

Cambridge University Hospitals (CUH) Trust refers itself to regulator over data breach

Can generative AI be an ally in rooting out ransomware threats?

Canadian hacker sentenced for Texas Republican Party website defacement

Companies keep bolting AI onto their products, and the security bill is coming due

Copying the wrong person on an email could be considered a data breach in South Africa

Couple jailed over ‘worst ever’ Transport for London (TfL) data breach and £650k fraud

Critical SimpleHelp flaw exploited to deploy new stealer malware

Cyber insurance is delivering meaningful financial protection, with a majority of data breach and first-party losses covered according to Willis’ latest report

Cybersecurity for Food Companies: How to Prepare for Ransomware, AI Threats, and Supply Chain Disruptions

Danish official warns data stored on US cloud is shared with American spies

Dark Web Breach Exposes Secret Apple Supplier Data

DCloud Uni-App Scam Network Powers RainbowEx-Style Crypto Fraud and WhatsApp Phishing

DCloud Uni-App Templates Help Fraudsters Scale Crypto, Mobility, and Messaging Phishing Scams

Dell Wyse Management Suite Flaws Let Remote Attackers Execute Code

DentaQuest data breach class action filed over ShinyHunters cyberattack

Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year

European Data Protection Board (EDPB) Adopts Common Data Breach Notification Template

EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses

ExtraHop report finds nearly half of ransomware victims suffer data theft before detection

FBI Sounds Alarm Over Russian Intelligence Signal Phishing

FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets - this is how to secure your account

FBI, CISA Issue Alert on Russian Phishing Campaign Targeting Messaging App Users

FoxTrot Data Breach Compromises Social Security Numbers

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Germany discloses data over “silent SMS” use for surveillance

Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA

Ghostwriter Phishing Infrastructure Targets Gmail and Ukrainian Email Portal Users

GIFTEDCROOK Payload Targets Chrome, Firefox, KeePass, OpenVPN, and Sensitive Documents

Global Cybersecurity Firms Warn of Rising AI-Powered Phishing Attacks

Government Website in India Taken Offline After Defacement Attack

Hackers claim 110 Million Notion records exposed, but the company’s AI assistant is not concerned

Hackers claiming leak of 310 million Temu accounts: here's what we know

Hackers now exploit critical Oracle E-Business flaw in attacks

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

In major privacy win, Supreme Court rules geofence warrants are protected by privacy rights

India: Pune Property Tax Data Breach Sparks Alarm

India’s Meerut Development Authority Website Defaced With Pro-Pakistan Messages

Indian auto giant Bajaj targeted in ransomware attack

iPhone 18 Pro ‘drop test’ images, parts list included in ransomware leak

iPhone 18 Pro Supplier List, Parts, and Photos Leaked in Tata Ransomware Attack

Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says

Japan Hit By Major Data Breach: Up to 14.22 Million Email Login Credentials Potentially Exposed

Japanese AI police chief takes on $2 billion scam epidemic

Japanese Telecom Giant Says Breach May Expose 14.2 Million Email Accounts

JSP webshells being dropped on unpatched PTC Windchill instances

Justices rule that cellphone location histories are protected by the Fourth Amendment

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

KDDI Data Breach Exposes 14 Million Emails in Japan

KDDI Data Breach Exposes 14.2 Million Logins: Shared Infrastructure Flaw Hits Six ISPs

KDDI Data Breach May Expose 14.2 Million Email Accounts

KDDI discloses data breach affecting up to 14.2 million customers

LAPSUS$ targeted Myanmar's AYA Bank, stole 120GB of banking data

London Hydro offers credit monitoring after data breach

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

MCBS Data Breach Compromises PII and PHI Data

Microsoft 365 Apps Security Update Fixes High-Severity Excel RCE Vulnerability

Microsoft extends Windows Server 2022 hotpatching until October 2027

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft Removes Over 100 StegoAd Edge Extensions Hiding Malware via Steganography

Microsoft reveals phishing campaign targeting hotels in Europe and Asia

Millenium RAT Malware-as-a-Service (MaaS) Uses Telegram Bot API to Control Infected Windows Machines

Most teams accept higher risk for faster AI database work

Mozilla warns of indirect prompt injection risk in AI coding agents

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

National Association of Insurance Commissioners (NAIC) says public data stolen in ShinyHunters' PeopleSoft breach

Nissan discloses employee data breach linked to Oracle zero-day attacks

North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

Northern Technologies International Corporation (NTIC) Data Breach: Social Security Numbers Exposed

Nova ransomware group takes responsibility for NSW Rural Fire Service (RFS) hack

OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access

Operation Endgame Disrupts SocGholish, StealC Malware Networks

Over 14 million login credentials leaked from six ISPs in major data breach - here’s what we know

Phishing and ransomware - 10 ways to stop phishing-based ransomware attacks

Photo-themed phishing campaign targets European and Asian hotels with Node.js implant

Polymarket Users Lose $3.1 Million in Phishing Attack as 1,891 ETH Moves to Fresh Wallets

Public Proof-of-Concept (PoC) Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Ransom should not be paid say Law Enforcement Agencies

Ransomware groups are coming for law firms

Ransomware hits European suppliers as attacks surge 55%

Rokarolla Uses Fallback C2 Domains to Maintain Control Over Infected Android Devices

Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover

Russian spies are targeting Signal accounts linked to Ukraine with new phishing tactic

Russian state hackers stealing new Signal accounts with old backup keys, FBI warns

Sender Policy Framework (SPF) checker guide: How to protect your domain from phishing attacks

South Korea: Golfzon Data Breach Victims Launch Class-Action Lawsuit

Tata breach exposes Apple iPhone 18 Pro parts, supplier lists, and images, sources say

Tata Ransomware Breach Exposes iPhone 18 Pro Supplier Data and Device Photos

Texas data breach hits 3 Million license customers

The Hacker’s 2026 Playbook from the Dark Web

The Machine Identity Era Has Already Started

Tower Administrative Services discloses data breach exposing SSNs and financial information

Trump White House Dips Toes Into AI Cybersecurity Regulation by Executive Order

Taiwan digital ministry admits failures over cyber institute data breach

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

The Gentlemen are knocking: сustom backdoors and evolving tactics

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

U.S. Targets Russian Cyber Spies With $10 Million Bounty Over Messaging App Attacks

UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

UK businesses fear stigma of ransomware

UK data watchdog fines consultancy firm £300K for flooding people with millions of illegal texts

Ukraine to use seized crypto from cybercrime group to buy war bonds

Ukraine transfers $8.3 million in seized hacker crypto to state wallet, plans military bond purchase

UNC1151 Ghostwriter Hackers Target Belarusian Politician in Gmail Phishing Campaign

UNC5792: $10 million reward for information on Russian hackers

Update Chrome Now: Google Fixes 18 Security Flaws, Including Critical Bugs

US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp

Wabi Sabi Behavioral Health Center Data Breach Exposes SSNs

Wales: Publication of pictures of medical files on social media prompts data breach inquiry

Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

WhatsApp rolls out usernames to help users hide their phone number

Why Insider Threats Deserve a Spot at the Top of Your Risk List

Women's Center for Radiology Data Breach Compromises Personal and Health Information

Women's Wellness of Delaware Data Breach Impacts Aesthetic and Clinical Service Patients