Featured image of post Cybersecurity Week in Review: June 23, 2026 – June 29, 2026
News

Cybersecurity Week in Review: June 23, 2026 – June 29, 2026

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

Klue Supply Chain Breach Impacts Multiple Tech Companies

A significant supply chain attack targeted Klue, a Vancouver-based market intelligence platform, resulting in the exposure of Salesforce CRM data from several high-profile organizations, including HackerOne, Gong, OneTrust, Tanium, and Huntress. The breach, attributed to the Icarus ransomware group, enabled attackers to access sensitive customer information such as names, business email addresses, phone numbers, job titles, sales notes, CRM records, pricing information, and internal sales communications. The full scope and quantity of data exposed remain under investigation, but the incident has affected a broad swath of the tech sector, including cybersecurity and compliance software providers1.

Tata Electronics and Bajaj Auto Hit by Ransomware

Tata Electronics, a major electronics manufacturer in India, suffered a ransomware attack by the World Leaks group. The attackers claim to have stolen over 600 GB of sensitive documents, including component specifications, manufacturing documents, and employee information related to Apple and Tesla. Meanwhile, Bajaj Auto, a leading automotive manufacturer, detected unauthorized activity on June 23 and initiated incident response procedures. The extent of data exposure at Bajaj Auto is still being determined1.

Sysco Corporation and Illinois Central College Targeted

Sysco Corporation, a global food distribution giant, was targeted by the ShinyHunters ransomware group, which claims to have exfiltrated over 61 million Salesforce records containing employee, customer, and internal corporate data. Illinois Central College, a large US community college, was also attacked by ShinyHunters, with the group claiming to have stolen 28 GB of sensitive HR and payroll data1.

Other Notable Breaches

  • KDDI Corporation (Japan): Unauthorized access to a mailing system used by six internet providers exposed over 14 million email addresses and passwords.
  • Ukrposhta (Ukraine): Hostile attack disrupted IT systems and applications, with the full impact under investigation.
  • London Hydro (Canada): Hackers accessed customer data, including personal and account information.
  • Kee Wah Bakery (Hong Kong): Detected unauthorized access and internal network malfunction; investigation ongoing1.

Significant Cyberattacks

Mustang Panda Espionage Campaigns

The China-aligned Mustang Panda group launched two major campaigns against Indian government and hydropower targets, deploying new malware and abusing Zoho WorkDrive as a command-and-control channel. The campaigns used SHARDLOADER (a DLL sideloading loader) and MINIRECON (a reworked backdoor), with traffic disguised as legitimate cloud activity. Indian CERT and Acronis Threat Research Unit collaborated on notification and remediation2.

Gamaredon Expands Ukraine Attacks

The Russian APT group Gamaredon continued its aggressive spear-phishing campaigns against Ukrainian government and military institutions. The campaigns used HTML smuggling to deliver malicious downloaders and new malware payloads, with the goal of exfiltrating sensitive information to support Russian interests in the ongoing conflict2.

DCloud Uni-App Framework Abused in Crypto Scams

Researchers identified over 236,000 scam websites using the DCloud Uni-App framework to power fraudulent cryptocurrency exchanges, phishing operations, and wallet drainers. These sites are part of a large-scale, multi-language scam infrastructure targeting global victims2.

Critical Vulnerabilities

DirtyClone Linux Kernel Flaw (CVE-2026-43503)

A new variant of the Dirty Frag Linux kernel vulnerability, dubbed DirtyClone (CVE-2026-43503), was disclosed. This flaw allows local users to gain root privileges via cloned packets on Debian, Ubuntu, and Fedora systems with default namespace configurations. The exploit is particularly dangerous in multi-tenant environments where unprivileged user namespaces are enabled2.

  • CVSS Score: Not specified, but described as high risk.
  • Affected Systems: Debian, Ubuntu, Fedora (with default namespaces)
  • Mitigation: Patch deployment and review of namespace configurations.

Critical libssh2 Client-Side Flaw (CVE-2026-55200)

A public proof-of-concept exploit was released for CVE-2026-55200, a critical vulnerability in the libssh2 library. The flaw allows a malicious SSH server to trigger memory corruption on a connecting client, potentially leading to code execution. All versions up to and including 1.11.1 are affected, and the vulnerability carries a CVSS 4.0 score of 9.2. Since libssh2 is embedded in many tools (curl, Git, PHP, backup agents), the risk is widespread, especially for statically linked binaries2.

  • CVSS Score: 9.2 (Critical)
  • Affected Versions: libssh2 ≤ 1.11.1
  • Mitigation: Update to patched versions and audit dependencies.

Government Responses

CISA Advisories and Vulnerability Catalog Updates

The US Cybersecurity and Infrastructure Security Agency (CISA) continued to update its Known Exploited Vulnerabilities Catalog throughout June, adding several new vulnerabilities and issuing alerts on high-impact threats. While no new advisories were published specifically between June 23 and June 29, the agency’s ongoing efforts underscore the need for rapid patching and threat intelligence sharing3.

Miscellaneous

Malicious Chrome and Edge Extensions

Microsoft and Google removed a malicious Chrome extension, “Search for perplexity ai,” which intercepted user searches and address bar input, routing data through attacker-controlled servers. Microsoft also took down 119 malicious Edge extensions (collectively called StegoAd) that used steganography to hide malware in images and fonts, with a combined install base of up to 2.6 million users. The extensions were used for credential theft and ad fraud, with payloads activating days after installation2.

WhatsApp Introduces Usernames for Privacy

WhatsApp began rolling out a new feature allowing users to reserve unique usernames, enhancing privacy by enabling connections without sharing phone numbers. The feature is designed to prevent unwanted contact and protect user identities2.

Conclusion

This week’s cybersecurity landscape was marked by high-impact supply chain breaches, sophisticated nation-state campaigns, and the disclosure of critical vulnerabilities affecting widely used software. Organizations are urged to review their exposure to the latest vulnerabilities, monitor for supply chain risks, and stay abreast of government advisories. The continued abuse of browser extensions and cloud services for malicious purposes highlights the evolving tactics of threat actors and the importance of layered defenses.

Sources:

Stay vigilant and ensure your security teams are prepared for the evolving threat landscape.

© 2026 Senthorus Blog