Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 19th January and 25th January 2026.25th January
Browser-in-the-Browser: The New Facebook Phishing Attack That Targets Users’ Login Information
Cybersecurity’s New Business Case: Fraud
Hackers Use ‘rn’ Typo Trick to Impersonate Microsoft and Marriott in New Phishing Attack
LinkedIn phishing campaign exposes dangerous DLL sideloading attack
Microsoft Warns of Multi-Stage AiTM Phishing and BEC Attacks Targeting Energy Sector Organisations
Nigerian Businesses Urged to Prioritise Staff Training As Phishing Threats Escalate
Nike is investigating a possible data breach, after WorldLeaks claims
Paying ransomware attackers is making companies more vulnerable
Phishing Comments Invading LinkedIn: Here’s What to Watch For
Researchers Detail Data Theft And Encryption Chain In Osiris Ransomware Case
South Korea: Gwangju Prosecutors' Office Loses Bitcoin in Phishing Attack
South Korea: Osan Air Base security measure raises data breach concerns
South Korean Prosecutors Lose $47 Million Seized Bitcoin To Phishing Attack
24th January
149 million passwords for Gmail, Facebook, Instagram and other popular services exposed online - how to stay safe after this major leak
About 100K Munson Healthcare patients may be affected by data breach
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to Known Exploited Vulnerabilities (KEV) Catalog
FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys
Gmail passwords data breach fears surge after a massive credential database is found exposed online
How to avoid phishing scam on Instagram
Instagram denies data breach after mass emails prompting users to reset passwords
Instagram Denies Major Data Breach Amid Claims 17 Million Users Affected
Konni hackers target blockchain engineers with AI-built malware
Massive data breach alert: 149 million credentials exposed from Apple iCloud accounts, Gmail, and Instagram
Massive Data Breach Alert: 149 million credentials exposed! Gmail, Facebook, Instagram, Netflix users at risk
Massive Data Breach Exposes 149 Million Accounts: Gmail, Instagram, Facebook, Roblox & More
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
Nike Hit With Massive Data Breach As Jordan Brand Files Leaked On Dark Web
Nike Investigating Potential Ransomware Attack By World Leaks Hacker Group
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Report Shows Surge in QR Code Phishing Attacks
Sandworm hackers linked to failed wiper attack on Poland’s energy systems
Social Security data breach raises identity theft risk for millions
Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign
'Weaponized AI' could be the biggest security threat facing your business this year - here's what experts say you should be on the lookout for
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents
23rd January
48 Million Gmail Credentials Exposed Online in Latest Data Breach
149 Million Credentials Exposed - FaceBook, Instagram, Government and More Included
149 Million Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online
149 Million Passwords Exposed in Massive Data Breach
Advanced Phishing Kits Use AI Voice Cloning for Vishing Scams
Advanced voice phishing kits emerge
AI and the role of cyber-security
An important password management company is suffering a phishing attack that could lead you to lose your account
Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks
Athletics giant Nike actively investigating data breach claims
Attackers exploit SharePoint for energy sector phishing campaigns
Beyond the Breach: How the Jaguar Land Rover (JLR) Cyber Attack Exposed Vulnerabilities Across British Business
BlueNoroff: The Hacker Group Revolutionizing Cybercrime
Buncombe County emergency alerts not working following cyber attack
Cerner-linked data breach exposes personal data for Munson patients
ChristianaCare faces class-action lawsuit after patient data breach
CISA confirms active exploitation of four enterprise software bugs
CISA Updates Known Exploited Vulnerabilities (KEV) Catalog with Four Actively Exploited Software Vulnerabilities
Clawson Honda Data Breach Exposes Sensitive Personal Information
Comcast agrees to $117.5 million settlement to resolve data breach lawsuits
Coupang investors petition U.S. to probe Korea over handling of data breach
Coupang investors seek US probe over South Korea's handling of data leak
Coupang Shareholders Seek US Inquiry into eCommerce Company’s Data Breach
Crypto tax app Waltio reported user data leak
Custom-made 'vishing' kits are attacking SSO accounts across the world - Google, Microsoft and Okta under threat, here's what we know
Cyberattack disrupts digital systems at renowned Dresden museum network
Cybercrime Statistics And Facts
Cybercrooks are now creating live, personalized phishing pages in real time
Cyber Criminals Are Using LLMs For Phishing Attacks, Here’s How
Data breach affects 100,000 Munson Healthcare patients
Data Breach at Diversified Benefit Services Insurance Marketing Exposes SSNs
Data breach exposes 149 Million login credentials for apps such as Gmail, Instagram, Netflix and more
Data Leak Exposes 149 Million Logins, Including Gmail, Facebook
Dresden State Art Collections Targeted in Cyber Breach
Epitech Data Breach: User Profile Database Scraped
Firm Detected a Fivefold Surge in QR Code Phishing Attacks in the Second Half of 2025
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet confirms critical FortiCloud auth bypass not fully patched
France’s Waltio faces ransom threat from notorious hacker collective
French Authorities Investigate Data Breach Affecting Crypto Tax Platform
French Crypto Platform Waltio Hacked, 50,000 Users at Risk
French Police Probe Waltio Data Breach as France Warns of Crypto Kidnappings
French regulator fines company €3.5 Million over data sharing and tracking cookies
From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience
From Password Overload To Data Breach: The Cost Of Tech Burnout On Employees
GDPR fines surpass £1 billion as data breach notifications surge
GitLab Releases Critical Patch Updates to Address Multiple High-Severity Vulnerabilities
Glendale OB/GYN Data Breach Affects Sensitive PII and PHI
Hacker Leaks Alleged Data of Three Spanish Transport Ministry Officials After Adamuz Train Crash
Hackers are using fake maintenance emails to trick LastPass users
Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds
Hackers Disable Windows Security With New Malware Attack
Hackers exploit critical telnetd auth bypass flaw to get root
Hackers exploited SharePoint to steal credentials from multiple energy companies
Hacktivist attacks escalated in 2025, targeting critical infrastructure
Huge data leak of 149 million credentials exposed without any protection - 98GB of unique usernames and passwords from financial services, social media accounts and dating apps
INC Ransom Backup Server Security Fail Enabled 12 US Companies to Recover Their Data
INC ransomware data recovered due to operational security lapse
India hit by China-linked phishing campaign, unleashes malware to create long-term spy backdoor
Investigation underway after 72 Million Under Armour records surface online
K-Chess Data Breach: 83,000 User Records Leaked from Online Platform
Kaspersky warns of surge in QR code phishing emails
LAPSUS$ Group Breaches Salesfloor Exposing 4TB of Retail Data
LastPass Says Even More Phishing Emails Are Being Sent to Its Users
Lovsuit.com Data Breach: French Dating Site Database Leaked
Major leak exposes 149 Million credentials with Instagram, OnlyFans, TikTok passwords
Malicious AI extensions on VSCode Marketplace steal developer data
Manage My Health Data Breach: Fraudsters May Target Patients With Phishing, Company Warns
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
Massive Data Breach Exposes 149 Million User Passwords For Gmail, Facebook, & More
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops
Microsoft SharePoint Abused in Phishing Attacks Targeting Energy Companies
Microsoft warns of rising AitM phishing attacks on energy sector
Minnesota DHS Reports Access-Related Data Breach
More than 47,000 claims filed in class action over 2024 RIBridges data breach
Munson Healthcare confirms data breach involving patient information
New LockBit 5.0 variants, affiliate panel uncovered
New Multi-Stage Windows Malware: Microsoft Defender Disabled Before Ransomware And Spy Tools Are Deployed
New Osiris ransomware linked to experienced attackers
New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
Nike Allegedly Breached by WorldLeaks Ransomware Group in Major Cyberattack
Nike Allegedly Compromised by World Leaks Ransomware Group
Nike Allegedly Hacked by WorldLeaks Ransomware Group
Nike Allegedly Targeted in Cyberattack by WorldLeaks Ransomware Group
Nike and Under Armour’s Potential Ransomware Attacks: What to Know
Nike investigating a reported ransomware attack
Nike Probes Potential Breach After Threat From Hacking Group
Nike Probes Reported Cyber Attack After Ransomware Group Claims Data Theft
Nike Reportedly Hacked by World Leaks
No, the Internal Revenue Service (IRS) didn't text or email you - 3 ways to protect yourself from scams
North Korean Hackers Using Malicious QR Codes in Phishing Attacks
Okta SSO Accounts Targeted in Vishing Campaign that Uses Custom Phishing-as-a-Service Kits, ShinyHunters Allegedly Behind It
Okta Uncovers Custom Phishing Kits Built for Vishing Callers
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Okta warns of multiple vishing attacks that can defeat MFA
One in 10 UK businesses ‘would not survive’ a major cyber attack, warns Vodafone Business
One-time SMS links that never expire can expose personal data for years
Patients of Philadelphia’s Laurel Health Centers Affected by Data Breach
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Phishing campaign exploits RMM tools for stealthy access
Phishing Kits Now Sync With Live Phone Scammers to Defeat Multifactor Authentication
Ransomware attack exposes Social Security numbers at major gas station chain
Ransomware attack on Under Armour leads to massive customer data exposure
Ransomware Hackers Leak Under Armour Customer Data
Researchers say Russian government hackers were behind attempted Poland power outage
Russian military intelligence hackers likely behind December cyberattacks on Polish energy targets, researchers say
Santa Barbara District Attorney’s Office Issues Public Service Announcement on Phishing Scam
Security Vendors, Fortune 500 Companies Exposed and Exploited
ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
South Korea Loses Nearly $48 Million In Bitcoin To A Phishing Scam
South Korea Probes Theft of Seized Bitcoin Worth $48 Million in Suspected Phishing Heist
South Korean police admit losing seized bitcoin in phishing scam
South Korea Probes Loss of Seized Bitcoin in Suspected Phishing Breach
South Korean prosecutors investigate disappearance of seized Bitcoin following phishing attack
South Korean Prosecutors Lose $47.7 Million in Seized Bitcoin to Phishing Attack
Spyware disguised as ChatGPT is harvesting data from 1.5 Million VS Code developers
The Evolving Menace: Ransomware in 2025 and What to Expect in 2026
Under Armour data exposure puts 72.7 million shoppers on alert after ransomware leak
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
US to deport Venezuelans who emptied bank ATMs using malware
Venezuelan Nationals Face Deportation After Multi State ATM Jackpotting Scheme
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Waltio Faces Extortion Following Data Breach of 50,000 Clients
Waltio Files Complaint Over Extortion and Crypto Data Breach
Was Nike hacked? Attackers threaten to leak apparel giants’ data
What CISOs Need to Know About Ransomware: The AI Revolution Behind the Threat
Who is Behind Under Armour's Reported Data Breach?
Why This New Ransomware is Impossible for Standard Security to Stop
Winona County responding to ransomware incident affecting computer network
Winona County responds to computer network ransomware
Your MFA is no longer enough: Phishing kits bypass multi-factor authentication
22nd January
A New LinkedIn Phishing Scam Is Targeting Executives - How to Avoid Falling for It
Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
BuyLottoOnline Investigating Alleged Data Breach Involving 38,000 User Records
Cambodian Voice Phishing Convict's Sentence Reduced to Eight Years
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco Patches Zero-Day Flaws Amid Chinese Hacker Exploits in 2026
Coupang Controversy: U.S. Investors Challenge South Korea Over Data Breach Fallout
Coupang investors call for U.S. probe of Seoul government's response to data breach
Coupang investors seek US probe over Korea's handling of data leak
Coupang Investors Want US to Investigate eCommerce Firm’s Data Breach
Credit Glory Data Breach Exposes 500k Customer Records
Criminals hit the easy button for Scattered-Spider style helpdesk scams
Critical Appsmith Flaw Enables Account Takeovers
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
Daedong-USA confronts US data-breach fallout and right-to-repair pressures
Dark Web Profile: Anubis Ransomware
Department of Justice (DOJ) Says Ransomware Gangs Used $1.2 Billion in Crypto to Fund Global Operations
Domain spoofing used in 90 percent of top phishing attacks
Energy sector orgs targeted with AiTM phishing campaign
Europe's GDPR cops dished out €1.2 Billion in fines last year as data breaches piled up
European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data
Everest ransomware claims major data theft from McDonald's India division
Exposed training apps are showing up in active cloud attacks
Financial Firms Are Failing Basic Cybersecurity, Bank of England Finds
Fortinet Admins Report Active Exploits on “Fixed” FortiOS 7.4.9 Firmware
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Gran Cursos Online Data Breach Exposes 570k User Records
Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation
Greek police bust car‑trunk cell tower scamming phones across Athens
Grubhub class action alleges customer and driver PII compromised in 2025 data breach
Hackers Are Using LinkedIn DMs and PDF Tools to Deploy Trojans
Hackers breach Fortinet FortiGate devices, steal firewall configs
High-Profile Data Breach in Australia Sparks Renewed Push for Stronger Privacy Law Enforcement
How a hacker turned AI slop into VoidLink, a powerful new Linux malware
How to stop iPhone apps from tracking you (and why you shouldn't wait to do it)
INC ransomware operational security fail allowed data recovery for 12 US organizations
Ingram Micro Data Breach Affects Over 42,000 People After Ransomware Attack
Ireland proposes new law allowing police to use spyware
Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war
LastPass Backup Phishing Campaign Exposed: Deceptive Requests Target Password Vaults
LastPass ‘create backup’ email is a phishing scam targeting your master password
LastPass “create backup” email is a scam, the company warns
LastPass Phishing Attack: Protect Your Master Password Now
LastPass Warns of Fake Maintenance Messages Tricking Users Into Stealing Master Passwords
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
LastPass Warns of Phishing Campaign Targeting Its Customers
Linux users targeted: hackers invade Snap packages with crypto-stealing malware
LockBit 5.0 Ransomware: New Threats and Advanced Tactics
Luxshare ransomware attack puts Apple, Nvidia data at risk
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
Menulux Data Breach Exposes 93,000 Customer Records
Microsoft tops phishing hit list as cybercriminals hunt login credentials
Mid-Sized Manufacturers Lead Ransomware Spike
Minnesota: Over 300,000 Impacted By MnCHOICES Program Data Breach
New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks
New Osiris ransomware reveals sophisticated tactics and experienced attackers
Okta SSO accounts targeted in vishing-based data theft attacks
One in Ten UK Businesses Fear They Would Not Survive a Major Cyberattack
One in ten UK businesses say a major cyber attack could shut them down
One in Ten UK Firms “Wouldn’t Survive” a Cyber-Attack
Osiris Ransomware: Inc Group’s BYOVD Attacks and Mitigation Tips
Over 160,000 Companies Notify Regulators of GDPR Breaches
PcComponentes denies data breach, confirms credential stuffing attack
PcComponentes denies data breach, confirms credential stuffing attack on customer accounts
PcComponentes Incident Was a Credential Stuffing Attack Using Infostealer Logs
Pentest tools left online are allowing hackers to exploit Fortune 500 firms
Phishing from risky URLs now top digital threat in The Philippines
Protecting HR & payroll from cyber-attacks in 2026 and beyond
QR Code Phishing Emails Surge Globally
QR Code Phishing Surges Fivefold as Cybercriminals Target Mobile Users
RansomHub Ransomware breach exposes sensitive Apple Inc Data
Ransomware Attacks Plateau in Education Sector, While Third-Party Risks Loom Large
Ransomware negotiators are one step away from the Wild West, with no rules of any kind
Ransomware gang’s slip-up led to data recovery for 12 US firms
Ransomware surged in 2025: Where next in 2026?
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
ReliaQuest Uncovers Social Media Phishing Campaign Built on Trusted Tools
Republic.com Alleged Data Breach Exposes 4.9 Million Users
Saga shuts down its network temporarily after $7M cyber theft
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Social Security numbers may have been exposed in data breach connected to Ohio car dealership
South Korea: Gwangju Prosecutors Lose Seized Bitcoin in Phishing Attack
South Korea: Gwangju prosecutors lose seized bitcoin in suspected phishing theft
South Korea: Phishing Suspect's Text Leads to Own Arrest
South Korea: Police Officer's Instinct Nabs Voice Phishing Suspect at ATM
South Korea: Supreme Prosecutors' Office to Punish Cambodian Fraud Suspects
South Korean Prosecutors Lose $48 Million in Seized Bitcoin to Phishing Scam
South Korean Prosecutors Lose Seized Bitcoin In Suspected Phishing Attack
Spanish e-retailer PcComponentes denies report it was hacked
Spanish judge closes NSO Group spyware probe due to lack of cooperation from Israel
Sportswear giant investigating data breach affecting millions
The internet’s oldest trust mechanism is still one of its weakest links
The rising complexity of financial crime in Malaysia
Third-party data breach prompts patient alert at Jupiter Medical Center
Top PC components store denies data breach - PcComponentes says it is safe, despite hacker claims
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
Under Armour Is Seemingly Dragging Its Feet on Investigating Data Breach
Under Armour looking into data breach affecting customers' email addresses
Under Armour Ransomware Attack Exposes 72 Million Email Addresses
Under Armour says it’s ‘aware’ of data breach claims after 72 Million customer records were posted online
Understanding phishing threats is vital
Valley Eye Associates Announces Data Security Incident Affecting Sensitive Data
Venezuela Domain Surge Signals Geopolitical Cyber Activity of Opportunistic Threat Actors Looking to Steal PII and Financial Data
VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks
We’ve Reached the “Customers Want Security” Stage, and AI Is Listening
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
21st January
60% of cyberattacks on logistics start with an email you nearly clicked
A new LinkedIn phishing scam is targeting executives online - make sure you don't fall for this
Afghan government offices subjected to phishing campaign
Afghan Government Workers Targeted with Phishing Lures in Nomad Leopard Campaign Delivering FalseCub Malware
AI phishing: How scammers use artificial intelligence to trick you
Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare - Confidential Data Exposed
Apple Supplier Luxshare Allegedly Hit by Ransomware, Customer R&D Data Leaked
Aultman Health System facing class action lawsuit over newly revealed data breach
BBSRadio Data Breach Exposes User Emails and IDs
Better Business Bureau (BBB) Alert: How the X Phishing Scam Locks Accounts and Pushes Fake Crypto Deals
Better Business Bureau (BBB) warns of X phishing scam locking accounts and pushing crypto
BHG Financial Data Breach Exposes Social Security Numbers
Black Basta Ransomware Group Exposed in Europe, Russian Leader Is Now Among EU’s Most Wanted
Black Basta’s alleged ringleader identified as authorities raid homes of other members
Britain International Academy Source Code Leak and Secrets Exposure
Cambodian scam mastermind finally arrested after being exposed years ago
Carlsberg Event Wristband Leaked PII, Researcher Told Not to Disclose
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Chainlit AI framework bugs let hackers breach cloud environments
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Cisco fixes Unified Communications RCE zero day exploited in attacks
Columbia Medical Data Breach Exposes Social Security Numbers
Critical Cloudflare flaw allowed hackers to reach web servers directly
Critical Vulnerability in Advanced Custom Fields: Extended Plugin Puts 100,000 WordPress Sites at Risk
Crooks impersonate LastPass in campaign to harvest master passwords
CSEA Local 1000 Data Breach Affects 47,352 Members Exposing Social Security Numbers
Cyber attack would put one in 10 firms out of business
Cyber attack would wipe out over 10% of UK businesses
Cyber Resilience in Healthcare: Lessons from 2025 and Priorities for 2026
Cybercriminals speak the language young people trust
Don't click on the LastPass 'create backup' link - it's a scam
EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act
Evelyn Stealer campaign weaponizes Microsoft’s Visual Studio Code ecosystem
Everest ransomware gang said to be sitting on mountain of Under Armour data
Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems
Everest ransomware group claims McDonald’s India data breach
Expert Insight on Under Armour’s Exposed Customer Data
Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch
Eye on Scams: Social media password reset phishing email scams
Fake Lastpass emails pose as password vault backup alerts
FBI warns QR code phishing used in North Korean cyber spying
Fortinet admins report patched FortiGate firewalls getting hacked
Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
Greek police arrest scammers using fake cell tower hidden in car trunk
GrubHub Data Breach: Hackers Steal Data & Demand Ransom
Hackers exploit security testing apps to breach Fortune 500 firms
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware
Hacktivists Became More Dangerous in 2025
Have I Been Pwned (HIBP) adds alleged Under Armour data breach impacting 72 million emails
Hopeful Co Ltd Data Breach Exposes 158k Customer Records
India’s breach brief: 5 structural security failures CISOs can no longer ignore
Ingram Micro admits 42,000 people impacted by ransomware attack
Ingram Micro Data Breach Exposes Sensitive Information of Over 40,000 People
Iranian TV Transmission Hacked With Message from Exiled Prince
Jupiter Medical alerts patients after third party data breach exposes health records
Jupiter Medical Center alerts patients to Cerner data breach affecting personal health records
Key Apple supplier suffers data breach that could expose confidential product files
LastPass issues alert as customers targeted in new phishing campaign
LastPass Users Targeted With Backup-Themed Phishing Emails
LastPass warns backup request is phishing campaign in disguise
LastPass Warns of Fake Maintenance Message Tracking Users to Steal Master Passwords
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
LastPass warns of phishing campaign targeting vault credentials
LastPass warns of vault backup phishing emails
LastPass warns users of new phishing campaign sending out fake support messages
Lawsuit Filed After 320,000 Impacted by Monroe University Breach
Legal Aid Agency cyber-attack: what we know now
LinkedIn DM phishing campaign targets high-value execs with weaponized file downloads
LinkedIn Phishing Abuses DLL Sideloading for Persistent Access
Linux users targeted by crypto thieves via hijacked apps on Snap Store
Lumu 2026 Compromise Report Finds Key Trends Across Anonymizers, Droppers and Downloaders, Infostealers, and Ransomware Attack Vectors
Luxembourg state websites briefly disrupted by cyber attack
Luxury Doncaster hotel warns guests over WhatsApp scam after data breach
MacMulkin Chevrolet Data Breach: 1.4 Million Customer Records for Sale
Maine health system confirms data breach impacted 145K as lawyers ponder options
Major data breach could expose Apple secrets
McDonald’s India Faces Massive Data Breach from Ransomware Attack
McDonald’s India hit by alleged Everest ransomware attack
Minnesota DHS Announces Significant IT System Data Breach, Over 300,000 Affected
Monroe University Data Breach Exposes Information of About 320,000 People
More than 300 data breaches at North East Ambulance Service
Munson Healthcare data breach affects over 100,000 patients
Music streaming platform Raaga confirms data breach exposing personal information of 10.2 million users
National Cyber Security Centre (NCSC) Warns of Rising Russian-Aligned Hacktivist Attacks on UK Organisations
New Android malware uses AI to click on hidden browser ads
New EU Vulnerability Platform GCVE Goes Live, Reducing Reliance on Global Systems
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
New York union breach: 47K members’ SSNs exposed in May 2025 hack
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
North West Ambulance Service explains rise in data breaches
November 2025 Healthcare Data Breach Report
One in ten UK businesses unlikely to survive major cyber attack
Online retailer PcComponentes says data breach claims are fake
OnlineSkills Data Breach Exposes 1.5 Million Records
Over 10% of UK businesses unlikely to survive a Cyber Attack
Pakistan: Punjab Safe Cities Authority (PSCA) Continues Action Against Fake, Phishing E-challan Websites
Pakistan: Punjab Safe Cities Authority (PSCA) Launches Crackdown Against Fake & Phishing e-Challan Websites
Pakistan: Safe Cities Authority cracks down on fake e-challan websites, blocks over 100 phishing domains
ParkWhiz Alleged Data Breach Exposes 1.6 Million User Records
Patients file class-action suit against Aultman over data breach
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Pharma corporation leaks 8 Million+ messages, employee records
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Phishing Campaign Zeroes in on LastPass Customers
Phishing Scam Uses Fake PNB MetLife Payment Gateway for UPI Fraud Targeting Policyholders
Pro-Russian hacktivist campaigns continue against UK organizations
Protected Health Information Compromised in Middlesex Sheriff’s Office Data Breach
RansomHub claims alleged breach of Apple partner Luxshare
RansomHub Ransomware Hits Apple Supplier Luxshare, Steals 1TB of Unreleased Product Data
Ransomware Attackers Target Enterprises Adopting GenAI
Ransomware attacks showed a 45 percent increase in 2025
Ransomware Doesn't Need to Lock Your Files Anymore - Here's Why That's Terrifying
Ransomware is on the rise. Again
Ransomware Victims and Threat Groups Surge to Record Levels
Remote Code Execution (RCE) flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Report Fraud Promises to Streamline Fight Against Economic Crime
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
Risk of AI Model Collapse to Drive Zero Trust Data Governance
Russian APT28 Cyber Attacks German Air Traffic Control
Scammers Are Targeting Your Verizon Outage Refund
South Western Ambulance Service data breaches cost £32,375 since 2022
The Email Insider Threat Has Evolved in the Era of Generative AI
The thin line between saving a company and funding a crime
Two Unique DHS Cyber Incidents Exposed 1 Million People’s Data
UAE’s Telecommunications and Digital Government Regulatory Authority (TDRA) warns against rising phishing scams on social media
UK ambulance data breaches surge past 4,000 in three years
Under Armour customers exposed: hackers post 72.7 million emails with purchase histories
Use LastPass? Watch Out for This Email Phishing Scam
UStrive Mentorship Platform Security Breach Exposes Sensitive User Data, Including Children
Valley Family notifies patients of data breach with third-party vendor
Verizon Outage Triggers Phishing Scams for Fake $20 Credits
Vodafone Business Survey Shows Staff Phishing Vulnerability Poses Major Threat
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal
Wholesale and Retail Sector Faces Critical Supply Chain Risks, Black Kite TPRM 2026 Report Says
Will the Next Data Breach Cost You Your Freedom, Not Just Your Bonus?
You Got Phished? Of Course! You're Human...
Zendesk ticket systems hijacked in massive global spam wave
Zimbabwe Republic Police (ZRP) Issues Red Alert on EcoCash Scams: Are Warnings Enough to Stop the Phishing Wave?
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
20th January
750K investors’ income exposed after phishing attack hit Canadian Investment Regulatory Organization (CIRO)
ACF plugin bug gives hackers admin on 50,000 WordPress sites
Adapt Integrated Health Care reports data breach at vendor, assures patient info safety
AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'
APT-Grade PDFSider Malware Used by Ransomware Groups
Badr Satellite Breach Disrupts Iranian State TV, Protest Footage Broadcast
Canadian Investment Regulatory Organization (CIRO) Reports Data Security Incident Affecting 750,000 Canadian Investors
Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps
ClickFix to CrashFix: KongTuke Used Fake Chrome Ad Blocker to Install ModeloRAT
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Cloudflare Zero-Day Let Attackers Bypass WAF via ACME Certificate Validation Path
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
Cyber Warfare in Iran Amid Public Unrest, Government Bans, and Geo-Political Tensions
Cybersecurity Firm Detects a Wave of Crypto Phishing Following BlockFi Bankruptcy
Data Breach at Appalachian Community FCU Exposes Sensitive Member Information
Data of 42,000 people stolen in ransomware attack at Ingram Micro
Dutch police trick thousands into buying fake football and Lady Gaga tickets
Early warning: Australia’s critical infrastructure is not ready for a drone-enabled cyber attack
Ethereum surge tied to address poisoning scams after Fusaka upgrade
EU Launches GCVE to Track Vulnerabilities Without Relying on US
EU plans cybersecurity overhaul to block foreign high-risk suppliers
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Evelyn Stealer Malware Targets Software Developers via Visual Studio Code Extensions
Everest Group Data Breach Hits McDonald’s India, ASRock Rack & Others
Everest Ransomware Claims McDonalds India Breach Involving Customer Data
Finnish data breach exposed thousands of patients
FirstFruits Farms Data Breach Affects 6,335 Residents of Washington, Exposing SSN
Gemini AI assistant tricked into leaking Google Calendar data
Google Gemini Prompt Injection Flaw Exfiltrated Private Data via Calendar Invites
Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info
Hacker exploits One-Time Password (OTP) flaw at AliExpress Korea, diverts 8.6 billion won
Hackers claim McDonald’s breach as leaked files deadline nears
Hackers target Afghan government workers with fake correspondence from senior officials
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
How the Food and Beverage Industry Can Mitigate Ransomware Attacks
Ingram Micro data breach affects 42,000 individuals
Ingram Micro Ransomware Attack by SafePay Exposes 42,000 Employee Records
Ingram Micro says July 2025 ransomware compromised data of more than 42,000 people
Ingram Micro reveals ransomware attack hit 42,000 people
Initial access broker pleads guilty to selling access to 50 corporate networks
Key Apple, Nvidia, and Tesla supplier sees confidential files allegedly exposed in major breach - here's what we know so far
Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Luxshare investigates alleged ransomware breach threatening Apple, Nvidia and LG Data
MecMatica Italy Data Breach: Sarcoma Ransomware Leak Details
Microsoft Remains the Most Imitated Brand in Phishing Attacks in Q4 2025, as Technology and Social Media Platforms Continue to Dominate
Microsoft Tops Global Brand Phishing Ranking for Q4 2025
Microsoft Tops Phishing Brand Imitation in Q4 2025
Minnesota Department of Human Services data breach impacts 300K
Murray Irrigation: Data breach investigation continues
New Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
New Windows backdoor emerges in ransomware attack
New Windows Flaw Lets Attackers Bypass Mark of the Web
NightSpire ransomware gang alleges Hyatt breach, leaks data
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
North West Ambulance Service sees sharp rise in data breach incidents
Pass’Sport Data Breach Exposing 6.4 Million Accounts Originated from the French Ministry of Sports
Privacy teams feel the strain as AI, breaches, and budgets collide
Prompt Injection Bugs Found in Official Anthropic Git MCP Server
Prosecutors seek 40 years for Thailand-based voice phishing ring
Qilin Ransomware Attack Hits Altius Geotecnia and Yumark Enterprises
Raaga Confirms Major Data Breach Exposing Personal Information of 10.2 Million Users
RansomHouse Claims Data Breach at Major Apple Contractor Luxshare
Ransomware and Supply Chain Attacks Set Records in 2025
Ransomware gang claims breach of Hyatt Hotel Network, alleges theft of internal logins and financial data
Record data breach penalty challenged by SK Telecom
Researchers report increased ransomware and hacktivist activities targeting industrial systems in 2025
Risk of AI Model Collapse to Drive Zero Trust Data Governance
SafePay Emerges as Key Ransomware Actor After Ingram Micro Attack
Scam Marketplace Tudou Guarantee Shutters Telegram Operations
Secret gagging order should not have been used to cover up Afghan data breach, Former Defence Secretary Sir Ben Wallace says
SK Telecom (SKT) challenges record data breach fine
SK Telecom sues to overturn $91 million data breach fine
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Tech giants’ data possibly exposed in RansomHub-claimed Luxshare hack
The Gentlemen Targets Kontena Nasional, San Carlo, and Pao Hwa
The Post-Breach Narrative: Winning Back Trust After the Headlines Fade
The ultimate "must-have" brand for 2026 is Microsoft - but only if you’re a phishing scammer
Three Flaws in Anthropic Model Context Protocol (MCP) Git Server Enable File Access and Code Execution
TriApex US Laboratories Breached by Nightspire Ransomware Group
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
Türkiye Cyber Attack Report Announced
UAE Cybersecurity Council warns public against rising phishing scams
UK launches landmark 'Report Fraud' service to tackle cybercrime and fraud
UK public sector ransomware mandate: New backup standards must protect organisations to ensure recovery
UK warns of sustained cyberthreat from pro-Russian hacktivists
US Supreme Court system hacker admits guilt
VoidLink cloud malware shows clear signs of being AI-generated
VoidLink cloud malware shows clear signs of being AI-generated
What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices
When Language Becomes the Attack Surface: Inside the Google Gemini Calendar Exploit
Why Secrets in JavaScript Bundles are Still Being Missed
Why Security Teams Keep Missing AI-Generated Phishing Attacks
19th January
659 JPMorgan clients affected by data breach at Fried Frank
42,000 Impacted by Ingram Micro Ransomware Attack
A Broadband Internet Provider Had a Data Breach Impacting Over 1 Million Customers
A Hacker Breached the US Supreme Court and Posted Victims’ Data on Instagram
A new European standard outlines security requirements for AI
Apple, Nvidia, and Tesla confidential files allegedly exposed in supplier breach
Attack Surface Visibility Tops CISO Infrastructure Security Priorities for 2026
BehMusic Data Breach Exposes 257k User Records
Black Basta ransomware boss placed on EU and Interpol ‘most wanted’ lists
Brightspeed probes cybersecurity incident after hackers claim access to data of 1 million customers
British Army to spend £279 million on permanent cyber regiment base
Broker who sold malware to the FBI set for sentencing
Canada’s Investment Regulator Investigates Cyber Incident, Data Exposure Confirmed
Canadian Investment Regulatory Organization (CIRO) Confirms Data Breach - 750,000 Canadian Investors Have been Impacted
Canadian Investment Regulatory Organization (CIRO) Confirms Data Breach Impacting 750,000 Canadian Investors
Canadian Investment Regulatory Organization (CIRO) Data Breach Exposes Sensitive Information of 750,000 Canadian Investors in Major 2025 Cyberattack
Coupang loses 18 trillion won as data leak, regulation, backlash hit shares
Covenant Health sued after data breach put over 478,000 patients at risk of identity theft
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cyber Attack on Monroe University Exposes Personal Data of Over 320,000 People
Cyber attack on South East Technological University (SETU) Waterford cost €2.3 million
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns
Cyber risk keeps winning, even as AI takes over
Daniel H Cook Associates Data Breach: 37k Affected & Social Security Numbers Exposed
Data breach: Why first 72 hours define a company’s future
Dutch Appeals Court Jails Hacker for 7 Years in Port Cocaine Case
EU and INTERPOL Hunt Black Basta Ransomware Kingpin, Suspects Identified in Ukraine
European Space Agency (ESA) Data Breach: Hackers Steal Sensitive Space Mission Data
Fake ad blocker extension crashes the browser for ClickFix attacks
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Former UK PM warns of vibe hacking, wants mandatory cyber insurance for larger firms
Fraudsters jailed for laundering voice phishing ring’s $1 million in USDT
German Authorities Identify Black Basta Ringleader, Now Added to EU Most-Wanted and Interpol Red Notice Lists
Germany to boost federal service hacking, cut US intel reliance
Global tensions are pushing cyber activity toward dangerous territory
Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Google shows how easy it is to crack old Microsoft Windows logins
Google to pay $8.25 Million after lawsuit over tracking children through apps
Grubhub Confirms New Data Breach, Hackers Reportedly Demand Ransom
Hacker admits to leaking stolen Supreme Court data on Instagram
Hacker Alert for Idaho: Change These Passwords Right Now!
Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems
Hacker-hit Nuneaton school makes big announcement as head issues warning
Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor
How crypto criminals stole $700 million from people - often using age-old tricks
How Cybercriminals Weaponize AI to Launch Convincing Deepfake Phishing Attacks
How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot
How to Remove Saved Passwords From Google Chrome (And Why You Should)
Huge data breach reveals info on 750,000 investors - here's what we know, and how to see if you're affected
Ingram Micro admits summer ransomware raid exposed thousands of staff records
Ingram Micro says ransomware attack affected 42,000 people
Inside the Leaks that Exposed the Hidden Infrastructure Behind a Ransomware Operation
Insurance Office of America discloses data breach following a June ransomware attack
Iranian state TV feed reportedly hijacked to air anti-regime messages
Jordanian Man Pleads Guilty to Selling Stolen Logins for 50 Companies
Jordanian pleads guilty to selling access to 50 corporate networks
Laurel Health Centers Data Breach Exposes Protected Health and Personally Identifiable Information
Law enforcement tracks ransomware group blamed for massive financial losses
LOTUSLITE Backdoor Targets U.S. Government and Policy Organizations via Venezuela-Themed Spear Phishing: Mustang Panda Cyber-Espionage Campaign Analysis
Malicious Google Chrome Extensions Hijack Workday and Netsuite
Mastertech International Data Breach Exposes Employee Records
Minnesota radiology group will pay $2 Million to settle class action lawsuit over data breach
Mustang Panda Uses Venezuela News to Spread LOTUSLITE Malware
New PDFSider Windows malware deployed on Fortune 100 firm's network
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
New Spear-Phishing Campaign Abuses Google Ads to Deliver EndRAT Malware
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
North Korea-linked hackers weaponize Google ads in malware campaign
Pass’Sport data breach exposed 6.4 million account holders in France
Phishing attack on hardware wallet leads to $282 Million crypto theft
Phishing Kits Now Operate Like SaaS Platforms
Phishing wave likely after password reset email surge
Police nail Thailand-based voice phishing ring
Qilin Ransomware Attack Hits Vietnam Airlines, Casadei, and Law Firms
Ransomware: What It Is And Why It’s Your Problem
Ransomware attack on Ingram Micro impacts 42,000 individuals
Ransomware Attacks Expose Data of Hyatt Hotels and Ingram Micro
Ransomware 'Most Wanted': Cops Seek Head of Black Basta
Ransomware up 60% as Gen AI Data Risk Soars
Researchers Exploit Bug in StealC Infostealer to Collect Evidence
Researchers Gain Access to Hacker-Controlled Domain Server via Name Server Delegation Flaw
Researchers Gained Access to Hacker Domain Server Using Name Server Delegation
Researchers Hijack Hacker Domain Using Name Server Delegation
Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access
Russian Hacktivists Intensify Disruptive Cyber Pressure on UK Organizations
Schools across Inverclyde offline after phishing scam email
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Should you be afraid of smart home hacking? What it is, and how experts prevent it
SK Telecom Files Administrative Suit Challenging Record Fines over Data Breach
SK Telecom files lawsuit to revoke record $91 million fine over data breach
SK Telecom to fight regulator over record data breach fine
South Korea: Funeral Industry Faces Security Gaps as Top Firms Lack Key Certifications
South Korea: Seoul police bust Thailand-based voice-phishing ring targeting South Koreans
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Supreme Court Hacker Details Emerge: Stolen Data Posted on Instagram, AmeriCorps and Department of Veterans Affairs Also Breached
Suspects Linked to Black Basta Ransomware Group Raided in Ukraine
Tengu Ransomware Breaches GSM Portal and Deck India
The Year Ransomware Went Fully Decentralized: Cyble’s 2025 Threat Analysis
Top Ransomware Attack Vectors and Prevention: Remote Access Compromise, Phishing, Social Engineering, and Rapid Flaw Exploitation
TotalEnergies investigates alleged data breach after hackers post customer records online
UK government warns about ongoing Russian hacktivist group attacks
Ukraine Police Expose Russian Hacker Group Specializing in Ransomware Attacks
Ukraine Police Exposed Russian Hacker Group Specializing in Ransomware Attacks
Unicancer Data Breach: Employee Database Leaked on Hacking Forum
Unmasked by Leaks: The Hidden Backbone of a Ransomware Operation
US Attorney Jeanine Pirro announces victory over hacker who infiltrated Supreme Court, other government agencies
US hotel giant Hyatt allegedly attacked as stolen data appears online
Victorian Department of Education data breach gave hackers access to students’ data
VirginiaHasJobs.com Data Breach Exposes 5,500 Job Seeker Records
When the Olympics connect everything, attackers pay attention
Who are the most spoofed brands in phishing scams? Let's be honest, you can probably guess most of them - but there are a few surprises
With 39% of organizations still paying, Here's how Asia can break the ransomware cycle
Zero Trust and Active Directory: What Modern AD Audits Reveal