
June 2026 delivered one of the busiest months in recent cybersecurity history. Pharmaceutical giant Novo Nordisk suffered a breach exposing clinical trial patient data. Nintendo confirmed data stolen through a third-party vendor. A massive credential leak exposed 24 billion login credentials. And Indian automaker Bajaj Auto was hit by ransomware that disrupted its IT systems.
Here are the incidents that mattered most.
Novo Nordisk: Clinical Trial Data and a $25 Million Extortion Demand
On June 11, Novo Nordisk disclosed that attackers gained unauthorized access to internal systems and copied clinical trial-related patient data. The potential categories of personal data affected include patient ID, year of birth, sex, and health or immunogenicity data. The company shut down some internal IT systems temporarily as part of its response.
On June 16, the hacking group Hunters International claimed responsibility and demanded $25 million in extortion. Novo Nordisk, the world’s largest insulin maker, said it was in touch with authorities. The breach is particularly sensitive because it involves health data from active clinical trials, not just corporate records.
Nintendo: Third-Party Vendor Breach Exposes Job Applicant Data
Nintendo confirmed on June 18 that personal information belonging to job applicants was stolen after attackers breached a WebMD subsidiary’s recruitment platform. The data had been shared with Nintendo during the hiring process through that third-party platform.
A separate hacking group, Shadowbyt3$, later claimed to have stolen approximately 859MB of data from Nintendo directly, demanding a $2 million ransom. Nintendo’s confirmation was limited to the WebMD subsidiary incident. The attacker claimed the records span from 2016 through 2026.
24 Billion Credentials Exposed in Massive Data Leak
On June 17, researchers warned that 24 billion login credentials compiled from numerous sources were exposed online. The leak significantly increases the risk of account takeovers, identity theft, and large-scale credential-stuffing attacks. The credentials were aggregated from multiple breach databases and credential dumps, not from a single new incident.
This is a reminder that password reuse remains one of the most exploitable vulnerabilities in consumer and enterprise security.
Bajaj Auto Ransomware Attack
On June 23, Indian automaker Bajaj Auto confirmed that a ransomware attack hit its IT systems. The company implemented containment measures while assessing the full impact. The incident disrupted parts of Bajaj Auto’s IT infrastructure and affected certain business operations. Details on the threat actor and data scope have not been disclosed.
Tata Electronics: Apple and Tesla Supplier Breached
On June 22, Tata Electronics, a major tech supplier to Apple and Tesla, confirmed a data breach. The hacking group Hunters International claimed to have exfiltrated company data and leaked it publicly. The breach exposed internal information and documents from a company that sits in the supply chains of two of the world’s most valuable tech companies.
DentaQuest: 2.6 Million Accounts Exposed
A data breach at dental benefits administrator DentaQuest exposed sensitive personal and health-related information belonging to approximately 2.6 million individuals. The breach increases the risk of identity theft and fraud for affected members. The attacker and specific attack vector have not been disclosed.
Other Notable Incidents
June saw a relentless pace of attacks across sectors:
- Meta AI Support: A breach exposed support case information for approximately 20,000 Instagram accounts who contacted Meta AI support services
- French Government Tchap: The French government’s internal messaging app suffered a breach exposing hundreds of thousands of private messages from government employees
- Texas Parks & Wildlife: A breach exposed millions of driver’s license and passport numbers
- Belgian State Security: An Ivanti vulnerability allowed suspected Chinese state-backed hackers to access sensitive communications
- Eastman Kodak: ShinyHunters claimed to have exposed approximately 2 million Kodak records
- LastPass: Confirmed a data breach through the Klue supply chain attack
- Amazon One Medical: Patient information exposed in a breach
- ServiceNow: Customer data exposed in a security incident
New Malware and Ransomware Families
Several new malware families emerged in June:
- MLTBackdoor: A modular backdoor using Beacon Object Files to extend functionality dynamically, distributed through ClickFix social engineering
- AryStinger: A botnet targeting D-Link, Linksys, and QNAP devices, converting them into a proxy network
- Crypto Clipper: Cryptocurrency-stealing malware spreading via infected USB drives using malicious shortcut files
- Rocket Banking Trojan: Android banking malware targeting 217 banking and crypto apps, using Accessibility Services for credential theft
- Lalia Ransomware: A new ransomware family targeting Windows environments with double-extortion tactics
Key Vulnerabilities Patched
CISA ordered federal agencies to patch multiple critical vulnerabilities in June:
- CVE-2026-41089: Critical Windows Netlogon flaw allowing unauthenticated remote code execution on domain controllers
- CVE-2025-53786: Microsoft Exchange Server zero-day actively exploited in attacks
- CVE-2026-20230: Critical Cisco Unified CM vulnerability allowing unauthenticated remote access
- CVE-2025-22457: Ivanti vulnerability actively exploited, CISA ordered patching within three days
The Bajaj Auto and Tata Electronics incidents underscore a pattern: manufacturing and automotive supply chain companies are increasingly targeted because a single breach can cascade into disruption across major tech brands.

Frequently Asked Questions
What data was exposed in the Novo Nordisk breach?
The breach exposed clinical trial-related patient data including patient ID, year of birth, sex, and health or immunogenicity data. The hacking group Hunters International claimed responsibility and demanded $25 million. Novo Nordisk said it was in touch with authorities and temporarily shut down some internal IT systems.
How did the Nintendo data breach happen?
Nintendo confirmed that job applicant data was stolen after attackers breached a WebMD subsidiary’s recruitment platform. The data had been shared with Nintendo through that third-party vendor during the hiring process. A separate group later claimed a direct Nintendo breach, but Nintendo’s confirmation was limited to the vendor incident.
What should I do about the 24 billion credential leak?
Check if your email addresses appear in known breach databases using services like Have I Been Pwned. Enable two-factor authentication on every account that supports it. Use a password manager to generate unique passwords for each service. The 24 billion credentials were aggregated from multiple prior breaches, so the risk is primarily from password reuse.
Which new malware should I watch for?
The Rocket Banking Trojan is particularly concerning for Android users, as it targets 217 banking and cryptocurrency apps using Accessibility Services. Avoid installing apps from unofficial sources. The Crypto Clipper malware spreads through infected USB drives, so do not plug in unknown USB devices. Keep your antivirus definitions updated.
How can organizations protect against supply chain attacks?
Vendor risk management is critical. Organizations should audit which third-party platforms hold their data (as the Nintendo-WebMD incident illustrates), enforce zero-trust network segmentation, and maintain incident response plans that account for vendor compromises. Regular penetration testing and vulnerability scanning of connected systems help identify weak points before attackers do.
