Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 16th March and 22nd March 2026.18th March
9 Critical Keyboard, Video, Mouse over Internet Protocol (IP KVM) Flaws Enable Unauthenticated Root Access Across Four Vendors
“Agents of chaos:” OpenClaw assistant discloses Social Security numbers
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
AI vs ransomware: High-stakes cybersecurity showdown
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Amazon dodges €746 million fine as privacy regulator's maths doesn't add up
Amazon security boss says criminals abused max-security Cisco firewall flaw weeks before disclosure
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple Mail “trusted sender” phishing scam warning
Apple Rolls Out Real-Time Security Fixes Across iPhone, iPad, and Mac
Apple starts issuing lightweight security updates between software releases
Asahi cyberattack exposes food industry’s growing ransomware crisis
AWS Bedrock AgentCore Flaw Enables Stealthy C2 Channels and Data Theft
Bank software vendor Marquis says more than 670,000 impacted by August breach
Big tech companies step in to support the open source security ecosystem
Bitrefill accuses North Korea-linked Lazarus hacker group for compromising 18,500 purchase records
Bitrefill cyberattack linked to suspected North Korean hackers exposes limited customer data
CISA flags actively exploited vulnerability of file transfer software used by US Air Force and Sony
CISA official says agency has not seen uptick in cyber threats amid Iran war
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Compromised Healthcare Admin sends warning after email pushes fake PDF and M365 phishing page
COVERT RAT Delivered Through Court-Themed Lures and GitHub Payloads
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation
Critical FortiClient SQL Injection Flaw Allows Unauthorized Database Access
Critical ‘RegPwn’ Vulnerability Lets Attackers Gain SYSTEM Access on Windows
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Crypto Phishing Attack Surge Drives $49 Million February Losses
Crypto Phishing Scam Crackdown: US, UK, Canada Launch Operation Atlantic
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran
Cybercriminals scale up, government sector hit hardest
Data Breach Scams Are Skyrocketing As Cybercriminals Exploit Fear: How To Spot Them
Dutch telecom's bid to keep Chinese kit fails as court backs spy agency fears
Fake SMS and WhatsApp messages fuel LPG booking scams in Punjab
FBI Intensifies Crackdown on Thai Scam Centers Targeting Americans
Georgia Inmate Allegedly Posed As Adult Film Star To Dupe NBA, NFL Players In Phishing Scam
Global fraud losses climb to $442 billion
Google Warns Ransomware Groups Are Pivoting To Data Theft As Profits Decline
Greek shipping giants in hackers' crosshairs as Iran conflict goes digital
GuardDog Telehealth Accesses Sensitive Medical Records Under False Pretenses
Hacker groups target the US and Israel - How are cyberattacks being used as weapons in Iran's war?
Hackers are doing their homework - and your VPN is first on the list, report warns
Hackers turn GitHub’s favourite OpenWebUI AI servers into crypto mining zombie army
How a Ukrainian Vishing Ring Stole €2 Million From EU Citizens - and Nearly Got Away
How Cortex XDR BIOC Rules Could Become an Attack Surface
Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware
Identity protection firm Aura suffers data breach exposing 900,000 records
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Ireland: Limerick staff unable to login to work devices after cyberattack from hacker group
Japan to launch “hack back” powers this October
Konni Uses KakaoTalk to Spread EndRAT in Targeted Phishing Campaign
Kubernetes CSI Driver for NFS Flaw Allows Attackers to Modify or Delete Server Data
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet Ransomware Tactics: New ClickFix Lures Delivered via Compromised Legitimate Websites & Deno Loader
LeakNet Ransomware Tricks Victims Into Infecting Themselves Through Hacked Websites
LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader
London borough unable to collect council tax for over three months following cyber attack
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis Ransomware Attack Exposes 672K Social Security Numbers
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
MetLife Japan probes suspected data breach affecting thousands
Microsoft Teams Vishing Attack Leads to Quick Assist Compromise
Mosley Glick O’Brien (MGO) Ransomware Breach Exposes 1.2TB of Data
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives
New “Darksword” iOS exploit used in infostealer attack on iPhones
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
Nordstrom's email system abused to send crypto scams to customers
One in five UK small businesses could close after data breach
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Ransomware gangs threatening to wipe data instead of double extortion
Ransomware Spotlight: Agenda
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
Safepay Hacks Navigator, Matt & Steve’s, Briway, Tiefenbacher, Brooker
Scam warning issued to all Brits who own a Gmail account
Sierra Management Group Data Breach: 100 GB Stolen
Sinobi Hits Interpack Northwest, Summa, Teco, McAfee, Eco Sound
Starbucks Sends Data Breach Alert to Customers After ‘Unauthorized Third Party’ Accesses Names, Social Security Numbers, Financial Account Numbers and More
Stryker contains cyber attack on its Microsoft environment
The Path of Least Resistance: Why Active Inertia is the Real AI Threat
The Washington Post will mine your data to decide how much you’ll pay
Threat Actors Target the Entire Retail Supply Chain
U.S. Network Footholds and Camera Targeting Linked To Iranian Cyber Operations
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
University of Mississippi Medical Center restores operations after ransomware attack
US: Social Security Data Breach Concerns - Investigation Into Alleged Unauthorized Access
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
What to do after the Sears Home Services data leak: Millions of call recordings exposed
Whistleblower leaks massive amount of Crime Stoppers tips, claims anonymity is a lie
Woundtech Data Breach Affects Thousands: SSNs and More Exposed
17th March
100,000 personal emails of ex-Mossad research head leaked, pro-Iran hackers claim, Stryker attack contained
Advanced phishing intrusion against security firm executive detailed
AI Cyberattacks Rising: How Hackers Use Machine Learning to Launch Smarter Attacks
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
AI-Driven Phishing Campaign Uses Browser Permissions to Harvest Sensitive Data
Amazon Web Services (AWS) Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
America’s largest medical device maker Stryker ‘back’ six days after Iran-linked cyber attack
Android OS-Level Attack Bypasses Mobile Payment Security
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug
'Astonishing' Companies House data breach exposed millions of director's private information for months
Atlanta man indicted in athlete phishing and trafficking case
Attack on Stryker’s Microsoft environment wiped employee devices without malware
Attackers Hijack Legitimate Websites to Target Microsoft Teams Users
Average Number of Daily API Attacks Up 113% Annually
Baltimore Inspector General refers fraud, data sharing in crime prevention office for criminal investigation
Baltimore watchdog uncovers thousands in fraudulent billing, confidential data breach related to youth crimefighting program
Bitrefill Reports North Korean Cyberattack, Data Breach
Can Satellites be used to launch cyber attacks on corporate environments?
China hacker group leaks $7 Million crypto theft operation targeting wallet supply chains
CISA Alerts on Actively Exploited Chrome 0-Day Vulnerabilities
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
ClickFix Attack Targets Developers with MacSync Malware via Fake Claude Tools
CommonSpirit Health Patients Affected by Vendor Data Breach
CommuniCare Data Breach May Affect 19,885 San Antonio Patients
Coopsana Healthcare Data Breach Exposes Patient Records
'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
Data allegedly from University of Mississippi Medical Center (UMMC) priced at $800K, posted on dark web
Data breach: UK lawmakers question Lloyds banking group over account glitch exposing customer details
Data extortion attacks on the rise
Document Protection: Why Hybrid Storage Is the Future of Security
Energy Department set to release its first-ever cyber strategy
EU sanctions Chinese and Iranian companies for carrying out cyberattacks against Member States
EU sanctions Chinese company behind 65,000-device hack
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
Europe sanctions Chinese and Iranian firms for cyberattacks
Fake invoice with Iowa City logo used in phishing attempt asking for fraudulent payments
Fake Pudgy World site steals your crypto passwords
Fraudulent shipment tracking scams escalate worldwide
French Rugby Federation files lawsuit over phishing-linked cyberattack
From Indian schools to China's chips, how cyber attack targets are shifting
Georgia cybercriminal allegedly duped NBA, NFL players in twisted phishing scam turned sex trafficking plot
Georgia man charged for robbing NBA, NFL players through stolen Apple account details
Georgian Charged for Running Phishing Scam Targeting NBA, NFL Players, While in Federal Custody
Giveth Blockchain Donation Platform Suffers Alleged Data Breach
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Government Entities Targeted By CamelClone Espionage Campaign Using Rclone and Public Hosting Sites
Hacker takes over crosswalk system, plays anti-Trump profanities on speaker
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users
Hackers Hijack Corporate M365 Accounts with OAuth Device Codes
Hidden instructions in README files can make AI agents leak data
HumanizerPro.AI Data Breach Exposes Over 65K Users
Identity Drift: The Hidden Risk in Hybrid Active Directory Environments
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Intuitive Data Breach Exposes Customer Info
Intuitive suffers data breach after phishing attack
Intuitive Surgical cyberattack exposes customer and employee data through phishing breach
Intuitive’s Certain Business, Employee, Corporate Data Accessed in Recent Breach
Israel National Security Institute Suffers Data Breach by Handala
KakaoTalk weaponized in Konni spear-phishing campaign
Kerkering, Barberio & Co. Data Breach Exposes Sensitive Info for 4,179 Individuals
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Koiride.com Airport Transfers Suffers Alleged Data Breach
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Less Lucrative Ransomware Market Makes Attackers Alter Methods
MedPeds Associates Breach Impacts 21,430 Patients Exposing PHI and PII
Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county
Millions of UK firms on alert after Companies House data exposure
New font-rendering trick hides malicious commands from AI tools
New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
NHS supplier hit by cyber attack by pro-Iran activist hackers
Onset Financial Data Breach Exposes SSNs, Financial Info, and More
OpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot
Operation Atlantic: The US Secret Service’s Global Shield Against "Approval Phishing"
“Operation Atlantic” targets crypto phishing scams across the US, UK, and Canada
Parexel Data Breach Exposes SSNs and Other Personal Info
Payload ransomware hits Windows and ESXi with Babuk-style encryption
Phishing emails target AI defenses with unique obfuscation
Phishing scams use LiveChat to impersonate brands, steal data
Popular Chrome extension turns malicious, starts hijacking affiliate commissions
Ransomware Trends Show Why Cyber Pros Need New Skills
Ransomware’s Opening Play: Target Identity First
Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot
RondoDox Botnet Grows To 174 Exploits With Large-Scale Residential IP Abuse
Russell Cellular Suffers Massive 61GB Customer Data Breach
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
Stryker Confirms Massive Wiper Attack That Erased Thousands of Devices
Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears
Sweden’s BankID breached by hacker group as government prepares e-ID launch
Telekom Serbia Investigates Leak of 160,000 Customer Records
Telekom Srbija hit by customer data breach
That Google Calendar renewal warning might be a scam
UK's Companies House apologises for access and data breach
Ukraine: Mass mailing of phishing emails allegedly on behalf of the State Tax Service is recorded
Usha International Limited Data Breach and Extortion Attack
Vahid Online Doxxed and Breached by Handala Hack Team
Vantage Plastic Surgery Discloses Data Breach Affecting Patient Data
Verizon opens investigation into stolen customer data being sold online
Verizon Retail Customer Database Allegedly for Sale by Hackers: 6.3 Million Customers at Risk
Warlock Ransomware Group Augments Post-Exploitation Activities
Your staff will click: why cyber security must be engineered, not trained
16th March
875 Million Android Phones Face Risk Due to Hidden Chip Flaw
45,000 malicious IP addresses taken down, 94 suspects arrested
ACRStealer Upgrades With Syscall Evasion and TLS-Based C2 In New Campaign
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits
Android 17 Restricts Accessibility API to Prevent Malware from Requesting Excessive Permissions
Approval phishing fraudsters targeted as UK, Canada and US launch global operation
Are you being served? 4 ways the hospitality sector can defend against rising phishing attacks
Attackers exploit Oscars Best Picture hype for One Battle After Another to spread malware via Google
Bank of the Sierra urges vigilance as phishing attempts target customer data
BreachForums down, cyber defenders claim it was their doing
California Dental Care Provider Announces Data Breach
Canadian Retail Giant Loblaw Reports Data Breach Affecting Customer Information
China Demands Proof After Costa Rica Blames UNC2814 for ICE Cyberattack
CISA flags Wing FTP Server flaw as actively exploited in attacks
Class actions claim CarGurus data breach exposed 1.2 million consumers’ PII
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Community bank reaches $2.4 Million agreement in 2023 data breach class action
Companies House chief apologises over data breach
Companies House online filing back to normal after glitch allowed users to change directors' details
Companies House Restores WebFiling After Flaw Exposed Director Details
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
Cyber Attack: Inside the USD4 Million Equity Bank Heist in Rwanda
Cyber Attack on Medtech Firm Stryker Linked to Iranian Government Hacking Group
Cyberattack disrupts parking payments in Russian city
Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway
Da Vinci robot maker Intuitive Surgical hit by hackers, data compromised
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Europol and Microsoft dismantle major phishing platform that affected 500 Belgian victims
Evaluate Ltd Suffers Massive 1.33TB Ransomware Data Breach
Executive Aviation Targeted in Play Ransomware Attack
Experts Warn Ignoring Data Breach Notices Can Deepen Fraud Risks
Fake scandal clips on Facebook bait victims into investment scams
Fake Shipment Tracking Scams Surge in Middle East and Africa (MEA), Stealing Banking Data Through Real-Time Phishing
Fargo Data Breach Exposes Logistics Customer Records
FBI Calls for Help to Track Steam Malware Campaign
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
French ad tech giant Criteo loses €40 Million privacy fine appeal
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
GlassWorm Campaign Expands Through Malicious Open VSX Extensions
Global cybercrime clampdown disrupts over 45K illicit IP addresses
Google Chrome under attack as over 3 Billion users at risk from active Hacker Exploits
Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services
Google paid a record $17.1 Million to developers for finding software bugs
Hackers tried to breach Poland’s nuclear research centre
Handala Hack Leaks Sima Shine, Laura Gilinski, Updates Stryker
Hualun New Materials Suffers Massive Data Breach by SnowSoul
Hudson River Housing Data Breach Exposes SSNs and Bank Information
Huge online phishing platform that claimed 500 victims in Belgium has been dismantled
Hypertherm Data Breach Exposes Names and Social Security Numbers
IBM Detects Hive Ransomware Using AI-Generated Malware “Slopoly”
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
IBM Links Suspected AI-Generated ‘Slopoly’ Malware To Hive0163 Ransomware Operation
IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack
Indirect Prompt Injection Attacks Cause OpenClaw AI Agents to Leak Sensitive Data
Infosys Ltd. Data Breach Exposes Financial Account Information
Intuitive Surgical confirms phishing-related data breach
Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Loblaw responds to claims that it's downplaying recent data breach affecting Canadians
Luxembourg court overturns $858 million privacy fine against Amazon
Major data breach prompts about $6.5 Million penalty for Lotte Card
Major Iran-linked breach rocks medical tech firm
Man accused of posing as adult film star in phishing, trafficking scheme
Middle East and Africa (MEA) Shipment Phishing Scams Surge, Stealing Banking Data in Real Time
Mideast Data Breach: Saudi Arabian Company Suffers Data Leak
Namibia Airports Company (NAC) says no sensitive information stolen in recent data breach
Navia Benefit Solutions Data Breach Exposes Sensitive Health Data
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
Newly Discovered Phishing Campaign by Russian Hackers Targets Messaging Accounts of Government Employees, Journalists
NoName057(16) Targets Shas Party and Israeli Councils in DDoS Wave
North Korea hackers used KakaoTalk in spear-phishing campaign, report says
North Korea–linked hackers spread KakaoTalk malware via spear phishing in Korea
North Korea-sponsored cyberattacks utilize KakaoTalk to distribute malware
Operations of America’s largest medical device maker Stryker remain 'disrupted' after five days of Iran-linked cyber attack
Payload Ransomware claims breach of Royal Bahrain Hospital, threatens data leak
Peak Neuro Investigating Alleged Admin Panel Access Sale
Phishing attack on Starbucks employee portal exposes nearly 900 workers
Pilana Group Targeted in Akira Ransomware Data Breach
Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center
Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign
Qilin Ransomware Attack Hits Ruhnau Clarke and Biogel
Ransomware attacks hitting Japan’s small, midsize firms
Ransomware Group Claims Breach of Bahrain Hospital, Threatens Data Leak
Ransomware is shifting targets, many organisations are not prepared
Rasi Seeds Suffers Data Breach by SnowSoul Ransomware
Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In Middle East and Africa (MEA)
Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter
Researchers Warn of Global Surge in Fake Shipment Tracking Scams
Retail Merchandising Services (RMS) Data Breach: Sensitive PII Exposed Including SSNs
Robotics firm Intuitive Surgical says cyberattack compromised business, customer data
Robotics surgical business Intuitive discloses phishing attack
Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures
Scammers Are Now Sending Fake 'Your Data Was Breached' Emails
Scammers are now skipping inboxes and going straight for your calendar
Security Firm Executive Targeted in Sophisticated Phishing Attack
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
Starbucks data breach: employee records exposed
Stryker attack raises concerns about role of device management tool
Stryker attack wiped tens of thousands of devices, no malware needed
Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack
Sweden’s digital ID provider CGI Sweden confirms data breach
Targeted Phishing Attack Breaches Biotech Company Data
Texas Firm Handing Out up to $5,000 per Person After Data Breach Exposed Names, Social Security Numbers and More
The Gentlemen Ransomware Hits Chase Asia, Payap University, and More
The Ransomware Economy is Shifting Toward Direct Data Extortion
The ransomware economy is shifting toward straight-up data extortion
The UK's plans to tackle ransomware
Threat actors linked to Russia target Ukrainian entities with new backdoor
U.S., UK and Canada launch operation targeting crypto phishing schemes
U.S., UK, Canada start Operation Atlantic to disrupt crypto approval-phishing scams
UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters
UK’s Companies House confirms security flaw exposed business data
US Secret Service, UK and Canada launch Operation Atlantic targeting crypto approval phishing scams
Westminster Village Greenwood Data Breach Exposes Sensitive PII and PHI
What smart factories keep getting wrong about cybersecurity
Woman linked to An Post cyber attack committed string of offences
Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison
Welcome to a special DLR Report solely focused on the Finance Sector, an exclusive presentation of Data-Leaking Ransomware Operator's Global and US Victims that were claimed in the Finance Sector in 2025.
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 2nd March and 8th March 2026, kindly assisted by our partners.