top of page
ALL POSTS
Russian Authorities Arrest Alleged LeakBase Admin Behind Stolen Data Marketplace
Key Findings Russian authorities arrested the alleged administrator of LeakBase, a major cybercrime marketplace operating since 2021 The suspect, a resident of Taganrog, is accused of running a platform with over 147,000 users trading stolen data and credentials LeakBase was dismantled in early March 2024 through "Operation Leak," a coordinated international effort involving 14 countries The forum hosted hundreds of millions of compromised account credentials, financial infor
Mar 262 min read
Russian Hacker Sentenced to 6.75 Years for $9 Million Ransomware Campaign
Key Findings 26-year-old Russian citizen Aleksei Olegovich Volkov sentenced to 81 months in prison for ransomware facilitation Volkov operated as initial access broker, providing unauthorized network access to ransomware groups including Yanluowang Facilitated dozens of attacks causing over $9 million in confirmed losses and $24 million in intended losses Arrested in Italy January 2024, extradited to U.S., pleaded guilty November 2025 Must pay $9.1 million in restitution to v
Mar 242 min read
AI-Powered Phishing Campaign Breaches Hundreds of Organizations Worldwide
Key Findings Hundreds of organizations compromised through AI-generated phishing campaign leveraging Railway cloud platform Attackers achieved massive scale increase starting March 3, with 50+ new compromises daily as of late March Campaign exploits Microsoft device authentication flow, granting 90-day OAuth tokens without passwords or MFA Affected sectors include construction, law, nonprofits, real estate, manufacturing, finance, healthcare, and government Huntress identifie
Mar 243 min read
Payload Ransomware Claims the Hack of Royal Bahrain Hospital
Key Findings Payload Ransomware claims to have breached Royal Bahrain Hospital (RBH) 110 GB of data allegedly stolen Threat to release data if ransom not paid by March 23, 2026 Attack targets a healthcare facility serving multiple Middle Eastern countries Background Royal Bahrain Hospital, established in 2011, is a 70-bed healthcare facility providing comprehensive medical services including surgery, maternity care, and diagnostics. Located in Bahrain, the hospital serves pat
Mar 151 min read
Divine Skins - Breached Accounts Exposed
Key Findings * Divine Skins data breach exposed 105,814 user accounts * Unauthorized third party accessed systems and deleted all skins from database * Exposed data included email addresses, usernames, and purchase history * Breach disclosed via Discord server in March 2026 Background Divine Skins is a custom League of Legends skin service that allows players to modify their in-game character appearances. The platform has been operating for several years, providing unique cos
Mar 151 min read
Telus Data Breach: ShinyHunters Claims 1 Petabyte Theft Confirmed
Key Findings * ShinyHunters claims to have stolen approximately 1 petabyte of data from Telus Digital * Breach discovered through stolen Google Cloud Platform credentials from a previous Salesforce-related hack * Telus confirms unauthorized access to internal systems * No disruption to customer services reported * Investigations and forensic analysis are ongoing Background Telus Digital, a subsidiary of Canadian telecommunications giant Telus, provides business process outsou
Mar 142 min read
Bell Ambulance Data Breach Impacts Nearly 238,000 Individuals
Key Findings * Bell Ambulance experienced a data breach affecting 237,830 individuals * Unauthorized network access occurred in February 2025 * Medusa ransomware group claimed responsibility for the attack * Exposed data includes personal, financial, and medical information * Company offered 12 months of free credit monitoring to affected individuals Background Bell Ambulance is an emergency medical services provider based in Milwaukee, Wisconsin. The organization offers ambu
Mar 122 min read
Salesforce Experience Cloud Targeted by Threat Actors Leveraging Modified AuraInspector Tool
Key Findings Threat actors are mass-scanning publicly accessible Salesforce Experience Cloud sites using a modified version of the open-source AuraInspector tool. The modified tool is capable of extracting data by exploiting overly permissive guest user settings, allowing access to sensitive CRM data. The activity does not involve a vulnerability in the Salesforce platform but targets customer configuration issues. The campaign is attributed to a known threat actor group, pos
Mar 102 min read
Operation Leak: Dismantling the LeakBase Cybercrime Forum
Key Findings The Federal Bureau of Investigation (FBI) seized the LeakBase cybercrime forum (leakbase[.]la) as part of "Operation Leak", an international crackdown led by Europol. LeakBase was a key hub in the cybercrime ecosystem, specializing in trading leaked databases and "stealer logs" containing compromised credentials. The forum had over 142,000 registered users, approximately 32,000 posts, and more than 215,000 private messages as of December 2025. Law enforcement age
Mar 52 min read
Cybercriminals Leverage AI 'Claude' to Breach Mexican Government Agencies
Key Findings Hackers abused Anthropic's Claude AI model to develop exploits, create custom tools, and automate the exfiltration of over 150GB of data in a cyberattack targeting Mexican government systems. The attackers compromised 10 Mexican government agencies and a financial institution, starting with the tax authority in December 2025. Hackers sent over 1,000 prompts to Claude and used OpenAI's GPT-4.1 to analyze stolen data. By bypassing AI guardrails and framing actions
Mar 12 min read
Canada Goose - 581,877 Accounts Breached
Key Findings In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses, and partial credit card data. Canada Goose stated that the data "appears to relate to past customer transactions" and originated from a breach at a third party in August 2025. The most recent transaction date in the
Feb 171 min read
Fintech Firm Figure Discloses Data Breach After Phishing Attack
Key Findings Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack Hackers were able to access and steal a limited number of files, including personally identifiable information (PII) of Figure's customers The cybercrime group ShinyHunters claimed responsibility for the breach and released about 2.5GB of stolen data, which included names, addresses, birth dates, and phone numbers Figure has started notifying
Feb 142 min read
Instagram Data Breach Affects Millions of Users
Key Findings: A massive data breach has exposed the personal information of about 17.5 million Instagram users. The exposed data includes usernames, physical addresses, phone numbers, and email addresses. Cybercriminals have stolen this sensitive information and are selling it in batches on dark web forums. Affected users have reported receiving password reset emails, raising concerns about ongoing phishing attempts. Security experts warn this breach poses serious privacy and
Jan 112 min read
Stolen LastPass Vault Backups Enable Crypto Theft Through 2025
Key Findings Encrypted vault backups stolen in the 2022 LastPass breach are still being cracked, enabling crypto theft as late as 2025. Attackers have drained over $28 million in crypto by exploiting weak master passwords to decrypt the stolen vaults. The funds were laundered through Russian cybercrime infrastructure, including mixers and high-risk exchanges. TRM Labs' analysis indicates likely Russian criminal involvement in monetizing the LastPass breach. Background In 2022
Dec 28, 20252 min read
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
Key Findings Everest ransomware group claims to have breached Chrysler systems and stolen over 1TB of data Stolen data includes extensive customer, dealer, and internal records spanning 2021-2025 Over 105GB of Salesforce-related information is reportedly part of the stolen data Screenshots show customer interaction logs, agent work logs, and potential HR/identity records Everest has threatened to publish the full dataset and audio recordings if demands are not met Chrysler ha
Dec 27, 20252 min read
The Botting Network Data Breach Aftermath
Key Findings The Botting Network, a forum for making money with botting, suffered a data breach in August 2012. The breach exposed 96,000 user records, including email addresses, usernames, dates of birth, and salted MD5 password hashes. The breach poses risks such as potential phishing attacks, identity theft, and other security concerns. Background In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96,000 user r
Dec 18, 20252 min read
Experts Discover Massive Unsecured Database with 4.3B Records
Key Findings A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social
Dec 15, 20252 min read
Coupang Data Breach Exposes 33.7 Million South Korean Accounts
Key Findings Coupang, a major e-commerce company in South Korea, has suffered a massive data breach affecting over 33.7 million accounts - more than half of the country's population. The breach was initially detected on November 18, 2025, when suspicious activity was observed on around 4,500 accounts. Further investigation revealed that the breach actually dated back to late June 2025 and had compromised the personal information of nearly the entire Coupang user base. Exposed
Dec 2, 20253 min read
OpenAI Assures Customers After Mixpanel Breach Exposes Some API User Data
Key Findings OpenAI confirmed a data breach involving its third-party analytics provider Mixpanel The breach exposed limited API user metadata like names, emails, locations, and browser info No passwords, API keys, chat content, or payment data were involved Regular ChatGPT users were not affected, only those interacting with the OpenAI API Background OpenAI, the company behind the popular AI assistant ChatGPT, has confirmed a data breach involving Mixpanel, a third-party ana
Nov 27, 20252 min read
Eurofiber - 10,003 breached accounts - IT Security News
Key Findings Eurofiber France disclosed a data breach of its ticket management platform in November 2025 The breach resulted in the exposure of 10,003 unique email addresses, and a smaller number of names and phone numbers A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files Background In November 2025, Eurofib
Nov 20, 20252 min read
bottom of page
