29th June – Threat Intelligence Report
In Check Point Research’s 29th June threat intelligence update, multiple incidents were highlighted, including a supply-chain compromise impacting Polymarket customers, a reported KDDI ISP email platform breach affecting up to 14.22 million email addresses and passwords, and a Tata Electronics data breach involving alleged 630GB of leaked material. On the vulnerabilities front, Cisco fixed actively exploited CVE-2026-20245 in Catalyst SD-WAN Manager, Dify released 1.14.2 to address critical issues including CVE-2026-41947 and CVE-2026-41948, and Ubiquiti UniFi OS was flagged for exploitation of CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. The report also notes ongoing targeting of Langflow via CVE-2026-55255 and mass exploitation of CVE-2026-33017, underscoring how quickly attackers weaponize new weaknesses.
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
- Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, stealing about $3 million from fewer than 15 accounts, while the backend remained unaffected.
- KDDI, a Japanese telecom operator, has reported a breach of its ISP email platform after detecting an intrusion on June 17. Up to 14.22 million email addresses and passwords may have been compromised across services from six ISPs, including J:COM and Biglobe.
- Indian electronics and semiconductor manufacturer Tata Electronics, a supplier to Apple and Tesla, has suffered a cyberattack and data breach. The company said IT systems were affected, while the World Leaks group claimed 630GB of data, including alleged supplier and customer documents.
- Brazil’s National Civil Defense warning platform, managed by telecom regulator Anatel, has faced a cyberattack that sent a fake “Extreme Alert” to phones across several regions. Officials took the system offline after the message reached users in Paraná, São Paulo, and Rio de Janeiro.
- The National Association of Insurance Commissioners, a US insurance regulatory standards body, has confirmed a cyberattack after ShinyHunters claimed theft of 3.1TB of data through an Oracle PeopleSoft zero-day. The group claimed access to regulatory filings, production logs, cloud configuration files, and other internal records.…