Vercel reported an April 2026 security incident in which unauthorized access occurred to some of its internal systems after a third-party tool was compromised. The attacker used a compromised Context.ai account to access environment variables not marked as sensitive, and the breach was claimed by ShinyHunters. #Vercel #ShinyHunters
Category: Cyber Attack
Stride Learning Company was reportedly compromised by threat actor ShadowByt3$ as part of a mass-scanning campaign called “Operation Cloud” that targets misconfigurations in large organizations. The attacker is demanding $500,000 and claims to have exfiltrated corporate assets—including developer metadata, technical secrets, intellectual property, and media/branding assets—while asserting no student or teacher…
Hsinchu Logistics suffered a ransomware attack on Thursday, April 16, 2026, which took its IT systems and website offline. Partial restoration was completed the following Friday and the company warned customers to be vigilant for phishing attempts; the incident occurred amid reports of critical vulnerabilities affecting Microsoft Defender and Fortinet. #HsinchuLogistics #MicrosoftDefender
A threat actor claiming to be part of the ShinyHunters extortion group posted on April 19, 2026 that they breached Vercel’s internal infrastructure and are selling stolen assets, including source code, databases, NPM and GitHub tokens, and a file with 580 employee records. Vercel confirmed unauthorized access to some internal systems,…
The Municipality of Temse has proactively shut down its IT systems after detecting irregularities suggesting a cyberattack. Working with the Centre for Cybersecurity Belgium, the municipality has limited administrative services until Wednesday, April 22, 2026 while investigators determine the scope and nature of the incident. #Temse #CentreForCybersecurityBelgium
The city of Tallahassee experienced a cyberattack on April 17, 2026, affecting part of its IT environment. Officials disconnected systems and temporarily took talgov.com offline to contain the incident and say no data was compromised. #Tallahassee #talgov
The Corporate Affairs Commission (CAC) of Nigeria has confirmed a cyber incident involving unauthorized access to parts of its information systems. The agency has activated its response protocols, is working with national technology authorities to determine the scope, and advises users to monitor records and update login credentials. #CorporateAffairsCommission #CAC
Clinton County, Iowa temporarily took part of its network offline after detecting an attempted cyber intrusion. A forensic analysis confirmed a threat was identified and contained early, and essential services were tested and restored under enhanced monitoring. #ClintonCounty #clintoncounty-ia-gov
Fusion Superplex recently experienced a cybersecurity incident that temporarily affected some of its systems. As a precaution, the company has taken its online ticketing system offline while it completes recovery and verifies full security. #FusionSuperplex #OnlineTicketing
HexDex is selling the personal data of 1,926,409 members of the French Basketball Federation (FFBB) and roughly 800,000 parent records, totaling about 2.7 million individuals. The dataset includes full identities, home addresses, contact numbers, licence and club details, and medical certificate dates for minors and adults, raising child safety and French…
ShadowByt3s compromised the Ellucian PowerCampus platform via misconfigured Amazon S3 buckets and Azure blobs managed by Neoskool, exposing data from more than eight schools in Manipur and Meghalaya. Stolen records include student photos, Aadhaar numbers, plaintext passwords, medical alerts, timetables, staff PII, and financial/academic files, while the actor claims write/delete cloud…
Threat actor 888 is selling the DinerEnBlanc.com database as a one-time exclusive listing, exposing 411,000 user records from the invitation-only Diner en Blanc events across six continents for Monero (XMR) payment. The breach reveals personal identities, invite codes, event logistics (phases, roles, transport, table/group assignments), VIP flags, blacklist and confirmation statuses,…
The University of AlKafeel in Najaf has allegedly suffered a data breach affecting several thousand students and staff and is affiliated with a foundation linked to the Al‑Abbasiya shrine. The leaked records reportedly include full names, university email addresses, passwords and authentication credentials, identification numbers, department affiliations and study stages, phone…
The Payload group claims to have breached multiple organizations across diverse global sectors, listing TFE Group, Oriental Weavers, Sunlight Express Airways, Marino Food Products Pvt, and Franziskusschule Wilhelmshaven as alleged victims. The actor reports exfiltrated data volumes of roughly 200 GB from Sunlight Express Airways, 150 GB from Oriental Weavers, 30…
Credix, a credit service operated by the Venezuelan internet subsidiary Fibextelecom, was allegedly compromised through a severe unpatched vulnerability that was published on a hacker forum. The unidentified actor claims to have exfiltrated 44,548 rows of customer data including full names, national identification numbers, dates of birth, physical addresses, employment details,…