
Greetings, Cybersecurity Enthusiasts!
June saw breach activity climb to its highest level of the year, fueled by another surge in defacement activity and sustained ransomware operations. Higher education remained the most impacted sector, while Asia continued to gain share as ransomware activity became increasingly global. Gentleman overtook Qilin as the most active ransomware group, highlighting continued shifts in the threat landscape.
📊 Cyber Incidents Breakdown
Across all monitored sources, we recorded 2,509 breaches in June, up from 2,143 in May. The increase was driven primarily by another sharp rise in defacement activity, while ransomware remained one of the largest contributors to high-impact incidents.
Source Mix
- Ransomware Posts: 722 (↑ from 679)
- Defacements: 1,226 (↑ from 908)
- Hacker Forums: 346 (↑ from 300)
- News Coverage: 128 (↓ from 145)
- Official Reports: 81 (↓ from 106)
- SEC Filings: 6 (↑ from 5)
- Leak Reports: 0 (no change)
💥 Most Active Ransomware Gangs
The most prolific ransomware groups in June were:
- Gentleman — 120 victims (↑ from 75)
- DeadLock — 87 victims (new)
- Qilin — 77 victims (↓ from 103)
- LockBit — 48 victims (new)
- INC — 32 victims (no change from 32)
Gentleman became the most active ransomware operation in June, posting a substantial increase in victims over May. DeadLock emerged as a major new threat, while Qilin remained highly active despite a notable decline. LockBit also returned to the top five as ransomware activity continued to diversify.
🆕 Enhanced Ransomware Gang Tracking
HackNotice expanded intelligence coverage for the following groups due to increased activity and infrastructure visibility:
- Redact
- DeadLock
- BlackX
📰 Breaches That Made the News
Several high-profile breaches captured attention in June:
- GameStop: https://app.hacknotice.com/#/hack/6a449c10578c0daf2d844f13
- Recorded Future: https://app.hacknotice.com/#/hack/6a429e50f074ff821eeb6b39
- Bally’s Interactive: https://app.hacknotice.com/#/hack/6a3c3282578c0daf2d023842
- LastPass: https://app.hacknotice.com/#/hack/6a3a9120578c0daf2d8ed40d
- Huntress: https://app.hacknotice.com/#/hack/6a360e5f578c0daf2dff78d6
- Klue: https://app.hacknotice.com/#/hack/6a3402fe578c0daf2d08e293
🏭 Industry and Geography Insights
Industries Most Impacted
- Higher Education: 22.1% (↑ from 21.6%)
- Manufacturing: 11.1% (↑ from 7.7%)
- Professional, Scientific, and Technical Services: 9.9% (↑ from 8.8%)
- Information: 8.5% (↑ from 8.2%)
- Health Care and Social Assistance: 6.3% (no change from 6.3%)
Industry Trends
Higher education remained the most impacted sector in June, accounting for more than one-fifth of all categorized breach activity. Manufacturing saw a significant increase month over month, moving into the second-most impacted position, while professional services and information organizations also experienced elevated targeting.
🌍 Regions Most Affected
- North America: 46.6% (↓ from 52.1%)
- Europe: 25.5% (↑ from 23.6%)
- Asia: 13.6% (↑ from 10.3%)
- South America: 6.2% (↑ from 5.9%)
- Middle East: 3.7% (↑ from 3.4%)
- Oceania: 2.9% (↑ from 2.2%)
- Africa: 1.6% (↓ from 2.5%)
Regional Trends
North America remained the largest concentration of ransomware and breach activity despite a notable decline in overall share. Europe and Asia both continued to gain ground, with Asia recording the largest month-over-month increase. Attack activity remained broadly distributed across regions as threat actors expanded their global reach.
✅ Closing Thoughts
June marked the highest monthly breach volume of the year, driven by record defacement activity and continued ransomware operations. Gentleman overtook Qilin as the most active ransomware group, while higher education remained the most targeted industry. Europe and Asia continued gaining share, underscoring the increasingly global nature of today’s cyber threat landscape.
🔍 If you are not tracking ransomware’s role in third-party exposure, you are missing a critical blind spot.
Stay ahead of shifting threats with HackNotice’s real-time intelligence across ransomware, breaches, and dark-web activity.
👉 Request a demo to see how HackNotice helps you manage third-party risk.