Texas Parks and Wildlife Department is offering free credit monitoring to over 3 million Texans after a cybersecurity breach exposed personal data from the state's hunting and fishing license system. Texas Cyber Command detected the incident at a third-party licensing vendor.
Compromised data includes driver's license numbers, passport numbers, email addresses, phone numbers, and home addresses. No Social Security numbers, financial data, or minors' records were affected. License sales remain unaffected.
Impacted residents can enroll in one year of free Kroll credit monitoring until September 14, 2026. Support is available at (844) 959-7123, weekdays 8 a.m.–5:30 p.m.
Source: CBS News Texas
Texas Parks and Wildlife Department is offering free credit monitoring to over 3 million Texans after a cybersecurity breach exposed personal data from the state's hunting and fishing license system. Texas Cyber Command detected the incident at a third-party licensing vendor.
Compromised data includes driver's license numbers, passport numbers, email addresses, phone numbers, and home addresses. No Social Security numbers, financial data, or minors' records were affected. License sales remain unaffected.
Impacted residents can enroll in one year of free Kroll credit monitoring until September 14, 2026. Support is available at (844) 959-7123, weekdays 8 a.m.–5:30 p.m.
Source: CBS News Texas
Cybersecurity firm Sophos is warning of a dangerous new partnership between ransomware group Vect and TeamPCP, a credential-theft gang tied to the English-speaking Com collective. The collaboration, detailed in a July 2 blog post, combines TeamPCP's large-scale supply chain attacks with Vect's ransomware-as-a-service operation.
The threat is real — Sophos confirmed at least one Vect ransomware deployment using TeamPCP-stolen credentials. In March 2026, TeamPCP compromised 10,000 CI/CD workflows and stole over 500,000 login credentials via Aqua Security's Trivy scanner. The FBI issued a simultaneous FLASH warning, flagging TeamPCP malware including CanisterWorm, Sandclock, and the self-replicating worm Mini Shai-Hulud.
Source: Infosecurity Magazine
Cybersecurity firm Sophos is warning of a dangerous new partnership between ransomware group Vect and TeamPCP, a credential-theft gang tied to the English-speaking Com collective. The collaboration, detailed in a July 2 blog post, combines TeamPCP's large-scale supply chain attacks with Vect's ransomware-as-a-service operation.
The threat is real — Sophos confirmed at least one Vect ransomware deployment using TeamPCP-stolen credentials. In March 2026, TeamPCP compromised 10,000 CI/CD workflows and stole over 500,000 login credentials via Aqua Security's Trivy scanner. The FBI issued a simultaneous FLASH warning, flagging TeamPCP malware including CanisterWorm, Sandclock, and the self-replicating worm Mini Shai-Hulud.
Source: Infosecurity Magazine
The threat actors behind FortiBleed — a massive credential-harvesting campaign targeting Fortinet FortiGate firewalls — are now confirmed working with Inc Ransom and Lynx ransomware gangs. SOCRadar researchers caught a single operator logged into both groups' ransom negotiation panels while using infrastructure tied directly to FortiBleed.
The campaign has compromised roughly 12,000 active FortiGate devices, with credentials stolen from over 30,000. Of 409 targets where attackers gained admin access, 354 saw the full attack chain executed — VPN breach, domain controller access, domain admin. At least 12 ransomware deployments have been confirmed. SOCRadar also flagged an unpatched Nextcloud zero-day being actively exploited by the same group.
Source: Dark Reading
The threat actors behind FortiBleed — a massive credential-harvesting campaign targeting Fortinet FortiGate firewalls — are now confirmed working with Inc Ransom and Lynx ransomware gangs. SOCRadar researchers caught a single operator logged into both groups' ransom negotiation panels while using infrastructure tied directly to FortiBleed.
The campaign has compromised roughly 12,000 active FortiGate devices, with credentials stolen from over 30,000. Of 409 targets where attackers gained admin access, 354 saw the full attack chain executed — VPN breach, domain controller access, domain admin. At least 12 ransomware deployments have been confirmed. SOCRadar also flagged an unpatched Nextcloud zero-day being actively exploited by the same group.
Source: Dark Reading
Aflac has disclosed a significant data breach at its Japanese subsidiary, affecting nearly 4.4 million customers. Hackers accessed Aflac Japan's systems between June 15 and June 25, stealing policy details, personal information, and bank account data — including premium payment records for around 230,000 customers.
The company filed with the SEC on June 30, confirming US operations were unaffected. Some customer portal services remain offline, though claims and payments continue via call centers. Aflac Japan has notified authorities and says no misuse has been confirmed yet.
This marks the third breach targeting Aflac Japan since 2023.
Source: Infosecurity Magazine
Aflac has disclosed a significant data breach at its Japanese subsidiary, affecting nearly 4.4 million customers. Hackers accessed Aflac Japan's systems between June 15 and June 25, stealing policy details, personal information, and bank account data — including premium payment records for around 230,000 customers.
The company filed with the SEC on June 30, confirming US operations were unaffected. Some customer portal services remain offline, though claims and payments continue via call centers. Aflac Japan has notified authorities and says no misuse has been confirmed yet.
This marks the third breach targeting Aflac Japan since 2023.
Source: Infosecurity Magazine
Two critical vulnerabilities in Cursor IDE — the AI coding tool used by over half of Fortune 500 companies — can give attackers full remote code execution without any user interaction. Discovered by Cato AI Labs and dubbed "DuneSlide," both flaws carry a 9.8 CVSS score (CVE-2026-50548 and CVE-2026-50549).
The attack works through prompt injection: a victim simply types a normal prompt that accidentally pulls in attacker-controlled content — from a poisoned web search or rogue MCP server. From there, attackers can overwrite core sandbox binaries and compromise both the local machine and connected SaaS workspaces.
Cato says more disclosures are coming across other AI coding agents.
Source: Cybersecurity News
Two critical vulnerabilities in Cursor IDE — the AI coding tool used by over half of Fortune 500 companies — can give attackers full remote code execution without any user interaction. Discovered by Cato AI Labs and dubbed "DuneSlide," both flaws carry a 9.8 CVSS score (CVE-2026-50548 and CVE-2026-50549).
The attack works through prompt injection: a victim simply types a normal prompt that accidentally pulls in attacker-controlled content — from a poisoned web search or rogue MCP server. From there, attackers can overwrite core sandbox binaries and compromise both the local machine and connected SaaS workspaces.
Cato says more disclosures are coming across other AI coding agents.
Source: Cybersecurity News
Security firm Adversa AI has found a structural flaw — dubbed GuardFall — affecting 10 of 11 popular open source AI coding agents, including Hermes, OpenCode, and Roo-code. The issue lets attackers embed old-school Bash tricks like quote removal and $IFS spacing into content agents ingest, such as a poisoned README or Makefile. Once inside, those commands can silently steal AWS credentials or wipe dev environments, running with the developer's full account authority.
Only one agent, Continue, successfully blocked all test bypasses. Adversa recommends maintainers adopt a tokenize-and-canonicalize evaluator guard — the approach Continue uses — rather than relying on pattern-based text matching that Bash simply rewrites around.
Source: SecurityWeek
Security firm Adversa AI has found a structural flaw — dubbed GuardFall — affecting 10 of 11 popular open source AI coding agents, including Hermes, OpenCode, and Roo-code. The issue lets attackers embed old-school Bash tricks like quote removal and $IFS spacing into content agents ingest, such as a poisoned README or Makefile. Once inside, those commands can silently steal AWS credentials or wipe dev environments, running with the developer's full account authority.
Only one agent, Continue, successfully blocked all test bypasses. Adversa recommends maintainers adopt a tokenize-and-canonicalize evaluator guard — the approach Continue uses — rather than relying on pattern-based text matching that Bash simply rewrites around.
Source: SecurityWeek
AWS has patched a high-severity bug in the Amazon Q Developer extension for Visual Studio Code that could let attackers steal cloud credentials just by getting a developer to open a malicious repository. Tracked as CVE-2026-12957 and discovered by Wiz Research, the flaw allowed Amazon Q to automatically load and execute MCP server configurations without user approval — silently, before any code review happened.
Because spawned processes inherited the developer's full environment, attackers could grab AWS credentials, API keys, and SSH secrets. The fix landed in Language Server version 1.65.0. Similar MCP-related vulnerabilities have also been found in Claude Code, Cursor, and Windsurf.
Source: Dark Reading
AWS has patched a high-severity bug in the Amazon Q Developer extension for Visual Studio Code that could let attackers steal cloud credentials just by getting a developer to open a malicious repository. Tracked as CVE-2026-12957 and discovered by Wiz Research, the flaw allowed Amazon Q to automatically load and execute MCP server configurations without user approval — silently, before any code review happened.
Because spawned processes inherited the developer's full environment, attackers could grab AWS credentials, API keys, and SSH secrets. The fix landed in Language Server version 1.65.0. Similar MCP-related vulnerabilities have also been found in Claude Code, Cursor, and Windsurf.
Source: Dark Reading
The hacking group ShinyHunters has claimed responsibility for a major cyber-attack on the University of Nottingham, confirmed on June 10. Around 455,000 email addresses were compromised, with roughly 40 gigabytes of data stolen from the university's student record system.
Stolen data includes passport numbers, national insurance numbers, dates of birth, financial details, and ethnicity — affecting both current students and alumni. Experts believe the attack was likely a supply chain breach through a third-party platform, though voice phishing remains possible.
The university refused to pay the ransom, so the data was published. EMSOU's Regional Cyber Crime Unit is now investigating. Affected individuals should enable multi-factor authentication and stay alert to unexpected phone calls.
Source: BBC News
The hacking group ShinyHunters has claimed responsibility for a major cyber-attack on the University of Nottingham, confirmed on June 10. Around 455,000 email addresses were compromised, with roughly 40 gigabytes of data stolen from the university's student record system.
Stolen data includes passport numbers, national insurance numbers, dates of birth, financial details, and ethnicity — affecting both current students and alumni. Experts believe the attack was likely a supply chain breach through a third-party platform, though voice phishing remains possible.
The university refused to pay the ransom, so the data was published. EMSOU's Regional Cyber Crime Unit is now investigating. Affected individuals should enable multi-factor authentication and stay alert to unexpected phone calls.
Source: BBC News
Microsoft has attributed a supply chain attack on Mastra — an open-source TypeScript framework for building AI applications — to North Korean state actor Sapphire Sleet, also tracked as APT38 and BlueNoroff. The attribution, made June 19 with "high confidence," came after attackers compromised a npm maintainer account and poisoned over 140 packages with malicious code.
The malware targeted cryptocurrency wallets from 166 browser extensions, including MetaMask and Coinbase Wallet, while also stealing browser history and system data. It ran on Windows, macOS, and Linux. Developers should check for easy-day-js dependencies and note that Mastra versions 1.13.0 and earlier are unaffected.
Source: Infosecurity Magazine
Microsoft has attributed a supply chain attack on Mastra — an open-source TypeScript framework for building AI applications — to North Korean state actor Sapphire Sleet, also tracked as APT38 and BlueNoroff. The attribution, made June 19 with "high confidence," came after attackers compromised a npm maintainer account and poisoned over 140 packages with malicious code.
The malware targeted cryptocurrency wallets from 166 browser extensions, including MetaMask and Coinbase Wallet, while also stealing browser history and system data. It ran on Windows, macOS, and Linux. Developers should check for easy-day-js dependencies and note that Mastra versions 1.13.0 and earlier are unaffected.
Source: Infosecurity Magazine
The Education Authority (EA) has written to parents at 23 schools in Northern Ireland warning that their children's personal data may have been accessed in a recent cyber attack — 16 of those schools hadn't received any previous notification.
The attack targeted the C2K network, which handles IT for all schools across Northern Ireland, locking students out of accounts and resources during the lead-up to exam season. A 16-year-old boy was arrested and released on bail.
Forensic investigations are ongoing, and the EA says further notifications will follow as new evidence emerges.
Source: BBC News
The Education Authority (EA) has written to parents at 23 schools in Northern Ireland warning that their children's personal data may have been accessed in a recent cyber attack — 16 of those schools hadn't received any previous notification.
The attack targeted the C2K network, which handles IT for all schools across Northern Ireland, locking students out of accounts and resources during the lead-up to exam season. A 16-year-old boy was arrested and released on bail.
Forensic investigations are ongoing, and the EA says further notifications will follow as new evidence emerges.
Source: BBC News