Amadey, StealC malware operations disrupted in Operation Endgame action
A coordinated law enforcement operation involving Europol, Microsoft, ESET, Bitdefender, and partners has dismantled the criminal infrastructure behind the Amadey and StealC malware families — two cornerstone tools in the ransomware-as-a-service pipeline. The June 15–19 action, the latest phase of Operation Endgame, took down 326 servers and 142 domains, recovered roughly 27 million stolen credentials, and flagged over $47 million in criminal cryptocurrency. Microsoft’s civil action identified more than 140,000 infected devices globally in just the first two weeks of May 2026, with both families shown to share infrastructure and feed stolen credentials directly into ransomware supply chains.
macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
SentinelLABS has detailed a novel DPRK-linked macOS implant written in Rust that employs a previously undocumented anti-analysis technique: embedding 38 fabricated “system” messages designed to make an LLM-assisted triage pipeline abort or refuse its own analysis. Dubbed macOS.Gaslight, the implant uses a Telegram Bot API polling loop for command-and-control, applies AES-GCM encryption over certificate-pinned TLS, and bundles a Python-based credential stealer targeting browser data, keychains, and system profiles — with the Python runtime fetched on demand from a standalone CPython build rather than embedded in the payload. The bot token even self-redacts from runtime output to deny defenders an artifact they could use to interrogate the Telegram channel directly.
Hacker Group Steals Nintendo Employee Data, Posts $2 Million Ransom
The extortion-as-a-service group SHADOWBYT3$ claimed to have exfiltrated approximately 859 MB of data from Nintendo of America by compromising TINYpulse, a third-party employee engagement platform used by the company. The group posted a $2 million ransom demand and threatened to leak the full dataset, which allegedly includes employee names, corporate email addresses, internal survey responses, and workplace feedback records spanning nearly a decade. Nintendo confirmed the incident but characterized the loss as “limited to internal survey content comprising a small subset of our employees,” emphasizing that customer data and its core systems were not affected.
Phishing attack on healthcare firm Xsolis impacts 1.4 million people
Healthcare AI company Xsolis, which develops clinical decision software for more than 600 hospitals and health insurers, disclosed that a targeted phishing attack on January 20, 2026 gave attackers unauthorized access to files containing sensitive patient information. The breach, reported to the HHS Office for Civil Rights as affecting 1,396,519 individuals, potentially exposed names, dates of birth, Social Security numbers, health insurance details, and medical treatment records. Xsolis confirmed the incident has been contained and said it found no evidence of data misuse, but is notifying affected individuals and offering free credit monitoring — marking the third healthcare technology company breach disclosed in under a month.
Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach
India-based Tata Electronics, a key iPhone and Tesla component manufacturer, confirmed a cyberattack after the data extortion group World Leaks posted more than 630 GB of allegedly stolen files — over 204,000 documents — to a dark web forum. A sample reviewed by journalists appeared to include Apple supplier specifications and Tesla manufacturing documents referencing trade-secret-marked engineering drawings. Tata said its operations remain unaffected and activated incident response immediately, but declined to answer questions about which customers were notified or what data was compromised; Reuters separately reported that a ransom demand was made and that Apple has launched an investigation into the incident.
