Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 18th May and 24th May 2026.24th May
7-Eleven Data Breach Expose Franchise Applicants’ Social Security Numbers: ShinyHunters Published Stolen Files
Cyberattacks against Japan drastically down during Lunar New Year holidays
Dozens arrested in UK romance fraud and money laundering crackdown
FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
Global Operation Saffron Shuts Down ‘First VPN’ Used by 25 Ransomware Groups
India's Ministry of Home Affairs (MHA) Warns iPhone Users: One Wrong Click After Losing Your Device Could Expose Your Entire Digital Life
Iran-Linked APT Targets US, Israel, and UAE in Cyber-Espionage Surge
Iran-linked hackers targeted US, Israel and UAE, Palo Alto Networks says
Microsoft 365 Phishing Kit Kali365 Bypasses MFA: FBI Warns Hundreds of Organizations Targeted
Ransomware is no longer just a tech problem; it’s a societal threat
Ransomware Kills: How Cybercrime Turned Global Hospitals into Digital Killing Fields
Trump Family's Smartphone Venture Hit by Alleged Data Breach Affecting 27,000
UK MPs slam digital ID rollout as a “fiasco” following rushed launch
23rd May
AI Agents are Recreating the Access Problems that Broke Early Cloud Security
Armenian Cyber Police warn iPhone users of ongoing phishing scam
Charter Communications confirms data breach as hackers threaten leak of 42 million records
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA Known Exploited Vulnerabilities (KEV)
Fraud Alert For iPhone Users: Indian Cybercrime Coordination Centre (I4C) Issues Advisory About Sophisticated 'Hybrid Cybercrime'
Hacker accessed information of 22,500 Hartford HealthCare patients through HUSKY portal
India: ‘Cockroach Janta Party’ being used as bait in new phishing scam, say Punjab Police
India: Cockroach Janata Party scam alert - Punjab police warns users against fake WhatsApp links
India: Ministry of Home Affairs (MHA) warns of fake Apple Support phishing messages
India: Punjab police warn of phishing scam using ‘Cockroach Janta Party’ links as cyber fraud spreads
India: Scammers sending phishing links under guise of joining Cockroach Janata Party
Indian Cybercrime Coordination Centre (I4C) warns of phishing scam targeting iPhone users via fake Apple support messages
Kaspersky Warns of Phishing Attacks via Compromised Amazon Simple Email Service Accounts
KnowBe4 warns of phishing campaign using fake surveys
Laravel Lang packages hijacked to deploy credential-stealing malware
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Oregon HR firm Cardinal Services hit by cyber attack, over 140,000 affected
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Phishing Emails Now Ride Trusted Amazon Simple Email Service (SES), Making Fake Messages Harder to Spot
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
University of Mississippi Medical Center (UMMC) may have violated federal privacy law after ransomware attack
Verus Bridge Hacker Returns $8.5 Million in Ethereum, Pockets Self-Awarded Bounty
Victims 'violated' after water firm's data breach
West Midlands Police Sergeant Found Guilty of Gross Misconduct in Data Breach Scandal
Why pure extortion is replacing traditional ransomware
22nd May
7-Eleven hit with data breach: What Canadians need to know
$20 per zero-day is already the WordPress plugin reality
44 million alleged healthcare records of French citizens surface on hacker forum
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
AI, ransomware and the rise of global cyber cartels
Anatomy of Ransomware: What Leaked Negotiations Can Teach Us
Apple Blocked $2.2 billion in App Store Fraud in the Last Year
Asia-Pacific among hardest hit by ransomware attacks in 2025
Authorities Seize First VPN Service Linked to Ransomware Attacks
Authorities Take Down “First VPN” Service Used in Ransomware Attacks
Barnhart Crane & Rigging Data Breach Impacts 22,822 People
Beacon Mutual ransomware attack exposed data of 4,500 current and former Rhode Island state employees
Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures
Belarus-linked hackers use fake training certificates to target Ukrainian officials
Bodycam footage exposes ICE’s use of facial recognition in violent Oregon farm worker arrest
Canada: Data of around 1,700 people potentially compromised in Canvas data breach
Canadian Administrator Arrested Following KimWolf DDoS Botnet Takedown
Canadian man arrested, charged for running KimWolf DDos botnet
Check Point Warns of Escalating Cyberattacks Targeting India’s Digital Infrastructure
China-linked hackers deploy new "Showboat" malware against telecom firms
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to Known Exploited Vulnerabilities (KEV)
CISA launches new Known Exploited Vulnerabilities (KEV) reporting form to speed up exploited vulnerability tracking
CISA to allow researchers to report vulnerabilities to exploited bugs catalog
CISA Warns of Exploited Trend Micro Apex One Flaw
CISA Warns of Exploited Microsoft Defender 0-Day Flaws
CISA’s new Known Exploited Vulnerabilities (KEV) nomination form opens reporting to vendors and researchers
Cisco exposes alarming errors hidden inside AI security incident reports
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco Secure Workload Flaw CVE-2026-20223 Gets Maximum CVSS 10 Rating
Class action lawsuit filed against Rhode Island's largest workers comp insurer
Cloud Atlas APT Targets Russia and Belarus Government and Diplomatic Entities with PowerCloud Tool
Cloud Credential Abuse and Ransomware Escalation: Inside the Modern Cyberattack Lifecycle
Cyber Attack by Nitrogen Ransomware Hits Foxconn, Disrupting North American Operations
Data breach exposes information of 22,500 Connecticut Medicaid patients
Datavant Group to Pay $900,000 to Settle Class Action Data Breach Lawsuit
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Deleted Google API Keys Still Access Gemini, BigQuery, Maps APIs
Disney hit with $5 Million lawsuit over facial recognition scans at Disneyland
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Easton, Massachusetts, warns residents of active permit phishing scam
EMEA Emerges as Global Hotspot for Financial Services DDoS Attacks
European Agencies Shutter VPN Service Used for Ransomware Attacks
Europol dismantles cybercriminal VPN linked to ransomware investigations
Europol-Led Global Crackdown Dismantles VPN Service Used by Ransomware Networks
Europol-Led Operation Shuts Down ‘First VPN’ Used by Cybercriminal Networks
Europol's Operation Saffron takes down First VPN service over ransomware attacks - 33 'bulletproof' servers spread across 27 countries seized
Eversource Data Breach Impacts 3,049 Customers
Facebook scam targets users over 40 with fake Aldi meat box offers
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
Fake Invitation Phishing Campaign Targets U.S. Organizations With Credential Theft
FBI warns about fast-growing phishing kit targeting Microsoft 365 users
FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins
FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale
FBI warns of Kali Oauth stealers
FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA
FBI Warns of Kali365 Attacks Targeting Microsoft 365 Users to Steal Logins
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
'First VPN', used by ransomware groups, scammers and data thieves, dismantled
Former US execs plead guilty to aiding tech support scammers
German Football Association leaves open goal for hackers, who are claiming password theft
Germany becomes focal point of escalating Germany, Austria, and Switzerland (DACH) cyber campaign amid ransomware, geopolitical attacks
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
GitHub Investigates Internal Code Theft by TeamPCP Hacker Group
Google API Keys Remain Usable After Deletion for up to 23 Minutes, Report Says
Hackers claim Starbucks data breach, but researchers are not so sure
Hackers steal patient and billing data from German hospitals via third-party provider
Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud
INJ3CTOR3 Deploys JOMANGY Webshell in Advanced FreePBX Attacks
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
Kash Patel’s clothing brand website shut down after reports it was hacked
Kaspersky warns of phishing attacks via compromised Amazon Simple Email Service accounts
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
Las Vegas giant reveals hacking incident after system breach
Law Enforcement Shuts Down VPN Service Linked to Multiple Ransomware Groups
May 2026 Data Breach Round Up: Data Breaches Affect 9 HIPAA-regulated Entities
McDonald’s France resets accounts after customer data breach
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Megalodon Malware Compromised 5,500+ GitHub Repositories
Megalodon stalks over 5,000 GitHub repos in new assault on open source
MemberSource Credit Union Breach Exposes Unencrypted Data of 22,000 Persons
Meta, TikTok, and Google left 73% of reported scam ads online despite numerous complaints
Meta, TikTok, X, and other platforms have 48 hours to remove deepfakes and revenge porn
Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems
Mini Shai-Hulud Malware Targets @antv Packages To Harvest CI/CD Secrets
Mullvad Addresses VPN Server Fingerprinting Issue That Could Link User Activity Across Servers
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Nevada: Station Casinos discloses data breach after March incident
New WantToCry ransomware evades detection by encrypting files remotely
npm Resets Bypass-2FA Tokens After Mini Shai-Hulud Supply Chain Attack
npm Supply Chain Attack Uses Hugging Face For Second-Stage Malware
Operation Dragon Whistle Targets Changzhou University With Malicious LNK Files
Perimeter Defense Isn’t Enough. MSSPs Need a Data Resilience Strategy
Phishing Threats Are Now Speaking Fluent Workplace
‘Plan for the worst’: Analyst casts doubt on hackers’ claim data from Canvas breach was destroyed
Police take First VPN offline after five-year investigation
Popular art-template npm Package Compromised In Watering-Hole Campaign
Portuguese records affected. Hacker used doctor’s data to enter SNS24
Prompt injection emerges as AI’s new phishing threat
QR Code Scam Alert in Pakistan: Power Division Advisory, Phishing Risks, and How to Stay Safe
Radiology Associates of Richmond Data Breach Affects 266K Individuals
Ransomware in 2026: EDR Killers, Post-Quantum Crypto, and Encryption-Less Extortion
Ransomware, phishing cases prompt renewed cybersecurity warning in North Dakota
Russian Hackers Exploit RDP and VPNs to Breach Target Networks
Russian Researcher Alleges MAX App Includes Surveillance Features, VPN Detection Capabilities
Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access
Scammers Exploit Internal Microsoft Account to Distribute Spam Links
Showboat: A Novel Linux Post-Exploitation Framework Targeting Telecommunications
Splunk Patches Multiple Flaws Enabling DoS Attacks, Data Exposure
Station Casinos Data Breach Exposes Personal Information
Suspected KimWolf botnet admin arrested over DDoS-for-hire operation
Texas sues Meta, WhatsApp for falsely claiming messages are encrypted while allegedly accessing private communications
The new economics of fraud: Cheaper, faster, more convincing
The University Students Who Lost Their Finals Week to a Ransomware Attack Deserve Answers
Threat Actors Deploy Multi-Layer Persistence On Compromised FreePBX Servers
Trend Micro warns of Apex One zero-day exploited in the wild
Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses
Trump Mobile security flaw: YouTubers who preordered the golden phone find their data leaking
Ubiquiti patches three max severity UniFi OS vulnerabilities
UK Cybersecurity Innovation SilentGlass Goes Global After Licensing Deal
US and Canada arrest and charge suspected Kimwolf botnet admin
US makes first two arrests after men caught spreading viral deepfake pornography
Verizon Data Breach Investigations Report (DBIR): Healthcare Fends Off Increased Social Engineering Attacks
Vulnerability Exploitation Overtakes Stolen Credentials in AI-Driven Cyberattacks
Was Foxconn hit by a cyberattack?
Why CISA Accepting Known Exploited Vulnerabilities (KEV) Nominations Is So Important
Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses
World Cup Phishing Campaign Nearly Triples With 203 Unique IPs
World Cup Phishing Surge: 203 Malicious IPs Detected
21st May
7-Eleven confirms cyber attack following ShinyHunters claims
7-Eleven Confirms Data Breach Affecting Franchise Documents
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
3,800 Internal GitHub Repositories Lost Due to Malicious Nx Console VS Code Extension
A Hacker Just Minted $77 MILLION in Fake Bitcoin on Echo Protocol - But Only Walked Away With $816,000
AI-Powered Phishing Puts MSSPs on the Defensive
American CEO to be sentenced over helping Indian scammers extort seniors
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
Anthropic fixes another Claude Code security bypass without telling users
Apache OFBiz Flaw Exploited for Auth Bypass and RCE Attacks
Apple blocked over $11 billion in App Store fraud in 6 years
Authorities dismantle First VPN, used by ransomware actors
Authorities Have Taken Down “First VPN” Used in Ransomware Attacks
Canada: Data of around 1,700 people potentially compromised in Canvas data breach, Northwest Territories government says
Cardinal Services Data Breach Exposes Social Security Numbers and More
Check Point warns of rising AI-driven ransomware in India
Chinese hackers target telcos with new Linux, Windows malware
Cleveland emergency response drones accidentally added to ICE surveillance network
Compromised art-template npm Package Delivers Coruna-Like iOS Exploit
Credential Theft Campaign Uses Fake Invitations To Target U.S. Firms
Critical Drupal Core Vulnerability Exposes Websites to Attacks
Cyber attack on Florida Physician Specialists impacted over 275,000 patients
Cyber attack on QualDerm Partners exposes personal information of millions
Cyber threats push SMBs to spend more on security
Cybercriminal VPN Dismantled in Europol Crackdown
Cybercriminal VPN used by ransomware actors dismantled in global crackdown
Cybercriminals Abuse Microsoft Teams Brand To Spread ValleyRAT
Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks
Europol dismantles ‘First VPN’ service used by ransomware gangs
Europol dismantles First VPN, the go-to VPN service for cybercriminals
Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
Federal Trade Commission (FTC) Cracks Down on AI Nudify Platforms Under TAKE IT DOWN Act
French Vacation Giant Belambra Hit by Data Breach Exposing 402,000 People, Including Many Kids
Georgia Vascular Specialists PC Data Breach Affects 600
GhostTree Attack Causes EDR Tools to Hang, Skip File Scans
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
GitHub Confirms Cyberattack Targeting Thousands of Internal Repositories
GitHub Confirms Data Breach Affecting 3,800 Internal Repositories via Malicious VS Code Extension
GitHub Data Breach: Hackers Steal Information of 3,800 Internal Repositories, Investigation Launched
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub links repo breach to TanStack npm supply-chain attack
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
Google accidentally exposed details of unfixed Chromium flaw
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Hacker Who Stole Disney Employee Slack Chats Sentenced to 15 Months
Hackers Exploit Butter Network Bridge to Mint Massive MAPO Supply
Hackers Exploit Microsoft Defender 0-Day Flaws To Launch Active Attacks
Hackers stole fingerprints, medical records of 1.8 Million in massive NYC hospital breach
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
India’s Escalating Ransomware Challenge: AI-Powered Threats and the Rise of Fewer, Stronger Cybercriminal Groups
Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
Industry Reacts to Verizon Data Breach Investigations Report (DBIR) 2026 as Vulnerability Exploitation Takes Top Spot
Key takeaways from the South Staffordshire cyber-attack and nearly £1 Million fine: understanding the ICO’s approach to cyber security enforcement
Law enforcement shuts down VPN service used by two dozen ransomware gangs
Manufacturing sector faces escalating ransomware and credential-based attacks
Marks & Spencer scraps all bonuses in wake of cyber attack
Max severity Cisco Secure Workload flaw gives Site Admin privileges
Meta employee rallies troops to help protect their privacy, while still working for data hungry giant
Microsoft Busts “Fox Tempest”: Malware-Signing Service Used to Hide Ransomware
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Microsoft dismantles Fox Tempest cybercrime platform tied to ransomware attacks on hospitals, critical organizations
Microsoft Seizes Websites And Servers Used To Issue Fake Code-Signing Certificates
Microsoft warns of new Defender zero-days exploited in attacks
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead
Microsoft’s Retired Internet Explorer (IE) Tool MSHTA Now Being Used in Fileless Malware Attacks
Most dark web activity revolves around a handful of topics
Nelnet data breach case ends with final $10 Million court approval
New NGINX 0-Day “nginx-poolslip” Exposes Millions to RCE
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
NHS Trust Fires 11 Employees Over Nottingham Victim Data Breach
NHS trust sacks staff for accessing health records of Nottingham stab victims
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Orange’s AI rollout sparks strike and surveillance fears among French workers
Pardus Linux Vulnerability Chain Enables Complete System Takeover
PartsWarehouse Data Breach Compromises Financial Account Information
Police operation targets VPN service favoured by ransomware gangs
Police seize “First VPN” service used in ransomware, data theft attacks
Pro-Iran hacker group threatens cyberattacks on US and Israeli infrastructure
Scam alert: An official Microsoft email is being used for phishing links
Scammers are abusing an internal Microsoft account to send spam links
Schools Blackmailed with Explicit AI Deepfakes of Students
Security Leaders Should Prepare for World Cup Scams
Seqrite Warns of Stealth Monetization: The Rise of Cryptojacking and Targeted Ransomware
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
SMS blaster used in smishing scheme targeting Eurovision fans
SonicWall Gen6 Patch Leaves MFA Bypassable: Six Manual Steps Determine Real Security Status
Sophos research sets alert about WantToCry Ransomware
South Korea: Police Arrest 10 Phishing Cash Mules Targeting Elderly Victims
Strategies, Expert Insights from the 2026 Verizon Data Breach Investigations Report (DBIR)
TamperedChef Malware Abuses Signed Productivity Apps To Deliver Stealers
TeamPCP Takes Cover by Releasing Source Code on GitHub, Spurs Copycats
Third-party pixel use greatly increases healthcare data breach risk
Threat Actors Exploit Indian Student Data For Social Engineering Attacks
Three-Quarters of Firms Knowingly Ship Vulnerable Code
Trump Mobile Reportedly Leaks Customer Data from T1 Smartphone Orders
Two Americans plead guilty to assisting India-based tech support scam centers
UK: 'A hacker sold 170 ghost MOTs through our garage'
UK: Hospital Sacks 11 Staff for Snooping on Nottingham Murder Victims Files
UK plans for cybercrime law reform would protect almost no one, experts warn
Ukraine Busts Massive Cybercrime Scheme Behind 28,000 Stolen Accounts
Ukrainian police name 18-year-old infostealer operator who targeted California shoppers
Verizon publishes its annual Data Breach Investigations Report
WantToCry Ransomware Abuses SMB Services to Remotely Encrypt Files
WantToCry Ransomware Exploits Server Message Block (SMB) Services To Encrypt Files Remotely
WantToCry Ransomware Exploits Server Message Block (SMB) to Encrypt Remote Files
Was NATO breached? Massive database leak claim triggers security concern
West Pharma back online after hackers stole data and locked systems
When Identity is the Attack Path
Why AI changed the threat model for travel technology
20th May
7-Eleven confirms breach after ShinyHunters claims
7-Eleven hit by data breach
£136 million cyber attack cost: Marks & Spencer (M&S) profits plunge 24% but retailer vows comeback
$388 million lost in crypto ATM scams in 2026
African National Congress (ANC) members under threat following data breach
AI Agents Are Here. Security Must Be an Accelerator for AI Transformation
AI platform Dify, with 10 million installs, exposes users to one-click account takeover
AI-driven fraud and ransomware accelerate the evolution of cybercrime in the UK
AI-driven phishing and phishing-as-a-service accelerate email threats
AI-related data breaches surging, Verizon report says
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Anthropic hyped Mythos as a hacking apocalypse, governments panicked for nothing, security professionals say
Arnold Clark: Anatomy of a cyber attack
Australia: Data breach exposes university security failures as remote learning soars
Australian Signals Directorate warns of device code phishing activity targeting Microsoft 365 users
Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks
Barracuda Networks Report Identifies CypherLoc Scareware Kit
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months
Communicating cyber risk in dollars boards understand
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution
Crypto users warned as phishing emails impersonate Google security alerts and bury malicious links
Customers say Trump Mobile is leaking their personal information
Cyber attack hit Marks and Spencer (M&S) profits by £131.3 million
Cyber attack hurts Marks and Spencer (M&S) but reduced profit beats market expectations
Data breach on New York public health system claims 1.8 Million victims, leaking biometric data to hackers
Delano Schools back in session Thursday following cyber attack
Drupal critical update to fix bug with high exploitation risk
Enterprise Security was Built Around Data Loss While AI Agent Autonomy Enables Action Abuse
Erie Family Health Centres data breach impacted over 570,000 individuals
Exploit released for new PinTheft Arch Linux root escalation flaw
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
Federal Trade Commission (FTC) warns 12 major tech firms of violating Take It Down Act
Generation Life investigating data theft claims following cyber attack
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
GitHub Breached - Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub Breached, Internal Repositories Exposed
GitHub confirms being hacked by TeamPCP, says customer data unaffected
GitHub confirms breach after hackers put stolen source code up for sale
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub Investigates TeamPCP Claimed Breach of 4,000 Repositories
GitHub says hackers stole data from thousands of internal repositories
Grafana breach caused by missed token rotation after TanStack attack
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Hackers bypass SonicWall VPN MFA due to incomplete patching
How AI can trick you into making fake payments - 5 red flags
Huawei Zero-Day Vulnerability Caused Luxembourg Telecom Outage
ID scams surge again: How to spot the most serious crimes
Ireland: Up to 200 staff at disability service provider may have been affected by recruiter data breach
Is GitHub hacked? Latest data breach situation explained
Korean-Chinese Crime Groups Launder 117 Billion Won via Phishing, Fraud
Liberty Mutual hit with lawsuit over Everest ransomware data leak
Lusamerica Foods Data Breach Imacts Individuals: Personal Info Exposed
Major arcade game maker leaks millions of records via WeChat mini app
Marks & Spencer annual profits hit by cyber attack
Marks & Spencer expects return to profit growth after cyber attack hits full-year results
Marks & Spencer (M&S) profit slumps in fallout from cyber attack
Marks & Spencer (M&S) profits hit by fallout from cyber-attack as Ocado masks underlying slowdown
Marks & Spencer (M&S) profits slide after cyber attack, but retailer hails ‘progress’
Marks & Spencer (M&S) profits slide as cyber attack takes its toll
Marks & Spencer (M&S) profits slump 25% after cyber attack hits sales
Marks & Spencer (M&S) recovering after profits hit by cyber attack
Marks & Spencer (M&S) suffers £131m profits slump after cyber attack shut online sales and emptied shelves
Massive supply chain attacks prompt NPM to force platform-wide token reset
Microsoft Cracks Down on Signing Service Used for Ransomware
Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Operation Linked to Qilin, Akira, More
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft ditches SMS codes for sign-in, says there’s a more secure way to reach your accounts
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft takes down Malware-Signing-as-a-Service (MSaaS) used by ransomware gangs
Millions hit in “scareware” attack that blasts out warning noises and frightens users into calling fake helpdesks
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mobile phishing is a bigger threat than email now - how to stay protected
Moldova: No signs of patient data breach following cyberattack on the National Health Insurance Company (CNAM)
Nearly 210,000 patients impacted in Expert MRI security breach
Phishing Attack Alert: New Email Scam Targeting UK Users
Ransomware criminals paying $9k to make malware harder to detect on Windows
Ransomware is no longer a malware event, it is a boardroom crisis
Recovery Expectations Clash With Reality as Australia and New Zealand (ANZ) Firms Reassess Ransomware Strategy
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Singing River Data Breach Exposes PHI and PII
Smart glasses pose “widespread surveillance” threat, French Data Protection Authority (DPA) warns
SP Group warns Singapore residents of phishing emails claiming double charges or unpaid bills
Steam’s lazy vetting allowed free game to drain users’ data, researcher claims
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Texas, Florida top list of states reporting millions of dollars lost through crypto ATMs
'The detection surface is significantly reduced': Sophos report warns new "WantToCry" ransomware could pose a major risk to your business, here's what we know
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
UK Regulator OFCOM Cracks Down on Viral Deepfake Nude Content
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
Ukraine says Russia is deploying AI-powered malware on the battlefield
United Arab Emirates: Dubai Police Issues Urgent Warning on Fake Travel Offers Flooding Social Media
US Telecom Giants Launch Private Information Sharing and Analysis Center (ISAC) to Counter AI-Powered Cyberattacks
Verizon Data Breach Investigations Report (DBIR): AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon Data Breach Investigations Report (DBIR): Vulnerability exploitation is the dominant initial access vector
Verizon Data Breach Investigations Report (DBIR): Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon Report: AI Accelerates Software Vulnerability Exploits, Overtaking the Stolen Credentials Method as the Leading Attack Vector
Villa Maria College Data Breach Compromises Student and Employee Information
Visa reports rise in ransomware attacks, warns of AI-driven scams
Vulnerabilities are the number one cause of data breaches for the first time
WantToCry ransomware evades detection through SMB abuse, remote encryption
Waterloo Region District School Board (WRDSB) says phishing emails sent to students and staff
Webworm APT targets European government organizations with new backdoors
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and Microsoft Graph API
Why next‑gen cybersecurity is a must for small businesses
Zara Data Breach Exposes 197,400 Customers via Retired Provider Tokens
19th May
7-Eleven confirms April cyberattack after ShinyHunters leak claims
7-Eleven confirms data breach claimed by the ShinyHunters gang
7-Eleven confirms data breach linked to franchisee records
7-Eleven Confirms Hack After Appearing on ShinyHunters Leak List
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
AdvancedHEALTH Ransomware Claim Includes 2.3 Million Patient Data Lines
Agentic AI Accelerates Software Builds and Mobile App Attacks
AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI Will Exploit What Businesses Refuse to Fix
Americans lost over $388 million to scams using crypto ATMs in 2025
Are Suspected Iranian Intrusions Into Gas Station Automated Tank Gauges (ATGs) a Precursor to Larger Attacks?
Attackers Abuse Kuse.ai to Host Phishing Pages
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Attackers turn ancient Windows utility MSHTA into Swiss Army knife of hacking
Australian College of Business Intelligence investigating Qilin ransomware claims
Australian Microsoft users warned of code phishing threat
Austria: Police recorded 500 cyber attack attempts on Eurovision
Austria Blocks Eurovision Cyberattack During Contest Week
Belgrade schools hit by malware, data breach under investigation
CISA Admin Exposes AWS GovCloud Credentials on GitHub
CISA Contractor Exposed AWS GovCloud Keys in Public GitHub Repository
CISA Credentials, Sensitive Data Exposed in GitHub Repository
CJ Group Employee Data Breach Highlights Corporate Security Vulnerabilities
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack
Critical PostgreSQL Flaws Enable Code Execution and SQL Injection
Crook leaks 468k+ records, claims they pwned Portugal’s postal carrier
Cyber insurers are becoming the industry’s ‘swat team’ as ransomware threats escalate
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Deutsche Telekom data breach fears grow after customer data hits cybercrime forum
DirtyDecrypt Proof-of-Concept (PoC) Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Dutch minister questions whether hackers deleted stolen patient data as ChipSoft claims
Echo Protocol Exploit Sees Hacker Mint Unauthorised eBTC Worth $76.7 Million
Echo Protocol Loses $77 Million as Admin Key Breach Hands Hacker Control of eBTC
Endue Software Agrees to $870,000 Data Breach Settlement
Fake Google Software Update Used by macOS Malware For Persistence
French Vacation Giant Belambra Hit by Data Leak Claim Exposing 402,000 Customers, Many of Them Kids
Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems
Global Banks Scramble After AI Tool Exposes Cyber Weaknesses
Grafana Labs Confirms Hackers Stole Source Code
Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products
Hackers Bypass Security Tools to Target Users Directly
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
Hank's Furniture Data Breach: Social Security Numbers and Financial Account Information Exposed
Hundreds arrested in first large cybercrime operation in Middle East and North Africa (MENA) region
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
INC Ransom claims cyber attack on Australian engineering service company
INTERPOL Busts Massive Cybercrime Network Across Middle East and North Africa (MENA), 201 Arrested
INTERPOL’s Operation Ramz: Disruption of Transnational Cybercrime Networks, Over 200 Individuals Arrested
Interpol's 'Operation Ramz' has arrested over 200 people for phishing scams, malware threats, and security breaches
Iran-linked hackers target “low-hanging fruit” at US gas stations
Ireland: Revenue staff are warned about passwords after 137 employees caught up in data breach
Jaguar Land Rover (JLR) Profit Drops 99 Percent After Cyber-Attack
Jaguar Land Rover’s £1.9 billion Cyber Attack: Is The Sector Still Underestimating the Risk?
Kimsuky APT Targets Crypto Users and Defense Officials With LNK Lures
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
Massive npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised
Max-severity flaw in ChromaDB for AI apps allows server hijacking
Medi-Rents Data Breach Exposes Health Information
Microsoft Busts "Fox Tempest" - A Dark Web Service That Sold Fake Code Signatures to Ransomware Gangs
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365
Microsoft disrupts cybercrime service that abused software verification systems en masse
Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs
Microsoft disrupts malware code-signing service used by ransomware gangs
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Microsoft disrupts service selling fake certificates to ransomware gangs
Microsoft promises to keep saved passwords out of Edge browser until needed
Microsoft reveals record surge in QR code phishing, highlights evolving threats to Irish organisations
Microsoft Self-Service Password Reset abused in Azure data theft attacks
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Millions of users caught in “anonymous” video chat leak
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
New Gentlemen Ransomware Attacks Multiple Platforms Including ESXi and NAS
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
New Shai-Hulud malware wave compromises 600 npm packages
North Korea-Linked Hackers Deploy AI Deepfake Spear-Phishing Campaign Targeting Korean Officials
Northern Ireland: £40 million of public money now paid out in PSNI data breach - but hundreds of claims still to come
Northern Ireland: Almost £40 million paid out in PSNI data breach compensation
Northern Ireland: More than £40 million paid to officers and staff over PSNI data breach
Northern Ireland: PSNI data breach compensation of almost £40 million paid to officers and staff in past few days
NYC Health + Hospitals data breach exposes records of 1.8 million people
NYC Health + Hospitals Data Breach Exposes Sensitive Biometrics of 1.8 Million Individuals
NYC Health + Hospitals says mega data breach allowed hackers to steal personal data, medical records, and fingerprints scans of around 1.8 million people
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
Operation Ramz Seizes 53 Servers Linked to Cyber Scams and Malware Threats
Over 2.5 million people impacted in Nacogdoches Memorial Hospital breach
Police Service of Northern Ireland (PSNI) data breach: Almost £40 million paid to officers in recent days
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
Public Instagram posts provide raw material for AI phishing campaigns
PureLogs infostealer is stealing credentials worldwide
Ransomware Attacks makes Latin America top in the list
Ransomware Drives 61% of Manufacturing Malware Breaches
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Should Customers Worry About the 7-Eleven Data Breach?
SHub Infostealer Variant Reaper Compromises macOS Systems, Steals iCloud Data
Small Businesses Struggle With Cybersecurity Costs: How SSL, Automation, and Email Trust Can Reduce Risk
Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions
Surge in QR code phishing highlights evolving threats to Irish organisations
Tampa Bay Dental Data Breach Impacts 6,400: Social Security Numbers Exposed
The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Attacks
The Glasswing Warning: What Companies Outside the Inner Circle Must Do Now
Thousands of Cambridge Water customers see data leaked onto dark web
To pay, or not to pay...That is the existential ransomware question
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged
UAC-0184 Hackers Abuse bitsadmin and HTA Files In Malware Campaign
UK regulator to require tech firms to tackle deepfakes, non-consensual intimate images
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
Vacation Myrtle Beach Data Breach Hits 10,750 - 11 Months After Hack
Voice Phishing Managers Arrested After 'High-Income Job' Offer
WantToCry ransomware remotely encrypts files
WIS International Data Breach Exposes SSNs
18th May
5 ways to fortify your network against the new speed of AI attacks
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
7-Eleven Data Breach Exposes Personal Information of Individuals
201 arrests in first-of-its-kind cybercrime operation in Middle East and North Africa (MENA) region
201 arrested in INTERPOL disruption of phishing and fraud networks
123,000 Impacted by American Lending Center’s Year-Old Breach
AI is drowning software maintainers in junk security reports
AI shrinks vulnerability exploitation window to hours
AI-powered email attacks surge worldwide, billions of emails analyzed
Aintree hospital staff illegally accessed Southport knife attack victims' care details
Amazon recall text scam comes with red flags
Anthropic to brief on Mythos AI after warning it could "crack the whole cyber-risk world open"
Attackers accessed, downloaded code from Grafana Labs’ GitHub
Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
Bank of England, Financial Conduct Authority (FCA) and Treasury Raise Alarm Over Frontier AI
Chanhassen Dinner Theatres Cancels Performances Following Cyber Attack
Cloud attacks are getting faster and deadlier - 4 ways to secure your business
Consumers face increasing online scams, as AI fuels sophisticated attacks
Critical n8n Flaw Expose Automation Nodes to Full RCE
Critical FunnelKit Bug Leaves WooCommerce Stores Open To Attacks
Crypto Users Warn of Official-Looking Phishing Emails: Exchange and DeFi Users Targeted
Cyber Insurers Now Want Evidence That Companies are Fixing Security Risks
Cybersecurity Breaches Survey: Why Phishing Now Beats Ransomware – And What To Do
Data breach exposes medical, financial, biometric data of 1.8 million
Developer Workstations Are Now Part of the Software Supply Chain
Device Code Phishing Targets Microsoft 365 Users
Experts warn of privacy risks as AI firms looks to connect to financial accounts
Exploit available for new DirtyDecrypt Linux root escalation flaw
Fidelity Investments is settling a 2024 data breach class action for $2.5 million
FIFA World Cup scams target fans and businesses
First Shai-Hulud Worm Clones Emerge in NPM Supply Chain
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Foxconn Suffers Ransomware Attack With Important Project Files From Apple Stolen
Gamaredon Deploys GammaDrop and GammaLoad In Phishing Campaigns
Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards
Gîtes de France among three booking websites to be hit by cyberattack
Glendora Surgery Center Data Breach Exposes Medical Information of Patients
Global Supply Chains at Risk of Cyber Breaches and Phishing
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana Labs Announces GitHub Breach Following Coinbase Cartel Claims
Grafana Labs Breach Exposes GitHub Repositories and Codebase
Grafana Labs says hacker gained access to codebase through leaked token
Grafana pushes back on blackmail after breach: Will monitoring dashboards now be used against defenders?
Grafana refuses to pay ransom after codebase theft
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana says stolen GitHub token let hackers steal codebase
Gremlin Stealer Abuses .NET Resource Files To Conceal Malware Payloads
Hacker Steals Over $11 Million From Verus-Ethereum Bridge
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
Hackers exploit calendar invites to hijack accounts using CalPhishing
Hackers Exploit Critical NGINX RCE Vulnerability in the Wild
HDFC Asset Management Company discloses cybersecurity incident after anonymous threat claim
HDFC Asset Management Company IT infrastructure Under Cyber Attack: Investigation Underway
Inside the Foxconn Cyber Attack: Ransomware & Stolen Data
Interpol Launches Sweeping Cybercrime Crackdown in Middle East and North Africa (MENA) Region
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
JDownloader Website Hacked To Deliver Weaponized Linux and Windows Installers
Kenya: Safaricom Ordered to Pay KES 9.9 Million Over Customer Data Breach in Landmark Privacy Ruling
Latin America Leads Globally in Ransomware Attacks
Leaked Shai-Hulud malware fuels new npm infostealer campaign
Ledger and Trezor Mail Phishing Hits Your Mailbox - What to Do
Lumexa Imaging Data Breach Exposes Patient Personal and Health Info
Lumio Dental Data Breach Exposes Sensitive Personal and Health Information
Marimo Security Flaw Enables remote code execution Attacks
Middle East and North Africa (MENA) Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested
Millions Impacted Across Several US Healthcare Data Breaches
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
More than 200 arrested in cyber raids aimed at Middle East scam networks
More than $9,000 misappropriated from Visit Baton Rouge; audit attributes to theft, phishing
National Cyber Security Centre (NCSC) Calls for Tight Security and Human Oversight as Agentic AI Use Expands
National Cyber Security Centre (NCSC) Publishes Guidance on Securing Agentic AI Use
New Phishing Scam Uses Google Email System to Target Crypto Users
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
Nitrogen Ransomware on a Manufacturer Attack Spree
NYC Health + Hospitals Data Breach Affects 1.8 Million People
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
OpenAI responds to TanStack supply chain cyber attack
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
Pakistan: ‘Dil Ka Rishta’ App Hit by Serious API Data Breach
Paper Werewolf APT Disguises EchoGather RAT As Adobe Reader Installer
PawsRunner Loader Uses Steganography To Deploy PureLogs Infostealer
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
Pro-Iran Hacker Group Claims DDoS Attack on Spotify
Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq
Q1 2026 Android Threat Landscape: Banking Trojans, Triada.ag Backdoor Surge
Qilin ransomware group claims responsibility for Generation Life hack
Race to tear down open source: copycats reusing TeamPCP’s code in NPM attacks
Ransomware attack on Extant Aerospace exposed sensitive personal data
Ransomware Attacks on West Pharmaceutical and Foxconn Highlight Growing Cyber Risks to Manufacturing Sector
Ransomware group ‘The Gentlemen’ suffers internal breach, exposing operations
Reframing MFA Bypass: Four Identity Gaps Attackers Exploit
Revenue staff warned not to use work passwords for personal reasons after data breach
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Shadow AI Is Growing in Silence While Enterprise Security Falls Behind
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
SHub macOS infostealer variant spoofs Apple security updates
The AI backdoor your security stack is not built to see
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The impossible choice Canvas faced shows why ransomware payment bans won't work
The Netherlands: Privacy regulators outline 3 urgent steps companies must take as data breaches hit 44K
Tycoon2FA phishing kit evolves with device-code attacks on Microsoft 365
Tycoon 2FA Returns With OAuth-Based Phishing to Bypass Microsoft 365 Security
Vacation Myrtle Beach Data Breach Exposes PHI and PII of 10k
Verber Dental Group Data Breach May Have Exposed Patient Information
Vindictive researcher gains complete Windows control using 6-year-old Google bug report
Was Adobe Suite breached? This is what we know
What the Foxconn Cyber Attack Reveals About Tech Supply Risk
When ransomware hits, confidence doesn’t restore endpoints
Your Peace Sign Selfie Is a Hacker’s New Favorite Photo
Zara confirms 200,000 customers’ data exposed in alleged ransomware attack