US charges two over laundering $43 million from investment fraud

U.S. prosecutors have charged a man and a woman in New York for their involvement in a significant crime ring that laundered $43 million obtained through investment fraud scams. The charges stem from their alleged roles in facilitating the movement of illicit funds, which were derived from cyber-enabled investment schemes.

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two hackers associated with the Scattered Spider group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison each for their 2024 hack of Transport for London (TfL). The attack rendered 148 TfL systems inoperable and required all 27,000 employees to reset their passwords in person, resulting in significant losses and recovery costs for the transport authority.

23andMe to pay $18 million in new genetics data breach settlement

Genetic testing company 23andMe will pay $18 million to settle claims from 43 attorneys general. The settlement addresses allegations that the company failed to adequately protect customers' genetic data. This case highlights the importance of robust data security measures for companies handling sensitive personal information.

Scattered Spider members behind TfL hack get five years in prison

Two key members of the Scattered Spider cybercrime group have been sentenced to five years and six months in prison each. This sentencing stems from their involvement in the 2024 hack of Transport for London (TfL). The conviction highlights the legal consequences for individuals engaged in sophisticated cyberattacks.

Law firm insisted on one password to rule them all

A law firm reportedly used a single, shared administrative password for multiple systems, including its case management system. This practice allowed unauthorized access to sensitive client data, as any individual with the password could potentially view or alter confidential information.

Tech support scam caused massive data breach at Australian airline Qantas

A tech support scam led to a massive data breach at Australian airline Qantas, potentially exposing the personal information of 5.7 million people. The breach occurred due to the scam, although the airline claims the exposed data does not violate privacy rules.

Spanish Police take down €140 million cyber fraud ring, arrest four

Spanish police have dismantled a sophisticated cybercrime ring that defrauded victims out of €140 million through investment scams and business email compromise (BEC) attacks. Four individuals have been arrested as part of the operation, which also targeted money laundering activities associated with the illicit gains.

Japan's largest taxi operator shuts systems after cyberattack

Japan's largest taxi operator, Nihon Kotsu, has shut down parts of its systems following a cyberattack. The attack has disrupted the company's operations, though further details about the nature of the attack or the extent of the compromise have not yet been released.

Lessons Learned from CISA’s Recent GitHub Leak

CISA has released a postmortem on a data leak where a contractor inadvertently exposed internal credentials, including AWS Govcloud keys, on a public GitHub repository for nearly six months. KrebsOnSecurity was instrumental in bringing the issue to CISA's attention. The agency's identified response gaps offer valuable insights for all security teams.

Lidl discloses online shop breach after service provider hack

Lidl has informed customers in Germany, Belgium, and the Netherlands about a data breach that occurred at one of its service providers. Attackers gained access to the service provider's systems and consequently stole personal information belonging to Lidl customers.

Centers Laboratory Data Breach Affects 540,000 Individuals

Centers Laboratory, a healthcare testing and laboratory services provider, has experienced a data breach. The WorldLeaks extortion group claims to have stolen 720 GB of data, potentially impacting 540,000 individuals.

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Cybersecurity researchers have uncovered persistent cyber espionage campaigns targeting Pakistani law enforcement, with suspected China- and India-aligned threat actors exploiting the Balochistan Police portal. The attackers gained access to servers managing police and citizen data, including criminal records, between February 2024 and April 2026.

Cybercriminals Flock to Healthcare Businesses as Attacks Surge

Cyberattacks targeting healthcare service providers and related businesses have more than doubled in the first half of 2026, significantly outpacing the modest growth in attacks against hospitals and clinics. This surge indicates a shift in criminal focus within the healthcare sector.

Police suspects Dutch hackers were involved in Odido breach

The Dutch National Police has uncovered strong evidence suggesting that Dutch hackers were behind a data breach at telecommunications provider Odido that occurred in February. The investigation is ongoing as authorities seek to identify and apprehend the individuals responsible.

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

Several cybersecurity incidents and developments were highlighted, including a hack of a DHS database, Adobe's increased patch frequency, and Canadian efforts to disrupt ransomware operations. Additional news includes a lawsuit against Abnormal AI by Anthropic, a data breach affecting 7 million people at AssuranceAmerica, and the NSA reinstating its TAO.

12 Million Impacted by Data Breach at Japanese Telco KDDI

A data breach at Japanese telecommunications company KDDI has impacted approximately 12 million individuals. Hackers reportedly exploited a zero-day vulnerability in a third-party system to gain access to KDDI's email system for ISPs.

Mount Royal University Confirms Data Stolen in Ransomware Attack

Mount Royal University has confirmed a ransomware attack where hackers gained access to its internal network and deleted two drives containing sensitive data. The compromised information includes details about employees, students, and the university itself.

AssuranceAmerica data breach exposes records of 6.9 million drivers

AssuranceAmerica, an American insurance company, has reported a data breach that exposed the records of approximately 6.9 million drivers. Attackers gained unauthorized access to the company's systems earlier this year, leading to the exposure of sensitive driver information.

Mount Royal University confirms breach as hackers claim attack

Mount Royal University has confirmed a data breach after hackers claimed responsibility for the attack. The attackers reportedly stole and subsequently deleted data from the university's file storage systems after gaining access to its network.

Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Accenture has confirmed a data breach after a hacker claimed to have stolen source code from the company. The company stated that the incident has been contained, the source code has been remediated, and there has been no impact on operations or service delivery.

Telco giant KDDI says data breach affects over 12 million people

Japanese telecommunications company KDDI has announced a data breach affecting over 12 million individuals. The breach occurred on an email platform used by five internet service providers, exposing email addresses and passwords.

County Government Reportedly Paid $1 Million to Cyber Extortion Group

A county government in Ohio reportedly paid $1 million to a cyber extortion group. The payment was allegedly made to prevent the public release of sensitive stolen data. This incident highlights the significant financial impact of ransomware and extortion attacks on local government entities.

Single points of failure fail. The SaaS layer is not an exception

Higher education institutions increasingly rely on a few large SaaS platforms for critical operations, creating single points of failure. A recent major learning management system breach during finals week highlighted the severe academic and operational disruption that can occur when these platforms go down. This emphasizes the need for robust contingency planning beyond vendor SLAs and compliance certifications.

Medtronic Data Breach Impacts 3.8 Million People

Medtronic has disclosed a data breach resulting from a ransomware attack by ShinyHunters, which compromised the company's corporate IT systems. The attackers accessed and stole patients' personal and medical information, affecting approximately 3.8 million individuals.

Kubota says hackers had month-long access to network systems

Kubota North America Corporation has revealed that malicious actors gained access to parts of its network systems for over a month earlier this year. The extent of the breach and the specific data impacted are still under investigation.

DHS confirms hackers breached HSIN info-sharing platform

The Department of Homeland Security (DHS) is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a critical platform for sharing information among various government and private sector entities. The breach raised concerns about the security of sensitive data shared through the network.

Amazon fined $2.25M for withholding evidence from fraud victims

Amazon has been fined $2.25 million by the U.S. Federal Trade Commission (FTC) for withholding transaction records from victims of fraud. This action by the FTC aims to ensure that individuals affected by fraud can access necessary evidence to reclaim their stolen funds.

Risky Bulletin: Researcher drops giant cache of zero-day exploits

A researcher has released a large collection of zero-day exploits. The article also briefly mentions a data breach at a sensitive DHS network, a Supreme Court ruling restricting geofence warrants, and Huntress denying accusations of a malicious insider threat.

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Japan experienced a data breach where hackers accessed its policyholder portal multiple times between June 15 and June 25. The incident has impacted approximately 4.38 million individuals.

Nissan Employee Data Breached in Oracle PeopleSoft Hack

Nissan has confirmed a data breach affecting its employees following a hack targeting Oracle's PeopleSoft software. The breach is part of a larger campaign that has impacted a small number of organizations, with the full extent of the ongoing investigation still being determined.