Cyber Pulse: Top 10 Cybersecurity Stories This Week

1. FortiBleed Credential Campaign Formally Linked to Active Ransomware Operations

Researchers this week formally confirmed what analysts had long suspected: the operator behind FortiBleed’s mass credential-harvesting campaign had active access to negotiation panels for both INC Ransom and Lynx ransomware-as-a-service operations. Scanning activity targeted roughly 11,250 FortiGate SSL-VPN portals across 150+ countries, with verified admin-level access established on 409 targets and at least 12 confirmed ransomware deployments — all stemming from credential reuse rather than any new zero-day. SOCRadar and Bitsight confirmed over 86,644 FortiGate devices across 194 countries have verified working credentials exposed in the dataset.cyberinfos
Source: CyberInfos Weekly Report — https://www.cyberinfos.in/cybersecurity-weekly-report-june-29-july-5-2026/


2. FBI and Google Dismantle NetNut Residential Proxy Botnet (2 Million Devices)

On July 2–3, Google’s Threat Intelligence Group, working with the FBI, IRS Criminal Investigation, Lumen, and the Shadowserver Foundation, disrupted the NetNut (aka Popa) residential proxy network — a botnet built on over 2 million secretly hijacked consumer devices including smart TVs, routers, and streaming boxes. The network, traced back to publicly traded Israeli firm Alarum Technologies, was rented to criminal and espionage groups; a single June week saw 316 distinct threat clusters using it to conduct password-spray attacks and mask malicious traffic. Google disabled the NetNut command-and-control accounts and flagged its SDK in Play Protect, while sharing IOCs with platform providers globally.commonwealthsentinel+1
Source: Commonwealth Sentinel Weekly Roundup — https://commonwealthsentinel.com/cyber-security-weekly-roundup-week-of-june-29-july-5-2026/


3. DHS Homeland Security Information Network (HSIN) Breached by Unknown Threat Actor

The Department of Homeland Security confirmed on July 1 that its Homeland Security Information Network (HSIN) — a sensitive but unclassified platform used by federal, state, local, and private-sector partners for real-time threat sharing — was compromised by unknown hackers. The intrusion is believed to have occurred between late May and early June 2026, with attackers targeting both HSIN servers and an associated SharePoint collaboration system; investigators have not yet determined whether documents were exfiltrated. Senate Intelligence Vice Chair Mark Warner warned the exposed information “is highly sensitive, and its exposure risks national security,” noting the timing coincides with World Cup security coordination currently underway across the United States.bleepingcomputer+4
Source: BleepingComputer — https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/


4. Scattered Spider Suspect Peter Stokes Extradited to Face U.S. Federal Charges

The U.S. Department of Justice announced on July 1 that 19-year-old Peter Stokes — a dual U.S.-Estonian citizen using the handles “Bouquet,” “Spencer,” and “Jordan” — was extradited from Finland to face charges of conspiracy, computer intrusion, and fraud for his alleged role in Scattered Spider. Stokes was arrested in April at Helsinki airport while attempting to board a flight to Japan under an INTERPOL Red Notice; prosecutors say Scattered Spider has been tied to over 100 network intrusions and more than $100 million in ransom payments historically. The extradition is the latest in a series of Scattered Spider prosecutions following UK-based guilty pleas from Thalha Jubair and Owen Flowers, signaling sustained cross-border law enforcement pressure on social engineering-led extortion crews.cryptorank+3
Source: The Hacker News — https://thehackernews.com/2026/07/19-year-old-scattered-spider-suspect.html


5. Adobe Releases Emergency Patches for 7 CVSS 10.0 ColdFusion and Campaign Classic Flaws

Adobe shipped fixes for 11 critical vulnerabilities in ColdFusion 2025 and 2023 and Campaign Classic on June 30, including six flaws carrying the maximum CVSS score of 10.0 enabling unauthenticated arbitrary code execution. Adobe assigned its highest Priority 1 rating and recommended organizations patch within 72 hours, citing ColdFusion’s extensive exploitation history — 16 previous ColdFusion CVEs already sit in the CISA KEV catalog. Days after release, the path traversal flaw CVE-2026-48282 was observed under active exploitation from an IP geolocated to India.thehackernews+3
Source: The Hacker News — https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html


6. Tata Electronics (Apple/Tesla Supplier) Confirms Breach; 630 GB of Files Posted on Dark Web

Tata Electronics, which manufactures roughly one-third of Apple’s iPhones in India and supplies chips and components to Tesla, confirmed a “cybersecurity incident” after the World Leaks ransomware group posted more than 204,300 files — approximately 630 GB — on dark-web leak sites. Researchers reviewing the sample found Apple factory data, Tesla “TRADE SECRET” manufacturing documents, and files linked to TSMC and Qualcomm; Apple has launched its own investigation and a ransom demand has been made. Tata has since tightened remote access, hired a global forensic consultant, and notified the Indian government.techcrunch+3
Source: TechCrunch — https://techcrunch.com/2026/06/22/tata-electronics-a-major-tech-supplier-to-apple-and-tesla-confirms-data-breach/


7. Novo Nordisk Faces $25 Million Extortion Demand After 1.3 TB Data Theft by FulcrumSec

Cyber extortion group FulcrumSec disclosed it spent over two months inside Novo Nordisk’s networks, extracting more than 1.3 terabytes of data — including source code, drug research, clinical trial records, and internal AI model details — before demanding $25 million from the Danish pharmaceutical giant. Novo Nordisk refused to pay, after which FulcrumSec began exploring the private sale of portions of the data. The company had previously acknowledged a separate confirmed cybersecurity incident involving unauthorized access to clinical trial participant data, which it assessed as pseudonymized and unable to directly identify patients.finance.yahoo+3
Source: Reuters — https://www.reuters.com/legal/government/hacking-group-claims-major-hack-novo-nordisk-attempted-25-million-extortion-2026-06-16/


8. Nidec Corporation’s Taiwan Subsidiary Hit by Blackfield Ransomware; $2 Million Ransom Demanded

Nidec Corporation, a major Japanese manufacturer of precision motors and electronic components for automotive and computing applications, confirmed that its Taiwanese subsidiary Nidec Chaun Choung Technology suffered a ransomware attack on June 22. The Blackfield ransomware group claimed responsibility and gave Nidec 15+ days to engage in negotiations under threat of data publication, demanding $2 million to delete the stolen data — and offering a $400,000 immediate download option for buyers. Nidec stated the attack was contained to the Taiwanese subsidiary’s independent network, with no impact confirmed on the broader Nidec Group at the time of reporting.bleepingcomputer+1
Source: BleepingComputer — https://www.bleepingcomputer.com/news/security/blackfield-ransomware-asks-nidec-corporation-for-2-million-ransom/


9. Apple Accelerates Security Update Release Cycle in Response to AI-Driven Threat Acceleration

In a notable policy shift, Apple announced on June 29 that it is decoupling critical security patches from major iOS release cycles to shrink the window of vulnerability in an era where AI tools dramatically accelerate exploit development. The company told Reuters it is adapting to the reality that AI can compress the time between a security flaw’s disclosure and active exploitation, making the traditional practice of bundling security fixes with broader iOS releases inadequate. Apple confirmed the latest patches are being made available ahead of iOS 26.6, with no evidence of current exploitation — but citing the evolving threat landscape as the driver.macdailynews+4
Source: Reuters — https://www.reuters.com/business/apple-says-it-is-releasing-updates-early-response-ai-cybersecurity-concerns-2026-06-29/


10. California Expanded Privacy Rules Take Effect July 1; Extortion Attacks Rise 63% Year-Over-Year

California’s amended privacy framework became effective July 1, broadening definitions of sensitive personal information to include health data, new identity categories, and adding rights to contest automated profiling decisions, while banning targeted advertising to minors. Combined with comprehensive privacy laws now active in Indiana, Kentucky, and Rhode Island, and a federal push toward 72-hour incident reporting and 24-hour ransomware payment disclosure, the regulatory compliance floor for data handling continues to rise. Separately, Intel 471 data published this week confirmed extortion-related cyberattacks rose approximately 63% year-over-year to an estimated 6,800 incidents — with consulting firms and manufacturers most frequently appearing on ransomware leak sites.commonwealthsentinel+1
Source: IAPP / CyberInfos — https://iapp.org/news/a/new-year-new-rules-us-state-privacy-requirements-coming-online-as-2026-begins | https://www.cyberinfos.in/cybersecurity-weekly-report-june-29-july-5-2026/