Normal view

Yesterday — 13 July 2026TechRadar - All the latest technology news

Ransomware negotiator jailed for 70 months after he just helped infect victims with malware

  • Ransomware negotiator Angelo Martino will serve 70 months in prison for secretly aiding BlackCat (ALPHV) attackers
  • Martino forfeits crypto proceeds, houses, cars, and boats, and must pay 10% of future salary after release
  • Martino was the third negotiator exposed; his co‑conspirators Ryan Clifford Goldberg and Kevin Tyler Martin previously received four‑year sentences for similar insider collusion

A ransomware negotiator who worked with the attackers behind his clients’ backs has been sentenced to almost six years in prison.

A sentencing memorandum published by the US government said 41-year-old Angelo Martino will spend the next 70 months in prison, and will also lose all of the cryptocurrency the attackers paid him for sharing insider information, as well as all of the houses, cars, and boats, he had bought with this money.

He will also have to pay 10% of any salary he earns after his release.

Asking for a shorter sentence

In November 2025, it was reported that three men who worked as ransomware negotiators to help victims minimize the damages of these attacks were actually agents for the dreaded BlackCat (ALPHV) ransomware collective.

Over the next months, it was reported that the men - Ryan Clifford Goldberg of Georgia, Kevin Tyler Martin of Texas, and Angelo Martino of Land O'Lakes, Florida, not only did not help their victims, but actually infected some of them with ransomware, and later shared valuable insider information with other BlackCat affiliates, in order to maximize the payment.

Their victims included at least five companies: a medical device company from Florida (demanded $10 million in ransom, ended up paying around $1.2 million), a pharmaceutical company from Maryland, a doctor’s office and an engineering company in California, and a drone manufacturer based in Virginia.

While all three faced serious prison time (between 10 and 20 years), they received far less. Martin and Goldberg were each sentenced to four years in prison in April 2026, while Martino will spend five years and ten months behind bars. Martino pleaded guilty and asked for a 24-month sentence, stating he “provided substantial assistance that contributed to the indictment and conviction of two co-defendants.” It didn’t work.

Via Ars Technica

Experts say they were able to create a rogue agent in Google’s AI platform with just a single edit permission

  • Varonis uncovered CVE‑level flaws in Google Cloud Dialogflow CX, where malicious Code Blocks in Playbooks could hijack agents, exfiltrate chat logs, and steal credentials
  • Shared Cloud Run environment with excess privileges meant one compromised agent could control all others in a project, with attacks virtually undetectable in Cloud Logging
  • Google patched the issue between April–June 2026; researchers advise reviewing audit logs, checking anomalous errors, and manually inspecting Code Blocks for unauthorized code

Researchers recently found a critical vulnerability in Google Cloud’s Dialogflow CX, allowing threat actors to take over different AI agents, access chat logs, and even exfiltrate sensitive data such as login credentials.

Dialogflow CX is Google Cloud’s conversational AI platform used to build many voice and text chatbots. This platform lets developers add Code Blocks, which are custom Python snippets, into conversation “Playbooks”. These blocks all execute inside a single Google-managed Cloud Run service, shared across all agents in a Google Cloud Platform project.

Security researchers Varonis said they discovered a critical vulnerability in which the theoretical attacker didn’t need broad admin access. With permission to edit a single chatbot’s settings, they would be able to plant malicious code relatively easily. The Cloud Run environment had no code restrictions, Varonis further explained, but had a writable filesystem, public internet egress, and ran with excess privileges. Key files could have been overwritten entirely, it was added.

Google issues a fix

As a result, the attacker had access to full conversation history and session state. They could call internal functions and fake LLM-generated replies which, they claim, could lead to phishing and credential theft.

Since the environment is shared per-project, one compromised agent could take over every other agent in that project, and since Cloud Logging doesn’t capture the file overwrite or injected logic, the attack would be "virtually undetectable."

Varonis reported the issue to Google in November 2025, and the latter came back with an initial fix in April 2026. However, the issue had not been fully resolved until June 2026.

In the report, the researchers said there is no evidence of in-the-wild exploitation attempts and advises customers to review DATA_WRITE audit logs for Playbooks.UpdatePlaybook calls, check for anomalous Sessions.DetectIntent errors, and manually inspect each agent's Code Blocks for leftover unauthorized code.

Vibe coded threats shift again — hackers are using AI chatbots to write malware using natural language

  • Huntress analyzed AI‑generated malware “Untitled1.ps1,” a noisy custom AD enumeration tool likely built by low‑skilled attackers using generative AI
  • Attackers paired it with s5cmd for rapid data exfiltration and SharpShares.exe for share enumeration before being detected and removed
  • Report warns AI “vibe coding” lowers barriers for cybercrime, producing unique payloads that evade signature‑based defenses, requiring behavioral analytics to catch attack lifecycles

“Unsophisticated” cybercriminals can now easily write malicious code using Artificial Intelligence (AI) and run devastating data breach attacks with speed, forcing defenders to rethink their strategies, researchers have claimed.

Security experts Huntress thoroughly investigating a piece of AI-written malware, and explained how the bespoke, AI-generated payload was a “highly aggressive, noisy, custom-built AD enumeration tool.”

Since cybercriminals are generally careful not to make too much noise and to try and do their bidding without raising any alarms, the researchers hint this was the work of a low-skilled attacker.

Significant challenge

The malware, labeled Untitled1.ps1, was designed to map the Active Directory environment and apparently, it did its job well. In the next step, the crooks deployed a legitimate high-speed command-line tool for Amazon S3 operations called s5cmd which, according to Huntress, is often used for data exfiltration.

Before being spotted and kicked out, the attackers also deployed a known enumeration tool called SharpShares.exe, filtering common administrative shares while hunting for further user-accessible data repositories.

The move from off-the-shelf frameworks to custom, bespoke AI tools is a “significant challenge” for the defenders, Huntress warns.

“Historically, AVs and EDR platforms have relied heavily on file hashes and static string signatures,” they say. “Vibe-coded scripts are inherently unique. Untitled1.ps1 has never existed before and will likely never be compiled in this exact configuration again.”

As a result, defenders must focus on the “fundamental behaviors of the attack lifecycle.” AI can change the code syntax, they’re saying, but cannot change the underlying mechanics of Active Directory enumeration.

“Vibe coding lowers the barrier to entry for cybercrime, allowing unsophisticated actors to generate highly capable, evasive tooling on the fly,” the researchers concluded. “While the code itself may be messy, over-engineered, and filled with AI hallmarks like left-behind comments, the threat it poses is very real. To combat this, defenders must abandon rigid, signature-based thinking and embrace behavioral analytics to catch the underlying actions that no LLM can hide.”

'Cryptomining can be a lucrative post-compromise activity in cloud environments': Experts warn AI gateways connected to Amazon Bedrock are being hijacked to steal crypto

  • Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM‑Proxy on AWS Bedrock), breached through exposed SSH and abused with XMRig mining
  • Attackers also showed suspicious IAM activity, hinting at possible cloud credential misuse, with connections traced to Vietnam
  • Experts warn AI gateways concentrate privileged access, urging strict port closures, least‑privilege roles, and control‑plane monitoring to reduce blast radius

If you are using AI gateways as part of your tech stack, be wary - they are being leveraged in cryptojacking attacks, experts have warned.

Cybersecurity researchers Darktrace have published a new report on a cloud-hosted AI gateway, connected to Amazon Bedrock, which was compromised and used for cryptocurrency mining.

An AI gateway is a piece of software that runs between users or applications and one or more AI models. It is not unlike a reverse proxy or an API gateway, but just for AI services. In this case, an Amazon EC2 instance running an AI gateway called LiteLLM-Proxy was given centralized access to large language models (LLM) hosted on Amazon Bedrock (AWS’ fully managed generative AI platform).

Shady Vietnamese accounts

According to Darktrace, threat actors gained access most likely through a brute-force attack, since the EC2 instance was configured to accept SSH connections from anywhere on the internet.

After breaking in, they downloaded XMRig, by far the most popular cryptocurrency mining program. Within minutes, the instance started making repeated encrypted connections to a cryptocurrency mining pool, which also set off Darktrace’s alarms and spotted the attack.

Soon after, Darktrace spotted more suspicious activities, this time involving an AWS Identity and Access Management (IAM) user. This account started giving out unexpected and previously unused commands, such as enumerating and invoking Amazon Bedrock foundation models, or trying to set up a new IAM user account.

The final red flag was the IP address of that user - tracing back all the way to Vietnam. Darktrace said there was insufficient evidence to conclusively link the IAM activity with the earlier compromise of the AI gateway, but stressed that the behavior could indicate attempted cloud credential misuse.

Lidl customers across Europe hit in suspected data breach - here's what we know

  • Lidl confirms cyberattack at third-party IT service provider that exposed customer data including names, phone numbers, emails, dates of birth, and customer numbers
  • Passwords, payment details, and addresses were not affected, but the company warns of phishing risks and urges vigilance against identity fraud attempts
  • Incident was contained quickly, reported to authorities, and investigated by forensic experts; Lidl operates ~12,900 stores across 32 countries

Lidl is warning its customers of a cyberattack which may have affected some of their personal information stored with the company.

In a data breach notification published on its Netherlands, Belgium, and Germany websites, the German discount supermarket chain said an IT security incident at one of its IT service providers affected some of the data stored by Lidl Online Shop customers.

“We were informed of this incident at the beginning of the week,” a machine-translated notification reads. “Despite high IT security standards, unknown persons briefly gained access to a separately stored file with customer data and part of the data was stolen from it. The system of the online shop itself is not affected.”

Unknown impact

Lidl said that the unnamed miscreants walked away with people’s full names, phone numbers, email addresses, dates of birth, and customer numbers. Passwords, billing and delivery addresses, bank details, and other payment information, was allegedly not stolen. Customer accounts remained unaffected, as well.

However, the company is urging its customers to remain vigilant, since there is a high chance the crooks will use the data to send personalized phishing emails.

“Although we currently have no concrete evidence of misuse of data, we warn you about possible phishing attempts or identity fraud as a precaution,” Lidl said.

The company did not say which IT service provider was targeted, or how many people are affected. It merely stated that the company “responded immediately” and “took necessary steps” to restore the full security of the affected systems. The company also filed a report with the relevant authorities, and called in IT forensic experts to investigate the incident.

Local authorities, such as the Dutch Data Protection Authority, or the Belgian “competent supervisory authority for data protection” were notified, as well.

Lidl operates around 12,900 stores across 32 countries in Europe and the United States.

Via Cybernews

Before yesterdayTechRadar - All the latest technology news

Ransomware attacks against education sector rise 16% in one year becoming the new favorite target — and reckless GenAI use could be to blame

  • Check Point Research reports education faced 4,816 weekly ransomware attacks in June 2026, up 16% YoY, keeping it the most targeted sector
  • Risks stem from open networks, thin budgets, and reckless GenAI use, with 1 in 26 enterprise prompts leaking sensitive data and 85% of orgs affected
  • Latin America saw the sharpest rise (27%), while government and telecoms also absorbed heavy volumes, showing attackers’ focus on high‑exposure industries

Every week in June, organizations in the education industry around the world faced 4,816 ransomware attacks. This is up 16% compared to the same month last year, and means this sector remains the most popular target among cybercriminals.

This is according to “A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide”, a new in-depth report on the state of ransomware, published by security experts Check Point Research (CPR).

As per CPR’s new paper, education is a popular target because of “open campus networks, constant device turnover, and thin security budgets”. In other words, it’s a low-hanging fruit, especially compared to other industries like government, technology, or healthcare. But these are not the only reasons why hackers target education more than any other industry. It is also because of how employees behave which, by using GenAI recklessly, substantially increases security risk.

Latin America bearing the brunt

“It is about what employees place into prompts: customer records, internal documents, infrastructure details, legal material, financial data, or HR information that may be copied into public or unmanaged GenAI tools,” CPR explains.

“1 in every 26 GenAI prompts from enterprise networks carried a high risk of sensitive data leakage, equal to a global exposure rate of 3.9%,” the paper reads. “85% of organizations that regularly use GenAI tools were affected by high-risk prompt activity,” and “a further 27% of prompts contained potentially sensitive information.

This mostly affects organizations in Latin America who reported, on average, 3,501 weekly attacks (up 27% compared to June 2025). APAC followed at 3,060 (up 5%), and Africa posted 3,008 weekly attacks (down 9%).

Besides education, ransomware operators are also targeting government institutions (2,836 weekly attacks - up 5%), and telecoms (2,835 weekly attacks - up 13%).

“Together these three sectors continue to absorb a disproportionate share of global attack volume, a pattern that has held steady across recent months even as the specific numbers shift,” CPR concluded.

Microsoft discovers new multi-malware package 'GigaWiper' capable of deploying wipers and ransomware

  • Microsoft warns of “GigaWiper,” a destructive malware attributed to Iranian group CyberAv3ngers that combines multiple variants into one
  • It can wipe drives, encrypt files with a fake ransomware extension, or overwrite Windows partitions, while also spying via screenshots, VNC sessions, and system data theft
  • The malware hides under fake OneDrive tasks and registry keys, showing both espionage and sabotage capabilities with no recovery path for victims’ data

Microsoft is warning about a new piece of malware called GigaWiper, which can spy on people’s computers and then destroy them entirely, in different ways.

It was built by mashing different malware variants into one, and it seems to be the work of Iranian state-sponsored threat actors called CyberAv3ngers. The hackers also took a little cheeky dig at Microsoft, through the malware’s obfuscation mechanism.

As Microsoft explained, GigaWiper can overwrite the physical drive and wipe the partition table, destroying the contents of the disk directly. It can also encrypt all files on the drive, add a .candy extension, and change the desktop wallpaper to show a warning. This ransomware approach does not share a ransom note, and does not generate a decryption key, so there is nothing to pay, and no way to decrypt the files - they are gone for good, just giving victims false hope.

Spying on the victims

Finally, the third method goes straight for the Windows drive, overwriting it multiple times with different data patterns.

Besides bricking the disk, GigaWiper can also spy on its victims by grabbing screenshots, recording the screen, or opening a VNC session to either stream someone else’s work, or allow the attackers to use the mouse and keyboard. The malware can also extract system data, manage programs and services, modify the registry, and more.

But the cheekiest feature is how it hides. It schedules a task called OneDrive Update and tracks itself in a registry key called OneDrive\Environment. Perhaps the attackers assumed no one really pays attention to OneDrive, and thus the malware could stay out of sight for longer.

Speaking of the attackers, Microsoft does not name them, but most of the components mashed together to form GigaWiper were previously attributed to CyberAv3ngers, a group linked to Iran's Islamic Revolutionary Guard Corps.

$293 million seized and 5,811 arrests made in huge anti-scam and fraud action by Interpol and law enforcement agencies across 97 countries

  • Interpol’s Operation First Light 2026 spanned 97 countries, leading to 5,811 arrests, $239M seized, and 31,014 bank accounts blocked
  • Authorities analyzed 152,808 cases, identified 15,606 suspects, and uncovered scams ranging from BEC to money laundering, with victims exceeding 142,000 globally
  • Notable busts included a fake Brazilian police station in Eswatini, crypto laundering in Thailand, and scam centers in Palau, highlighting the scale and diversity of the crackdown

Interpol and various national law enforcement agencies arrested more than 5,800 people and seized hundreds of millions of dollars in one of the largest crackdowns on cybercrime to date.

In an announcement, Interpol said that it kicked off Operation First Light 2026 on January 15 and concluded it on April 30, 2026. Following an “initial period” of gathering intelligence and exchanging it among partners, police forces in 97 countries and territories started raiding premises, seizing digital equipment and cash, and arresting suspects.

In total, 5,811 individuals were arrested, and $239 million in illicit assets intercepted. During Operation First Light 2026, various police forces analyzed 152,808 cases, had 31,014 bank accounts blocked, and 99 Notices and Diffusions issued.

A replica of a police station

Besides the arrests, the law enforcement firms also identified 15,606 suspects, which could lead to even more arrests in the coming months.

Interpol did not dismantle a single global operation here. Cases varied from money laundering, to scams and identity theft, to business email compromise, and more.

In one, particularly brazen campaign, police in Eswatini seized a “realistic replica of a Brazilian police station, complete with fake uniforms, signage and equipment”.

“Posing as Brazil’s Federal Police via video call, the scammers deceived their targets into believing they were victims of a crime, tricking them into transferring funds for “safekeeping,” which were then stolen,” Interpol explained. In this instance, police arrested 82 people and seized 240 electronic devices.

Two people were arrested in Thailand, including a 20-year-old man who allegedly processed more than $122.5 million in various cryptocurrencies in 10 months. Authorities in Palau, on the other hand, deported 22 individuals for their role in two connected scam centers being conducted from hotels.

Interpol said that during the operation it identified more than 142,000 victims globally.

Devious phishing campaign hijacks a genuine Meta business feature to send scam emails — as they really do come from Meta's own address

  • Huntress uncovers phishing campaign abusing Meta’s business account email infrastructure and impersonating the Meta Agency Partner Program
  • Victims were tricked into handing over credentials, which attackers exfiltrated to Telegram for account takeover, scam ads, and targeted phishing
  • Meta has since added guardrails that killed the campaign; Huntress published IoCs to help organizations detect related activity

Hackers are abusing one, and impersonating another legitimate Meta service, to try and steal login credentials for people’s business accounts with the company.

Meta, the owner of Facebook, Instagram, WhatsApp, and more, allows businesses to set up separate accounts and talk to each other. The emails sent from one to another pass through the company’s infrastructure, meaning they are shown as coming from Meta itself.

However up until recently, hackers were abusing this fact to send phishing emails that landed directly into their victims’ inboxes, security researchers Huntress explained. The company even tried to curb this by hardcoding a disclaimer that email senders are not part, or affiliated with, Meta, but crooks found creative ways around this, as well.

Spending money

The phishing emails redirected victims to landing pages outside Meta’s ecosystem. These pages were designed to mimic Meta Agency Partner Program, a legitimate initiative that connects businesses with professionals in social media management work.

Those who would fail to see the ruse would end up trying to log into their accounts, instead just sharing their login credentials with the attackers. The secrets would get exfiltrated to a Telegram account under the threat actors’ control, which they could later use for different things, from phishing to malvertising.

“Threat actors can leverage Meta business accounts to spend the victim's money on malicious or scam advertising, or they can take over the account entirely, changing the recovery methods and password, and leverage the account to transmit more targeted attacks at the business' customers or social media followers.” the researchers explained.

Over the last couple of months, the campaign evolved and changed, using different lures and mechanics, but keeping the same end goal. However, Meta has effectively killed it by adding additional guardrails that now make it impossible to run.

This malicious Google Notes extension just wants to sneakily steal all your crypto

  • McAfee flags “Silent Swap,” a malicious Chromium extension disguised as Google Notes that secretly hijacks crypto transactions
  • It works as a clipboard jacker, swapping copied wallet addresses with attacker‑controlled ones so victims unknowingly send funds to criminals
  • Researchers advise always cross‑checking full wallet strings before sending, as attackers can craft lookalike addresses differing only in a few characters

Researchers have found yet another extension for Chromium-based browsers that is designed solely to steal people’s hard-earned cryptocurrency.

A report from McAfee has sounded the alarm on Silent Swap, a piece of malware hiding inside a benign-looking Google Notes extension.

Victims who stumble upon and download it (most likely through phishing, social engineering, or shady forums and websites), will get an extension that, on the surface, works as intended. It shows a small window where the victim can type a note and save it. They can color-code the notes and search through saved ones. However, this was only made to hide the program’s true intentions, which are to steal cryptocurrency.

Hijacking the clipboard

Silent Swap works like a typical clipboard jacker. It monitors the clipboard for strings that look like a crypto wallet - seemingly random strings of 26 to 42 alphanumeric characters.

When it spots one, it replaces it with a different one belonging to the attacker, so when the victim pastes the address into the wallet to send the funds, they are actually sending them to the address belonging to the attackers.

This works because crypto wallets are almost impossible to memorize, and too risky to type in from a piece of paper or a different document, forcing users to rely on copying and pasting.

Once the victim sends the funds, they are almost certainly irretrievably gone. Only if the funds are being sent from a centralized exchange (like Coinbase, for example), and if the victim spots the attack fast enough, can they ask the exchange’s support to freeze the transaction. In all other cases, once the money is sent, it’s gone.

The best way to defend against these attacks is to cross-reference the strings before hitting send. Some people would only check the first and last few characters, but security researchers don’t recommend it, because some clipboard jackers can generate addresses that only differ in a few characters.

These popular Tenda routers have an unpatched security backdoor which could give hackers access

  • CERT/CC discloses CVE‑2026‑11405, a critical 9.8/10 flaw in multiple Tenda router families caused by a hardcoded backdoor credential
  • Attackers can bypass normal login checks and gain full admin access with the hidden password, regardless of configured username or password
  • Tenda has not responded; CERT/CC advises disabling remote web management and limiting local exposure, though these are only partial mitigations

Multiple Tenda router families carry a critical vulnerability that allows malicious actors to log in with admin privileges without knowing the credentials, experts have found.

The CERT Coordination Center disclosed a vulnerability in Tenda routers which it described as an undocumented authentication backdoor caused by a hardcoded credential.

The flaw is tracked as CVE-2026-11405 and was assigned a severity score of 9.8/10 (critical). CERT/CC allegedly tried reaching out to the manufacturer, to no avail.

How the vulnerability works

Explaining how it works, CERT/CC says that the attacker would first try to log into the router’s web management interface normally. Even if the credentials are wrong, the firmware would not automatically reject them, but would rather check a second, hidden password, stored internally. If the attacker knows the hidden credential, they get full admin access, regardless of the configured admin password or username.

The username doesn’t even matter, as long as the password is supplied. Obviously, CERT/CC did not say what the password was, but with a little reverse-engineering of the firmware, it can be exposed either on the dark web, or to the general public.

Tenda is a Chinese company building budget networking gear, popular mostly in India and adjacent markets, where its products are popular in homes and among small businesses.

The flaw thus still affects multiple firmware versions, including FH1201, W15E, AC10, AC5, and AC6 router families. To make matters worse, CERT/CC added that the full list of affected models is probably even bigger.

Tenda is yet to comment on the findings. In the meantime, CERT/CC recommended users disable remote web management, if possible, to make sure the vulnerability cannot be exploited remotely, at least. The organization also suggests limiting local network exposure, but stresses that this is not an entirely bulletproof solution.

Via Tom's Hardware

Accenture confirms breach after hacker steals 35GB of source code and other data

  • Accenture confirms cyberattack after threat actor “888” advertised selling 35GB of stolen source code and keys from its Azure DevOps repos
  • Hacker claims archive includes RSA/SSH keys, Azure PATs, storage access keys, and configs, though details remain unverified
  • Accenture says the breach was remediated with no operational impact; the same actor previously tried selling Accenture employee data after a 2024 third‑party breach

Accenture has confirmed suffering a cyberattack, days after threat actors started selling an archive allegedly coming from the firm.

"We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery," Accenture said in a statement to BleepingComputer.

It follows a relatively unknown threat actor called 888 posting a new thread on an underground forum, advertising the sale of an archive seemingly stolen from the global professional services company.

Accenture breach

"Today I am selling the Accenture Data Breach, thanks for reading and enjoy!," the hacker said. "In July 2026, Accenture suffered a data breach which resulted in just over 35gb of source codes getting stolen from the company."

The threat actor claims to have nabbed source code, RSA keys, SSH keys, Azure Personal Access Tokens (PAT), Azure Storage access keys, and configuration files. They also shared screenshots showing how they closed an Azure DevOps repository, but at this time these claims were not independently verified.

Accenture did not say how much data it lost in the breach, or what the nature of the stolen files is. The company also did not explain how it got breached but did stress that the hole has been plugged.

According to BleepingComputer, this same threat actor tried to sell Accenture employee data after a third-party breach back in 2024.

Accenture is one of the world's largest professional services and consulting firms, providing consulting, technology, managed services, and cloud engineering, to businesses and governments. It was founded in 1989 as a spin-off from Arthur Andersen's consulting business, and today operates in more than 120 countries with hundreds of thousands of employees.

In 2021, it suffered a ransomware attack at the hands of the infamous LockBit, who also managed to steal data from its systems.

Japanese telco giant KDDI says 12 million emails exposed in major cyberattack

  • KDDI confirms unauthorized access affecting six ISPs, with up to 14.22 million email addresses and passwords exposed
  • Some passwords were unencrypted; with estimates citing 12.2 million emails and 7.6 million passwords compromised
  • Company urged rapid password updates, coordinated countermeasures with ISPs, and pledged recurrence prevention

KDDI, one of Japan’s largest telecommunications providers, has confirmed it was recently hacked and lost millions of emails and unencrypted passwords belonging to its clients’ customers.

In a data breach notice, shared last month, the company said that it confirmed “unauthorized access” on June 17 2026.

“As a result, part of the information from email services offered by these ISPs may have leaked externally,” a machine translation of the notice reads.

Coordinating countermeasures

The incident allegedly affected an email system KDDI uses to manage customer email accounts, webmail, and email storage.

KDDI says that the attack affected six ISPs: STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty Corp, and BIGLOBE. Up to 14.22 million email addresses and passwords linked to these mailboxes were allegedly exposed, which includes both accounts of former customers, as well as dormant users.

“Some” passwords were hashed or encrypted, the company further said, suggesting that some - were not. It also stated that the 14.22 million number represents a “maximum estimate”, and that the investigation is still ongoing. The Record reported 12.2 million customer email addresses and 7.6 million passwords exposed.

Since spotting the intrusion on June 17, KDDI has been contacting ISPs to “coordinate countermeasures” and urged their customers to update their passwords as soon as possible. “Customers should follow instructions provided by their ISP promptly,” it said. “KDDI will continue working with ISPs to notify customers and support rapid password updates.” It also said that “many customers” have already updated their passwords.

"We are analyzing the scope of the impact and the cause, responding to customers in coordination with ISP operators, and taking measures to prevent a recurrence," the company said.

KDDI is one of Japan's largest telecommunications companies, rivaling NTT Docomo and SoftBank. It serves approximately 72 million mobile subscribers.

Via The Record

Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know

  • AssuranceAmerica reports breach affecting 6,998,886 customers, with attackers stealing credentials and exfiltrating sensitive insurance and driver data
  • Company reset passwords, isolated systems, and deployed enhanced monitoring; warns victims of phishing risks using stolen details
  • No group has claimed responsibility, and stolen data has not yet surfaced on the dark web, though ransom pressure tactics are common in such cases

AssuranceAmerica, an insurance company operating thousands of independent agents across the US, has confirmed suffering a cyberattack in which it lost sensitive data on almost seven million customers.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach and sharing a copy of the notification letter it will soon send out to the 6,998,886 affected individuals.

In the report, the company said an unidentified threat actor stole login credentials and moved into the network, grabbing names, contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, and driver's license numbers.

Data can be used for phishing

The attackers were spotted on March 17 2026 and were quickly locked out of the company’s network.

Affected systems were isolated, and law enforcement notified. AssuranceAmerica also reset everyone’s passwords, deployed enhanced monitoring and threat detection tools, and warned its staff to remain vigilant.

AssuranceAmerica has warned customers to be careful about incoming emails and other communications, especially those claiming to come from the company itself.

Using the information obtained in the breach, criminals can create highly convincing emails, tricking victims into making fraudulent payments, sharing login credentials to corporate and banking environments, or even downloading malware and ransomware.

So far, no one has claimed responsibility for this attack, and the data is yet to surface anywhere on the dark web. Usually, criminals would post snippets or samples on their websites, in an attempt to pressure the victim company into paying ransom for the files.

BleepingComputer notes AssuranceAmerica operates through a network of more than 9,500 independent agents, providing auto, renters, and commercial auto insurance coverage in 14 US states.

Nextcloud leaks 367K records — European cloud giant exposes staff and clients in major breach

  • Exposed ElasticSearch cluster at Nextcloud contained ~367k records (8GB), including employee data, client contracts, and scripts
  • Sensitive information such as staff emails and client company details was left unencrypted; Nextcloud secured the archive within two days after notification
  • Company attributed the incident to hosting misconfiguration, stressing customer servers were unaffected, though researchers warn attackers may have accessed the data

European cloud provider Nextcloud kept an unprotected database on the public internet, exposing sensitive internal and client data to anyone who knew where to look, experts have revealed.

Nextcloud is a free, open source platform that lets users create their own private cloud. It is often described as an alternative to Google Drive, or Microsoft 365, which allows users to control where their data sits.

In mid-May 2026, security researchers from Cybernews discovered a publicly exposed ElasticSearch cluster and, after a deeper investigation, determined it contained around 367,000 records (8GB of data in total). The archive was a mix of Nextcloud employee data, client company data, contracts, and scripts built for the company’s clients.

Nextcloud reacts

The majority of files were in .PDF format (71k), followed by .PNG (53k) and .MD (23k). All of the exposed records were found in a single index, with some revealing client company information, as well as data on Nextcloud staff. Some of the information was unencrypted, as well, exposing employee email addresses, client company names and addresses, and emails of individuals who sent invoices to Nextcloud.

Cybernews reached out to Nextcloud and the company locked the archive down within two days, and notified relevant authorities. It says it found no evidence of unauthorized access, but without a deep forensic analysis, it is impossible to say if that really is the case.

“If our team managed to discover the exposed dataset, threat actors may have too,” the Cybernews team wrote. “Malicious attackers operate numerous bots on the web that scour the net looking for exactly that: misconfigured databases with data to steal.”

The company also said this was a misconfiguration issue and that its services are secure: “The issue was caused by a misconfiguration of our hosting infrastructure and is not related to the Nextcloud solution. No other Nextcloud servers belonging to our customers, partners or other users have been affected by this issue,” the company’s spokesperson told the researchers.

Experts warn of the 'first documented case of agentic ransomware' — dangerous JADEPUFFER attack run entirely by an LLM

  • The first agentic ransomware attack has been dubbed JADEPUFFER by researchers at Sysdig
  • Threat exploited a known vulnerability, adapted to obstacles, and targeted an Alibaba Nacos
  • Unfortunately for victims, paying up means nothing, as JADEPUFFER fails to back up the data

Has ransomware become self-aware? Sysdig researchers have analyzed an attack on an internet-facing Langflow instance, and discovered what they believe to be the first ransomware infection driven not by a human, but by AI.

As the attack progressed via a vulnerability, it accessed a server, removed data, overcame challenges, and phoned home regularly – all controlled not by a remote operator, but by a large language model (LLM).

Dubbed “JADEPUFFER” the attack seems to point to the direction of travel for extortion-based cybercrime -- if not for the entire sector, then certainly for the cybercrime-as-a-service (CaaS) market. As highlighted in Sysdig’s conclusion: “It’s a marker of where extortion tradecraft is heading.”

Fully autonomous hack

Using a code-injection attack on a Langflow deployment, Sysdig reported that the attack was fully automated, and after exploiting the vulnerability (CVE-2025-3248) JADEPUFFER sought out credentials for LLM providers, databases cloud platforms, and cryptocurrency wallets.

It also harvested data from the Langflow instance’s Postgres database, and committed various acts of destruction before the intended Alibaba Nacos (Naming and Configuration Service) and connected MySQL database were reached.

At this point, the ransomware demand was issued, with 1,342 Nacos configuration items encrypted and crucial database tables dropped. What is interesting about this is that random encryption was applied, but no backup was made and no key or report was created – so even if the ransom was paid, the data would remain unrecovered.

(Langflow fixed the vulnerability in April 2025, so this attack could have been avoided if the instance had been patched. Ironically, Langflow is also an AI platform, providing low-code solutions to build and deploy chatbots, agents, and advanced workflows using artificial intelligence.)

A new phase in cybersecurity

Security researchers have been on the lookout for Agentic Threat Actors (ATAs) for a while now, so the arrival of JADEPUFFER is not completely unexpected. Its arrival essentially means that anyone can create and operate a ransomware (or other cyberthreat) operation, relying on intelligent prompts and low-effort, fully automated testing in the wild, from which the LLM can learn and improve.

If this does indeed represent the dawning of a new age of cybersecurity, it isn’t all bad news. This incident has demonstrated how LLM-based attacks can be detected.

It used historical vulnerabilities, for example, but the most interesting thing about it is that this attempt was pretty verbose. The Sysdig team noticed that when JADEPUFFER was presented with obstacles to its primary aim, it adapted and shared its rationale.

While this narration is common among LLMs, other threats don’t do this, which offers an advantage for detecting LLM-based threats like JADEPUFFER and the variants which will inevitably appear.

❌
❌