HungerRush, a cloud-based restaurant management and POS platform, has allegedly been compromised with a seller on a cybercrime forum offering a one-time sale of a database claiming to contain information on more than 28 million customers and associated restaurant businesses. The exposed records reportedly include full names, physical addresses, phone numbers…
Category: Cyber Attack
A threat actor known as Eternal has leaked over 790GB of data from Servicios de Agua y Drenaje de Monterrey, claiming the database covers all water service users in Nuevo León and offering it as a free two-part download. The exposed records reportedly include full names, physical addresses, water consumption data,…
Today’s Information experienced a cyberattack but promptly implemented security measures to mitigate the associated risks. No personal data was leaked and there was no significant impact on the company’s operations. #TodaysInformation #aotcomtw
Ohio County Schools in West Virginia restored internet service on Monday after a week-long outage caused by a suspected cyberattack. The district temporarily cut its connection to investigate and said there was no risk to student or staff data, but it did not disclose the precise nature of the attack or name any external actors. #OhioCountySchools #WestVirginia
OpenClaw, an AI-based personal assistant, delivers an exceptional user experience but carries increasing security risks when granted high privileges. Telemetry reveals about 240,000 OpenClaw instances are reachable on the public internet, so users should avoid exposing instances directly and must audit configurations to minimize the attack surface. #OpenClaw #CloudServer…
A Mexican developer on a three-person team accidentally exposed their Google Gemini API key and attackers exploited it to generate an $82,000 bill in 48 hours. The team is now disputing the charge with Google amid criticism of shared-responsibility policies and Google Cloud’s lack of hard spending quotas, which left them…
Colombia’s tax authority DIAN is reported to have been compromised through an unpatched vulnerability in its appointment platform developed by Cielingenieria, resulting in unauthorized access. The actor claims a 16GB SQLite database containing 18 million Colombian records is being offered for sale for $2,000 and is also offering custom software to…
The Dragonforce ransomware group claims to have breached multiple global organizations across various industries and published details of the alleged compromises on its extortion portal. The group lists substantial data exfiltration—28.96 GB from New Generation Media, 302.64 GB from Lincoln Green Brewing, and 105.18 GB from Bravo Electro Components—with two listings…
NetRunnerPR claims to have breached Shiraume Hospital in Japan and extracted patient PII along with full medical records, announcing the complete database will be released on March 5, 2026. The leaked fields reportedly include sensitive infection statuses (HBV, HCV, HIV, MRSA, TB, CJD, VRE), emergency contact details, banking and insurance information,…
A threat actor known as korea leaked OptimizerAI’s full database, exposing more than 118,000 unique user records and over 1.1 million AI-generated sound effects. The dump links users’ Google accounts and Discord profiles and includes UIDs, email addresses, profile images, account metadata, and all user-generated sounds, representing both a user-data exposure…
The Alcorn School District in Mississippi temporarily disabled its network after detecting suspicious activity, which could affect student testing this week. The district has not disclosed the cause and is working to restore its systems. #AlcornSchoolDistrict #alcornschools
FULCRUMSEC claims to have breached LexisNexis by exploiting a vulnerable container role to gain broad access to the company’s AWS infrastructure and bypass access controls. They allege exfiltrating large volumes of sensitive data—including Redshift and VPC tables, plaintext AWS Secrets Manager entries, millions of EDW records, hundreds of thousands of user…
The AiLock ransomware group claims to have compromised multiple organizations across different countries, publishing a list of alleged victims. The group alleges it exfiltrated approximately 2.5 TB of uncompressed data from Aaronson Rappaport Feinstein and Deutsch, LLP and 1 TB from Demanor AS. #AiLock #AaronsonRappaportFeinsteinandDeutschLLP #DemanorAS…
Aura.Build, a popular AI design website, was allegedly compromised in a data breach from February 2026 that affects over 132,000 unique users. A database sample posted to a hacker forum reportedly includes names, emails, bios, locations, account and avatar identifiers, Stripe customer and subscription IDs, subscription details, usage metrics, and account…
Threat actor Wadjet is advertising the alleged sale of SkiWebShop customer data, claiming 81,436 unique email addresses and 70,020 unique phone numbers. The dataset spans multiple European countries and contains detailed billing and account information; the actor has posted a redacted sample and is accepting escrow offers. #Wadjet #SkiWebShop…