Cyber Attack & Data Breach

Glasgow School of Art experienced an IT disruption that blocked students and staff from accessing email and online services. The school described it as a temporary technical issue, but employees still had to appear in person to reset their passwords. #GlasgowSchoolOfArt

A threat actor using the alias 2019 claims to have leaked a database allegedly belonging to Hampr, an Australian workplace catering and food management platform. The alleged leak reportedly contains more than 360,000 records tied to office meals, corporate catering, pantry supplies, and workplace events. #Hampr #2019…

ChimeraZ claims to have leaked a database allegedly tied to Amepi, the French cooperative real-estate platform for sharing exclusive listings. The reported leak is said to include about 6,000 records and could expose data linked to real-estate agencies using the service. #ChimeraZ #Amepi…

A threat actor using the alias Moelester claims to be selling an alleged dataset tied to Swiss Medical, a major Argentine private healthcare and health-insurance company. The claimed data sale involves about 458,000 member records and could expose sensitive customer information. #SwissMedical #Moelester…

The Center for Political Education in Rhineland-Palatinate was hit by a cyberattack, forcing it to isolate its websites and memorial sites, which are now inaccessible. The institution is investigating whether subscriber and customer data may have been exfiltrated in the incident. #LandeszentralefürpolitischeBildung #lpb.rlp.de

A threat actor using the alias xMetah claims to be selling a database allegedly tied to Resana, a French government collaboration platform hosted on numerique.gouv.fr. The alleged dump is said to contain 990,000 user records, raising concern about possible exposure of government platform data. #Resana #xMetah #numeriquegouvfr…

A threat actor known as ChimeraZ claims to have leaked a database allegedly tied to Figaro Immobilier / Explorimmo, a French real-estate platform. The alleged leak is said to involve about 100,000 invoices and could expose sensitive business and customer-related information. #ChimeraZ #FigaroImmobilier #Explorimmo…

MedusaLocker3, also known as FarAttack, is an updated Rust-based ransomware variant that is being deployed alongside GlobeImposter 2.0, with both strains using the same file extensions in some attacks. The group leaves multiple ransom note formats and a long PERSONAL ID in the notes, while victims report signs of RDP compromise, Mimikatz use, and antivirus removal before encryption. #MedusaLocker3 #FarAttack #GlobeImposter20 #Mimikatz #RDP

ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French real-estate virtual tour platform used by agents to create and share property presentations. The alleged breach is said to involve 138,000 records and may expose sensitive user and business data. #EnVisite #ChimeraZ…

The Municipality of Serpa was targeted by an external attack against its IT infrastructure, and the incident was promptly reported to the competent authorities, including the National Cybersecurity Center. While the system is considered secure, municipal services are still operating under constraints, including the loss of fixed and mobile communications. #MunicipalityofSerpa #NationalCybersecurityCenter #Serpa

Extortion campaigns are increasingly relying on data theft instead of encryption, with threat actors like ShinyHunters, CLOP, and TeamPCP using faster exfiltration, supply chain compromise, and vishing to pressure victims into paying. Regulators, class-action risk, and frontier AI models such as Mythos are reshaping the threat landscape by compressing attack timelines and making pure data extortion more effective. #ShinyHunters #CLOP #TeamPCP #BlingLibra #HazyScorpius #LAPSUS #Vect #BlackFile #Mythos

A threat actor using the alias bacen claims to have 43,847,219 iFood customer records and is allegedly trying to extort the Brazilian food-delivery giant. The exposed data is said to include CPF national IDs, full names, emails, phone numbers, and credit-card information, raising serious risk for iFood customers. #iFood #bacen #CPF…

Hackers breached Portraitbox, a photo service used by photographers in Rhineland-Palatinate, and stole children’s photos, email addresses, delivery addresses, and passwords. Authorities say the attackers are trying to extort the company, while affected families should change passwords and avoid clicking suspicious links. #Portraitbox #RheinlandPfalz #BSI

This write-up reconstructs an Akira-attributed intrusion by joining SSLVPN syslog with Windows EVTX to show how the attackers gained access, escalated privileges, and prepared for ransomware deployment. It highlights that the most useful defensive evidence appears before encryption, including brute-force login attempts, Kerberoasting, RDP movement, log clearing, and shadow copy deletion. #Akira #Kerberoasting #nltest #vssadmin

Grafana Labs disclosed that a targeted attack tied to the Mini Shai-Hulud npm worm and a poisoned TanStack package led to source code theft and a ransom demand, but its production environments and Grafana Cloud infrastructure were not affected. The company said the attackers only achieved read-only access to GitHub repositories…

TeamPCP claims to be directly selling stolen GitHub source code and internal data, while GitHub has confirmed that about 3,800 internal repositories were exfiltrated. The breach is linked to a compromised Visual Studio Code extension used in a supply-chain worm campaign that harvested credentials and exposed code for GitHub Copilot, GitHub…

A threat actor using the alias Databasehooligan claims to be selling data allegedly taken from Nitaqat, a Saudi Arabian portal. The listing reportedly includes about 437,000 records containing contacts, support tickets, booking history, and related business details. #Nitaqat #Databasehooligan #SaudiArabia…

A threat actor using the alias MagoSpeak claims to have leaked a database allegedly belonging to Instituto Tecnológico de Zacatepec, a public technological institute in Morelos, Mexico. The post presents the incident as an alleged student database leak involving the Mexican institution. #MagoSpeak #InstitutoTecnológicodeZacatepec…

A threat actor known as ChimeraZ claims to have leaked a database allegedly linked to FNHPA, France’s main campsite and outdoor-hospitality federation. The reported leak is said to include about 9,000 member records and invoice data, potentially exposing sensitive organizational information. #ChimeraZ #FNHPA…

A threat actor calling themselves azazeljakel claims to have gained administrator access to preparados.gob.mx, the training portal of Mexico’s Coordinación Nacional de Protección Civil. The actor also alleges exfiltrating the user list, suggesting a potential admin compromise and credential leak affecting the civil protection platform. #azazeljakel #preparadosgobmx #CoordinaciónNacionaldeProtecciónCivil…