Tata Electronics and Bajaj Auto continue recovery from cyberattacks.

Summary

By the N2K CyberWire staff

Tata Electronics and Bajaj Auto continue recovery from cyberattacks.

Mumbai-headquartered Tata Electronics, a key supplier to Apple, Tesla, and leading chip manufacturers, has tightened internal security controls following a data breach that came to light earlier this week, Reuters reports. The World Leaks ransomware group leaked more than 200,000 files allegedly stolen from the company, including what appear to be internal design papers from Apple and Tesla. The authenticity of this data has not been independently verified, and Tata hasn't commented on the contents of the leak. Reuters says the company has since restricted remote access to sensitive internal tools, and Apple's security team is working with Tata on near- and long-term security measures.

Another Indian manufacturing giant, Bajaj Auto, has resumed operations after sustaining a ransomware attack this week, ET Auto reports. The company says its manufacturing, sales, and service activities are now operating normally.

The research breaks at Black Hat first. Be there this August.

If you follow the research, you already know a lot of it breaks at Black Hat first. Hundreds of peer-reviewed Briefings, more than a hundred hands-on Trainings, and the largest Business Hall in Black Hat's history, across AI, cyber conflict, resilience, and identity. Six days in Las Vegas, August 1–6. Prices increase July 17. Register now with code CYBERWIRE for $200 off your Briefings pass.

Threat actors target critical infrastructure across Southeast Asia.

Palo Alto Networks' Unit 42 is tracking a cluster of threat activity carried out by Chinese-speaking actors targeting critical infrastructure across Southeast Asia. The threat actors, tracked by Unit 42 as "CL-STA-1062," have been active since at least March 2022. The attackers have previously been observed targeting web hosting infrastructure in Taiwan, and Unit 42 says the latest campaign "highlights a broader long-term strategy in the Asia-Pacific region." The recent attacks focused on energy and government organizations.

The attackers deployed a newly documented Trojan dubbed "TinyRCT," a lightweight backdoor written in C# that enables attackers to "execute arbitrary system commands, exfiltrate files, capture screenshots, and remotely manage the infected host."

Your crisis plan exists. But will it work under pressure?

Most organizations have a plan. Fewer have prepared for the decisions, tradeoffs, and uncertainty that come with a real crisis.

In a recent conversation with Dave Bittner, Courtney Guss of Semperis explains why compliance alone doesn't create resilience and how organizations can better prepare for the moments that matter most.

Listen now for practical guidance on strengthening your incident response program.

CISA warns of actively exploited PTC vulnerability.

The US Cybersecurity and Infrastructure Security Agency's (CISA's) Known Exploited Vulnerabilities (KEV) Catalog has listed a critical vulnerability affecting PTC's product lifecycle management tools Windchill and FlexPLM, SecurityWeek reports. The vulnerability (CVE-2026-12569) is an improper input validation flaw that can lead to remote code execution.

The agency also added a high-severity server-side request forgery (SSRF) vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager that was observed being exploited this past weekend. Cisco released fixes for this flaw on June 3rd.

CISA has ordered Federal agencies to apply patches for both vulnerabilities by Sunday, June 28th.

Behind the Headlines with Media Insiders

Inside the Media Minds pulls back the curtain on today’s media landscape, helping communicators understand what journalists, editors, and audiences actually care about. Hosts Christine Blake and Madison Farabaugh of W2 Communications sit down with influential media professionals for candid conversations about news, storytelling, and media trends. Listen now to sharpen your messaging, strengthen your media strategy, and tell stories that resonate.

Polish police disrupt SIM-swapping gang.

Polish police have arrested four alleged members of a cybercriminal gang known for targeting telecom vendors to conduct SIM-swapping attacks, BleepingComputer reports. The operation was led by the Polish Cybercrime Bureau (CBZC), supported by the US FBI and Homeland Security Investigations (HSI).

The suspects are accused of using SIM-swapping attacks to gain access to victims' cryptocurrency accounts. CBZC stated, "It is estimated that the total value of the funds laundered in this manner exceeds several tens of millions of Polish złoty" (at least US$5 million). The defendants are each facing up to 25 years in prison for charges related to money laundering, participation in an organized criminal gang, and hacking IT systems to commit theft.

Notes.

Today's issue includes events affecting China, Poland, Taiwan, and the United States.

Attacks, Threats, and Vulnerabilities

DCloud Uni-App: One Framework, 236,000+ Scam Sites (Infoblox Blog) How a Chinese open-source framework fuels 236,000+ scam sites across major cloud providers and bulletproof hosts, spread via social engineering.

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances (ESET) ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data.

Legislation, Policy, and Regulation

FCC passes new cybersecurity rules for emergency systems, undersea cables (CyberScoop) The new rules would overhaul national emergency systems to protect against hijacking and update federal security review rules for undersea cables providers.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

Interviewing Essentials: Grow Interviewing Muscle with Mock Interviews on The Dev Difference Tool (Virtual, USA, Jul 17, 2026) This session will introduce members to The Dev Difference, a free mock interview tool designed to help candidates practice, build confidence, and prepare for real interviews.

Breaking Barriers: Navigating Your Early Career as Women in STEM (Virtual, USA, Jul 21, 2026) Starting a career in tech can feel exciting, challenging, and uncertain. This session is designed to help women in STEM navigate the early years of their careers with more clarity and confidence. You’ll hear from Hayley Murphy, Senior Campus Recruiter on CBRE’s Campus Digital & Technology team, along with women working in Digital & Technology at CBRE.

Tech for Good: When Moments Matter with Axon (Virtual, USA, Jul 28, 2026) This session will explore career pathways in mission-driven technology and give members a closer look at how technical teams at Axon build products that support public safety, accountability, and real-world impact.

Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2026) The premier cybersecurity event of the year returns to Mandalay Bay with a re-engineered, six-day program built to ignite innovation, push boundaries, and bring the global security community together like never before. This year’s event features four days of immersive, expert-led Trainings (August 1–4), followed by Summit Day on Tuesday, August 4, and a two-day main conference packed with groundbreaking Briefings, open-source tool demos in Arsenal, a dynamic Business Hall, and unlimited learning & networking opportunities.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry's largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust N2K CyberWire to get the message out. Learn more.

Daily Briefing for 06.26.26

Top stories.

Tata Electronics and Bajaj Auto continue recovery from cyberattacks.

Threat actors target critical infrastructure across Southeast Asia.

CISA warns of actively exploited PTC vulnerability.

Polish police disrupt SIM-swapping gang.

Notes.

Attacks, Threats, and Vulnerabilities

Legislation, Policy, and Regulation

Events