Aflac has disclosed a data breach affecting its Japan subsidiary, Aflac Life Insurance Japan Ltd., after unauthorized access to its systems between June 15 and June 25, 2026. The attackers stole policy and coverage details, personal information, and bank account information. The breach is limited to Japan-based systems; U.S. operations were not affected. Aflac has notified the Japan Financial Services Agency and is working with external cybersecurity experts. This follows a separate breach disclosed a year ago that bore signs of a Scattered Spider attack, part of a broader wave targeting U.S. insurance companies.
Nguồn: https://www.bleepingcomputer.com/news/security/insurance-giant-aflac-discloses-data-breach-after-subsidiary-hack. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
LastPass xác nhận dữ liệu khách hàng trong môi trường Salesforce bị truy cập sau cuộc tấn công chuỗi cung ứng nhằm vào Klue hôm 12/6. Nhóm tống tiền Icarus đã xâm nhập hạ tầng Klue bằng thông tin đăng nhập cũ, đánh cắp token OAuth kết nối Klue với Salesforce của khách hàng. Dữ liệu bị lộ bao gồm tên, số điện thoại, email, địa chỉ, thông tin hỗ trợ và dữ liệu CRM. LastPass cho biết sản phẩm cốt lõi, dịch vụ và kho dữ liệu khách hàng không bị ảnh hưởng.
Lập trình viên nên đọc bài này để hiểu rõ về cách tấn công supply chain attack hoạt động như thế nào, từ đó nâng cao kiến thức bảo mật cho các ứng dụng và hệ thống của mình, đặc biệt là khi sử dụng các dịch vụ cloud như Salesforce.
A ransomware group called World Leaks has published files stolen from Tata Electronics, Apple's manufacturing partner in India, exposing iPhone 18 Pro component lists, supplier names, and photographs from drop tests. The leaked bill of materials reveals Apple's supplier architecture — including where it sources from multiple vendors for bargaining leverage and where single-source dependencies create supply chain vulnerabilities. The breach is the second ransomware incident involving Tata, following an earlier claim of stolen Apple and Tesla trade secrets. Apple is investigating alongside Tata, but the supplier maps are already public, posing competitive and strategic risks beyond a typical privacy incident.
The National Association of Insurance Commissioners (NAIC) disclosed that the ShinyHunters extortion group breached its Oracle PeopleSoft server by exploiting a zero-day vulnerability (CVE-2026-35273). NAIC contends that only publicly available statutory financial reports, outdated logs, and configuration files were stolen, with no PII or financial data exposed. ShinyHunters, after NAIC refused to pay ransom, leaked data and claims to hold 3.1 TB across 105,000 files including stored credentials for critical regulatory platforms. NAIC disputes these claims, stating those platforms were not compromised. The same zero-day has allegedly impacted over 100 organizations, primarily in the education sector.
The Blackfield ransomware gang has claimed a ransomware attack on Nidec Chaun Choung Technology, a Taiwanese subsidiary of Japanese electronics giant Nidec Corporation, and is demanding $2 million to delete stolen data. The attack was confirmed on June 22, 2026, prompting Nidec to shut down affected servers and networks. Blackfield has given Nidec over 15 days to negotiate, with options to extend the deadline for $5,000/day or purchase the stolen data outright for $400,000. This is Nidec's second ransomware incident in under two years, following a 2024 breach of its Vietnam-based Nidec Precision division by the 8Base and Everest gangs.
Nissan disclosed a data breach affecting current and former employees across the US, Canada, Mexico, and Brazil after attackers exploited CVE-2026-35273, a zero-day vulnerability in Oracle PeopleSoft PeopleTools. The breach is linked to the ShinyHunters extortion group, which claimed to have compromised over 300 PeopleSoft instances across 100 organizations between May 27 and June 9. Exposed data may include Social Security numbers, banking details, tax information, and dependent/beneficiary records. Nissan has restricted payroll access to secured networks and VPN, engaged external cybersecurity experts, and is offering credit and dark web monitoring to affected individuals. CISOs are advised to apply Oracle's emergency patches, lock down payroll workflows, and prepare employee-focused breach response plans.
Vụ lộ dữ liệu Klue xảy ra do mật khẩu cũ bị xâm phạm, cho phép nhóm tống tiền Icarus truy cập Salesforce của hàng trăm công ty, trong đó có Huntress và LastPass. Dù AI phát hiện lỗ hổng như Squidbleed (lỗi 29 năm tuổi trong Squid proxy), nguyên nhân chính của hầu hết các vụ xâm nhập vẫn là sự bất cẩn của con người, như quản lý thông tin đăng nhập yếu kém.
Lập trình viên nên đọc bài này vì nó cho thấy rằng dù công nghệ AI mạnh mẽ trong phát hiện lỗ hổng, nhưng phân tích sâu về các lỗ hổng do người dùng (và quản lý hệ thống) gây ra—chẳng hạn như sử dụng mật khẩu yếu, không bảo mật tốt—là chìa khóa để hiểu tại sao hệ thống vẫn bị tấn công thường xuyên và cách cải thiện an ninh thực tế.

The National Association of Insurance Commissioners (NAIC) confirmed it was breached via CVE-2026-35273, a zero-day Oracle PeopleSoft vulnerability enabling unauthenticated remote code execution. The ShinyHunters cybercrime group, which claims to have targeted over 100 organizations in the same campaign, accessed publicly available statutory financial data, credit rating agency data, and outdated logs and configuration data. PII, payment, and financial account information were not compromised. ShinyHunters initially overstated the breach scope, later attributing the error to an AI-generated misinterpretation. CISOs are advised to patch PeopleSoft systems immediately, validate attacker claims against forensic evidence, and review exposed technical data for potential follow-on attack risk.
A ransomware group has leaked sensitive Apple iPhone 18 Pro files on the dark web after stealing data from Tata Electronics, Apple's Indian manufacturing partner. The leaked files include component lists, supplier mappings, and drop-test photos of unreleased iPhone 18 Pro models marked 'confidential.' The breach exposes Apple's supplier relationships and bargaining vulnerabilities, coming at a sensitive time as India now accounts for 26% of global iPhone production and Apple is expected to raise iPhone prices. Tata has restricted internal system access and hired a forensic auditor in response.