If there were a soundtrack for this post, it would be Queen’s “Another One Bites the Dust.” There’s another chapter in the ongoing drama that is “BreachForums.” Yesterday,  the BreachForums clone at breached[.hn]  was listed for sale for $3k USD. By today, they had dropped the price to $ 1,500 USD and still couldn’t seem...

Source

June was a challenging month for Novo Nordisk regarding cybersecurity and intellectual property protection. The pharma giant allegedly had some of its data — including intellectual property — stolen by two independent groups of threat actors. Unaware of each other, each group claimed to have acquired a large amount of valuable information. One demanded $25...

Source

Another day, another injunction. When DataBreaches read the news headline, our first thought was that this was an injunction sought by Global Schools Group. Our first impression was correct, but it took a reminder from FulcrumSec to realize that it was GSG-connected.  Ananya Iyer  reports: The Bombay High Court issued an interim order restraining the...

Source

Alexandra Posadzki reports: Canadian hacker Aubrey Cottle has pleaded guilty to three charges stemming from a cyberattack linked to notorious hacktivist group Anonymous on the Texas Republican Party. Mr. Cottle, who appeared in court in Newmarket, Ont., on Thursday, pleaded guilty to fraudulently obtaining a computer service, namely the systems of web-hosting company Epik, causing mischief...

Source

The Navigate360 (“P3”) data breach seems to finally be getting some attention in Canada. Nicole O’Reilly reports: Hamilton police say they’ve been made aware that a cybersecurity incident earlier this year affecting a U.S.-based online platform includes a breach of Crime Stoppers of Hamilton data. The P3 platform, owned by Navigate360, is under contract with...

Source

Alexander Martin reports: GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide. The reports, submitted by threat intelligence group Deep Specter Research through GitHub’s bug disclosure channel on HackerOne, were both closed...

Source

Harriet Alexander and Julie Lewis report: The privacy watchdog has ordered American Express to rectify security flaws in five of its data systems to guard against “insider threats” and to restrict employee access to specific customer information to protect vulnerable and high-profile customers. Privacy Commissioner Carly Kind found the payments giant had “failed to implement...

Source

Bhaswati Guha Majumder reports: The cybercrime group ShinyHunters has claimed responsibility for a major breach involving the Council of Europe, threatening to publish hundreds of gigabytes of allegedly stolen data unless its demands are met by 16 June. The claim comes in the wake of a confirmed cybersecurity incident affecting European infrastructure. According to information...

Source

Nate Raymond reports: A suspected Russian hacker is now in U.S. custody following his arrest in Thailand last year and has been charged with facilitating a campaign of cyberattacks carried out by a Russia-aligned group that victimized numerous U.S. companies. Denis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday in...

Source

Deon Guillory reports: St. George Fire Protection District No. 2 filed a lawsuit against its former IT security provider, alleging the company’s failures led to a cyberattack that compromised the fire district’s network. The lawsuit, filed March 20 in the 19th Judicial District Court, claims General Informatics LLC breached its contract and fiduciary duty by...

Source

Waqas reports: Meta has disclosed a security incident involving an Instagram account recovery tool after attackers used a flaw to send password reset links to email addresses that were not connected to the targeted accounts. According to a data breach notice filed with the Maine Attorney General’s Office, Meta Platforms said the issue affected 20,225 people in...

Source

Jacob Goldberg and Irwin Loy report: A cyber-attack targeting the World Food Programme has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date. WFP is investigating a “security-related incident” in which “unauthorised actors” accessed...

Source

There’s a follow-up to the case of a  motor insurance worker who received a suspended prison sentence for unlawfully accessing personal information. On May 21, the Information Commissioner’s Office (ICO) announced that it had secured a £355,880.10 confiscation order against the former Manchester motor insurance worker, Rizwan Manjra. A statement by the ICO indicates that...

Source

Officials allege that WorkTitans and MIRhosting were used to facilitate pro-Russian hackers and evade EU sanctions. Huib Modderkolk and Henrik Moltke write: Youssef Z. may have seen trouble coming. The 57-year-old entrepreneur and organizational consultant from Amsterdam, arrested at his home in the early hours of Monday 18 May by agents of the Dutch fiscal investigation...

Source

Jordan Ercit reports: Jacob Butler, 23, who was arrested Wednesday by OPP, also facing aiding and abetting computer intrusion charge in Alaska A 23-year-old Ottawa man is facing extradition to the United States after being accused of involvement in massive cyberattacks that affected more than a million devices worldwide. Ontario Provincial Police said their cybercrime...

Source

Bitdefender reports: An international law enforcement operation led by France and the Netherlands dismantled First VPN, a cybercriminal anonymization service used by ransomware actors, fraudsters, and data thieves across every major cybercrime investigation Europol has supported in recent years. Bitdefender supported the investigation through Europol, helping generate intelligence that exposed hundreds of individuals linked to cybercrime....

Source

Adil Faouzi reports:  Global cybersecurity firms Kaspersky and Group-IB have disclosed their contributions to Operation Ramz, the first large-scale cybercrime crackdown coordinated by INTERPOL across the Middle East and North Africa region. The operation, which ran from October 2025 to February 2026, brought together 13 countries and resulted in 201 arrests, with 382 additional suspects...

Source

In August 2025, research agency Bevolkingsonderzoek Nederland revealed that half a million women who had undergone cervical cancer screening had their data stolen. The research agency paid Nova ransomware gang’s demand, which Nova confirmed, but then the criminals turned around and seemingly demanded even more money because the lab had spoken with police. Or at...

Source

Ah, more drama in the cybercrime ecosystem.  Matthew J. Schwartz reports: A ransomware organization is suffering an extreme case of turnabout is fair play through a data breach that splaying internal correspondence across the internet. “The Gentlemen” surfaced as a ransomware-as-a-service organization in mid-2025 with – as SOCRadar has noted – little intention of playing nice. Hints...

Source

Jung Da-hyun reports: A recent data breach at the National Center for the Rights of the Child (NCRC), exposing sensitive personal records of adoptees, is drawing criticism from overseas adoptee groups and raising questions about the agency’s credibility. The breach, which the NCRC said occurred between April 30 and May 2, came to light when...

Source