Threat actor xpl0itts claims their earlier BMW IDOR and document breach has expanded significantly through collaborations with DarkRomance, teamPCP, and another group, with exfiltration still ongoing. They report tens of thousands of employee and customer PII records, VINs, Kubernetes and configuration data, an IDOR exploit for sale, and data from Mazda,…
Category: Cyber Attack
Heritage Financial Corporation disclosed on March 20, 2026 that it detected a cyberattack on February 2, 2026 targeting an internal file-sharing server which may have resulted in the exfiltration of potentially personal data. The company says it activated its incident response plan, isolated the affected system, notified authorities, and that business operations and customer accounts were not impacted while the incident is under evaluation and no material financial impact has been identified to date. #HERITAGEFINANCIALCORP #internal-file-sharing-server
Rogers Communications and its subsidiary Fido have allegedly suffered a data breach, with an unknown seller claiming to offer a database containing 10.9 million lines of customer information. The datasetāreportedly including account numbers and aliases, account types and subscriber statuses, full billing addresses, home phone numbers, and language preferencesāis being offered…
The LAPSUS$ group claims to have breached AstraZeneca and is offering a compressed 3GB internal data dump for sale on illicit forums. Rather than public extortion, the actor appears to be shifting to a pay-to-access model and is instructing potential buyers to negotiate via the Session messaging app; the archive allegedly…
The San Felipe-Del Rio school district in Texas reported a widespread disruption of internal, in-network systemsāincluding internet and telephoneāafter suspicious activity was detected on March 18. Telephone service was restored quickly and schools remained open while full restoration of internal systems continues under monitoring; there is no public confirmation of ransomware, data theft, or an identified attacker. #SanFelipeDelRioSchoolDistrict #SFDRCISD
The Government of Chileās Ley Lobby portal has allegedly been compromised, with a threat actor offering 250GB of the siteās data for sale on a hacker forum for $2,000. The dataset reportedly covers records from 2018 to 2026 and includes sensitive upcoming hearing schedules and personally identifiable information for high-ranking public…
Prefeitura Municipal de Caieiras in SĆ£o Paulo, Brazil, has allegedly been compromised in a large data breach, with a threat actor offering the stolen information for sale on a dark web forum. The actor claims 363,519 records and 90 files were taken, including full names, social names, CPF numbers, CNS codes,…
The Safepay ransomware group claims to have breached multiple organizations worldwide across diverse industries. The group’s latest alleged victim list includes The Navigator Company, Matt & Steveās, Briway Carriers, the Tiefenbacher Group, and Brooker Construction Group, but the specific types of allegedly exfiltrated data have not been disclosed. #Safepay #TheNavigatorCompany #MattAndSteves…
The Alp-001 ransomware group claims to have compromised Pellenc, a French manufacturer of battery-powered equipment and tools for agriculture and green spaces. The actor says they exfiltrated 228GB of corporate data and have issued a nine-day countdown before allegedly publishing the stolen files. #Alp-001 #Pellenc…
The ShinyHunters group claims to have breached two major organizationsāInfinite Campus and Ameriprise Financialāand issued a final warning demanding contact by March 25, 2026 before releasing the compromised data. Allegedly compromised data includes Salesforce records, personally identifiable information, internal corporate data, and over 200GB of compressed SharePoint files from Ameriprise. #ShinyHunters…
A Trend Micro case study shows a major data exfiltration incident caused by simple misconfigurations and poor credential hygiene, beginning with an exposed Spring Boot Actuator endpoint that revealed a SharePoint service account and host URL. Attackers combined plaintext client secrets from a spreadsheet with the ROPC flow to obtain an…
Westport Fuel Systems reported on March 17, 2026 that unauthorized access to parts of its network affected internal IT applications and business information. Although production systems and day-to-day operations were not disrupted, the company delayed filing its 2025 annual financial results past the March 31, 2026 deadline to perform additional reviews, and TipRanks issued a neutral stock rating noting weak financial performance despite operational resilience. #WestportFuelSystems #TipRanks
Westport Fuel Systems reported unauthorized access to portions of its network on 17 March 2026, affecting internal IT applications and business information. The company delayed filing its 2025 annual financial results beyond the 31 March 2026 regulatory deadline to perform additional checks, and TipRanks’ AI gave a neutral rating citing weak financial performance despite operational resilience. #WestportFuelSystems #TipRanks
Mutuelle Familiale (Family Mutual) suffered a cybersecurity incident on March 17, 2026 that caused a temporary disruption of its services and potentially affects more than 113,000 policyholders. Investigations are ongoing to determine the origin of the intrusion, and the insurer urges members to remain vigilant against any suspicious solicitations. #MutuelleFamiliale #mutuelle-familiale.fr
Public services in Foster City were suspended after a ransomware attack discovered Thursday morning, though emergency services remain operational. The city has declared a state of emergency and is working with external experts to investigate the breach, restore systems, and secure potentially compromised public information. #FosterCity #FosterCityServices