Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.

Monday, 25 May 2026

Data Breaches Digest - Week 22 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th May and 31st May 2026.


25th May

7-Eleven Data Breach Exposes Over 185,000 Accounts in ShinyHunters Extortion Campaign

AI-driven exploitation beats phishing as most popular initial access strategy

Australia: Foreign state actor hacked parliamentarian's WhatsApp account

Australia: Victorian regional newspaper allegedly hacked by ransomware group

Billion-Dollar Bank To Hand Out up to $25,000 per Customer in Settlement Over Data Breach That Impacted 2,187,170 Americans

Breaking The Silo: What the Economic Crime and Corporate Transparency Act (ECCTA) Information-Sharing Gateway Means for Security Leaders

Canadian man arrested over massive KimWolf DDoS botnet that infected millions of devices worldwide

DocketWise Data Breach Impacts 143,000

Fake Streams, Counterfeit Merchandise and Other Scams: How Fraudsters Target Formula 1 (F1) Fans

FBI Flags Kali365 as New Phishing Threat Targeting Microsoft 365 Users

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns

GitHub bans vindictive security researcher dropping Windows zero-days

GitHub Hacker Claims Security Breach Involved About 4,000 Internal Repositories, Takes Bids on Stolen Data

Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches

India: Cyber Fraudsters Misuse Cockroach Janata Party Name in WhatsApp Phishing Scam, Warn Ludhiana Police

Is OnlyFans Facing A Massive Data Breach? Hackers Claim 340 Million-Record Leak

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report

Lithuania investigates massive data breach, suspects foreign intelligence operation

Most ransomware attacks are opportunistic. Here’s how you can stop attackers

Only 1 in 4 Australian farmers eye cyber insurance as ‘smart’ farms become hacker targets

OnlyFans Data May Be Under Threat As Hacker Sells Records Of 340 Million Users

OnlyFans mega leak reveals 340 Million user records, hackers claim

South Africa: State Information Technology Agency (SITA) refutes suffering cyber attack

South African Revenue Service (SARS) refutes false claims of major data breach

South Korea: CJ Group Identifies Insider in Corporate Personal Data Breach

Station Casinos Confirms Cybersecurity Breach

Taiwan Flags Five Major Cyber Risks After 726 Security Incidents in 2025

The AI Governance Gap Is Bigger Than We Think

The Surprising Tactic Your Company Should Use If It’s the Victim of a Ransomware Attack

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto

Turns out the C-suite loves shadow AI

Wireshark 4.6.6 Resolves Robust Header Compression (ROHC) Parser and Buffer Overflow Vulnerabilities

Posted by at
Labels: