Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th June and 5th July 2026.1st July
A CISO’s Guide to Robocall Mitigation: Applying MITRE ATT&CK to Voice-Based Threats
Adobe patches seven max severity ColdFusion, Campaign flaws
AI-generated code risks reach security, legal, and compliance teams
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81 Million+ Attempts
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Claude Sonnet 5 includes safeguards against dangerous cyber use
EvilTokens Campaign Reveals Device Code Phishing Ticks Up 1,380%, Powered by AI
Insurance Giant Aflac Discloses Data Breach Impacting Millions
Major win for Anthropic as US lifts Mythos, Fable export controls
Microsoft wants to stop unwanted bots from entering Teams meetings
Model Context Protocol (MCP) Tool Poisoning Hijacks AI Agents to Steal Data
Nearly Half of Organizations Lack "Full" Visibility Into Employee AI Usage
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
The New Hacktivists: How Global Conflict Turned a Nuisance Into a Security Threat
Trump’s grip on the Federal Trade Commission (FTC) puts EU-US data transfer at risk
30th June
3 in 4 consumers would ditch a company if it suffered a major cyber attack
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
A ransomware leak exposed Apple's iPhone 18 Pro supply chain secrets
A simple Bing search led to an Akira ransomware attack
Aflac Japan data breach affects 4.38 million policyholders
Aflac Japan Data Breach Impacts 4.38 Million
Aflac Japan reports data breach affecting over 4 million customers
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin
Another Claude Code attack allows full takeover of developers’ systems
Anthropic to restore Claude Fable access on Wednesday
Apple iPhone 18 Pro Design and Component Data Leaked in Tata Electronics Data Breach
Apple iPhone 18 Pro images and details leak in Tata Electronics data breach
Apple iPhone 18 Pro Leak Exposes Supplier Network, Components and Prototype Images After Tata Data Breach
Apple iPhone 18 Pro Supplier List Exposed in Tata Data Leak
Apple iPhone 18 Pro supplier list, component details leaked in Tata data breach
Apple iPhone 18 Pro supplier list, parts leaked in Tata Electronics ransomware attack
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP
Apple Says It's 'Concerned' as Massive Tata Electronics Data Breach Exposes Secret iPhone 18 Pro Details
Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2
Apple Speeds iPhone Security Patches to Counter AI-Driven Hacking Threats
Apple’s AirDrop and Android’s Quick Share vulnerable: nearby hackers initiate connection, crash devices, or worse
Apple's iPhone 18 Pro Files Leaked Online In Ransomware Attack
Apple's iPhone 18 Pro supplier data leaked after Tata Electronics data breach
Apple's Secret iPhone 18 Pro Files 'Stolen' in Massive Tata Data Breach as Dark Web Leak Sparks Global Alarm
Apple's Upcoming iPhone 18 Pro Details Leaked Online After Cyber Attack
AssuranceAmerica Suffers Third-Party Data Breach, Customer Data Exposed
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
Barracuda warns of Microsoft phishing and malware rise
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Blackfield seeks $2 million from Nidec after ransomware attack
BlueHammer Vulnerability Exploited in Ransomware Attacks
BumbleBee and AdaptixC2 Deliver Akira Ransomware Through Bing SEO Poisoning
Canada: Lawsuit filed in Alberta over data breach that affected almost three million voters
Canada: Proposed class-action lawsuit launched in Alberta over alleged elector data breach
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA Says Microsoft Defender BlueHammer Flaw Is Now Used in Ransomware Attacks
Class action filed in alleged Alberta data breach that exposed millions of voters’ private information
ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
Critical SimpleHelp Vulnerability Exploited For Malware Delivery
Cross Resource Group Data Breach Affects Current and Former Employees
Cybersecurity & Data Breach Statistics 2026: The Year Cybercrime Stopped Breaking In
Daktronics Controller Flaws Expose Highway Signs to Remote Hacking
Data Breach Scandal: Ernst & Young (EY) Employees Access Top Politician's Banking Details
Doxim Data Breach Settlement Underscores Third-Party Data Security Risk
Dutch regulator warns users are “pouring their hearts into chatbots” over data risks
Every search you make, it’s watching: this malicious Chrome extension captures AI query keystrokes
Exeter Finance Data Breach Compromises Financial Account Information
Fake Perplexity AI Chromium Extension Hijacks Browser Search via Typosquatted Domain
Fake Perplexity extension on Chrome Web Store tracked searches
FBI and Southampton County, Virginia, warns of phishing scam
Fly Phishing: How Business Aviation Can Fight AI-Supercharged Cybertheft
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
Hacked! Automotive giant Nissan discloses multi-country data breach
Hackers claim breach of 1-800-Dentist, threaten to leak health data of millions
Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing
Hackers say they have GameStop customers' personal data
Hackers Steal Data of 4.38 Million Aflac Japan Customers
Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware
Half the defense base still builds security around compliance
Home Office security warning for sponsors: phishing scams on the rise – is your SMS account secure?
How Hackers Just Dumped Apple’s Tightly Guarded iPhone 18 Pro Secrets on the Dark Web
How ransomware syndicates weaponize corporate-style organization
Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware criminal about law enforcement probe
India leads Asia-Pacific Ransomware Target List with 165% surge in attacks
India tops Asia-Pacific (APAC) ransomware target list
Insurance giant Aflac discloses data breach after subsidiary hack
iPhone 18 Pro photos 'leaked on dark web' after data breach involving 20,000 files
iPhone 18 Pro Supplier Details, Photos Leaked After Tata Electronics Data Breach
iPhone 18 Pro supplier list and photos leaked following Tata Electronics ransomware breach
iPhone Security Fixes May Arrive Sooner as AI Speeds Up Threats
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails
Kaspersky Warns of The Gentlemen Ransomware Group Expanding Operations with New Malware
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Malicious PyPI packages give hackers control of Telegram bot servers
Meta Adds WhatsApp Usernames: Here’s What You Need to Know
Microsoft accelerates quantum-safe roadmap as risks grow
Microsoft adds smarter bot protection to Teams meetings
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Midland Care Connection Data Breach Exposes Social Security Numbers
Montenegro Detains Islamic Revolutionary Guard Corps (IRGC)-Linked Hacker Behind $3.4 Billion US University Breach
New BioShocking attack manipulates AI browser into data theft
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs
Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks
Nissan Confirms Employee Data Breach After Oracle PeopleSoft Zero-Day Attack
Nissan data breach: ShinyHunters-linked attack may expose staff records
Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day
Nissan Employee Data Breached in Oracle PeopleSoft Hack
Nissan the latest victim in Oracle’s PeopleSoft attack: sensitive data stolen
Nissan Traces Data Breach to PeopleSoft Zero-Day Exploit
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Over 300 UK Firms Hit by Ransomware in a Year
Pakistan: Massive Ransomware Attack Hits Capital Development Authority (CDA) Billing System
Park Dental Research Data Breach Exposes Social Security Numbers
Peruzzi Buick GMC Data Breach Exposes SSNs and Driver's Licenses
Phishing-resistant authentication can prevent tax-time fraud
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
Ransomware gangs exploit Microsoft Defender's BlueHammer vulnerability
Ransomware Is About Leverage: Return on Risk Takes It Away
Recently acquired radiology group reports data breach
River Bank & Trust Data Breach Potentially Exposes PII
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
Scotland: Cops prepare for Commonwealth Games cyber attack as fears mount over ticket fraud
Security Organizations Reveal Threat Management Fails to Match Visibility
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
SonicWall: NHS hospitals hit by 10x cyber attack surge
South Korea: 22 Arrested for Laundering 41.5 Billion Won in Fraud, Voice Phishing Proceeds
South Korea: Suspicious Accounts Used in New Phishing Scams Like No-Show Fraud to Be Immediately Blocked...Up to 60 Additional Business Days of Suspension
South Korea expands account freezes beyond voice phishing to cover new fraud schemes
SystemBC Malware Turns Windows Machines Into SOCKS5 Proxies for Ransomware Attacks
Tata data breach exposes iPhone 18 Pro supplier details, prototype images
Tata Electronics Data Breach Leaks Apple iPhone 18 Pro Secrets
Texas Hearing Institute Data Breach: PHI and PII Exposed
Texas Parks Data Breach Exposes Over 3 Million Hunters and Anglers
The Gentlemen RaaS Uses New Ransomware Variant, Backdoor, Encryption
The Gentlemen Ransomware: 483 Victims, 90% Cut
The National Association of Insurance Commissioners (NAIC) Data Breach: A Turning Point for Data Collection and Privacy in the Insurance Industry
The Readiness Gap: What Wimbledon Reveals About Modern Cyber Defense
Thousands of Washington state residents affected in data breach by former Department of Social and Health Services (DSHS) employee
Trenitalia cyber attack exposes sensitive customer data
Trump drops restrictions on Anthropic’s Mythos and Fable models
UK: Barnham family left horrified after Home Office data breach
UK: Businesses warned as over 300 ransomware attacks reported last year
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
Ukraine Makes History With First $8.3 Million Seized Crypto Transfer to Asset Recovery and Management Agency (ARMA)
US offers $10 Million reward over Signal attacks on NATO officials
Vulnerability reports are arriving faster than GitHub can review them
Washington State Department of Social and Health Services (DSHS) investigating data breach involving former employee
What the Numbers Say About FIFA 2026 Cyber Risk
29th June
2.7 Million Sysco Emails Leaked Following ShinyHunters Data Breach
212 New Venezuela Earthquake Domains Prompt Donation Scam Warnings
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
A Data Breach Rarely Ends with the Breach Itself - Leaked Data Is Used in Travel and Ticket Scams During the Summer
Agentic AI Has an Identity Problem and Attackers Know It
AI Will Test Identity Infrastructure, Organizations Need More Prep
AI-Driven Identity Attacks Are Surging
Apple supplier Tata tightens internal controls post-data breach
ATM Jackpotting Gang Members Sentenced for Ploutus Malware Attacks
Australia: NSW Rural Fire Service admits security incident
Bluekit Phishing Kit Uses Browser-in-the-Middle Attacks to Evade Detection
Bradford Health Services settles class action lawsuit over 2023 data breach
Cambridge University Hospitals (CUH) Trust refers itself to regulator over data breach
Can generative AI be an ally in rooting out ransomware threats?
Canadian hacker sentenced for Texas Republican Party website defacement
Companies keep bolting AI onto their products, and the security bill is coming due
Copying the wrong person on an email could be considered a data breach in South Africa
Couple jailed over ‘worst ever’ Transport for London (TfL) data breach and £650k fraud
Critical SimpleHelp flaw exploited to deploy new stealer malware
Cyber insurance is delivering meaningful financial protection, with a majority of data breach and first-party losses covered according to Willis’ latest report
Cybersecurity for Food Companies: How to Prepare for Ransomware, AI Threats, and Supply Chain Disruptions
Danish official warns data stored on US cloud is shared with American spies
Dark Web Breach Exposes Secret Apple Supplier Data
DCloud Uni-App Scam Network Powers RainbowEx-Style Crypto Fraud and WhatsApp Phishing
DCloud Uni-App Templates Help Fraudsters Scale Crypto, Mobility, and Messaging Phishing Scams
Dell Wyse Management Suite Flaws Let Remote Attackers Execute Code
DentaQuest data breach class action filed over ShinyHunters cyberattack
Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year
European Data Protection Board (EDPB) Adopts Common Data Breach Notification Template
EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses
ExtraHop report finds nearly half of ransomware victims suffer data theft before detection
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets - this is how to secure your account
FBI, CISA Issue Alert on Russian Phishing Campaign Targeting Messaging App Users
FoxTrot Data Breach Compromises Social Security Numbers
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Germany discloses data over “silent SMS” use for surveillance
Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA
Ghostwriter Phishing Infrastructure Targets Gmail and Ukrainian Email Portal Users
GIFTEDCROOK Payload Targets Chrome, Firefox, KeePass, OpenVPN, and Sensitive Documents
Global Cybersecurity Firms Warn of Rising AI-Powered Phishing Attacks
Government Website in India Taken Offline After Defacement Attack
Hackers claim 110 Million Notion records exposed, but the company’s AI assistant is not concerned
Hackers claiming leak of 310 million Temu accounts: here's what we know
Hackers now exploit critical Oracle E-Business flaw in attacks
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
In major privacy win, Supreme Court rules geofence warrants are protected by privacy rights
India: Pune Property Tax Data Breach Sparks Alarm
India’s Meerut Development Authority Website Defaced With Pro-Pakistan Messages
Indian auto giant Bajaj targeted in ransomware attack
iPhone 18 Pro ‘drop test’ images, parts list included in ransomware leak
iPhone 18 Pro Supplier List, Parts, and Photos Leaked in Tata Ransomware Attack
Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says
Japan Hit By Major Data Breach: Up to 14.22 Million Email Login Credentials Potentially Exposed
Japanese AI police chief takes on $2 billion scam epidemic
Japanese Telecom Giant Says Breach May Expose 14.2 Million Email Accounts
JSP webshells being dropped on unpatched PTC Windchill instances
Justices rule that cellphone location histories are protected by the Fourth Amendment
KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs
KDDI Data Breach Exposes 14 Million Emails in Japan
KDDI Data Breach Exposes 14.2 Million Logins: Shared Infrastructure Flaw Hits Six ISPs
KDDI Data Breach May Expose 14.2 Million Email Accounts
KDDI discloses data breach affecting up to 14.2 million customers
LAPSUS$ targeted Myanmar's AYA Bank, stole 120GB of banking data
London Hydro offers credit monitoring after data breach
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
MCBS Data Breach Compromises PII and PHI Data
Microsoft 365 Apps Security Update Fixes High-Severity Excel RCE Vulnerability
Microsoft extends Windows Server 2022 hotpatching until October 2027
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft Removes Over 100 StegoAd Edge Extensions Hiding Malware via Steganography
Microsoft reveals phishing campaign targeting hotels in Europe and Asia
Millenium RAT Malware-as-a-Service (MaaS) Uses Telegram Bot API to Control Infected Windows Machines
Most teams accept higher risk for faster AI database work
Mozilla warns of indirect prompt injection risk in AI coding agents
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
National Association of Insurance Commissioners (NAIC) says public data stolen in ShinyHunters' PeopleSoft breach
Nissan discloses employee data breach linked to Oracle zero-day attacks
North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis
Northern Technologies International Corporation (NTIC) Data Breach: Social Security Numbers Exposed
Nova ransomware group takes responsibility for NSW Rural Fire Service (RFS) hack
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
Operation Endgame Disrupts SocGholish, StealC Malware Networks
Over 14 million login credentials leaked from six ISPs in major data breach - here’s what we know
Phishing and ransomware - 10 ways to stop phishing-based ransomware attacks
Photo-themed phishing campaign targets European and Asian hotels with Node.js implant
Polymarket Users Lose $3.1 Million in Phishing Attack as 1,891 ETH Moves to Fresh Wallets
Public Proof-of-Concept (PoC) Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
Ransom should not be paid say Law Enforcement Agencies
Ransomware groups are coming for law firms
Ransomware hits European suppliers as attacks surge 55%
Rokarolla Uses Fallback C2 Domains to Maintain Control Over Infected Android Devices
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Russian spies are targeting Signal accounts linked to Ukraine with new phishing tactic
Russian state hackers stealing new Signal accounts with old backup keys, FBI warns
Sender Policy Framework (SPF) checker guide: How to protect your domain from phishing attacks
South Korea: Golfzon Data Breach Victims Launch Class-Action Lawsuit
Tata breach exposes Apple iPhone 18 Pro parts, supplier lists, and images, sources say
Tata Ransomware Breach Exposes iPhone 18 Pro Supplier Data and Device Photos
Texas data breach hits 3 Million license customers
The Hacker’s 2026 Playbook from the Dark Web
The Machine Identity Era Has Already Started
Tower Administrative Services discloses data breach exposing SSNs and financial information
Trump White House Dips Toes Into AI Cybersecurity Regulation by Executive Order
Taiwan digital ministry admits failures over cyber institute data breach
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
The Gentlemen are knocking: сustom backdoors and evolving tactics
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
U.S. Targets Russian Cyber Spies With $10 Million Bounty Over Messaging App Attacks
UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection
UK businesses fear stigma of ransomware
UK data watchdog fines consultancy firm £300K for flooding people with millions of illegal texts
Ukraine to use seized crypto from cybercrime group to buy war bonds
Ukraine transfers $8.3 million in seized hacker crypto to state wallet, plans military bond purchase
UNC1151 Ghostwriter Hackers Target Belarusian Politician in Gmail Phishing Campaign
UNC5792: $10 million reward for information on Russian hackers
Update Chrome Now: Google Fixes 18 Security Flaws, Including Critical Bugs
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp
Wabi Sabi Behavioral Health Center Data Breach Exposes SSNs
Wales: Publication of pictures of medical files on social media prompts data breach inquiry
Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp rolls out usernames to help users hide their phone number
Why Insider Threats Deserve a Spot at the Top of Your Risk List
Women's Center for Radiology Data Breach Compromises Personal and Health Information
Women's Wellness of Delaware Data Breach Impacts Aesthetic and Clinical Service Patients
Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 15th June and 21st June 2026, kindly assisted by our partners.
