Cyber Threat Intelligence

Oracle patches PeopleSoft zero-day amid ShinyHunters claims; OceanLotus targets Vietnam investors; OnyxC2 stealer emerges; CISA issues new patch directive.

Check Point VPN zero-day fuels Qilin; AI weaponizes N-days in hours; Shai-Hulud hits 100+ packages; NSA and Coinbase claimed; 123 events.

189 incidents logged June 8, including 79 alleged breaches and leaks. Hacktivists swarmed Israel as actor LauraAllen claimed hits on Coinbase and Nissan.

158 claimed incidents on June 7: 72 data breaches and 10 leaks, with NoName057(16) leading a DDoS and defacement wave on Italy, the US and the Gulf.

192 events; Dumpdump claims Proximus, Wehkamp; ShinyHunters claims AT&T; BABAYO EROR SYSTEM targets 22 government sites; Cisco SD-WAN CVE exploited.

177 threat intelligence events on June 5: Dark Storm Team launches coordinated DDoS against Israeli government infrastructure; PAN-OS CVE-2026-0257 authentication bypass under active exploitation; Qilin ransomware hits 9 targets across 6 countries; DieNet disrupts Dutch public services.

Actor Aquahack claims 63 breaches across 20+ countries including Belgian government identity registry and German payment platform Giropay; elazo2 sweeps 4

Actor elazo2 claims six bank breaches across Chile and Bulgaria; Beregini alleges a Ukraine General Staff leak; HTTP/2 Bomb DoS downs major web servers.

NoName057(16) led 15 DDoS claims as 51 alleged breaches hit the US, Italy and Indonesia, while a worm tainted 32 Red Hat npm packages.

pol4rity breaches Ukraine's Supreme Court and other state bodies; Rupert hits 20 targets worldwide as critical Windows and Linux flaws are exploited.

Skull1172 claims breaches of a dozen-plus Colombian state bodies as the country votes, while Indonesian government sites are hit, among 137 daily events.

OpsShadowStrike claims breaches at two Michigan universities and US banks; NoName057(16) floods Italian sites; PAN-OS bug CVE-2026-0257 actively exploited.

Rupert and Moelester drove nearly half of 64 alleged breach and leak claims, from Home Depot Canada to Argentine courts, as a Gogs RCE zero-day landed.

Carnival confirmed 6M records exposed; threat actors revived a critical FortiClient EMS flaw; a Gitea bug exposed 30K deployments to container pulls.

Databasehooligan drove 36 of 148 tracked incidents in a global data-sale spree, while CrowdStrike disrupted GlassWorm and AI coding-agent attacks spread.

A 178-incident day: NoName057(16) drives DDoS while alleged breaches hit NASA, Santander, Ukraine's defense ministry and Indonesian government bodies.

Databasehooligan claimed 27 breaches across Europe and the Americas as a Ghost CMS flaw (CVE-2026-26980) was exploited to hijack 700+ sites.

Scattered LAPSUS$ Hunters claims database sales targeting NATO RTA, UK Government, US Navy, NASA Glenn, Spain MoD and 17 more in a single spree.

NoName057(16) led 14 listings, Lazarus leaked Westminster International University in Tashkent, and Drupal Core SQLi plus Laravel-Lang join CISA KEV.

Unit 42 maps Iranian APT Screening Serpens; FBI arrests Canadian KimWolf DDoS operator behind 1M+ devices; 60 breach claims include BMW AG and FSB.

LAPSUS-GROUP claims a GitHub data sale; The BlackH4t MD-Ghost names NATO; NoName057(16) hits Ukraine with 11 DDoS; 32 of 120 events are data-breach claims.

GitHub confirms internal repo theft via VS Code extension; Microsoft disrupts Fox Tempest signing service; 53 critical data exposure events hit US, France, India.

Exchange Markets claims breaches at Qatar, Kuwait financial entities. Microsoft disrupts Fox Tempest malware-signing service. Drupal warns of critical patch. JAX7 targets Indonesian govt data.

159 events tracked; 48 critical exposures. Qilin, NoName057(16) active. India, US, Indonesia top victims. Healthcare, telecom, government sectors hit. Supply chain threats escalate.

47 critical data exposures logged, with Kazu targeting health and government sectors globally. NGINX CVE-2026-42945 exploited in the wild. Grafana GitHub token breach disclosed.

165 events tracked; 66 critical exposures. Qilin, LockBit active. Multiple government, telecom, and education breaches reported globally.

UNC6671's BlackFile brand goes dark amid ongoing vishing extortion campaigns. Cisco SD-WAN zero-day CVE-2026-20182 exploited in the wild. Major breaches hit Coinbase, Eli Lilly, and U.S. Department of

Qilin, Pharaoh's Team drive 197 events; Foxconn confirms ransomware; Ghostwriter targets Ukraine; critical data exposures hit India, France, Chile.

Microsoft patches 138 flaws including zero-click Outlook bug; AI tools find 16 vulns. Breaches hit Egypt Education, Indonesia BNI, US govt agencies. UK reforms cybercrime law.

Instructure pays ShinyHunters for 3.65TB Canvas data; Mini Shai-Hulud npm wave hits TanStack, Mistral AI, UiPath; 56 alleged breach/leak claims.