Security Digest

Assembly Breach, Five Thousand Sorties, Black Walks

World Leaks ransomware group breached Tata Electronics, Apple's primary iPhone assembly partner in India, leaking more than 200,000 iPhone 18 Pro component files to the dark web; Oracle's E-Business Suite faced confirmed active exploitation while a separate PeopleSoft zero-day struck Nissan and hundreds of insurance sector clients; per NATO all 32 members met the 2% GDP defence spending threshold in 2025, a first for the alliance, with a 5% target now set for 2035; NATO Secretary-General Rutte confirmed approximately 5,000 US aircraft sorties from European bases during the US-Iran military exchange of 26-29 June; Apollo founder Leon Black walked out of a House Oversight interview on 26 June, the first walkout of the Epstein depositions, and was subpoenaed to return under oath on 16 July; and Russia launched a massive combined assault on all ten Kyiv districts on 1-2 July, killing eight.

Security Digest 022 — Audio

Listen to the audio version of this digest, voiced by Brian.

0:00 0:00

This Week in Brief

Week 27, covering 26 June through 2 July. The defining stories cross three domains: a supply chain ransomware breach at Apple’s primary Indian assembly contractor that put pre-release iPhone 18 Pro hardware specifications on the dark web, a four-day military exchange between the United States and Iran that NATO Secretary-General Mark Rutte confirmed drew approximately 5,000 US sorties from European bases, and a House Oversight interview on 26 June that Apollo Global Management founder Leon Black walked out of — the first walkout in these depositions — after refusing to answer questions on his Epstein NDAs; he was subpoenaed to return under oath on 16 July, and has acknowledged paying Epstein $158 million for advisory work. Oracle products were simultaneously under fire on two fronts, Russia launched one of its largest combined attacks on Kyiv in weeks, and on 2 July, under Judge Emmet Sullivan’s deadline, the Department of Justice declined to further unredact Epstein files, defended the redactions as protecting victims, and sought a 60-day extension to weigh an appeal. Per NATO, all Allies met or exceeded the 2% GDP defence benchmark in 2025, up from just three in 2014 — the first time all members have done so (SIPRI’s independent count, on actual expenditure, is 23 of 32). The EU AI Act’s high-risk AI-system obligations enter force in 31 days, on 2 August 2026; its general-purpose-AI provisions already applied from 2 August 2025.


Security

Tata Electronics / Apple iPhone 18 Pro Supply Chain Breach (World Leaks)

Ransomware group World Leaks breached Tata Electronics, Apple’s primary iPhone assembly contractor in India, and posted more than 200,000 files to the dark web, among them component photographs and detailed part specifications for upcoming iPhone 18 Pro models. Tata restricted access to sensitive systems while it investigated; Apple, facing a September launch window, separately announced an accelerated software update cadence citing AI-driven vulnerability exploitation as a concurrent driver. The theft of pre-release hardware specifications from a Tier 1 contract manufacturer is a competitive intelligence failure layered on top of a data breach, and whether Apple’s India supply chain diversification carries adequate security mandates downstream is the open question (NewsBytesApp, 27 June; AP via AOL, 2 July; The Guardian, 29 June).

Operational read: Review contractual security requirements with contract manufacturers. Mandatory data segmentation for pre-release specifications, ransomware resilience testing, and defined breach notification timelines are the minimum. Assume large assembly facilities are high-value ransomware targets; treat pre-release IP accordingly.

Oracle E-Business Suite: Confirmed Active Exploitation

A critical vulnerability in Oracle E-Business Suite was under confirmed active exploitation as of 1-2 July (computing.co.uk, 2 July). The same week, a separate Oracle PeopleSoft zero-day was linked to a breach at hundreds of insurance sector clients, confirmed by an insurance regulatory body on 29 June; Nissan independently disclosed a breach attributed to the same PeopleSoft vector. ShinyHunters claimed the Nissan component of the attack. Tracked as CVE-2026-46817 (CVSS 9.8, EBS Payments / File Transmission, unauthenticated remote code execution); ShinyHunters attribution remains unverified externally (single-source).

Operational read: Oracle’s July Critical Patch Update is emergency-priority if your environment runs E-Business Suite or PeopleSoft with any external network exposure. Segment externally reachable instances immediately if patching cannot happen before end of week.

Brief Security Notes

Kaspersky GReAT published research on a threat cluster designated StrikeShark, which Kaspersky assesses with low confidence as Chinese-speaking, using a custom loader (SharkLoader) with DLL hijacking and public CVE exploits to deploy Cobalt Strike Beacon against government, diplomatic and software-development targets across Asia, Latin America and Europe (Kaspersky GReAT, 26 June; single-source, self-published research). Months after the major Instructure Canvas learning management platform cyberattack, families of affected students received formal warnings that victim data is being actively used in downstream phishing operations, with stolen credentials feeding high-confidence lures mimicking educational portals and parent payment systems (wire coverage, 2 July). The US State Department and Department of Justice announced a $10 million reward for two named Russian state-sponsored threat actors who targeted Signal and WhatsApp for intelligence collection (single-source; announcement type is consistent with State Department practice).


Norway and the Nordics

NATO Ankara Summit: 32 of 32 Members at 2% GDP; 5% Target Set for 2035

All 32 NATO member states met or exceeded the 2% GDP defence spending benchmark in 2025, per NATO’s own figures, the first full-alliance compliance in the benchmark’s history, up from three members in 2014. SIPRI’s independent count, based on actual expenditure, puts the number at 23 of 32. The Ankara summit, scheduled for 7-8 July, is framed as an implementation milestone; Secretary-General Rutte described the focus as “delivery and implementation” rather than new pledging rounds. Poland leads the alliance at 4.48% of GDP. European and Canadian members have collectively committed approximately $250 billion in additional spending over the past two years, and the new 5% GDP target, agreed at the June 2025 Hague Summit, sets the deadline at 2035 (aa.com.tr, 2 July; marinelink.com; arise.tv; multiple outlet corroboration).

Rutte confirmed approximately 5,000 US aircraft sorties were launched from European airbases during the Iran operation running 26-29 June. The figure makes European basing infrastructure a quantifiable element of US power projection into the Middle East rather than an abstract strategic asset (TASS, 2 July; France24).

NATO Arctic Unmanned Task Force; PST Assessment; Norwegian F-35 Intercept

NATO formally launched an experimental unit dedicated to testing unmanned systems, including drones and uncrewed ground vehicles, in Arctic conditions, as part of the NATO 3.0 strategic framework (NATO announcement, 2 July; aa.com.tr). NATO also conducted the Arctic Sentry exercise in northern Norway this window, with approximately 30,000 participants and HMS Prince of Wales operating under NATO command (single-source; consistent cross-briefing coverage, NATO.int corroboration pending).

Norway’s PST assessed Russian targeting of the Arctic coastline as the most alarming current security threat to Norwegian critical infrastructure in the north (single-source; NRK/Aftenposten URL pending). Norwegian F-35s intercepted two Russian Tu-160 Blackjack strategic bombers conducting a 16-hour patrol near the Arctic Circle on 23 June, reported 28-29 June (single-source; intercept type is consistent with routinely documented NRK-covered activity).

Malaysia vs. Kongsberg: $257M Demand; Armed Gazprom Tanker Photographed

Malaysia submitted a $257 million compensation claim against Kongsberg Defence and Aerospace following Norway’s revocation of an export licence for Naval Strike Missile systems previously sold to Kuala Lumpur. The underlying export licence revocation is confirmed (WTOP, 14 May); the $257 million demand figure is single-source and provisional until formally filed.

Estonia’s Border Guard photographed Kord 12.7mm heavy machine guns mounted on Gazprom tanker Marshal Vasilevskiy operating in the Baltic Sea (single-source; Estonian government source is credible; ERR.ee corroboration pending). The sighting is consistent with documented Russian shadow fleet militarisation across Northern European waters.


Regulatory and Policy

US Lifts Export Restrictions on Anthropic Fable 5 and Mythos 5

The US Bureau of Industry and Security withdrew its export control designation on Anthropic’s Fable 5 and Mythos 5 AI models on 30 June, restoring global availability immediately. BIS had placed the restrictions citing dual-use AI concerns; Amazon provided documentation of ongoing security monitoring methods that satisfied BIS requirements for the withdrawal. The lift arrived 31 days before the EU AI Act’s high-risk AI-system obligations enter force on 2 August 2026; the Act’s general-purpose-AI provisions have applied since 2 August 2025. Both regulatory events are converging pressures on foundation model providers: BIS controls restrict export geography, while the EU GPAI tier requirements govern deployment conditions inside the EU regardless of model origin. How models cleared by BIS are then classified under the EU framework is the open compliance question for European operators (Bloomberg, 30 June and 1 July; VentureBeat, 1 July; FoxBusiness, 30 June; Neowin, 1 July).


Epstein

Presumption of innocence applies to all named individuals throughout this section. The events reported are documented public proceedings and published source material.

Leon Black: First Walkout of the Epstein Depositions; Subpoenaed to Return 16 July

Leon Black, founder of Apollo Global Management, appeared before the House Oversight Committee for a closed-door interview on 26 June. After refusing to answer questions about his non-disclosure agreements with Jeffrey Epstein, Black walked out, the first walkout in the committee’s Epstein depositions. The committee has subpoenaed him to return for testimony under oath on 16 July. Black has acknowledged paying Epstein $158 million for advisory work and has said he “knew nothing of any misconduct”; he has not been charged with any offence (Forbes, 26 June; CNBC, 26 June; CBS News, 26 June).

Warren Buffett Pauses Gates Foundation Mid-Year Donation

Warren Buffett skipped his customary mid-year donation to the Bill and Melinda Gates Foundation and told Gates directly that he would resume giving once questions about Gates’s relationship with Epstein were resolved by ongoing file releases and congressional testimony. The Wall Street Journal, which broke the story, characterised the decision as precautionary. Buffett has made no public statement accusing Gates of wrongdoing (Wall Street Journal, 29 June; Yahoo Finance, 1 July; New York Magazine, 30 June).

DOJ Declines Further Unredaction; Seeks 60-Day Extension

On 2 July, under Judge Emmet Sullivan’s deadline, the Department of Justice declined to further unredact Epstein files, defended the redactions as protecting victims, and sought a 60-day extension to weigh an appeal (The Hill, 2 July; CBS News; ABC News; Axios). Congress passed legislation in the same window requiring release of congressional sexual misconduct settlement records, a bipartisan vote driven by the broader transparency pressure of the Epstein hearings (single-source for the congressional vote, AP corroboration pending).

Nordic Coverage

Crown Princess Mette-Marit’s previously documented apology for her friendship with Epstein was reconfirmed in Danish and Swedish press this week. Avisendanmark.dk carried the story on 28 June; Aftonbladet published an Epstein network piece referencing Mette-Marit on 27 June. Both are single-source tabloid-tier coverage in this window; the apology itself is prior public record. Les Wexner, L Brands founder, testified before the House committee that Epstein had deceived him, characterising himself as a victim of Epstein’s manipulation (spectrumnews1.com; single-source).


Conflicts

US-Iran Military Exchanges, 26-29 June: Four Days, Ceasefire Agreed

The United States and Iran exchanged military strikes across four days beginning 26 June. US forces struck Iranian targets on 26 June, Iran retaliated with drone and missile attacks against US military facilities in Bahrain and Kuwait on 27 June, deploying drones in the Strait of Hormuz as well, and US CENTCOM conducted a second wave targeting approximately ten Iranian military bases on 28 June. Both sides agreed to halt attacks on 29 June and scheduled a diplomatic meeting in Doha. Individual strike details are drawn from briefing sources and should be treated as provisional; Rutte’s confirmation of approximately 5,000 US sorties from European bases during the operation is independently corroborated (TASS, 2 July; aa.com.tr; France24).

Russia Attacks Kyiv, 1-2 July: Eight Killed, All Ten Districts Hit

Russia launched a large-scale combined missile and drone assault on Kyiv on 1-2 July, striking all ten city districts. Buildings hit included residential blocks, a student dormitory, and hotel infrastructure, with at least eight killed and more than thirty injured, emergency responders among the casualties. President Zelensky had issued a public warning of the incoming assault hours before it began (France24, 1-2 July; The Guardian, 2 July; New York Times, 2 July).

Ukraine launched an approximately 660-drone attack on Russian territory in the same window, described in reporting as the largest single drone strike of the war to date (single-source; not independently confirmed here, consistent with documented escalation trajectory).

CSIS: 2 Million Military Casualties Since February 2022

The Center for Strategic and International Studies published an estimate placing total military casualties in the Ukraine war above 2 million since the February 2022 full-scale invasion. Russian forces account for approximately 1.4 million casualties, with an estimated 400,000 to 450,000 fatalities. Ukrainian forces sustained an estimated 525,000 to 625,000 casualties, with 125,000 to 150,000 fatalities. These are modelled estimates; all casualty figures in active conflict are contested by definition (The Guardian, 2 July; New York Times, 1 July). Russia’s domestic fuel position continued deteriorating, with Putin publicly acknowledging refinery-strike “problems” and seaborne gasoline imports from India reportedly beginning (single-source).


By the Numbers

Figure Context
200,000+ Files stolen from Tata Electronics; iPhone 18 Pro specs on dark web
~5,000 US aircraft sorties from European bases during Iran operation (Rutte, verified)
10 Iranian military bases struck in US CENTCOM second wave (single-source)
32/32 NATO members at or above 2% GDP in 2025, per NATO, a first for the alliance; SIPRI’s independent count is 23/32
4.48% Poland’s GDP defence spend; current alliance leader
5% New NATO GDP target, to be met by 2035
$250B Additional European and Canadian defence spending committed, past two years
31 Days until EU AI Act high-risk obligations enter force (2 August 2026); GPAI provisions live since August 2025
$158M Leon Black’s acknowledged payment to Epstein for advisory work
2M+ Total military casualties in Ukraine war since February 2022 (CSIS estimate)
~1.4M Russian military casualties estimated by CSIS (400K-450K fatalities)
8 Killed in Russia’s 1-2 July Kyiv assault; 30+ injured
660 Drones in Ukraine’s reported largest single drone strike (single-source)

What to Do This Week

  1. Oracle patching, emergency priority. E-Business Suite is under confirmed active exploitation. Apply Oracle’s July Critical Patch Update and verify network segmentation on all external-facing EBS and PeopleSoft instances before end of week. Do not wait for the next maintenance window.
  2. Canvas downstream phishing. If your institution or household has students on an affected Canvas LMS deployment, brief them now. Credential-harvesting lures mimicking grade portals, educational login pages, and parent payment systems are in active circulation using data from the original breach.
  3. Supply chain data classification. The Tata breach establishes that pre-release hardware specifications held at large offshore assembly partners are ransomware-grade targets. Audit whether your supplier contracts explicitly classify and protect pre-release IP, and whether breach notification timelines are contractually enforced.
  4. EU AI Act countdown, 31 days. If your organisation deploys Anthropic or other foundation models, GPAI tier obligations have applied since 2 August 2025; close any remaining gaps now. The 2 August 2026 date brings the high-risk AI-system obligations into force, for commercial deployment and internal tooling alike. The BIS export control lift changes global availability, not EU compliance obligations.
  5. Nordic situational awareness. PST’s Arctic threat assessment, the Tu-160 intercept, and documented shadow fleet activity in the Baltic are relevant context for Norwegian and Nordic organisations. Verify that incident response contacts include NorCERT and that Arctic-adjacent infrastructure has current threat assessments on file.

This issue was researched directly against the local SearXNG instance and cross-checked against named open-source outlets. Single-source and contested claims are marked throughout. All casualty estimates in the Conflicts section are contested by nature and subject to revision. Presumption of innocence applies throughout the Epstein coverage.

Named sources: NewsBytesApp, AP (via AOL), The Guardian, New York Times, computing.co.uk, Bloomberg, FoxBusiness, VentureBeat, Neowin, Kaspersky GReAT (Securelist), aa.com.tr, TASS, France24, marinelink.com, arise.tv, WTOP, Wall Street Journal, Yahoo Finance, New York Magazine, Forbes, CNBC, CBS News, The Hill, ABC News, Axios, NVD, SC Media, NATO.int, SIPRI, spectrumnews1.com, Avisendanmark.dk, Aftonbladet.

Issue 022, Week 27, 26 June through 2 July 2026. Editorial responsibility: Thomas A. Kleppestø / FTRCRP.

AI disclosure

This article is generated by an automated pipeline that handles source collection, summarisation, and drafting end-to-end. Human review is light-touch and limited to publication gating. Editorial responsibility: Thomas A. Kleppestø.

Pipeline stages: fetch, summarise, draft.