Nurture Life, a subscription-based direct-to-door meal service for babies, toddlers, and kids, has allegedly been compromised and a comprehensive archive of its internal database was leaked online by an unknown party. The leak reportedly exposes sensitive customer and dependent information including full names, email addresses, children’s dates of birth, dietary preferences…
Category: Cyber Attack
The Beast ransomware group claims to have breached Xiamen Tungsten Co., Ltd. and is offering the company’s full infrastructure dump for sale for 20 Bitcoin. The actor alleges more than 150GB of SQL backups were exfiltrated, including full PII and payroll, SSO credentials and network tokens, ERP blueprints, lab chemical formulas…
PaidWork, a popular online monetization and micro-task platform, has allegedly been breached, exposing an approximately 11GB database containing sensitive records for about 22 million users. The dataset—reported for sale on a cybercrime forum for BTC/ETH/XMR—includes personal details, hashed passwords, banking and PayPal information, cryptocurrency wallet addresses, billing addresses, IPs, and demographic…
A widespread leak of the Claude Code source code circulated among developers after MAP files were accidentally included in a production package, exposing large amounts of unobfuscated internal data. Anthropic issued DMCA takedown notices that led GitHub to remove over 8,100 repositories but acknowledged complete eradication is unlikely, with principal architect…
FulcrumSec published a 140GB breach report showing that CVE-2025-55182 (React2Shell) exploited on an unpatched internet-facing host allowed attackers to obtain ECS credentials and access 57 S3 buckets and AWS Secrets Manager across Unique Computing, ReFocus AI, and Gennet AI. The compromise exposed roughly 23,000 insurance policyholders and $796,847,366 in aggregate premiums—including…
Threat actor xNov leaked the full production database of Smarteez, the digital factory operating for L’Oreal Morocco, exposing operational data for La Roche-Posay, Vichy, CeraVe, and Dercos from mid-2023 to early 2026. The public leak includes 296 pharmacies, over 361,000 sales analytics records, OAuth2 client IDs with 128-character plaintext client secrets,…
A threat group calling themselves ShadowByt3s (posted by BlackVortex1) claims to have breached Starbucks by compromising the sbux-assets S3 bucket and exfiltrating 10 GB of proprietary source code, firmware, and global management tools. The group provided proof via Mega.nz and Telegram, is recruiting insiders with a 30/70 split, set a ransom…
HASBRO, INC. disclosed on April 1, 2026 that it detected unauthorized access to its network on March 28, 2026. The company activated incident response protocols, isolated affected systems, engaged cybersecurity experts to investigate, and said business operations continue under continuity plans though delays are possible during remediation. #HASBRO #hasbrocom
A group calling itself FulcrumSec claims to have compromised a shared AWS cloud environment, exposing highly sensitive personal data and proprietary assets from multiple affiliated technology companies and their clients. The posted victim list includes Unique Computing LLC, Gennet.AI, ReFocus AI, Patriotic Insurance, Alliance Insurance Services, and Ohio Mutual Insurance Group,…
The NightSpire ransomware group claims to have breached multiple organizations and posted an alleged victim list including GMP Group (Singapore), Ghazi Brothers (Pakistan), and Notre-Dame du Grandchamp (France). NightSpire says over 2.3 terabytes of data were taken from the GMP Group and Notre-Dame du Grandchamp while Ghazi Brothers’ data is listed…
Vantage Media AI, a provider of AI-powered predictive analytics and customer data platforms, has allegedly been compromised and a 381 GB MongoDB server dump belonging to the company has been listed for sale for $15,000. The seller claims the March 27, 2026 breach includes full access logs and consolidated files containing…
AVC-Livestock (avc-livestock.com), an Afghan agricultural platform, allegedly suffered a data breach exposing records on specialized farmers, agribusiness contacts, and personnel across provinces including Kabul, Kandahar, Balkh, and Bamyan. The compromised database of about 284,000 unique users — containing full names, email addresses, phone numbers, location details, and Tazkira numbers — is…
Nissan Motor Corporation is reportedly compromised by the Everest extortion group via a third-party IT contractor, impacting GCSSD applications and FTP servers used by Nissan and Infiniti dealer networks in North America. Everest claims to have exfiltrated 910 GB across more than 180,000 files containing customer, dealer, financial, and source-code data,…
The ShinyHunters extortion group claims to have breached Cisco Systems, alleging three separate intrusions affecting UNC6040, Salesforce Aura, and Cisco AWS accounts, with screenshots showing unauthorized access to an AWS Management Console for the Cisco Crosswork Network Controller and hundreds of internal storage volumes. The actor demands Cisco contact them by…
Claude Code’s proprietary source code was inadvertently exposed when a packaging utility accidentally included sensitive files in the production build, and developers quickly began dissecting the leak to reveal unreleased features and configurations. Anthropic issued a DMCA takedown to GitHub that removed over 8,100 repositories, but complete eradication is unlikely as…