Cybersecurity
Patch by the Fourth of July.
Trending in Cybersecurity
Exploited SharePoint Flaw Lands on CISA's Must-Patch List Developing
SharePoint sits inside most large organizations; an actively exploited remote-code-execution bug there is a direct path to corporate networks.
Tata Electronics Breach Spills 630GB, Touching Apple and Tesla Files Developing
A ransomware group published a manufacturer’s entire document trove — a supply-chain security nightmare.
81 Million Login Attempts: Massive Password-Spray Hits Microsoft 365 Ongoing
The campaign shows attackers can still breach cloud email at scale with nothing more sophisticated than guessed passwords.
Nissan Hit Through Oracle PeopleSoft Flaw; Employee Data Stolen Developing
HR platforms are the new jackpot: one software flaw exposed SSNs and banking data.
AI Infrastructure Under Attack: LiteLLM Gateway Flaw Exploited Ongoing
Attackers are now targeting the plumbing of corporate AI — one exploited gateway can leak every connected AI provider key an organization owns.
More & earlier in Cybersecurity
iRhythm discloses third-party app breach
Unauthorized activity in hosted business applications.
Novo Nordisk, Nottingham, Council of Europe, Nintendo hit
No sector spared in June’s breach wave.
Kemp LoadMaster flaw exploited (CVSS 9.6)
OS command injection under active attack.
Adobe patches CVSS-10 ColdFusion and Campaign flaws
Maximum-severity fixes; patch immediately.
Exploited SharePoint Flaw Lands on CISA's Must-Patch List Developing
Why it matters: SharePoint sits inside most large organizations; an actively exploited remote-code-execution bug there is a direct path to corporate networks.
CISA added CVE-2026-45659, a SharePoint Server remote code execution vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation, and ordered U.S. federal agencies to patch by July 4 — an unusually tight deadline that underscores the threat. The flaw (CVSS 8.8) stems from deserialization of untrusted data, a bug class repeatedly abused in past SharePoint attacks to seize servers and pivot into internal networks. Organizations running on-premises SharePoint are urged to patch immediately and hunt for signs of compromise. It joins a heavy week of critical fixes, including Adobe ColdFusion/Campaign patches carrying maximum CVSS 10.0 scores and a Progress Kemp LoadMaster flaw (CVSS 9.6) exploited since June 29.
- Federal agencies have until July 4 to patch — a signal of confirmed, ongoing exploitation.
- Deserialization flaws in SharePoint have historically enabled full network compromise.
- The week also brought CVSS-10 Adobe patches and an exploited LoadMaster command-injection bug.
Details & sources
Neutral Routine (if serious) enterprise patching event; limited market-level effect.
- Industries
- Enterprise IT, government, cybersecurity
- Companies
- Microsoft, Adobe, Progress Software
- Countries
- United States; global enterprises
- Key people
- CISA officials
- Sources
- The Hacker News — SharePoint RCE CVE-2026-45659 added to CISA KEV (2026-07)
- More coverage
- SecurityWeek · Cybernews
- Images
- None Available
Tata Electronics Breach Spills 630GB, Touching Apple and Tesla Files Developing
Why it matters: A ransomware group published a manufacturer’s entire document trove — a supply-chain security nightmare.
Tata Electronics confirmed a cybersecurity incident after the World Leaks ransomware group published more than 204,000 alleged company files (630.4 GB) online on June 12. The cache reportedly includes technical drawings, manufacturing records, employee passport scans, and files referencing customers Apple and Tesla. The breach shows how attacking one contract manufacturer can expose the secrets of the world’s biggest brands — and why supply-chain security clauses are becoming as important as price in electronics contracts.
Sources: SharkStriker — June 2026 data breaches
81 Million Login Attempts: Massive Password-Spray Hits Microsoft 365 Ongoing
Why it matters: The campaign shows attackers can still breach cloud email at scale with nothing more sophisticated than guessed passwords.
Security firm Huntress documented an aggressive password-spraying campaign against Microsoft 365 environments that generated more than 81 million login attempts over roughly two weeks. Despite the crude technique — trying common passwords across many accounts to evade lockouts — the threat actor successfully compromised 78 Microsoft accounts across 64 organizations among Huntress's own customer base, implying far larger totals across the broader M365 ecosystem. Compromised cloud mailboxes are prized for payroll fraud, invoice scams, and as beachheads for deeper intrusions. The campaign is a reminder that multi-factor authentication and modern conditional-access policies remain unevenly deployed even in 2026.
- 81M+ login attempts in two weeks; 78 confirmed account takeovers in one vendor's telemetry alone.
- Password spraying still works because MFA adoption remains incomplete.
- Compromised mailboxes typically feed invoice fraud and follow-on intrusions.
Details & sources
Neutral Reinforces demand for identity-security vendors without moving markets broadly.
- Industries
- Cloud software, cybersecurity, financial operations
- Companies
- Microsoft, Huntress
- Countries
- Global
- Key people
- Huntress research team
- Sources
- BleepingComputer — Hackers target Microsoft 365 accounts with 81 million login attempts (2026-07)
- More coverage
- The Hacker News
- Images
- None Available
Nissan Hit Through Oracle PeopleSoft Flaw; Employee Data Stolen Developing
Why it matters: HR platforms are the new jackpot: one software flaw exposed SSNs and banking data.
Nissan suffered a breach orchestrated by the Shiny Hunterz ransomware group exploiting an Oracle PeopleSoft vulnerability. Exposed data includes employee contact details, banking information, Social Security and national ID numbers, tax records, and dependent information. June’s broader tape was relentless: Novo Nordisk, the University of Nottingham, the Council of Europe, and Nintendo all disclosed incidents — evidence that HR and ERP platforms holding identity data have become attackers’ preferred one-stop shop.
Sources: CM-Alliance — June 2026 biggest cyber attacks
AI Infrastructure Under Attack: LiteLLM Gateway Flaw Exploited Ongoing
Why it matters: Attackers are now targeting the plumbing of corporate AI — one exploited gateway can leak every connected AI provider key an organization owns.
CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog on June 27: an unauthenticated remote-code-execution chain in LiteLLM's AI Gateway, a popular open-source proxy that companies use to route traffic to OpenAI, Anthropic, and other model providers. The exploit abuses Model Context Protocol (MCP) endpoints to gain full access to the server environment — including every configured API key. Stolen keys enable attackers to run up massive usage bills, exfiltrate prompt data, or impersonate the victim's AI applications. The listing marks one of the first times AI-specific middleware has been confirmed under active exploitation, signaling that the AI stack has formally joined the attack surface.
- Unauthenticated RCE in a widely deployed AI gateway is being actively exploited.
- Compromise exposes all configured OpenAI/Anthropic API keys at once.
- MCP endpoints — the connective tissue of AI agents — are now a proven attack vector.
Details & sources
Neutral A security wake-up call for AI adopters; limited direct market impact.
- Industries
- Artificial intelligence, cybersecurity, enterprise software
- Companies
- LiteLLM (open source); OpenAI/Anthropic customers (exposure)
- Countries
- Global
- Key people
- CISA officials
- Sources
- AI Intelligence Briefing — July 1, 2026 (CISA KEV listing)
- More coverage
- Check CISA's KEV catalog for the authoritative entry — aggregator-sourced details, hence Medium confidence.
- Images
- None Available