Skip to main content
news

Aflac Japan Breach, HSIN Cyberattack Confirmed, Foxconn Ransomware Claimed – Cybersecurity News [June 29, 2026]

Brad Slavin
Brad Slavin General Manager

Quick Answer

This week's cybersecurity news highlights major data breaches, ransomware attacks, exploited software vulnerabilities, AI-powered cyber threats, and a massive credential leak. It also reinforces the importance of strong email security, timely patching, and phishing protection to reduce cyber risk.

cybersecurity news

Aflac discloses Japan subsidiary breach affecting 4.38 million customers

Insurance giant Aflac disclosed a data breach after attackers accessed its Japan subsidiary’s systems and stole personal and bank account information belonging to millions of customers. The company told the SEC that Aflac Japan discovered the unauthorized access on June 25, with the intrusion window running from June 15 to June 25, 2026. The attack has been linked to the Scattered Spider group, which was also behind recent breaches at Erie Insurance and Philadelphia Insurance Companies.

DHS confirms hackers breached the Homeland Security Information Network (HSIN)

The Department of Homeland Security is investigating a cyberattack that compromised HSIN, a sensitive information-sharing platform used by federal, state, local, and private-sector partners, in an intrusion believed to have occurred between late May and early June. Attackers reportedly targeted HSIN servers as well as a SharePoint collaboration system, and DHS has not yet attributed the attack to a specific actor.

Foxconn cyberattack claimed by Nitrogen ransomware gang

Electronics manufacturing giant Foxconn confirmed a cyberattack that has been claimed by the Nitrogen ransomware operation, continuing a wave of ransomware activity against large manufacturers this year.

Charter Communications breach hits 4.9 million accounts

BleepingComputer reports that Charter Communications suffered a data breach affecting roughly 4.9 million customer accounts, adding another major telecom name to this year’s growing breach list.

Email Smtp Service 9235

Alleged Scattered Spider hacker extradited to the US

A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective, one of the most prolific extortion and social-engineering groups behind recent insurance and retail breaches.

Kubota North America discloses month-long network intrusion

Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year, raising fresh concerns about dwell time in industrial and agricultural equipment companies.

Medtronic notifies customers of third-party data breach

Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party, adding to a steady drumbeat of medical-device-sector incidents this year.

SMTP Email Server 9567

FortiBleed credential theft campaign linked to INC and Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. Dark Reading separately reported that FortiBleed actors appear to be collaborating directly with the Inc and Lynx ransomware gangs.

CISA warns of active exploitation of Microsoft SharePoint RCE flaw

CISA warned this week that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability that was patched back in May, putting organizations still running unpatched SharePoint servers at immediate risk.

Cisco confirms exploitation of Unified Communications Manager flaw

Cisco confirmed that attackers are exploiting a vulnerability in its Unified Communications Manager (Unified CM), which was patched in early June, a reminder of how quickly enterprise VoIP infrastructure becomes a target once a patch reveals the underlying flaw.

KDDI discloses email system breach affecting multiple Japanese ISPs

KDDI said attackers exploited a vulnerability in third-party software used in its email system, and Japan’s communications ministry ordered KDDI to submit a report under the Telecommunications Business Act by July 6. The breach reportedly affected systems shared with several other Japanese internet service providers.

Spf Permerror 5665

24 billion records exposed in colossal credential leak

Cybernews reported on a massive data leak exposing 24 billion records, including usernames and passwords, one of the largest aggregated credential dumps disclosed this year, raising fresh warnings about credential-stuffing risk for consumers and businesses alike.

Apple AirDrop and Android Quick Share found vulnerable to nearby attackers

Researchers disclosed six security flaws affecting Apple’s AirDrop and Android’s Quick Share, leaving roughly five billion iPhones and Android phones exposed to nearby attackers who could crash devices, tamper with active file transfers, or potentially run code.

New ChocoPoC RAT hidden inside fake GitHub proof-of-concept exploits

Multiple weaponized proof-of-concept exploits uploaded to GitHub were found delivering a Python-based remote access trojan named ChocoPoC, capable of executing commands and stealing sensitive data, in what appears to be a campaign aimed squarely at cybersecurity researchers who download and test public exploit code.

Researchers identify JadePuffer, the first ransomware campaign run by an AI agent

Researchers identified what they believe is the first documented case of a ransomware operation, called JadePuffer, conducted entirely by a large language model agent” a milestone likely to fuel debate about autonomous AI-driven cybercrime.

Email Sending Services 9424

Google-led operation disrupts NetNut residential proxy network

A joint operation involving Google disrupted NetNut, a residential proxy network that had given access to millions of compromised Android devices, striking at infrastructure widely used to mask malicious traffic and enable credential-stuffing and fraud campaigns.

CISA flags Windows “BlueHammer” flaw as now exploited by ransomware gangs

CISA updated its Known Exploited Vulnerabilities catalog to flag the Windows Defender privilege-escalation flaw dubbed BlueHammer (CVE-2026-33825) as now being exploited in ransomware campaigns, months after the flaw was first leaked publicly by a researcher protesting Microsoft’s disclosure process.

Strong email security is essential for defending against phishing, credential theft, and ransomware attacks highlighted in this week’s cybersecurity news.

Brad Slavin
Brad Slavin

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.