Insurance giant Aflac discloses data breach after subsidiary hack

iPhone 18 Pro supplier list and parts exposed in Tata data leak

A ransomware group called World Leaks has published files stolen from Tata Electronics, Apple's manufacturing partner in India, exposing iPhone 18 Pro component lists, supplier names, and photographs from drop tests. The leaked bill of materials reveals Apple's supplier architecture — including where it sources from multiple vendors for bargaining leverage and where single-source dependencies create supply chain vulnerabilities. The breach is the second ransomware incident involving Tata, following an earlier claim of stolen Apple and Tesla trade secrets. Apple is investigating alongside Tata, but the supplier maps are already public, posing competitive and strategic risks beyond a typical privacy incident.

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

The National Association of Insurance Commissioners (NAIC) disclosed that the ShinyHunters extortion group breached its Oracle PeopleSoft server by exploiting a zero-day vulnerability (CVE-2026-35273). NAIC contends that only publicly available statutory financial reports, outdated logs, and configuration files were stolen, with no PII or financial data exposed. ShinyHunters, after NAIC refused to pay ransom, leaked data and claims to hold 3.1 TB across 105,000 files including stored credentials for critical regulatory platforms. NAIC disputes these claims, stating those platforms were not compromised. The same zero-day has allegedly impacted over 100 organizations, primarily in the education sector.

Blackfield ransomware asks Nidec Corporation for $2 million ransom

The Blackfield ransomware gang has claimed a ransomware attack on Nidec Chaun Choung Technology, a Taiwanese subsidiary of Japanese electronics giant Nidec Corporation, and is demanding $2 million to delete stolen data. The attack was confirmed on June 22, 2026, prompting Nidec to shut down affected servers and networks. Blackfield has given Nidec over 15 days to negotiate, with options to extend the deadline for $5,000/day or purchase the stolen data outright for $400,000. This is Nidec's second ransomware incident in under two years, following a 2024 breach of its Vietnam-based Nidec Precision division by the 8Base and Everest gangs.

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

Nissan disclosed a data breach affecting current and former employees across the US, Canada, Mexico, and Brazil after attackers exploited CVE-2026-35273, a zero-day vulnerability in Oracle PeopleSoft PeopleTools. The breach is linked to the ShinyHunters extortion group, which claimed to have compromised over 300 PeopleSoft instances across 100 organizations between May 27 and June 9. Exposed data may include Social Security numbers, banking details, tax information, and dependent/beneficiary records. Nissan has restricted payroll access to secured networks and VPN, engaged external cybersecurity experts, and is offering credit and dark web monitoring to affected individuals. CISOs are advised to apply Oracle's emergency patches, lock down payroll workflows, and prepare employee-focused breach response plans.

AI may be good at finding security vulnerabilities, but it can't beat human stupidity

Vụ lộ dữ liệu Klue xảy ra do mật khẩu cũ bị xâm phạm, cho phép nhóm tống tiền Icarus truy cập Salesforce của hàng trăm công ty, trong đó có Huntress và LastPass. Dù AI phát hiện lỗ hổng như Squidbleed (lỗi 29 năm tuổi trong Squid proxy), nguyên nhân chính của hầu hết các vụ xâm nhập vẫn là sự bất cẩn của con người, như quản lý thông tin đăng nhập yếu kém.

Lập trình viên nên đọc bài này vì nó cho thấy rằng dù công nghệ AI mạnh mẽ trong phát hiện lỗ hổng, nhưng phân tích sâu về các lỗ hổng do người dùng (và quản lý hệ thống) gây ra—chẳng hạn như sử dụng mật khẩu yếu, không bảo mật tốt—là chìa khóa để hiểu tại sao hệ thống vẫn bị tấn công thường xuyên và cách cải thiện an ninh thực tế.

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

The National Association of Insurance Commissioners (NAIC) confirmed it was breached via CVE-2026-35273, a zero-day Oracle PeopleSoft vulnerability enabling unauthenticated remote code execution. The ShinyHunters cybercrime group, which claims to have targeted over 100 organizations in the same campaign, accessed publicly available statutory financial data, credit rating agency data, and outdated logs and configuration data. PII, payment, and financial account information were not compromised. ShinyHunters initially overstated the breach scope, later attributing the error to an AI-generated misinterpretation. CISOs are advised to patch PeopleSoft systems immediately, validate attacker claims against forensic evidence, and review exposed technical data for potential follow-on attack risk.

iPhone 18 secrets spill onto the dark web

A ransomware group has leaked sensitive Apple iPhone 18 Pro files on the dark web after stealing data from Tata Electronics, Apple's Indian manufacturing partner. The leaked files include component lists, supplier mappings, and drop-test photos of unreleased iPhone 18 Pro models marked 'confidential.' The breach exposes Apple's supplier relationships and bargaining vulnerabilities, coming at a sensitive time as India now accounts for 26% of global iPhone production and Apple is expected to raise iPhone prices. Tata has restricted internal system access and hired a forensic auditor in response.