KittyKatKrew claims to have breached Tricolor Holdings, a U.S.-based technology-enabled auto finance company serving underserved and credit-invisible consumers. The actor alleges the leaked file tree contains Active Directory exports, financial portfolio exports and master servicing tapes, archived legal and regulatory documents, marketing leads, internal chat logs, employee lists, and production SQL…
Category: Cyber Attack
A threat actor claims to have maintained undetected access to Airbus SE’s DevOps environment for over two months and is attempting to sell files exfiltrated from an Airbus JFrog Artifactory instance. Available file listings reportedly include software build artifacts, dependencies, source code assemblies, checksum files, and development modules tied to Airbus…
The General Authority for Roads and Bridges (GARB) appears to have been compromised, with a threat actor claiming to have exfiltrated approximately 1GB of data from the agency’s Contract Extract System. The actor alleges the leak contains databases, source code, SSL certificates, contract and project details, billing records, and internal documents…
The National Committee for the Administration of Gaza (NCAG) is reportedly the victim of a large data breach in which a threat actor posted claims of exfiltrating the organization’s database of approximately 2.85 million records. The leaked sample allegedly contains extensive personally identifiable information and medical details, including full names, ID…
ccMixter reportedly suffered a data breach that an unidentified actor claimed on a cybercrime forum, stating the compromise occurred in February 2026. The actor alleges the release contains 62,339 user records including IP addresses, email addresses, MD5 email hashes, and transactional data. #ccMixter #MD5…
Cocoa, Florida experienced a ransomware attack that disrupted several city IT systems and limited some services. Officials declared a state of emergency and are working with partners to restore systems while emergency operations and dispatch remain functional. #CocoaFlorida #cocoafl_gov
A cyberattack hit Hazeldenes’ chicken processing plant, causing shortages of chicken parmas in pubs and supply disruptions for butchers across the state. Hazeldenes is working with cybersecurity investigators to determine the cause while pubs and suppliers seek alternative chicken sources to limit customer impact. #Hazeldenes #parmas
The United Arab Emirates says it stopped a ransomware attack targeting the country’s digital infrastructure and has declared the incident a terrorist act. The assault involved network intrusion attempts, targeted phishing campaigns against national platforms, and the use of artificial intelligence to craft offensive tools. #UAE #u_ae
Svealandstrafiken suffered a major cyberattack that caused significant disruption to its operations. The attack occurred on Monday and details about the incident are not yet known. #Svealandstrafiken #svealandstrafiken.se
INC Ransomware claims to have breached ACWA Power and Larsen & Toubro, compromising a shared repository of corporate and operational project data tied to their joint ventures. The group says about 400GB of files were exfiltrated — including engineering plans, ISO certifications, Ministry of Energy project documents, safety and operations manuals,…
UPLUS, a Thai organization that assists people studying and living abroad, has allegedly suffered a data breach after a 14MB database was leaked to a cybercrime forum. The leaked files reportedly include two CSVs for clients and sales leads containing full names, nicknames, email addresses, phone numbers, dates of birth, account…
The Qilin group claims to have breached multiple organizations across global sectors, listing Envelex Thailand, PoindexterHill P.C., and Induherzig SAS as alleged victims. The actor says the networks were compromised but has not publicly detailed the specific types of data allegedly exfiltrated. #Qilin #EnvelexThailand #PoindexterHill #InduherzigSAS…
An initial access broker using the handle miyako is selling unauthorized root access to a Linux-based firewall belonging to a leading South African telecommunications company. The listing advertises root RCE, shell access, and network admin panel control for a fixed price of $300, with the seller asking serious buyers to contact…
GVM Technologies, operating as GradSmart, reportedly suffered a data breach after a misconfigured cloud MongoDB instance without an IP whitelist and containing plaintext credentials allowed unauthorized access. The actor claims over 2,000 student records were exfiltrated, including full names, contact details, passport numbers, test scores, visa statuses, and academic and employment…
A threat actor claims to have exfiltrated a massive 3.6 terabyte archive from an internal ANSI vault containing raw and classified standards data. The archive reportedly includes over 25,200 documents, unpublished drafts, full committee records, revision histories, metadata revealing pricing and access controls, and backend logs overlapping with ASTM, ISO, NIST,…