Significant Cyber Incidents
Major breaches, ransomware attacks, and nation-state operations affecting businesses worldwide. Sourced from Cyber Scoop, The Record, SecurityWeek, DataBreaches.net and more.
Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity
DC, United States, 23rd June 2026, CyberNewswire…
Five Eyes agencies sound alarm about AI’s threat to cybersecurity
"The timeline is not years, it is months,” the nations of the Five Eyes intelligence alliance said in a joint alert about the cybersecurity concerns of artificial intelligence.…
“The Timeline Is Months, Not Years”: Five Eyes Warns of AI-Powered Cyberattacks
MITSloan reports: The intelligence alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, commonly known as Five Eyes, has raised concerns over rapidly advancing artificial intelligence, which…
Justice Department seizes infrastructure used by cyber scam and criminal marketplace
lso Tuesday, the Treasury Department took action against the same Cambodian company, Huione Group, and affiliates. The post Justice Department seizes infrastructure used by cyber scam and criminal marketplace appeared fi…
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen……
Feds seize alleged cyber-scam infrastructure connected to Southeast Asian company
The Department of Justice announced the “seizure of a cloud computing account” used by subsidiaries of the Huione Group, a conglomerate severed from the U.S. financial system last year.…
Dragos Unveils AI for OT Security
Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset. The post Dragos Unveils AI for OT Security appeared first on SecurityWeek .…
Trump directs federal agencies to protect US data from quantum threats
An executive order signed Monday aims to accelerate the government's transition to post-quantum cryptography (PQC), a new generation of encryption designed to protect data from the powerful quantum computers expected in …
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.…
The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism
AI has changed academic fraud. It now creates original-looking work, fake sources, and hidden misconduct that schools must learn to detect.…
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs. The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appe…
Compromise kids online safety bill unveiled by House leaders, with key omission
The so-called duty of care provision that was excluded would have mandated that online platforms take reasonable measures to prevent specific harms such as suicidal ideation, eating disorders and cyberbullying by changin…
Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT…
Algerian man charged with running two cybercrime marketplaces
Abdellah Belmili allegedly ran two black-market websites selling stolen financial credentials and custom-built phishing kits targeting major American banks, federal prosecutors say. The post Algerian man charged with run…
OpenAI Expands Daybreak to Help Defenders Patch Flaws
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws…
Trump Issues Executive Order to Fast-Track Post-Quantum Migration
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order…
Two Scattered Spider members plead guilty over cyberattack that crippled London transit
A 20-year-old and an 18-year-old admitted to infiltrating the network of Transport for London in 2024, disrupting public transportation services for months.…
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25. The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy De…
GTA 6 Scams Emerge as Pre-Orders Open
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments…
CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct
Carl Froggett combines CISO and CIO. He currently occupies both positions at Deep Instinct. Before then, he was CISO at Citi for almost 17 years. The post CISO Conversations: Carl Froggett – Combining CISO and CIO at Dee…
Cybersecurity Incidents: The Problem Isn’t Just Who Attacks
Over on SuspectFile, Marco A. De Felice reflects on how we may overfocus on identifying threat actors exploiting vulnerabilities while failing to focus enough on root causes and incident response. He highlights what he c…
Algerian Man Extradited to US for Running Cybercrime Marketplaces
26-year-old Abdellah Belmili faces up to 30 years in prison for allegedly operating the marketplaces Market0Day and Spoxy. The post Algerian Man Extradited to US for Running Cybercrime Marketplaces appeared first on Secu…
New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto
Microsoft researchers warn of a new dual-action cryptocurrency clipper (CryptoBandits Malware) spreading through USB devices to alter wallet addresses and steal crypto assets.…
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first o…
The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027
Learn how AI, deepfakes, synthetic identities and fraud-as-a-service may reshape iGaming risk, and what security teams can do to detect future threats in 2027.…
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships. The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek .…
Russian Initial Access Broker Behind FortiBleed Campaign
Using a custom sniffer, the threat actor has captured over 110 million credentials since at least February 2026. The post Russian Initial Access Broker Behind FortiBleed Campaign appeared first on SecurityWeek .…
2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack
Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.…
Scattered Spider Teens Convicted of TfL Cyber-Attack
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot…
Canadian Electricity Provider London Hydro Discloses Data Breach
Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discloses Data Breach appeared first on SecurityWeek .…
Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031. The post Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration appeared…
Five Eyes Group Issues Urgent Call to Tackle Frontier AI Threats
The Five Eyes Alliance has published a rare call to action for organizations facing AI threats…
Court rules SAVE database illegal, orders it dismantled
A judge said the administration’s database violates the Privacy Act, the Social Security Act and the Administrative Procedures Act. The post Court rules SAVE database illegal, orders it dismantled appeared first on Cyber…
Trump executive orders speed up post-quantum migration, boost industry
The orders accelerate the federal government’s transition to post-quantum encryption and will boost the domestic quantum computing industry. The post Trump executive orders speed up post-quantum migration, boost industry…
Two men, believed to part of Scattered Spiders, plead guilty over £39m TfL cyber attack
Two members of Scattered Spider, who were arrested in 2024 and 2025, have reportedly changed their pleas to guilty just before their trials were set to begin. Victoria Collins reports: Two men have pleaded guilty to offe…
Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.…
Xsolis breach affected 1,396,519 of its clients’ patients
Xsolis, Inc. is a business associate in the healthcare sector, providing utilization and case management services. They describe themselves as applying “industry-leading AI and automation to ensure appropriate care…
Intel agencies: Frontier AI models will reshape cybersecurity faster than expected
The joint warning from Five Eyes countries mirrors what many cybersecurity and AI experts have been saying for the past year. The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected ap…
Cherry Health provides preliminary notice of recent data breach
On April 19, 2026, Cherry Health in Michigan detected suspicious network activity. Investigation revealed that an unknown person or persons had gained access to its network and copied data. On June 18, Cherry Health publ…
GentleKiller Framework Disables Victims' Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates…
Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices…
Brazil’s Civil Defense suffers a cyberattack on its official alert network
This is the kind of cyberattack that can put lives at risk and makes me want to wring some necks if I wasn’t so old and feeble. Demócrata reports: Brazil’s Civil Defense has reported this Saturday that its of…
Two Data Breaches Didn’t Sink Novo Nordisk’s Stock. Why Not?
June was a challenging month for Novo Nordisk regarding cybersecurity and intellectual property protection. The pharma giant allegedly had some of its data — including intellectual property — stolen by two in…
Klue OAuth breach victim list grows as Icarus hackers claim attack
Lawrence Abrams reports: Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, a…
Global Schools Group Obtained Two Court Injunctions That Didn’t Seem to Change Much—and Might Backfire (1)
Following a major data security incident involving sensitive student and parent information, Global Schools Group sought court injunctions prohibiting the publication of data acquired by FulcrumSec. They obtained the inj…
Bombay High Court Blocks FulcrumSec Data Leak (3)
Another day, another injunction. When DataBreaches read the news headline, our first thought was that this was an injunction sought by Global Schools Group. Our first impression was correct, but it took a reminder from F…
Authorities disrupt Evil Corp’s SocGholish botnet
Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware. The post Authorities disrupt Evil Corp’s SocGholish botnet appeared first on Cy…
Congress tees up No FAKES Act, aiming at AI-generated deepfakes
While preventing third parties from profiting off unauthorized deepfakes of artists and performers is a bipartisan concern, some business and digital rights groups are opposed. The post Congress tees up No FAKES Act, aim…
How software development’s speed obsession enabled TeamPCP’s chaos crusade
The threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. The post How software development’s speed obsessi…
Accenture shells out $4.18B on three companies in big industrial cybersecurity push
The consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify. The…
Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April
Multiple firms have observed active exploitation of the FortiSandbox defects, and warn that the attacks originate from multiple sources, not a single campaign. The post Attackers hit pair of critical Fortinet vulnerabili…