Eurail B.V. confirmed that customer data stolen in a breach earlier this year is being offered for sale on the dark web and a sample of the data was published on Telegram. The company is investigating which records and how many customers were affected, has notified data protection authorities under the GDPR, and advises customers to change Rail Planner passwords, reset reused credentials, and monitor bank accounts. #Eurail #Telegram #GDPR #RailPlanner #DiscoverEU
Tag: DARK WEB
Figure confirmed a data breach after an employee fell for a social engineering attack that allowed hackers to steal a limited number of files. ShinyHunters claimed responsibility and released about 2.5GB of stolen data while Figure notifies affected individuals and offers free credit monitoring. #Figure #ShinyHunters…
A threat actor using the handle Shenron claims to have leaked Neotel’s database, exposing 773,757 customer and call records. The breach reportedly occurred in 2025 with the data released in 2026 and is categorized as a medium-severity open-web data breach. #Shenron #Neotel…
The intrusion began with a valid RDP login using pre-compromised credentials and progressed through rapid discovery, lateral movement, and persistent account creation before data exfiltration and a final ransomware deployment. The actor exfiltrated archives to temp.sh and deployed Lynx ransomware, leveraging infrastructure tied to Railnet LLC/Virtualine. #Lynx #RailnetLLC
ResPublica claims it breached Radius Global Solutions LLC in January 2026, compromising one of the company’s contact center branches. The actor’s listing alleges exposure of employee HR records and client information, and Radius was reportedly notified in January but had not publicly disclosed the breach by February 2026. #RadiusGlobalSolutions #ResPublica…
A threat actor using the handle Reve posted an auction offering full unauthorized access — WordPress admin panel, web shell, and database — to an unidentified US-based e-commerce shop. The site runs on WordPress with native Authorize.net payments and logged 952 orders between November 2025 and February 2026, with the actor…
Anon-WMG posted a forum listing claiming unauthorized FTP server access to an unidentified France-based Content & Collaboration Software company, asserting access to over 2,000 files totaling more than 150 GB. Exposed data reportedly includes VPN configurations, server and database files, backups, and contracts, and the actor is offering the FTP access…
CloudSEK researchers infiltrated a newly launched Gunra affiliate program in January 2026, obtaining RaaS management panel credentials and a live ransomware sample for detailed technical analysis. The Gunra locker is an offline-capable, multi-threaded encryptor that uses per-file ChaCha20 keys protected with RSA-4096, selective system exclusions, .ENCRT renaming, and a Tor-based payment portal. #Gunra #CloudSEK
The Gentlemen is an operationally disciplined ransomware group first observed in mid-to-late 2025 that conducts double‑extortion attacks across Windows, Linux, NAS, BSD, and ESXi environments using password‑protected, operator-driven builds. Their campaigns leverage exposed internet-facing services and compromised administrative credentials, and victims have been publicly listed on a Dark Web leak site. #TheGentlemen #ESXi
A threat actor using the handle “Angel_Batista” claims to have leaked 348,346 records from French insurer Maxance and posted the listing on a breach forum. The full dataset is locked behind a paywall requiring 30 forum points, and exposed samples indicate the records relate to automobile insurance policies and vehicle details….
A threat actor using the handle outcaaaast claims to have leaked Pepe’s Piri Piri’s complete customer database, posting 2,142,234 records allegedly exported from the company’s production database. The listing was published on the open web and the incident is recorded with medium severity in the report. #outcaaaast #PepesPiriPiri…
A single InfoStealer infection on a Lebanon-based machine likely owned by ISIS cell commander Qasura exposed years of encrypted XMPP chat logs, explosive synthesis manuals, and operational files that confirm IED attacks and cross-border logistics. The compromise allowed full mapping of the cell’s hierarchy, finances, smuggling routes, and sharia-sanctioned violence, showing how endpoint compromise can defeat messaging encryption. #InfoStealer #Qasura
Conpet, Romania’s national oil pipeline operator, confirmed a major cyberattack after the Qilin ransomware group claimed to have stolen nearly 1TB of sensitive data. Hudson Rock traced the breach to a single Infostealer infection on an IT employee’s personal computer on January 11, 2026, which leaked credentials (including WSUS and Cacti access) that enabled a likely full network takeover. #Qilin #Infostealer #Conpet #WSUS
A threat actor using the handle “GordonFreeman” posted a listing claiming to sell access to a vulnerability in Air France that allows entry to an administrative panel. The listing alleges a data extraction method that could expose roughly 2 million customer purchase records and includes samples referencing the Flying Blue frequent…
A threat actor group named KaruHunters posted a listing claiming to sell data allegedly stolen from Indian IT services firm Leora Infotech Private Limited. The listing alleges 35,000 user records were breached on February 6, 2026, and are being offered for $200 with negotiation, with the breach exposed on the open…