Kyushu Electric Power Data Breach Hits 10.9 Million Customers
A backup hard drive holding personal data on up to 10.9 million people has vanished from a Japanese utility's server room. Weeks into the investigation, nobody can say where it went. The Kyushu Electric Power data breach is shaping up to be one of the largest data exposure incidents reported in Japan this year. This didn't involve a sophisticated hack.
ServiceNow Data Breach Exposes Customer Records
ServiceNow has confirmed a security incident after a misconfigured API endpoint exposed enterprise customer data to unauthorized access. The ServiceNow data breach became public on June 9, 2026, when the company began notifying affected customers through a gated support bulletin and direct support cases. ServiceNow had already pushed a patch to hosted instances on June 5. But questions about how
Oracle PeopleSoft Data Breach Hits 100+ Organizations
A major Oracle PeopleSoft data breach is now confirmed, with the ShinyHunters extortion gang claiming responsibility for attacks on more than 100 organizations worldwide. The group says it has compromised 300 separate instances and is actively sending extortion demands to victims. One university has already acknowledged the incident publicly, and stolen data has appeared on ShinyHunters' leak site. What Is
Anthropic Launches Claude Fable 5 With New Safety Guardrails
Anthropic has released Claude Fable 5, its most powerful AI model yet made available to the general public. Built on the same underlying technology as its restricted Mythos model class, it brings frontier-level AI capabilities to everyday users — with carefully designed safety limits baked in. Access is free for subscribers until June 22, after which usage-based pricing kicks in.
NFCShare Android Malware Spreads via Fake Bank Apps
A strain of Android malware called NFCShare is spreading through fake banking app updates, and it has a particularly deceptive trick up its sleeve. Rather than stealing card details through a data breach or a keylogger, it uses your phone's own near-field communication chip against you. The NFCShare Android malware campaign has expanded significantly since mid-May 2026, now targeting customers
C0XMO Botnet Exploits DD-WRT Routers to Launch DDoS Attacks
A newly discovered botnet called C0XMO is targeting home and business routers running DD-WRT firmware, using a years-old vulnerability to break in, dig deep, and attack anything in its path. Researchers who analysed the C0XMO botnet found a piece of malware that goes well beyond what most IoT threats are capable of, from killing rival malware to launching DDoS floods
Hola Browser Supply Chain Attack Delivers Hidden Miner
A Monero miner hiding inside a trusted browser installer is the kind of threat most users never see coming. That is exactly what happened to Hola Browser, whose Windows version fell victim to a supply chain attack that quietly bundled cryptocurrency-mining software alongside legitimate installations. How the Compromise Came to Light The discovery did not come through user complaints or
Chinese Hackers Deploy Atlas RAT Malware in Europe
A Chinese-speaking cybercrime group has shifted its sights to Europe, deploying a newly discovered remote access trojan called Atlas RAT malware alongside several custom-built tools. The campaign is targeting organizations in Germany, Italy, the United Kingdom, and South Africa. This is a sharp departure from the group's previous focus on East Asia. Researchers tracking the activity have labeled the group
WeedHack Minecraft Malware Has Infected Over 116,000 Systems
Gamers downloading Minecraft mods or cheat tools face a serious threat. A malware campaign called WeedHack Minecraft malware has infected more than 116,000 systems since January 2026, and it is still spreading at a rate of 2,000 to 3,000 new infections every day. The campaign was uncovered by researchers at McAfee Labs and represents one of the more sophisticated attacks
Dashlane Hit by Brute Force Attack, User Vaults Exposed
Attackers hit multiple Dashlane accounts using brute force methods, attempting logins from distant locations and unknown devices. Users discovered the problem when suspension emails arrived without warning, and many turned to Reddit to compare notes. Those emails told affected users that someone had tried to register a new device on their account and failed to enter the correct token after
