A semana em notícias de violação

A growing wave of state-sponsored cyber activity and large-scale exploitation campaigns dominate the headlines this week, with the European Union exposing a Russia-linked cyber ecosystem that has targeted member states for years and the Australian Cyber Security Centre warning businesses about a global campaign exploiting vulnerable CMS platforms and plugins. Meanwhile, another U.S. insurance provider, AssuranceAmerica, disclosed a data breach affecting nearly seven million individuals, while hackers have claimed to have breached German banking giant Deutsche Bank.

Europa

União Europeia

Setor: Governo e setor público Exploração: Estado-nação

The European Union (EU) and its member states have publicly denounced a Russia-linked malicious cyber ecosystem that has been targeting organizations across the EU for years.

The EU has accused Russia’s Federal Security Service (FSB) of directing several cyberthreat groups, including TURLA, to conduct cyber operations against EU member states and international partners. The alleged activities include infiltrating government networks and sabotaging critical infrastructure. Countries reportedly targeted include France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland.

According to the EU, the group has conducted cyber espionage against strategic French government entities since 2010 and targeted the country’s defense industry in 2025. In Germany, it has focused on government organizations, while in Poland, it has recently carried out disruptive sabotage operations against critical infrastructure, including combined heating and power plants.

Fonte

Como isso pode afetar sua empresa

Nation-state cyberattacks have been increasing in recent years, particularly targeting organizations that work with government agencies and critical infrastructure. These organizations should strengthen their cyber defenses through continuous monitoring, robust access controls, timely patching and well-tested incident response and recovery plans to improve resilience against sophisticated threats.

Austrália e Nova Zelândia

Australian businesses

Setor: Tecnologia Vulnerabilidade: Configuração incorreta

Meanwhile, the Australian Cyber Security Centre (ACSC) has warned Australian businesses that malicious actors are actively scanning websites for vulnerabilities in a range of content management systems (CMS) and plugins.

According to the ACSC, a widespread exploitation campaign is targeting CMS platforms and their plugins globally, with numerous Australian businesses already affected. Threat actors are deploying webshells on compromised websites, potentially leading to service disruptions, data theft and further network compromise. The campaign targets platforms including WordPress, Craft CMS, MaxSite CMS, MetInfo CMS and Joomla JCE, as well as plugins such as Simple File List, WavePlayer, Ninja Forms and Craft CMS.

Reports suggest the campaign may be accelerated by AI, enabling threat actors to identify vulnerable systems and scale their attacks more effectively.

Fonte

Como isso pode afetar sua empresa

Website administrators should promptly apply the latest security updates for all CMS platforms and plugins to reduce the risk of exploitation. Organizations should also remove unused plugins, enable automatic updates where possible and implement stronger security measures, such as read-only directories and continuous monitoring for unauthorized file creation, to better defend against such web-based attacks.

Estados Unidos

AssuranceAmerica

Setor: Seguros Exploração: Hacking

American insurance company AssuranceAmerica disclosed a data breach affecting nearly 7 million individuals after attackers gained unauthorized access to its systems earlier this year.

AssuranceAmerica, which provides auto, renters and commercial auto insurance across 14 U.S. states, revealed in a filing with the Maine Office of the Attorney General that the breach affected 6,998,886 people. The company detected the incident on March 17 and determined that the attackers had stolen a broad range of customer information from its systems. The compromised data includes combinations of names, contact information, automobile insurance policy and account details, driver and vehicle information, claims-related information and driver’s license numbers.

The incident marks the second major breach involving a U.S. insurance provider in recent weeks, following American insurance giant Aflac’s disclosure that a breach at its Japan subsidiary affected more than 4 million customers.

Fonte

Como isso pode afetar sua empresa

A data exposure of this scale could fuel widespread phishing campaigns using stolen insurance and personal details. Individuals should review credit reports, bank accounts and other financial statements for unusual activity and immediately notify their financial institution if anything suspicious appears.

Estados Unidos

Cambridge Mobile Telematics

Setor: Tecnologia Exploração: Ransomware e malware

A ransomware group claimed responsibility for a cyberattack targeting Cambridge Mobile Telematics (CMT), a Cambridge, Massachusetts-based telematics and AI company.

On June 2, the ransomware group CoinbaseCartel claimed responsibility for the attack and threatened to leak sensitive data unless the company entered into negotiations. According to reports, the compromised information may include driving behavior data such as trip logs, acceleration and braking patterns and mobile phone distraction events. The attackers also claim to have obtained location information, including GPS coordinates, travel routes and location history, along with personally identifiable information, user profiles, insurance-related information and account details.

CMT has not yet confirmed the alleged breach or verified that any customer data was compromised.

Fonte

Como isso pode afetar sua empresa

The combination of driving history, location data and personal information could enable cybercriminals to launch highly targeted spear-phishing campaigns that appear credible and personalized. Individuals should remain cautious of unsolicited emails or messages requesting personal information or urgent action, even if they appear to reference legitimate account or insurance details.

Europa

Deutsche Bank

Setor: Finanças Exploração: Violação de dados de terceiros

Hackers claimed to have breached Frankfurt-headquartered banking giant Deutsche Bank, while the bank confirmed a cybersecurity incident involving a third-party service provider.

A ransomware group known as Unsafe claimed responsibility for the breach, publishing, it says, employee database records on its dark web leak site. As proof, the group posted database extracts, terminal output and commands that appear to show exports from multiple databases, suggesting the data may have originated from internal Deutsche Bank systems. According to reports, the exposed information includes employee email addresses, password hashes, physical addresses and internal database records.

Meanwhile, Deutsche Bank said it was notified of a cybersecurity incident involving an external service provider in Germany that operates a marketing and incentive platform for sales partners. The bank stated that there is no indication its internal systems or networks were affected and that it has found no evidence of unauthorized access to its own network.

Fonte

Como isso pode afetar sua empresa

Third-party vendors are increasingly being targeted as a pathway to compromise larger organizations, even when the organizations’ own networks remain secure. Businesses should regularly assess vendor security, limit third-party access to critical systems, continuously monitor external integrations and ensure suppliers adhere to strong cybersecurity practices.

Gosta do que está lendo?

Inscreva-se agora para receber notícias e informações sobre segurança em sua caixa de entrada todas as semanas

Próximos webinars e eventos

Participe dos nossos próximos eventos e webinars para obter insights de especialistas, estratégias práticas e as últimas tendências em segurança cibernética.

Beyond Backup: Building AI-Powered Cyber Resilience

July 21, 2026 2:00 PM EST

Descubra como a IA está transformando o backup, a prestação de serviços e as operações de segurança nesta Série de Inovação em IA, dividida em três partes. Veja como Kaseya Intelligence dados em ação por meio de fluxos de trabalho baseados em IA que ajudam os MSPs e as equipes de TI corporativas a se expandir com mais eficiência, resolver problemas mais rapidamente e fortalecer a segurança, utilizando insights extraídos de mais de 3 exabytes de dados em 17 milhões de terminais.

Registre-se agora

SaaS Alerts Jam: Reforce a segurança do SaaS com o Respond & Fortify

16 de julho de 2026, 11h00 (horário da costa leste dos EUA)

A segurança reativa já não é suficiente para proteger os ambientes SaaS atuais. Participe deste Tech Jam para saber como SaaS Alerts, desenvolvido pela Respond e pela Fortify, capacita os MSPs e as equipes de TI corporativas a detectar ameaças mais rapidamente, automatizar a resposta a incidentes e implementar as melhores práticas de segurança em todo o seu ecossistema SaaS.

Registre-se agora