A threat actor known as Alameda_slim claims to have breached Mexican clinical lab Laboratorios CEFLO and leaked about 21,000 patient records for free. The exposed data reportedly includes positive HIV, syphilis, and COVID test results along with names, birth dates, phone numbers, and internal patient identifiers. #LaboratoriosCEFLO #Alameda_slim #Mexico…
Category: Cyber Attack
A threat actor known as LaPampaLeaks claims to have breached Antel’s TuID Digital platform by finding an API key on the telecom’s backend and using it to access and potentially alter citizen identity data. The alleged leak includes 8GB of internal files and records tied to police, government officials, journalists, and…
A threat actor claimed to leak a Meetic database and released 7,169,561 records for free under the hashtag #freebreach3d. The sample reportedly contains usernames, emails, IP addresses, registration details, and partial profile information from the French online dating platform. #Meetic #NormalLeVrai #freebreach3d…
A threat actor identified as boltak claims to be selling live, authenticated admin access to a US NEMT platform, along with 500,000+ patient records and the Smart-Data-Hub source code. The alleged access could enable fake provider creation, ride assignment manipulation, billing abuse, and exposure of sensitive patient and subcontractor data. #boltak…
A threat actor known as Moon_WALK claims to be selling a 2.47GB CSV database allegedly taken from homes.at.world, containing more than 7 million records tied to real estate agents and investors. The leaked data reportedly includes personal, contact, location, and property details for victims in the US and UAE. #Moon_WALK #homesatworld…
A threat actor known as MDGhost (The BlackH4t MD-Ghost) is advertising a data sale tied to Community Choice Credit Union, claiming access to more than 1 million premium credit client records. The alleged exposure includes full card numbers, names, issuing banks, addresses, emails, mobile numbers, and apparent admin dashboard details showing…
A threat actor claims to have leaked a free database from LDLC, exposing 1,504,635 customer records from the French electronics retailer. The sample data reportedly includes names, email addresses, mobile numbers, full addresses, account details, and VAT regime information. #LDLC #NormalLeVrai #freebreach3d…
A threat actor identified as Blastoize is allegedly selling a 243 million record dataset attributed to credilink.com.br, a Brazilian credit information and risk analysis provider. The sample data includes CPF national IDs, addresses, vehicle ownership, and presumed income, with a 12 million record sample offered for free download. #Credilink #Blastoize #Brazil…
Google Chrome is reportedly downloading a hidden 4GB weights.bin file in the background to support Gemini Nano on-device AI features without user consent or an opt-in prompt. The behavior has raised privacy, GDPR, and environmental concerns because the file is difficult to find, automatically re-downloads after deletion, and could generate significant…
A cybersecurity incident affecting Instructure’s Canvas platform caused widespread outages at universities across the US, disrupting access for students and staff at schools including Harvard, Stanford, Columbia, Princeton, Boston College, and Duke. Instructure said a criminal threat actor was involved, while reports linked the incident to possible data exposure and warned users about phishing attempts impersonating university IT staff. #Instructure #Canvas #Harvard #Stanford #Columbia #Princeton #BostonCollege #Duke #ShinyHunters
A network incident, potentially linked to a cyberattack, has affected the City Council of Valdemoro’s servers and is preventing online municipal procedures and consultations. The municipality has reported the incident to the National Cryptologic Center, disconnected the servers as a precaution, and advised citizens to stay alert for fraud attempts and change their passwords. #AyuntamientoDeValdemoro #CentroCriptologicoNacional #Valdemoro
Cyber Power Systems reported that unidentified hackers gained unauthorized access to its servers and encrypted some data. The company activated its defenses, brought in external experts for investigation and remediation, and said the incident is not expected to materially affect its finances or operations. #CyberPowerSystems
Hunt Intelligence uncovered an exposed staging server in the UAE that revealed a large intrusion campaign against Oman’s Ministry of Justice and Legal Affairs, including attacker tools, C2 code, session logs, and stolen data. The operation exfiltrated more than 26,000 user records and sensitive judicial information, with tactics overlapping known Iranian…
4SELLERS, a German webshop service provider specializing in e-commerce solutions, was hit by a ransomware attack during the night of April 30, 2026. The incident was reported on 2026-04-30 and affects the company’s hosted webshop services and potentially its clients. #4SELLERS #ecommerce
The City of Quiberon was the victim of a cyberattack that affected its computer systems, local officials announced. Temporary disruptions to municipal services have been reported, and residents are being asked to postpone non-urgent procedures while teams work to maintain continuity of public services. #Quiberon #quiberonfr