ZenBusiness
5,118,184 records exposed — Email addresses, Names, Phone numbers
2026 Data Breaches Year-to-Date (643 indexed)
Carding service Jerry’s Store leak
Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly
Story retracted
BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incide
Unprecedented
Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its
Aman
215,563 records exposed — Dates of birth, Email addresses, Genders, Language preferences and 6 more
NYSDFS Secures $2.25 Million Cybersecurity
There is an update regarding the 2023 Delta Dental breach involving MOVEit software. Delta Dental was one of many customers whose patient data was exposed after Clop exploited a zero-day vulnerability to attack MOVEit an
15-year-old detained over French govt
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. [...]
Cybercrime Groups Using Vishing and
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
30,000 Facebook Accounts Hacked via
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed Ac
In Other News
Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT. The post In Other News: Scattered Spider Hacker Arreste
Sandhills Medical Says Ransomware Breach
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom. The post Sandhills Medical Says Ransomware Breach Affects 170,000 appeared first on SecurityWeek
SAP npm package attack highlights
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affecte
Private Chats, Photos of Celebs
Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files.
15-year-old arrested in massive French
France has arrested numerous young hackers in the past decade. You’d think — or hope — that they might have developed an effective diversion program by now. Have they? That’s not to imply that oth
Moldova’s health insurance agency reports
The agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information.
France investigates 15-year-old over alleged
The minor was taken into police custody on April 25 on suspicion of involvement in a data breach affecting the National Agency for Secure Documents (ANTS), which processes applications for passports, national identity ca
WebPros cPanel & WHM and WP2 (WordPress Squared)
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability — WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerabil
Misconfigured Server Run by Hackers
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw.
Hackers arrested for hijacking and
The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. [...]
Polymarket Rejects Data Breach Claims
A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.
All supported cPanel versions
cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that coul
AR: Pine Bluff School District
THV11 News reports: Pine Bluff School District Superintendent Dr. Jennifer Barbaree broke her silence Monday evening after a cyberattack that cost the district millions. According to district officials, the incident happ
Almost one year after discovery,
On April 28, Sandhills Medical Foundation in South Carolina notified the Maine Attorney General’s Office of a data breach that affected a total of 169,017 people, only 8 of whom are Maine residents. Their notificat
Hundreds of Internet-Facing VNC Servers
Forescout has identified tens of thousands of exposed RDP and VNC servers that can be mapped to specific industries. The post Hundreds of Internet-Facing VNC Servers Expose ICS/OT appeared first on SecurityWeek.