NAIC says public data stolen in ShinyHunters' PeopleSoft breach

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

Japanese telecom KDDI disclosed a data breach affecting up to 14.2 million email accounts across six ISPs including STNet, JCOM, NIFTY, and BIGLOBE. Attackers exploited a vulnerability in unnamed third-party software on KDDI's shared email system, potentially exposing email addresses and passwords. Some passwords were stored hashed or encrypted, but KDDI did not disclose the method or proportion stored in plaintext. The breach was discovered June 17 and reported to Japanese regulators. Affected customers are advised to reset passwords and enable 2FA. CISOs are warned about downstream risks from shared provider infrastructure, credential stuffing, and business dependence on personal ISP email accounts for recovery workflows.

Password manager maker LastPass says hackers stole customer support case data during Klue breach

LastPass thông báo dữ liệu hỗ trợ khách hàng (bao gồm tên, số điện thoại, email, địa chỉ) bị đánh cắp thông qua vụ xâm nhập tại Klue – đối tác nghiên cứu thị trường. Vault mật khẩu của LastPass không bị ảnh hưởng, nhưng nhóm tấn công Icarus đe dọa công bố dữ liệu nếu không trả tiền chuộc. Đây là vụ xâm nhập thứ hai của LastPass trong vài năm gần đây.

Lập trình viên nên đọc bài này để hiểu cách bảo mật hệ thống và dữ liệu khách hàng của các ứng dụng như LastPass, từ đó có thể áp dụng các biện pháp phòng ngừa và cải thiện an ninh cho các dự án của mình.

Data breach exposes up to 14.2 million email logins at six ISPs

KDDI Corporation, one of Japan's largest ISPs, disclosed a data breach affecting up to 14.2 million email accounts across six ISPs. Threat actors exploited a vulnerability in unnamed third-party software to access an email system shared by STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE. Exposed data includes email addresses and passwords, though some passwords were stored in hashed or encrypted form. KDDI discovered the breach on June 17, notified Japanese regulators, and is advising affected customers to reset passwords and enable 2FA.

Third-Party Breaches Teach Schools a Costly Lesson in Vendor Risk

The education sector faces escalating cybersecurity threats, with 1,252 data breaches recorded in 2025 according to Verizon's DBIR, over 65% involving ransomware. Third-party SaaS platforms are a primary attack vector — a single breach can cascade across thousands of institutions. High-profile incidents include a ransomware attack on Canvas (Instructure) affecting 30 million users during final exams, and the 2023 MOVEit breach impacting 900 universities. Schools are particularly vulnerable due to legacy systems, limited IT budgets, and heavy reliance on third-party vendors. Recommended mitigations include formal third-party risk management programs, contractual vendor accountability, SSO with MFA, vulnerability management, and business continuity planning. AI-powered security tools may help reduce costs for under-resourced institutions. Experts also call for increased federal cybersecurity funding and a comprehensive U.S. federal privacy law.

29th June – Threat Intelligence Report

Weekly threat intelligence roundup covering major attacks and breaches including a $3M supply chain attack on Polymarket via malicious JavaScript injection, a KDDI breach exposing 14.22 million email accounts, and a 630GB data theft from Tata Electronics. AI threats include EvilTokens phishing-as-a-service with a 1,380% surge in device-code phishing, a fake AI skill hijacking 26,000 agents, and the BioShocking AI technique bypassing agentic browser guardrails. Key vulnerabilities patched include a Cisco Catalyst SD-WAN zero-day, four Dify AI platform flaws, and three actively exploited Ubiquiti UniFi OS bugs linked to Mirai botnet activity. Threat intelligence highlights include the FortiBleed campaign stealing 110 million credentials from 430,000 FortiGate devices, Russia-linked Turla's StockStay malware targeting Ukraine, and a Chinese DCloud framework powering over 236,000 scam domains.

Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

Mandiant tiết lộ cách tin tặc khai thác lỗ hổng CVE-2026-20245 (command injection) trong Cisco Catalyst SD-WAN Manager, Controller và Validator để leo thang đặc quyền lên root. Chúng tạo tài khoản 'troot' thông qua file CSV độc hại tải lên tính năng tenant-upload CLI, đồng thời xóa dấu vết bằng kỹ thuật chống pháp y. Mandiant khuyến nghị thu thập dữ liệu chẩn đoán, kiểm tra kết nối peering trái phép và nâng cấp lên phiên bản vá lỗi.

Lập trình viên nên đọc bài này để hiểu cách hacker khai thác lỗ hổng trên hệ thống SD-WAN của Cisco, từ đó tìm hiểu về kỹ thuật bảo mật mới, cách xây dựng hệ thống an toàn hơn và ứng dụng kiến thức về bảo vệ ứng dụng web và cơ sở dữ liệu trong các dự án của mình.

AI may be good at finding security vulnerabilities, but it can't beat human stupidity

A podcast transcript discussing the Klue breach, where compromised legacy credentials allowed attackers to access Salesforce environments of hundreds of companies including Huntress and LastPass. A new extortion group called Icarus was responsible, not the usual suspects ShinyHunters. The discussion also covers the Huntress insider allegation drama, AI-discovered vulnerabilities like Squidbleed (a 29-year-old Squid proxy bug), and the broader argument that despite AI's growing role in finding vulnerabilities, human failures like poor password hygiene and lazy credential management remain the root cause of most breaches.