Cyber Threat Intel

Cyber Threat Intel · Jun 24 Daily Digest

CISA Patching Deadlines

• ⚡ Cisco SD-WAN Zero-Day: CISA deadline arrives today for federal agencies to...

Supply Chain Data Leaks

• 🔥 Tata Electronics Breach: World Leaks ransomware group posted over 200,000 files totaling 630GB from Tata Electronics,...

Confirmed Breaches

• 🔥 Kodak: Kodak confirmed a data breach after ShinyHunters claimed theft of over 2.2 million customer records.
• Yum Brands:...

ShinyHunters continues its extortion spree against major organizations.

• Kodak breach confirmed: Limited data accessed after group claims theft
• One...

The FortiBleed leak has exposed VPN credentials for 73,932 Fortinet and FortiGate firewalls, creating major exposure risks for affected organizations.

Organizations are patching vulnerabilities faster than ever before, yet cyber risk continues to increase. This exposes a widening gap where speed alone cannot close exposure windows in vulnerability management.

F5 released out-of-band NGINX patches to fix critical vulnerabilities CVE-2026-42530 and CVE-2026-42055 affecting HTTP/3 and HTTP/2. Users should apply these updates immediately to address the security risks.

Iran-linked Handala claims to have breached California Water Service (Cal Water), dumping 5GB of stolen data from this critical US infrastructure. The incident underscores growing state-sponsored risks to water utilities.

A patient whose personal data leaked in the HCRG Care Group hack is "fuming" at the total lack of communication from the provider, underscoring the real frustration patients face when healthcare breaches leave them in the dark.

CryptoBandits spreads like a worm through USB drives, swapping clipboard wallet addresses while hiding behind a portable Tor client for C2.

-...

• Credibility gaps: Handala's proof video was disputed by SITE as December 2024 footage from a software firm, not FBI drones.
• World Cup threat:...

A hardware flaw in the USB controller of A12/A13 chips creates a permanent BootROM vulnerability in 2018-2020 iPhones and other devices.

• Technical...

Ransomware operators are accelerating attacks on fresh targets while standardizing advanced evasion methods.

• qilin struck Makel Companies Group in...

QR code scams redirect payments and steal data in seconds through public placements.

• Attackers control destinations while mimicking trusted services...

Multiple high-severity vulnerabilities emerged in recent hours, underscoring urgent patching needs.

• Oracle JD Edwards CVE-2026-46880 scores 9.8,...

A clear trend is emerging in large-scale US data breaches: attackers increasingly exploit third-party vendors and zero-day flaws to hit healthcare and...

The White House and Anthropic are pivoting from export controls on Fable 5 and Mythos 5 over jailbreak flaws to building standardized benchmarks that...

Ransomware operators rely on standard notes that alert victims to encryption and push them to contact attackers for recovery steps.

ShinyHunters claims it stole 8.8TB of data from Amazon's One Medical, raising fears over exposure of sensitive healthcare and patient records.

A staggering 24 billion records from 36 sources were found in an Elasticsearch database, many originating from prior breaches, Telegram leaks, and infostealer logs.