In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that...

Source

Yes, another entry in our “no need to hack when it’s leaking” archives, and another example of entities trying to excuse their security  failures by claiming they were “hacked.” Danny Bradbury cuts to the chase: Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the...

Source

MITSloan reports: The intelligence alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, commonly known as Five Eyes, has raised concerns over rapidly advancing artificial intelligence, which can supercharge offensive hacking capabilities. In a three-page statement, the alliance called for urgent action to confront the threat. “Frontier AI models are anticipated to...

Source

Over on SuspectFile, Marco A. De Felice reflects on how we may overfocus on identifying threat actors exploiting vulnerabilities while failing to focus enough on root causes and incident response. He highlights what he calls a structural fragility that cannot be ignored: that many organizations continue to collect, centralize, and retain vast amounts of sensitive...

Source

On April 19, 2026, Cherry Health in Michigan detected suspicious network activity. Investigation revealed that an unknown person or persons had gained access to its network and copied data. On June 18, Cherry Health published a preliminary notice on its website.  The notice makes no mention of any earlier reporting on the incident that had...

Source

In February 2025, after the Medusa ransomware gang claimed responsibility for an attack on the UK healthcare provider HCRG Care Group, HCRG confirmed it had been breached but would only say it was investigating. While they remained silent, SuspectFile obtained and reported on data provided to them by Medusa. SuspectFiles‘s reporting made it clear that...

Source

In Part 1,  DataBreaches published some totals and aggregate data from the recent Global Schools Group data breach. All analyses and statistics were provided to this site by FulcrumSec, who had attacked Global Schools Group (GSG) and exfiltrated the data. Data from three of GSG’s school brands were included in Part 1. Data for the...

Source

The Navigate360 (“P3”) data breach seems to finally be getting some attention in Canada. Nicole O’Reilly reports: Hamilton police say they’ve been made aware that a cybersecurity incident earlier this year affecting a U.S.-based online platform includes a breach of Crime Stoppers of Hamilton data. The P3 platform, owned by Navigate360, is under contract with...

Source

This is the first part of a two-part report of findings from the Global Schools Group data breach. All statistical analyses and findings were provided to DataBreaches by FulcrumSec, and are presented to assist those investigating the breach as well as parents and employees who might be concerned as to what types of data were...

Source

From Arctic Wolf: Summary In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries....

Source

Alexander Martin reports: GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide. The reports, submitted by threat intelligence group Deep Specter Research through GitHub’s bug disclosure channel on HackerOne, were both closed...

Source

Yesterday, DataBreaches reported that FulcrumSec had hacked Danish pharmaceutical giant Novo Nordisk. FulcrumSec followed up on that reporting by releasing their own very detailed report on their dark web leak site about the incident and what they had acquired. This morning, DataBreaches woke up to find messages waiting on Signal from someone claiming they, too, had hacked...

Source

Danish pharma giant Novo Nordisk disclosed a cybersecurity incident last week, and although the firm’s name may not be familiar to everyone, they are a major producer of insulin and semaglutide. Semaglutide is marketed as Wegovy for weight loss and Ozempic for Type 2 diabetes. In its June 11 update, the firm stated that the...

Source

From Mandiant and Google Threat Intelligence Group, an advisory: Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote...

Source

Brian Krebs reports: A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the...

Source

In 2022, DataBreaches wondered whether a group with no name might be the most successful group we had never heard about. Our impression that the group was unique was somewhat confirmed in 2024, when it walked away from a ransom offer of $1.8 million.  More recently, the group, now commonly referred to as the “Silent...

Source

Tiffany Wang reports: IBM and AT&T lacked basic security controls and hid nation-state hacking breaches from the government, a former IBM threat intelligence official alleged in a newly unsealed lawsuit. Former IBM Vice President of Threat Intelligence William Barlow claimed the companies did not keep logs for AT&T-managed VPN connections into IBM cloud services and...

Source

DataBreaches recently recommended an article by Alberto Daniel Hill about digital security in Argentina, Uruguay, and Mexico. In describing his article, DataBreaches reported: In one section of his report, Hill calls out a company for allegedly manufacturing cyber threats, which he claims they then use to create public panic through media amplification. With the public...

Source

Steve Zurier reports: The Cloud Security Alliance (CSA) found that 80% of organizations that miss the 24-hour patch window report security incidents involving known vulnerabilities. CSA’s study, released June 2, also found that even pre-production controls are not stopping known flaws in the AI age as 82% of organizations lack real-time visibility into AI runtime behavior....

Source

Alberto Daniel Hill’s report is a must-read for anyone who wants to begin to understand what is going on in Argentina, Uruguay, and Mexico with respect to digital security. One of the many limitations of being a solo blogger is that there are entire areas of the world or sectors I basically know nothing about...

Source