Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.

Monday, 8 June 2026

Data Breaches Digest - Week 24 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 8th June and 14th June 2026.


8th June

52% of direct-to-IP threats are missing from intelligence feeds

BGF Networks Reports Personal Data Breach in CU Convenience Store Delivery Service

Check Point links VPN zero-day attacks to Qilin ransomware gang

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)

Cisco Warns of Active Exploitation of Catalyst SD-WAN Flaw With No Patch Available

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Cyber Attack Exposes Vulnerabilities as Hackers Target Kenyan Investment Platform

Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup

Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams

Everything in One Place: Best Practices for Keeping Mobile Devices Secure

Fake Stores and Phishing Campaigns Exploit 2026 FIFA World Cup Hype

Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent

Hackers Exploit 2026 FIFA World Cup With Phishing and Ticket Scams

Hackers Exploit Claude Code MCP to Steal OAuth Credentials

Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts

How Department of Science, Innovation and Technology (DSIT) Protects Thousands of UK Orgs from Cyber Vulnerabilities

India: Central Board of Secondary Education (CBSE) Re-Evaluation Portal Goes Live After Final Cybersecurity Clearance

India: IIT-Roorkee denies JEE Advanced data breach, calls report 'misleading'

Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?

Massachusetts votes to pass new privacy rights bill that bans sale of precise location data

Meta AI Bug Exposes Over 20,000 Instagram Accounts

Meta confirms critical vulnerability in account recovery tool exposed over 20K Instagram users

Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks

No backdoor shenanigans: Grindr denies data breach claims

OpenAI is locking down parts of ChatGPT to reduce data theft risks

OpenAI Unveils ChatGPT Account Security Controls

Over 20,000 Instagram accounts stolen in Meta AI support hack

Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit

Oxford University discloses data breach after careers platform hack

Password Reset Bug Leaked Instagram Emails and Phone Numbers

pfSense Firewall Compromised in VerdantBamboo Cyberattack Deploying BRICKSTORM

PhishByte warns spear phishing drives payment fraud losses

Prompt Injection Remains Unsolved, OWASP Researcher Warns

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)

Research says Phishing overtakes Dark Web as primary source of stolen Personal Information

Russia upgrades rules for its digital spy system to better track citizens online

Second theft: How scammers use a lost iPhone to steal your identity

Securing the AI-Driven Public Sector: Why Data Governance and Trust Must Come First

ShinyHunters dump 400K BCD Travel customers data online

Smart TV Apps Found Converting Samsung and LG Devices Into AI Proxy Nodes

South Korea: Police Launch Probe Into CU Convenience Store Parcel Data Breach

South Korea police probe CU parcel data breach, pursue hacker

Summer classes canceled at Evanston Township High School after ransomware attack

The hacking mastermind behind the 2026 FIFA World Cup

The Hidden Security Risks Behind Popular AI Tools

The New Face of Cybercrime: When the Criminal Isn’t the Hacker

Thousands of Essex NHS patient records taken in cyber attack

Thousands of NHS patient test results stolen in cyber attack

Two-Thirds of Open Source Community Unaware of Cyber Resilience Act

UNC3753 Targeted US Law Firms in Vishing Extortion Campaign, Possibly Used Physical Access

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Posted by at
Labels: