[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:breaches":3},{"tag":4,"articles":8,"awareness":447,"events":448,"tips":449,"focus_items":450,"total_count":451},{"slug":5,"name":6,"description":7},"breaches","Breaches",null,[9,18,27,35,44,53,62,71,79,87,96,104,113,122,131,140,149,158,167,176,184,193,202,210,219,228,235,244,253,262,271,280,288,297,306,315,324,333,342,351,360,368,377,386,395,404,413,422,431,438],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"82ba1008-c993-4751-bc59-0fab8dbd4d3b","GitHub links repo breach to TanStack npm supply-chain attack","github-links-repo-breach-to-tanstack-npm-supply-chain-attack-8023fe","GitHub breach of 3,800 repos linked to malicious Nx Console extension in TanStack npm supply-chain attack","GitHub disclosed a breach of 3,800 internal repositories stemming from an employee installing a malicious version of the Nx Console VS Code extension, which was compromised as part of the TanStack npm supply-chain attack attributed to TeamPCP. The poisoned extension (v18.95.0) was designed to steal credentials for npm, AWS, Kubernetes, GitHub, and GCP\u002FDocker; it was live for ~18 minutes on VS Code Marketplace and 36 minutes on OpenVSX before removal. TeamPCP has claimed access to ~4,000 private GitHub repos and is demanding at least $50,000 for the data.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fgithub-links-repo-breach-to-tanstack-npm-supply-chain-attack\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F21\u002FGitHub_headpic.jpg","2026-05-21T06:54:01+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"ab7e053e-2f59-47a1-90df-06a9bd2e8fd6","RetoSwap has been drained of 7,000 XMR ($2.7 Million) after a flaw in the Haveno protocol. https:...","retoswap-has-been-drained-of-7-000-xmr-2-7-million-after-a-flaw-in-the-haveno-pr-5e983d","RetoSwap loses 7,000 XMR ($2.7M) due to Haveno protocol vulnerability.","RetoSwap, a cryptocurrency exchange or trading platform, suffered a significant loss of 7,000 Monero (XMR) valued at approximately $2.7 million following the exploitation of a flaw in the Haveno protocol. The incident highlights critical security issues in decentralized exchange infrastructure and protocol design.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057244918901342436","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIzM2VOWMAAncHE.jpg","2026-05-20T23:39:45+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":7,"published_at":34},"71b72129-9ed9-4929-a392-6bd4516331e7","RT @DarkWebInformer: ‼️ LAPSUS$ Group announces a joint for sale post with TeamPCP for the GitHub...","rt-darkwebinformer-lapsus-group-announces-a-joint-for-sale-post-with-teampcp-for-794a24","LAPSUS$ Group collaborates with TeamPCP to sell GitHub internal repositories.","LAPSUS$ Group announced a joint sale listing with TeamPCP offering GitHub internal repositories for sale on the dark web. This represents a significant supply chain threat targeting a critical development platform. The collaboration between two notable threat groups suggests coordinated efforts to monetize stolen intellectual property from a major software infrastructure provider.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057136118240284834","2026-05-20T16:27:24+00:00",{"id":36,"title":37,"slug":38,"brief":39,"ai_summary":40,"url":41,"image_url":42,"published_at":43},"065a47ed-16ed-43b3-84a0-2714a4d86d05","GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension","github-breach-teampcp-steals-3-800-repositories-via-vs-code-extension-d10e13","TeamPCP steals 3,800 GitHub repositories via poisoned VS Code extension, demands $95K","GitHub discovered a breach on May 19, 2026, where the financially motivated TeamPCP group (tracked as UNC6780) compromised a developer's corporate device through a malicious VS Code extension, exfiltrating approximately 3,800 internal repositories. The threat actors are now selling the stolen code on a cybercrime forum for $95,000, warning they will leak it publicly if no buyer emerges. This marks the fifth high-profile target hit by TeamPCP this year, reflecting a growing trend of supply chain attacks against developer tooling using the Mini Shai-Hulud infostealer worm.","https:\u002F\u002Fhackread.com\u002Fgithub-breach-teampcp-repositories-vs-code-extension\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fgithub-data-breach-team-pcp-1.png","2026-05-20T13:55:51+00:00",{"id":45,"title":46,"slug":47,"brief":48,"ai_summary":49,"url":50,"image_url":51,"published_at":52},"26a7eaa6-5b42-4532-8b8f-a309bbe132c3","Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches","verizon-dbir-ai-helped-hackers-exploit-vulnerabilities-in-31-of-recent-breaches-451b50","Verizon DBIR 2026: AI exploited software vulnerabilities in 31% of breaches, compressing exploit timelines from months","Verizon's 2026 Data Breach Investigations Report analyzed 31,000 incidents and 22,000 breaches across 145 countries, revealing that software vulnerabilities have overtaken stolen credentials as the primary attack vector for the first time in 19 years. Generative AI is enabling attackers to weaponize vulnerabilities within hours instead of months, significantly reducing the defensive window. Additional findings include a 60% surge in supply chain breaches, a North Korean identity fraud campaign using 15,000 stolen identities, and tripled employee use of unapproved shadow AI tools increasing data exfiltration risks.","https:\u002F\u002Fhackread.com\u002Fverizon-dbir-ai-hackers-exploit-vulnerabilities-breaches\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fverizon-dbir-ai-hackers-exploit-vulnerabilities-breaches-2.png","2026-05-20T12:32:37+00:00",{"id":54,"title":55,"slug":56,"brief":57,"ai_summary":58,"url":59,"image_url":60,"published_at":61},"9abd38af-d31f-4280-88b4-d0c43085eedd","Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks","banana-rat-malware-in-fake-invoices-hits-customers-at-16-brazilian-banks-9adceb","Banana RAT malware targets 16 Brazilian banks via fake invoices, stealing data with QR code fraud.","Banana RAT, a remote access trojan linked to threat group SHADOW-WATER-063, is actively targeting customers at 16 Brazilian banks including Itaú, Bradesco, and Santander. The malware is distributed through fake invoice files and security update screens via WhatsApp and phishing, using fileless execution and a custom FastAPI crypter to evade detection. It enables real-time financial fraud by intercepting banking sessions, replacing Pix QR codes, and freezing user input while attackers steal funds.","https:\u002F\u002Fhackread.com\u002Fbanana-rat-malware-fake-invoices-16-brazilian-banks\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fbanana-rat-malware-fake-invoices-16-brazilian-banks.jpg","2026-05-20T09:14:35+00:00",{"id":63,"title":64,"slug":65,"brief":66,"ai_summary":67,"url":68,"image_url":69,"published_at":70},"f2230bb7-16ed-4af1-9f0b-dae2da6380c8","GitHub confirms they were compromised after an employee device involving a poisoned VS Code exten...","github-confirms-they-were-compromised-after-an-employee-device-involving-a-poiso-559bcf","GitHub confirms employee device compromise via malicious VS Code extension.","GitHub disclosed that one of its employee devices was compromised through a poisoned VS Code extension, leading to unauthorized access. The incident represents a supply-chain attack vector targeting development tools. GitHub has investigated the incident and implemented additional security measures.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057018844309340668","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIv_a4UWMAAkIO4.png","2026-05-20T08:41:24+00:00",{"id":72,"title":73,"slug":74,"brief":75,"ai_summary":76,"url":77,"image_url":7,"published_at":78},"ed123a5e-14c3-44f0-9d36-66cf78e721c1","ShinyHunters Goes After Cybersecurity Firm Warning Victims Not to Pay Ransoms\n\nhttps:\u002F\u002Ft.co\u002FFUrgx...","shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms-ht-4ddba3","ShinyHunters targets cybersecurity firm that advises ransomware victims against paying.","ShinyHunters, a known threat actor group, has launched an attack against a cybersecurity firm that publicly advises ransomware victims not to pay extortion demands. The attack appears to be retaliation for the firm's anti-ransom advocacy, representing an escalation in tactics where threat actors target organizations that undermine their business model.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2056926203425051080","2026-05-20T02:33:17+00:00",{"id":80,"title":81,"slug":82,"brief":83,"ai_summary":84,"url":85,"image_url":7,"published_at":86},"8fc13a07-6fdf-4c6c-ba8c-d69e802cbce0","Lul...\n\nCISA Admin Leaked AWS GovCloud Keys on GitHub\n\nhttps:\u002F\u002Ft.co\u002FV8j07muRXS","lul-cisa-admin-leaked-aws-govcloud-keys-on-github-https-t-co-v8j07murxs-b16168","CISA administrator accidentally exposed AWS GovCloud credentials on GitHub.","A CISA administrator inadvertently leaked AWS GovCloud access keys to a public GitHub repository. The incident highlights credential management failures and the risk of hardcoded secrets in version control systems. AWS GovCloud provides secure cloud infrastructure for U.S. government agencies, making this exposure a significant security and compliance concern.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2056479796209631536","2026-05-18T20:59:25+00:00",{"id":88,"title":89,"slug":90,"brief":91,"ai_summary":92,"url":93,"image_url":94,"published_at":95},"b95ca5fd-cf04-45ae-864a-285062dc9945","Millions Impacted Across Several US Healthcare Data Breaches","millions-impacted-across-several-us-healthcare-data-breaches-286864","Multiple US healthcare organizations report data breaches affecting millions, tracked by HHS.","Several major US healthcare data breaches were added to the HHS breach tracker, with the largest affecting 1.8 million individuals at NYC Health and Hospitals Corporation via a third-party vendor compromise between November 2025 and February 2026. Additional breaches include Erie Family Health Centers (570,000 individuals), Nacogdoches Memorial Hospital (2.5 million), Florida Physician Specialists (276,000), and smaller incidents at other healthcare providers. Compromised data includes personal information, SSNs, medical records, financial data, and biometric information; none have been claimed by known cybercrime groups.","https:\u002F\u002Fwww.securityweek.com\u002Fmillions-impacted-across-several-us-healthcare-data-breaches\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F05\u002Fhealthcare-medical-data-breach-.jpeg","2026-05-18T12:58:44+00:00",{"id":97,"title":98,"slug":99,"brief":100,"ai_summary":101,"url":102,"image_url":7,"published_at":103},"65a2ab9c-e2dc-400b-aed5-f91874117b09","‼️🇪🇸 Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal...","icaro-cloud-allegedly-breached-firewall-configs-vpn-keys-tls-certificates-and-in-7e448a","Ícaro Cloud breach exposes firewall configs, VPN keys, and TLS certs for 20 Spanish firms.","Spanish cloud provider Ícaro Cloud allegedly suffered a breach exposing sensitive infrastructure data from approximately 20 corporate networks, including firewall configurations, VPN keys, TLS certificates, and internal network information. The incident affects multiple Spanish organizations and represents a significant security compromise of foundational network and cryptographic materials.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055337207603380526","2026-05-15T17:19:11+00:00",{"id":105,"title":106,"slug":107,"brief":108,"ai_summary":109,"url":110,"image_url":111,"published_at":112},"47ad4074-ef79-4ed1-b200-9cb96e5552ec","Internet Crime Complaint Center (IC3) | ShinyHunters: Cyber Criminal Group Attacks Learning Management System","internet-crime-complaint-center-ic3-shinyhunters-cyber-criminal-group-attacks-le-4cb45d","FBI warns of ShinyHunters cyber criminal group attacks on learning management systems","The FBI issued a public service announcement warning about ShinyHunters (SH), a cyber criminal group that attacked an online Learning Management System, disrupting service to educational institutions nationwide. ShinyHunters specializes in large-scale data breaches and extortion, targeting tech, finance, and retail sectors, using stolen data for spearphishing and leveraging harassment tactics including threatening calls, texts, and false claims of compromising information. The FBI recommends victims verify requests through known channels, avoid paying extortion demands, and report suspected intrusions to IC3.","https:\u002F\u002Fwww.ic3.gov\u002FPSA\u002F2026\u002FPSA260515","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIYDWZwWwAEkW30.png","2026-05-15T17:08:18+00:00",{"id":114,"title":115,"slug":116,"brief":117,"ai_summary":118,"url":119,"image_url":120,"published_at":121},"bb88fd2f-48ac-45ea-ab10-dd60da6c35fe","‼️🇺🇸 Nike allegedly breached: 61.7M database lines exposed from payments and offers datasets\n\nA...","nike-allegedly-breached-61-7m-database-lines-exposed-from-payments-and-offers-da-58ee7c","Nike allegedly breached; 61.7M database records exposed from payments and offers datasets","A threat actor claims to have breached Nike and is selling a database containing 61.7 million records from payments and offers datasets. The alleged breach includes sensitive customer information stored in JSON file format. The threat actor is actively marketing the stolen data for sale.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055320195149726138","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIX20vOXsAAbEee.jpg","2026-05-15T16:11:35+00:00",{"id":123,"title":124,"slug":125,"brief":126,"ai_summary":127,"url":128,"image_url":129,"published_at":130},"340aaed9-b730-417d-966f-01496eca3df9","In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws","in-other-news-big-tech-vs-canada-encryption-bill-cisco-s-free-ai-security-spec-a-406051","SecurityWeek roundup covers Nvidia cloud gaming breach, Android 17 security upgrades, and fake Claude Code malware","This weekly cybersecurity roundup highlights multiple threats and developments: a GeForce NOW data breach via Armenian regional partner exposed user PII, the FBI warns of ShinyHunters' Canvas hacks, and a sophisticated infostealer campaign uses fake Claude Code installers to steal browser credentials. Additionally, Google's Android 17 introduces AI-driven security defenses and post-quantum cryptography, while Iran-linked Seedworm targets electronics manufacturers globally using DLL sideloading.","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-05-15T14:52:16+00:00",{"id":132,"title":133,"slug":134,"brief":135,"ai_summary":136,"url":137,"image_url":138,"published_at":139},"dc4df06b-3420-4ee2-83ea-d61d9b12d105","TeamPCP hackers advertise Mistral AI code repos for sale","teampcp-hackers-advertise-mistral-ai-code-repos-for-sale-642776","TeamPCP hackers demand $25K for stolen Mistral AI source code via supply-chain compromise.","The TeamPCP threat actor group claims to have stolen approximately 5GB of source code from Mistral AI, a French AI company, following compromise via the Mini Shai-Hulud supply-chain attack that affected TanStack and npm\u002FPyPI packages. TeamPCP is advertising the 450 repositories for sale at $25,000 with a one-week deadline, threatening to leak the data publicly if no buyer is found. Mistral AI confirmed the breach occurred through compromised CI\u002FCD credentials but states core infrastructure and user data were unaffected.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fteampcp-hackers-advertise-mistral-ai-code-repos-for-sale\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F14\u002FMistral_AI.jpg","2026-05-14T22:50:36+00:00",{"id":141,"title":142,"slug":143,"brief":144,"ai_summary":145,"url":146,"image_url":147,"published_at":148},"d17eca6a-e1a0-47f2-8d85-0f6be86ea17a","Daily Dose of Dark Web Informer - May 14th, 2026","daily-dose-of-dark-web-informer-may-14th-2026-92ea64","Daily dark web threat intelligence digest reporting multiple breaches, CVEs, and exposed credentials across global","This is a curated daily digest from Dark Web Informer summarizing recent breach claims, CVE disclosures, and threat intelligence findings across multiple sectors and countries. Highlights include alleged breaches at CoreWeave (GPU cloud provider), McKissock\u002FColibri Real Estate (3.3M+ records), Nuvidio (KYC and biometric data), and critical vulnerabilities in Cisco SD-WAN and NGINX. The digest aggregates claims from dark web forums and public sources without independent verification.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-14th-2026\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002Fsize\u002Fw1200\u002F2026\u002F02\u002F23597862398746923879872364987342598723.png","2026-05-14T22:25:52+00:00",{"id":150,"title":151,"slug":152,"brief":153,"ai_summary":154,"url":155,"image_url":156,"published_at":157},"7364c0d2-bd14-4b5d-9050-8ba4d387cbea","Congress Puts Heat on Instructure After Canvas Outage","congress-puts-heat-on-instructure-after-canvas-outage-f225ed","Congress questions Instructure after Canvas outage linked to ShinyHunters cybercriminal group.","The House Committee on Homeland Security sent a letter to Instructure regarding the Canvas learning platform cyberattack, coinciding with the company's announcement of reaching an agreement with the ShinyHunters threat group. The incident highlights congressional oversight of critical education infrastructure and cybercriminal negotiations.","https:\u002F\u002Fwww.darkreading.com\u002Fcyberattacks-data-breaches\u002Fcongress-instructure-shinyhunters-attacks","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltb9f102c416e36970\u002F6a062de47896f162656ad15c\u002Fcanvas_pictoKraft_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-14T20:19:20+00:00",{"id":159,"title":160,"slug":161,"brief":162,"ai_summary":163,"url":164,"image_url":165,"published_at":166},"23428b97-1461-4c00-b597-073fed468953","1\u002F2‼️🇧🇷 Nuvidio allegedly breached: 40K files including KYC records, biometrics, private keys,...","1-2-nuvidio-allegedly-breached-40k-files-including-kyc-records-biometrics-privat-158846","Brazilian identity verification provider Nuvidio allegedly breached; 40K files with KYC, biometrics, private keys","A threat actor claims to have breached Nuvidio, a Brazilian identity verification and biometric onboarding provider. The alleged breach exposed approximately 40,000 files containing sensitive data including KYC (Know Your Customer) records, biometric data, private keys, customer video calls, and cloud infrastructure information. The breach affects customers of the platform, raising significant concerns about identity theft and unauthorized access to financial systems.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055016260933652983","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHITiJeRWUAA2YYN.jpg","2026-05-14T20:03:51+00:00",{"id":168,"title":169,"slug":170,"brief":171,"ai_summary":172,"url":173,"image_url":174,"published_at":175},"f94e7fe8-0d87-48ba-ab80-37da53d43de5","OpenAI confirms security breach in TanStack supply chain attack","openai-confirms-security-breach-in-tanstack-supply-chain-attack-22f033","OpenAI confirms two employee devices breached in TanStack supply chain attack via Mini Shai-Hulud malware.","OpenAI disclosed that two employee devices were compromised during the \"Mini Shai-Hulud\" supply chain campaign attributed to the TeamPCP extortion gang, which targeted hundreds of npm and PyPI packages. The attack exposed limited credentials from internal source code repositories but did not impact customer data, production systems, or intellectual property; OpenAI rotated code-signing certificates and revoked sessions as a precaution. The broader TanStack supply chain attack exploited CI\u002FCD pipeline vulnerabilities across multiple projects including Mistral AI, UiPath, and OpenSearch, delivering malware designed to steal developer credentials, establish persistence, and sabotage systems.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fopenai-confirms-security-breach-in-tanstack-supply-chain-attack\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2023\u002F04\u002F11\u002FOpenAI_headpic.jpeg","2026-05-14T19:07:24+00:00",{"id":177,"title":178,"slug":179,"brief":180,"ai_summary":181,"url":182,"image_url":7,"published_at":183},"5004452e-5cc7-4813-ada8-2ddc42a6a6b2","‼️🇮🇹 Xacria XNO Allegedly Breached: 446 Service Orders and Subscriber PII Exposed From the Ital...","xacria-xno-allegedly-breached-446-service-orders-and-subscriber-pii-exposed-from-d823a2","Xacria XNO telecom platform allegedly breached; 446 service orders and Italian subscriber PII exposed.","Xacria XNO, an Italian carrier-grade network orchestration platform used by major telecom operators FASTWEB and SKY ITALIA, has reportedly been breached with exposure of 446 service orders and personally identifiable information of subscribers. The breach affects critical telecom infrastructure and customer data managed through this platform. This represents a significant privacy and operational risk for the Italian telecom sector.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054973945300791659","2026-05-14T17:15:42+00:00",{"id":185,"title":186,"slug":187,"brief":188,"ai_summary":189,"url":190,"image_url":191,"published_at":192},"5ee44e3b-9ed6-4508-9ee5-e9e273c5eafe","ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories","threatsday-bulletin-pan-os-rce-mythos-curl-bug-ai-tokenizer-attacks-and-10-stori-e8a90a","Weekly threat roundup: PAN-OS RCE exploited, Mythos cURL bug, AI tokenizer attacks, and 10+ security stories.","This week's threat bulletin covers multiple critical security incidents including a PAN-OS CVE-2026-0300 buffer overflow being actively exploited to drop EarthWorm and ReverseSocks5 payloads, a zero-auth data leak affecting Schemata's military training platform, and Operation GriefLure targeting Vietnam and Philippines sectors. The roundup highlights escalating supply chain attacks, weak authentication controls, and state-sponsored phishing campaigns alongside emerging AI security risks.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fthreatsday-bulletin-pan-os-rce-mythos.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjImYNT-qC7frGzEXeok3KDX_JNMKote6V1FVXIpkAoSEER2z1YyT8dpFq5RtRhBQ0cweEPbBIuioDWFf5rw_Mf-0V6rXR2ZrMh2ISDa7X7NlV9zIGsoLSAnyd_86eVkrR4wU24yxbuCYaAmyGFwlF77YCjvgU3n43P-yFT-pzjsmQ35Oaut1klg62bs_-i\u002Fs1600\u002Fthreatsday-2.jpg","2026-05-14T16:07:46+00:00",{"id":194,"title":195,"slug":196,"brief":197,"ai_summary":198,"url":199,"image_url":200,"published_at":201},"778dedc2-4562-4364-881d-370c9460e168","Major tech manufacturer Foxconn confirms cyberattack hit North American factories","major-tech-manufacturer-foxconn-confirms-cyberattack-hit-north-american-factorie-1fa7f9","Ransomware group Nitrogen claims cyberattack on Foxconn's North American factories, alleges theft of 8TB from Apple,","Foxconn confirmed a cyberattack disrupted its North American manufacturing facilities, with ransomware group Nitrogen claiming responsibility and posting evidence of stealing 8 terabytes of data from 11+ million files including confidential materials from Intel, Apple, Google, Dell, and Nvidia. Nitrogen, active since 2023, uses ALPHV and custom tools derived from Conti ransomware to target manufacturing and technology sectors; analysts suspect the group may be inflating data-theft claims to pressure victims into ransom payments. Foxconn stated affected factories are resuming normal production but declined to confirm ransom demands or provide details on systems compromised.","https:\u002F\u002Fcyberscoop.com\u002Ffoxconn-cyberattack-disrupts-north-america-factories\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F05\u002FGettyImages-1615592813.jpg","2026-05-14T14:23:05+00:00",{"id":203,"title":204,"slug":205,"brief":206,"ai_summary":207,"url":208,"image_url":147,"published_at":209},"8ac27af4-850b-4732-82ba-eae17c80509b","Daily Dose of Dark Web Informer - May 13th, 2026","daily-dose-of-dark-web-informer-may-13th-2026-14aa17","Dark Web Informer daily digest reports multiple breaches, ransomware hits, and supply chain attacks across global","The Daily Dark Web Informer digest for May 13th, 2026 aggregates multiple threat intelligence reports including breaches at Akitatek, Vietnam's Ministry of Health, SIVVI, and others exposing hundreds of thousands of records. Notable incidents include ransomware attacks on NTN Bearing Corporation and Foxconn, a supply chain attack affecting Mistral AI, and the District Health Information Software (DHIS2) breach impacting 30+ national health systems serving 3.2 billion people. The digest also highlights a supply chain attack competition and ongoing dark web marketplace activity.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-13th-2026\u002F","2026-05-13T22:37:29+00:00",{"id":211,"title":212,"slug":213,"brief":214,"ai_summary":215,"url":216,"image_url":217,"published_at":218},"6365e0df-5485-490b-a20b-af8f098fc664","Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak","tables-turn-on-the-gentlemen-raas-gang-with-data-leak-a0ee34","'The Gentlemen' RaaS gang exposed via OPSEC failure revealing affiliate model.","An operational security failure has exposed internal details of The Gentlemen ransomware-as-a-service (RaaS) operation, providing insight into the group's structure, affiliate recruitment model, and tactics. The leak reveals how the gang organized itself to scale attacks through a generous affiliate commission system and opportunistic targeting. This intelligence offers security researchers and defenders a rare window into what made the group successful before the breach.","https:\u002F\u002Fwww.darkreading.com\u002Fthreat-intelligence\u002Fgentlemen-raas-gang-data-leak","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltd4988365b90a7362\u002F6a04c7e73c21f66c138b9490\u002FTop_hats-Guy_Corbishley-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-13T20:47:46+00:00",{"id":220,"title":221,"slug":222,"brief":223,"ai_summary":224,"url":225,"image_url":226,"published_at":227},"85c3aac3-7cce-4c3e-a3b7-4dad4c8b1241","NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltrated From the American Ball and Roller Bearing Manufacturer, Including US Army JLTV Program Documents","ntn-bearing-corporation-of-america-allegedly-hit-by-payoutsking-ransomware-596-g-5934ff","PayoutsKing ransomware gang claims 596 GB theft from NTN Bearing, including US Army JLTV documents.","PayoutsKing ransomware group has listed NTN Bearing Corporation of America on its extortion leak site, claiming exfiltration of 596 GB of data including sensitive US Army Joint Light Tactical Vehicle (JLTV) program drawings, 3D models, and DoD-marked files. The breach allegedly affected 7,500+ employees' personal data and includes financial statements, engineering data, and contracts. The threat actor is demanding payment, citing potential liability of up to $1.2 million per violation plus $1 million corporate penalty.","https:\u002F\u002Fdarkwebinformer.com\u002Fntn-bearing-corporation-of-america-allegedly-hit-by-payoutsking-ransomware-596-gb-exfiltrated-from-the-american-ball-and-roller-bearing-manufacturer-including-us-army-jltv-program-docum\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F6239875698235769823765982736549872.png","2026-05-13T17:39:21+00:00",{"id":229,"title":230,"slug":231,"brief":232,"ai_summary":233,"url":234,"image_url":7,"published_at":227},"5bed6727-5b70-4039-b895-b550a313e2bf","‼️🇺🇸 NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltr...","ntn-bearing-corporation-of-america-allegedly-hit-by-payoutsking-ransomware-596-g-6207d6","NTN Bearing Corporation of America hit by PayoutsKing ransomware; 596 GB exfiltrated including US Army JLTV docs.","NTN Bearing Corporation of America, a major ball and roller bearing manufacturer, was allegedly compromised by the PayoutsKing ransomware gang, which exfiltrated approximately 596 GB of data. The stolen data reportedly includes sensitive documents related to the US Army's JLTV (Joint Light Tactical Vehicle) program, raising national security and supply chain concerns. The incident highlights the vulnerability of critical manufacturing and defense-adjacent suppliers to ransomware campaigns.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054617508674421210",{"id":236,"title":237,"slug":238,"brief":239,"ai_summary":240,"url":241,"image_url":242,"published_at":243},"2e7925bf-ce09-4d0a-a37c-8fe67ead6036","‼️🇹🇼 FOXCONN has fallen victim to Nitrogen Ransomware\n\nData: 8TB over 11 Million files\n\nStop gu...","foxconn-has-fallen-victim-to-nitrogen-ransomware-data-8tb-over-11-million-files--25cf45","Foxconn hit by Nitrogen ransomware; 8TB of data and 11M files compromised.","Taiwanese electronics manufacturing giant Foxconn has been targeted by Nitrogen ransomware, with threat actors claiming to have exfiltrated 8TB of data comprising over 11 million files. The attack impacts a critical supplier in the global tech supply chain. Details remain limited pending further disclosure from security researchers and the company.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054613247941038255","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHINzwVsXcAAkrrr.jpg","2026-05-13T17:22:25+00:00",{"id":245,"title":246,"slug":247,"brief":248,"ai_summary":249,"url":250,"image_url":251,"published_at":252},"e72e31d9-9a42-4238-a1b4-bb083d8379c1","Foxconn Confirms North American Factories Hit by Cyberattack","foxconn-confirms-north-american-factories-hit-by-cyberattack-7e97d7","Foxconn confirms North American factories hit by Nitrogen ransomware; 8TB stolen.","Taiwanese manufacturing giant Foxconn confirmed a cyberattack on its North American factories by the Nitrogen ransomware group, which claims to have stolen 8TB of data including confidential documents and schematics from major customers like Apple, Intel, Google, Dell, and Nvidia. The threat actor listed the company on its Tor-based leak site and published screenshots as proof. Foxconn stated it activated response protocols and factories are resuming normal production.","https:\u002F\u002Fwww.securityweek.com\u002Ffoxconn-confirms-north-american-factories-hit-by-cyberattack\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FFoxconn.jpeg","2026-05-13T17:13:36+00:00",{"id":254,"title":255,"slug":256,"brief":257,"ai_summary":258,"url":259,"image_url":260,"published_at":261},"1ab45c4a-5862-49e2-ba35-39d644ac20ce","Akitatek Allegedly Breached Exposing 5,400 Customer Records From the French IT Services and Electronics Repair Company","akitatek-allegedly-breached-exposing-5-400-customer-records-from-the-french-it-s-5de279","Akitatek French IT services firm breached; 5,400 customer records leaked by ChimeraZ.","Threat actor ChimeraZ has leaked the customer database of Akitatek, a French IT services and electronics repair company, exposing 5,400 customer records. The dataset, published as a 1 MB JSON file, contains personally identifiable information including full names, addresses, postal codes, cities, and both mobile and landline phone numbers. The breach was disclosed on November 5, 2026.","https:\u002F\u002Fdarkwebinformer.com\u002Fakitatek-allegedly-breached-exposing-5-400-customer-records-from-the-french-it-services-and-electronics-repair-company\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F1298273598273569812468712569871249783.png","2026-05-13T16:14:49+00:00",{"id":263,"title":264,"slug":265,"brief":266,"ai_summary":267,"url":268,"image_url":269,"published_at":270},"a41c1a0a-77ba-4e1c-b36a-abe23a97019f","Foxconn confirms cyberattack claimed by Nitrogen ransomware gang","foxconn-confirms-cyberattack-claimed-by-nitrogen-ransomware-gang-73e540","Foxconn confirms cyberattack by Nitrogen ransomware gang; 8TB data and 11M documents stolen.","Foxconn, the world's largest electronics manufacturer, confirmed a cyberattack on its North American factories claimed by the Nitrogen ransomware operation. The threat actors claim to have stolen 8TB of data and over 11 million documents, including confidential instructions and designs from major clients like Apple, Intel, Google, and Nvidia. The company's factories are resuming operations after incident response activation.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Felectronics-giant-foxconn-confirms-cyberattack-on-north-american-factories\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F13\u002FFoxconn-headpic.jpg","2026-05-13T12:49:54+00:00",{"id":272,"title":273,"slug":274,"brief":275,"ai_summary":276,"url":277,"image_url":278,"published_at":279},"0e29b553-5688-4b73-b6a6-6d23bd633022","AEPD (Spain) - EXP202408867","aepd-spain-exp202408867-c029bf","Spain's AEPD fined sports retailer €120K for data breach affecting 300K+ people","Spain's Data Protection Authority (AEPD) fined DÉCIMAS S.L.U., a sports fashion retailer, €120,000 for violating Article 5(1)(f) GDPR by failing to ensure adequate security of personal data processing. A 2024 data breach exposed over 300,000 data subjects' names, contact information, and ID data; the breach was discovered not by the controller but by Spain's National Cybersecurity Institute (INCIBE) through online advertisements selling the stolen data. The controller's inadequate vulnerability monitoring, lack of early incident detection mechanisms, and post-breach security measures with significant vulnerabilities led to the fine, which was reduced from €200,000 through voluntary payment and liability acknowledgment provisions.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_EXP202408867&diff=51635&oldid=51603","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F5\u002F59\u002FLogoES.jpg","2026-05-13T07:57:24+00:00",{"id":281,"title":282,"slug":283,"brief":284,"ai_summary":285,"url":286,"image_url":147,"published_at":287},"cd1bbb09-c339-4bdc-8ab2-624b18a5bd33","Daily Dose of Dark Web Informer - May 12th, 2026","daily-dose-of-dark-web-informer-may-12th-2026-5edb35","Dark Web Informer daily digest reports multiple breaches, ransomware claims, and threat actor activity.","This is a daily dark web threat intelligence digest aggregating multiple breach reports, ransomware claims, and threat actor activity from May 12, 2026. Notable incidents include alleged breaches of Kuwaiti government identity records (5.23M citizens), Egyptian e-commerce platform FutureShop, Brazilian betting platform MBet (200k+ KYC docs), Dubai fashion retailer SIVVI (300k+ records), and Indonesian government agency BPJS. The digest also tracks threat actor operations including ShinyHunters domain suspension, Nightmare-Eclipse GitHub releases, and various malware tools like Shai-Hulud being open-sourced.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-12th-2026\u002F","2026-05-12T22:55:51+00:00",{"id":289,"title":290,"slug":291,"brief":292,"ai_summary":293,"url":294,"image_url":295,"published_at":296},"b50c1e04-34fa-41bc-8fff-caf4a485a8be","Foxconn Ransomware Attack Shows Nothing Is Safe Forever","foxconn-ransomware-attack-shows-nothing-is-safe-forever-9050a8","Nitrogen ransomware group claims 8TB theft from Foxconn, affecting Apple, Google, Dell, Nvidia data.","A ransomware group known as Nitrogen claimed to have stolen 8 terabytes of data from electronics manufacturer Foxconn, including schematics and project details from major customers like Apple, Google, Dell, and Nvidia. Foxconn confirmed cyberattacks on North American factories but did not immediately validate the attackers' claims; the company stated affected facilities are resuming normal production. Nitrogen, which emerged in 2023 and has ties to the ALPHV\u002FBlackCat ransomware group, typically targets manufacturing, technology, and retail sectors primarily in North America and Western Europe.","https:\u002F\u002Fwww.wired.com\u002Fstory\u002Ffoxconn-ransomware-attack-shows-nothing-is-safe-forever\u002F","https:\u002F\u002Fmedia.wired.com\u002Fphotos\u002F6a037a64dff2f64d8823d02e\u002Fmaster\u002Fpass\u002Fsecurity_foxconn_GettyImages-1615591933.jpg","2026-05-12T21:52:05+00:00",{"id":298,"title":299,"slug":300,"brief":301,"ai_summary":302,"url":303,"image_url":304,"published_at":305},"849ac5ed-bd82-4d89-a05a-ae3853507729","Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended","canvas-hackers-shinyhunters-say-their-official-domain-was-suspended-9909f3","ShinyHunters' clearnet domain suspended after Canvas LMS attacks; group relocates to dark web.","The ShinyHunters hacking group reported that its clearnet domain shinyhunte.rs was suspended by the Serbian domain registry (RNIDS) following the group's recent large-scale compromise of Canvas LMS, affecting hundreds of universities globally. The suspension forced the group to relocate entirely to its Tor-based onion infrastructure for future announcements and data leaks. The timing and mechanics of the suspension remain unclear, with no public confirmation of law enforcement involvement, though the move reflects the group's shift toward more resilient decentralized operations.","https:\u002F\u002Fhackread.com\u002Fcanvas-hackers-shinyhunters-official-domain-suspended\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fcanvas-hackers-shinyhunters-official-domain-suspended.png","2026-05-12T21:18:09+00:00",{"id":307,"title":308,"slug":309,"brief":310,"ai_summary":311,"url":312,"image_url":313,"published_at":314},"5c2660b2-362e-4f85-aae2-a02c732247a1","UK fines water supplier $1.3M for exposing data of 664k customers","uk-fines-water-supplier-1-3m-for-exposing-data-of-664k-customers-849dd8","UK ICO fines water supplier £963,900 for 2020-2022 cyberattack exposing 664k customers.","The UK Information Commissioner's Office fined South Staffordshire Water Plc £963,900 ($1.3M) for a cyberattack that exposed personal data of 663,887 customers and employees. The breach, initially claimed by Cl0p ransomware gang, began in September 2020 but remained undetected for 20 months until discovery in July 2022; exposed data included names, addresses, email, phone numbers, dates of birth, bank details, and employee HR information. The ICO identified critical security failures including insufficient privilege escalation controls, inadequate monitoring (5% coverage), obsolete software, poor patch management, and lack of security scans.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fuk-fines-water-supplier-13m-for-exposing-data-of-664k-customers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F03\u002F03\u002FUK-ICO.jpg","2026-05-12T20:17:19+00:00",{"id":316,"title":317,"slug":318,"brief":319,"ai_summary":320,"url":321,"image_url":322,"published_at":323},"aa8c5255-49f9-4a6d-8c3b-6ca25306cf60","‼️ A threat actor is selling a private cloud-hosted collection of stealer logs totaling 988.7 GB...","a-threat-actor-is-selling-a-private-cloud-hosted-collection-of-stealer-logs-tota-d8f877","Threat actor selling 988.7 GB collection of stealer logs with credentials.","A threat actor is offering a private, cloud-hosted collection of 988.7 GB of stealer logs across 10,080+ files containing URL:Login:Password credential pairs. The data is hosted on an external domain and marketed as exclusive access. The offering targets individuals seeking leaked credential databases.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054254906555425141","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIItvgOXwAANKW6.jpg","2026-05-12T17:38:30+00:00",{"id":325,"title":326,"slug":327,"brief":328,"ai_summary":329,"url":330,"image_url":331,"published_at":332},"fb16aaa0-9595-4efd-af7a-1e083c59fddf","BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months","bwh-hotels-says-hackers-had-access-to-reservation-data-for-6-months-667666","BWH Hotels discloses 6-month unauthorized access to guest reservation data.","BWH Hotels, which operates over 4,000 hotels globally including Best Western and WorldHotels brands, notified guests of a data breach affecting reservation information. Threat actors gained access to a web application containing guest names, email addresses, phone numbers, and reservation details from October 14, 2025, until discovery on April 22, 2026. Payment and financial information were not stored in the compromised system, and no cybercriminal group has claimed responsibility.","https:\u002F\u002Fwww.securityweek.com\u002Fbwh-hotels-says-hackers-had-access-to-reservation-data-for-6-months\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FBest-Western.jpeg","2026-05-12T14:30:00+00:00",{"id":334,"title":335,"slug":336,"brief":337,"ai_summary":338,"url":339,"image_url":340,"published_at":341},"35c45616-3ad9-415c-adfc-514aebd5a5df","West Pharmaceutical Services Hit by Disruptive Ransomware Attack","west-pharmaceutical-services-hit-by-disruptive-ransomware-attack-cb5f9b","West Pharmaceutical Services hit by ransomware attack with data exfiltration on May 4.","Pennsylvania pharmaceutical company West Pharmaceutical Services suffered a ransomware attack on May 4 that prompted global system shutdowns and data exfiltration. The company engaged Palo Alto Networks' Unit 42 for incident response and restoration, with core enterprise systems partially recovered but full restoration timeline still unknown. No ransomware group has publicly claimed responsibility, suggesting a potential ransom payment may have occurred.","https:\u002F\u002Fwww.securityweek.com\u002Fwest-pharmaceutical-services-hit-by-disruptive-ransomware-attack\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FWest-Pharmaceutical-Services.jpeg","2026-05-12T12:59:49+00:00",{"id":343,"title":344,"slug":345,"brief":346,"ai_summary":347,"url":348,"image_url":349,"published_at":350},"3382b250-cf71-4a30-b485-557ab526b18d","Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak","instructure-reaches-ransom-agreement-with-shinyhunters-to-stop-3-65tb-canvas-lea-bf4145","Instructure pays ransom to ShinyHunters to prevent leak of 3.65TB Canvas data from 9,000 organizations.","Instructure, maker of Canvas learning management system, reached a ransom agreement with ShinyHunters after the threat group breached its network and stole 3.65TB of data affecting nearly 9,000 schools and universities. The attackers exploited an unspecified vulnerability in the Free-for-Teacher environment to steal 275 million records containing usernames, emails, course names, and enrollment information. Following the ransom payment, Instructure received confirmation of data destruction and assurances that customers would not face secondary extortion.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Finstructure-reaches-ransom-agreement.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEiq_FVhPeK2Y77CmHxc0azDelzWwpgSb4m8GZPLeJlsr2QvCZU5ChGQK37bJ_2XsGQRaNszalreV1iNyYDzeLt1I8iqafNTvFCPFQ0czKwX3Q6Q23TqdavunyJJsy6X8vxG_jSz__X5BnFZc4AIIqr-kd0XiNcYgx3UnYaahiViFKAywuQ98a7bbtCPnwgo\u002Fs1600\u002Fransom-breach.jpg","2026-05-12T07:37:00+00:00",{"id":352,"title":353,"slug":354,"brief":355,"ai_summary":356,"url":357,"image_url":358,"published_at":359},"973ccfbc-84ad-413f-a75f-1285be2ce5ff","Pressure mounts on Canvas as data leak extortion deadline looms","pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-e7bcc3","ShinyHunters extorts Instructure\u002FCanvas over stolen K-12 data; company reaches settlement amid widespread outages.","ShinyHunters, a decentralized cybercriminal group affiliated with The Com, attacked Canvas (Instructure) and stole 3.65 terabytes of data from 8,809 school systems, then escalated extortion by defacing login pages and demanding ransom with a May 12 deadline. Instructure took Canvas offline due to the pressure, disrupting education nationwide, and later announced an agreement with the attackers that included data destruction assurances, though the ransom amount remained undisclosed. The breach exposed usernames, emails, course names, and enrollment info, prompting a congressional inquiry into Instructure's incident response and remediation capabilities.","https:\u002F\u002Fcyberscoop.com\u002Fcanvas-instructure-data-theft-extortion-the-com\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F05\u002FGettyImages-2148733848.jpg","2026-05-11T23:31:55+00:00",{"id":361,"title":362,"slug":363,"brief":364,"ai_summary":365,"url":366,"image_url":147,"published_at":367},"95fa124e-5bff-4c88-a958-092b38372ce5","Daily Dose of Dark Web Informer - May 11th, 2026","daily-dose-of-dark-web-informer-may-11th-2026-f920ea","Daily dark web threat digest covering breaches, ransomware claims, and law enforcement actions.","This is a curated daily threat intelligence digest aggregating multiple security incidents from May 11, 2026, including law enforcement takedowns (Crimenetwork platform), major data breaches (BLS International's 29M records, La Suite Numérique's 18M records), ransomware claims (Qilin targeting Keller Williams), and emerging threats (AI-powered remote access malware AIRDC). The post also notes a possible ShinyHunters clearnet domain seizure and reports on Google's discovery of the first AI-developed zero-day exploit.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-11th-2026\u002F","2026-05-11T22:37:26+00:00",{"id":369,"title":370,"slug":371,"brief":372,"ai_summary":373,"url":374,"image_url":375,"published_at":376},"c777fdb2-e469-4042-b4a5-f162c25cb631","‼️ Possible ShinyHunters clearnet domain seizure as of about 7 hours ago detected by my FBI Watch...","possible-shinyhunters-clearnet-domain-seizure-as-of-about-7-hours-ago-detected-b-0d1bd0","ShinyHunters clearnet domain possibly seized by FBI.","A clearnet domain associated with the ShinyHunters threat actor group appears to have been seized approximately 7 hours prior to detection via automated FBI monitoring. The domain is currently inaccessible, suggesting potential law enforcement action. ShinyHunters is known for operating a marketplace for stolen data and conducting various data breach campaigns.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053854498875977843","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIDBw2YW8AAe4yq.png","2026-05-11T15:07:25+00:00",{"id":378,"title":379,"slug":380,"brief":381,"ai_summary":382,"url":383,"image_url":384,"published_at":385},"efec0593-b835-4067-97aa-baa753c7916a","‼️🇮🇷 Iran Nuclear allegedly breached with 77.56 GB of data threatened for release under \"Pay Or...","iran-nuclear-allegedly-breached-with-77-56-gb-of-data-threatened-for-release-und-993f0f","Threat actor claims 77.56 GB breach of Iranian nuclear program data with extortion demand.","A threat actor has claimed responsibility for breaching Iranian systems and obtaining 77.56 GB of data allegedly including archives related to Iran's nuclear program, government databases, and nuclear facilities. The attacker is threatening to release the stolen data unless a ransom payment is made under a 'Pay or Leak' extortion scheme. This represents a potential significant breach of sensitive critical infrastructure and government information.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053569720478044201","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH--wl6XIAAa28d.jpg","2026-05-10T20:15:49+00:00",{"id":387,"title":388,"slug":389,"brief":390,"ai_summary":391,"url":392,"image_url":393,"published_at":394},"bf95f681-9110-48a2-8c1e-9e1d60f25d5c","Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms","two-us-men-jailed-for-helping-north-korean-hackers-infiltrate-us-firms-816c64","Two US men sentenced to 18 months for operating laptop farms enabling North Korean hackers to infiltrate 70+ US firms.","Matthew Knoot and Erick Prince were jailed for 18 months each for facilitating a North Korean hacking operation that compromised over 70 US companies and generated $1.2 million. The duo ran remote laptop farms that allowed North Korean workers using stolen identities to pose as legitimate US-based IT employees, while the men received payment for hosting the equipment and enabling the fraud. Both men have been ordered to repay stolen funds as part of the DoJ's DPRK RevGen: Domestic Enabler Initiative targeting US facilitators of foreign threat actors.","https:\u002F\u002Fhackread.com\u002Fus-men-sentenced-north-korean-hackers-hack-us-firms\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fus-men-sentenced-north-korean-hackers-hack-us-firms.jpg","2026-05-10T19:54:34+00:00",{"id":396,"title":397,"slug":398,"brief":399,"ai_summary":400,"url":401,"image_url":402,"published_at":403},"143125f5-17c3-4108-9999-53e74437298b","Hackers Hijack JDownloader Site to Deliver Malware Through Installers","hackers-hijack-jdownloader-site-to-deliver-malware-through-installers-c1cdb0","JDownloader website compromised to distribute malware via modified installers on May 6-7, 2026.","JDownloader's official website was compromised between May 6-7, 2026, when attackers exploited an unpatched CMS vulnerability to modify download links and distribute malicious Windows and Linux installers. The attackers gained unauthorized access through a flaw in the website's access control lists, allowing them to alter URLs and remove digital signatures from legitimate installers. While existing installations were unaffected due to RSA-signed cryptographic verification, users who downloaded the malicious files during the incident window are advised to perform a complete OS reinstall to remove potential persistence mechanisms.","https:\u002F\u002Fhackread.com\u002Fhackers-hijack-jdownloader-site-malware-installers\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fjdownloader-site-hacked-to-malware.png","2026-05-10T10:27:32+00:00",{"id":405,"title":406,"slug":407,"brief":408,"ai_summary":409,"url":410,"image_url":411,"published_at":412},"9c28f10e-275f-44a1-b2ba-c480a973bcbf","‼️🇨🇦 CarePoint Health allegedly listed on Genesis ransomware leak site with 70GB countdown\n\nThe...","carepoint-health-allegedly-listed-on-genesis-ransomware-leak-site-with-70gb-coun-181c08","Genesis ransomware group lists CarePoint Health with 70GB data and 4-day publication countdown.","The Genesis ransomware group has claimed responsibility for compromising CarePoint Health, a Canadian healthcare provider, and posted the breach on its leak site with a 4-day countdown timer before releasing approximately 70GB of stolen data. This follows the group's pattern of double extortion attacks, where they encrypt systems and threaten to publish exfiltrated data to coerce ransom payments. CarePoint Health has not yet publicly confirmed the incident or responded to the threat.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053227012521709902","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH6G8O6WkAMOnOO.jpg","2026-05-09T21:34:01+00:00",{"id":414,"title":415,"slug":416,"brief":417,"ai_summary":418,"url":419,"image_url":420,"published_at":421},"feefd710-b445-4d7b-9f25-a62a6b747ace","JDownloader site hacked to replace installers with Python RAT malware","jdownloader-site-hacked-to-replace-installers-with-python-rat-malware-b81fa3","JDownloader official website compromised to distribute Python RAT malware via Windows and Linux installers.","The JDownloader website was hacked between May 6-7, 2026, and attackers modified download links to serve malicious Windows and Linux installers containing a Python-based remote access trojan. The compromise exploited an unpatched CMS vulnerability that allowed attackers to change access control lists and content without authentication. Users who downloaded and executed the affected installers are advised to reinstall their operating systems and reset credentials.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fjdownloader-site-hacked-to-replace-installers-with-python-rat-malware\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F09\u002Fjdownloader-header.jpg","2026-05-09T19:27:58+00:00",{"id":423,"title":424,"slug":425,"brief":426,"ai_summary":427,"url":428,"image_url":429,"published_at":430},"dada2957-b2d6-4ab7-b9e2-a14f8d40579e","Credilink Allegedly Breached Exposing 243 Million Records From the Brazilian Credit Data Provider","credilink-allegedly-breached-exposing-243-million-records-from-the-brazilian-cre-c14e9a","Credilink Brazilian credit bureau allegedly breached; 243M records sold by Blastoize threat actor.","A threat actor known as Blastoize is selling a dataset of 243 million records allegedly stolen from Credilink, a Brazilian credit information and risk analysis provider. The compromised data includes sensitive personal information such as CPF national IDs, full names, addresses, vehicle ownership, presumed income, and email addresses. The actor is offering a 12 million record sample for free and directing buyers to an external marketplace for the full dataset.","https:\u002F\u002Fdarkwebinformer.com\u002Fcredilink-allegedly-breached-exposing-243-million-records-from-the-brazilian-credit-data-provider\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F72348971298742358796897231659873265982.png","2026-05-08T15:42:36+00:00",{"id":432,"title":273,"slug":433,"brief":434,"ai_summary":435,"url":436,"image_url":278,"published_at":437},"02c81be3-c3bf-4dda-a6d0-fa56a99c8272","aepd-spain-exp202408867-84e691","AEPD fines Spanish sports retailer €120K for data breach affecting 300K+ customers","Spain's data protection authority (AEPD) fined DÉCIMAS S.L.U., a sports fashion retailer, €120,000 for violating GDPR Article 5(1)(f) by failing to ensure adequate security of personal data. A data breach in 2024 affected over 300,000 individuals' names, contact information, and ID data; the breach was discovered by Spain's National Cybersecurity Institute (INCIBE) through an online advertisement selling the stolen data, not by the controller itself. The company received a 40% fine reduction for voluntary payment and acknowledged liability; the original penalty was €200,000.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_EXP202408867&diff=51603&oldid=0","2026-05-08T09:35:43+00:00",{"id":439,"title":440,"slug":441,"brief":442,"ai_summary":443,"url":444,"image_url":445,"published_at":446},"1e035cef-abd5-4781-9355-f7b898c9d3d2","Ransomware Group Takes Credit for Trellix Hack","ransomware-group-takes-credit-for-trellix-hack-c31c55","RansomHouse claims responsibility for breach of Trellix source code repository.","The RansomHouse ransomware group has claimed responsibility for a breach of cybersecurity firm Trellix's source code repository, publishing screenshots showing access to internal services and management dashboards. Trellix confirmed the breach but stated no evidence of source code exploitation or malicious distribution was found. The timing suggests a possible connection to concurrent supply chain attacks attributed to TeamPCP and Lapsus$ targeting other security vendors.","https:\u002F\u002Fwww.securityweek.com\u002Fransomware-group-takes-credit-for-trellix-hack\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FTrellix.jpeg","2026-05-08T07:58:04+00:00",[],[],[],[],50]