Significant Cyber Incidents
Major breaches, ransomware attacks, and nation-state operations affecting businesses worldwide. Sourced from Cyber Scoop, The Record, SecurityWeek, DataBreaches.net and more.
CISA Details Incident Response to Exposed AWS GovCloud Keys
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository…
Microsoft Warns New 'GigaWiper' Malware Combines Espionage and Destructive Capabilities
A new multi-purpose backdoor allows cyber threat actors to conduct both quiet espionage activity and destructive wiping operations…
In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops
Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO. The post In Other News: DHS Database Hacked, Ad…
Anthropic and OpenAI Security Tools Could Fuel Cyber-Attacks, Researchers Warn
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could backfire…
China, India ran separate spying campaigns against same Pakistani police force
The activity, in some cases breaching the exact same systems, ran between February 2024 and April 2026 and centered on the force responsible for the country’s southwestern province that has been the site of a long-runnin…
Cybersecurity Negotiator Gets 70 Months for Helping BlackCat Extort Victims
Former ransomware negotiator Angelo Martino gets 70 months in prison for helping BlackCat extort US victims and misuse confidential client data in cyberattacks.…
New Ransomware Exploits Malicious Driver to Remove Cybersecurity Protections
GodDamn ransomware uses remote desktop application to secretly move around networks and drop the malicious PoisonX kernel driver…
Third US Security Expert Sentenced to Prison for Helping Ransomware Gang
Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group. The post Third US Security Expert Sentenced to Prison for Helping Ransomware Gang appeared first on Securit…
China, India-Linked Hackers Both Targeted Same Pakistani Police Force
Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne. The post China, India-Linked Hackers Both Targeted Same Pakistani Police Force appeared first …
Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers
The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages. The post Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers appeared first on SecurityWeek .…
Microsoft Warns of Increase in Number of Security Updates
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs…
FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform
London, United Kingdom, 10th July 2026, CyberNewswire…
GigaWiper Combines Multiple Malware for System-Level Sabotage
The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on Securit…
NHS Warns Staff Over Unauthorized Access to Patient Data
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records…
‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism
Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution. The post ‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism app…
Network of 200 GitHub Repositories Used for Malware Infection
A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek…
Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail
Angelo Martino exploited his insider position and fed confidential information to ransomware co-conspirators to extort a combined $75.3 million from five U.S.-based victims. The post Former DigitalMint ransomware negotia…
Dutch police trace Odido telco cyberattack to suspected local accomplice
Dutch police said Thursday they had uncovered evidence suggesting that Dutch criminals were involved in the cyberattack on telecom provider Odido that exposed the personal data of more than 6 million customers earlier th…
Microsoft Warns of GigaWiper Backdoor Built to Destroy Windows PCs
Microsoft details GigaWiper, a destructive Windows backdoor that can wipe disks, encrypt files and give attackers remote access to compromised systems globally.…
Interpol cybercrime crackdown nets 5,800 arrests across 97 countries
The anti-fraud crackdown, dubbed Operation First Light, identified more than 142,000 victims of various social-engineering scams. The post Interpol cybercrime crackdown nets 5,800 arrests across 97 countries appeared fir…
AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining
Darktrace says a LiteLLM AI gateway linked to Amazon Bedrock was compromised for cryptomining after signs of exposed SSH activity.…
QIZ Security Raises $17 Million for Cryptographic Governance Platform
The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform. The post QIZ Security Raises $17 Million for Cryptographic Governance Platform appeared first on SecurityWeek .…
764 splinter group leader sentenced to 40 years in jail
Alexis Chavez coerced multiple girls to commit self harm and produce child sexual abuse material for notoriety in a sprawling violent extremist collective affiliated with the Com. The post 764 splinter group leader sente…
Latvian forestry company still restoring systems weeks after ransomware attack
A foreign, financially motivated group was responsible for a cyberattack on state-owned forestry company Latvijas Valsts Mezi (LVM), officials said.…
UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge
Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK. The post UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge appear…
Vibe-Coded Malware Caught in Active Directory Attack
Huntress found a threat actor using vibe-coded PowerShell to map an Active Directory network…
Palo Alto Networks Patches 13 Vulnerabilities
Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on Securi…
NSA revives 'Tailored Access Operations' name for elite hacking unit
NSA last week changed the moniker of its Office of Computer Network Operations (CNO) back to Tailored Access Operations (TAO), a name that is sure to elicit nostalgia among the broader digital community for a group with …
EU takes member states to court over unimplemented cybersecurity law
Ireland, Spain, France and the Netherlands are more than 20 months late in transposing the NIS2 Directive for the cybersecurity of critical infrastructure.…
75% CISOs Fear Executives Don’t Understand Cybersecurity Risks Employees Face
Survey of cybersecurity leaders by MetaCompliance finds that many feel boards are uninterested in ever-evolving cyber risks…
GhostApproval Flaws Let Top AI Coding Tools Write Outside Workspaces
Wiz found GhostApproval symlink flaws in major AI coding assistants that could hide sensitive file targets, bypass approval checks and enable system access too.…
Two arrests this week in unrelated crimes involved Japanese teenagers using ChatGPT to assist in their crimes
The Japan Times reports: An 18-year-old man has been arrested for his suspected involvement in a cyberattack on the operator of the Kaikatsu Club internet cafe chain, according to investigative sources. On Wednesday, the…
Nayax investigating breach; The Syndicate claims it acquired 1 billion card records and other important data
Nayax is a global fintech company headquartered in Israel that provides cashless payment and management solutions for unattended retail and self-service machines. The firm is publicly traded on both the Tel Aviv and Nasd…
Iris Recognition vs Fingerprint: Which Biometric Wins in 2026?
Compare iris recognition and fingerprint biometrics in 2026, from accuracy and speed to security, privacy, and where each technology works best.…
Uniondale Union Free School District – Audit Follow-Up by New York State Comptroller (2023M-61-F)
In October 2023, NYS Comptroller Thomas DiNapoli released an IT audit of the Uniondale Union Free School District on Long Island. The purpose of the audit was to examine management of non-student user network controls. T…
DuckDuckGo Now Blocks Most YouTube Ads Right Inside Its Browser
DuckDuckGo's browser now blocks most YouTube ads by default on supported devices. Here's how it works, which platforms support it, and its limits.…
French nonprofit starts global intelligence and research hub for AI cyber threats
One of the project’s top goals is stitching together an international, quick response coalition of governments, businesses and civil experts for AI-related threats. The post French nonprofit starts global intelligence an…
Patients Sue Healthcare Corporations Over Data Breaches, Sharing of Personal Information
Mikeie Honda Reiland reports: A suite of recent class action lawsuits in state and federal courts seeks to hold large healthcare corporations accountable for exposing or leaking patients’ personally identifiable informat…
Why Bangladesh’s new data protection law may fail to protect your data
Meem Arafat Manab reports: On August 19, 2025, hackers broke into Shwapno’s customer database. They took 410 gigabytes of data: the names, phone numbers, and purchase histories of forty lakh registered customers. They de…
Armored Likho Hits Government, Energy Sectors With BusySnake Stealer
Kaspersky details how the newly named Armored Likho APT uses BusySnake Stealer, AI-generated loaders, and phishing to target government and energy organizations.…
Found fast, fixed slow: The gap the AI clearinghouse must close
The government's new AI clearinghouse risks becoming a committee that discovers more problems than it solves — unless it's designed around patching, not just scanning. The post Found fast, fixed slow: The gap the AI clea…
Washington Dept. of Social and Health Services announces massive data breach
KIRO7 reports: The Washington Department of Social and Health Services (DSHS) is issuing a notice of a massive data breach that happened in March, potentially compromising the personal data of around 8,600 people. An int…
Spain arrests suspected hacker linked to Russian hacktivist campaign
Authorities didn’t name the man or file formal charges, but accuse him of participating in attacks linked to Cyber Army of Russia Reborn and NoName. The post Spain arrests suspected hacker linked to Russian hacktivist ca…
Deepfake CSAM lawsuit against xAI, Grok expands
Two new alleged victims detailed how Grok was used by friends and family to generate sexual images of them as minors. The suit also adds Stability AI as a defendant. The post Deepfake CSAM lawsuit against xAI, Grok expan…
Bojangles sued again by workers over Russian hacker data breach. NC judge weighs in
Chase Jordan reports an update in the litigation stemming from a 2024 breach by Hunters International. This case has raised a number of issues about standing and negligence and has been up and down in the courts, with pl…
Jacksonville, Texas, keeps some city systems offline after cyber incident
DysruptionHub reports: Jacksonville, Texas, took some city systems offline after detecting suspicious network activity Friday, leaving some online services unavailable Monday as officials investigated a cybersecurity inc…
Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing. The post Suspected Chinese espionage group used a Roundcube exploit chain to burrow into u…
The “Anonymous” Tip System That Wasn’t: Three Months Later, Why Hasn’t Navigate360 Notified Anyone?
Trigger Warning: This post includes content from tips submitted to anonymous tiplines by or about students. While identity information is redacted, tips may include obscenities and explicit references to sexual abuse, ra…
US Army websites defaced with pro-Kurdish sentiments, insults to Trump
At least two websites appear to be victim to 404 hijacking attacks. Army officials took the sites down after being contacted by CyberScoop. The post US Army websites defaced with pro-Kurdish sentiments, insults to Trump …
Sysdig clocks first documented case of agentic ransomware
The AI agent didn’t accomplish every step in the late June 2026 attack, but it allowed the threat actor to significantly reduce complexity, speed up the tempo and gain operational advantages. The post Sysdig clocks first…
Alberta, Centurion Project sued over alleged data breach that affected millions of voters
Carrie Tait reports: A retired lawyer is suing Alberta, its Chief Electoral Officer and two organizations that support secession for their respective roles in an alleged data breach affecting 2.9 million residents in the…