Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th July and 19th July 2026.13th July
65% of Organisations Think a Serious Cyber Attack Could Threaten their Survival
99.9% of fixable AI vulnerabilities remain unpatched
A zeroed signature let a hacker drain nine million dollars from Hedera's biggest lender
After years on the run, alleged Ryuk ransomware operator pleads guilty
AI Phishing Surge Forces New Zealand Casinos to Fight Back
ApolloMD agrees to multi-million-dollar settlement over 2025 data breach
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Australian Cyber Agency Warns of Global CMS Exploitation Campaign
California: State can’t seek damages from 23andMe successor over data breach
California Gay & Lesbian Services Center Data Breach Affects 75,500 Individuals
Cambodian Voice Phishing Ringleader Sentenced to 14 Years for $44.3 Billion Fraud
Carle Health Data Breach Exposes Sensitive PHI and PII
Centers Laboratory Data Breach Affects 540,000 Individuals
Centers Laboratory New Jersey discloses data breach incident impacting 542,000 people
CISA Warns of Actively Exploited Joomla Zero-Day Vulnerabilities
CISA warns of actively exploited RCE flaws in Joomla extensions
Columbia Orthopaedic Group Data Breach Exposes PHI
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cyber Attack at Mount Royal University Disrupts Operations, Cybercrime Gang Demands $1.9 Million Ransom
Cyber incidents - a 'litmus test' of a company’s management capability
Dark Web Profile: Krybit Ransomware
Data breach at Lidl: online store customer data stolen
Difficult to detect: Phishing campaign uses Microsoft infrastructure
Doing Its Job: Large Majority of Cyber Losses Covered by Insurance, Says Willis
Estée Lauder Data Breach Exposes Health Information and SSNs
EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe
EU sanctions Russian GRU military hackers over cyberattacks
European Parliament Revives Controversial Chat Scanning Law
Evilginx: Three phishing operations revealed by mistake
Ex-ransomware negotiator gets 70 months for betraying clients to hackers
Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens
Fake Bank Apps Let Scammers Control Android Phones in Southeast Asia
Fake OAuth client IDs are helping attackers slip past sign-in logs
Feds Slam Ransomware Supply Chain: US And Allies Cut Off Cybercriminals’ Digital Lifelines
Fiji: Phishing attack surge
Finland: Police issue wanted notice for Vastaamo hacker Aleksanteri Kivimäki
Finland: Vastaamo hacker wanted after appeal rejected
Foreign National Admits Guilt in $15,000,000 Bitcoin Ransomware Attacks on U.S. Firms
Forg365 Phishing-as-a-Service (PhaaS) Targets Microsoft 365 with Device Code and Adversary-in-the-Middle (AitM) Session Theft
GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges
Hackers blackmail Bosch as secret engineering files surface on the dark web
Hackers breach Lidl’s IT service provider, steal customer data
Healthcare ransomware attacks rose 14% in first half of 2026
Healthcare Services Group Agrees to $3 Million Settlement Over 2024 Data Breach
Hong Kong: Securities and Futures Commission (SFC) Mandates Phishing-Resistant Authentication Methods for Internet Brokers and Virtual Asset Trading Platforms (VATPs) to Protect Client Accounts
How small businesses get hacked through employees
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
India: Government Confirms No Critical Data Loss In Tata Electronics Cyber Attack, Vows Continued Vigilance Amid Rising Digital Threats
India: Government examining alleged Tata Electronics data breach
Is that QR code a trap? How to spot quishing scams before it's too late
It’s a First: An AI Agent Carries Out a Ransomware Attack on AI App Builder
Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials
Lake Region Healthcare Alerts Patients of Data Breach
Lawyers Investigate Frontier Airlines Over Data Breach That May Have Exposed ‘Sensitive’ Personal Information
LIA Insurance Data Breach Exposes Financial Account Info
Lidl customers across Europe hit in suspected data breach - here's what we know
Lidl customers' bank details at risk after third-party security failure
Lidl discloses online shop breach after service provider hack
Lidl Warns of Phishing Risk After Customer Data Theft
Los Angeles Police Department (LAPD) lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy
Marlboro-Chesterfield Pathology Agrees to Settle Lawsuit Over 2025 Ransomware Attack
Meridian Health Plan of Illinois Data Breach Affects 21,027
Meta Removes Muse Image Instagram Feature After Consent Backlash
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
New ransomware leader emerges as global cyberattacks rise in June 2026
Nihon Kotsu Confirms Malware Infection, Taxi Dispatch Systems Disrupted
Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
One Misconfigured Python HTTP Server Exposed Three Active Campaigns from Attackers
Open Directory Exposes Three Evilginx Phishing Operators
Pakistan: International Hacker accused of stealing 5 Million Bank Records arrested in Karachi
Pakistan: Karachi hacker arrested for alleged theft of millions of foreign citizens’ financial data
Pakistan: National Cyber Crime Investigation Agency (NCCIA) Busts International Hacker in Major Data Breach Case
Pakistani Police Systems Hit by Chinese and Indian Espionage
PennyMac Data Breach Affects 3k Individuals: PHI Exposed
Progress Software Warns of "External Security Threat" to ShareFile
Progress warns ShareFile Users: shut down on-premises servers immediately
Prolific hacker 2019 selling alleged HotToner Australia customer data online
Public Key Infrastructure (PKI) Under Pressure: AI, PQC and Shorter Lifecycles Drive New Security Challenges
Ransomware negotiator jailed for 70 months after he just helped infect victims with malware
Ransomware negotiator who betrayed clients sentenced to 70 months in prison
Ransomware Targets 2.74% Of Malaysian Firms In 1Q26
RokRAT Malware Hides Behind Academic Event PDFs and Cloud Storage Links
Russia's FSB blamed for Poland grid attack as UK and EU impose first joint cyber sanctions
Russian celebrity journalist Ksenia Sobchak says hackers accessed Telegram channels via email breach
Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Ryuk ransomware operator pleads guilty in $15 Million bitcoin extortion
Security Leaders Discuss Exposure of 24 Billion Credentials
Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
Siggen Backdoor Hits Windows Developers Via Infected Visual Studio Projects
Social Media Users Warned Against Phishing Campaign on X
South Korea Military Faces Highest Cyberattack Volume Since 2021
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
Supply Chain Attack: jscrambler npm Package Compromised, Targeting Wallets, AI Tools, Cloud Credentials
The Decision Burden Behind SOC Alert Fatigue and How Experts Would Reduce It
This one cyber crime group accounted for nearly a fifth of all ransomware attacks in June
UK charges suspects linked to Russian Coms call spoofing platform
UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts
US and allies warn of Russian critical infrastructure attacks
US Treasury sanctions malware providers tied to cyberattacks
Vermont: Funds recovered in recycling-related phishing scam
Vishing Call Becomes Key Lead in Massive Odido Cyberattack
Why cybercrime is becoming everyone’s problem in Ghana
Why Software Bill of Materials (SBOMs), signing, and provenance still don’t tell you if software is safe
Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims
YKK AP Data Breach Highlights Ongoing Cyber Risks Facing Glass Industry
Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 29th June and 5th July 2026, kindly assisted by our partners.