Breaches

Threat actor TRD selling databases of 2.1M NY residents and 918K Binance US users.

Gunra ransomware gang claims 16 victims across multiple countries.

North Korean state-sponsored hacker accidentally exposes stolen data and credentials.

Italian DPA fines Intesa Sanpaolo €31.8M for inadequate safeguards allowing employee unauthorized financial data access.

Italian DPA fines Intesa Sanpaolo €31.8M for data breach affecting 3,500+ customers and delayed notification.

Initial access broker sells root RCE access to US aerospace/defense firewall for $1,000.

Dutch healthcare software vendor ChipSoft hit by ransomware attack.

Daily dark web threat intelligence digest covering breaches, CVEs, and threat actor activity.

Snowflake customers targeted in data theft after SaaS integrator Anodot breached and tokens stolen.

IntelBroker threat actor repeatedly compromised FBI systems and leaked sensitive data.

Threat actor JINKUSU advertises OMNITRIX IMAP service for unauthorized email monitoring and manipulation.

Italy's DPA fines Intesa Sanpaolo €31.8M for inadequate security and delayed breach notification.

SQL database dump exposes 30,000 user records and 14,600 transit pass records on unsecured server.

KBank Vietnam breach exposes 10.1M credit records with national IDs, salaries, and credit scores.

North Korean hackers (UNC4736) stole $285M from Drift Protocol after six-month social engineering campaign.

Germany identifies Daniil Maksimovich Shchukin as UNKN, leader of GandCrab and REvil ransomware gangs.

DPRK-linked UNC4736 stole $285M from Drift via six-month social engineering operation.

BreachForums clone 'pwnforums' launched on clearnet and dark web.

European Commission confirms 300GB data theft via compromised Trivy vulnerability scanner supply chain attack.

Hackers posting Claude Code leak on GitHub with embedded infostealer malware.

Threat actor allegedly offers initial access to Iraqi education platform, African government system, and Chinese

Threat actor allegedly offers initial access to US MSP, government contractor, Saudi ministry, and Asian POS provider.

Meta pauses Mercor work after supply chain breach exposes AI training data secrets.

Threat actor AckLine sells RDWeb access to unnamed Netherlands software company on cybercrime forum.

Qilin ransomware group claims attack on Die Linke German political party, threatens data leak.

AI firm Mercor confirms breach linked to LiteLLM supply chain attack; Lapsus$ claims 4TB stolen data.

TeamPCP supply chain attacks expand as ShinyHunters and Lapsus$ claim involvement.

SecurityWeek roundup: Android rootkit, ChatGPT data leak, water facility ransomware, FBI breach.

North Korean hackers steal $285 million from DeFi platform Drift in 10-second heist.

Former infrastructure engineer pleads guilty to locking 254 servers in failed extortion plot.

FBI declares suspected Chinese hack of US surveillance system a major cyber incident.

Faulkner County Sheriff's Office claimed as Qilin ransomware victim.

Hackers exploit CVE-2025-55182 in Next.js to breach 766 hosts and steal credentials via NEXUS Listener.

North Korean hackers steal $280M from Drift Protocol via Security Council compromise.

Threat actor leaks 1.4TB combolist with URL-username-password credential data.

Stryker medtech firm recovers from March wiper attack by Iranian Handala group.

Stryker fully operational three weeks after Iranian-linked Handala wiper attack.

Nacogdoches Memorial Hospital confirms 250,000 patient records stolen in January breach.

Mercor impacted by LiteLLM supply chain attack; Lapsus$ claims 4TB data theft.

Threat actor AckLine claims to have leaked Airbus Artifactory/DevOps data on cybercrime forum.

Smarteez production database for L'Oreal Morocco breached, exposing 361K sales records, 296 pharmacies, OAuth secrets.

Vulta Intelligence credential lookup service offers 14.2B stolen logins via Telegram bot for $0.50 per 1,000 records.

Anthropic's Claude Code source leaked via npm packaging error, triggering typosquat attacks.

Everest ransomware gang claims breach of Nissan's Global Connected Services and Security Division.

Threat actor shares 1.3TB credential collection with URLs, logins, and passwords from 2025.

HSBC India allegedly storing customer credentials in plaintext instead of hashes.

Cisco source code stolen via Trivy supply chain attack credentials in dev environment breach.

Genesis ransomware gang claims eight new victims across healthcare, printing, and manufacturing sectors.

Iranian APTs deploy pseudo-ransomware targeting US orgs via revived Pay2Key operations.

ShinyHunters claims to be ransoming Hallmark Cards customer data.