Data Breaches Digest - Week 20 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th May and 17th May 2026.

17th May

Africa’s Financial Sector Faces Renewed Cyber Threat Surge

American Lending Center Data Breach Affects 123,000 Individuals After Nearly Year-Long Investigation

Chanhassen Dinner Theatres says cyber attack may affect upcoming performances

Cyber Intrusion At US Gas Stations Raises Security Concerns: Fuel Monitoring Systems Breached, Iranian Hacker Groups Suspected

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana Says It Rejected Ransom Demand After Source Code Theft

Hacker twins caught plotting to destroy the company that fired them. They left Teams on

Instructure May Have Paid Ransom After Canvas Cyber Attack

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, Proof-of-Concept (PoC) released

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Researcher Claims Microsoft Silently Patched Azure Backup for AKS Vulnerability

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

South Korea: Warning Issued Over "Naver Plus Payment Completed" Phishing Emails...Urgent Alert for Password Theft

State-backed ransomware activity raises new concerns over escalating threats to Operational Technology (OT), critical infrastructure operations

The Hidden Cost of Slow Cyber Remediation in Healthcare

To Pay or Not to Pay: Inside the Delicate Dilemma of Ransomware

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

US prosecutors target healthcare and pandemic scams worth over $1 billion

Zara data breach exposes 200K customers after alleged ransomware attack

16th May

AI-Generated Phishing Is Getting Harder to Spot - How Security Teams Can Validate Suspicious Content

American Lending Center Data Breach Impacts Over 123,000 Individuals

Android 16 VPN Bug Can Leak Users’ Real IP Addresses, Researcher Claims

Belarus: Scammers send phishing links on behalf of the traffic police (GAI) about unpaid fines

Critical ‘Claw Chain’ Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk

Cyber attack hits US gas stations, officials suspect Iran

Experts Warn Travelers Against Phishing Links and Bogus Booking Sites

Fake profiles, phishing and AI scams increasingly target professional athletes and their private data

Fidelity Investments Agrees to 2.5 Million Data Breach Settlement

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Gas Express Settles Employee Data Breach Lawsuit

Ghostwriter attacks Ukraine with phishing and geolocated Cobalt Strike

Hackers breach US gas monitoring systems, officials suspect Iranian involvement

India: Punjab Police bust cyber phishing racket, 132 arrested

Memorial Day scam wave is here with fake travel deals and phishing schemes

Microsoft rejects critical Azure vulnerability report, no CVE issued

Russian hackers turn Kazuar backdoor into modular P2P botnet

Seniors Targeted - FBI Issues Cyber Attack Advice For The Over 60s

Windscribe (Among Others) May Leave Canada Over Bill C-22 Surveillance Requirements

15th May

2025 Saw a Surge in Wireless Vulnerabilities

A hotel check-in system left a million passports and driver’s licenses open for anyone to see

AI Didn't Break Identity Security. It Exposed What Was Already Broken

AI Makes Phishing Scams Harder to Identify in the Workplace

Allied World sues Change Healthcare for $1M-plus over 2024 ransomware fallout

American Lending Center Data Breach Affects 123,000 Individuals

American Lending Center data breach impacts over 123,000 individuals

Australia: Tasmanian hospitality group confirms CMD Organization ransomware attack

Avada Builder WordPress plugin flaws allow site credential theft

Belgium: National Annual Holiday Service (RJV) warns of phishing campaigns relating to holiday pay payments

Bonick Landscaping Data Breach Exposes Personal and Medical Details

Boys & Girls Club of the Northern Plains lays out next steps after cyber attack

California hits General Motors with $12.75 Million privacy settlement over driver data

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Canada ranks second globally in ransomware attacks

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

China-linked hacking group targets Azerbaijani energy firm in multi-wave cyberattack

Circle K franchisee reaches preliminary settlement in data breach lawsuit

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

Cornick, Garber & Sandler Data Breach Impacts 1,570: SSNs Exposed

Cresset Capital Data Breach: Social Security Numbers Exposed

Cyberattack via Ransomware at Major EMS Provider Foxconn

Cyber Attacks Continue to Accelerate in India as Ransomware Activity Expands in April 2026

Deepfake detection is losing ground to generative models

Detectives chase down voice phishing mule in South Korea, earn praise

Device code phishing surges across criminal toolkits

Did Iran Hack Tank Readers at US Gas Stations?

Endue Software agrees to $870,000 settlement over February 2025 data breach

Esse Health Agrees to Pay 2.53 Million to Settle Data Breach Lawsuit

Excelas Data Breach Exposes Personal and Health Information

Financial scams target psychology over technology as AI voice phishing spreads among retirees

Florida Reliability Coordinating Council (FRCC) Data Breach: Social Security Numbers Exposed

FlySafair data breach highlights reporting duties in South Africa

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Foxconn confirms cyber attack on North American facilities

From phishing to porn star impersonators: how scamming athletes became a billion-dollar industry

Funnel Builder WordPress plugin bug exploited to steal credit cards

Getting Schooled By ShinyHunters

Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities

Gunra Ransomware Expands RaaS After Conti Locker Shift

Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker

Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens

Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens

Hackers selling bundled enterprise data on the dark web to maximise profits

Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Hacking drives 46% jump in Korea personal data breaches as penalties surge

Has M&S fully recovered from the impact of its cyber-attack?

Hawaii Employers' Mutual Insurance Company (HEMIC) Data Breach: Social Security Numbers Exposed

Healthcare Execs Under Siege Due to Ransomware Attacks

Here’s What K-12 Vendors Can Expect After the Canvas Data Breach

Inside the Foxconn Cyberattack by Nitrogen Ransomware Group

Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

Jaguar Land Rover profit slumps after cyber attack

Kimsuky PebbleDash and AppleSeed Malware Campaigns

Korea Internet & Security Agency (KISA) and Seoul police arrest telecom operators for spoofed-number phishing

Luxembourg: Fake LuxTrust email claims account was hacked

Malicious node-ipc npm Packages Trigger New Supply Chain Security Alarm

Man vs Machine: AI is Making Traditional Vulnerability Management Operationally Irrelevant

Microsoft backpedals: Edge to stop loading passwords into memory

Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers

Microsoft warns of Exchange zero-day flaw exploited in attacks

More than $10 million stolen from crypto platform THORChain

NCC Group warns ransomware attacks on Operational Technology (OT)-heavy industrial environments are intensifying amid IT/OT convergence

New Phishing Campaign Exploits Calendar Invites to Steal Tokens

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

OpenAI Confirms Limited Impact From TanStack npm Supply Chain Attack, Urges macOS App Updates

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

Pharma giant West Pharmaceutical discloses ransomware attack disrupting operations

Phishing Sites Are Targeting Gaming Users - Here’s How to Find the Official Winbox and Avoid Clones

Popular node-ipc npm package compromised to steal credentials

Ransomware drives 58% of Singapore cyber incidents

Russian Hackers Target 13,500 Signal Accounts in Hijacking Campaign

Shadow AI is becoming the next governance headache

South Korea: Voice Phishing Suspects Surge, Calls Grow for Undercover Probes

Suicide prevention website tracked and shared visitors’ data without consent

Suspected Belarusian State Nexus Actors Target Ukraine with New Cobalt Strike Cyberespionage Campaign

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The economics of ransomware 3.0

The Next Cybersecurity Challenge May Be Verifying AI Agents

The reality of resilience to ransomware

Thieves unlock stolen iPhones using cheap tools sold on Telegram

Trade Groups Urge Faster Federal Action to Address AI-Driven Cyber Risks

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access

Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA

Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Western Orthopaedics says criminals stole the data of over 113,000 patients

What Fronter AI Models Like Mythos and GPT-Cyber Mean for Modern Cybersecurity

York City officials reveal little about 2025 ransomware exposure, aftermath

Zombie linkages are keeping expired domains trusted for years

14th May

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

18-year-old NGINX vulnerability allows DoS, potential RCE

90% of ransomware attacks target SMEs

A spyware investigator exposed Russian government hackers trying to hijack Signal accounts

AI cyber capability is speeding past earlier projections

African National Congress (ANC) hit by data breach: 2 million private member records exposed

Apple’s iPhone Privacy Feature Expands to More Users Worldwide

Belarus Hackers Target Ukraine With Spear-Phishing

British Airways hit by Telegram breach claims involving pilot data

Canada: Claim dropped in Acciona/Metro Van data breach case

Canvas breach: Australian schools the likely target of sophisticated phishing scams

Canvas Data Breach Pushes Instructure to Pay Ransom After Second Hack

China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Cullen/Frost Data Breach Exposes Sensitive Info for 4.6k Clients

Cyber Attacks Continue to Accelerate in India as Ransomware Activity Expands in April 2026

Dutch lab failed security standards before hackers stole 850,000 cancer patients’ data

Exim BDAT Vulnerability Exposes Email Servers to Remote Attacks

Expert Insights on the West Pharmaceutical Ransomware Attack

Extant Aerospace Data Breach Exposes SSNs for Thousands of Individuals

Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS

FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

Fired hacker twins forget to end Teams recording, capture own crimes

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Fluke Data Breach: SSNs and Health Records Compromised

Foxconn confirms cyber attack affecting some North American facilities

Foxconn Confirms Cyberattack

Foxconn confirms cyberattack amid claims of stolen Apple and Nvidia data

Foxconn Confirms Cyberattack as Nitrogen Ransomware Claims 8TB Data Theft

Foxconn confirms cyberattack following Nitrogen ransomware claims

Foxconn confirms cyberattack on North American factories amid Nitrogen ransomware claims

Foxconn Confirms Cyberattack, Security Experts Discuss

Foxconn factories resume operations after ransomware attack

Foxconn hack gives Apple an unwanted peek behind the curtain

Foxconn Hit by Cyberattack, Nitrogen Ransomware Gang Claims Involvement

Foxconn hit by ransomware attack; hackers claim stolen Apple and Nvidia data

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Fragnesia Extends Linux Kernel Security Challenge with Root-Level Exploit

From dark web to DarkSphere - the new cyber attack frontier

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Google Launches Android Spyware Forensics Tool for High-Risk Users

Hacker hijacks robotic lawnmowers across the world

Hacker Houses And Hyper-Scaled Crime: Are We In A New Era Of Cyber Risk?

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers Steal 11 Million Apple & NVIDIA Files

Horizon Media say January data breach compromised personal information

India emerges as top ransomware target in APAC as cyberattacks surge 165% in Q1 2026

India Most Targeted By Ransomware Attacks In APAC During Q1 2026

Industrial firms hit hardest by ransomware attacks

Information Commissioner’s Office (ICO) Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

Instructure Pays ShinyHunters Ransom to Protect 275 Million Canvas Users’ Private Data

Interim Healthcare of West Texas Data Breach: Patients of Lubbock and Amarillo Impacted

Iran launches DDoS Cyber Attack on Spotify says retaliation to Khamenei’s Killing

Iran-Linked MuddyWater Group Breached Organizations in 9 Countries in Q1 2026, Including Major Electronics Maker

Israeli spy firms double down on new data methods to uncover Starlink users

It is official that half of CISOs pay in ransomware attacks

Jaguar Land Rover annual profit falls 99% after US tariffs and cyber-attack take toll

Jaguar Land Rover profits slumps 99 per cent, tariffs and cyber-attack cited as reasons

Jaguar Land Rover (JLR) profits take major hit from cyber attack and competition in China

Jaguar Land Rover’s full-year results hit by cyber attack but car giant “recovered well” in Q4

KongTuke hackers now use Microsoft Teams for corporate breaches

Lawsuits Follow Disruptions from Cyber Attack on Canvas

LifeSpring Home Care Data Breach: 7,509 Patients Affected

Machine identities outnumber humans 109 to 1

Major tech manufacturer Foxconn confirms cyberattack hit North American factories

Malaysia’s emerging hybrid organised crime threat

Mays Housecall Data Breach Exposes PHI for 5,208 Patients

Microsoft sacks Israel subsidiary boss over using its cloud to store spying data

Microsoft says 8.3 billion email phishing attacks in Q1, QR code attacks up 146 percent

Mistral AI allegedly breached by Dune-loving criminals following TanStack supply chain hit, 450 repos exposed

Most Organizations Now Use AI Agents for Sensitive Security Tasks

Mt. Spokane Pediatrics Data Breach - What You Need to Know and What to Do Next

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

National Treasury Management Agency (NTMA) yet to recover €2.5m stolen in phishing attack

New Fragnesia Flaw Hands Linux Local Users Root Access

New Fragnesia Linux flaw lets attackers gain root privileges

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

NGINX is critically vulnerable: hackers can crash servers and run remote code with no authentication

Nitrogen Ransomware claims massive data theft from Foxconn

Nitrogen Ransomware Gang Claims Attack as Foxconn Confirms Breach

Nitrogen ransomware gang claims major data theft from Apple’s key supplier Foxconn

No User Data Impacted in Third-party Breach, OpenAI Says

North Korean hackers pose as police in spear phishing attacks

OpenAI Addresses TanStack NPM Supply-Chain Attack Impact: ⁠Production Systems, Intellectual Property Not Compromised

OpenAI asks macOS users to update after TanStack npm supply chain attack

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says hackers stole some data after latest code security issue

OpenAI says no user data breached after security issue with open-source library

Over 70% of organizations hit by identity breaches

Patching one Linux kernel critical exploit spawns another: a third vulnerability in two weeks

‘Personalized’ Iranian Cyber Attack Targets Israeli Morale

Pivot Health Data Breach Exposes Sensitive Health Details of Patients

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Q1 2026 Ransomware Attacks Hit 2,122 Organizations Worldwide

QBE warns cyber attacks are speeding up in Asia-Pacific

Ransomware attack on American Lending Center compromised over 123K individuals

Ransomware attacks on West Pharmaceutical and Foxconn highlight growing cyber risks to manufacturing sector

Ransomware Group Targets Fortinet and Cisco Devices To Breach Networks

Ransomware made up 58% of cyber incidents in 2025

Ransomware, Critical Vulnerabilities, and the Security Gap No One Is Closing Fast Enough

South Africa: Durban hospital targeted in ransomware incident

South Africa: Good, boring cybersecurity

Spirit Medical Transport Data Breach - What You Need to Know and What to Do Next

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Taiwan: Researchers probed for cybersecurity data breach

TeamPCP Claims Mistral AI Breach, the Company Announces Being Impacted by the TanStack Supply Chain Attack

TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack

TeamPCP hackers advertise Mistral AI code repos for sale

The AI authorship crisis is becoming a cyber-security problem

The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be

The Gentlemen RaaS Leverages Fortinet and Cisco Edge Devices for Initial Access

The shadow of hacker attacks and bot fraud on the World Cup

The third major Linux kernel flaw in two weeks has been found - thanks to AI

Vimeo Confirms Data Breach Impacting 119,000 Users and Customers

West Pharmaceutical Services confirms cyberattack after data theft and system encryption

West Pharmaceutical starts restoring operations after ransomware attack

Who is Nitrogen group, what does Foxconn do and what data was hacked? Ransomware hackers claim breach at Foxconn

Why Australian Dark Web Data Is Now Being Sold in Bundles - and What It Means for Organizational Exposure in 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

Your iPhone Gets Stolen. Then the Hacking Begins

13th May

58% of CISOs Would Consider Paying Ransomware Gangs

122 Australian Schools & Universities Impacted In Data Breach Affecting Millions

716,000 Impacted by OpenLoop Health Data Breach

AI and phishing-as-a-service drive increase in email attacks

AI fuels rise in phishing attacks

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android pushes new scam, theft, and AI protections in 2026 update wave

Apple Enables Encrypted RCS Messaging Between iPhone and Android

Avada Builder Flaws Expose One Million WordPress Sites

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Best Western parent company says hackers spent 6 months inside hotel systems, exposing guest data

Bring Your Own Vulnerable Driver (BYOVD) Attacks Help Ransomware Gangs Bypass Endpoint Defenses

Canvas Breach Hackers Reach Deal After Claiming 275 Million Records Stolen

Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation

Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

Canvas owner reaches ‘agreement’ with threat actors after data breach

Canvas owner reaches deal with ShinyHunters after global data breach

Capitol Pain Institute Data Breach: Protected Health Information Exposed

Chinese hacker ringleader extradited over US$25.4 million theft targeting BTS’ Jungkook, others

Chinese hacker suspect extradited to South Korea over $32m theft targeting BTS’ Jungkook and others

Critical Exim GnuTLS Flaw Enables Remote Code Execution

Critical Fortinet FortiSandbox Flaw Enables Remote Code Execution

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

European defense tech giant Thales dragged into fresh data leak claims

Fake Income Tax email alert! ‘SilverFox’ hackers target Indians with dangerous malware

Fallout from the ransomware attack on Canvas used by thousands of universities

Fewer Groups Now Drive Majority of Global Attacks

FIFA World Cup 2026: Cyber Attack Single Point Risk

Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator

Foxconn confirms cyberattack affecting some North American facilities

Foxconn confirms cyberattack after hackers claim theft of Apple data

Foxconn confirms cyberattack claimed by Nitrogen ransomware gang

Foxconn Confirms Cyberattack on North American Facilities, Production Hit

Foxconn Confirms North American Factories Hit by Cyberattack

Foxconn confirms Ransomware Attack

Foxconn Hit by Ransomware Attack Claiming Theft of Apple Project Data

From Exposure to Action: How to Operationalize Identity Risk Intelligence

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

Google Boosts Android Security With AI-Powered Protections

Google Debuts Android Spyware Logging Tool for High-Risk Users

Google Detects AI-Created Exploit, Thwarts ‘Mass Exploitation Operation’

Google Launches New Android Security Features to Fight Scams, Theft

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Hacker Actively Laundering Stolen Crypto After Exploiting Liquidity Provider for $6,700,000

Hacker checks out Amazon baby monitor, finds mother of all security flaws

Hackers Claim 11 Million Files Stolen From Foxconn, Supplier to Apple and Nvidia

Hackers tipped off Dutch telco Odido about its own data breach

Hackers Upgrade ClickFix Attacks Using Decade-Old Python SOCKS5 Proxy Tool

Here’s why Odido didn’t pay a ransom in the recent cyberattack

India Ranks Top in APAC Cyber Attacks Amid 165% Ransomware Surge

India tops APAC ransomware target list as cyberattacks surge 165% in Q1 2026

Information Commissioner's Office (ICO) fines South Staffordshire Water nearly £1 million after cyber attack

Instructure chose to a pay ransom following the Canvas cyber attack - research shows more than half of security leaders would follow suit

Instructure reaches agreement with hackers after Canvas data breach

Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak

International Anti-Ransomware Day 2026: Strengthening Cyber Resilience Against Evolving Threats

Iranian hackers targeted major South Korean electronics maker

Lawyers of data breach victims welcome almost £1 million fine for South Staffs Water over cyber attack affecting more than 600,000 people

Meta employees revolt over AI mouse-tracking software installed on work computers

Microsoft Fixes 17 Critical Flaws in May Patch Tuesday

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days

Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported

Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft Windows Alert - Angry Hacker Drops 2 New Zero-Day Exploits

Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft’s Patch Tuesday Update Targets 120 Security Flaws

New critical Exim mailer flaw allows remote code execution

Palantir given complete access to NHS patient data

Plymouth radio station closes after 'ruthless' cyber attack

Pro-Iran hackers claim cyberattack on Spotify, cite ‘revenge’ for Khamenei's killing

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

Ransomware attacks claim over 2,300 victims in one quarter and cause millions in losses

Ransomware gang claims theft of Apple files in Foxconn attack

Ransomware Gangs Use BYOVD and EDR Killers to Disable Security Tools

Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia

Ransomware hits Australian networks faster than ever before

Ransomware Q1 2026: Fewer Groups, Bigger Hits, Pre-Staged Access

Ransomware shifts to fewer groups as Thailand targeted

Regulator fines water company almost £1 million for cybersecurity failures

Signal enhances security with new features to combat phishing attacks

Signal responds to phishing attacks with new in-app security warnings

Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data

Škoda Auto discloses data breach after online shop hack

Skoda issues data breach alert for its online shop: hackers accessed customer information

Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US

Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million

South Korea: Chinese Hacker Ringleader Extradited for 38 Billion Won Theft

South Staffs Water fined £964k after data breach

South Staffs Water fined almost £1 Million after IT hack and data breach

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

The Canvas Hack Shows Ransomware Isn’t Going Anywhere

The Environment Has Changed, But Your Identity Security Still Hasn’t

The First 24 Hours: What I Learned Responding to a Real-World Ransomware Attack

The hidden risk of non-human identities in AI adoption

UK moves to shield security researchers in cybercrime law overhaul

US lawmakers demand answers from Instructure after Canvas data breaches

West Pharmaceutical says hackers stole data, encrypted systems

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

West Pharmaceutical Services hit by ransomware attack

When backups become the target: Why your recovery plan needs a rethink

When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk

Why Australia's ransomware spike misses the bigger story

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Windows BitLocker zero-day gives access to protected drives, Proof-of-Concept (PoC) released

Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison

Young & Company Data Breach: SSNs Exposed

12th May - International Anti-Ransomware Day

1.2 Million messaging app profiles leaked online: Were you impacted?

‘Agreement’ with hackers resolves data breach on Canvas learning platform

AI drives ransomware surge, experts urge faster defence

AI-Accelerated Ransomware Is Reshaping Risk for Financial Institutions

Amazon Quick authorization bypass let users reach blocked AI chat agents

American Lending Center Data Breach: 123,158 Individuals Impacted

Android will hang up on banking scammers for you - how its new anti-spoofing feature works

Apple supplier Foxconn confirms ransomware attack affected North American factories

Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence

Attackers Use Fake OpenAI Model to Push Credential-Stealing Malware

Australian firms urged to rethink ransomware defences

Banco Bilbao Vizcaya Argentaria (BBVA) haunted by fresh leak claims as customer banking data resurfaces online

Belmont Surgery Data Breach Exposes Sensitive Health Information

Binance stops $10.5B in fraud with AI, but the AI scam profits tell a different story

Biometric Authentication is Easier to Fake Than You Think

Canvas breach: 'Agreement' made with hackers over stolen data

Canvas breach ends in ransom deal, but student phishing risk remains

Canvas Data Breach: Instructure Reaches Deal With ShinyHunters To Return User Data

Canvas developer Instructure says 'agreement' reached with hackers

Canvas hack: Company pays criminals to delete students' stolen data

Canvas Hack Aftermath: Owner Instructure Reaches Deal With Hacker Group

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

Canvas now admits it paid hackers after finals-week cyberattack - but is student data truly safe?

Canvas owner reaches ‘agreement’ with threat actors after data breach

Canvas owner struck a deal with hackers who breached its education platform twice

Canvas parent settles with hacker group that stole user data

Canvas platform strikes deal with hackers to delete students’ stolen data

Canvas reaches agreement with hacking group over massive data breach

Canvas Secures Data with Hacker's Agreement

Caveat Canvas: ShinyHunters Hacks The Education Sector

Checkmarx Jenkins AST Plugin Compromised by TeamPCP Using Credentials Stolen in the Trivy Supply Chain Attack

Class-action suit targets global commercial real estate firm for failing to protect client info during massive data breach

Congressman launches inquiry into how food retailers use surveillance pricing

Cushman & Wakefield Confirms Data Breach Impacting Over 310,000 Accounts

Cushman & Wakefield Data Breach Exposes 310,431 User Accounts

CVE-2026-41940 Vulnerability in cPanel Exploited to Steal Credentials

Dark web kingdom operator sentenced to 16 years as leading marketplace falls

EdTech Firm Instructure Pays Ransom as U.S. House Starts Investigation

Edtech giant Instructure strikes deal with ShinyHunters hackers prior to ransomware deadline

Education platform pays off hacker who shut down site during finals week

End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android

Experts urge better scrutiny of cloud services after Canvas data breach

Fake Claude Code Installer Targets Developers With Browser Credential Stealer

Fake Invitation Phishing Is Becoming a Remote Access Problem for CISOs

Financial Foundations Data Breach: Social Security Numbers Exposed

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

Foxconn confirms cyberattack impacting North American factories

Foxconn Hit by Major Cyberattack as Ransomware Group Claims Theft of 8TB of Data

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

General Motors to pay $12.75 million over driver data sales

Germany busts rebooted dark marketplace Crimenetwork selling drugs, forged documents

GhostLock Attack: Windows API Misuse Enables Ransomware-Like System Lockdown Without Encryption

Google Blocks AI-Driven Cyberattack in First Known Attempt at Mass Exploitation

Google Detects First Potentially AI-Generated Zero-Day Exploit

Google Drive loophole lets blocked malware reach Gmail, puts billions at risk

Google Says Hackers Used AI to Build Zero-Day Exploit

Google Thwarts Hacker Plan to Exploit AI for Mass Cyberattacks

Hacker breached Skoda’s online store and stole customer data

Hackers accessed BWH Hotels reservation system for months

Hackers claim 11 Million files from major Apple and Nvidia partner days after Wisconsin plant suffers “IT outage”

How AI and phishing-as-a-service are changing the email threat landscape

How to tell if your email address, passwords have been exposed

Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks

Information Commissioner’s Office (ICO) fines water company £1m over data breach affecting 630,000 people

Information Commissioner’s Office (ICO) fines UK water company over major customer data breach

Information Commissioner’s Office (ICO) issues fine of nearly £1m against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

Institute of Public Accountants (IPA) members hit by data breach

Instructure pays ransom after Canvas incident as Congress announces investigation

Instructure Pays Ransom to Resolve Canvas Data Breach Affecting 275 Million Users

Instructure reaches agreement with hacker after data breach, global outage

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure strikes deal with hackers who breached it twice

Instructure took a risky approach to recover stolen Canvas data

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

Kaspersky 2026 Ransomware Report Details Shifting Threats, as Attacks Decline and Tactics Change

Malicious Hugging Face Repository Typosquats OpenAI

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

Mini Shai-Hulud Hits TanStack npm Packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

New York Life Data Breach Exposes Sensitive PHI and PII

NVIDIA confirms GeForce NOW data breach, pledges full support for investigation

Odido rules out compensation after massive cyberattack affecting 6.2 million accounts

On Anti-Ransomware Day, some good news arrives for cyber defenders

OpenLoop Health Data Breach Confirmed at 716,000 Individuals

Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware

Oracle EBS data breach compromised close to 6,000 Informa employees

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Ransom deal reached with Canvas hackers who stole student and teacher data

Ransomware attacks near record as groups consolidate

Ransomware Hackers Crash Finals Season

Ransomware in 2026: Resilience replaces prevention as new cyber imperative

Ransomware Power Shifts to Fewer, Bigger Groups in 2026 productnation

Ransomware sector reconsolidating as Qilin, LockBit, and The Gentlemen expand influence in Q1 2026

Regina entertainment venues affected by cyber attack

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

School Learning Company Reaches Deal with Hackers in Ransomware Attack

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Signal adds security warnings for social engineering, phishing attacks

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Škoda confirms unauthorized access to its online shop

Škoda warns of customer data breach after online shop hack

South Africa: Durban hospital targeted in ransomware incident

South Staffordshire Water Fined £1m After Data Breach

State of ransomware in 2026

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

Stolen Canvas data was “returned” after hacker agreement, Instructure says

Stolen information returned to Canvas and allegedly deleted from hacker logs

Taiwan's cybersecurity market shifts toward managed services as ransomware pressure mounts

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

The hidden smart fridge risks that emerge years after purchase

The Risks of AI Agents as High-Privilege Users That Never Pause

The State of Identity Security 2026: Identity is the new perimeter

Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites

Threat Actors Use Vercel AI to Mass-Produce Phishing

Three separate lawsuits filed against Instructure after data breach

U.S. bank disclose security lapse after sharing customer data with AI app

UK fines water supplier $1.3 Million for exposing data of 664k customers

UK water firm fined £1 Million after running Windows Server 2003

UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years

US government seeks Instructure testimony on massive Canvas cyberattack

Water firm fined after customers' details hacked

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

West Pharmaceutical warns of ransomware attack impacting business operations

“When you watch Netflix, Netflix watches you”: Texas sues streaming giant for spying on kids

Why Agentic AI Is Security's Next Blind Spot

Why Ransomware Attacks Are Increasing in UK Businesses

‘You deserved more consistent communication from us, and we didn’t deliver’: Instructure CEO issues apology over Canvas cyber attack disruption

11th May

9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems

AI cyber attack threatens global financial crisis, warns International Monetary Fund

AI-Driven Cybercrime Spikes: Ransomware Victims Up 389% in New Fortinet Study

Australia: Deadline set by cybercriminal group looms as some institutions regain Canvas access

Australian toy distributor listed by M3rx ransomware

Back-to-Back Ransomware Attacks on Ed Tech Firm Attract Congressional Scrutiny

Binance says AI security systems prevented $10.5 billion in user losses from crypto scams, phishing

Bulgaria: Authorities bust AI-assisted mass phishing scheme

BWH Hotels guests warned after reservation data checks out with cybercrooks

California Hits General Motors With Record $12.75 Million CCPA Privacy Settlement

Capsule Security Analysis Details Scope of Vulnerable AI Agent Attack Surface

China-linked New York robotics firm issues fix after hacker remotely hijacks thousands of lawn mowers

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Criminal case opened in Poland after hacker attack on Belarusian online library kamunikat.org

Cyber attack disrupts swathe of universities, schools in US, Canada, Australia

Cyber-crime increasingly coming with threats of physical violence

Data after the breach: Economics of the dark web

Data Breach Disrupts Georgia Universities During Final Exams

Data breach fears for schools and universities grow after suspected ransom note

Deconstructing the Canvas (Instructure) Data Breach: What Happened and What Should Your Institution Do Next?

Dirty Frag: Linux kernel hit by second major security flaw in two weeks

Fake Claude Code Page Pushes PowerShell Stealer at Devs

Fake income tax emails target Indians: Kaspersky warns of ‘SilverFox’ hacker attack

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake TronLink Extension Targets TRON Users in Phishing Scam

Fine of nearly £1 million issued against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

Fortinet Warns AI Is Accelerating Global Cybercrime as Ransomware Victims Surge 389%

General Motors (GM) agrees to $12.75 Million California settlement over sale of drivers’ data

GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware

Global report finds businesses hide vast majority of ransomware attacks

Google Ads and Claude.ai Shared Chats Abused to Distribute Mac Malware

Google catches “first AI-assisted zero-day” as well as autonomous Android malware

Google researchers uncover criminal zero-day exploit likely built with AI

Google says criminals used AI-built zero-day in planned mass hack spree

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google says it likely thwarted effort by hacker group to use AI for ‘mass exploitation event’

Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites

Hackers Observed Using AI to Develop Zero-Day for the First Time

Hackers pushing innovation in AI-enabled hacking operations, Google says

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Hackers used AI to develop zero-day exploit for web admin tool

Hogan Transports Data Breach Exposes Personal Information Including Social Security Numbers

Hong Kong: Cross-border data breach alerts in place, says Digital Policy Office

Identity security firm SailPoint discloses GitHub repository breach

Information Commissioner’s Office (ICO) fines Cl0p victim South Staffs Water over data breach

Information Commissioner’s Office (ICO) fines South Staffordshire Water £963,900 over significant data protection failures

Information Commissioner’s Office (ICO) fines Staffordshire water provider over serious cyber attack

Instagram messaging encryption removed, and privacy advocates are pushing back

Instructure Canvas hack update: Breach involved a specific teacher account type and interrupted finals

Instructure confirms hackers used Canvas flaw to deface portals

Iran’s cyberwar targets ordinary Americans. We need to dismantle the hacker network

Kaspersky Warns of Phishing Attacks Via Compromised Amazon Simple Email Service Accounts

LayerZero Apologizes After Lazarus Group Hacker Attack

LayerZero blames victims for $292 million hack, but apologizes as clients leave

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Mac Users Warned Over Fake Claude Install Instructions

March 2026 Healthcare Data Breach Report

Millions of Android users tricked into paying for fake call logs

MTN Ghana Warns Customers Against Phishing Link Scams

National Savings and Investments (NS&I) phishing attacks surge as Premium Bonds provider blocks 132,000 malicious emails

New Congoleum Data Breach: Personal Information of 4k Individuals Exposed

New GhostLock tool abuses Windows API to block file access

Nvidia GeForce NOW data breach confirmed - but luckily most of us will be safe, here's why

Official CheckMarx Jenkins package compromised with infostealer

OpenLoop Health Data Breach Affects 716,000 Individuals

Police Shut Relaunched Crimenetwork Dark Web Marketplace

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue

Poor security left hackers inside water company network for nearly two years

Pro-Iranian hacker group claims to expose identities of Israeli special forces officers

Ransomware hackers are now threatening to indulge in Physical Harm or Violence

Rapid7 links Chaos ransomware campaign to Iranian state-sponsored MuddyWater espionage operation

Renegade recovers $190K after hacker returns 90% of stolen funds

Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams

Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

School app Canvas breach hits during finals

Schools negotiate with hackers following Canvas data breach

Second Canvas data breach causes major disruptions for schools, colleges

Security teams are turning to AI to survive alert overload

ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign

Skoda Data Breach Hits Online Shop Customers

Soomgo reports hacker extortion to authorities, probes possible data leak in Korea

South Korea: Former Police Officer Sentenced for Voice Phishing Money Laundering

Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent

The scam economy has found its AI upgrade

The State of Ransomware - Q1 2026

TrickMo Android banker adopts TON blockchain for covert comms

TrickMo Variant Routes Android Trojan Traffic Through TON

‘Truly terrifying’: Alberta voter data breach raises fears for Canada’s electoral integrity

Two more Hong Kong educational institutions hit by Canvas learning platform data breach

Uber hid drivers’ data rights, Dutch watchdog rules, stands by €10 Million penalty

UK water company allowed hackers to lurk undetected for nearly two years, regulator finds

Universities worldwide still struggling with fallout from Canvas cyber attack

Unoaerre Ransomware Attack Disrupts Manufacturing Operations

Venmo privacy redesign changes the default of post visibility

Water company's leaky security earns near-£1 Million fine

We investigated the Vodafone data leak: Here is what hackers claim they stole

What is device token phishing?

What is Digital Invitation Scam and here's how to safeguard yourself from such cyber threats

What It Costs to Hire a Hacker on the Dark Web in 2026

Why Did the Renegade Hacker Return $190K in Stolen Crypto?

Why was Canvas hacked? Identity of the hacker explored as 275 million users impacted

Zara Data Breach Impacts Nearly 200,000 Customers

Zara data breach saw 197,000 people have information exposed - but luckily, hackers may not have accessed private info

Zara global data breach exposes information on nearly 200,000 customers

Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People