BlackFile Group Targets Retail and
Researchers uncover a new data theft and extortion group dubbed “BlackFile”
2026 Data Breaches Year-to-Date (643 indexed)
Medtronic
Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to
Vidar Infostealer Spreads via Fake
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.
Medtronic
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]
Regulator fines Fidelity Brokerage Services
Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that re
Major critical infrastructure supplier
Itron, which makes devices that measure energy usage and control other infrastructure, said its operations were continuing, despite the intrusion.
Udemy
1,401,259 records exposed — Email addresses, Employers, Job titles, Names and 3 more
TH: Hacker steals personal data
The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in
KR: Data of 100,000 leaked
Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after
Samsung MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
SimpleHelp SimpleHelp
SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).
SimpleHelp SimpleHelp
SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be
D-Link DIR-823X
D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to
Zimbra servers vulnerable to ongoing
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
UK Biobank Data Breach: Health
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed
In Other News
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized Mythos Access, Planke
Hasbro expects March cyberattack to
The toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.
Carnival
7,531,359 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 3 more
New BlackFile extortion group linked
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]
China-linked threat actors use consumer
UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that Chin
Marimo Marimo
Marimo Remote Code Execution Vulnerability — Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
RAMP Uncovered
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of h
RAMP Uncovered
Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alon
Luxury Cosmetics Giant Rituals Discloses
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek.