Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th June and 21st June 2026.17th June
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs
7-Year-Old OpenBSD Flaw Enables Complete PAP Authentication Bypass
15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys
24 billion records, including usernames and passwords, exposed in colossal data leak: What does that mean for you?
144 Mastra npm Packages Compromised via Hijacked Contributor Account
Android Banker Rokarolla Uses Fake Overlays to Steal PINs, Passwords, and Crypto Wallet Data
Apple makes “Hide My Email” easier to block, raising privacy concerns
Australia: NSW government pours cold water on ransomware claims
Bluekit Phishing-as-a-Service (PhaaS)
Chinese hackers behind massive AI-powered phishing network that stole millions of cards
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Critical Chrome Vulnerabilities Enable Arbitrary Code Execution Attacks
Critical Fortra Access Manager Flaw Exposes Systems to Command Injection
Critical LiteLLM Flaw Enables Authentication Bypass via Host Header Injection
Critical NVIDIA NeMo Vulnerability Enables OS Command Injection
Cyber insurance delivers meaningful financial protection, with a majority of data breach and first-party losses covered
Data Breach Exposes Personal Information of 137,000 School Staff at Infinite Campus
Data leak fears after ransomware attack hits Hong Kong’s Kee Wah Bakery
Deno-Based Malware Abuses CloudFront WebSocket C2 for Remote Access and Internal Pivoting
DragonForce Exploits Microsoft Teams Relays via Backdoor.Turn
DragonForce Ransomware Group Hid Inside U.S. Firm for Two Months Using Microsoft Teams Relays
ErrTraffic ClickFix Framework Abuses Compromised WordPress Sites to Deliver Infostealers
EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks
Experts analyse University of Nottingham cyber-attack
FBI warns Microsoft 365 users of dangerous Kali365 phishing scam: How it works and how to stay safe
FIFA World Cup API Authorization Bug Let Anyone Hijack the Live TV Stream
Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
FishMonger Uses TCP, UDP, and WebSocket C2 Channels in SprySOCKS Windows Attacks
Frontier AI Models Point to a Shift Defenders Are Not Ready For
Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes
GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say
Google Lawsuit Cites 9,000 Fake Websites Linked to Phishing Operation
Google sues Chinese AI scam ring over fake texts and phishing sites
Hacker group claims 1TB data theft from pharmaceutical giant Novo Nordisk
Hackers Abuse SheetBest API to Exfiltrate Banking Credentials Into Google Sheets
Hackers Claim 1TB Data Theft from Wegovy and Ozempic Maker Novo Nordisk, Demand $25 Million
Hackers Compromise 140+ Mastra npm Packages to Steal Credentials
Hackers Use Potemkin Loader to Deliver RMMProject RAT in ClickFix Intrusion
Holiday season is here - but watch out, hackers are launching more phishing scams and attacks than ever before
How DragonForce Ransomware Hid in Plain Sight Using Microsoft Teams Infrastructure
Infinite Campus Breach Exposes 137,000 Staff Accounts - What Is A Data Breach?
INTERPOL Warns India Among Top Targets of Cyber Attacks, Deepfake Fraud and Ransomware
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak Confirms Data Breach Following ShinyHunters Claims of 2.2 Million Records Theft
Kodak investigates data breach after ShinyHunters cyberattack
Mackay Sugar cyber attack flagged as broader risk to Australia’s food supply chain
macOS Users Targeted by Sapphire Sleet Campaign Using Script Editor and Fake Update Dialogs
Malicious JetBrains Plugins Caught Harvesting AI API Keys from Developers
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Microsoft working on Defender patch for RoguePlanet zero-day
Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)
New INTERPOL report highlights escalating cyber threats across Asia and South Pacific
Nintendo employee Data reportedly stolen in Cyberattack and Hackers demand $2 Million Ransom
Nintendo faces $2 Million ransom after employee data breach via TinyPulse
Nintendo issues statement on data breach after hackers demanded $2 Million ransom
Nintendo Of America Dismisses Data Breach, Says No Personal Or Financial Info Were Accessed
Nintendo Officially Responds To $2 Million Hacker Ransom, Assures That No Customer Data Was Stolen
Novo Nordisk Data Breach: Cyber Extortion Group FulcrumSec Claims Theft of 1.3 TB of Sensitive Data After USD 25 Million Ransom Demand
Novo Nordisk Data Breach: FulcrumSec Demands $25 mn, Allege Theft of 1.3TB of Drug, Trial and Patient Data
Novo Nordisk hackers turn to private sale after Ozempic maker refuses $25 Million ransom demand
Novo Nordisk Hit by Data Breach: Hackers Steal One Terabyte, Company Refuses $25 Million Ransom
Novo Nordisk IT Security Incident Exposes Limited Patient and HCP Data
Oracle PeopleSoft Zero-Day Exploited in Ransomware Attacks, Warns CISA
Organizations’ Emergency Response Fails to Match Confidence Levels
Phishing falls as attackers turn to AI & encryption
Phishing scam targets Microsoft Teams, Outlook, and OneDrive
Ransomware Group Demands $2 Million From Nintendo After Getting Access to Sensitive Information
Ransomware group wants $2 million from Nintendo for Tinypulse hack, Nintendo says its aware
Researcher found a way to hijack FIFA World Cup streams but didn't touch it
SK Telecom (SKT), Korean National Police Agency identify 475 phishing crime servers with AI
That AI chatbot you secretly use at work? It may be a security risk
The checklist problem behind critical infrastructure cyber safety
The SOC’s visibility gap comes down to staffing
Troy Hunt (Have I Been Pwned) Flags 455,000 Emails in University Of Nottingham Data Breach
Ukraine can now tap EU cyber support during major attacks
Ukrainian pleads guilty to role in Conti ransomware group
Understanding OAuth Risks: From Device Code Phishing to Token Abuse
What Is A Data Breach? Infinite Campus Leak Hits 137,000 Staff Accounts
What is Kali365? FBI warns of Telegram-based phishing toolkit targeting Microsoft 365 users
16th June
84% of professional football clubs have become victims of attacks, now the World Cup 2026 could also become a hacker paradise
94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Amos Stealer Targets macOS Keychain Files and Browser Passwords
Anyone Can Be a Hacker Now: FBI Exposes Microsoft 365 Phishing Toolkit That Gives Amateurs the Keys to Cybercrime
Apple plans to change its Hide My Email privacy feature that could make it less effective
Asian firms scrutinise cyber insurance limits as ransomware losses climb
Attackers are exploiting FortiSandbox vulnerabilities
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Australian Medical Council denies ransomware attack in wake of false claim
Australian mortgage broker Keylend warns of phishing incident following single account breach
Belarus-Linked UNC1151 Launches Gmail Phishing Campaign to Steal 2FA Codes
Boots impersonated in phishing scam targeting nearly 9 million shoppers
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
Cal Water investigates alleged hacker breach affecting Chico customer data
Canada: Ford government scolded agency over cyber attack. Documents show it knew a month earlier
Cardiac patients’ medical data stolen and held to ransom
China Spent Over a Year Inside U.S. Medical Research Networks - And Used Google’s Own Email Rules to Steal Data
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
CISA warns of another cPanel plugin flaw exploited in attacks
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Compromised WordPress Site Uses Traffic Direction System to Target Windows Users With GULoader
Conti Ransomware Loader Developer Pleads Guilty in $150 Million Operation Riptide Case
Conti ransomware operator pleads guilty to wire fraud conspiracy and cyber extortion scheme
Cost of ransomware recovery too high? Here’s how to stop footing the bill
Council of Europe investigates ShinyHunters data breach allegations
Critical Fortinet FortiSandbox flaws now exploited in attacks
Critical Microsoft 365 Copilot Flaw Enables One-Click Data Theft
Critical SearchLeak Flaw in Microsoft 365 Copilot Exposed Sensitive Enterprise Data
Crypto scammers are sending couriers to victims’ homes to collect cash
Cyber attack on Southern Illinois Ob-Gyn hospital impacted thousands of patients
Cyber Crooks Hit Long Island Legal Aid, Expose Clients’ Sensitive Data
Cybercriminals mask malicious communications through Microsoft Teams relays
Cybercriminals Use The Quarry Toolkit to Launch IRS and SSA Phishing Attacks
Cybersecurity Awareness and Digital Forensics: Safeguarding the Digital World
Did Jaguar Land Rover (JLR) force brands to rethink cyber for their dealers?
Does the jailbreak that got Anthropic’s Fable 5 pulled exist in every AI model?
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
DragonForce ransomware uses Microsoft Teams for covert command and control
Easterly Properties Data Breach: Social Security Numbers Exposed
Error in Breach Notice Leaves Victims Confused, Skeptical
Estonia to quarantine emails sent from Russian .ru domain before they reach government officials
EU Cybersecurity Act 2.0: When good regulation goes bad
EvilTokens: Phishing-as-a-Service (PhaaS) Kit Abusing OAuth Device Code Flow on Microsoft 365
Experts Say Google's Recent Scam Lawsuit May Have Limited Impact
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
FBI Issues Urgent Scam Alert for Microsoft Teams, Outlook and OneDrive Users
FBI issues warning about Kali365 phishing scam that bypasses MFA in Microsoft 365 accounts
FBI Warns Courier Cash Pickups Are Driving Crypto Scams
FBI Warns Microsoft 365 Users About 'Kali365' Phishing Scam That Can Bypass MFA
FBI warns Microsoft 365 users of new Kali365 phishing scam: What it is, how it works
FBI warns Microsoft 365 users of phishing scam. How to stay safe
Federal Government dismisses report of cyber attack on Nigeria education management information system
Federal Trade Commission (FTC) warns of record $3.5 billion losses to imposter scams in 2025
Former LockBit and Qilin Operators Launch New RaaS Programs With AI-Based Victim Analysis
Gentlemen Ransomware targets Mackay Sugar in Australia
Ghana: Cyber Security Authority (CSA) urges Universities to strengthen cybersecurity following university of Nottingham cyber-attack
Ghana: Cyber Security Authority (CSA) warns educational institutions to strengthen cybersecurity following major UK data breach
Global Ransomware Incidents Increase 48% in May 2026
Google and FBI join forces to combat AI-generated phishing scams targeting smartphone users
Google Takes Legal Action Against Chinese Hackers Accused Of Weaponising Gemini AI For Massive Scam Operation
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
Hacker: 'I Could Have Rickrolled the World Cup'
Hacker Group Demands $2 Million from Nintendo
Hackers Abuse Legitimate RMM Tools in The Quarry IRS and SSA Phishing Campaigns
Hackers Abuse Microsoft Teams to Conceal Ransomware Activity
Hackers boast of data dump involving 5.4 million Swedes, but there’s a catch
Hackers Hijack Terminal Server to Launch 8.9 Million-Email Boots Phishing Campaign
Hackers Use The Quarry PhaaS Ecosystem to Target U.S. Victims With IRS Phishing
Hackers Weaponize Microsoft Teams Relay to Hide Ransomware Traffic
Hacking group claims major hack of Novo Nordisk and attempted $25 million extortion
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden
How could the Ransomware Bill be diminished without compromising on Cybersecurity
How to protect yourself from online scams, phishing, and identity theft
India: Did hackers access ICAI's exam portal? Alleged data breach sparks concern days before Chartered Accountants (CA) Inter, Final results 2026
Infinite Campus Data Breach Exposes 137,000 Users Personal Details
Interlock and Rhysida Ransomware Operations Share Supper Backdoor and Malware Codebase
INTERPOL-Backed Operation Dismantles Decade-Long Phishing Platform, Arrests Alleged Administrator
Ireland: Cork man extradited to US pleads guilty to involvement in global ransomware fraud
Ireland: HSE Fined €300k Over Data Breach At Offaly Hospital
Ireland: HSE hit with €300,000 fine over Tullamore hospital patient data breach
iRhythm Discloses Data Breach After Threat Actor Claims Protected Health Information (PHI) Theft
iRhythm discloses data breach, says hackers stole patient info
iRhythm Hit by Cyberattack, Patient Data Stolen and Ransom Demanded
iRhythm Holdings Discloses Third-Party Data Breach via Social Engineering
iRhythm Technologies Data Breach Potentially Exposes Protected Health Information
Jackpocket Casino Data Breach Exposes Sensitive Personal Information
Kali365 Phishing Attack Bypasses Microsoft 365 MFA Using Real Login Pages, No Fake Site Needed
Kee Wah Bakery hit by ransomware attack; customer and staff data compromised
Mackay Sugar cyber attack claimed by The Gentlemen ransomware
Maine takes down its data breach notification portal after it is flooded by fake claims
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Malwarebytes Finds Ad Scams Hidden in 40+ World Cup Streaming Sites
Microsoft 365 Device Code Phishing Campaign Bypasses Password Theft With Legitimate Login Flow
Microsoft 365 Users Targeted by Device Code Phishing Campaign Using OAuth 2.0 Flow
More than 40 World Cup streaming sites caught pushing scam ad networks
Murray County paid hackers $200K after ransomware attack in May
New Phishing Scam Targets Microsoft Teams, Outlook, and OneDrive
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
New Rokarolla Android malware targets 217 banking, crypto apps
New Rokarolla Android Trojan Found Targeting 217 Crypto and Banking Apps
Nigeria: Federal Government Denies Cyber Attack on Education Data Platform
Nintendo Is ‘Aware Of An Issue’ Involving Third-Party Hack As Group Allegedly Tries To Ransom Employee Info For $2 Million
Nintendo says hacker group’s stolen employee data is ‘limited and old’ despite $2 Million ransom threat
Novo Nordisk Confirms Cyberattack Exposing Patient Data and AI Assets
Novo Nordisk Data Breach Exposes Clinical Trial Patient Data
Oak View Group Data Breach Exposes Social Security Numbers
OnionDrop Loader Uses Nation-State-Grade Evasion to Deliver LegionLoader, CGrabber, and Vidar
OptinMonster Plugin Flaw Exposes 1.2 Million WordPress Sites to Attacks
Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
Ozempic maker Novo Nordisk hit with $25 million ransom demand after claimed data breach
People’s Republic of China (PRC)-Linked Hackers Exploit REDCap Servers to Target US Research Institutions
Phishing No Longer Looks Wrong: What Security Leaders Should Do Next
Phishing scam victim loses $3,456 claim against bank after failing to act on notification alerts
Planning a trip? Fake travel sites are multiplying this summer
Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
Reform Wales faces data breach questions after Tory members receive party emails
Rockstar Games Targeted by ShinyHunters in Massive Cloud Data Breach
Rokarolla Trojan Combines Banking Fraud With Device Surveillance
Samsung boosts Galaxy security, blocks malicious apps and scam calls
Samsung Electronics boosts Galaxy security, blocks phishing apps from installation to execution
Samsung to Block Execution of Phishing Apps on Future Galaxy Devices
Scam Alert: FBI issues warning for Teams, Outlook, OneDrive users
ShinyHunters Claims 297 GB Council of Europe Data Breach
ShinyHunters Claims Council of Europe HR Data, Threatens Leak
ShinyHunters claims theft of 2.2 million records from Kodak in ransomware ultimatum
ShinyHunters exploited Oracle PeopleSoft flaw to victimise hundreds of organisations
ShinyHunters publishes data stolen from school software provider Infinite Campus, 137K users exposed
Shocking New Phishing Scam Lets Hackers Break Into Outlook and Teams Without Stealing Login Details
Silent Ransom Group Threatens US Law Firms With LEAKEDDATA Data Leak Site
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
Singapore: Man lost S$3,800 in card phishing scam after clicking on TikTok ad; tribunal finds him liable, not bank
South Korea: Police Arrest 23 in Cambodia-Linked Phishing Crypto Laundering Crackdown
South Korea: Police Bust Phishing Money-Laundering Ring Using Tether
South Korea Busts Crypto Laundering Ring Tied to Cambodian Phishing Group
South Korea Fines Coupang $409 Million Over Massive Data Breach
South Korea slaps Coupang with a record ₩624.7 billion data breach penalty
SprySOCKS Backdoor Expands From Linux to Windows
Steam Workshop abused to spread malware via Wallpaper Engine app
Superior Drywall Data Breach Exposes Financial Account Information and Social Security Numbers
Sysco hit by second extortion claim over 61 Million records, weeks after Qilin ransomware threat
The Gentlemen Ransomware-as-a-Service (RaaS) Scales to 166 Victims as Ransomware Groups Compete for Affiliates
The Hacker Group That Once Targeted BMW and Google Play May Have Changed Its Mission
The Handala hacker group uses cyberterrorism as psychological warfare, study finds
Think your Microsoft 365 account is safe? This new scam may prove otherwise
UAE's most dangerous cyber threat: Why credential phishing is getting harder to detect
Ubeo Data Breach: SSNs and Driver's License Information Compromised
UK watchdog now investigating smart TVs collecting your personal data
UNC1151 Ghostwriter Hackers Target Gmail Users With 2FA-Stealing Phishing Campaign
Update on the California Water Service (Cal Water) Hacking Incident
US restricts Anthropic Mythos and Fable AI models over fears foreign military will use them
“We hit the UK hard:” 9 million targeted in Boots gift scam hosted on hacked government website
What Is Kali365 & How Is It Targeting Microsoft 365 Users With Automated Phishing Attacks
What Is Kali365? Everything You Need to Know About the MFA-Bypassing Phishing Scam
Willis finds cyber insurance coverage adequate for most breach and first-party losses
Windows version of SprySOCKS Linux malware used to attack government organizations
15th June
4 major Iranian banks suffer cyber attack, no customer data impacted
23andMe data breach victims get $46.75 million settlement
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
A hacker has allegedly stolen employee data from Nintendo
A hardware neural network backdoor that hides in plain sight
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
AI vulnerability discovery is pushing 2026 CVEs toward 66,000
Akira ransomware spotted using LimeWire service for data theft
Alleged Dark Web Leak Exposes Data on 62,208 Paris Transit Workers, Raising Fresh Cybersecurity Fears
Anthropic says US government forced it to disable cybersecurity AI models
Anthropic's most advanced AI models blocked worldwide: US cites cyberattack risks
APT37 Hackers Use NarwhalRAT Malware With Microsoft-Themed Phishing and Dead-Drop C2
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Australian Sugar Producer Mackay Sugar Reports Cyber Incident
Belarus-linked hackers target Gmail accounts of Polish public figures and their families
Breaking Down the Novo Nordisk Data Breach
Caldwell Sutter Capital discloses data breach tied to third-party software provider
California Water Systems Secure Despite Hacker Claims
China-linked spies backdoored authentication stack to stay hidden for years
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
Chinese hackers breach REDCap servers, steal medical research
Chinese hackers breached North American research institutions via REDCap servers
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Council of Europe investigates ShinyHunters data breach claims
Coupang Faces Record $470 Million Fine, Class Actions Loom Over Data Breach
Cyber Attack on Oracle Exposes Data of Higher-Ed Clients
Cyber threats shift focus to people as AI-driven scams and identity attacks rise in 2026
Cyberattack on Russian tech firm Astral disrupts business, government services for a week
Cybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI Models
Cybersecurity veterans protest ‘dangerous’ US government ban on Anthropic’s most powerful models
Cyberwar At the Front Line: Why Enterprises Must Prepare for Digital Conflict
Data Breach Portal Shut Down After Fake Filings Expose Unverified Auto-Publish Flaw
Department of Justice (DOJ) seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
Don’t just recover from ransomware; recover well, and you could cut your ransomware bill too
FBI: Fraudsters use couriers to steal money in crypto scams
FBI alerts users to Microsoft Teams, Outlook phishing risk
FBI And Google Crush AI Scam Ring Behind 1.59 Million Phishing URLs
FBI Destroys Massive AI Phishing Empire Linked to $1.9 Billion Theft
FBI dismantles Chinese phishing service that coached buyers to generate scam sites using AI - $88 cybercrime product linked to $1.9 billion in losses, 3.87 million stolen cards
FBI takes down Chinese phishing operation
FBI takes out huge AI-powered phishing service: Outsider Enterprise was using over a million phishing URLs to steal credit card data and passwords
FBI warns of Kali365 phishing scam targeting Microsoft 365 users
FBI Warns Of Phantom Hacker Scams Targeting Bank Accounts
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service
FBI, Google Take Down AI-Powered Cybercrime Ring That Was Using Over A Million Phishing URLs To Steal Data
Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women
Global crackdown exposes €336m crypto laundering linked to ransomware gangs
Google files lawsuit over AI-assisted phishing operation abusing Gemini
Google says Chinese-linked hackers stole defence and AI data from US and Canadian labs for a year
Google Sues Chinese Crime Ring for Using Gemini AI in Mass Phishing Scams
Google sues Chinese network accused of impersonating Google with AI
Google sues Chinese network over AI text phishing scams
Google Sues Operators of AI-Powered ‘Outsider’ Phishing Kit Linked to 1.5 Million URLs
Hacker claims to have stolen Nintendo employee data and more
Hacker claims to have stolen Nintendo HR data from TINYpulse systems
Hacker claims to have stolen roughly 859 MB of data from Nintendo
Hacker drops Needlework Tours customer data on underground forum
Hacker Group Claims To Have Stolen Nintendo Data, Posts $2 Million Ransom
Hackers claim massive Council of Europe breach: troves of personal data exposed
Hackers demand $2 Million from Nintendo over alleged data breach
Hackers Use Microsoft Account Security Alert Lures to Deliver NarwhalRAT Malware
Handala Hacking Group Claims Breach of California Water Service
How a Chinese hacker group used Google’s AI to scam thousands of users
HSBC Payment Advice Phishing Email Aims to Steal Passwords
Humanity Protocol Hack Linked to Suspected North Korean Actors
Humanity Protocol loses $36 Million in phishing hack linked to North Korean cyber operatives
Infinite Campus: Data breach affects 137,000 school staff accounts
Infinite Campus data breach affects 137,000 school staff accounts
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
Ireland: HSE fined €300k over data breach at Midland Regional Hospital Tullamore
Kaspersky identifies phishing campaign using AI web hosting platform
Kimsuky targets South Korea with spear phishing using data-leak lures
Korean Ecommerce Giant Hit With Record-Setting Fine Over Massive Data Breach
Labcorp Agrees to Pay $35 Million to Settle American Medical Collections Agency (AMCA) Data Breach
Legal Services of Long Island Data Breach Exposes Sensitive Personal and Health Information
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Maine closes data breach portal to the public after fake reports
Maine Data Breach Reporting Portal Abused, Taken Offline
Maine Disables Data Breach Portal Due to Fake Submissions
Maine forced to take down data breach portal after fake notices filed with authorities
Maine Takes Breach Reporting Portal Offline After Fake Entries
Maine Takes Data Breach Reporting Portal Offline After Fake Discord and VRChat Filings
Microsoft’s workplace check-in via Wi-Fi tracks who’s in the office, and not everyone’s happy
New attack turned Microsoft 365 Copilot into 1-click data theft tool
Nintendo Alleged Data Breach: Threat Actor Demands $2 Million Ransom
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Nintendo Employees’ Private Workplace Confessions May Now Be On a Criminal Forum After Hacker Targets HR Vendor TINYpulse
Nintendo hit with data breach, hacker steals 859MB of data via TINYpulse
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
North Korean hackers steal $36 Million from blockchain service using phishing email
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
OptinMonster WordPress plugin hacked in CDN supply-chain attack
Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited
Orthopaedic Specialists of Massachusetts (OSM) Data Breach Exposes PHI and PII for 20,147 Patients
Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores
Over 73K accounts caught up in breach of France’s government messaging platform Tchap
Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Paylogix data breach exposes sensitive employee and client information in ransomware attack
Phantom Hacker Swindlers Zero In On New Yorkers After $1 Billion Nationwide Heist
Phishing Alert - Beware of Booking.com Phishing Messages Exploiting Suspected Leaked Booking Data
Phishing Through Bithumb Leads to $36 Million Theft From Humanity
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
Power Without Control: What Anthropic’s Claude Fable 5 and Mythos 5 Mean for Enterprise Security, AI Governance, and Risk
Protecting Public Safety Networks: A Deep Dive into the Ransomware Threat and Emerging AI Risks
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
Ransomware Hits Australia’s Sugar Mills, Shutting Down Operations
Ransomware Insider Betrayal: Guilty Plea In BlackCat Cybercrime Scheme
Ransomware Preparedness Must Be a Boardroom Priority: NCSC (National Cyber Security Centre) Chief
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks
Senior engineers are spending their week cleaning up AI-generated code
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
SHADOWBYT3$ Claims Nintendo Data Breach, Alleges $2 Million Ransom Demand Through HR Platform Exploit
ShinyHunters Claims Council of Europe Hack
ShinyHunters claims Kodak hack, threatens to leak 2.2 Million records
ShinyHunters Publishes Infinite Campus Data in Extortion Campaign Linked to Salesforce, 137,000+ Emails Exposed
SimpleHelp bug lets hackers create rogue remote support accounts
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
South Korea: 'Business-Crushing' Ransomware...National Police Agency to Launch Dedicated Investigation Team
South Korea: Privacy Watchdog Probes CU Convenience Store Delivery Data Breach
South Korea Fines Coupang Record £300 million Over Data Breach
Spectrum Sued After Data Breach Exposes 40 Million Customers
Splunk Urges Immediate Patching of Critical Flaw Enabling Arbitrary File Operations
The FBI just issued an urgent warning for anyone using Microsoft Teams, Outlook, or OneDrive over a new phishing scheme
The Philippines: Hacker of government websites identified
The Shared Language Needed to Secure and Govern AI Systems
The US government’s Anthropic models ban was never about an AI jailbreak
Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here’s What Cyber Criminals Are Actually Doing
UK Government Finds 400+ Vulnerabilities in AI Hackathons
Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges
Ukrainian national pleads guilty in connection with Conti ransomware
US export controls on Anthropic’s AI models catch Europe unawares
Virta Health Data Breach Exposes Sensitive PHI and PII
What Is Phishing? How It Works, Types, and How to Spot It in 2026
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 1st June and 7th June 2026, kindly assisted by our partners.
