Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.

Monday, 27 April 2026

Data Breaches Digest - Week 18 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th April and 3rd May 2026.


3rd May

2025 Wirral Bake Off winner loses 43,000 followers in cyber attack

April Was the Worst Ever Month on Record for Crypto Hacks

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to Known Exploited Vulnerabilities (KEV)

Guam: Governor confirms GovGuam sites under cyber attack

Hacker attack on IBM Information Systems; affected services have been restored

How AppSheet Phishing Put 30,000 Facebook Accounts at Risk

Instructure confirms data breach, ShinyHunters claims attack

Instructure discloses second data breach in less than a year

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

Phishing campaign exploits Facebook verification hype, putting over 30,000 accounts at risk

Phishing scam targets Facebook blue tick verification, over 30,000 accounts at risk

Russian hacker who targeted global oil, gas facilities pleads guilty

SEO Poisoning Attacks Spread Malware via Fake KakaoTalk Downloads

ShinyHunters Claim NVIDIA GeForce NOW User Database Theft

Study warns cost-cutting use of generative AI could increase cyber-attack risks

Telegram Mini Apps abused for crypto scams, Android malware delivery

2nd May

2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware

86% of phishing attacks now AI-driven - Experts warn of a dangerous new era

ADT Confirms Data Breach Potentially Exposing Customer Information Nationwide

Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign

Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace

ConsentFix v3 attacks target Azure with automated OAuth abuse

Critical cPanel bug exposes millions of websites to full server takeover

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

Cybersecurity pros jailed for ransomware attacks linked to ALPHV BlackCat

French Government Agency Data Breach Exposes Over 1 Crore Citizen Records

Global Cyber Dilemma: FBI Criticizes China's Unchecked Hacker Deployments

Google AppSheet Exploited in 30,000-User Facebook Phishing Operation

Hackers hijack North American cargo shipments, FBI warns

Integrated Pain Associates Data Breach Exposes Social Security Numbers

Mitchell County closes probe into October 2025 cyberattack, confirms data theft

New Bluekit Phishing Kit Features AI Assistant

Qilin drives 43% rise in ransomware attacks

Stolen ChipSoft patient data destroyed following cyberattack

Tasmania: Kingborough Council data breach exposed property owners’ names online

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Trellix discloses the breach of a code repository

Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling

Two Former Cybersecurity Experts Sentenced to Four Years in BlackCat Ransomware Case

Up to $5,000 per Person Incoming in Data Breach Settlement Affecting 530,000 People in Minnesota and Wisconsin

1st May

15-year-old detained over French government agency data breach

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

ADT data breach exposes customer information

AI-Powered Ransomware Surge Hits 7,831 Victims Worldwide

Almost half of UK businesses suffered a cyber attack in last year

American Express “Account Limited” phishing scam

As email phishing evolves, malicious attachments decline and QR codes surge

Attackers Abuse CAPTCHA and ClickFix Tactics to Boost Credential Theft Campaigns

Australia: Prime Properties listed as breach victim by M3rx ransomware

Bankinter fined €240K for EVO Banco data breach exposing 1.27 Million records

Bluekit combines AI and phishing in a new all-in-one platform

Booking.com Data Breach: How Can Travellers Stay Protected From Scams?

British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery

Canada: Alberta voter info database shut down amidst probes of alleged data breach

Canada: British Columbia judge certifies major class action against TransLink over 2020 ransomware breach

Canada: Massive List of Electors data breach was inevitable - the United Conservative Party’s law-bending style of politics made it so

CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Chinese hacker arrested for hacking into computers of US companies and Universities while allegedly working for Chinese technology company

City of North Battleford reports phishing activities

Commercial spam and phishing attacks increasingly leverage trusted platforms

Critical cPanel Vulnerability Lets Attackers Bypass Login, Gain Root Access

Cyber Breaches Survey: Phishing & Supply Chain Risks Soar

Cyber incident responders who carried out ransomware attacks given 4-year sentences

Cyber spies target Russian aviation firms to steal satellite and GPS data

Cyberattack hits Alexforbes as phishing emails sent from CEO’s account

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybercriminals Leak Data From Minnesota Ransomware Incident

Delta Air Lines joins American Airlines, and Lufthansa to Issue Warnings as U.S. Travel Sector Faces Rising Threats from Business Aircraft Phishing and Cybersecurity Breaches

Edu tech firm Instructure discloses cyber incident, probes impact

FBI Warns of Surge in Hacker-Enabled Cargo Theft

Federal agencies must patch cPanel bug by Sunday, CISA says

Fortinet warns ransomware victims rise 389% amid AI

France: The State releases 200 million euros after the data breach at ANTS

France opens formal probe into teenage suspect in massive ID data breach

Hackers Use Jenkins Access to Deploy DDoS Botnet Against Gaming Servers

Health research charity reports itself to Information Commissioner’s Office (ICO) over major data breach

International authorities bust €50 Million online investment fraud network

Iran Hackers target Canonical Ubuntu Software with DDoS Attack

Liberty Mutual ransomware attack exposes thousands of policyholders, hackers claim

Massive Football Data Breach Exposes Top Players' Sensitive Information

Medicare Data Breach Exposes Sensitive Information

Michigan: Charges dismissed in Hillsdale County 2020 voting machine data breach case

Microsoft Flagged 8.3 Billion Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Microsoft warns of surge in QR code phishing attacks

Multi-platform targeting, AiTM capabilities flexed by novel Bluekit phishing kit

Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw

New software supply chain attack uses sleeper packages for credential theft and CI tampering

New York State secures $2.25 Million penalty against Delta Dental over data breach failures

NightSpire: Wannabe warlords in ransomware’s shadow realm

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

North Korea monopolizes crypto crime market

North Korea’s Enormous Crypto Hacks Redefine Scale and Strategy

Phishing campaign mimics DHL to steal user credentials

Phishing emails prompt North Battleford to shut down recreation booking system

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

QuickBooks phishing scam targets refund disputes to steal banking details

QR code phishing surges 146% as Microsoft detects and analyzes 8.3 billion phishing threats in Q1 2026 - attackers are changing tactics to bypass security

QR code, CAPTCHA-gated phishing more than doubled in Q1 2026

Ransomware Attack on Good Samaritan Health Center Affects 10,000 Individuals

Ransomware attacks on auto industry rise, the security steps you need to take now

Ransomware Defenses Appear to Be Holding; Challenges Loom

Ransomware Victims Jump to 7,831 as AI Crime Tools Scale Global Attacks

Ransomware Victims Surge 389% As AI-Enabled Cybercrime Accelerates

Ryan Goldberg of Sygnia and Kevin Martin of DigitalMint Get 4 Years for BlackCat Ransomware

Sentencing of Ransomware Attackers Highlights Cybersecurity Challenges

Shadow AI risks deepen as 31% of users get no employer training

SonicWall releases firmware updates for three CVEs

South Korea: Golf Club Follows Duo in Latest Personal Data Breach

Steel Warehouse Co. Data Breach Exposes Social Security Numbers

Tens of thousands of screenshots linked to European celebrity exposed in spyware breach

Thailand: Nordic hacker arrested in Pattaya hotel scam

The Browser Blind Spot Your Privacy Program Is Missing

This selfie background editor is a password-stealing trap

Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

U.S. Consumers Lost $2.1 Billion in Social Media Scams in 2025

UAE issues warning as Iran deploys AI for cyber attacks

Ubuntu services hit by outages after DDoS attack

UK businesses face persistent cyber breaches, with phishing as a primary threat

UK cyber survey shows stagnant breach preparedness

UK Government Urges Action Amid ‘Significant’ Cyber Attacks

US ransomware negotiators get 4 years in prison over BlackCat attacks

US weighs cutting cyber fix deadlines to 3 days as AI speeds up cyberattacks

Vietnamese operation uses Google AppSheet for Facebook phishing, targets 30,000 accounts

Why Organizations Need to Adapt Their Defenses to Protect Against the Rise of Phishing-as-a-Service

30th April

7 Million Attacks in 28 Days: The Massive Surge in Device Code Phishing

9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

15-year-old arrested in massive French Government data leak

15-year-old hacker 'breach3d' probed for massive French ID leak

AI is biggest cyber threat to CISOs, NCC Group warns

AI-Driven Cybercrime Led to a 389% Increase in Ransomware Victims

Airbus Subsidiary Victim of $2 Million Ransomware Attack

Asian Football Confederation reportedly suffers massive data breach

Australian Prudential Regulation Authority (APRA) Issues AI Risk Warning to Banks and Insurers

Auto industry ransomware attacks more than doubled in 2025

Backdoored WordPress Plugin Uses Remote Update for Code Delivery

Bad bots make up 40% of internet traffic

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

Canada Life data breach exposes personal information of thousands of customers

Carnival Corporation hit by suspected ransomware attack

China's hacker-for-hire ecosystem 'out of control'

CISA and Partners Publish Zero Trust Guidance For Operational Technology (OT) Security

Community Health Systems Data Breach: PHI and PII Exposed

Comparitech assesses healthcare ransomware decline in volume but escalates in impact, marking strategic shift

Coupang probe tests the U.S.’s willingness to protect its tech giants abroad

Courts approve to settle 2 class action healthcare data breach lawsuits

cPanel 0-Day Auth Bypass Exploited in the Wild, Proof-of-Concept (PoC) Released

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

Critical cPanel Authentication Bypass Exposes Hosting Systems

Cyber Criminals Leak Data From Minnesota Ransomware Incident

Cyber is the Number One Global “People Risk”

Deep#Door Python Backdoor Evades Detection On Windows

Dental practice software maker fixes bug that exposed patients’ medical records

Device code phishing emerges as scalable threat to Microsoft 365 and Entra ID access

Dubai Police Smash International Scam Empire in Massive FBI and China-Led Operation

Dutch Health Tech Firm ChipSoft Confirms Destruction of Stolen Patient Data

Dutch healthcare software firm claims hackers destroyed stolen medical records amid ransom speculation

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Europol Busts Albanian Scam Call Centers in Major Online Fraud Case

FBI: Chinese Hacker Extradition Sends a Global Message

FBI and International Agencies Shut Down Scam Centers, Arrest 276 People

FBI links cybercriminals to sharp surge in cargo theft attacks

Federal charges filed against teen hacker allegedly part of Scattered Spider

Football Leaks hacker Rui Pinto acquitted of 241 counts in second Portuguese trial

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

France arrests 15-year-old hacker who stole data of 11.7 million people

France Investigates 15-Year-Old Over Alleged ANTS Agency Hack

France investigates 15-year-old over alleged hack of national ID agency

France opens formal probe into teenage suspect in massive ID data breach

France probes teenage suspect in massive ID data breach

Frontwave Credit Union Data Breach; Social Security Numbers Exposed

Frontwave Credit Union Discloses Data Breach Involving Member SSNs

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Hacker Extracts Over $5 Million from Wasabi Protocol

Hackers are actively exploiting a bug in cPanel, used by millions of websites

Hackers arrested for stealing and reselling 600,000 Roblox accounts

India’s cybersecurity watchdog warns of AI-driven cyber threats

Jenkins Patches High-Severity Plugin Vulnerability Including Path Traversal and Stored XSS

KnowBe4 Research Finds 86% of Phishing Attacks are AI Driven

Linux Kernel Flaw ‘Copy Fail’ Exposes Widespread Privilege Escalation Risk

Manufacturing Industry Top Target of Costly Cyber Attacks

Massive Online Scam Network Busted By Europol In €50 Million Crackdown

Metropolitan Police face criticism for using AI to spy on their own officers

Microsoft Detects 8.3 Billion Email Phishing Threats in Q1 2026

Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

Moldova’s health insurance agency reports possible data leak after cyberattack

Most modern phishing campaigns are AI-enabled

Movistar Peru data breach impacts 4 million users

Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005

New Bluekit phishing service includes an AI assistant, 40 templates

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

New Phoenix Platform Drives Brand-Impersonation Smishing

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

Over 40% of UK firms suffered cyber attack last year, survey finds

Phishing Campaign Abuses Event Invitations To Target U.S. Firms

Phishing Now Top Method for Initial Unauthorized Network Access

Polymarket denies data breach claims by hacker Xorcat

Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak

ProFTPD SQL Injection Flaw Enables Remote Code Execution

Proof-of-Concept (PoC) Released for Critical ASUSTOR ADM Root RCE Vulnerability

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Qilin Ransomware Enumerates RDP Authentication History on a Compromised Server

Qinglong Vulnerabilities Enable RCE, Exploited in Attacks

Ransomware Attacks on Schools: 4 Warning Signs IT Teams Shouldn’t Ignore

Ransomware Defense Starts with Your Vendors

Ransomware Victims up 389%, Time-to-Exploit (TTE) in Less Than Two Days: How Can Defenders Stay Ahead?

Robinhood admits its own email system was used to scam you

Roblox account hackers make $225K profit, but end up in handcuffs

Sandhills Medical Foundation Ransomware Attack Affects 169,000 Patients

Sandhills Medical Says Ransomware Breach Affects 170,000

SAP npm Packages Compromised to Steal Developers, CI/CD Secrets

SilverFox phishing campaign uses fake tax audits to deploy backdoor malware

SMS phishing campaign targets Australia & New Zealand

South Africa: Durban beachfront phishing syndicate busted

South Korea: Financial Supervisory Service (FSS) Orders 4.5-Month Business Suspension for Lotte Card Over Data Breach

Tax season phishing scams surge with fake government sites

Teen Hacker Breach: French ID Agency Data at Risk

Thailand: Hacker who scammed Pattaya hotel guests arrested

Thailand: Swedish hacker arrested in Pattaya for hotel data breach scam targeting tourists

Think It's A Party Invite? New Phishing Scam Uses Fear of Missing Out (FOMO) to Steal Your Passwords

Three Arrested for Hacking Over 610,000 Roblox Accounts

Tri-Cities Gastro Data Breach Exposes Personal Information Including SSNs

UK Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels

Vertu Motors lands multi-million payout from Jaguar Land Rover (JLR) cyber-attack

Vertu Motors settles £3.9m insurance claim from Jaguar Land Rover (JLR) cyber attack

Vertu Motors to receive £3.4m insurance payout after Jaguar Land Rover (JLR) cyber attack disruption

Vertu secures £3.4m payout after Jaguar Land Rover (JLR) cyber disruption

Windows Zero‑Day Vulnerability Enables NTLM Credential Theft

29th April

88% of self-hosted GitHub servers exposed to Remote Code Execution (RCE), researchers warn (CVE-2026-3854)

A Chinese man could have stolen aerospace software from NASA and Pentagon with phishing for 4 years

A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks

A sneaky cyber enemy is creeping into our browsers and password managers

Agentic AI’s Problem Isn’t Capability It’s Accountability

Americans lose $2.1 billion to Facebook scams, an eightfold jump since 2020

Amtrak data breach exposes millions of customer records

Barrier to hacking drops as AI and dark web tools let anyone launch cyberattacks, Europol warns

Buggy Vect ransomware is effectively a data wiper, researchers find

Canada: Government Employees Affected by Canada Life Data Breach

Churchill Claims Services Data Breach Exposes 2,610 Records

CISA Adds Actively Exploited ConnectWise and Windows Flaws to Known Exploited Vulnerabilities (KEV)

CISA Alerts on Microsoft Windows Shell Zero-Day Under Active Exploitation

CISA orders feds to patch Windows flaw exploited as zero-day

CISA Warns ConnectWise ScreenConnect Vulnerability Actively Exploited in Attacks

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Construction Tycoon Rishikesh Gauli Arrested by Nepal Police for Data Breach

Corporate Affairs Commission (CAC) finally speaks on manipulation of firms’ data after cyber attack in Nigeria

cPanel, WHM emergency update fixes critical auth bypass bug

Critical cPanel Authentication Vulnerability Identified - Update Your Server Immediately

Critical Cursor Vulnerability Exposes Developer Workstations To Remote Code Execution

Critical Flaw In VECT 2.0 Ransomware: Large Files Being Permanently Destroyed

Critical Flaw Turns Vect Ransomware into Data Destroying Wiper

Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

Cursor AI Extension Token Access Flaw Could Lead to Full Credential Compromise

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Cursor Extension Flaw Exposes Developer API Keys

Cyberattack shuts down Adams County servers; Week-long restoration effort continues

Estée Lauder reaches proposed settlement in Canada data breach class action

European police dismantles €50 million crypto investment fraud ring

Europol's Internet Organised Crime Threat Assessment (IOCTA) 2026 report flags shift to industrialised cybercrime powered by AI, ransomware and data theft

Fake tickets to phishing: the scams targeting 2026 FIFA World Cup soccer travellers

FBI’s Hospital Cyber Plea: Why Info-Sharing Fails Against the Ransomware Wave

Floppy to Mythos, how ransomware grew into multibillion-dollar industry

'For sale on the dark web': Australian travellers may be caught up in Euro rail pass data breach

GitHub Fixes Critical RCE Bug CVE-2026-3854 Within Hours of Discovery

GitHub fixes RCE flaw that gave access to millions of private repositories

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Hackers arrested for hijacking and selling 610,000 Roblox accounts

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

Identity discovery: The overlooked lever in strategic risk reduction

India: CERT-In Warns of AI-Driven Cyber Threat Surge, MSMEs at Highest Risk

Industrial manufacturing tops Digitain cyber risk ranking

Internet Organised Crime Threat Assessment (IOCTA) 2026 Report Warns of Rising AI-Driven Cybercrime and Dark Web Threats

Large technology wholesaler in South Africa hit by data breach

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Mass Data Breach at Matchmaking Firm Spurs Fears of Deepfake, Fraud Risks

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks

New ransomware is so badly coded it destroys your files instead of holding them hostage

New VECT 2.0 Ransomware Destroys Files Over 128 KB Across Windows, Linux, and ESXi

New VECT 2.0 Ransomware Targets Multi-Platform Systems

New Wave of North Korean Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

New Zealand: A March cyber attack on the Hutt City Council – that originated from a staff member responding to a phishing email – has exposed the identity and financial information of hundreds of people to hackers

New Zealand: Hundreds at risk after ‘malicious’ Hutt City Council cyber attack

New Zealand: Identity and financial details leaked in Lower Hutt council cyber attack

New Zealand council cyber attack leads to ID and financial data being exposed

Nigeria: Corporate Affairs Commission (CAC) denies manipulation of DAAR Communications records after cyber attack

Official SAP npm packages compromised to steal credentials

One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code

Payroll-Related Phishing Emails Circulating Across New Jersey

Phishing in contaminated water: Mountain View warns residents of scams after water main breach

Phishing scam targeting expectant women masquerades as Malaysian government aid scheme

Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

Polymarket denies data breach, says hacker is selling public data

Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen

Polymarket Rejects Dark Web Claims of Massive Data Breach

Popular WordPress redirect plugin hid dormant backdoor for years

Protecting U.S. Critical Infrastructure as Global Tensions Rise

Ransomware accidentally destroys all files larger than 128KB, preventing decryption - VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

Ransomware posts rise 22% as leak sites proliferate

Ransomware Responsible for 90% of Manufacturing Cyber Losses

Researchers Track 2.9 Billion Compromised Credentials

Resilience report finds manufacturing leads global cyberattack targets, with ransomware dominating losses

Resilience report highlights financial impact of ransomware on manufacturing

Robinhood users beware: the "perfect phishing email" is waiting for you

Royal Canadian Mounted Police (RCMP) says no compensation after firearm owners’ data breach affecting 2.2 million people

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Scammers vibecode server to verify stolen credit cards, leak details of 345K cards

ShinyHunters Ransomware strikes Vimeo and Carnival Corporation

Signal promises new security measures after wave of phishing attacks

Signal warns users after sophisticated phishing attacks compromise German officials

SLOTAGENT Obfuscation Tactics Challenge Security Researchers

Sri Lanka discloses another missing payment, days after hackers stole $2.5 Million from its finance ministry

Starr Insurance Data Breach Exposes Sensitive Personal and Medical Information

Stealth Spear-Phishing Campaign Targets Government Systems: New Malware Uses Obfuscation And Staged Payloads To Evade Detection

Stelia North America hacked in ransomware attack

Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack

Suspected Russian phishing campaign targets German officials via Signal

Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe

Teen hacker’s lavish lifestyle curtailed after feds uncover Scattered Spider links

Thailand: Hacker who scammed Pattaya hotel guests arrested

This New Ransomware Is So Broken It Permanently Destroys Your Files Instead of Encrypting Them

U.S. Charges Suspected Scattered Spider Member for Infiltrating Sensitive Computer Systems

UK Biobank data breach exposes half a million records

US, China partner on scam center takedown in Dubai

US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

Uzbekistan investigates alleged leak of state employee data

Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi

Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error

VECT ransomware is so flawed it can’t even unlock encrypted files, researchers warn

Vect unveiled: Inside an emerging ransomware group’s affiliate network

Vimeo Confirms Data Breach After Hackers Access User Database

Vimeo confirms data breach linked to third-party analytics vendor, hackers threaten leak

With VECT ransomware, paying is not an option

Your Data Under Siege: Ransomware Threatens Millions; Smart Ways to Protect Yourself from Digital Blackmail

28th April

$2.4 billion utilities company Itron reports internal network security breach

2025 Saw Fewer Healthcare Breaches Than 2024

150,000+ football passports leaked weeks before FIFA World Cup

ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs

ADT data breach affects 5.5 million customers as hackers begin leaking stolen info online

AI, Encryption, and Crypto Power New Wave of Global Cybercrime

Alleged China-Linked Hacker Extradited To U.S. By Italy

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research

Alleged Chinese State Hacker Extradited to US

Alleged Chinese state-backed hacker extradited from Italy to US over COVID-era cyber espionage case

Alleged 'Hafnium' hacker-for-hire extradited to the United States

Ameriprise data breach hits 48,000 customers

Australia and New Zealand (ANZ) Organizations Are in the Ransomware Crosshairs - What the Dark Web Is Telling Us

Australia scam losses rise as reports fall in 2025

Bank of Scotland customers in new data breach fear as Lloyds pays out £200,000

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Broken VECT 2.0 ransomware acts as a data wiper for large files

Canada’s first SMS blaster case leads to three arrests

Canadian authorities arrest 3 in SMS blaster phishing scheme

Carnival Corporation Investigating Possible Ransomware Attack

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

China-linked hackers led phishing campaigns targeting journalists and activists, researchers say

Chinese National Extradited Over Silk Typhoon Cyber Campaign

Chinese National Xu Zewei Extradited for HAFNIUM Cyberattacks, Appears in US Court for 9-Count Indictment

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

Chinese spear-phishing campaign targets NASA employees

Chinese-Backed Smishing Rings Scale Credential Theft via SMS and Over-the-Top (OTT) Apps

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

ClickUp Hardcoded API Key Exposes Almost 1,000 Customer Emails, Including Government and Corporate Giants

Connected Credit Union Data Breach Exposes Sensitive PII Including SSNs

Credit Technologies Data Breach Potentially Exposes Personal Information of Individuals

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

Cyberattacks in Spain: What small businesses should know

Cybersecurity Incident Strikes Contractor Handling Jurong Region Line (JRL) MRT Stations and NEWater Factory 3 Projects

DDoS Cyber Attack makes eBay lose $200m per Day

Don't pay Vect a ransom - your data's likely already wiped out

Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source

Ex-Ransomware Negotiator Pleads Guilty to Extorting U.S. Victims, $10 Million in Assets Seized

FBI extradites Chinese hacker accused of stealing COVID-19 research

Feuding Ransomware Groups Leak Each Other's Data

Fidelity to pay $1.25 million over 2024 data breach affecting 77,000 customers

French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches

Germany Caught Up in Likely Russian Signal Phishing

Germany suspects Russia behind signal phishing attack on top Government officials

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Gmail Users Warned About Sophisticated AI-Driven Phishing Attacks

Green Imaging Data Breach Exposes Patient Medical and Personal Information

Guardz Warns MSPs of Cloud Ransomware and Business Email Compromise (BEC) Risks

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers exploit Robinhood account creation tool to launch worrying phishing scam

Has your Signal account been hacked in the latest phishing attacks?

Have I Been Pwned claims Pitney Bowes hit by 8.2 Million email address leak

Have you asked Ryanair for compensation? Your bank details could now be for sale

How Many People Fall for Phishing Scams in USA

How to Recognize and Avoid Phishing Attacks in 2026

Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks

Industrial Control Systems (ICS) intrusion detection has blind spots that complicate plant security

Inside an OPSEC Playbook: How Threat Actors Evade Detection

Iranian APT OilRig Hides Malware Config Inside Google Drive Image

Isle of Man: Manx Telecom notifies customers of data breach

Italy extradites Chinese hacker accused of spying during Covid-19 pandemic to US

JC Resorts Data Breach Exposes Social Security Numbers

Kamasers DDoS Botnet With Loader Capabilities Attacking Organizations to Deploy Ransomware

Lawsuit accuses Impac Mortgage of waiting two years to disclose borrower data breach

Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach

Medical Device Maker Medtronic Announces Data Breach

Medtronic Confirms Breach After Hackers Claim 9 Million Records Theft

Medtronic confirms cyberattack on corporate IT systems amid claims of massive data theft

Medtronic Confirms Data Breach After ShinyHunters Claims

Medtronic Confirms Data Breach, No Impact on Operations or Patient Safety

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Missouri Democrats Call for Investigation Following School Voucher Data Breach

Missouri Lawmakers Clash Over Massive School Voucher Data Breach

Monumental Sports & Entertainment Data Breach Affects 10k

MP David Davis's website hit by suspected cyber attack

MP Sir David Davis's website shut down in suspected cyber attack

Navigator360 has suffered a hacker attack: more than 93 GB have been stolen

New Bank of Scotland data breach fears as 80,000 more customers hit by IT glitch

New BlobPhish Attack Leverages Browser Blob Objects to Steal Users’ Login Credentials

New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords

New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices

New phishing scam targets your Fear of Missing Out (FOMO) with fake party invitations

No Metrics Are Better Than Bad Metrics in the Security Operations Center (SOC), Says National Cyber Security Centre (NCSC)

North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Notepad++ Releases 8.9.4 Patch to Fix String Injection Vulnerability (CVE-2026-3008) in 8.9.3

Over 500,000 Lloyds customers hit by data breach - yet bank finds zero fraud cases

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

Paragon is not collaborating with Italian authorities probing spyware attacks, report says

Phishing Emails That Look Real Target Robinhood Users via Gmail Dot Alias Feature

Phishing scam targeting Robinhood via Gmail: the alias trick deceives users with flawless emails

Police arrest 10 suspected members of Black Axe cybercrime gang

Pro-Iran hacker group claims release of 2,379 US Marines’ data in Persian Gulf

Ransomware accounts for 90% of cyber losses in manufacturing

Ransomware Turf War as 0APT and KryBit Groups Trade Blows

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Robinhood account creation flaw exploited for phishing emails

Robinhood Phishing Emails Target Users via Account Creation Flaw

Robinhood Users Hit by Phishing Campaign Leveraging Gmail Address Quirk

Robinhood Users Targeted by Gmail Dot Trick Phishing Attack

Robinhood Vulnerability Exploited for Phishing Attacks

Security researcher claims ClickUp vulnerability is leaking customer data

ShinyHunters claims it stole 1.4 million records from Udemy

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

Signal to roll out anti-phishing safeguards following account takeovers

Signal warns users after Russian hackers compromise accounts

Silk Typhoon: Hacker extradited to the US for “COVID espionage”

Sophisticated Phishing Attack Targets Microsoft Teams Users

Study warns cost-cutting use of generative AI could increase cyber-attack risks

Targeted Covid-19 research: Chinese state-sponsored hacker arrested by FBI after Italy extradition

The intricate balancing act of cyber resilience

The metrics killing your Security Operations Centre (SOC), and what to use instead

Third-party cyber risks emerge as weak link for banks after data breach concerns

Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale

US Healthcare Data Breach Crisis Impacts Millions

US reportedly charges Scattered Spider hacker arrested in Finland

US state privacy fines reached $3.425 billion in 2025

US Supreme Court appears split over controversial use of ‘geofence’ search warrants

VECT: Ransomware by design, Wiper by accident

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT Ransomware: When Paying is Not a Recovery Strategy and Won't Get Your Files Back

VECT Ransomware: Why Paying Won’t Get Your Files Back

Vect ransomware actually destructive wiper malware

Video service Vimeo confirms Anodot breach exposed user data

Video site Vimeo blames security incident on Anodot breach

Vimeo Confirms User and Customer Data Breach

Vimeo faces extortion demands from ShinyHunters: “pay or leak”

Weeks After Remita, Sterling Bank Hack, More Nigerian Institutions Succumb to Data Breaches

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Why Unofficial Download Sources Are Still a Security Risk in 2026

27th April

82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected

500,000 UK volunteers’ medical data listed for sale on Alibaba

Abu Dhabi Department of Finance Super Admin Access Sale

ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposed

ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack

ADT Confirms Data Breach After Extortion Attempt by ShinyHunters

ADT confirms data breach after ShinyHunters threatens data leak

ADT confirms new data breach after hacking group threatens record leak

ADT Data Breach Exposes Sensitive Personal Information for 5.5 Million Accounts

AI startup Mercor faces mass litigation following data breach

Alleged Silk Typhoon hacker extradited to US for cyberespionage

Americans lost over $2.1 billion to social media scams in 2025

Amtrak data breach exposes millions of customer records

Attackers Chain Flaws to Backdoor CODESYS Applications and Deploy Malicious Code

Attackers use Microsoft Teams, fake mailbox repair utility to breach organizations

BlackFile Group Targets Retail and Hospitality with Vishing Attacks

BlackFile hackers target retail, hospitality with vishing and data extortion

Canada arrests three for operating “SMS blaster” device in Toronto

CARE Clinic Data Breach Potentially Exposed PHI

Carnival Corp. probes alleged data breach

Carnival Corporation Targeted in Ransomware Attack

Carnival Cruise Line Faces Ransom Demand From Hacker: Warns Online Claims May Be Inaccurate

Carnival Investigates Potential Data Breach Affecting Millions Of Cruisers

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23rd Attack

China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

Client information data breach costs Fidelity $1.25 million in Massachusetts fine

Consumers lost $2.1 Billion to social media scams in 2025, Federal Trade Commission (FTC) reports

Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks

Critical infrastructure giant Itron says it was hacked

Crypto thieves ramping up attacks on Apple users

CTM360 Exposes Global GovTrap Campaign With 11,000+ Fake Government Portals Targeting Citizens Worldwide

Cyber crooks got Robinhood to send phishing emails to its own users

Device codes are the new frontier for phishing as Barracuda detects 7 million attacks in four weeks

Ellipal Cryptocurrency Wallet Suffers Alleged Data Breach

Extradition Drama: Italian Government Approves Chinese Hacker's Transfer to U.S.

Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS

Fake CAPTCHA International Revenue Share Fraud (IRSF) Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Family Federation for World Peace and Unification (FFWPU) and Tongil Group Face Extensive Data Breach

FBI, Indonesian Authorities Team to Take Down Site Ripping Off Users for Millions

Fidelity Fined $1.25 Million Over Client Data Breach

Fidelity to Pay $1.25 Million Over 2024 Data Breach

Fidelity to Pay $1.25 Million to Settle Massachusetts Claims From 2024 Data Breach

Former FBI Deputy Cyber Chief Calls for Terrorism Classification for Healthcare Ransomware Actors

Former Ransomware Negotiator Pleads Guilty to Aiding Attackers

French passport-and-ID portal taken offline after cyber-attack, causing application backlog

French police arrest hacker ‘HexDex’ for alleged widespread data theft

Garmin cyberattack disrupts online services, no evidence of customer data breach

Germany accuses Russia of targeting top politicians in Signal phishing attack

Germany blames Russia for Signal phishing attacks on MPs

Germany suspects Russia is behind Signal phishing that targeted top officials

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

Google users receive $30 bills after fake CAPTCHA scammed them into sending premium text messages

Hacker who allegedly carried out cyberattacks for China is extradited to U.S.

Hackers claim millions of records stolen in ADT breach

Hackers got data on 5.5 million ADT customers by phishing, report says

Hackers impersonate Microsoft Teams help desk to breach corporate networks

Home security giant ADT data breach affects 5.5 million people

How account takeover is reshaping higher-education cyber risk

How to Prepare for GenAI-Driven Threats and Ransomware Attacks

India: CERT-In warns of AI-driven cyber attack risks

International Tensions: Extradition of Chinese Hacker Xu to U.S. Sparks Controversy

Italy: Extradition decree signed for Chinese hacker arrested at Malpensa Airport

Italy extradites alleged Chinese hacker to US accused of spying for Beijing during COVID-19 pandemic

Italy extradites alleged Chinese state hacker to US

Italy extradites Chinese hacker to US

Italy extradites Chinese national wanted by US for alleged hacking

Italy extradites ‘dangerous foreign hacker’ from China wanted by US authorities

Italy plans to send ‘wanted’ Chinese hacker to US authorities

Itron discloses cyberattack after unauthorized access to internal systems

Itron, Inc. Discloses Data Breach After Hackers Accessed Internal Systems

Itron IT Breach: Unauthorized Access Detected on Internal Network

Jeff Honeycutt Insurance Agency Data Breach Exposes Client Info

Kent District Library blames ‘ransomware’ for closures

Korea's Fair Trade Commission (FTC) Orders Coupang, Naver to Revise Unfair Data Breach Clauses

LAPSUS$ Claims Vodafone UK Breach in New Alleged Cyberattack

Lee & Lee Country Club Personal Data Breach...Possible Involvement of North Korean Hackers

Linux ELF Malware Generator Evades Machine Learning (ML) Detection Using Semantic-Preserving Changes

Litecoin Hit by Zero-Day Vulnerability, Triggers 13-Block Reorganization

Maryland property search tool is back online, nearly two weeks after cyber attack

Medical device giant Medtronic confirms data breach incident

Medtronic confirms breach after hackers claim 9 million records theft

Medtronic Data Breach Exposes Millions of Records

Medtronic reports data breach on corporate IT systems

Microsoft Store App Vibing.exe Accused of Harvesting Screens, Audio, and Clipboard Data

Money launderer for crypto thieves given 5-year sentence

Money launderer linked to $230 Million crypto heist gets 70 months in prison

Morocco’s road safety agency warns of fake website used for phishing scam

Most Cybersecurity Professionals Feel Undervalued and Underpaid

Multiple OpenClaw Vulnerabilities Enable Policy Bypass and Host Override Attacks

Narteks Tekstil A.S. Suffers Krybit Ransomware Attack

Nessus Agent Vulnerability on Windows Allows Arbitrary Code Execution as SYSTEM

Netflix Phishing Scams: They’re More Dangerous Than You Think

Now a ransomware turns quantum computing safe in encryption

One ransomware crew now drives half of all cyber claims

Operation TrustTrap Reveals 16,800 Fake Domains Exploiting User Trust

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Proof-of-Concept (PoC) Exploit Released for Critical Metabase Enterprise RCE Vulnerability

PyPI package with 1.1 Million monthly downloads hacked to push infostealer

Qilin Ransomware claims to have breached Inspira, Muller, A&A, Longwood, Exclusive, Istarpal

Ransomware attacks affect 2 senior care providers

Ransomware hackers are now targeting victims with an Infrastructure driven Approach

Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Robinhood account creation flaw abused to send phishing emails

Robinhood suffers phishing attempt ahead of quarterly earnings

Russia suspected of targeting senior officials in major cyberattacks

ShinyHunters group claims massive data theft from home security provider ADT

ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

South Texas Oncology and Hematology Pays $1.1 Million to Settle Data Breach Lawsuit

Sri Lanka: Banks alert customers to phishing attacks

Supreme Court signals location data searches should require a warrant

Synmosa Biopharma Hit by Dragonforce Ransomware Attack

Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns

Texas Tech University Health Sciences Center says 2024 breach impacted 813,892 patients

The $700 million question: How cyber risk became a market cap problem

The AI criminal mastermind is already hiring on gig platforms

‘This was not an isolated incident’: Chinese national exposed by NASA investigation in serial defense software theft phishing campaign that lasted years

Toronto Police Bust Mobile Smishing Network Targeting Thousands

Two researchers stumble on pre-Stuxnet malware that may have targeted Iran's nuclear program

U.S. utility giant Itron discloses a security breach

Udemy Data Breach Results in 1.4 Million Accounts Leaked by ShinyHunters

Uganda Ministry of Agriculture (MAAIF) Suffers Data Breach

UK Biobank data breach exposes medical records of 500,000 people

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

US Sanctions Target Cambodian Scam Network Leaders

Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

What the Medtronic Breach Means for Security Experts

Why Energy Infrastructure Is Cybersecurity’s Next Frontier

Widely Used Browser Extensions Selling User Data

Your adblocker might be tracking you: researchers flag dozens of browser extensions openly selling data

Your Identity and Access Management (IAM) was built for humans, AI agents don’t care

Posted by at
Labels: