A threat actor known as swag is advertising stolen email credentials from multiple Israeli government agencies, Israeli organizations, and international targets on the open web. Compromised accounts include Israel Police, the Ministry of Justice, and the Quebec Central Board of Education, posing high-severity risks like spear-phishing and unauthorized access to sensitive…
Category: Cyber Attack
A threat actor going by bobby_killa is auctioning full WordPress admin access to an unnamed Spanish e-commerce site that uses the REDSYS payment gateway and handles roughly 1,150ā1,200 monthly card orders. The listing, posted on a Russian-language forum with a $1,000 starting bid and a $3,000 blitz price, creates high risk…
A threat actor known as xorcat has posted an alleged Canva dataset containing 900,000 user records as a free download on an online forum, accompanied by a 20-record sample to demonstrate authenticity. The dump includes bcrypt ($2y$10$) hashed passwords, OAuth provider links (Google/Facebook/Email), account identifiers, and platform usage metadata that could…
On Sunday 29 March 2026 the Iran-linked hacking group Pay2Key encrypted and paralysed the IT systems of Haepo Tire Center in Winterthur using ransomware, also destroying backups. The incident has caused daily losses of several tens of thousands of Swiss francs and the loss of current accounting data; Haepo has informed police and its insurer and the management does not plan to pay the demanded ransom for now. #Pay2Key #HaepoTireCenter
A technical malfunction in a CharitƩ Berlin data center caused an IT outage affecting three hospital sites and prevented the fire brigade from accessing the Virchow, Mitte, and Steglitz clinics. Patient care remained stable while emergency entrances were temporarily closed as a precaution, and CharitƩ states the cause is a technical fault rather than a cyberattack. #Charite #Virchow #Mitte #Steglitz
Abacel SA, a prominent wholesale technology and consumer electronics distributor in Paraguay, has allegedly been compromised and a database tied to its domain (abacel.com.py) is being advertised on a cybercrime forum. The seller claims the dataset includes country of residence, full names, approximately 345,000 email addresses, approximately 510,000 telephone numbers verified…
The Nasir Security group (also referring to themselves as the Nasir Resistance) claims to have compromised Dubai International Airport (DXB) and maintained active operational access to the airportās classified intelligence systems for several months. They say the breach includes classified intelligence, roughly 1,000 sensitive internal documents, and photos/reproductions of passports from…
Axios, the widely used open-source JavaScript HTTP client, was hit by a critical software supply chain attack after an unknown actor hijacked a lead maintainerās npm account and manually published two poisoned releases that introduced a malicious dependency. The injected package runs an obfuscated postinstall script acting as a cross-platform RAT…
Anthropicās Claude Code source was exposed after developers accidentally published source maps to its public npm registry, allowing anyone to reconstruct the original TypeScript source. The leak revealed core internalsālike the 46,000-line QueryEngine.ts, 40+ agent tools, the permission system, and unreleased feature flagsāand although Anthropic secured the registry, copies are already…
A ransomware attack by the Qilin group against Netalia Srl paralyzed Genoa’s municipal fine payment systems, prompting the city to extend payment deadlines and grant a 30% discount to avoid unequal treatment. Authorities are investigating the suspected digital extortion; initial checks appear to rule out a data leak, but encrypted administrative archives present an immediate economic risk to the city. #Qilin #NetaliaSrl
The Qilin ransomware group claims to have compromised U.S.-based healthcare communication and enterprise platform Doctor.com. The allegation includes claims of data exfiltration but remains unverified and specific datasets have not been publicly detailed. #Doctorcom #Qilin…
The Inclusive Resource Center (ircenter.gov.ua), a Ukrainian state portal for children with special educational needs, has reportedly been breached and a database of roughly 300,000 unique records was advertised for sale on a hacker forum. The sample indicates the leak contains highly sensitive PII for minors and their parents or guardians,…
Clickrent.es appears to have been breached, with an anonymous actor offering a dataset of roughly 2.5 million records for sale. The leak reportedly contains over 100GB of KYC files, internal documents, customer JSONL data, and sensitive personal and financial details. #ClickrentES #KYC…
The European Commission disclosed on March 24 that a cyber-attack against the cloud infrastructure hosting its Europa.eu platform led to early findings of data exfiltration. The Commission contained the intrusion, kept Europa websites online while confirming internal administrative systems were unaffected, and is notifying potentially affected Union entities as it uses…
The Exitium ransomware group claims to have breached IKRON and Ming Hwei Energy, exfiltrating 278 GB of files from IKRON and encrypting corporate infrastructure at Ming Hwei Energy. Reportedly exposed data includes PII and āfullz,ā email addresses, Social Security numbers, patient records, and CEO emails. #Exitium #IKRON…