Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th May and 31st May 2026.31st May
2026 World Cup Faces Elevated Cyber Risk Across Multi-Nation Infrastructure
BinDawood Holding Reports Limited Data Breach Affecting Some BINDAWOOD.SA Customer Orders
California Sues 23andMe Over Massive Data Breach Affecting Millions
Carnival Corporation Data Breach Exposes Six Million Customer Records
Carnival Corporation Data Breach Exposes Six Million Travelers Information
Carnival Cruise Data Breach - Louisiana Passengers Affected
Central Board of Secondary Education (CBSE) Answer Sheet Leak Row: Students Allege AWS Data Breach, Poor Scanning and Evaluation Errors
Estonian police could soon gain powers to demand your photos and videos
Ethical Hacker Who Exposed CBSE OSM System, Claims Early Warnings Were Ignored
France Hit by a Data-Breach Blitz: 90 Million Accounts Exposed in a Single Month
India: After Hacker Flag, Central Board of Secondary Education (CBSE) Admits Security Lapse In Digital Exam Records
India: Central Board of Secondary Education (CBSE) says 'monitoring portal' after hacker flags OSM flaws
India: Central Board of Secondary Education (CBSE) says OnMark vulnerabilities contained after teen hacker flags access to answer sheets, question papers
India: Central Board of Secondary Education (CBSE) U-turns, admits security gaps after online marking portal hacked twice
India: Congress Highlights Massive Data Breach Involving CBSE Exam Papers
'Insanely insecure': Ethical hacker alleges CBSE answer sheets, question papers were publicly accessible
iPhone Users Targeted in Phishing Scam Using Lost Devices, MHA Issues Warning
Kenya: 29.5 Million Safaricom Customers’ Data Breach Lands Odibets Boss Andrew Aligula In Police Custody, Firm Now Operating On A Thin Line Of Court Order
Massive Data Breach Exposes 1.5 Million Higher Education Commission (HEC) Records in Pakistan
Massive data leak dumps 6.2GB of customer invoices tied to France’s Groupe IMA, raising fraud fears
'Teen hacker was right’: CBSE admits security flaws in evaluation portal after days of denial
30th May
7-Eleven Data Breach: Did You Apply for a Franchise? Your SSN May Have Been Stolen
California attorney general sues 23andMe for data breach
California Sues 23andMe Successor Over Massive 2023 Data Breach
Carnival Corporation Offers Two Years of Free Credit Monitoring After Data Breach Affects Nearly 6 Million Customers
Cruise Carnival Corporation Data Breach Exposes Nearly 6 Million Travelers Data Compromised in Massive Cruise Line Hack
Cruise Carnival Guests Receiving Data Breach Notifications: 6 Million Affected in 2026
‘Exercise the utmost caution’: Zara warns customers after possible data breach
Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users
FBI Issues Urgent Warning Over Kali365 Phishing Tool Targeting Outlook, Teams and Microsoft 365 Users
Hackers abuse ChatGPT's content-sharing feature to spread malware
India: Central Board of Secondary Education (CBSE) Portal Faces Cyber Attack Affecting 50 Students
India: Central Board of Secondary Education (CBSE) Revaluation Portal Hit by Cyber Attack, 50 Students Gained Unauthorised Access
Kenya: OdiBets Faces Investigation After 29.5 Million Safaricom Customers’ Data Breach, Risks Losing License
Luxembourg: Fraudsters posing as hotel staff target guests' credit card details
New CIFSwitch Linux flaw gives root on multiple distributions
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Pennsylvania Bank Issues Urgent Alert After AI Application Triggers Data Breach, Exposing Sensitive Customer Info
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers
Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
What Is A Data Breach? California sues Chrome Holding Co. over 23andMe hack
29th May
6 million Carnival Cruise customers’ data impacted amid hacker group’s slew of breaches
23andMe accused of failing to protect user data in new lawsuit
71% of organizations suffered at least 1 data breach in past year
A Russian hacker tricked a 17,000-strong MAGA Telegram channel with a jailbroken AI for over 5 years, leading to fraud, credential theft, and an empty crypto wallet
Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
AI agent steals database, makes real-time hacking decisions in less than an hour
AI-Generated npm Malware Leaks Its Own GitHub Token
Attackers Target Signal Secure Backups via Phishing Campaign
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
California Attorney General Files Lawsuit Over 23andMe Data Breach
California Attorney General sues 23andMe over 2023 breach exposing health data
California is suing 23andMe over its 2023 breach that exposed 7 million users' DNA data
California sues 23andMe over 2023 data breach that affected 7 million users
California sues 23andMe over genetic data breach affecting 6.9 million users
California Sues 23andMe Successor Over Genetic Data Breach That Targeted Ethnic Groups
California Sues Former 23andMe Over 2023 Ancestry And Genetic Data Breach
Carnival Corporation data breach hits Holland America’s Mariner Society
Carnival Corporation says data breach may have exposed personal info
Carnival Cruise Faces Cybersecurity Concerns as Data Breach Notifications Raise New Questions About Digital Safety in Tourism
Carnival Cruise Just Had a Massive Data Breach
Carnival cruise operator confirms nearly 6 million people affected in data breach
Carnival Data Breach Exposes Data of Nearly 6 Million Customers
Carnival Data Breach Impacts Nearly 6 Million Customers
Carnival Navigates the Crosscurrents of a Data Breach and Falling Fuel Costs
Charter Communications data breach affects 4.9 million accounts
Charter confirms Spectrum data breach: 13 million customers exposed
Charter Data Breach: Approximately 4.9 Million Emails Added to Have I Been Pwned (HIBP) Following ShinyHunters Claim
Charter Data Breach Exposes 4.9 Million Accounts After Hack
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
ChatGPT blindly trusts browser content, turning the page into a payload
ChatGPT share links abused to host fake outage pages to deliver malware
Chinese Hacker Gets Four Years for Hijacking 157 Government, Enterprise Websites
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
Chinese Phishing Service Scams Thousands of FIFA World Cup Fans
Concern as figures show fewer charities prioritise cybersecurity
Countering the 22-second ransomware hand-off: Why the first alert now determines the entire incident
Cruise Carnival Guests Receiving Data Breach Notifications for 6 Million
Cruise Operator Carnival Discloses Personal Data Breach
Data breach at Oregon Department of Corrections impacted staff, inmates and visitors
Dutch government disrupts malware botnet with 17 million infected devices
Dutch police dismantle massive botnet controlling 17 million infected devices
Dutch police disrupts botnet composed of 17 million devices
European cyber experts have discovered a new Russian hacker group, GREYVIBE, which is attacking Ukraine using AI
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware
Fake Party Invitation Phishing Scam Spoofs Google and Microsoft OAuth Logins
FBI confirms 25 ransomware groups using First VPN’s now seized services - here’s what we know
FBI warns about new Kali365 Phishing platform targeting Microsoft Accounts
FBI Warns Of New Phishing Threat Targeting Your Personal Data
FBI warns World Cup fans over fake FIFA ticket scams
FIFA domain registrations surge ahead of 2026 World Cup, signaling fraud risks
From the Hammer to the Scalpel: The Evolution of Account Takeover
Gentlemen ransomware spreads automatically within networks
Google Chrome adds session cookie theft protection for all users
Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware
How a Cline Vulnerability Exposed a Growing AI Agent Security Gap
How Ransomware Gangs Operate in 2026: From Phishing to Physical Intrusions in Law Firms and Hospitals
How St. Paul, Minnesota, Recovered From a Ransomware Attack
Industrial Acceptance Data Breach Affects 79,216 Individuals
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
LinkedIn-themed phishing abuses Adobe’s A/B testing platform
Lithuania confirms intelligence officers among victims of major registry data breach
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Man sent to prison for selling data of 7 millions elderly Americans
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
Microsoft Dispute with Security Researcher Escalates as Sides Trade Threats
Microsoft under fire for threatening security researcher with criminal investigation
New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phishing Payloads
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
New Phishing Tool Lets Hackers Access Microsoft Accounts, FBI Says
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
Notepad++ Patches High-Severity RCE Flaws in Version 8.9.6.1
Notepad++ requires urgent update: hackers swapping configs to run malware
Nursa Data Breach Affects 13,168 in Washington
OpenAI credential-stealing malware found hidden inside popular Codex tool
Pay Tel Data Leak: Microsoft Azure Server Misconfiguration Exposes 300,000 Government-Issued IDs
Phishing campaign imitates Adobe Document Cloud and installs malware
Phishing email led to a breach of US food giant Rich Products
Pick n Pay data breach: What customers need to know
Plaza Home Mortgage Confirms Data Breach, Urges Action from Victims
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
Ransomware Activity Stays High as New Threat Groups Emerge
Ransomware Trends: Bypassing Security With Rapid Attacks
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
Report Surfaces Sharp Spike in Malicious Logins from Low-Risk Sources
Renting a smart apartment? Your landlord may have access to your cameras and locks
Rochester Philharmonic Data Breach Exposes Personal and Health Information
Scam broker sells data on 7 Million elderly Americans, gets 10 years in prison
Scots affected by Capita cyber attack given route to compensation
ShinyHunters allegedly behind Carnival Cruise Line cyber attack
Signal users targeted in backup-stealing phishing attacks
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Six million cruise customers thought to be impacted by new data breach
Spectrum Owner Charter Says Data Breach Exposed 4.9 Million Accounts
Station Casinos Discloses Data Breach Exposing Names, Social Security Numbers, and Financial Data
The Beginning of the End of Human Penetration Testing
The behavioral signals that sharpen Trojan malware detection
The Gentlemen are coming for your files, and then your network
University of Dallas Data Breach Exposes Social Security Numbers and Health Records
US policymakers mad about phones betraying troops' location to foreign adversaries
‘We are truly sorry’ - Pick n Pay on customers’ data breach
Websites can spy on user activity by analyzing SSD behavior
WP Maps Pro Vulnerability Exposed 15,000 WordPress Sites to Site Takeover
Your AI assistant is breaking the law up to 90% of the time
Your OnlyFans may not be private - and neither are your passwords
28th May
6 Million Impacted by Carnival Cruise Data Breach
23andMe Sued by California Over Massive 2023 Data Breach
A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
AI Agent Conducted a Cyberattack on Its Own - It Took Less Than One Hour
AI threatens financial stability as Mythos-style models accelerate cyberattacks
AI-driven cybercrime industrializes as ransomware damage soars 389%
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
Anthropic confirms Claude Mythos-class models will roll out to the public
As Summer Closes In, the Travel Sector Is Unprepared
Attackers Move Past Typosquatting to Realistic Package Impersonation
Beware of Fake RSVP Links: Hackers Use Wedding and Graduation Invites to Steal Personal Data
BTMOB Android malware service generates custom phishing payloads
Bulk of Identities Are Unseen and Unmanaged in the Enterprise
California Attorney General Bonta Sues Chrome Holding Co., Formerly Known as 23andMe, Over 2023 Data Breach
California Attorney General sues 23andMe successor for 2023 data breach
California sues 23andMe over 2023 data breach
California sues 23andMe, alleging it failed to protect user data in 2023 breach
California sues former 23andMe over 2023 ancestry and genetic data breach
California sues 23andMe over alleged DNA data breach
Carnival begins notifying 6 million people of a data breach
Carnival confirms data breach impacting nearly 6 million
Carnival Corporation contacts clients after data breach
Carnival Corporation Discloses Details of Data Breach
Carnival Cruise confirms data breach affecting nearly 6 million people
Carnival Cruise Data Breach Exposes Millions of Customers’ Personal Information
Carnival Cruise Guests Are Now Receiving Data Breach Notifications
Carnival Cruise Line Notifies Victims Over Data Breach That Leaked Passport Numbers
Carnival Cruise Line Sets the Record Straight on Latest Data Breach
Carnival Data Breach: Here’s Exactly How Scammers Got Your Personal Information
Carnival Data Breach Exposed 6 Million People
Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers
Carnival Data Breach Impacts 5.9 Million Individuals
Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans
Close to 200,000 Frost Bank customers affected by Sefas security breach
Companies built AI into core systems before figuring out how to govern it
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
CrowdStrike, Google smash Glassworm developer botnet
Cruise giant Carnival confirms data breach affecting nearly 6 million people
Cruise Operator Carnival Corp Data Breach Occurred Due to Social Engineering
Cruise Operator Carnival Discloses Personal Data Breach
Cybercriminals sail away with data from 6 million Carnival customers
Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
Dutch police arrest suspect for breaking into Ajax’s computer systems
Edwards, Faust & Smith (EFS) Data Breach: Social Security Numbers and Financial Account Information
Everest Ito Group Data Breach: Social Security Numbers Compromised
Fake Data Breach Emails on the Rise, Cybersecurity Experts Warn
FBI Flags Dangerous Microsoft 365 And Outlook Phishing Scam
FBI Issues Urgent Warning For Microsoft 365 Users: Kali365 Phishing Kit Bypasses MFA
FBI reveals top 4 internet crime trends from 2025 as losses hit $20.9 billion
FBI sounds alarm on phishing tool that steals Microsoft 365 accounts without passwords
FBI Warns Companies About Ransom Gang’s Fake IT Support Tactics
FBI Warns Hackers Can Bypass Microsoft Outlook, Teams and 365 Without Your Password - Here's What You Should Do
FBI Warns Kali365 Phishing Kit Can Bypass Microsoft 365 MFA
FBI warns of fake FIFA websites running World Cup fraud schemes
FBI warns of major phishing scam, with hackers ‘hijacking' Microsoft Outlook, 365 users
FBI warns of new phishing scam targeting Microsoft 365 users
FBI warns of Ransomware groups sending individuals to steal Data physically
FBI warns OneDrive, Teams users about phishing scam. What it looks like
FBI warns scammers can access Outlook, Teams without passwords
Federal Officials Warn United States Firms of Phishing Invitation Scams
Federal Trade Commission (FTC) Warns of Phishing Scam Disguised as Party Invitations
FortiClient EMS Exploited via CVE-2026-35616 for EKZ Infostealer Deployment
Frontier AI models collapse under multi-turn AI attacks, Cisco finds
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
Hacker Steals $700,000 from Polymarket via Compromised Private Key
Hacker Who Sold Access to Oregon Emergency Network Gets Prison
Hackers are trying to steal Signal users’ backups in new wave of phishing attacks
Hackers Deploy VIP Keylogger Through Phishing Emails Masquerading as Business Documents
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers tricked a Carnival employee and leaked customer names, addresses, and government IDs
House Republicans press FBI Director Patel to intensify fight against hospital ransomware
How AI is Changing Ransomware - and Why It’s Faster, Smarter, and Harder to Detect
Iconic 138-year-old South African sports club allegedly struck in 674,000-record cyber attack
India: Kanpur Municipal Corporation Website Hit by Cyber Attack
Inside the Charter Communications data breach: hackers leak 13 Million+ customer data
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
Juventus FC: Data Breach Communication
Kemper Corporation Exposes Approximately 270,000 Accounts Following ShinyHunters Breach Claim
Korea to Freeze Accounts Tied to Romance Scams, New Phishing from Next Month
Lakeview Health Systems Settles Class Action Data Breach Lawsuit
LoneStar Truck Group Data Breach Exposes Sensitive Personal Information
Louisiana Cat Data Breach: PHI and PII Exposed
Major data leak hits nearly 20% of Lithuania's population
Microsoft accused of leaking data of Dutch civil servants working on tech laws to US government
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
Microsoft email and Teams users are being warned of phishing trick that doesn’t need your password
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Mt. Baker Imaging seeks settlement in ransomware attack lawsuits
Multiple German hospitals impacted in billing provider data breach
Nearly 10K Mainers entitled to credit monitoring after Carnival Cruise data breach
NetLine Data Breach Exposes Social Security Numbers
New Gogs zero-day flaw lets hackers get remote code execution
New phishing scam targets Microsoft Outlook and Teams users
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns
One Email Could Give Hackers Access to Your Microsoft Account: FBI Warns They Don't Even Need Your Password
Passports and selfies of 100,000 UK visa applicants leaked, issue remains unaddressed
Perma-Chink Systems Data Breach Exposes Social Security Numbers
Phishing most prevalent cyber attack, confirms UK survey
Police arrest suspect in Ajax football club hack that exposed 300,000 fan records
Ransomware attacks are now targeting businesses nobody expected
Ransomware dominates 58% of Singapore’s cyber incidents
Ransomware group adds New Zealand health company to its leak site
Researchers question alleged IBM breach spreading across underground forums
Romanian gets 5 years in prison for hacking Oregon government network
Russian hacker network exposed in the Netherlands. 800 servers were seized
Shadow AI Continues to Expose Company IP
ShinyHunters Alleges 42 Million Records Stolen from Charter Communications
South Africa: Pick n Pay confirms data breach affecting delivery service users
South Africa: Telkom says no evidence that its systems were compromised after hacker claimed to have customer records for sale
South Korea: Government to freeze accounts tied to scam crimes beyond voice phishing
SpeedX data leak exposes more than 840 million customer and driver records
The FBI Just Issued an Urgent Warning for Anyone Using Microsoft Teams, Outlook, or OneDrive Over a New Phishing Scheme
The FBI warns Microsoft 365 services are being bombarded with new phishing emails - here are 3 steps you can take to stay safe
The Gentlemen is Making Its Mark in the Ransomware World
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
The Real Microsoft Site Phishing Scam Bypassing Your Security
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
US says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’
Users report phishing emails coming from Microsoft’s system, and the company is digging in
VaultJacking Attack Exposes Google Password Vaults via Single PIN
Watch Out for Fake FIFA Websites Appearing Ahead of the 2026 World Cup, FBI and Internet Crime Complaint Center (IC3) Warn
Zapier exploit chain shows how known anti-patterns compose into critical risk
27th May
7-Eleven Breach: Hackers Claim 600,000 Records Stolen
7-Eleven data breach exposes 185,000 people, including names, addresses and SSNs
68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise
300+ Fake Domains Used in GHOST STADIUM Campaign Targeting World Cup Fans
A Krispy Kreme data breach may qualify thousands of Americans for payouts over $3,000
AI Accelerating Data Breach Attacks from Months to Hours
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
AI Is Making Software Autonomous, and Governance Must Follow
AI-powered phishing a growing threat
Ameriprise Financial Data Breach: ShinyHunters Leaks 200GB, Over 502,000 Accounts Added to Have I Been Pwned (HIBP)
Apple and Google warn Canada bill could force secret backdoors into encrypted devices
Attackers disguising phishing as Google AppSheet notifications
BadHost Exploit Exposes Sensitive AI Agent Server Endpoints
Caesars Entertainment Data Breach Impacts 44k: Social Security Numbers Compromised
CERT-In Urges Firms to Patch Critical Vulnerabilities Within 12 Hours Amid AI Threat Surge
Charter Communications confirms data breach - ShinyHunters blamed after threat to leak user info online
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
CISA Warns of Exploited LiteSpeed cPanel Plugin Flaw
CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
CrowdStrike, Google Take Down Glassworm Botnet
Cruise operator Carnival discloses personal data breach
Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says
Data of 340 million OnlyFans users put up for sale on the dark web
Delivery mega leak: 840 Million+ files exposed as US delivery company leaks massive file storage
Dutch police arrest man over cyber breach at Ajax football club
Dutch Police Arrest Suspect in AFC Ajax Football Club Data Breach
Dutch police arrests suspect linked to Ajax football club hack
Easy Dynamics Data Breach Compromises Personal Information of Employees
Ermi Data Breach Compromises Health Records
European AI adoption hits 99% with regulated data driving most policy violations
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
Fake LinkedIn Collaboration Emails Abuse Adobe Target to Track Victims in Phishing Campaign
FBI Issues Scam Warning for Users of Microsoft Outlook, Teams
FBI issues serious warning for Outlook, Teams, OneDrive users
FBI Issues Warning To Microsoft 365 Users
FBI links First VPN Service to ransomware gangs, botnets, criminal dark web activity; calls for layered defensive controls
FBI Warning: IT Personnel Impersonated by Cybercriminals
FBI warns extortion hackers are visiting US law firms to steal data
FBI warns law firms of cyber gang impersonating IT staff to steal sensitive data
FBI warns law firms of in-person data theft by Silent Ransom Group
FBI warns Microsoft users about a new AI scam that can steal accounts without passwords
FBI warns of cybercrime group targeting US law firms
FBI warns of in-person data theft attacks from extortion gang
FBI warns of Kali365 phishing platform hijacking Microsoft 365 accounts
FBI warns of Kali365 phishing-as-a-service targeting Microsoft 365 access tokens
FBI warns of phishing scam targeting Microsoft 365 accounts
GHOST STADIUM Phishing Campaign Targets FIFA World Cup Fans With 300+ Fake Domains
Gitea Vulnerability Exposes Private Container Images without Authentication
Glassworm botnet disrupted after resilient C2 infrastructure takedown
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
Google flags KnowledgeDeliver flaw and Chinese phishing surge
GPU mining malware spreads via SEO poisoning, AI chatbots
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Hacker Mints 5.4 Trillion Tokens in StakeDAO Exploit, Nets $91K
Hackers Abuse Trusted Google Domains to Hide Phishing Links From Email Gateways
Hackers adopt double-tap tactics: steal gaming accounts, return with a convincing recovery scam
Hackers are knocking on office doors pretending to be IT staff
Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
Healthcare Data Breaches, Developer Tool Abuse, and Supply Chain Ransomware Risks Rise
‘Hostile states' behind massive data breach, Lithuanian president says
How the Canvas data breach further frayed families’ trust in ed tech
India: Central Board of Secondary Education (CBSE) denies security breach in On Screen Marking (OSM) evaluation system after student hacker’s claims
Interstate Management Data Breach: 22k Individuals Impacted
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms
Iranian intelligence service behind hack of Los Angeles transit system, researchers say
Iranian-Backed Group Behind Attacks on Transit Systems in Los Angeles, South Florida
Kali365 phishing kit bypasses MFA and steals Microsoft logins
Kali365 Phishing-As-A-Service Bypasses MFA To Hijack Microsoft 365 Accounts
Lithuania: Foreign involvement suspected in record data breach
Lithuania: President Gitanas NausÄ—da says indications point to hostile states behind major data breach
Lithuania Data Breach: 600,000 Records Expose Spy Home Addresses to Hostile States
Lithuania Investigates State Registry Breach of 600,000 Records
Lithuanian Prime Minister says government will not resign over major data breach
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Mass database extortion causes significant damage despite low payment rates
Massive Data Breach: Fake UK Visa Portal Leaks Over 100,000 Passports, Selfies Online
Metropolitan Marine Maintenance Contractors' Association (MMMCA) Data Breach Exposes PHI and PII for 25,528 Individuals
Microsoft adds automatic endpoint isolation to Defender platform
More than 185,000 affected in 7-Eleven data breach linked to ShinyHunters
Multiple sophisticated fraud campaigns target FIFA World Cup
National Institute of Standards and Technology (NIST) Releases Special Publication Draft to Focus on Ransomware Response and Recovery in Manufacturing Networks
Netherlands blocks US firm Kyndryl from buying national ID system provider
New BTMOB Malware Enables Remote Control of Android Devices
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacks
New Zealand: ManageMyHealth warned before massive data breach
NHS trust issues public apology over Nottingham attacks medical data breaches
Oncology Institute says third-party vendor breach compromised patient data
OverlayPhantom Android Banking Trojan Targets 180+ Financial Apps Across 10 Countries
PureLogs Variant Steals Data via Purchase Order Lures
Ransomware Actors Show Up In Person to Steal Law Firm Data
Ransomware recovery rarely ends when the ransom is paid
Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion
Romanian hacker sentenced to 56 months for selling access to Oregon government network
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
Romanian national sentenced to more than 4 years for hacking Oregon government systems
Scammers are sending phishing emails from a real Microsoft address
Silent Ransom Group Sends Operatives Into Law Firm Offices: 38 Firms Already Leaked
South African Revenue Service (SARS) Denies Being Hacked by Nullsec Nigeria, Hacker Group
Spain: The ‘hacker’ Alcasec accepts two years and seven months in prison for stealing more than half a million bank details
TeamPCP Hackers Weaponize LiteLLM for Credential Harvesting Attacks
The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations
The Gentlemen emerging as key ransomware player
The Lithuanian Prime Minister said her family was also affected by a major data breach
The LLM Effect: Why Ransomware in 2026 Is Faster, Smarter, and More Targeted
The Next AI Security Failure May Start With a Trusted Assistant
The Oncology Institute Confirms Unauthorized Access to Systems Due to Vendor Breach
The Rise Of “New Brand” Cybercrime Groups And The Business Of Ransomware
Thousands of Fake FIFA Domains Target World Cup Fans
Tycoon 2FA Adversary-in-the-Middle (AiTM) Kit Bypasses MFA on Entra ID and Google Workspace Accounts
Tycoon 2FA Adversary-in-the-Middle (AiTM) Kit Targets Entra ID and Google Workspace In MFA Bypass Campaigns
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
Ukrainian Authorities Help Uncover VPN Admin Who Shielded Hacker Attacks
United Medical Systems Data Breach: Social Security Numbers Exposed
Why Burnout in Cybersecurity Demands Risk-Based Response
Why phishing as a service is a growing threat
Why the Surge in DDoS Attacks Should Worry Security Leaders
Windows Kernel Flaw Lets Attackers Modify Memory Counters
Windows Users Targeted in New Phishing Campaign
26th May
7-Eleven data breach affects over 185,000 people’s personal data
7-Eleven data breach exposes personal information of 185,000 people
185,000 Likely Impacted by 7-Eleven Data Breach
600,000 Lithuanian National Register Entries Leaked
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
Alleged Mercedes-Benz customer data listed for sale on cybercrime marketplace
Anthropic: Claude Mythos identified 10,000+ software flaws
Australia: Practice lost $150,000 after cyber attack locked staff out of Best Practice
Automotive ransomware more than doubled - and AI is partly to blame
Beacon Mutual Begins Notifying Those Affected by Data Breach
Bomco Data Breach Exposes Social Security Numbers and Health Information
BTMOB Android RAT Spreads Through No-Code Builder Tooling
CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
Charter Communications confirms data breach after ShinyHunters extortion threat
Chinese phishing gangs grow into a force to be reckoned with
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass
CISA orders feds to patch actively exploited Drupal vulnerability
Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month
CMD Outsourcing Solutions Data Breach Exposes SSNs
Critical Ghost CMS Vulnerability Exploited to Hack 700+ Websites
Cyber attack costs the Town of Huntsville $59,000
Cyber insurers warn AI is accelerating phishing and business email compromise attacks
Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Dutch consultant and concert pianist arrested for hosting servers for pro-Russian hackers
East Coast Regional Workers Comp Insurer Reports Data Breach
Eight Years In, GDPR Changed Everything
FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts
FBI warns about Phishing-as-a-Service (PhaaS) platform used to access Microsoft 365 environments
FBI warns Microsoft 365 users about a new phishing tool that bypasses two-factor authentication
FBI warns Microsoft users about a sophisticated phishing scam
FBI warns Microsoft 365 users about another phishing as a service attack - here's how to avoid it
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts - no password required
Fraudsters Target Ukrainians with Fake Tax Debt Emails Impersonating the State Tax Service
Ghost hackers: the cybersecurity mystery that nobody has solved
Google blocks AI Powered Cyber Attack on 2FA and Megalodon Malware attack on GitHub
Hacker offers data of 340 million OnlyFans users for sale
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws
Investigation launched into data breach at Telford & Wrekin Council
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated Nimbus Manticore group attacks defense, aerospace, telecom sectors using Minifast malware toolkit
Jailbroken Gemini AI Model Supercharged Russian-Speaker’s Fraud Campaign
KnowledgeDeliver flaw exploited as a zero-day to install web shells
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Krispy Kreme settles 2024 data breach suit for $1.6 million
Law firm Wiley Rein hit with class action over data breach tied to Chinese hackers
Lithuania investigates theft of 600,000 state registry records by foreign actor
Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries
Marketing and merchandise firm Branded Products listed by Qilin ransomware
Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours
Microsoft Dismantles Fox Tempest Cybercrime Platform Linked to Hospital and School Ransomware Attacks
Microsoft Disrupts Fox Tempest Malware-Signing Service Used in Ransomware Attacks
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Mission Community Hospital Pays $1.55M to Settle Data Breach Lawsuit
Motorola’s pre-installed app hijacks Amazon app
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
MyPillow must decide whether to be firm or soft as ransomware criminals demand pay
Mythos may not be an evil AI hacker, but it’s a warning that cybercrime can now go machine speed
New Research Says Every WiFi Router Can Be Turned ‘Into A Potential Means For Surveillance’
NightSpire Ransomware Abuses RDP for Stealthy Persistence
NightSpire Ransomware Uses RDP Access and Remote Admin Tools for Stealthy Persistence
Noll & Tam Architects Data Breach Exposes Social Security Numbers
Nottingham Village Data Breach Impacts 7,919 Individuals: PII Exposed
Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files
Personal information of 185,000 people exposed after cyberattack on 7-Eleven
Phishing Campaigns Exploit RCS and iMessage to Evade SMS Security Filters
Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters
Private radiology practice reports security breach impacting over 250,000 individuals
Q-Day Could Arrive by 2029, Raising Global Encryption Security Fears
Radiology Associates of Richmond reports data breach affecting 266,000 individuals
Ransomware Attack Costs Medical Practice $150,000 in Repairs and Lost Revenue
Ransomware attacks on automotive and smart mobility more than doubled in 2025
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Reported ransomware incidents are just the tip of the iceberg
Rhode Island workers' comp insurer faces class action over data breach
Russian Hacker Allegedly Used Jailbroken Gemini in Global Cyber Fraud Operation
ShinyHunters extorts Charter Communications after data breach
Some developers seeing 7-fold increase in supply chain compromises
South African Revenue Service (SARS) and South African Information Technology Agency (SITA) refutes false claims of a data breach
South African Revenue Service (SARS) denies alleged cyberattack and data breach claims
South Korea cuts voice phishing cases and losses for seven straight months
Station Casinos Data Breach Highlights Ongoing Cybersecurity Risks
Station Casinos Reveals Data Breach Took Place in March 2026
Stolen passwords, phishing emails and data loss – how secure is your Microsoft 365?
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
Texas-based DocketWise reports data breach impacting thousands
Thailand warns of phishing scams targeting ‘Thai Help Thai Plus’ registrations
The Hidden Ransomware Economy Running on Exposed Databases
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Trump Mobile probes data breach of 27,000 T1 pre-order customers
UK Visa Portal spilled thousands of applicants’ passports and selfies online - and hasn’t fixed the leak
Ukraine: Fraudsters send letters about "tax debt" on behalf of the State Tax Service. How to avoid becoming a victim of phishing
Uniswap Phishing Scam Through Google Ads Steals $400K
What happens when security teams inherit identity
When ransomware shutters the ER, cyber resilience can help teams mitigate the damage
Why AI-Native Cybersecurity Matters in the Age of Machine-Speed Threats
25th May
7-Eleven Data Breach Exposes Over 185,000 Accounts in ShinyHunters Extortion Campaign
90 Days to Full NHI Management, Agentic AI Security and Operational Efficiency
266,000 Affected by Data Breach at Radiology Associates of Richmond
A massive data breach involving government registries has been uncovered in Lithuania
AI-driven exploitation beats phishing as most popular initial access strategy
Anthropic’s Mythos Finds 10,000 Security Flaws, Exposes Patching Obstacles
Australia: Foreign state actor hacked parliamentarian's WhatsApp account
Australia: Victorian regional newspaper allegedly hacked by ransomware group
Authorities seize 800 servers used for cyberattacks and disinformation
Billion-Dollar Bank To Hand Out up to $25,000 per Customer in Settlement Over Data Breach That Impacted 2,187,170 Americans
Breaking The Silo: What the Economic Crime and Corporate Transparency Act (ECCTA) Information-Sharing Gateway Means for Security Leaders
British drivers may be exposed after Mercedes data surfaces on hacker market
Canadian man arrested over massive KimWolf DDoS botnet that infected millions of devices worldwide
Carnival class action claims cruise line failed to notify customers of data breach
Cybercrime is 3rd largest economy sparing no country or enterprise
DocketWise Data Breach Impacts 143,000
Europol: Cybercriminal VPN used by ransomware actors dismantled in global crackdown
Fake Streams, Counterfeit Merchandise and Other Scams: How Fraudsters Target Formula 1 (F1) Fans
FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack
FBI director Kash Patel’s merchandise website taken offline after malware attack
FBI Flags Kali365 as New Phishing Threat Targeting Microsoft 365 Users
FBI warning on Kali365 phishing kit exposes limits of weaker authentication
FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
FBI warns of Kali phishing scam hitting Microsoft OAuth tokens - warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures'
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Forget facial recognition, WiFi can accurately tell who you are, researchers say
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
GitHub bans vindictive security researcher dropping Windows zero-days
GitHub Hacker Claims Security Breach Involved About 4,000 Internal Repositories, Takes Bids on Stolen Data
Hacker Lists 340 Million OnlyFans User Records for Sale
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
Halton Hills Chamber of Commerce warns of phishing email seeking unpaid invoices
India: Cyber Fraudsters Misuse Cockroach Janata Party Name in WhatsApp Phishing Scam, Warn Ludhiana Police
Indian Cyber Crime Coordination Centre (I4C) Cautions Apple iPhone Users About Phishing Scam Targeting Lost Devices
Is OnlyFans Facing A Massive Data Breach? Hackers Claim 340 Million-Record Leak
Kali365 phishing service targets Microsoft 365 accounts
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
Lithuania investigates massive data breach, suspects foreign intelligence operation
Most ransomware attacks are opportunistic. Here’s how you can stop attackers
Netherlands Busts Bulletproof Hosting Network Linked to Disinformation and Cybercrime
Network Nightmares: America’s printers carry hidden hacker risks
Oncology Institute Discloses Data Breach
Only 1 in 4 Australian farmers eye cyber insurance as ‘smart’ farms become hacker targets
OnlyFans Data May Be Under Threat As Hacker Sells Records Of 340 Million Users
OnlyFans denies a 340-million-record breach, and so does the hacker selling it
OnlyFans mega leak reveals 340 Million user records, hackers claim
Pro-Palestinian hackers leak Israeli Navy officers allegedly involved in Gaza Flotilla interception
South Africa: State Information Technology Agency (SITA) refutes suffering cyber attack
South African Revenue Service (SARS) denies it was breached by Nigerian hacker group
South African Revenue Service (SARS) denies social media claims of data breach
South African Revenue Service (SARS) dismisses data breach claims, says no evidence of system compromise
South African Revenue Service (SARS) refutes ‘false’ claims of data breach
South African Revenue Service (SARS) refutes false claims of major data breach
South African Revenue Service (SARS) responds to data breach claims
South Korea: CJ Group Identifies Insider in Corporate Personal Data Breach
Station Casinos Confirms Cybersecurity Breach
Station Casinos Discloses Data Breach That Occurred in March, Begins Notifying Affected Customers
Store Chain 7-Eleven Confirms Data Breach Linked to the ShinyHunters Ransomware Gang
Taiwan Flags Five Major Cyber Risks After 726 Security Incidents in 2025
The AI Governance Gap Is Bigger Than We Think
The Surprising Tactic Your Company Should Use If It’s the Victim of a Ransomware Attack
'This is a sales tactic': Experts warn ransomware hackers will often lower their prices - with some giving discounts up to 96%
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto
Trump Mobile data breach may affect far more than its own customers
Turns out the C-suite loves shadow AI
Ukraine: Mass phishing emails purporting to be from the State Tax Service has been recorded – do not open fraudulent emails
US states step up cyber defenses to protect local communities
WhatsApp Local Storage Claim Raises Apple Privacy Questions
WhatsApp users on alert after hacker drops massive dataset
Wireshark 4.6.6 Resolves Robust Header Compression (ROHC) Parser and Buffer Overflow Vulnerabilities