Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 18th May and 24th May 2026.18th May
201 arrested in INTERPOL disruption of phishing and fraud networks
123,000 Impacted by American Lending Center’s Year-Old Breach
AI is drowning software maintainers in junk security reports
AI shrinks vulnerability exploitation window to hours
Aintree hospital staff illegally accessed Southport knife attack victims' care details
Anthropic to brief on Mythos AI after warning it could "crack the whole cyber-risk world open"
Attackers accessed, downloaded code from Grafana Labs’ GitHub
Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
Bank of England, Financial Conduct Authority (FCA) and Treasury Raise Alarm Over Frontier AI
Critical n8n Flaw Expose Automation Nodes to Full RCE
Critical FunnelKit Bug Leaves WooCommerce Stores Open To Attacks
Crypto Users Warn of Official-Looking Phishing Emails: Exchange and DeFi Users Targeted
Cyber Insurers Now Want Evidence That Companies are Fixing Security Risks
Developer Workstations Are Now Part of the Software Supply Chain
Exploit available for new DirtyDecrypt Linux root escalation flaw
First Shai-Hulud Worm Clones Emerge in NPM Supply Chain
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Foxconn Suffers Ransomware Attack With Important Project Files From Apple Stolen
Gamaredon Deploys GammaDrop and GammaLoad In Phishing Campaigns
Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards
Gîtes de France among three booking websites to be hit by cyberattack
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana Labs Announces GitHub Breach Following Coinbase Cartel Claims
Grafana Labs Breach Exposes GitHub Repositories and Codebase
Grafana pushes back on blackmail after breach: Will monitoring dashboards now be used against defenders?
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana says stolen GitHub token let hackers steal codebase
Gremlin Stealer Abuses .NET Resource Files To Conceal Malware Payloads
Hacker Steals Over $11 Million From Verus-Ethereum Bridge
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
Hackers Exploit Critical NGINX RCE Vulnerability in the Wild
HDFC Asset Management Company discloses cybersecurity incident after anonymous threat claim
HDFC Asset Management Company IT infrastructure Under Cyber Attack: Investigation Underway
Inside the Foxconn Cyber Attack: Ransomware & Stolen Data
Interpol Launches Sweeping Cybercrime Crackdown in Middle East and North Africa (MENA) Region
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
JDownloader Website Hacked To Deliver Weaponized Linux and Windows Installers
Kenya: Safaricom Ordered to Pay KES 9.9 Million Over Customer Data Breach in Landmark Privacy Ruling
Leaked Shai-Hulud malware fuels new npm infostealer campaign
Marimo Security Flaw Enables remote code execution Attacks
Middle East and North Africa (MENA) Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
National Cyber Security Centre (NCSC) Calls for Tight Security and Human Oversight as Agentic AI Use Expands
National Cyber Security Centre (NCSC) Publishes Guidance on Securing Agentic AI Use
New Phishing Scam Uses Google Email System to Target Crypto Users
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
OpenAI responds to TanStack supply chain cyber attack
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
Paper Werewolf APT Disguises EchoGather RAT As Adobe Reader Installer
PawsRunner Loader Uses Steganography To Deploy PureLogs Infostealer
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
Q1 2026 Android Threat Landscape: Banking Trojans, Triada.ag Backdoor Surge
Qilin ransomware group claims responsibility for Generation Life hack
Race to tear down open source: copycats reusing TeamPCP’s code in NPM attacks
Ransomware attack on Extant Aerospace exposed sensitive personal data
Reframing MFA Bypass: Four Identity Gaps Attackers Exploit
Revenue staff warned not to use work passwords for personal reasons after data breach
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Shadow AI Is Growing in Silence While Enterprise Security Falls Behind
The AI backdoor your security stack is not built to see
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Netherlands: Privacy regulators outline 3 urgent steps companies must take as data breaches hit 44K
Verber Dental Group Data Breach May Have Exposed Patient Information
Vindictive researcher gains complete Windows control using 6-year-old Google bug report
Was Adobe Suite breached? This is what we know
When ransomware hits, confidence doesn’t restore endpoints
Your Peace Sign Selfie Is a Hacker’s New Favorite Photo
Zara confirms 200,000 customers’ data exposed in alleged ransomware attack
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 4th May and 10th May 2026, kindly assisted by our partners.
