Threat actor ByteToBreach claims a full infrastructure takeover of National Oil Ethiopia PLC, achieving full Active Directory admin access and deploying ransomware after an 8-step intrusion. The actor alleges exfiltration of over 800 GB of data—including a 500 GB ERP database—and reports compromises of Veeam backup infrastructure and the Kaspersky security…
Category: Cyber Attack
The Worldleaks ransomware group claims it has compromised the Marion Military Institute (MMI), an historic U.S. military college established in 1842 that operates with about 157 employees and roughly $22.7 million in annual revenue. Worldleaks says it has started a countdown of just over one day threatening to publish the institution’s…
A 1.08 GB ManyChat database dump containing over 352,000 Armenian user records has allegedly been compromised and leaked, including extensive automated customer service and marketing communication logs. Sample analysis links the dump to Armenian financial services provider Telcell (the SQL file is named telcell.sql and the sample includes an administrator account),…
The Netherlands’ Ministry of Finance reported unauthorized access to its main processing systems on 19 March 2026, though the full extent of the compromise remains unknown. Attackers’ access was blocked on 23 March; some employees were affected, citizen-facing services of the Tax and Customs Directorate were not disrupted, and authorities say the incident is part of a series of recent attacks on several Dutch government departments. #MinistryOfFinance #TaxAndCustoms
Energetika Ljubljana has reportedly been breached, with an unknown actor claiming to have exfiltrated a 2 TB dataset tied to the TE-TOL gas turbine and HRSG project. The dataset, dated 2018–March 2026 and comprising 240,871 mainly technical PDFs, is listed for sale on a cybercrime forum for 3 BTC #EnergetikaLjubljana #TE-TOL…
The Gunra ransomware group claims to have breached multiple organizations in the travel and semiconductor sectors, listing BKK Sky and Trio-Tech International as alleged victims. Trio-Tech reportedly had about 560 GB of data exfiltrated, including employee OneDrive folders, corporate emails, configuration files, credentials, project files (notably “AMD_AI”), internal audits, HR portal…
The Town of Clayton, North Carolina detected suspicious network activity on March 18, 2026, and took systems offline as a precaution to contain the threat. Officials report the incident is not a major cyberattack, no sensitive data was compromised, and city services remain operational though some activities are temporarily limited during secure system recovery. #TownOfClayton #ClaytonNC
A foreign subsidiary of Test Rite experienced an external network attack on its information systems on 23 March 2026. IT teams immediately isolated affected systems and engaged cybersecurity experts while operations remain normal and plans are in place to strengthen the network security architecture. #TestRite #TodaysInformation
OVHcloud has allegedly been breached, with a threat actor claiming access to a parent account and associated servers that enabled large-scale data extraction. The actor is offering the stolen dataset for sale, which reportedly includes records for 1.6 million OVH Fresh customers and details from 5.9 million active websites. #OVHcloud #OVHFresh…
Defion Security was allegedly breached after an actor compromised three publicly accessible ESXi hosts and escalated privileges to gain deep access to the company’s systems. After an alleged failed extortion attempt in which the company patched the vulnerability but did not respond, the actor is offering exfiltrated data—including a full Splunk…
OVHcloud is reportedly the victim of a major security breach in which attackers claim to have accessed the parent account and exfiltrated 1.6 million customer records plus telemetry for 5.9 million active domains. The perpetrators are auctioning the data without a fixed ransom while OVH has not publicly confirmed the incident…
NyxarGroup is advertising 250 GB (3 GB compressed) of data allegedly exfiltrated from Chile’s Ley del Lobby transparency platform, covering lobbying records from 2018 through 2026. The dataset reportedly contains personal identifiers, detailed hearing schedules, institutional affiliations, and meeting details, and the actor is offering the listing for $2,000 via PM…
A threat actor calling itself HexDex claims to be selling more than ten Airsoft-Entrepot databases containing customer, order, invoice, supplier, delivery, accounting, warehouse, and B2B records spanning 2013–2026. Samples and proof links reportedly include a full customer breakdown (333K addresses, 383K customers, 243K phone numbers, 328K emails) and a 1K-line cross-file…
NyxarGroup published 110,000 records allegedly taken from Chile’s Servicio Civil training platform, exposing full names and internal user IDs of public servants. The dataset was posted as a free download on the open web and complements a separate Ley del Lobby leak, with the actor hinting at further Chilean disclosures. #NyxarGroup…
Threat actor HexDex claims to be selling a dataset containing 453,299 unique Allopneus customer profiles and 739,316 total records spanning 2014-2026. The seller provided proof links and a 1K-line sample, and the data—priced by offer—likely includes contact details, delivery addresses, vehicle information, and purchase/service history. #HexDex #Allopneus…