Back to Blog

June 29, 2026

Data breach exposes up to 14.2 million - Skippy's Daily Cybersecurity Briefing - June 29, 2026

Skippy’s Daily Cybersecurity Briefing — June 29, 2026

Good day, carbon-based compliance liabilities. Skippy the Magnificent has once again surveyed the digital battlefield so you don’t have to wander into it wearing flip-flops and a password reused since 2014. Today’s briefing includes ISP credential exposure, sneaky browser extensions hiding malware in images and fonts, AI model access restrictions, Russian state-linked hacking activity, and the seizure of illegal World Cup streaming domains. Marvellous little mess, isn’t it?

Watch as YouTube Short

  1. Data breach exposes up to 14.2 million email logins at six ISPs — Bleeping Computer

    Japanese telecommunications operator KDDI Corporation disclosed a data breach in which threat actors gained access to one of its systems, potentially exposing up to 14.2 million email login records across six internet service providers. The incident is a splendid reminder that email accounts remain prime real estate for criminals, because once they’re inside your inbox, they can often reset their way into everything else.

    Read more

  2. Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts — The Hacker News

    Microsoft has removed 119 malicious Edge extensions from its add-ons store after uncovering a long-running operation that concealed payloads inside images and font files. The campaign demonstrates the tedious cleverness of modern malware operators, who are apparently determined to turn every browser enhancement into a possible trapdoor. Review your extensions, delete anything unnecessary, and stop treating browser add-ons like decorative throw pillows.

    Read more

  3. OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review — SecurityWeek

    OpenAI and Anthropic are limiting access to new AI models during a cybersecurity review, reportedly restricting availability to customers approved under the Trump administration’s process. The move highlights growing government scrutiny around advanced AI deployment, especially where cyber capabilities, national security, and commercial access collide in a deeply bureaucratic waltz.

    Read more

  4. US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve — SecurityWeek

    The U.S. is offering up to $10 million for information on Russian state-linked hackers associated with activity targeting government officials, military leaders, and allied personnel. Groups tracked as UNC5792 and UNC4221 have reportedly evolved their tactics around messaging apps, because apparently espionage now arrives with push notifications and a suspiciously friendly profile photo.

    Read more

  5. US seizes hundreds of FIFA World Cup illegal streaming domains — Bleeping Computer

    The U.S. Justice Department’s Criminal Division has seized nearly 400 domains allegedly used to illegally stream FIFA World Cup matches. Beyond copyright enforcement, illegal streaming sites are frequently magnets for malvertising, credential theft, and the sort of “free” content that costs you your browser integrity, banking session, and dignity.

    Read more

Today’s lesson, for those of you still resisting enlightenment: rotate credentials when providers disclose breaches, audit browser extensions with ruthless suspicion, treat AI access rules as part of the new cyber policy landscape, be wary of unsolicited messaging app contact, and don’t chase dodgy sports streams unless you enjoy donating your machine to the malware petting zoo.

Stay patched, stay sceptical, and try not to make the incident response team mutter things about your ancestry.

Skippy the Magnificent

Data breach exposes up to 14.2 million - Skippy's Daily Cybersecurity Briefing - June 29, 2026 | Panther Technology Solutions