The Taiwan HVAC Engineering Association (THA) has reportedly suffered a significant data breach exposing administrative records and tender-related information. Leaked data appears to include full names, email addresses, usernames and plain-text passwords, IP addresses and session IDs, contact details, personal demographics, and government tender documents. #TaiwanHVACEngineeringAssociation #TaichungCityLixingElementarySchool #BadeExteriorPrison…
Category: Cyber Attack
WoundTech, a Florida-based wound care provider, was allegedly compromised in a catastrophic breach that exposed roughly 3.8TB of data and over 160,000 unique patient records, including graphic clinical photographs and unredacted medical narratives. The group Fulcrum Security claims to have exploited unencrypted S3 buckets and Terraform state-file credentials, released an investigation…
Exploit Pack, an automated penetration testing framework and exploit repository, has reportedly been compromised after an unauthorized actor claimed to exploit a vulnerability on exploitpack.com and exfiltrate restricted data. The leaked file listing allegedly contains a full exploit repository covering 2020–2026, shellcodes, source code for PoCs, and promises future premium releases…
San Juan Andes Health System (Andes – Aplicación Neuquina de Salud), a government-run digital health platform in San Juan, Argentina, appears to have been breached after a threat actor posted a dataset from andes.sanjuan.gob.ar on a hacking forum. The leak reportedly contains 54,033 identified patient photos with full names and system…
A threat actor using the handle Daku has posted a listing claiming to sell a 7.5 GB database extracted from the Uganda Public Service Commission’s online job application portal. The alleged dataset reportedly contains applicant records from vacancies.psc.go.ug, posing a high-severity exposure of recruitment and personal data. #Daku #UgandaPublicServiceCommission…
Eventing South Africa, the official body for eventing competitions and memberships in South Africa, is alleged to have been compromised with a database posted on a dark web forum dated January 16, 2026. The leak reportedly contains sensitive administrative and user data including full names, email addresses, login credentials, membership details,…
LawPavilion, a Nigerian legal technology platform used by practitioners, judges, and students, reportedly suffered a data breach in January 2026 exposing records for over 63,000 unique users. An anonymous actor posted the leaked database on an underground forum, which reportedly includes full names, email addresses, phone numbers, user status, and unique…
The Technical University of Vienna (TU Wien) experienced a security breach in its network that resulted in compromised accounts and possible access to sensitive data. Systems are operating with restrictions while employees and students must reset their passwords; the university has informed the data protection authority and is investigating with an external cybersecurity firm. #TUWien #tuwien.at
New Britain officials will hold a press conference to provide updates on a suspected cyber attack on City Hall. The incident caused an internet outage while public safety services were not affected, and state and federal authorities have been called to investigate. #NewBritain #NewBritainCityHall
WalutaTu, an Italian online platform providing certified market valuations for used vehicles, was allegedly compromised after a threat actor posted on a cybercrime forum claiming to have uploaded the company’s database. The breach reportedly exposes internal records including full names, VINs, license plates, vehicle specifications, technical details, and internal user IDs…
Paa.ge, a link-in-bio and e-commerce platform backed by Lama.co infrastructure, has allegedly been breached with a threat actor listing nearly 33 million rows of data for sale. Samples indicate widespread exposure of customer personal information, shipping addresses, order and gift card details across multiple Paa.ge storefronts, including Envie Le Banquet and…
A threat actor using the handle “JustAnon69” posted an auction on the Exploit forum offering unauthorized admin panel credentials and web shell access to a UK-based Magento e-commerce store. The seller provided SQL outputs showing the site processes over 400 monthly orders (primarily via Stripe), with the auction starting at $2,000…
The 0APT ransomware group claims to have compromised Quantum Financial Corp, listing the company on its data leak site and setting a January 30, 2026 negotiation deadline. The actors allege they exfiltrated 2.5 TB of data from backend banking servers, encrypted files with AES-256, and took SWIFT logs, HNI KYC records,…
Semsar Masr, an Egyptian real estate marketplace operating since 2007, has allegedly been compromised with a database leak exposing over 185,024 member profiles. The leaked data reportedly includes full names, emails, phone numbers, plaintext passwords, physical addresses, social links, account activity logs, and other personal identifiers. #SemsarMasr #MemberProfiles…
Apple highlights ten integrated privacy features across the iPhone and ecosystem to mark International Data Privacy Day, urging users to review settings that shield personal data. Key protections include Safari’s enhanced anti-tracking and locked private tabs, the Passwords app, Hide My Email, recording indicators, approximate location sharing, and new capabilities like…