CISA
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion atta
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million
Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO. The post In Other News: DHS Database Hacked, Ad
Akira ransomware attack on US law firm
4K code repositories stolen by TeamPCP group
24B stolen credentials exposed in public database
INC_RANSOM ransomware hits city systems
280M student and staff records stolen via ShinyHunters
300+ instances breached across 100 orgs via zero-day
300+ instances hit, 100+ orgs, HR/payroll data stolen
300 instances across 100 orgs breached
62.2M SSNs and medical records exposed in ransomware
SSNs and banking data stolen from US and Canadian employees
8.8TB senior patient clinical records stolen by ShinyHunters
Clinical trials and patient data stolen from internal IT systems
35GB source code and Azure keys stolen and listed for sale
62.2M SSNs and medical records exfiltrated
HSIN intelligence platform breached late May 2026
Ransomware attack on Canadian energy manufacturer
24B stolen credentials exposed online