Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.



Monday, 13 July 2026

Data Breaches Digest - Week 29 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th July and 19th July 2026.


13th July

99.9% of fixable AI vulnerabilities remain unpatched

A zeroed signature let a hacker drain nine million dollars from Hedera's biggest lender

Cyber incidents - a 'litmus test' of a company’s management capability

European Parliament Revives Controversial Chat Scanning Law

Fiji: Phishing attack surge

GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets

Hong Kong: Securities and Futures Commission (SFC) Mandates Phishing-Resistant Authentication Methods for Internet Brokers and Virtual Asset Trading Platforms (VATPs) to Protect Client Accounts

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials

Lidl customers' bank details at risk after third-party security failure

Prolific hacker 2019 selling alleged HotToner Australia customer data online

Ransomware Targets 2.74% Of Malaysian Firms In 1Q26

RokRAT Malware Hides Behind Academic Event PDFs and Cloud Storage Links

Ryuk ransomware operator pleads guilty in $15 Million bitcoin extortion

South Korea Military Faces Highest Cyberattack Volume Since 2021

Vermont: Funds recovered in recycling-related phishing scam

Why Software Bill of Materials (SBOMs), signing, and provenance still don’t tell you if software is safe

Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims