Verizon DBIR
Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
2026 Data Breaches Year-to-Date (848 indexed)
Trump Mobile
Lorenzo Franceschi-Bicchierai reports: Phone provider Trump Mobile has confirmed that it was exposing customers’ names, email addresses, mailing addresses, cell numbers, and order identifiers to the open internet. Chris
Proposed State Laws For Breach
Joseph Lazzarotti of JacksonLewis writes: State breach-notification laws continue to evolve, and legislatures are using 2026 sessions to tighten consumer protections and shift the civil liability landscape that often fol
Hackers steal patient and billing
Daryna Antoniuk reports: German university hospitals are grappling with a large-scale patient data breach after unknown hackers targeted an external billing service provider used by medical centers across the country, ac
Identity as the primary attack
The “retro” way “The thing about the old days is… they are the old days” – Slim Charles, The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Bus
Hackers breach two Vietnamese ministerial
Vietnamnet Global reports: Speaking at the Vietnam Security Summit 2026 on May 22, Lieutenant Colonel Tran Trung Hieu, Deputy Director of the National Cybersecurity Center and Director of VNCERT under the Ministry of Pub
Radiology Associates of Richmond
On July 1, 2025, Radiology Associates of Richmond (“RAR”) reported a breach to HHS that had occurred in April 2024 and affected more than 1.4 million patients. By the end of July 2025, the well-known radiolo
Fake Gemini and Claude Code
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
Langflow Langflow
Langflow Origin Validation Error Vulnerability — Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=Non
Grafana Labs links GitHub environment
The company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security.
Trend Micro Apex One
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability — Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key tab
Europol Seizes First VPN Used
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.
Grafana Labs Says Code Breach
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Dragonica Lunaris
126,293 records exposed — Dates of birth, Email addresses, Names, Passwords and 2 more
Operation Saffron
Bitdefender reports: An international law enforcement operation led by France and the Netherlands dismantled First VPN, a cybercriminal anonymization service used by ransomware actors, fraudsters, and data thieves across
GitHub Internal Repositories Breached via
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS C
Google accidentally
Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. [...]
Windows93 / Myspace93
46,105 records exposed — Email addresses, IP addresses, Passwords, Usernames
Global law enforcement operation takes
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a
Hackers steal patient and billing
The large-scale data breach reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals.
7-Eleven confirms breach after ShinyHunters
The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.
GitHub Confirms Breach, 4K Internal
Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.
Grafana breach caused by missed
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]
SHub Reaper impersonates Apple, Google,
A newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dub