Dumpdump Leads 192-Event Day Hitting Telecom and Government

Summary

Two actors each posted 22 listings on June 6 -- Dumpdump running a dense batch of European and Latin American breach claims across telecom and financial targets, and BABAYO EROR SYSTEM extending a sustained campaign against Indonesian and Thai government sites. The more consequential external reporting sits in the vulnerability layer: an actively exploited Cisco SD-WAN Manager zero-day with no available patch and a supply chain worm touching 73 Microsoft GitHub repositories suggest that initial-access activity is compressing the window between disclosure and exploitation.

Today's developments

Dumpdump opened the day between 00:00 and 02:30 UTC with a tight batch of 22 breach claims. Noted listings include Proximus Group (Belgium, telecom), Andorra Telecom (Network & Telecommunications), Wehkamp Retail Group (Netherlands, e-commerce, one of the country's largest online retailers), University of Latvia (higher education), Banco Original (Brazil, financial services), Teamleader (Belgium, software development), the International Institute for Sustainable Development (Canada, think tank), QBD Books (Australia, retail), Mathon (France, e-commerce), SM-Clinic (Russia, healthcare), Naijapals (Nigeria, social media), and Bergfex GmbH (Austria, information services). The actor's pattern -- batch-uploaded, each with minimal write-up -- is consistent with aggregated resale of previously acquired data rather than fresh exploitation.

ShinyHunters posted a claim against AT&T (United States, Network & Telecommunications). The actor, linked historically to major breach disclosures in the US retail and financial sectors, alleged access to AT&T data without specifying scope in the forum post.

BABAYO EROR SYSTEM ran 22 events across the day, focused on Indonesian and Thai government administration websites. The Indonesia Ministry of Home Affairs (Kemendagri) appeared in the listings alongside local government entities. KNOK666X similarly targeted Indonesian public-sector systems -- including Kota Banjarmasin and SMPN 1 Sampit -- and MatxCysec claimed a breach against the Pemerintah Kota Tangerang Selatan (South Tangerang City government). The coordinated volume across three actors against the same country's public sector suggests either shared targeting lists or an organised operation.

0xulnar alleged a breach of Delta Air Lines customer records via a Portuguese-hosted access point, alongside AvaTrade (Ireland, financial services) and Dymocks (Australia, retail). LauraAllen claimed breaches of Trezor (Czech Republic, financial services) and the National Registry of Identification and Civil Status of Peru (government). gang named Iberdrola (Spain, energy) in a separate energy-sector listing. X Forum Bot posted a data leak claim against Electricite de France (energy). Xyph0rix claimed a data leak from the Egyptian Armed Forces (defense sector). V01 alleged a breach of Sistema SARHLIQ in Argentina (government administration). DBHunter named BancOppel (Mexico, banking).

NoName057(16) posted 11 DDoS claims; NXBB.SEC posted 20 events, also primarily DDoS-oriented, with Italian and Thai targets. Together they account for 31 of the day's 46 DDoS events. INC RANSOM listed 3 ransomware victims, keeping the day's ransomware count at 13 -- consistent with recent averages.

Industry reporting covered several significant vulnerability developments. Cisco's Catalyst SD-WAN Manager carries CVE-2026-20245, a flaw being actively exploited in the wild with no patch currently available -- a live zero-day-equivalent window for unmitigated deployments managing SD-WAN networks. A supply chain worm named Miasma compromised 73 Microsoft GitHub repositories, seeding malicious payloads into widely used open-source software packages. CISA extended its Known Exploited Vulnerabilities catalog to include the SolarWinds Serv-U denial-of-service flaw, expanding active-exploit classification to a widely deployed network file transfer product. Separately, an AI-assisted fuzzing process uncovered 21 zero-days in FFmpeg -- the media processing library embedded in thousands of applications -- while Google simultaneously patched a record 429 bugs in Chrome. Researchers also reported that free applications on smart TV platforms are silently proxying device network capacity for AI web-scraping pipelines without user knowledge or consent.

Threat landscape signals

Government administration was the most-targeted sector at 40 of 192 events, a concentration driven by the sustained Indonesian and Thai public-sector campaign from BABAYO EROR SYSTEM, KNOK666X, and NXBB.SEC. What distinguishes today is the parallel high-volume European and North American breach posting from Dumpdump and the ShinyHunters AT&T listing -- two distinct threat tiers running simultaneously rather than sequentially. The top three actors by volume (Dumpdump, BABAYO, NXBB.SEC) account for 64 of 192 events -- 33% -- a moderate concentration that leaves the remaining two-thirds distributed across more than two dozen other actors. The 13 initial-access listings correlate with the external reporting on Cisco SD-WAN and GitHub supply chain compromise; defenders running Catalyst SD-WAN Manager should treat CVE-2026-20245 as actively targeted until a vendor patch is released and apply compensating controls at the network perimeter.