Security Report – 26 Jun 2026

Cyber Resilience Supports Long-Term Stability and Security Against Evolving Threats

Security Report – 26 Jun 2026

The organisations best positioned to survive a ransomware attack share a common mindset: they treat cyber incidents as inevitable, not exceptional. They build systems that assume failure at every layer, practice recovery before they need it, and extend their protection to cover every workload, including SaaS applications. Finally, they understand that cyber resilience requires IT and security teams to work together to mount a coordinated response against attacks. Data protection remains essential to cyber resilience, but in isolation, it is not enough. Elevating it to cyber resilience means adding early detection, clean and verifiable restore points, isolated recovery environments, and a zero-trust posture. This has become the standard that the current threat landscape demands.

Recent Breaches

United States – Nintendo of America – Media, Sports & Entertainment 

Exploit: Third-Party Data Breach

Risk to Business: Moderate: Nintendo of America confirmed that threat actors stole survey data from its third-party TinyPulse service, which is used internally for employee feedback and engagement. An extortion-as-a-service group known as Shadowbyt3$ recently claimed to have breached Nintendo of America, the U.S.-based subsidiary of the Japanese gaming giant. The group alleged that it stole nearly 1 GB of internal data, including employee-related information, and demanded a $2 million ransom while giving the company 48 hours to negotiate before leaking the files. According to the threat actors, the stolen data includes names, email addresses, analytics and survey data, bank statements, W-9 forms, employee IDs, progress plans and reports spanning 2016 to 2026. The incident affected only employees who used TinyPulse and did not impact Nintendo’s gaming operations. Nintendo stated that its own systems were not compromised and that no personal customer or financial data was accessed.

United States – Klue – Technology 

Exploit: Supply Chain Attack

Risk to Business: Moderate: In an ironic turn of events, cybersecurity firms themselves have become victims of a supply-chain attack following a breach of market intelligence platform Klue. Vancouver-based market intelligence provider Klue disclosed on June 19 that hackers stole data from an undisclosed number of customers in a cyberattack between June 11 and 12. The incident affected Klue’s Salesforce integration, leading to data exfiltration from the Salesforce environments of multiple customers. According to the company, the attacker gained access through a compromised legacy credential, used it to obtain OAuth tokens that connected Klue to third-party platforms, including Salesforce, and then accessed data within the customer environments connected to those platforms. Notably, several cybersecurity companies were impacted, including HackerOne, Huntress, OneTrust and Snyk. Klue said the intrusion was limited to Salesforce instances and did not involve customers’ own systems. Meanwhile, the cybercrime group Icarus has claimed responsibility for the attack and stated on its leak site that it will publish the stolen data if a ransom is not paid.

Talk to a TCT team member today about implementing Cyber Security strategy plan for your business.

Robert Brown
26/6/2026

Related Articles:
Bad Onboarding Causes Messy Offboarding
M365 Settings Worth Checking