University data breaches, fake AI learning resources, World Cup cyber risk and more … June’s cybersecurity stories highlight a familiar pattern: attackers are exploiting trusted systems, public interest and gaps in visibility.
This month also shows how cyber risk is spreading across more areas of daily life, from education and global events to connected vehicles and international resilience planning.
Read more in our June Cybersecurity Roundup.
Cyber-attacks in the news
University of Nottingham confirms student data breach
The University of Nottingham confirmed that a significant amount of data from its student record system had been accessed by a well-known cybercriminal group.
Reports suggest the compromised data may include contact details, course information, student and staff IDs, financial information and national insurance numbers. The university said it had taken affected systems offline, launched an investigation and reported the incident to Action Fraud and the Information Commissioner’s Office.
The incident has also been linked in wider reporting to ShinyHunters activity targeting Oracle PeopleSoft environments, including systems used by universities. The group has reportedly exploited CVE-2026-35273, an Oracle PeopleSoft zero-day vulnerability, to access enterprise systems and steal data.
This is a strong reminder of the risks facing higher education institutions, which hold large volumes of sensitive personal, financial and academic data. It also highlights the importance of securing widely used enterprise platforms, especially where they support core services and contain high-value information.
Fake AI guides used to spread AsyncRAT malware
Threat actors have been disguising malware as AI study guides and developer resources, targeting people looking for learning materials around AI tools and development.
Fortinet’s FortiGuard Labs observed malicious files using titles such as “AI-Ready PostgreSQL 18: Building Intelligent Data Systems” and a fake guide to agentic coding with Claude Code. Once opened, the files triggered a multi-stage attack chain designed to deliver AsyncRAT, a remote access trojan that can give attackers control of infected systems.
This is an obvious example of attackers exploiting interest in AI adoption. As more people look for guides, tools and resources to help them understand AI and how to utilise it, cybercriminals are using that demand as cover for malware delivery.
In terms of a wider lesson, it’s clear that user awareness still matters, but so does control over what employees can download, run and install. Especially with people becoming more and more curious about AI.
World Cup facing cybercriminal and hacktivist threats
Researchers have warned that the 2026 FIFA World Cup is expected to face extensive cyber threat activity, with fans, organisers and supporting infrastructure all likely to be targeted.
Cybersecurity Dive reported that more than 10,000 World Cup-themed malicious domains had appeared since January, according to Arctic Wolf. Researchers also found fake career sites aimed at stealing Google Workspace accounts and a weaponised “employee handbook” PDF used to target staff in one host city.
Major events create a large and temporary attack surface. Fans are looking for tickets, travel information and updates which has organisers and suppliers under pressure to keep systems running smoothly.
This obviously makes events like the World Cup attractive to cybercriminals, fraudsters and politically motivated actors. For organisations involved in major events or peak trading periods, preparation has to include phishing awareness, impersonation risk, domain monitoring and incident response.
The cybersecurity landscape
Automotive cyber vulnerabilities surge
PCA Cyber Security has reported a 105% year-on-year rise in automotive cybersecurity vulnerabilities, with 265 new automotive CVEs identified in the first quarter.
The report found that 88% of the vulnerabilities could be exploited without specialist tools or extensive preparation. It also highlighted how automotive cyber risk now extends beyond the vehicle itself, including cloud services, mobile apps, online marketplaces and customer support channels.
This truly reflects the growing complications of connected and software-defined vehicles. With more functions relying on software, telematics and networked systems, the attack surface increases.
EU provides cyber support to Ukraine against major attacks
Ukraine can now activate emergency EU cyber support in response to large-scale cybersecurity incidents, after the Council of the European Union approved its inclusion in the EU Cybersecurity Reserve.
The Reserve is managed by the European Union Agency for Cybersecurity and provides incident response services from trusted private providers to help respond to significant or large-scale attacks.
This move reflects the growing importance of international cyber cooperation. Cyberattacks cross borders, affect shared infrastructure and require speedy access to specialist support.
It also demonstrates how cyber resilience being perceived as just a technical issue no longer applies, it being a strategic issue is acknowledged more and more. Preparedness, response capacity and, of course, trusted partnerships are becoming central to how governments and organisations manage cyber risk.
Threat landscape snapshot
Enterprise systems remain high-value targets
The University of Nottingham incident and wider Oracle PeopleSoft activity highlight the risk around widely used enterprise platforms. Where these systems hold sensitive data and support core operations, exposure can quickly become a serious incident.
AI interest is creating new social engineering opportunities
The AsyncRAT campaign shows how attackers are using AI-related curiosity to make malicious downloads feel useful and relevant. As AI adoption grows, so will attempts to exploit it.
Major events create temporary but intense cyber risk
The World Cup threat activity shows how large events attract phishing, fraud, impersonation and disruption attempts. The risk affects fans, organisers, suppliers and supporting infrastructure.
Connected technology is widening the attack surface
Automotive vulnerabilities show how cyber risk is moving into more physical and operational environments. Vehicles, apps, cloud platforms and customer services are now part of the same risk picture.
Resilience depends on preparation and trusted support
Ukraine’s inclusion in the EU Cybersecurity Reserve reinforces the importance of having access to rapid response services and specialist expertise before a major incident happens.
Cyber resilience starts before an incident happens
At Brigantia, we support channel partners in protecting their clients with our selected vendor portfolio, specialists and dedicated support.
To read more articles like this, head to our news and articles page. To explore our vendors or discuss how we can support your security offering, visit our vendor page or get in touch with the Brigantia team.
