Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.

Monday, 11 May 2026

Data Breaches Digest - Week 20 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th May and 17th May 2026.


11th May

AI cyber attack threatens global financial crisis, warns International Monetary Fund

AI-Driven Cybercrime Spikes: Ransomware Victims Up 389% in New Fortinet Study

Australia: Deadline set by cybercriminal group looms as some institutions regain Canvas access

Australian toy distributor listed by M3rx ransomware

California Hits General Motors With Record $12.75 Million CCPA Privacy Settlement

Data breach fears for schools and universities grow after suspected ransom note

Fake income tax emails target Indians: Kaspersky warns of ‘SilverFox’ hacker attack

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fine of nearly £1 million issued against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

Fortinet Warns AI Is Accelerating Global Cybercrime as Ransomware Victims Surge 389%

Millions of Android users tricked into paying for fake call logs

Police Shut Relaunched Crimenetwork Dark Web Marketplace

Pro-Iranian hacker group claims to expose identities of Israeli special forces officers

Ransomware hackers are now threatening to indulge in Physical Harm or Violence

Rapid7 links Chaos ransomware campaign to Iranian state-sponsored MuddyWater espionage operation

Renegade recovers $190K after hacker returns 90% of stolen funds

Security teams are turning to AI to survive alert overload

Soomgo reports hacker extortion to authorities, probes possible data leak in Korea

South Korea: Former Police Officer Sentenced for Voice Phishing Money Laundering

The scam economy has found its AI upgrade

TrickMo Android banker adopts TON blockchain for covert comms

Uber hid drivers’ data rights, Dutch watchdog rules, stands by €10 Million penalty

Zara Data Breach Impacts Nearly 200,000 Customers

Posted by at
Labels:

Thursday, 7 May 2026

Ransomware Operator Claims - Week 18 2026

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 27th April and 3rd May 2026, kindly assisted by our partners.

DBD discovered and researched 165 Ransomware Victims over 40 Countries and Islands claimed by 36 Data-Leaking Ransomware Operators, including 2 Newly Discovered Ransomware Operators last week.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Download PDF



Data Source: Data Breaches Digest. Flag Icons created by Freepik and provided by Flaticon.

Posted by at
Labels: ,

Monday, 4 May 2026

Data Breaches Digest - Week 19 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 4th May and 10th May 2026.


10th May

A cyberattack on Canvas knocked out access for students at Harvard, Columbia, and hundreds of other schools during finals

FIFA World Cup 2026 Scams Spread Across Fake Ticket Sites, Shops, and Phishing Emails

Hacker group targeted companies in South Africa using fake South African Revenue Service (SARS) notifications

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Hackers Hijack JDownloader Site to Deliver Malware Through Installers

Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

India: Police probe major customs data breach

Instructure CEO apologizes after Canvas cyberattack causes data breach

International cyber attack disrupts swathe of universities and schools

Iran State-Linked Hackers Hid Espionage Campaign Behind Chaos Ransomware

NVIDIA Confirms GeForce NOW Data Breach Affecting Armenian Regional Partner

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Over 500 Organizations Hit in Years-Long Phishing Campaign

Police shut down reboot of Crimenetwork marketplace, arrest admin

Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms

Why last year's breach is this year's identity fraud

Zara Data Breach Exposed Personal Information of 197,000 People

9th May

Braintrust security incident raises concerns over AI supply chain risks

Brazilian trojan hijacks WhatsApp to spread crypto phishing

Britons build ‘emergency stashes’ as fears over cyber-attacks and power cuts grow

Canada: Federal data breach settlement hits $8.7M after hackers accessed thousands of tax accounts

Canada Set to Protect International Students Amid Canvas Data Breach: What Travelers and Study-Abroad Students Need to Know

Canvas hack exposes schools’ vulnerability to cyberattacks

cPanel, WHM Release Fixes for Three New Vulnerabilities - Patch Now

Fake income tax emails target Indians: Kaspersky warns of ‘SilverFox’ hacker attack

Fake OpenAI repository on Hugging Face pushes infostealer malware

Global Cyber Attack Disrupts Exams at 9,000 Schools and Universities

Global cyberattack disrupts thousands of universities and schools across three continents

Indian police arrest hacker Sriki in $1.3 Million Bitcoin theft case

International cyber attack disrupts swathe of universities and schools

JDownloader site hacked to replace installers with Python RAT malware

National University of Singapore (NUS): Students’ names, IDs ‘may have been exposed’ in Canvas cyberattack but passwords, marks safe

NVIDIA Confirms GeForce NOW Data Breach Affecting Regional Alliance Partner

Palo Alto Networks prepares patches for critical PAN-OS firewall zero-day

Plymouth radio station's urgent plea after devastating cyber attack

ShinyHunters lays claim to Canvas cyber attack as universities and schools around the world are hit hard

Shropshire Council among worst for serious data breach referrals, figures show

SilverFox targets users in India with fake IT department phishing attacks

Two new cyberthreats demonstrate how hackers are evolving

Universities recovering from Canvas cyber attack

University of Illinois restores access to the Canvas learning platform following ransomware attack

8th May

10 Data Breaches to Know About in April 2026

54 Below Data Breach Compromises Sensitive Information of 13,622 Patrons

‘A lot of anxiety’: National data breach shuts down Canvas right before finals

Advanced Family Surgery Center Data Breach: 100 GB Compromised

AI Firm Braintrust Prompts API Key Rotation After Data Breach

AI Will Tell Your Breach Story for the Next Two Years - Day One Decides What It Says

Americans Sentenced for Hosting Laptop Farms for North Korean Worker Scams

AssetMark Trust Data Breach Exposes Social Security Numbers

Australian Cyber Security Centre Issues Alert Over ClickFix Attacks

Belarus: Materials of the Kamunikat.org website, which suffered a hacker attack, have been restored

Beware! QR code phishing scam can let hackers steal your data via fake emails: Here’s how you can stay safe

BlackFog says only one in nine ransomware attacks go public

Can AI Solve the Hacker Attribution Problem?

Canvas back online after cyber attack that affected Broward County Public Schools, Florida International University (FIU)

Canvas back online for most after data breach; Columbia University among local schools impacted

Canvas breach disrupts students' access to study materials; Columbia University among schools impacted

Canvas Cyber Attack: How the Hack Happened and Updates on the Shutdown

Canvas Cyberattack - Hackers Claim Data From Nearly 9,000 Schools as Students Lose Access During Finals

Canvas data breach: Schools reach out to hackers as data leak hits thousands of US classrooms

Canvas Down Amid Nationwide Cyber Attack

Canvas hack: What families need to do right now

Canvas hacked: ShinyHunters attack exposes alarming new ransomware trend

Canvas hacked: University of Sydney students among 275 million users impacted by data breach, learning platform inaccessible

Canvas is back online, but questions - and final exam disruptions - linger

Canvas platform hacked by ransomware group during finals

Canvas ransomware breach disrupts Mississippi colleges and universities

Canvas restored after cyber-attack affects thousands of schools across Texas during finals

Canvas service restored as hacker group removes demands against Instructure

Canvas software back online after data breach affected Houston-area schools

Canvas, digital platform used by universities, back up after ransom hack

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data

Cloud Credential Worm ‘PCPJack’ Targets TeamPCP Victims

Cornerstone Care Center Data Breach Exposes SSNs and Medical Records

Cyber-attack on system widely used in US education disrupts final exams

Cybercrime group crashes University of Pennsylvania’s Canvas system, demands ransom to prevent data release

Data breach affects schools using Canvas; University of Illinois postpones final exams, assignments

Data breach fears grow as suspected ransom note appears

Data breach impacts thousands on school platform Canvas

Dirty Frag: Unpatched Linux vulnerability delivers root access

Dirty Frag Linux Vulnerability Exposes Major Distributions to Root Access Attacks

Disruptions to digital services and a surge in phishing emails

Dutch government moves ahead with national ID system despite US tech takeover fears

Duval County Schools disable Canvas after massive nationwide data breach

Education tool Canvas hacked, multiple US college newspapers report

Exams canceled at Boise State University amid alleged Canvas cyber attack

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam

Federal Jury Convicts Sohaib Akhter in US Government Database Deletion

Former government contractor convicted for wiping dozens of federal databases

General Motors (GM) to pay over $12 million in California privacy settlement involving driver data

Google Play Scam Apps Hit 7.3 Million Downloads with Fake Call Logs

Hacker attack on Belarusian culture archive

Hackers deface Instructure’s Canvas pages after major data breach

Hackers target Canvas, steal student data and messages with teachers

Helping North Korean IT remote workers is becoming a fast track to prison

Highmark Companies Data Breach: Financial Information Exposed

How Crowdsourced Security is Transforming the Public Sector Cybersecurity Landscape

“I’m locked out of my exam”: Canvas cyberattack sparks finals week panic nationwide

Indonesia: Four Suspects of Phishing SMS Blast Arrested by Authorities

Instructure Data Breach: What Business Leaders Need to Know

Instructure Restores Canvas Platform Following Major Student Data Breach

International cyber attack disrupts swathe of universities and schools

Is Canvas still hacked - what is a data breach? The shocking Canvas cyberattack timeline

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

James Madison University (JMU) postpones Friday finals due to Canvas data breach

James Madison University (JMU), Blue Ridge Community College (BRCC) moving forward after nationwide data breach affects Canvas learning system

Lautrec Data Breach Exposes Social Security Numbers and Medical Info

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Major data breach impacts schools across US

Massive data breach affects schools using Canvas nationwide; University of Pennsylvania reportedly impacted

Massive data breach of education platform 'Canvas' impacts schools across Florida

MemberSource Data Breach: 50 GB of Data Stolen

Mental health apps are collecting more than emotional conversations

Mercer University: Canvas returns after ShinyHunters ransomware attack on Instructure

Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations

Mozilla Fixes Record 423 Firefox Bugs in One Month

Multiple universities forced to reschedule final exams after Canvas cyber incident

Munster Technological University (MTU) Kerry hit by global cyber attack

National University of Singapore (NUS), Singapore Institute of Management (SIM) among Singapore institutions named in global data breach list

National University of Singapore (NUS), Singapore Institute of Management (SIM) among top Singapore institutions named in global data breach list

Nationwide data breach impacts students at University of Oklahoma and Oklahoma State University

New Linux 'Dirty Frag' zero-day gives root on all major distros

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

New York City (NYC) schools responds to Canvas cyber attack

North Carolina public schools, some universities cut Canvas access after ransomware attack

Northwoods Surgery Center Data Breach Exposes PHI and PII

NVIDIA confirms GeForce NOW data breach affecting Armenian users

Oshkosh schools say student data safe after Canvas outage

PCPJack Campaign Boots TeamPCP Off Compromised Machines

Pipestone Holdings Data Breach Exposes Sensitive Personal Information

Poland says hackers breached water treatment plants, and the US is facing the same threat

Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia

QR Code Phishing Fastest-Growing Email Threat In Q1 2026, Microsoft Warns

QR Code Phishing Is Fastest-Growing Email Attack: Think Twice Before Scanning Office Emails

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Queen’s University Belfast (QUB) affected by global cyberattack as ransomware group threaten to leak ‘everything’

Queensland students unable to submit assignments after cyber attack forces shutdown of QLearn and Canvas

Ransomware attack takes down Canvas at colleges nationwide including in Michigan

Ransomware attacks rise 45% as ransom payments fall

Ransomware Group Takes Credit for Trellix Hack

Roblox chat moderation gets bypassed by leet speak and code words

Rutgers University cancels Friday final exams after schools hit by cyber attack

RXNT begins notifying healthcare clients after patient data breach exposes records across multiple organizations

Schools, universities in North Carolina monitoring for potential impacts from Canvas data breach

Second Canvas data breach causes major disruptions for schools, colleges

Seton Hall University restores Canvas access after outage linked to worldwide data breach

Several Southern California schools impacted by widespread data breach involving Canvas learning software

Several top Canadian universities hit in massive global data breach

ShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities Affected

ShinyHunters Extorts Universities in New Instructure Canvas Hack

ShinyHunters leaks Cushman & Wakefield Salesforce dataset after failed negotiations

Some Canvas Users Receive Ransomware Threat After Data Breach

St. James Place Data Breach Exposes Personal Information of Patients

Starr Insurance discloses data breach following cyberattack claimed by Akira ransomware group

Student LMS 'Canvas' Goes Dark Worldwide: Hackers Demand Ransom or Leak Student Data By May 12th

Students at Universities Impacted By Global Cyber-Attack

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

The Canvas Hack Is a New Kind of Ransomware Debacle

The Canvas Hack Signals a New Era of Ransomware Chaos

Thousands of universities HACKED in cyber attack by shady dark web group demanding ransom and sends students scrambling

Time Equities Data Breach: 3.1TB of PII Exposed

Trellix hackers may have accessed far more than source code, researchers warn

Trellix source code breach claimed by RansomHouse hackers

Trellix Source Code Repository Breach Claimed by RansomHouse

UK firms urged to track hidden cyber attack surface

University of Iowa, Iowa State University among thousands of schools dealing with data breach

University of Memphis says Canvas restored after hacker attack

University of Witwatersrand (WITS) caught in data breach: Here’s the info compromised and that could be leaked

University of Witwatersrand (WITS) restores learning platform after cyber attack

US defense contractor who sold hacking tools to Russian broker ordered to pay $10 Million to former employers

Virginia man found guilty of deleting 96 government databases

What ceasefire? Iranian hacking group Handala leaks data of thousands of US Marines

What we know about the Canvas hack impacting thousands of schools

Who Is ShinyHunters? Hacker Group Claiming Canvas, Vimeo, Pornhub Attacks

Wisconsin universities and schools impacted by Canvas data breach

Worried about the nationwide Canvas data breach? Take these 6 steps now

Yale University’s learning management system down due to data breach

Your coworker might be selling company logins, and thinks it’s fine

ZARA: Data breach affects 197,000 customers

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Zara data breach exposed personal information of 197,000 people

7th May - World Password Day

$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets

A hidden flaw in Bitcoin Core could have crashed nodes for years: here’s the outcome

AI and Dark Web Make Passwords Obsolete in 2026

Americans sentenced for running 'laptop farms' for North Korea

Australia: Cyber attack exposes student and staff private details

Australia: Major cyber attack exposes private details of students and school staff

Australia: New South Wales, other states, investigating Instructure/Canvas data breach

Australia: Noosa students impacted in state-wide education data breach

Australian schools, universities left scrambling after personal data of students compromised in massive breach

Australian Universities and Schools Scramble After Global Data Breach Involving Canvas System

Australia warns of ClickFix attacks pushing Vidar Stealer malware

Belarus: Online Library Kamunikat.org Down After Hacker Attack

Belarus: Online library website Kamunikat suffered a powerful hacker attack

Businesses hide vast majority of ransomware attacks, report finds

California colleges report online learning platform outages following nationwide data breach

Canadian government to pay $8.7 Million to settle data breach class-action involving Canada Revenue Agency (CRA) accounts

Canvas back online after massive breach, but access restricted at some California campuses

Canvas Breach Disrupts Schools & Colleges Nationwide

Canvas data breach hits thousands of schools, including in Indiana

Canvas data breach prompts security review at Central Virginia schools

Canvas hack hits Nevada schools, disrupts finals as ransomware group threatens data leak

Canvas Hacked? Massive Canvas Cyber Attack Sparks Panic Across Colleges as ShinyHunters Claims Responsibility

Canvas login portals hacked in mass ShinyHunters extortion campaign

CISA Launches CI Fortify to Defend Critical Infrastructure From Nation-State Cyber Threats

CMS Provider Directory Database Found Leaking Healthcare Providers’ Social Security Numbers

Criminal hacker group ShinyHunters breaches Canvas

Critical PAN-OS zero-day vulnerability exploited in the wild, with no patches available

Crypto gang member gets 6.5 years for role in $230 million heist

Crypto gang's “muscle” helped steal $250M, then splashed out on designer clothes, Hermès Birkins, and $500K club nights

Cyber Hackers Target Mississippi Universities’ Canvas Systems, Claiming Data Breach and Demanding Ransom

Cyberattack targets multiple Michigan schools, universities in massive ransomware strike

Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA

Daemon Tools Developer Confirms Software Was Trojanized

Data Breach Affects 9000 Schools and Universities via Canvas Platform

Data breach causes Canvas to shut down, nearly 9,000 schools affected

Data breach of Utah-based company leads to nationwide issues; Local school districts experience data leak

Day Zero Readiness: The Operational Gaps That Break Incident Response

Duo Data Breach Victims File Lawsuit Seeking 1 Million Won Each

Experts warn passwords no longer sufficient in AI era

Fake Claude AI website delivers new 'Beagle' Windows malware

Fake Claude AI Site Drops Beagle Backdoor on Windows Users

Fortinet warns ransomware cases jumped 389% as AI accelerates cyberattacks

Global Instructure Breach Hits Queensland Schools Through QLearn Platform

Google Ads Campaign Targets GoDaddy ManageWP Login Credentials

Google Chrome Accused of Silently Installing 4GB AI Model on User Devices

Hackers claim 500K Coinbase France users exposed as researchers warn leak offers phsihing campaign "starter pack"

Hackers deface school login pages after claiming another Instructure hack

Hackers Exploit Microsoft Teams to Steal Credentials and Bypass MFA

Hackers hack victims hacked by other hackers

Hackers Use Fake Claude AI Site to Infect Users With New Beagle Malware

Hogwarts for Russian hackers: where GRU turns students into state-sponsored threat actors

Iranian government hackers using Chaos ransomware as cover, researchers say

Iranian hackers masqueraded as different hackers to mask spying effort

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti warns of new EPMM flaw exploited in zero-day attacks

Law Society criticises Legal Aid Agency (LAA) for lack of compensation after cyber attack

Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds

Major Canvas Data Breach Impacts Universities Worldwide: Have You Been Affected?

Major Data Breach Affects Tens of Thousands of Queensland Students and Teachers

Major data breach as private information of Australian students and teachers leaked

Malicious NuGet Packages Target Chinese .NET Ecosystem Developers

Microsoft Edge Loads Stored Passwords in Cleartext

New Phishing Attack Weaponizing Event Invitations to Steal Login Credentials

New TCLBanker malware self-spreads over WhatsApp and Outlook

New PCPJack worm steals credentials, cleans TeamPCP infections

North Carolina man pleads guilty to doxxing Supreme Court justices

One keypress is all it takes to compromise four AI coding tools

Operation Epic Fury Exposes Critical Operational Technology (OT) Security Gaps in U.S. Oil and Gas Sector

Palo Alto Networks firewall zero-day exploited for nearly a month

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto

Polish intelligence warns hackers attacked water treatment control systems

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Queensland Department of Education confirms students, staff impacted by ShinyHunters data breach

Queensland education sector caught up in major security breach affecting more than 200 million people globally

Ransomware Is Evolving Even When the Numbers Look Better

Researcher Shows Edge Browser Stores Saved Passwords in Plaintext

Researchers Spot Uptick in Use of Vercel for Phishing Campaigns

Salesforce Marketing Cloud Vulnerabilities Expose Cross-Tenant Subscriber Data Risks

Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams

'Security patches' put student learning system back online after hack

Seton Hall University Canvas down amidst data breach impacting roughly 9,000 universities

ShinyHunters claims nearly 9,000 schools affected by Canvas data breach

Some final exams postponed at University of Illinois as the learning platform Canvas is hit by ransomware attack

South Africa: FlySafair under fire after alleged data breach during R12 birthday ticket sale

South Korea: School IT contractor stole 221,000 photos to create deepfake porn of teachers, police say

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

Taiwan High-Speed Rail Disrupted by TETRA Network Exploit

The ‘code of conduct’ phishing campaign: What MSPs need to know right now

The rise of staged attacks: phishing now accounts for 30% of malicious traffic

Thousands of Vibe-Coded Apps Exposing Corporate, Personal Data

University of Michigan Canvas access disabled amid widespread cyber attack

University of Oklahoma (OU), Norman Public Schools part of worldwide Canvas hack by extortion group

University of Pennsylvania, Rutgers, Pennsylvania State University, and other universities nationwide lost access to Canvas platform in data breach

University of Sydney Faces Canvas Data Breach Affecting 9,000 Institutions

Vimeo data breach exposes personal information of 119,000 users after Anodot incident

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

VoIP Providers, Preferred by Attackers for High-Volume, Cheaper Email Scams that Reuse Phone Numbers

Wake schools notify parents of Canvas data breach

What Mozilla learned running an AI security bug hunting pipeline on Firefox

Why Outdated Maintenance Software Is a Growing Ransomware Risk

Will This World Password Day Be the Last?

Woflow Data Breach: Almost 448,000 Accounts Exposed in ShinyHunters Leak

World Password Day: Why Secure-by-Design Strategies Must Replace Password Dependence

6th May

35,000 users hacked? Microsoft reveals massive global phishing attack

AI accelerates ransomware surge as global attacks jump 389%

AI Tools Expose PostgreSQL and MariaDB Flaws Hidden for Decades

AI-Powered Phishing Demands a Shift From Awareness Training to Immersive Simulations, Experts Argue

Aroostook Mental Health Center reports data breach

Attackers compromised Daemon Tools software to deliver backdoors

Australia Forms Cyber Incident Review Board to Strengthen Defences After Major Breaches

Aviation targeted by ransomware gangs

Azure AD Security Bypass Exploits Phantom Device Registration and PRT Abuse

Bank phishing declines but still drives 26% of attacks

Bots outnumber humans online. Can we at least outsmart them?

Boutique phishing kit Saiga 2FA reappears with new campaigns and ‘lorem ipsum’ metadata

China-linked APT group attacking government entities in South America and Europe

Chrome on Android can now hide your exact location from websites

CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack

CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk

CISA Warns of Severe CopyFail Linux Vulnerability Under Active Exploitation (CVE-2026-31431)

CloudZ Malware Abuses Phone Link to Steal SMS OTPs

CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs

Conti, Akira Affiliate Sentenced to 102 Months in Prison for Ransomware and Extortion Operations Targeting over 50 Organizations

Coupang back in the red after data breach fallout

Coupang Posts $242 Million Q1 Loss Amid Data Breach Fallout

Coupang posts biggest quarterly loss in 4 years following last year’s major data breach

Coupang Posts Largest Quarterly Loss in 4 Years on Data Breach Fallout

Coupang swings to net loss in Q1 amid fallout from data breach

Critical Palo Alto Firewall Flaw Exploited to Gain Root Access

Critical vm2 sandbox bug lets attackers execute code on hosts

Critical vulnerability affects Ollama: 300,000 servers exposed to attackers

Cushman & Wakefield confirms Vishing-linked cyberattack amid claims by ShinyHunters and Qilin

D'Ambrosio Dodge Data Breach Exposes Sensitive Personal Information

DAEMON Tools developers confirm breach, release malware-free version

Data Breach Fallout Pushes Coupang Into Red as Demand Wavers

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Dental data breach leads to proposed US$3.3 Million class action settlement

Department of Justice (DOJ) says ransomware gang tapped into Russian government databases

Dutch citizens are suing to stop the US from taking over their national ID system

Empire Express Data Breach: 5k Individuals Impacted

Five Years Later: Lessons Learned From Colonial Pipeline Ransomware Attack

Fortinet flags surge in AI-driven cybercrime, 389% spike in ransomware victims

Fortinet reports 389% rise in ransomware victims

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

Google urges Android users to update their phones to combat phone takeover flaw

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

Hacker Exploits $1.4 Million Vulnerability in Ekubo Contract

Hackers abuse Google ads for GoDaddy ManageWP login phishing

Hackers compromise Daemon Tools in global supply-chain attack

Harvard, Oxford, and MIT named as hackers drop full Canvas breach victim list

Horizon Media Data Breach Exposes Social Security Numbers

IBM Italy Subsidiary 2026 Network Breach Reportedly Linked to Salt Typhoon

Investor Sues Coinbase to Return Frozen Assets Tied to 2024 Phishing Attack

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign

Iranian APT caught hiding behind Chaos ransomware activity

Iranian cyber espionage disguised as a Chaos Ransomware attack

Iranian state-backed spies pose as ransomware slingers in false flag attacks

Is Nvidia GeForce Now hacked? Alleged data breach situation explained

LaBonne's Markets Data Breach: Social Security Numbers Exposed

Law Society demands compensation for legal aid firms facing cashflow pressures from Legal Aid Agency (LAA) cyber-attack disruption

LinkedIn job scams push most professionals to verify roles before applying

Man sentenced for role in global ransomware group, targeted areas of southwest Ohio

Massive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion Malicious Requests in 5 Hours

Member of Prolific Russian Ransomware Group Sentenced to 102 Months in Prison

Member of Russian Ransomware Group Sentenced to 102 Months in Prison

Microsoft reports large-scale phishing campaign targeting organisations across sectors

Microsoft the main target of AI phishing attacks, report uncovers

Microsoft tops phishing brand rankings in first quarter

Microsoft Uncovers Cyber Attack Across 26 Countries as Phishing Increasingly Mimics Real Customer Journeys

Microsoft warns of large-scale phishing attack hitting 13,000 companies

Microsoft Warns of Massive Global Phishing Attack Impacting Thousands

Millions of students’ personal data stolen in major education breach

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Mt. Spokane Pediatrics Data Breach Affects 29k: SSNs Exposed

MuddyWater hackers use Chaos ransomware as a decoy in attacks

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

Multi-Stage AiTM Attack Uses Code Of Conduct Phishing Emails

Nepal: Cyber Bureau warns ConnectIPS users against phishing links

New CISA initiative aims for critical infrastructure to operate offline during cyberattacks

New Cisco DoS flaw requires manual reboot to revive devices

New phishing trick exploits Apple notifications to bypass spam filters

Nigeria is Africa’s most spammed country as 51% of unknown calls to citizens’ rank as fraud

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

One in Eight UK Workers Has Sold Their Corporate Logins

Only 1 in 9 ransomware attacks are made public says research

Only 1 in 9 Ransomware Attacks Made Public as Data Exfiltration Hits 96%

Open Source is the Tip of the Iceberg: Why Proprietary Software, Hardware and Protocols Face Greater AI-Driven Security Risk

Over 35k users, 13k organisations hit in global phishing attack

Palo Alto Networks to Patch Exploited PAN-OS Zero-Day (CVE-2026-0300) Starting May 13th

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto warns of critical software bug used in firewall attacks

PAN-OS Flaw CVE-2026-0300 Exposes Firewalls to Remote Code Execution

Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials

Phishing can masquerade as emergency alerts for disasters, researchers warn

Pro-Iran hacker group taunts US over bounty, urges focus on Epstein case

Ransomware and Data Extortion Groups Intensify Targeting of Aviation and Aerospace Sector

Ransomware attacks surge in auto industry, raising stakes for dealers

Ransomware Damage Surges 389% as AI Accelerates Cyber Threats

Ransomware Gang Member Linked to Russian Cybercrime Group Sentenced to Prison

Ransomware Gangs Escalate Attacks on Aviation and Aerospace Sector

Ransomware negotiator jailed for 8.5 years after exploiting stolen children’s health records and making millions

Ransomware-Wielding Attackers Target cPanel and WHM Software

Remus Malware Bypasses Browser Application-Bound Encryption Protections

Report Confirms Processor Overconfidence in Stopping a Cyber Attack

Romanian Man Extradited to US for Role in Hacking Scheme 17 Years Ago

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

Russian Hacker in the U.S. Charged with Damaging Critical Infrastructure in Several Countries, Including Latvia

Russian hacker pleads guilty to cyberattacks on US and Ukrainian energy infrastructure

RXNT Notifies Clients of a March Data Breach Exposing Patient Data

RXNT Notifies Customers About Cybersecurity Incident and Data Breach

ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users

South Africa: FlySafair leaked people’s private information during R12 ticket birthday sale

Starr Insurance Discloses Ransomware Attack

Student, faculty data ransomed by hacker group in Canvas breach

Suspected ‘courier’ in €10 million LuxTrust phishing scam arrested in France

Switzerland: Increase in ransomware and "phishing" cyberattacks

Sysco food distributor allegedly hit in Qilin ransomware claim

Taiwan High Speed Rail Hit by Spoofing Attack That Stops Three Trains

The Vimeo data breach exposed personal information of 119,000 people

US Army contractor leaks military base photos, personnel information for over a year

Vimeo Data Breach Exposes 119,000 Users Unique Email Addresses

Vimeo Data Breach Exposes Email Addresses of 119,000 Users

When Ransomware Hits, Governors Are Calling the National Guard

Why "strong passwords" can't save you from AI

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Zero-Auth Flaw Exposes Department of Defense (DoD) Contractor to Cross-Tenant Data Breach

5th May

15-year-old hacker arrested over massive French government data leak

35,000 Users Targeted in Phishing Campaign in Just Two Days

A critical bug in corporate file transfer software lets hackers bypass login entirely

AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk

Amazon Simple Email Service (SES) abused for sophisticated phishing attacks

Amazon Simple Email Service (SES) Turned Weapon: Sophisticated Phishing Attacks Surge Worldwide

Amazon Simple Email Service (SES) Phishing and BEC Attacks Leverage Leaked AWS IAM (Identity and Access Management) Keys

Anti-ICE Site GTFO ICE Accused of Exposing Data of 17,000+ Activists

Ardmore police database hit by ransomware attack

Aroostook Mental Health Center reports data breach

Attackers Abuse Amazon Simple Email Service (SES) To Send Authenticated Phishing Emails

Attackers Abuse Amazon Simple Email Service (SES) to Send Authenticated Phishing Emails That Bypass Security

Attackers Exploit Amazon Simple Email Service (SES) to Send Authenticated Phishing Emails

Australia: New South Wales government downgrades impact of alleged Treasury data breach

Australia launches cyber review board modeled on version disbanded in US

Canvas maker Instructure reveals data breach - confirms user personal information leaked

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

Clipboard to Encryption: The Critical Role of ClickFix in Ransomware Campaigns

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

Code of Conduct Phishing Emails Target 35,000 Users in Multi-Stage AiTM Attack

Connecticut Judicial Branch warns of targeted phishing scams

Conti ransomware gang member sentenced to 102 months in prison

Conti, Akira ransomware affiliate given 8-year sentence

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Cyber attack hit UAE's Fujairah Port 'minutes before' Islamic Revolutionary Guard Corps (IRGC) missile strike

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

DAEMON Tools trojanized in supply-chain attack to deploy backdoor

Dubai Police-led global operation takes down sophisticated investment fraud ring

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats

Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks

Education Sector Under Attack From State Espionage, Spear-Phishing, and Supply Chain Attacks

Educational tech firm Instructure data breach may have impacted 9,000 schools

Europol built “shadow IT database” under terror pressure, then lost control

Experts warn Amazon's Simple Email Service is being abused to launch 'massive volume' of phishing attacks

Facebook Phishing Campaign Hijacks 30,000 Accounts Using Google AppSheet

Facebook Phishing Scam Devastates 30,000 Accounts Through Deceptive Blue Tick Verification Scheme

Fake SSA Emails Drive Venomous#Helper Phishing Campaign

Federal Trade Commission (FTC) bans data broker Kochava from selling sensitive location info

Federal Trade Commission (FTC) to ban data broker Kochava from selling Americans’ location data

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

Gateways Community Services Data Breach Exposes SSNs and More

German officials advance legislation that would expand law enforcement use of surveillance technology

German regulator sits on hands as facial recognition tool PimEyes amasses billions of faces

Goodwin University Data Breach Exposes Both PHI and PII

Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts

Google Update: Android Flaw Could Put Billions of Devices at Risk

Hackers Mass-Exploit Critical cPanel Vulnerability May Impact 550,000+ Potentially Vulnerable Servers

Hackers steal students’ data during breach at education tech giant Instructure

Hackers Target Education Sector With Spear-Phishing Attacks

Healthcare Firm Suffers Major Data Breach - Personal, Medical and Health Records of 143,842 People at Risk

Helix Energy Solutions Data Breach Exposes PII: Thousands Affected

Instructure confirms breach; millions of Canvas users potentially impacted

Instructure Confirms Canvas Cybersecurity Incident, User Data Accessed

Instructure confirms cybersecurity incident

Instructure hacker claims data theft from 8,800 schools, universities

Instructure Inc. Data Breach: 3.65TB Data Stolen

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

Karakurt Ransomware Negotiator Sentenced to Prison

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

Latvian Cybercriminal Jailed for Role in Multi-Million Dollar Ransomware Scheme

Latvian national sentenced for ransomware attacks run by former Conti leaders

Lawyer says stolen crypto belongs to North Korea, not scam or hacking victims

Locked out at lunchtime: why ransomware is now a real risk for Scotland’s hospitality trade

Major cyber attack against San Diego Community College District

Major shift in Chinese cyber attack activity

Member Of Russian Ransomware Group Sentenced To Prison

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft Edge writes passwords to memory in cleartext: a gift for attackers

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

Microsoft reports 8.3 billion phishing threats as QR codes surge

Microsoft Reveals Phishing Attack Targeting 35,000 Users in 26 Countries

Microsoft warns of global campaign stealing auth tokens from 35K users

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Most Financial Scams Don’t Hack Systems - They Hack People

Murata Electronics Data Breach: Social Security Numbers Exposed

Mythos AI hacking fears prompt UK health service crackdown on open-source code

National Cyber Security Centre (NCSC) Warns of an AI-Fuelled “Vulnerability Patch Wave”

New Infostealer Dubbed ‘Pheno’ Hijacks Windows’ Phone Link App to Steal MFA OTPs

New stealthy Quasar Linux malware targets software developers

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

North Korean APT Targets Yanbian Gamers via Trojanized Platform

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

One in four MCP servers opens AI agent security to code execution risk

Personal data of hundreds of Asian football players exposed online

Phishing Campaign Impersonating the U.S. Social Security Administration Targets 80+ Organizations

'Phishing campaigns continue to improve sophistication and refinement': Microsoft flags major 'sophisticated' phishing campaign targeting 35,000 users across 26 countries

Pro-Iran hacker group claims access to Fujairah Port classified data

Pro-Iran hacker group claims coordinated cyber, missile attack on Fujairah Port

Pro-Iran hacker group claims it has classified data on 400 US Navy marines

Ransomware negotiator sentenced for role in major cyber crime group

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking

Retail stakeholders 'underestimate cyber attack disruption'

Saiga phishing kit returns to bypass multifactor authentication

San Diego Community College District (SDCCD) struggles to recover from cyber attack

ScarCruft hackers push BirdCall Android malware via game platform

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ShinyHunters claims Cushman & Wakefield breach, 500k Salesforce records at risk

ShinyHunters impersonator claims to have hacked Nvidia’s GeForce Now

Silver Fox expands Asia cyber campaign with new ABCDoor malware

Silver Fox Uses Fake Tax Notices to Deploy ValleyRAT and New ABCDoor Backdoor

Sophisticated “Microsoft Advertising” Phishing Campaign Targeting Microsoft Ad Users

Southcoast Health Data Breach Exposes Social Security Numbers

Student hacked Taiwan high-speed rail to trigger emergency brakes

Teen hacker arrested over French government data leak

The Art of Security: It Is Time to Rethink the CISO’s Role

Transport businesses underestimate impact of disruption from a cyber attack

Trellix confirms data breach after hack of 'a portion' of its source code

Trellix investigates data breach after unauthorized access to source code repository

Trellix reports data breach following unauthorized access to source code repository

Trellix Reveals Unauthorized Access to Source Code

Triad Radiology Associates reports employee email data breach

Trojan abuses Microsoft Phone Link app to steal your passwords

U.S. court sentences Karakurt ransomware negotiator to 8.5 years

Uganda: Mobile money agents sentenced over client personal data breach

Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say

Vimeo confirms breach via third-party vendor impacts 119K users

Vimeo data breach exposes personal information of 119,000 people

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Western Orthopaedics Data Breach Exposes Patients' Personal and Health Information

What the Celebrity Stalkerware Breach Means for Executive Protection

Your Employees Know What Phishing Looks Like. They’re Still Getting Fooled. Here’s Why

Your job search is getting riskier, says LinkedIn - 9 ways to tell real listings from scams

4th May

7 Ways to Modernize Employee Phishing Training for AI-Driven Threats

15-year-old detained over massive data breach at French government agency

2026: The Year of AI-Assisted Attacks

AI Accelerated Cyber-Attacks Aren’t New, But They Are Faster

Amazon Simple Email Service (SES) increasingly abused in phishing to evade detection

Attempted cyber attack affects San Diego Community College systems

Backdoored PyTorch Lightning package drops credential stealer

Bluekit Phishing Kit Automates Domain Setup and Session Hijacking

Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel

Bluekit phishing kit enables automated phishing with 40+ templates and AI tools

Boutique phishing kit Saiga 2FA reappears with new campaigns and ‘lorem ipsum’ metadata

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Canvas Breach May Put 275 Million Users, 9,000 Schools at Risk

Canvas Confirms Data Breach Following ShinyHunters Claim

Canvas Parent Instructure Confirms Data Breach After ShinyHunters Claims Attack

CISA Alerts on cPanel & WHM Flaw Actively Exploited in Attacks

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

CISA Warns of Linux Kernel Zero-Day Vulnerability Exploited in Active Attacks

Critical Apache MINA Flaws Enable Remote Code Execution Attacks

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

Cybercriminals Abuse Tanstack Package To Target Developer Environments

Cybersecurity professionals jailed for ransom attacks

Cybersecurity Professionals Sentenced to Prison for Ransomware Attacks

Data breach hits Canvas learning platform serving millions

Department of Justice (DOJ) Sentences Two Americans for ALPHV BlackCat Ransomware Attacks

DigiCert breached via malicious screensaver file

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats

Educational company Infrastructure reports cyber incident

Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks

Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge

FBI Warns of Surge in Cyber-Enabled Cargo Theft Targeting Logistics Firms

Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701 Million

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

Hackers breach Canvas learning platform serving millions, steal student data

Hackers replace top Google result for Homebrew with sponsored MacOS malware

Hackers threaten to leak Canvas messages and emails: 275 Million students at risk

If You See This X Message - A Hacker Is Attacking Your Account

Indirect Prompt Injection Is Now a Real-World AI Security Threat

Instructure confirms data breach, ShinyHunters claims responsibility

Instructure data breach: ShinyHunters says it stole data and private messages from 275 million teachers and students

Instructure Data Breach by ShinyHunters puts Students and Teachers to Cyber Risks

Instructure Faces Cyberattack Resulting in Data Breach Affecting Millions in Education Sector

Instructure Investigating Cyber Attack, Exposure of User Data

Instructure Restores Services Following Major Edtech Data Breach

Instructure, Parent of Canvas, Confirms Data Breach

Kaspersky Reveals SilverFox Cyber Attack Disguised as Tax Audit in Indonesia

KnowBe4 finds 86% of phishing attacks now AI-driven

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Liberty Mutual listed on ransomware leak site as Everest group claims 108 GB data theft

Major car brands face 'unavoidable trade-off' as hackers target millions of vehicles, ex-FBI cyber chief warns

Man from Russian group sentenced in $56 million ransomware scheme

Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)

National Cyber Security Centre (NCSC) Warns Organisations to Act Fast as Hidden Software Flaws Surface

New ‘Bluekit’ Phishing Kit Uses AI Assistant to Simplify and Scale Cyber Attacks

New Phishing Scam Uses Fake Party Invites To Steal Passwords And Personal Data

New Zealand electrical contractor confirms cyber attack

Over 40% of UK Firms Hit by Cyber Attacks Last Year, Government Survey Finds

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Phishing Emails Now Look Legitimate, One Wrong Click Can Expose OTP And Bank Accounts

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress warns of critical MOVEit Automation auth bypass flaw

Ransomware accounts for 90% of cyber losses in manufacturing, claims data shows

Ransomware group claims breach of pro-Orbán Hungarian media firm

Ransomware In 2026: Newer Groups, Severe Impact

Ransomware Victims Jump To 7,831 As AI Crime Tools Scale Global Attacks

Rhode Island Settles With Deloitte for $12 Million Over 2024 Ransomware Attack on Benefits System

RMM Tools Fuel Stealthy Phishing Campaign

Sandhills Medical Foundation Notified Individuals of a May 2025 Data Breach

Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later

ShinyHunters Claims Responsibility for Breach of EdTech Company Instructure

ShinyHunters Claims Responsibility for Instructure Data Breach

ShinyHunters impersonator claims to have hacked Nvidia’s GeForce Now

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Small Defense Firms Lack Network Data to Stop Nation-State Hackers

South Korea: Phishing Sites Disguised as KakaoTalk, Claude Downloads Steal User Data

Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition

'The inbox is no longer the only front line': Report claims vast majority of phishing attacks are now generated by AI - here's how to stay safe

‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft Teams

Thousands of Facebook accounts stolen by phishing emails sent through Google

Trellix Confirms Source Code Repository Breach

Trellix discloses data breach after source code repository hack

Two cybersecurity pros get prison time for helping ransomware gang

US government warns of severe CopyFail bug affecting major versions of Linux

US healthcare marketplaces shared citizenship and race data with ad tech giants

Weaver E-cology critical bug exploited in attacks since March

Who owns the decision to pay ransomware attackers?

Your work apps are quietly handing 19 data points to someone

Posted by at
Labels:
Subscribe to: Posts (Atom)