Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th July and 19th July 2026.13th July
99.9% of fixable AI vulnerabilities remain unpatched
A zeroed signature let a hacker drain nine million dollars from Hedera's biggest lender
Cyber incidents - a 'litmus test' of a company’s management capability
European Parliament Revives Controversial Chat Scanning Law
Fiji: Phishing attack surge
GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets
Hong Kong: Securities and Futures Commission (SFC) Mandates Phishing-Resistant Authentication Methods for Internet Brokers and Virtual Asset Trading Platforms (VATPs) to Protect Client Accounts
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials
Lidl customers' bank details at risk after third-party security failure
Prolific hacker 2019 selling alleged HotToner Australia customer data online
Ransomware Targets 2.74% Of Malaysian Firms In 1Q26
RokRAT Malware Hides Behind Academic Event PDFs and Cloud Storage Links
Ryuk ransomware operator pleads guilty in $15 Million bitcoin extortion
South Korea Military Faces Highest Cyberattack Volume Since 2021
Vermont: Funds recovered in recycling-related phishing scam
Why Software Bill of Materials (SBOMs), signing, and provenance still don’t tell you if software is safe
Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims
Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and