TechCrunch: The Worst Cybersecurity Breaches of 2026 So Far

Plus, Mastercard's inaugural Cyber Pulse Report examines evolving cyber threat landscape across Eastern Europe, the Middle East, and Africa.

Good morning! Here’s what’s up.

People

Bartley Richardson has joined CrowdStrike as chief AI and autonomous systems officer at CrowdStrike. Richardson joins CrowdStrike from NVIDIA, where he led engineering for agentic AI, cybersecurity AI, and AI infrastructure.

Clips ✂️

Hacked, leaked, and held for ransom: The worst breaches of 2026 so far

If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we’re seemingly one dodgy sneeze away from the next global pandemic.

But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain.

As we’re halfway through this already horrendous year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far, and how they might affect us going forward.

by TechCrunch

Mastercard Cyber Pulse Report reveals how strengthening digital resilience supports economic continuity

Mastercard released its inaugural Cyber Pulse report, offering a comprehensive view of the evolving cyber threat landscape across Eastern Europe, the Middle East, and Africa (EEMEA) over the last year.

The report combines regional threat intelligence from Mastercard's Cyber Insights platform with organizational cyber health assessments from RiskRecon, a tool which allows companies to evaluate the level of security of their internet-facing assets. This also includes advanced threat intelligence from Recorded Future - acquired by Mastercard in December 2024 - which continuously analyzes data to identify emerging cyber threats and risk patterns.

With visibility across evolving threat activity and the practical impact on businesses and governments, the report translates cyber risk into insights that matter for operational resilience, economic continuity, and long term trust in the digital economy.

by MasterCard

How cyber-risk can fall flat in the boardroom

Executive board members understand that cyber-risk can be expensive and disruptive, but they often lack a clear explanation of which exposures deserve immediate attention, how those risks compare with other enterprise priorities and what action leadership wants them to support.

They also need to understand which risks matter most now, what tradeoffs come with delays and where management believes action should come first.

Highly technical details about threat activity, vulnerabilities, audit findings and control maturity are useful to the security team, but they don't give directors what they need to do their job. The board is there to evaluate business exposure, weigh tradeoffs and hold leadership accountable for how risk is managed.

by InformationWeek

What Companies Should Know About Connecticut’s New Omnibus AI Law

On May 11, 2026, the Connecticut General Assembly passed Senate Bill 5, “An Act Concerning Online Safety” (“SB 5” or the “Act”), which Governor Ned Lamont signed into law on May 27, 2026. Connecticut's SB 5 is among the most ambitious state artificial intelligence (“AI”) laws enacted to date.

While many of the state AI laws that have passed in other jurisdictions focus on a single use case—such as Colorado’s revised automated decision-making technology Act or Washington’s AI companion chatbot law—Connecticut's omnibus approach is notable for its breadth. The 39-section statute tackles a wide range of topics related to AI and imposes obligations on consumer-facing AI chatbots, frontier AI model developers, developers and deployers of automated employment decision tools, and social media platforms, among others.

Each of the areas addressed in the Act have their own compliance timeline, with effective dates staggered from October 2026 through January 2028.

by WilmerHale

New Executive Order Targets Cyber Risks from Frontier AI

On June 2, 2026, President Trump issued an executive order (the “Order”) on artificial intelligence innovation and cybersecurity. The Order focuses on the cyber risks and defensive potential of advanced frontier AI models, including their ability to accelerate both malicious vulnerability discovery and cyber defense.

Although directed primarily to federal agencies, the Order offers important signals for AI developers, critical infrastructure operators, cybersecurity vendors, and other companies seeking to understand evolving federal expectations around AI-enabled cyber risk. It also provides a signal to companies: the federal government is developing a plan for dealing with frontier AI models and their impact on cyber, and the private sector should be doing the same.

The President also directed the Department of Justice to prioritize the investigation and prosecution of identity theft and wire fraud that is committed with the aid of AI.

In this blog post, we outline key aspects of the Order and explore implications for private companies.

by Debevoise Data Blog

Meta to take legal action against Israeli spyware firm NSO, foils phishing attacks

Meta said on Monday it is filing a federal court contempt order against Israeli spyware firm NSO Group for violating a permanent injunction that barred ‌it from ever targeting WhatsApp and its users.

The company said its WhatsApp messaging service disrupted new spear phishing attempts linked to NSO, an entity blacklisted by the U.S. government for engaging in activities that are contrary to the national security or foreign policy ⁠interests.

These attempts were similar to previous "1-click phishing campaigns," aimed to trick users into clicking malicious links and direct them to external websites, Meta said in a blog post.

"1-click" is a type of cyberattack where a single click on a malicious link or attachment is sufficient to compromise a victim's device or account, without requiring them to enter their credentials.

Meta said WhatsApp took down test accounts and groups created by NSO on its ‌platform. ⁠

by Reuters

X