A threat actor using the alias Moelester claims to be selling an alleged dataset tied to Swiss Medical, a major Argentine private healthcare and health-insurance company. The claimed data sale involves about 458,000 member records and could expose sensitive customer information. #SwissMedical #Moelester…
Category: Cyber Attack
The Center for Political Education in Rhineland-Palatinate was hit by a cyberattack, forcing it to isolate its websites and memorial sites, which are now inaccessible. The institution is investigating whether subscriber and customer data may have been exfiltrated in the incident. #LandeszentralefürpolitischeBildung #lpb.rlp.de
A threat actor using the alias xMetah claims to be selling a database allegedly tied to Resana, a French government collaboration platform hosted on numerique.gouv.fr. The alleged dump is said to contain 990,000 user records, raising concern about possible exposure of government platform data. #Resana #xMetah #numeriquegouvfr…
A threat actor known as ChimeraZ claims to have leaked a database allegedly tied to Figaro Immobilier / Explorimmo, a French real-estate platform. The alleged leak is said to involve about 100,000 invoices and could expose sensitive business and customer-related information. #ChimeraZ #FigaroImmobilier #Explorimmo…
MedusaLocker3, also known as FarAttack, is an updated Rust-based ransomware variant that is being deployed alongside GlobeImposter 2.0, with both strains using the same file extensions in some attacks. The group leaves multiple ransom note formats and a long PERSONAL ID in the notes, while victims report signs of RDP compromise, Mimikatz use, and antivirus removal before encryption. #MedusaLocker3 #FarAttack #GlobeImposter20 #Mimikatz #RDP
ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French real-estate virtual tour platform used by agents to create and share property presentations. The alleged breach is said to involve 138,000 records and may expose sensitive user and business data. #EnVisite #ChimeraZ…
The Municipality of Serpa was targeted by an external attack against its IT infrastructure, and the incident was promptly reported to the competent authorities, including the National Cybersecurity Center. While the system is considered secure, municipal services are still operating under constraints, including the loss of fixed and mobile communications. #MunicipalityofSerpa #NationalCybersecurityCenter #Serpa
Extortion campaigns are increasingly relying on data theft instead of encryption, with threat actors like ShinyHunters, CLOP, and TeamPCP using faster exfiltration, supply chain compromise, and vishing to pressure victims into paying. Regulators, class-action risk, and frontier AI models such as Mythos are reshaping the threat landscape by compressing attack timelines and making pure data extortion more effective. #ShinyHunters #CLOP #TeamPCP #BlingLibra #HazyScorpius #LAPSUS #Vect #BlackFile #Mythos
A threat actor using the alias bacen claims to have 43,847,219 iFood customer records and is allegedly trying to extort the Brazilian food-delivery giant. The exposed data is said to include CPF national IDs, full names, emails, phone numbers, and credit-card information, raising serious risk for iFood customers. #iFood #bacen #CPF…
Hackers breached Portraitbox, a photo service used by photographers in Rhineland-Palatinate, and stole children’s photos, email addresses, delivery addresses, and passwords. Authorities say the attackers are trying to extort the company, while affected families should change passwords and avoid clicking suspicious links. #Portraitbox #RheinlandPfalz #BSI
This write-up reconstructs an Akira-attributed intrusion by joining SSLVPN syslog with Windows EVTX to show how the attackers gained access, escalated privileges, and prepared for ransomware deployment. It highlights that the most useful defensive evidence appears before encryption, including brute-force login attempts, Kerberoasting, RDP movement, log clearing, and shadow copy deletion. #Akira #Kerberoasting #nltest #vssadmin
Grafana Labs disclosed that a targeted attack tied to the Mini Shai-Hulud npm worm and a poisoned TanStack package led to source code theft and a ransom demand, but its production environments and Grafana Cloud infrastructure were not affected. The company said the attackers only achieved read-only access to GitHub repositories…
TeamPCP claims to be directly selling stolen GitHub source code and internal data, while GitHub has confirmed that about 3,800 internal repositories were exfiltrated. The breach is linked to a compromised Visual Studio Code extension used in a supply-chain worm campaign that harvested credentials and exposed code for GitHub Copilot, GitHub…
A threat actor using the alias Databasehooligan claims to be selling data allegedly taken from Nitaqat, a Saudi Arabian portal. The listing reportedly includes about 437,000 records containing contacts, support tickets, booking history, and related business details. #Nitaqat #Databasehooligan #SaudiArabia…
A threat actor using the alias MagoSpeak claims to have leaked a database allegedly belonging to Instituto Tecnológico de Zacatepec, a public technological institute in Morelos, Mexico. The post presents the incident as an alleged student database leak involving the Mexican institution. #MagoSpeak #InstitutoTecnológicodeZacatepec…