Internal monitoring detected a suspected transfer of a substantial cache of confidential commercial and financial documents affecting multiple NSW Government departments and projects. NSW Treasury reported the matter to NSW Police, who launched Strike Force Civic, led to criminal charges, and now believe the alleged stolen data has been located and secured with no external compromise and no impact to government services. #NSWTreasury #StrikeForceCivic
Category: Cyber Attack
Threat actor 888 posted a full database dump of Ledil Immobilier (ledil.immo), exposing 6,700 unique user records including names, emails, phone numbers, addresses, property and transaction details. The dataset, apparently exported from a Drupal (Search API) instance and offered as a free download on darkforums.su, greatly increases the risk of targeted…
A ransomware attack on April 16, 2026, crippled IT systems and public services at the Sprendlingen-Gensingen municipal administration. An external IT forensics team is analyzing the damage and assessing the potential extent of any data leakage. #SprendlingenGensingen #TourismusbeitragSoNicht
A ransomware attack on Thursday 16 April 2026 paralyzed the administration and public services of Sprendlingen-Gensingen. All IT systems were disconnected from the network and an external IT forensic team is analyzing the damage and investigating the potential extent of any data leak. #SprendlingenGensingen #TourismusbeitragSoNicht
Roca Asociados, a Spanish firm of lawyers and economists with offices in Barcelona, Madrid, and Andorra, has allegedly been compromised in a recent data leak. Exposed records reportedly include full names, email and physical addresses, birthdays, website URLs, account and subscription metadata, IP addresses, and mailing group information #RocaAsociados #Barcelona…
A survey found that at least 222 Japanese companies paid ransom demands but roughly 60% still failed to recover their data. Of 1,107 respondents, 507 reported ransomware attacks, and experts warn that paying ransoms does not guarantee recovery while urging updated security and regular backups. #JapanInstituteForPromotionOfDigitalEconomyAndCommunity #Proofpoint
Atlassian has revised its data contribution policy so that, effective August 17, 2026, it will use customer metadata and in‑app content from Jira, Confluence, and related cloud offerings to train its AI models, affecting roughly 300,000 customers. Data will be classified into de‑identified metadata (readability, complexity, task taxonomies, semantic similarity, iteration…
The Secretaría de Seguridad del Estado de México (SSEDOMEX) has allegedly been compromised, with a massive database of emergency call records put up for sale on a cybercrime forum for $1,200 USD. The purported leak includes 3,652 Excel files of 911 and 089 reports from 2016–2026 containing full names, phone numbers,…
Anubis group claims to have breached multiple organizations, exposing over five terabytes of sensitive information across the healthcare and legal sectors. The alleged victims include ViaQuest and Samuel I. White, PC, with stolen files spanning patient medical records, internal emails, financial documents, court filings, client databases, and network passwords. #Anubis #ViaQuest…
The Fulcrumsec group claims to have breached Analog Gold and its Prospector Portal subsidiary, exfiltrating 2.2 TB of data across 52 S3 buckets that allegedly include the Republic of Guyana’s GGMC IMAPS sovereign mining database. Attackers are using a 58 GB “highlights package” to extort the company amid a pending $28…
Alexander Hanff found that Claude Desktop silently installs a native messaging bridge that pre-authorizes browser extensions to communicate with local executables, enabling browser automation, DOM access, session sharing, and other elevated actions without user consent. The manifest is autonomously generated across multiple Chromium browsers, persists and is rewritten on launch with…
Threat actor Rabid is advertising a complete 250GB+ database from the Chartered Institute of Bankers of Nigeria (CIBN), claiming it contains the institute’s full records and platform source code. The archive includes member personal data, scanned ID and academic documents, and internal code that could enable identity theft, synthetic identity fraud,…
A threat actor known as Sorb is selling a database attributed to Taiseer (taiseer.co) containing 71,000 user records, including bcrypt password hashes, 27,000 national ID scans, emails, phone numbers, FCM push tokens, and per-user gold balances. The listing is priced at $400 with escrow and claims ongoing access, creating high risk…
The Gentlemen RaaS has rapidly expanded in early 2026, claiming over 320 victims and offering multi‑platform lockers written in Go for Windows, Linux, NAS and BSD plus a C‑based ESXi variant. Incident response telemetry shows affiliates deploying SystemBC and Cobalt Strike, revealing a botnet of over 1,570 likely corporate victims and demonstrating GPO‑based mass deployment, robust lateral movement, and aggressive defense‑evasion. #TheGentlemen #SystemBC
The Everest ransomware group claims to have breached multiple organizations across the financial, aviation, automotive, and retail sectors and has posted large troves of highly sensitive corporate and customer data on its extortion portal with active countdowns to public release. Alleged victims include Frost Bank, Citizens Bank, Tokoparts, Complete Aircraft Group,…