Phonesack Group, a major mining and energy conglomerate in Laos, appears to have been breached, with a threat actor claiming to sell approximately 4 GB (81 documents) of internal files related to the Xekong 1800 MW thermal power plant project. The leaked materials reportedly cover 2020–2021 project development and include confidential…
Category: Cyber Attack
A threat actor using the handle HexDex claims to be selling a dataset tied to Loxam’s delivery operations across France and Europe. The listing alleges the breach contains 94,735 delivery routes with 828,000 stop points spanning January 2020 through February 2026, totaling about 60 GB of data. #HexDex #Loxam…
A hacker launched a massive attack against the municipal company Werkstatt Bremen, disrupting computers and laptops and impacting the operations of the Bremen police. The Interior Ministry has confirmed the incident, but the full scope and consequences remain unknown. #WerkstattBremen #BremenPolice
Powertech Industrial experienced a cyberattack that did not significantly impact its operations. The company activated defense and recovery mechanisms, engaged external experts for investigation and remediation, and is strengthening its network and information infrastructure security. #PowertechIndustrial #powertechsemi
Gozo Channel was hit by a cyber attack that disrupted its internal IT systems, but ferry operations were not affected. Technical teams contained the incident quickly using existing IT infrastructure and contingency measures and are working to restore affected administrative systems to full operational capacity. #GozoChannel #AdministrativeSystems
A threat actor using the handle SantaAd posted an auction on a known exploit forum claiming to sell unauthorized root access to over 1,500 Linux systems tied to Stevens Sales Company. The listing references a “US DB” and ssco.net, identifying the compromise as initial access with medium severity and root-level permissions….
A threat actor using the handle “GeeksforGeeks” posted a listing on an exploit forum offering to sell a customer database allegedly taken from an Australian furniture company. The listing describes the company as generating roughly $5 million in revenue and prices the dataset at $500. #GeeksforGeeks #AustralianFurnitureCompany…
Universidad Autónoma de Sinaloa (UAS) reportedly suffered a data breach that exposed personal records for 55,566 students and 12,418 professors, which were posted on a popular hacking forum. The leaked database allegedly includes highly sensitive identifiers and contact information such as full names, CURP, account numbers, addresses, phone numbers, emails, and…
Sapienza University of Rome’s website is currently inaccessible due to a technical issue that may be related to a suspected hacker attack. The exact cause remains unknown, but the incident may have compromised or temporarily disabled the university’s servers and internal systems. #LaSapienza #uniroma1
OLV Pulhof School in Belgium was targeted by a cyberattack in which perpetrators threatened parents with blackmail, offering to “secure” their children’s data in exchange for payment. The school filed a police complaint and deployed a new network environment while classes continued without disruption. #OLVPulhof #pulhofbe
Wieson received an alert of anomalies in its information system, but no data was lost or disclosed. The company activated security measures and strengthened defenses, and the financial and operational impact was considered negligible. #Wieson #TodaysInformation
Spain’s Ministry of Universities has reportedly been compromised after a high-severity IDOR vulnerability granted an unauthorized actor admin-level access to its database. The breach allegedly used leaked credentials combined with sequential DNI iteration to systematically exfiltrate large amounts of student and applicant PII and financial records, including passport scans, DNI/NIE scans,…
The INC Ransomware group claims to have breached two organizations in the automotive and financial sectors across different continents. The alleged victims are H-Behbehani Brothers WLL in Kuwait and Blystone & Bailey, CPAs, PC in Michigan, and the actor says various company data were exfiltrated. #INCRansomware #HBehbehaniBrothers…
Substack reportedly suffered a data extraction in late 2025 that exposed approximately 697,313 user records obtained via a scraping method. The compromised fields included full names, email addresses, phone numbers, user and Stripe IDs, profile pictures, biographies, account creation dates, and social media handles, and the company says the method was…
Moltbook, an AI-only forum where users connect autonomous agents (often via OpenClaw), suffered a major data breach that exposed 4.75 million records including 1.5 million API authorization tokens, over 35,000 emails, 29,000 early-registration addresses, 4,060 private agent messages and plain-text OpenAI API keys. Wiz found the breach was enabled by exposed…