Breach Notes

ChipSoft Ransomware Attack - Dutch Hospital Patient Records Software

On April 7, 2026, ChipSoft — a Dutch healthcare IT company providing Electronic Patient Dossier (EPD/HiX) software to approximately 80% of all Dutch hospitals — was hit by a …

Massachusetts Healthcare System Ransomware — Ambulance Diversion, Downtime Procedures

On approximately 7 April 2026, a Massachusetts healthcare system disclosed it was experiencing a cyberattack that forced the organisation to divert ambulance patients to other …

SEC Form 8-K

Bitcoin ATM operator Bitcoin Depot has disclosed a March 23 hack in which attackers stole 50.903 BTC (~$3.67 million) from company wallets. According to the company's disclosure …

Cisco Source Code Stolen via Trivy Supply Chain Attack (TeamPCP)

In early April 2026, Cisco disclosed that attackers leveraged credentials stolen through the March 2026 Trivy supply chain compromise (attributed to TeamPCP / UNC6780) to penetrate …

"Drift says $280M exploit tied to 'sophisticated' admin takeover; ZachXBT criticizes Circle over USDC handling"

The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: "Drift Protocol is experiencing …

Drift Protocol $285M DPRK Social Engineering Exploit

On April 1, 2026, UNC4736 (North Korean state-sponsored TraderTraitor group) executed a 12-minute, 31-transaction drain of $285 million from Drift Protocol, the largest Solana DeFi …

Axios npm Supply Chain Compromise - Sapphire Sleet (DPRK) RAT Delivery

On March 31, 2026, Sapphire Sleet (a North Korean state-sponsored threat actor tracked by Microsoft) published two malicious versions of axios (1.14.1 and 0.30.4) to npm. Axios is …

TeamPCP Telnyx Python SDK PyPI Supply Chain Compromise

On March 27, 2026 at 03:51 UTC, TeamPCP published two unauthorized malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI. Both versions were quarantined by 10:13 …

LiteLLM PyPI Supply Chain Attack - Mercor AI Breach (TeamPCP / Lapsus$)

On March 27, 2026, TeamPCP (a threat group also linked to the European Commission cloud breach) compromised PyPI publishing credentials for LiteLLM, a widely used open-source …

Die Linke German Political Party Qilin Ransomware Attack

On March 26, 2026, the Qilin ransomware group (described as Russian-speaking and both financially and politically motivated) attacked Die Linke, a left-wing democratic socialist …

NYC Health + Hospitals Notifying Patients of Two Separate Third-Party Vendor Hacks

New York City Health + Hospitals — the largest public health system in the US, serving approximately 1.4 million patients annually — notified patients of data exposure from two …

LiteLLM Cascading Supply Chain Attack — TeamPCP Trivy Credentials Used

The LiteLLM PyPI supply chain attack by TeamPCP involved a cascading attack chain: TeamPCP first compromised the Trivy security scanner's GitHub Actions CI/CD pipeline (March 19, …

Hasbro Inc. Data Breach — IT Systems Compromised, Data Stolen, Operations Disrupted

In late March / early April 2026, Hasbro Inc. — the US toy and entertainment conglomerate (maker of Monopoly, Transformers, My Little Pony, Magic: The Gathering, Dungeons & …

Handala Hacks FBI Director Kash Patel Personal Email — Iranian Intelligence Operation

In late March 2026, Handala — an Iranian state-linked hacktivist group that has previously conducted operations attributed to Iran's IRGC — published photographs and alleged …

"On the Future of Balancer: Shutting Down Balancer Labs, Supporting the Path Forward"

After a November 2025 exploit in which $110 million was drained from the Balancer defi protocol, the company behind the project has announced it will shut down. Besides the massive …

Attack proposal

The Moonwell lending protocol faced a governance attack on its deprecated Moonriver instance that could have drained $1 million from the project. Because Moonwell's MFAM governance …

"Resolv Labs’ stablecoin depegs as attacker mints millions of tokens"

The Resolv USD stablecoin, also known as USR, lost its intended dollar peg and dropped to around $0.14 after an exploiter was able to mint and sell tens of millions of unbacked …

Resolv Protocol DeFi Exploit — $24 Million Minted via Smart Contract Vulnerability

In March 2026, an attacker exploited a vulnerability in Resolv Protocol — an Ethereum-based decentralised finance (DeFi) stablecoin protocol — to mint approximately $24 million in …

TeamPCP Checkmarx KICS GitHub Actions Supply Chain Compromise

On March 21, 2026, as the second step in its cascading supply chain campaign, TeamPCP used PATs stolen during the March 19 Trivy/Aqua Security GitHub Actions compromise to target …

Los Angeles City Attorney / LAPD Police Records Breach - WorldLeaks (7.7TB)

On March 20, 2026, the WorldLeaks extortion gang breached a third-party digital system used by the Los Angeles City Attorney's Office to transfer legal discovery documents. The LA …

Libyan Oil Refinery Multi-Month Cyberespionage Campaign

A multi-month cyberespionage campaign targeted a Libyan oil refinery in 2026, using commodity (commercially available) malware to maintain persistent covert access for intelligence …

Bitcoin Depot Crypto ATM Breach - $3.66M BTC Stolen

On March 20, 2026, attackers used compromised credentials to access Bitcoin Depot's digital asset settlement accounts and transfer 50.903 BTC (valued at approximately $3.665 …

AppsFlyer Mobile SDK Supply Chain Breach — Enabled Downstream Crypto Theft

AppsFlyer — one of the world's largest mobile attribution platforms, with its SDK embedded in thousands of iOS and Android applications including crypto wallets and fintech apps — …

Employee Benefits Administrator Hack — 2.7 Million Individuals Notified

A Washington State-based employee benefits administrator notified approximately 2.7 million individuals of a data breach. The firm provides employee benefits enrollment, …

European Commission ShinyHunters Cloud Breach via Trivy Supply Chain

On March 19, 2026, ShinyHunters obtained an AWS API key belonging to the European Commission's cloud environment via a prior compromise of the open-source security tool Trivy. This …

TeamPCP Trivy/Aqua Security GitHub Actions Supply Chain Compromise (CVE-2026-33634)

On March 19, 2026, TeamPCP (tracked by Google GTIG as UNC6780) began the first stage of a cascading multi-tool supply chain campaign by exploiting a misconfigured GitHub Actions …

Interlock Ransomware Exploited Cisco Firewall CVE for Weeks Before Detection

The Interlock ransomware group exploited a maximum-severity vulnerability in Cisco adaptive security appliances (ASA) or Firepower Threat Defense (FTD) firewalls, gaining …

Stryker Wiper Attack Aftermath — Lawsuits Filed as Hackers Boast

In the weeks following Stryker's March 2026 Handala wiper attack (documented separately), multiple lawsuits were filed against Stryker as the Iranian-linked Handala group continued …

Aura Identity Protection Data Breach - ShinyHunters Vishing (900K Records)

On March 17, 2026, identity protection firm Aura disclosed a data breach after ShinyHunters used targeted vishing to compromise a single employee's account. The attacker had access …

"Venus Protocol left with roughly $2M in bad debt after exploit manipulates Thena's THE token price"

The BNB Chain's Venus Protocol lending protocol accumulated $2.15 million in bad debt after an exploiter manipulated the price of the Thena protocol's THE token. THE had very low …

CareCloud EHR Environment Data Breach

On March 16, 2026, CareCloud (a Somerset, NJ-based healthcare IT company) detected unauthorized access to one of its six EHR environments. The threat actor had access for …

Chapter 11 Voluntary Petition

Approximately a month after halting deposits and withdrawals, citing liquidity issues and "recent market and financial conditions", the American crypto lender BlockFills has filed …

Crunchyroll Data Breach via BPO Okta Compromise

On March 12, 2026, a threat actor gained access to Crunchyroll's customer support ticketing system after compromising an Okta account belonging to an employee of Telus Digital, …

Tweet by Stani Kulechov

A trader using the Aave interface attempted to swap $50 million USDT for AAVE. However, due to the enormous size of the order, the purchase had dramatic impact on the aave price. …

Stryker Handala Iran-Linked MDM Wiper Attack

On March 11, 2026, the Iran-linked hacktivist group Handala (a persona of Void Manticore, affiliated with Iran's Ministry of Intelligence and Security) wiped between 80,000 and …

"Oracle error adds to turmoil at DeFi giant Aave"

Users of the Aave defi lending protocol who had borrowed from the wstETH/stETH pool suffered erroneous liquidations when a price oracle from Chaos Labs reported an inaccurately low …

"NFT lending protocol Gondi says platform secured after $230K exploit"

A thief exploited a smart contract belonging to the Gondi NFT platform to steal 78 NFTs priced at $230,000. Perhaps the most shocking part of the theft is that the attacker managed …

HHS OCR $10K HIPAA Fine — Dental Practice Software Vendor, 15 Million Records Breach

The US Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a $10,000 civil monetary penalty to a dental practice management software vendor responsible …

Trizetto Provider Solutions 2024 Hack Detected 2025 — 3.4 Million Billing Records

Trizetto Provider Solutions (a Cognizant subsidiary providing healthcare billing, revenue cycle management, and claims processing services to hospitals and physician practices) …

Tweet by Solv Protocol

The Solv Protocol bitcoin defi lending and staking platform disclosed an exploit that they said affected fewer than ten users, but nevertheless netted the attacker 38 SolvBTC (a …

University of Hawaii Cancer Center Research Study Hack — 1.2 Million Affected

An August 2025 ransomware attack on the University of Hawaii Cancer Center's research study data systems was disclosed in early 2026 as affecting approximately 1.2 million …

"Korea police track second thief after NTS crypto leak as first suspect surrenders"

After a thief drained a crypto wallet of 4 million PRTG (notionally priced at $4.9 million, but highly illiquid) after blundering Korean tax officials posted the wallet's seed …

California Orthopedic Device Maker (OrthoLogic/Implantable Device Company) Cyberattack

On approximately 31 March 2026, a California-based maker of implantable orthopedic devices disclosed it had been the victim of a cybersecurity incident. DataBreachToday reported …

Dutch Ministry of Finance (Rijksfinancien) Data Breach

In early 2026, the Dutch Ministry of Finance (Ministerie van Financiën, also known as Rijksfinancien) disclosed a cybersecurity breach, details of which were reported in …

Lloyds Banking Group Data Leak — 450,000 Customer Records Exposed

In early April 2026, a data leak affecting approximately 450,000 Lloyds Banking Group customers was reported, with details emerging in DataBreachToday's weekly breach roundup. …

UNC6426 nx npm Supply Chain → AWS Admin Takeover (72 Hours)

In March 2026, UNC6426 demonstrated a sophisticated attack chain converting a stolen developer GitHub Personal Access Token (from the 2025 nx npm supply chain compromise) into full …

Anodot SaaS Integrator Breach - ShinyHunters Snowflake Token Theft

In April 2026, ShinyHunters disclosed that they had breached Anodot (an Israeli AI analytics company acquired by Glassbox in November 2025), maintaining access 'for some time.' By …

Bithumb Cryptocurrency Exchange Hack — South Korea, Recovery Plan 2026

In early 2026, Bithumb — South Korea's largest cryptocurrency exchange with approximately $1 billion in daily trading volume and over 8 million registered users — suffered a …

FBI Seizes Handala Iranian Leak Domains After Stryker Hack

In March 2026, US federal law enforcement seized four web domains associated with Handala's Iranian online leak infrastructure, days after Handala published materials it claimed to …

Malaysia Airlines Qilin Ransomware Claim

On February 26–27, 2026, the Qilin ransomware gang listed Malaysia Airlines on its dark web leak site. Unlike its typical practice, the group published no file samples, data cache …

"$4.8M in crypto stolen after Korean tax agency exposes wallet seed"

When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were …

UFP Technologies Medical Device Maker Data Theft — SEC Notification

UFP Technologies — a Massachusetts-based manufacturer of single-use medical device components, specialty packaging, and protective solutions for healthcare — disclosed a data theft …

PayPal App Coding Error Data Breach and Fraud

PayPal disclosed a data breach and associated fraud incident caused by a coding error in its payment application. The error allowed unauthorized access to a subset of user account …

Tweet by Step Finance

Step Finance announced that, following a $30 million theft in late January, the project would be shutting down. Along with it, they will shut down SolanaFloor — a Solana-focused …

Tweet by Script3

A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the …

"IoTeX hit by private key exploit draining around $2 million from bridge contracts, per co-founder"

IoTeX, a platform to connect IoT devices to blockchain networks, lost around $2 million after a private key compromise enabled an attacker to drain funds from the project's token …

Goliath Ventures - United States v. Christopher Alexander Delgado

Federal authorities arrested Christopher Alexander Delgado, the CEO of Goliath Ventures (previously Gen-Z Ventures). According to the charging documents, what Delgado presented to …

University of Mississippi Medical Center Medusa Ransomware Attack

On February 19, 2026, the University of Mississippi Medical Center (UMMC) detected a ransomware attack that forced the closure of all 35 of its clinic locations statewide. Hospital …

"Prosecutors recover $22 million worth of lost Bitcoin"

Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they …

Kettering Health Interlock Ransomware Breach — Patient Notification 2026

Kettering Health (an Ohio-based health system operating multiple hospitals and care sites) was notifying current and former patients of data exposure resulting from an Interlock …

FBI DCS-3000 Surveillance Network Breach - China-Linked 'Major Incident'

On February 17, 2026, the FBI began investigating abnormal activity in an unclassified system — DCS-3000 (known as Red Hook), part of its Digital Collection System Network (DCSNet) …

"Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi"

After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, …

"Susquehanna-Backed Crypto Lender BlockFills Suspends Withdrawals as Bitcoin Sinks"

The Chicago-based institutional crypto lending firm BlockFills has halted deposits and withdrawals, citing "recent market and financial conditions" and a desire to "further the …

Odido (Netherlands) ShinyHunters Telecom Data Breach - 6.2M Customers

On the weekend of February 7–8, 2026, ShinyHunters breached Odido's (Netherlands' largest mobile network operator) customer contact system and downloaded records for approximately …

"South Korean crypto firm accidentally sends $44 billion in bitcoins to users"

The South Korean cryptocurrency exchange Bithumb disclosed that it had accidentally given its customers more than 620,000 BTC (~$44 billion) in a promotional event gone wrong. …

BridgePay Network Solutions Ransomware Attack

On February 6, 2026 (starting at ~03:29 AM EST), a ransomware attack hit BridgePay Network Solutions, a payment gateway serving merchants, municipalities, and integrators. The …

Former Nuance IT Worker Additional Charges — Geisinger Health Patient Data Breach

In early 2026, the former Nuance Communications IT worker responsible for the Geisinger Health patient data breach (documented separately) faced additional federal charges. The …

"Gemini 2.0: A Bridge to the Future of Money and Markets"

Gemini, the cryptocurrency exchange founded and run by Cameron and Tyler Winklevoss, will lay off as many as 200 employees globally. The news came amid an announcement that the …

Harvard University and UPenn Data Leaked by ShinyHunters Vishing Campaign

Harvard University and the University of Pennsylvania were named as victims and had data leaked by ShinyHunters, the prolific hack-and-leak group responsible for numerous …

Hims & Hers Zendesk Support Breach via ShinyHunters Okta Campaign

Between February 4–7, 2026, threat actors used a compromised Okta SSO account to access Hims & Hers' Zendesk support instance and exfiltrate customer support tickets. The breach …

Sears Home Services AI Chatbot Data Exposure - 3.7M Records, 4.3TB

On February 3, 2026, security researcher Jeremiah Fowler discovered three unsecured publicly exposed databases during routine Shodan scans, containing 4.3 terabytes of data linked …

Capital Health $4.5M LockBit Ransomware Breach Settlement

Capital Health — which operates capital health hospital and clinical facilities in New Jersey and Pennsylvania — agreed to pay $4.5 million to settle claims arising from a LockBit …

CarGurus ShinyHunters Data Breach - 12.4M Accounts

In February 2026, ShinyHunters breached CarGurus (a major US online automotive marketplace) via social engineering. After CarGurus declined to pay ransom, the data was published …

LexisNexis Data Breach Affecting Law Firm and Government Users

LexisNexis, the major legal research and information services platform used extensively by law firms, government agencies, and courts, confirmed a data breach in early 2026. …

"CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit"

Hackers exploited a bug in smart contracts deployed by the defi protocol CrossCurve to steal an estimated $3 million across multiple blockchains. The thief was able to spoof …

Tweet by CertiK

The Solana-based defi portfolio tracker Step Finance lost 261,854 SOL (~$28.7 million) when a thief gained access to treasury and fee wallets. It's not yet clear how the attacker …

GlassWorm Supply-Chain Attack - 72 Malicious Open VSX Extensions

Since January 31, 2026, researchers identified at least 72 malicious Open VSX extensions linked to the GlassWorm campaign. On January 30, 2026, four established Open VSX extensions …

Ambulance Billing Firm $515K State AG Settlement — Massachusetts and Indiana Hack

An ambulance billing and medical collections firm agreed to pay $515,000 to Massachusetts and Indiana attorneys general following a hack that compromised patient data. The firm …

Maryland AI Services Firm Hack — 3.1 Million Individuals Affected (2025)

In 2025, a Maryland-based firm providing AI-powered services (identity or background verification) was hacked, with the breach disclosed in early 2026 affecting approximately 3.1 …

Tweet thread by Aperture Finance

An attacker exploited a bug in an Aperture Finance smart contract to steal at least $3.4 million from users who had enabled "instant liquidity management" features. Aperture …

"SwapNet Incident Post Mortem"

Some users of Matcha Meta, a decentralized exchange aggregator on the Base blockchain, suffered losses after a thief exploited a vulnerability in its SwapNet integration. SwapNet …

Tweet thread by zachxbt

Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — …

DOGE Uploads Sensitive Social Security Administration Data to External Cloud Server

The Department of Government Efficiency (DOGE) — the advisory body established by the Trump administration — was reported to have transferred sensitive Social Security …

EHR Vendor Veradigm $10.5M Data Breach Lawsuit Settlement

Electronic health records vendor Veradigm (formerly Allscripts Healthcare Solutions, rebranded 2022) agreed to pay $10.5 million to settle a class-action lawsuit arising from a …

Tweet by Saga

The Saga project halted its blockchain after acknowledging that $7 million had been stolen. An attacker was evidently able to mint a large quantity of Saga Dollar tokens, though …

Minnesota Department of Human Services Vendor Breach — 304,000 Medicaid Recipients

The Minnesota Department of Human Services notified approximately 304,000 people — primarily Medicaid and public benefits recipients — of a data breach involving a third-party …

Law Enforcement Action — Police Seek Black Basta Ransomware Leadership

Law enforcement agencies raided two suspected members of the Black Basta ransomware group and announced they are actively seeking the group's leader(s). Black Basta has been one of …

Starbucks Partner Central Phishing Breach - 889 Employees

Between January 19 and February 11, 2026, attackers used phishing pages cloning the Starbucks Partner Central portal to steal employee credentials. Starbucks detected the …

Tweet by RuneCrypto_

Shortly after losing his campaign for re-election as mayor of New York City, Eric Adams announced he would be launching "NYC Token". He's pitched the project as a fundraising tool …

Tweet by zachxbt

A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully …

Crunchbase Data Breach - ShinyHunters Vishing (2M Records)

In January 2026, ShinyHunters breached Crunchbase (a major business intelligence and startup data platform) via vishing — attackers impersonated internal employees to …

Betterment Data Breach - ShinyHunters Vishing (1.4M Customers)

On January 9, 2026, Betterment (a major US robo-advisor and investment platform) suffered a data breach after ShinyHunters used vishing to compromise IT support at a third-party …

Tweet by Truebit

A bug in a smart contract belonging to the Ethereum-based Truebit project allowed an attacker to steal 8,535 ETH (~$26.4 million). The thief targeted one of the project's older …

Bumble and Match Group ShinyHunters Vishing Breach

On January 29, 2026, ShinyHunters posted data allegedly stolen from Bumble (dating app) and Match Group (parent of Tinder, Hinge, OkCupid) on a dark web leak site. ShinyHunters …

Figure Technology Solutions ShinyHunters Vishing Breach

Figure Technology Solutions (fintech lending company) disclosed in February 2026 that ShinyHunters conducted a vishing (voice phishing) attack against an employee in January 2026, …

Telus Digital ShinyHunters Breach - ~1 Petabyte

Telus Digital (Canadian BPO providing outsourced customer support, content moderation, and AI services) confirmed a multi-month breach on March 12, 2026. ShinyHunters claimed …

GRU APT28 SOHO Router DNS Hijacking Campaign — Cloud Activity Espionage

In early 2026, security researchers and government agencies disclosed a new cyberespionage campaign by hackers tied to Russia's GRU military intelligence agency (Fancy Bear / APT28 …

Sedgwick Government Solutions TridentLocker Ransomware Attack

On New Year's Eve 2025/2026, the TridentLocker ransomware-as-a-service (RaaS) group claimed an attack on Sedgwick Government Solutions, a subsidiary of Sedgwick that provides …

"Unleash hacker begins laundering $4 million in ETH through Tornado Cash"

Unleash Protocol, a project promising to allow creators to register their intellectual property on the blockchain, has been exploited for around $3.9 million. An attacker was able …

"Flow blockchain probes security incident as FLOW token plunges over 40%"

The Flow blockchain suffered an exploit in which an attacker was able to mint a large number of wrapped FLOW tokens, which they then swapped to tokens on other blockchains. …

Eurail B.V. AWS S3/Zendesk/GitLab Breach - 308K Travelers

On December 26, 2025, an unauthorized actor exfiltrated data from Eurail B.V.'s (European rail pass operator covering 33 national railways) AWS S3, Zendesk, and GitLab instances. …

Tweet thread by TrustWallet

The Trust Wallet Chrome extension was compromised in an apparent supply chain attack. People who used the non-custodial wallet extension after it updated to version 2.68 lost funds …

Navia Benefit Solutions BOLA Vulnerability Data Breach

Navia Benefit Solutions, an employee benefits administration company, suffered a data breach due to a BOLA (Broken Object Level Authorization) API vulnerability. An unknown threat …

Condé Nast / WIRED Subscriber Database Breach - IDOR Vulnerability

On December 20, 2025, a threat actor called 'Lovely' posted a 2.366 million-record database from WIRED.com on the Breach Stars forum, selling access for approximately $2.30. …

Thief wallet

A crypto trader lost almost $50 million in the Tether stablecoin after falling victim to an address poisoning attack. Because blockchain wallet addresses are long, random …

Tweet by PeckShield

Only weeks after losing $6.6 million to an infinite mint exploit, a Yearn Finance smart contract has again been exploited, allowing an attacker to make off with around 103 ETH …

SoundCloud Data Breach - ShinyHunters Vishing (29.8M Accounts)

In December 2025, ShinyHunters breached SoundCloud via vishing — attackers convinced employees to provide access to an ancillary service dashboard. SoundCloud confirmed the breach …

Tweet by Aevo (fka Ribbon Finance)

Ribbon Finance, which has partially rebranded to Aevo, has lost $2.7 million after attackers exploited a vulnerability in the smart contract for legacy Ribbon vaults that enabled …

"Binance post confirming insider trading sends 'year of the yellow fruit' meme token even higher"

Binance has announced that the company has suspended an employee who used the platform's official Twitter accounts to promote a memecoin they had launched. The token, called "year …

"Fusaka Mainnet Prysm Incident"

Ethereum validators running the Prysm consensus client lost around 382 ETH ($1.18 million) after a bug resulted in delays that caused validators to miss blocks and attestations. …

Brightspeed Broadband Crimson Collective Data Breach Claim - 1M Customers

On January 4, 2026, the Crimson Collective threat group publicly claimed via Telegram to have breached Brightspeed (a major US fiber broadband provider) and stolen records for over …

Ledger Customer Data Breach via Global-e Third-Party Ecommerce Platform

Ledger (hardware crypto wallet manufacturer) disclosed in January 2026 that an unnamed unauthorized party accessed a Global-e cloud system used to process international orders. …

Cegedim Santé MonLogicielMedical Breach - 15.8M French Patient Records

Cegedim Santé (French healthcare software provider) confirmed on March 3, 2026, that attackers stole 15.8 million administrative patient records from its MonLogicielMedical …

Customers of 74 banks and credit unions served by Marquis Software Solutions Third-Party Breach (December 2025)

In 2025, Customers of 74 banks and credit unions served by Marquis Software Solutions experienced a data security incident via a third-party vendor relationship. The compromised …

Freedom Mobile Third-Party Breach (December 2025)

In 2025, Freedom Mobile experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

PornHub Third-Party Breach (December 2025)

In 2025, PornHub experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …

Shuffles (Pinterest app) Third-Party Breach (December 2025)

In 2025, Shuffles (Pinterest app) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …

"yETH Pool Exploit: Technical Incident Report and Math Reconstruction"

Yearn Finance, a defi yield protocol, has suffered another hack. The exploiter took advantage of bugs in the project's smart contract to drain assets from several of its pools by …

"Upbit Reveals 5.9B-Won Corporate Loss in Latest Hack, Fully Reimburses Users"

The Korean cryptocurrency exchange Upbit suffered a loss of around $30 million in various Solana-based assets due to a hack. Some entities have suggested that Lazarus, a North …

TechCrunch

Hackers breached Mixpanel, a third-party analytics vendor used by OpenAI to track user behavior on its API platform, on November 26, 2025. The breach exposed data belonging to …

"Top DEXs Aerodrome, Velodrome hit with front-end compromise, urge users to avoid main domains"

Attackers redirected users intending to visit the websites for the decentralized exchanges Aerodrome and Velodrome to their own fraudulent versions using DNS hijacking, after …

Tweet thread by Homer J

On November 21, the Cardano blockchain suffered a major chainsplit after someone created a transaction that exploited an old bug in Cardano node software, causing the chain to …

Telegram post by zachxbt

An attacker stole approximately $3.1 million from the BNB chain-based GANA Payment project. The thief laundered about $1 million of the stolen funds through Tornado Cash shortly …

Tweet by DappRadar

Amid a month of falling crypto prices, the crypto tracking platform DappRadar has announced it will be shutting down after seven years of operation. "Running a platform of this …

"'Fat-Finger' Fail? Cardano Whale Torches $6M After Hitting Illiquid USDA Pool"

A holder of around 14.4 million ADA (~$6.9 million), the token for the Cardano network, made an expensive error when attempting to swap the tokens for a stablecoin. Because the …

SitusAMC Real Estate Finance Tech Breach - JPMorgan/Citi/Morgan Stanley Affected

SitusAMC (a financial technology provider serving 1,500+ clients including major US banks, real estate firms, and insurers) became aware of a breach on November 12, 2025, and …

IDMerit MongoDB KYC Data Exposure - 1 Billion Records

Cybernews researchers discovered on November 11, 2025, that IDMerit (a US identity verification and KYC/AML services provider) had left a MongoDB database publicly exposed without …

Coupang Insider Data Breach - 33.7M South Korean Customer Accounts

A former Coupang employee maintained unauthorized access to the company's systems and exfiltrated customer data, with the breach continuing until November 8, 2025. Coupang (South …

Tweet thread by Elixir

After the defi yield platform Stream Finance announced a $93 million loss, Elixir announced it would be discontinuing its deUSD synthetic stablecoin. Stream Finance owes $68 …

Tweet by Stream Finance

The Stream Finance defi yield project announced that "an external fund manager overseeing Stream funds disclosed the loss of approximately $93 million in Stream fund assets." …

wrsETH Oracle Malfunction 11/4/25

The Moonwell lending protocol, built on the Base Ethereum L2, wound up with $3.7 million in bad debt after an attacker took advantage of an oracle malfunction that caused the price …

"Balancer Hit by Apparent Exploit as $110M in Crypto Moves to New Wallets"

The defi protocol Balancer suffered a major exploit that drained over $110 million across several blockchains, including Ethereum, Polygon, Base, and Sonic. Attackers exploited …

Under Armour Everest Ransomware Breach - 72M Records

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted extortion, alleging theft of 343 GB of data. In January 2026, data for approximately …

Freedom Mobile Third-Party Vendor Breach

Freedom Mobile, one of Canada's largest wireless carriers (owned by Shaw/Rogers), disclosed in December 2025 that a third-party vendor had been compromised, resulting in the …

Marquis Software Solutions Breach (74 Banks and Credit Unions)

Marquis Software Solutions, a provider of core banking and analytics software to community banks and credit unions across the United States, disclosed in December 2025 that a …

Checkout.com Third-Party Breach (November 2025)

In 2025, Checkout.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Iberia (International Airlines Group) Third-Party Breach (November 2025)

In 2025, Iberia (International Airlines Group) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party …

Logitech Third-Party Breach (November 2025)

In 2025, Logitech experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Terminalen A/S Third-Party Breach (November 2025)

In 2025, Terminalen A/S experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was DocuBizz. Source reporting: …

The Washington Post Third-Party Breach (November 2025)

In 2025, The Washington Post experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Oracle E-Business Suite. Source …

OpenAI Third-Party Breach (November 2025)

In 2025, OpenAI experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …

US Congressional Budget Office China-Suspected Cyberattack

In early November 2025, the US Congressional Budget Office (CBO) detected and confirmed a cyberattack by a suspected foreign actor. US officials briefed CNN that Chinese …

"DeFi karma: Garden hacked for $11M after bridging Lazarus’ loot "

The Garden bitcoin bridge suffered a roughly $11 million loss after one of its solvers was compromised. These solvers essentially act as market makers for the protocol. Some …

DoorDash Data Breach via Employee Social Engineering

On October 25, 2025, an unauthorized third party gained access to DoorDash's internal systems after successfully social engineering a company employee. The number of affected …

"Crypto exchange Cryptomus fined record $177M by Canada's financial crime watchdog"

The Canadian cryptocurrency exchange Cryptomus has been fined CA$177 million (US$127 million) by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) for …

Order to cease and desist from violations of NRS 669

Nevada's Financial Institutions Division has issued a cease and desist order against Fortress Trust, stating that the firm is "on the verge of insolvency". The company admits it …

Iberia (IAG) Third-Party Vendor Loyalty Programme Breach

Iberia, the Spanish national airline and subsidiary of IAG (International Airlines Group), disclosed in November 2025 that a third-party vendor breach had exposed loyalty programme …

Mixpanel Product Analytics Platform Breach (Multiple Companies)

In late 2025, Mixpanel, a widely-used product analytics SaaS platform, suffered a breach that exposed user behavioral data from dozens of customer companies. Confirmed affected …

Tweet by Whale Alert

Paxos, the issuer of PayPal's PYUSD stablecoin, accidentally minted 300 trillion of the supposedly dollar-pegged token. For context, this is approximately 2.5x the global GDP, and …

"Hyperliquid User Loses $21 Million Due to Private Key Compromise, Experts Say"

An attacker apparently obtained access to a victim's private key, enabling them to drain $21 million in various crypto assets. The attacker quickly bridged the stolen funds to ETH, …

"Abracadabra loses $1.8 million in protocol's third major DeFi hack since 2024"

In their third major hack in two years, the Abracadabra defi lending project lost $1.8 million of their Magic Internet Money stablecoin. An attacker took advantage of a bug in the …

Discord Third-Party Customer Service Provider Breach (55M Users)

In October 2025, Discord disclosed that an unnamed third-party customer service provider had been breached, exposing data for approximately 55 million Discord users. The exposed …

DocketWise Immigration Platform Data Breach - 116K Clients

In October 2025, DocketWise (a cloud-based immigration case management platform for law firms) discovered that credentials to one of its third-party partner repositories had been …

The Washington Post Oracle E-Business Suite ERP Breach

The Washington Post disclosed in November 2025 that a breach of its Oracle E-Business Suite ERP system had exposed sensitive personal and financial data for approximately 10,000 …

Discord Third-Party Breach (October 2025)

In 2025, Discord experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

MANGO Third-Party Breach (October 2025)

In 2025, MANGO experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Renault and Dacia UK Third-Party Breach (October 2025)

In 2025, Renault and Dacia UK experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source …

OpenAI Mixpanel Product Analytics Data Exposure

In November 2025, OpenAI disclosed that customer data had been exposed via Mixpanel, its third-party product analytics platform. OpenAI had shared user behavioral data with …

Red Hat Consulting GitLab Breach - Crimson Collective (570GB, 800+ Enterprises)

On October 1, 2025, the cybercrime group Crimson Collective disclosed a breach of Red Hat's consulting GitLab instance, claiming to have exfiltrated 570 GB of data from over 28,000 …

"Futureverse Raises $54 Million From 10T, Ripple Labs for Metaverse Push"

In 2023, there was no shortage of buzzy press coverage for Futureverse, which promised to build a metaverse and gaming-focused blockchain. They partnered with Ready Player One …

"Hyperliquid-based Hyperdrive loses $782,000 after smart contract exploit"

Exploiters drained $782,000 in crypto assets from two markets on the Hyperdrive lending protocol, which is built on the Hyperliquid layer-1 blockchain. The attacker apparently took …

"$3.6M Drained From Hyperliquid DeFi Platform Hypervault in ‘Abnormal Withdrawal’"

Only days after the Hypervault yield farming platform announced on Twitter that they'd surpassed $5 million in total value locked, the platform suddenly shut down its website and …

Telegram message by zachxbt

Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through …

Tweet by Oli Feldmeier

One day after Griffin AI launched its GAIN token on Binance Alpha, an attacker minted 5 billion fake GAIN tokens on the Ethereum blockchain, then exploited a cross-chain endpoint …

Tweet by Meta Alchemist

An attacker exploited bridges for SFUND, the token issued by the Seedify launchpad and incubator. It appears the exploiter has profited around $1.7 million from the theft. Seedify …

"UXLINK goes from bad, to worse, to weird after hacker loses stolen tokens"

The "AI-powered web3 social platform" UXLINK was exploited by an attacker that gained control of the project's multisignature wallet, then minted billions of the project's UXLINK …

Insightin Health GoAnywhere Breach - Medusa Ransomware Claim (142K)

Between September 17 and September 23, 2025, an unauthorized actor exploited an unknown vulnerability in Insightin Health's GoAnywhere managed file transfer tool, gaining access to …

MANGO Third-Party Marketing Provider Breach

MANGO, the Spanish global fashion retailer, disclosed in October 2025 that a third-party marketing provider had been compromised, exposing customer data. Exposed information …

Shai-Hulud Self-Replicating npm Supply Chain Worm (v1 + v2)

On September 14, 2025, the first malicious packages of the Shai-Hulud self-replicating worm appeared in the npm ecosystem. By September 16, over 180 packages were confirmed …

Tweet by Yala

The YU bitcoin-backed stablecoin lost its intended dollar peg after what they described as "an attempted attack", later writing that there was an "unauthorized transfer of funds". …

"BONE Price Surges 40% After Shibarium Flash Loan Exploit"

A bridge for Shibarium, the layer-2 network for the Shiba Inu project, was exploited for approximately $2.4 million in funds. The attacker bought 4.6 million BONE tokens (the …

"THORSwap issues bounty offer tied to more than $1M exploit of THORChain founder's wallet"

John-Paul Thorbjornsen, the founder of Thorchain and Vultisig, suffered a wallet drain, reportedly after experiencing a video meeting scam from an attacker who had exploited the …

"SwissBorg hacked for $41M SOL after third-party API compromise"

Thieves stole 192,600 SOL (~$41.5 million) from a wallet belonging to the Swiss cryptocurrency exchange SwissBorg. The attack is being blamed on a vulnerability in the API of Kiln, …

"Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack"

After a JavaScript developer's NPM account was compromised in a phishing attack, attackers used it to upload malicious versions of heavily used JavaScript color and debugging …

npm Supply Chain Attack: chalk, debug, and 16 Other Packages Compromised

On September 8, 2025, 18 widely used npm packages were compromised via an account takeover of maintainer 'qix'. Affected packages collectively receive 2.6+ billion downloads per …

"Sui-based Nemo Protocol exploited for $2.4 million"

The Nemo Protocol on the Sui blockchain suffered a $2.4 million exploit. The defi yield infrastructure protocol acknowledged the theft shortly after, explaining they had paused the …

"Decentralized exchange Bunni loses an estimated $8.4 million in smart contract exploit"

The Bunni decentralized exchange was exploited for approximately $8.4 million across the Unichain Ethereum layer 2 network and the Ethereum mainnet. Bunni acknowledged the theft …

"Venus Protocol pauses after user loses funds in suspected phishing attack"

A user of the Venus Protocol borrowing and lending platform was successfully phished by an attacker who gained access to their account and drained $13.5 million in stablecoins and …

SwissBorg Kiln Staking Infrastructure Breach ($41M SOL)

In September 2025, SwissBorg, a Swiss crypto asset management platform, lost approximately $41 million worth of Solana (SOL) after threat actors compromised Kiln, the third-party …

Wynn Resorts Data Breach - ShinyHunters Oracle PeopleSoft (21K Employees)

In September 2025, ShinyHunters exploited a vulnerability in Wynn Resorts' Oracle PeopleSoft platform to access employee records. The breach was discovered in February 2026. …

Renault / Dacia UK Third-Party Vendor Breach

Renault and Dacia UK disclosed in October 2025 that a third-party vendor had been compromised, exposing data for UK customers. Exposed information included customer names, gender, …

327 unknown users Third-Party Breach (September 2025)

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows. On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack …

Agility PR Solutions Third-Party Breach (September 2025)

Page not found – Agility PR Solutions. We use cookies to improve your experience. If that's okay, select "I Agree" to consent to all cookies. You can also customize your …

BeyondTrust Third-Party Breach (September 2025)

Salesforce / Drift Security Incident | BeyondTrust. BeyondTrust’s Privileged Access Management platform protects your organization from unwanted remote access, stolen …

Black Duck Software, Inc. Third-Party Breach (September 2025)

Third-party company: Drift (Salesloft).

BugCrowd Third-Party Breach (September 2025)

Update: Bugcrowd Response to Salesloft Drift Third-Party Security Event | @Bugcrowd. We want to share an update to our blog post regarding the recent unauthorized access to …

Cato Networks Third-Party Breach (September 2025)

In 2025, Cato Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Chess.com Third-Party Breach (September 2025)

In 2025, Chess.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

ContentSquare Third-Party Breach (September 2025)

In 2025, ContentSquare experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

CyberArk Software Ltd. Third-Party Breach (September 2025)

In 2025, CyberArk Software Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source …

Dynatrace LLC. Third-Party Breach (September 2025)

In 2025, Dynatrace LLC. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Employment and Social Development Canada (ESDC) Third-Party Breach (September 2025)

In 2025, Employment and Social Development Canada (ESDC) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was 2Keys …

Ericom Software Third-Party Breach (September 2025)

In 2025, Ericom Software experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Esker Third-Party Breach (September 2025)

In 2025, Esker experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

HackerOne Third-Party Breach (September 2025)

In 2025, HackerOne experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Harrods Third-Party Breach (September 2025)

In 2025, Harrods experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

LiveRamp Third-Party Breach (September 2025)

In 2025, LiveRamp experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

London North Eastern Railway (LNER) Third-Party Breach (September 2025)

In 2025, London North Eastern Railway (LNER) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. …

Omada Third-Party Breach (September 2025)

In 2025, Omada experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

OneSpan Third-Party Breach (September 2025)

In 2025, OneSpan experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Palo Alto Networks Third-Party Breach (September 2025)

In 2025, Palo Alto Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Pantheon Third-Party Breach (September 2025)

In 2025, Pantheon experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Proofpoint Third-Party Breach (September 2025)

In 2025, Proofpoint experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Qualys, Inc. Third-Party Breach (September 2025)

In 2025, Qualys, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sigma Computing Third-Party Breach (September 2025)

In 2025, Sigma Computing experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sophos Ltd. Third-Party Breach (September 2025)

In 2025, Sophos Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sprout Social, Inc. Third-Party Breach (September 2025)

In 2025, Sprout Social, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

SpyCloud, Inc. Third-Party Breach (September 2025)

In 2025, SpyCloud, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Stellantis Third-Party Breach (September 2025)

In 2025, Stellantis experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Salesforce. Source reporting: …

SwissBorg Third-Party Breach (September 2025)

In 2025, SwissBorg experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Kiln. Source reporting: …

Tenable, Inc. Third-Party Breach (September 2025)

In 2025, Tenable, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Wealthsimple Third-Party Breach (September 2025)

In 2025, Wealthsimple experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Workiva Third-Party Breach (September 2025)

In 2025, Workiva experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Cloudflare Third-Party Breach (September 2025)

In 2025, Cloudflare experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Elasticsearch B.V. Third-Party Breach (September 2025)

In 2025, Elasticsearch B.V. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Fastly Third-Party Breach (September 2025)

In 2025, Fastly experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Workday Third-Party Breach (September 2025)

In 2025, Workday experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

University of Hawaii Cancer Center Ransomware Attack - 1.2M Records

On August 31, 2025, an unknown ransomware group attacked the University of Hawaii Cancer Center's Epidemiology Division, compromising research servers (clinical operations were not …

Jaguar Land Rover Scattered Lapsus$ Hunters Cyberattack

Beginning August 31, 2025, the 'Scattered Lapsus$ Hunters' alliance — a cybercrime consortium of Scattered Spider (initial access/social engineering), LAPSUS$ …

Minnesota DHS MnCHOICES Data Breach via FEI Systems - 304K Individuals

From August 28 to September 21, 2025, an individual affiliated with a licensed healthcare provider accessed the Minnesota Department of Human Services' MnCHOICES disability …

"Closing up (the) Shop"

Three years after launching "Collectible Avatars", the NFT project they didn't want to call "NFTs" because they were already becoming kind of cringe, Reddit has decided to pull the …

Tweet by Chaofan Shou

The PulseChain-based defi project BetterBank was exploited by an attacker who took advantage of a vulnerability that allowed them to mint arbitrary tokens, some of which they then …

Insight Hospital Chicago Ransomware Breach - LockBit 5.0 / Termite (360GB)

Unauthorized access to Insight Hospital and Medical Center's (Chicago) network occurred between August 22 and September 11, 2025. The hospital issued a substitute notice on January …

Tweet by zachxbt

A bitcoin holder reportedly fell for a social engineering attack after receiving communications from scammers posing as customer support for a crypto exchange and hardware wallet …

London North Eastern Railway (LNER) Third-Party Vendor Breach

London North Eastern Railway (LNER), the UK train operator serving the East Coast Main Line between London King's Cross, Edinburgh, and Aberdeen, disclosed in September 2025 that a …

Wealthsimple Third-Party Vendor Data Breach

Wealthsimple, a major Canadian online investment and financial services platform, disclosed in September 2025 that a third-party vendor had been compromised, resulting in the …

Marquis Software Solutions Akira Ransomware Attack

Marquis Software Solutions, a marketing and compliance services vendor to 700+ US financial institutions, was hit by Akira ransomware on August 14, 2025. Threat actors exploited a …

"Turkish crypto exchange BTCTurk warns of security incident after $49 million leaves platform"

The Turkish cryptocurrency exchange BtcTurk has apparently been hacked again, as various blockchain security firms observed suspicious withdrawals estimated at around $49 million. …

"Qubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears"

Monero, a privacy-focused blockchain network, has been undergoing an attempted 51% attack — an existential threat to any blockchain. In the case of a successful 51% attack, where a …

Tweet by BobBodily

Odin.fun, a bitcoin-based memecoin launchpad sort of like the popular pump.fun, was exploited for 58.2 BTC (~$7 million). The attacker had apparently manipulated the price of …

Pennsylvania Office of Attorney General INC Ransom Attack

On August 9, 2025, the INC Ransom ransomware group attacked the Pennsylvania Office of the Attorney General, knocking its website, email, and phone lines offline for approximately …

HIPAA Journal

The Cl0p ransomware group exploited CVE-2025-61882, a critical CVSS 9.8 zero-day unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS), beginning as …

Salesloft Drift OAuth Token Supply Chain Attack

Between August 8–18, 2025, threat actors tracked as UNC6395 exploited compromised OAuth tokens from the Salesloft Drift integration to gain unauthorized access to connected …

"Weaponized Trading Bots Drain $1M From Crypto Users via AI-Generated YouTube Scam"

Scammers using AI-generated YouTube videos to promote supposedly profitable crypto bot software have convinced crypto users to deploy what is, in reality, malicious code that …

"WNBA sex toy incidents may be linked to cryptocurrency group's money scheme"

A group of crypto enthusiasts promoting a memecoin have claimed responsibility for a string of incidents in which neon green sex toys were thrown onto professional women's …

Bouygues Telecom Data Breach - 6.4M French Customers (IBAN Exposed)

On August 4, 2025, Bouygues Telecom — France's third-largest mobile phone carrier — detected a cyberattack. The company publicly disclosed the breach on August 6-7, 2025. …

"Solana lender Credix pledges full reimbursement after $4.5 million DeFi exploit"

The defi lending protocol Credix lost $4.5 million to an exploit after a hacker gained control of an admin wallet and used it to mint tokens and drain liquidity pools.Credix …

University of Phoenix Data Breach - Oracle EBS Zero-Day CVE-2025-61882 (3.5M)

Beginning in August 2025, attackers exploited CVE-2025-61882 (a zero-day in Oracle E-Business Suite) to breach the University of Phoenix's network and steal sensitive data. The …

Canada Government 2Keys Corporation Identity Services Breach (ESDC, CBSA, CRA)

In September 2025, the Canadian government disclosed that 2Keys Corporation, a digital identity and authentication service provider contracted by multiple federal agencies, had …

Chess.com Third-Party File Transfer Provider Breach

Chess.com, the world's largest online chess platform with over 100 million registered users, disclosed in September 2025 that a third-party file transfer provider had been …

Harrods Third-Party Vendor Breach

In September 2025, Harrods, the iconic London luxury department store, disclosed that a third-party vendor had been compromised, exposing contact details for online customers. …

Access Personal Checking Services (APCS) Third-Party Breach (August 2025)

Criminal background checker APCS faces data breach. Exclusive: The attack first affected an upstream provider of bespoke software. Exclusive A leading UK provider of criminal …

JFrog Third-Party Breach (August 2025)

JFrog Help Center. JFrog documentation has moved to a new and improved site at docs.jfrog.com. The Help Center will continue to serve as your dedicated hub for Support and FAQ …

Lucid Software Inc. Third-Party Breach (August 2025)

Salesloft Drift application incident response. Read Lucid’s response to a recent security incident that affected the Drift application, which involved CRM data across numerous …

Megaport Third-Party Breach (August 2025)

Megaport Trust Center | Powered by SafeBase. See how Megaport manages their security program with SafeBase. Welcome to the Megaport Trust Center, where we demonstrate our …

Miami Plastic Surgery, Keys Dermatology and more Third-Party Breach (August 2025)

Dermatology Clinics Affected by Practice Management Company Data Breach. Several dermatology practices have recently announced data breaches following an attack on their management …

Pi-hole Third-Party Breach (August 2025)

Pi-hole discloses data breach triggered by WordPress plugin flaw. Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed …

Rubrik Third-Party Breach (August 2025)

Salesforce-Connected Third-Party Drift Application Supply Chain Incident Response. We use cookies to improve your experience, analyze traffic, and personalize content. Some are …

Swedish Municipalities Third-Party Breach (August 2025)

Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier. A suspected ransomware attack on a Swedish software provider is believed to have impacted …

Tanium Third-Party Breach (August 2025)

Salesloft Drift Data Breach: What We Know and What We're Doing. Hackers breached Salesloft in a major data theft campaign, stealing OAuth and refresh tokens linked to the Drift AI …

UK's defence ministry and the Cabinet Office Third-Party Breach (August 2025)

Cyber-attack on MoD-linked contractor exposes data of Afghans in resettlement scheme. Breach at Inflite The Jet Centre is latest in series of leaks involving private information of …

Zscaler Third-Party Breach (August 2025)

Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s. Zscaler swiftly mitigates a security incident impacting Salesloft Drift, and ensuring robust protection against …

Air France-KLM Group Third-Party Breach (August 2025)

Air France and KLM disclose data breaches impacting customers. Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data …

Chanel Third-Party Breach (August 2025)

Fashion giant Chanel hit in wave of Salesforce data theft attacks. French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data …

Cisco Third-Party Breach (August 2025)

Cisco discloses data breach impacting Cisco.com user accounts. Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com …

Farmers Insurance Third-Party Breach (August 2025)

Farmers Insurance data breach impacts 1.1M people after Salesforce attack. U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with …

PagerDuty Third-Party Breach (August 2025)

Update: Salesloft’s Drift Integration Security Incident Impacting Some PagerDuty Salesforce Data. Per our August 29 post, we were notified in late August that PagerDuty (and our …

Pandora Third-Party Breach (August 2025)

Pandora confirms data breach amid ongoing Salesforce data theft attacks. Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the …

TransUnion Third-Party Breach (August 2025)

TransUnion suffers data breach impacting over 4.4 million people. Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of …

"Crypto lender Abra pauses withdrawals as dozens of customers fear their funds are gone"

The Abra cryptocurrency lender sent an email to customers announcing that "Abra Earn international services are currently paused, effective immediately", attributing the decision …

TransUnion Third-Party Salesforce App Breach - 4.4M Consumers

TransUnion disclosed on August 28, 2025, that unauthorized actors accessed a third-party application serving its US consumer support operations between July 28–30, 2025. The attack …

Tweet by CyversAlerts

A hacker stole RARE tokens priced at around $731,000 after exploiting a vulnerability in a staking contract for the SuperRare NFT platform. The attacker funded the exploiter wallet …

City of St. Paul, Minnesota Interlock Ransomware Attack

The City of St. Paul, Minnesota (state capital) suffered a ransomware attack beginning July 25, 2025. The city shut down all networks on August 11 after confirming it was …

Tweet thread by WOO X

Attackers who compromised devices belonging to a WOO X employee stole $14 million from users of the Taiwanese WOO X cryptocurrency exchange. The phishing attack on the employee …

"Indian crypto exchange CoinDCX hacked, $44 million drained"

The Indian cryptocurrency exchange CoinDCX was hacked, with attackers stealing around $44 million. The company announced the breach the following day, attributing it to a …

Tweet by SlowMist

The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's …

Allianz Life Insurance Data Breach (ShinyHunters/Scattered Spider)

On July 16, 2025, threat actors gained access to a third-party cloud CRM (Salesforce) used by Allianz Life Insurance of North America via social engineering/vishing. Attackers used …

Tweet thread by CertiK

The Arcadia Finance defi margin protocol was exploited for $3.5 million after an attacker found a vulnerability in a project smart contract. The attacker quickly swapped the stolen …

"The DOJ Seemingly Outed Top Crypto Executives as Falling for a Nigerian Crypto Scam"

In a seizure request filed by the DC Attorney General, the Justice Department outlined how a Nigerian scammer used the classic "lowercase Ls look like uppercase Is" trick to steal …

Tweet by Ramon | Kinto

The price of Kinto's $K token suddenly crashed 90%, sparking accusations of a rug pull. A tranche of investor tokens had just been unlocked recently, leading some to speculate that …

Tweet by PeckShield

The decentralized perpetual exchange GMX has been exploited for $42 million. The exploit involved a vulnerability in one version of the exchange's price calculation smart contract. …

Tweet by Texture

An attacker exploited the Solana-based lending protocol Texture, stealing $2.2 million in user funds from one of the project's vaults.Shortly after the attack, Texture sent a …

Tweet thread by deeberiroz

On July 9, security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of smart contracts, which one of the researchers said left "over …

Ingram Micro SafePay Ransomware Attack

On July 2–3, 2025, the SafePay ransomware group exfiltrated files from Ingram Micro's internal repositories. Ingram Micro (a leading global IT distributor processing ~$15B in …

700Credit Automotive Credit Verification Data Breach - 5.8M Vehicle Dealer Customers

700Credit — the largest provider of credit reporting, identity verification, fraud and compliance services for US automotive dealerships — suffered a data breach between …

McDonald's Paradox AI Chatbot Breach (64M Job Applicants)

In July 2025, McDonald's disclosed a breach affecting approximately 64 million job applicants whose data was stored on systems operated by Paradox, Inc., McDonald's third-party …

PayPal Working Capital Loan Application Data Exposure - Code Error

A code update error in PayPal's Working Capital loan application exposed approximately 100 customers' personally identifiable information from July 1 to December 13, 2025 — …

Air France-KLM Salesforce ShinyHunters Breach

Air France-KLM, the Franco-Dutch multinational airline group, disclosed in August 2025 that their Salesforce CRM environment had been compromised as part of the …

TransUnion Salesforce Platform Breach (44M+ Records)

In August 2025, TransUnion confirmed it had been affected by the ShinyHunters/Scattered Spider Salesforce social engineering campaign, with limited personal information exposed for …

Allianz Life Third-Party Breach (July 2025)

Massive data breach confirmed by Allianz Life. U.S. life insurance firm Allianz Life had most of its 1.4 million customers' data compromised following a data breach this month, …

Louis Vuitton Third-Party Breach (July 2025)

Louis Vuitton says regional data breaches tied to same cyberattack. Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and …

McDonald's Third-Party Breach (July 2025)

'123456' password exposed chats for 64 million McDonald’s job chatbot applications. Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job …

Qantas Airways Limited Third-Party Breach (July 2025)

Qantas confirms data breach impacts 5.7 million customers. Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which …

Texas Centers for Infectious Disease Associates Third-Party Breach (July 2025)

Texas Centers for Infectious Disease Associates Announces 19K-Record Data Breach. Data breaches have recently been announced by Texas Centers for Infectious Disease Associates, …

United Healthcare, Aetna Life Insurance Company (CVS Health) and 46 more Third-Party Breach (July 2025)

Kelly Benefits says 2024 data breach impacts 550,000 customers. Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data …

Qantas Salesforce Breach via ShinyHunters Vishing - 5.7M Customers

In July 2025, Qantas Airways (Australia's flag carrier) suffered a Salesforce data breach attributed to ShinyHunters/Scattered Lapsus$ Hunters via a vishing campaign. Approximately …

Cisco Salesforce ShinyHunters Breach

Cisco confirmed in August 2025 that it had been affected by the ShinyHunters Salesforce social engineering campaign. Exposed data included names, addresses, user IDs, email …

Pandora and Chanel Salesforce ShinyHunters Breach

Pandora (Danish jewelry brand) and Chanel (French luxury fashion house) both disclosed in August 2025 that their Salesforce CRM environments had been compromised as part of the …

Stellantis Salesforce ShinyHunters Vishing Breach

Stellantis, the multinational automotive manufacturer (maker of Jeep, Chrysler, Fiat, Peugeot, and other brands), disclosed in September 2025 that a breach via its Salesforce …

"DeFi stablecoin lending protocol Resupply hit with $9.3m exploit"

An attacker was able to exploit a vulnerability in a smart contract used by the Resupply stablecoin lender to extract about $9.3 million from the project. After depositing around …

Tweet thread

Christian Nieves, a New York man who goes by the handles "daytwo" and "PawsOnHips", has reportedly stolen more than $4 million through a theft ring where he impersonates Coinbase …

"Self Chain Ousts CEO Ravindra Kumar After $50M OTC Scam Allegations"

On June 19, a company called Aza Ventures published allegations on Telegram that they had been scammed by someone promising to facilitate OTC sales of steeply discounted tokens for …

Tweet thread

Web3 cybersecurity firm Hacken had a cybersecurity incident of their own when the private key belonging to a wallet with mint access for the project's $HAI token was leaked. …

"Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group"

The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The …

"Meta Pool, a Liquid Staking Protocol, Suffers $27M Exploit"

An attacker exploited a vulnerability in the staking contract for Meta Pool, which is a liquid staking project. This allowed them to mint 9,700 mpETH, the project's liquid staking …

Aflac Insurance Data Breach (Scattered Spider)

On June 12, 2025, Aflac insurance company's US network was compromised via social engineering. The attack is attributed to Scattered Spider, a financially motivated …

"Stacks-based Alex Lab to reimburse users after $8.3 million exploit as token drops 45%"

ALEX Lab lost $8.3 million in various currencies after an attacker exploited a flaw in the project's smart contracts that allowed them to create a malicious token. They drained a …

Telegram post

The Taiwanese cryptocurrency exchange BitoPro disclosed that they had suffered a theft from one of their hot wallets, which they said occurred during a system upgrade in which they …

Prosper Marketplace Data Breach - 17.6M Peer-to-Peer Lending Customers

Between June and August 2025, unauthorized actors accessed Prosper Marketplace's customer databases by exploiting compromised credentials. Prosper (a San Francisco-based …

Vietnam Airlines Salesforce Breach via Scattered Lapsus$ Hunters - 23M Records

In October 2025, Scattered Lapsus$ Hunters published 63.62 GB of data (23+ million records) from Vietnam Airlines' Salesforce CRM system. The initial intrusion occurred around June …

Coinbase Third-Party Breach (June 2025)

Coinbase breach tied to bribed TaskUs support agents in India. A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from …

Glasgow City Council Third-Party Breach (June 2025)

Glasgow City Council impacted by ‘cyber incident’. The Glasgow City Council announced that it was affected by an incident “disrupting a number of online services and which may have …

MainStreet Bank Third-Party Breach (June 2025)

MainStreet Bank reports vendor cyber incident that leaked customer info. In regulatory filings with the Securities and Exchange Commission, MainStreet Bank's holding company said a …

Sharp Healthcare Third-Party Breach (June 2025)

More than 5 million affected by data breach at healthcare tech firm Episource. California-based Episource disclosed in filings with the U.S. Department of Health and Human Services …

Switzerland Government Third-Party Breach (June 2025)

Switzerland says government data stolen in ransomware attack. The government in Switzerland is informing that sensitive information from various federal offices has been impacted …

Farmers Insurance Data Breach via ShinyHunters / Salesforce Third-Party (1.07M)

On May 29, 2025, hackers breached a third-party vendor system used by Farmers Insurance Exchange and its subsidiaries. Farmers was alerted to the suspicious activity on May 30, …

"DeFi Platform Cork Protocol Suffers $12M Smart Contract Exploit"

Cork Protocol, a defi project aimed at "tokenizing the risk of depeg events for stablecoins and liquid (re)staking tokens", suffered a $12 million loss after an attacker exploited …

Tweet by Cetus

An attacker stole $223 million from the Sui-based Cetus Protocol. The project announced shortly after that $163 million of the funds had been frozen, leaving around $60 million …

Kettering Health Interlock Ransomware Attack

Kettering Health, an Ohio health system running 14 medical centers and dozens of clinics primarily in the Dayton area, was hit by Interlock ransomware on May 20, 2025. …

Covenant Health Qilin Ransomware Attack

Covenant Health (Catholic healthcare network serving Massachusetts, Maine, New Hampshire, Pennsylvania, Rhode Island, and Vermont) detected unauthorized activity on May 26, 2025, …

Tweet by Curve Finance

The website and Twitter accounts belonging to the Curve Finance defi projects were compromised in quick succession. On May 5, an attacker compromised the Twitter account belonging …

"A crypto founder faked his death. We found him alive at his dad's house"

On May 4, 22-year-old Zerebro founder Jeffy Yu published a blog post introducing "legacoins" — a version of memecoins he said would be used to "define the legacy" of those who had …

2,000 providers, including barristers, solicitor firms, and non-profit organizations Third-Party Breach (May 2025)

UK Legal Aid Agency investigates cybersecurity incident. The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, …

500 – 1,000 e-commerce stores Third-Party Breach (May 2025)

Magento supply chain attack compromises hundreds of e-stores. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce …

Adidas Third-Party Breach (May 2025)

Adidas warns of data breach after customer service provider hack. German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and …

Catholic Health Third-Party Breach (May 2025)

Breaches at Serviceaide, Nationwide Recovery Services expose medical info of more than 500,000 people. Hospitals tied to the two companies announced breaches over the last week …

Marks & Spencer Third-Party Breach (May 2025)

Marks & Spencer confirms customer data stolen in cyberattack. M&S said that some customer data — but not payment card details or passwords — had been breached in a recent …

Multiple local governing bodies across the United States Third-Party Breach (May 2025)

Chinese hackers breach US local governments using Cityworks zero-day. Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local …

TRG Medical Imaging Third-Party Breach (May 2025)

Nationwide Recovery Service Data Breach Victim List Grows: 560,000+ Individuals Affected. The list of victims from the data breach at the debt collection agency Nationwide Recovery …

Sharp HealthCare Episource Third-Party Breach

Sharp HealthCare, a major integrated regional health system in San Diego, California, disclosed in June 2025 that a breach at Episource, its third-party healthcare risk adjustment …

BleepingComputer

The DragonForce ransomware cartel exploited three vulnerabilities in SimpleHelp RMM software (disclosed January 2025) to breach a managed service provider (MSP) and then pivot to …

Tweet by zachxbt

3,250 BTC (~$330 million) were apparently stolen from a bitcoin holder and then quickly moved through multiple exchanges and swapped for the Monero privacycoin. Such a massive swap …

"Bitget will legally pursue 8 accounts suspected of profiting $20 million from VOXEL trading manipulation"

After trading — and prices — surged in Bitget's market for the thinly traded video game token VOXEL, the company has accused a "professional arbitrage" group of "improperly" …

"Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch"

A new Solana-based defi protocol called Loopscale, backed by Coinbase Ventures and Solana Labs, suffered a $5.8 million exploit only two weeks after its launch. The stolen funds …

Tweet by Term Labs

The Ethereum-based lending project Term Finance lost $1.6 million when an oracle misconfiguration resulted in unintended liquidations. The team later announced that they had …

Marks & Spencer Tata Consultancy Services Breach

Beginning around April 22, 2025, Scattered Spider (also tracked as UNC3944 and Octo Tempest) attacked Marks & Spencer, the UK's largest clothing retailer, by socially engineering …

SK Telecom BPFDoor Malware Breach - 27 Million SIM Records

SK Telecom (South Korea's largest mobile carrier, ~27 million subscribers) officially confirmed a breach on April 19, 2025, after detecting malware on April 18 targeting its Home …

Ericsson US Third-Party Service Provider Data Breach

Between April 17–22, 2025, an unknown threat actor accessed files at an unnamed third-party service provider used by Ericsson Inc. (US operations). The investigation concluded in …

"Nigerians fear savings lost as investment app freezes them out"

Victims, mostly in Nigeria and Kenya, have lost approximately $12 million to a Ponzi scheme called CBEX, which was named to mimic an association with the China Beijing Equity …

"ZKsync discloses $5 million attack from compromised airdrop admin account, triggering 20% price drop"

An attacker compromised an admin account belonging to the ZKsync Ethereum layer-2 project, which is built by Matter Labs. By doing so, they were able to steal approximately $5 …

Tweet by KiloEx

KiloEx, a decentralized perpetual futures exchange, was exploited for $7.5 million. An attacker executed an oracle manipulation attack on KiloEx's pricing smart contracts to steal …

"MANTRA CEO says 'reckless' exchanges caused OM token collapse"

Mantra's $OM token price suddenly crashed by around 90%, with the project's supposed "market cap" shrinking by around $5 billion in the span of hours. Mantra is a layer-1 …

"First Digital to 'Pursue Legal Action' Over Justin Sun Allegations as FDUSD Drops"

The stablecoin issued by First Digital, FDUSD, has lost its $1 peg and sunk as low as $0.76 before returning to around $0.97 — which, in stablecoin world, is still a substantial …

Co-op and Harrods ransomware attacks (DragonForce / Scattered Spider) 2025

Scattered Spider (UNC3944) affiliates acting as DragonForce ransomware-as-a-service operators conducted a wave of attacks against UK retailers in April–May 2025. Co-op confirmed …

Adidas Third-Party Customer Service Provider Breach

In May 2025, Adidas disclosed that a data breach had occurred via an unnamed third-party customer service provider. The breach exposed customer contact information including names, …

UK Legal Aid Agency Breach (2,000 Legal Service Providers)

In May 2025, the UK Legal Aid Agency (part of the Ministry of Justice) disclosed a significant data breach affecting information on 2,000 legal service providers and their clients. …

12 Insurance Company Third-Party Breach (April 2025)

Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches. Home > Consumer Information > Privacy, Identity Theft and Data Security Breaches > …

Ascension Third-Party Breach (April 2025)

Ascension discloses new data breach after third-party hacking incident. ​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that …

âRoyal Mail Third-Party Breach (April 2025)

In 2025, âRoyal Mail experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Spectos GmbH. Source reporting: …

Nationwide Recovery Services Healthcare Billing Vendor Breach (Multiple Hospitals)

In May 2025, Nationwide Recovery Services (NRS), a healthcare billing and accounts receivable management vendor, disclosed a data breach affecting over a dozen healthcare provider …

On-chain messages

The zkLend lending platform was hoping they could secure the return of stolen funds from the attacker who stole 3,667 ETH (~$9.5 million at the time) from the platform in …

"ICERAID: Report Immigrants, Get Paid In Crypto"

A project called "ICERAID" has emerged, promising to reward "intelligence gathering" on "suspicious activities" by photographing supposedly criminal behavior by undocumented …

Royal Mail Spectos GmbH Third-Party Breach

In late March 2025, a threat actor claimed to have stolen approximately 144GB of data from Royal Mail by compromising Spectos GmbH, a data analytics vendor used by Royal Mail for …

Telegram post

A Coinbase customer reportedly lost 400 BTC (~$35 million) in a scam identified by blockchain sleuth zachxbt. While investigating the massive theft from the single customer, he …

"Galaxy Digital Settles with NYAG for $200 Million Over Luna Ties"

While many crypto firms have escaped enforcement actions from federal regulators thanks to massive industry lobbying, state enforcers are still on the beat. Crypto investment firm …

"Hyperliquid delists JELLYJELLY memecoin amid whale manipulation fiasco"

HyperLiquid's Hyperliquidity Provider market making vault suffered a $13.5 million loss after an alleged market manipulation incident involving a memecoin called JELLYJELLY. A …

"Polymarket faces scrutiny over $7M Ukraine mineral deal bet"

Bets on the Polymarket platform where the outcome is not clear are resolved using an oracle system called UMA, or Universal Market Access. Holders of the UMA token participate in a …

"Hacker steals $13 million in Abracadabra's 'Magic Internet Money' seemingly using a flash loan attack"

An attacker using a flash loan attack stole $13 million in the Magic Internet Money token from the Abracadabra project. The attack was enabled by a bug in the platform's smart …

DaVita Inc. Interlock Ransomware Attack

DaVita Inc., one of the largest kidney dialysis providers in the US, disclosed a ransomware attack on April 12, 2025. Intrusion began March 24, 2025 and was eradicated April 12. …

Tweet by BinanceWallet

Binance announced on Twitter that they had fired an employee after discovering that they had engaged in insider trading. The employee took a large position in a token that he knew …

"RWA platform Zoth suffers second hack this month — loses $8.4M"

RWA restaking platform Zoth suffered a $8.29 million hack after an attacker gained access to admin privileges that allowed them to modify the platform's smart contracts. The hacker …

"Binance memecoin platform Four Meme exploited again — this time for $130K"

After suffering an $183,000 loss to an attack in February, the BNB-based Four.Meme memecoin launchpad has been hacked again, this time for around $130,000. Four.Meme aims to be …

Ivanti Connect Secure zero-day exploitation CVE-2025-22457 (UNC5221 / China-nexus)

CVE-2025-22457 is a stack-based buffer overflow in Ivanti Connect Secure. Ivanti initially classified it as a low-risk DoS-only vulnerability and patched it 11 February 2025 in …

BleepingComputer

Yale New Haven Health System, a Connecticut-based health system affiliated with Yale School of Medicine, detected unauthorized network access on March 8, 2025. The health system …

"Zoth Hack Analysis"

Zoth, a restaking platform for "real world assets" (or RWAs), was hacked for around $285,000 when an exploiter discovered a bug in the platform's collateral calculations. This …

Tweet by 1inch

An attacker exploited a smart contract belonging to the 1inch DEX aggregator, stealing $5 million in the USDC stablecoin and wETH. According to the platform, the vulnerability …

17,891 corporate customers (companies) Third-Party Breach (March 2025)

Data breach at Japanese telecom giant NTT hits 18,000 companies. Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 …

Dozens of public schools across the USA Third-Party Breach (March 2025)

Thousands of public school workers impacted by cyberattack on retirement plan administrator. A December 2024 cyberattack on a prominent administrator for retirement plans has …

StreamElements Third-Party Breach (March 2025)

StreamElements Confirms Third-Party Data Breach from an Infostealer Infection. Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, …

Multiple US healthcare organizations and hospitals Third-Party Breach (March 2025)

Oracle Health breach compromises patient data at US hospitals. A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole …

Berkeley Research Group (BRG) Ransomware Attack

Berkeley Research Group (BRG), a major consulting and financial advisory firm, suffered a ransomware attack discovered March 2, 2025. Unauthorized activity occurred February 28 – …

"Wemix says delay in disclosing $6.2 million hack was to prevent panic: report"

The Wemix Foundation, which runs the blockchain gaming platform WEMIX, suffered a $6.2 million hack of their blockchain bridge. Although the hack occurred on February 28, the …

Complaint

A plaintiff named Mandar Mirashi has filed a lawsuit against an unknown defendant accused of stealing around $40 million in bitcoin through a sophisticated phishing attack and/or …

Tweet by Suji Yan

Suji Yan, the founder of the Mask Network, suffered the loss of more than $4 million in various cryptocurrency assets to an apparent wallet hack. According to Yan, the theft …

"0xInfini Incident Analysis"

Around $49.5 million in the USDC stablecoin was stolen from the Infini crypto-focused "stablecoin neobank", a fintech company that promises "financial freedom" by "democratizing …

Bybit Cryptocurrency Exchange Hack via Safe{Wallet} Supply Chain

On February 21, 2025, Bybit (Dubai-based cryptocurrency exchange) suffered the largest cryptocurrency theft ever recorded: $1.46 billion in Ethereum stolen from a cold wallet. …

Tweet by Ben Zhou

In what is looking like largest ever theft from a cryptocurrency exchange, attackers took control of a hot wallet belonging to the Bybit cryptocurrency exchange and moved a massive …

Tweet by 0xCygaar

Around $400,000 in ETH was stolen from around 9,000 wallets on the Abstract layer-2 network, which is built by the same company that makes the Pudgy Penguins NFTs. It appears that …

Opexus Federal Contractor Insider Breach

Opexus, a Thoma Bravo-owned software company providing records management services to nearly every US federal agency, was compromised by twin brothers Muneeb and Suhaib Akhter who …

StreamElements Gooten Merchandise Operations Vendor Breach

StreamElements, a platform for live streaming tools and creator merchandise, disclosed in March 2025 that a third-party vendor breach had exposed customer data. The breach …

Anne Arundel Dermatology Data Breach - 1.9 Million Patients

Anne Arundel Dermatology (a Maryland-based multi-site dermatology practice) disclosed a data breach affecting approximately 1.9 million individuals. Attackers maintained …

Tweet by Lookonchain

A tweet from Argentina's president Javier Milei promoted a memecoin called Libra, which he described as a "private project [that] will [be] dedicated to encouraging the growth of …

Tweet by CyversAlerts

The Starknet-based lending platform zkLend was exploited for around $9.5 million. zkLend paused the protocol after the attack was discovered, and began working with various crypto …

Tweet by Four.Meme

A BNB Chain memecoin platform, Four.Meme, announced on Twitter that they were "currently experiencing a malicious attack". The team briefly paused a portion of the service while …

"FTX User Accidentally Deposited 2,000 Tokens Year After Collapse"

A former FTX customer made an expensive mistake in October 2023 when he transferred 2,000 SOL (~$64,000 at the time, almost $400,000 today) to an old FTX account, about a year …

Tweet thread by zachxbt

Crypto sleuth zachxbt has accused the popular American cryptocurrency exchange Coinbase of "fail[ing] to stop its users losing $300M+ per year to social engineering scams". He …

Marks & Spencer ransomware attack (Scattered Spider / DragonForce)

Scattered Spider (UNC3944) gained initial access to M&S systems as early as February 2025 via social engineering of the third-party IT service desk (vishing/impersonation). …

17 Banks and 5 other organizations Third-Party Breach (February 2025)

Accendo Insurance Company Affected by Business Associate Data Breach. Data breaches have recently been announced by Accendo Insurance Company, Menorah Life, Humboldt Independent …

Current, former and prospective employees of its customers. Third-Party Breach (February 2025)

Background check and drug testing provider DISA Global Solutions reports data breach. Houston-based employee screening company DISA Global Solutions says a 2024 data breach exposed …

GrubHub Third-Party Breach (February 2025)

GrubHub data breach impacts customers, drivers, and merchants. ​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of …

Local credit and financial businesses Third-Party Breach (February 2025)

Russian officials warn of potential compromise of major tech services provider. In an unusual public disclosure, the Russian government said that subsidiaries of LANIT, a major …

Moses-Weitzman Health System Third-Party Breach (February 2025)

Over 1 Million Patients Affected by Community Health Center Data Breach. Community Health Center, a nonprofit healthcare provider in Middletown, Connecticut, has notified more than …

River Region Cardiology Third-Party Breach (February 2025)

Cyberattack on River Region Cardiology Affects Up to 500,000 Individuals. Cyberattacks have been reported by River Region Cardiology in Alabama and Delta County Memorial Hospital …

"AlleyCat - The Gambling Deployer!"

The creator of the AlleyCat Solana-based cryptocurrency project has reportedly taken about 600 SOL (~$130,000) raised during the project's presale and transferred it to gambling …

"Solana Meme Coin Dogwifhat Has No Deal With Las Vegas Sphere, Venue Says"

In late January, the creator of the "dogwifhat" memecoin announced "Officially confirmed. Viva hat vegas." in a tweet accompanied by a photo overlaying the dog meme with the Las …

"Poetic Justice"

A suite of software tools called DogWifTools was popular among memecoin creators looking to rug pull unsuspecting traders. By helping token creators mask supply control and fake …

Tweet by Ether Strategy

A Ethereum-based project promising to duplicate the bitcoin leveraged investment strategy used by MicroStrategy has announced that, prior to even launching, 165 ETH (~$535,850) was …

Tweet thread by Arkham

Ross Ulbricht, the founder of the Silk Road darknet market place, earned a presidential pardon on January 21 as an apparent thank you by President Trump to the Libertarian Party. …

"Experts question whether $20m crypto project has code to back up quantum computing claims"

A project called "Tsotchke" has convinced a lot of people to buy up its token based on claims that it uses "spin-based quantum computing" to "enable quantum-enhanced AI at room …

Western Sydney University data breach (2025) — 10,000 students

Unauthorised access to Western Sydney University's systems via the SSO service occurred between 28 January and 25 February 2025. Approximately 10,000 current and former students …

Frederick Health Medical Group Ransomware Attack

On January 27, 2025, Frederick Health Medical Group (a Maryland-based healthcare network with 25+ locations) announced a ransomware attack that compromised the protected health …

HIPAA Journal

Episource LLC, a medical coding and risk adjustment company and Optum/UnitedHealth Group subsidiary, detected a ransomware intrusion on February 6, 2025, after unauthorized access …

"Kucoin Pleads Guilty To Unlicensed Money Transmission Charge And Agrees To Pay Penalties Totaling Nearly $300 Million"

The KuCoin cryptocurrency exchange has pleaded guilty to a charge filed against them in March that they were operating an unlicensed money transmitting business. Since at least …

Tweet by Frederico0x

The Singapore-based Phemex cryptocurrency exchange has acknowledged the compromise of some of the exchange's hot wallets, which saw outflows of at least $37 million across multiple …

Tweet thread

The ThorChain project is in crisis amid news that the project is insolvent. In order to prevent what would effectively be a bank run and likely death spiral, the project has paused …

"Crypto Casino Founder Apologizes for Gambling Away Investor Funds"

Richard Kim, the founder of the Zero Edge crypto casino, resigned on July 2, 2024 after blowing most of the project's seed funding. Kim was a former executive of Galaxy Digital, …

Oracle Health (Cerner) Legacy Server Breach - 80 Hospitals Patient Data

On or after January 22, 2025, a threat actor used stolen credentials to access legacy Cerner electronic health record (EHR) servers belonging to Oracle Health that had not yet been …

SimonMed Imaging Medusa Ransomware Attack - 1.27M Patients

Between January 21 and February 5, 2025, the Medusa ransomware group exfiltrated data from SimonMed Imaging (a large US radiology/medical imaging provider). Medusa claimed more …

Tweet by SlowMist

A Twitter account called @TrumpDailyPosts has more than 1.3 million followers on Twitter. While the account does automatically crosspost to Twitter any posts Donald Trump makes on …

DOGE Access to Federal Government Data Systems

Starting January 20, 2025, operatives associated with the Department of Government Efficiency (DOGE), led by Elon Musk, were granted unprecedented access to sensitive federal …

"‘Forgive him Satoshi’ — Trump’s pastor ripped for memecoin that crashed 93% after launch"

Reverand Lorenzo Sewell, a pastor and vocal Trump supporter who delivered the benediction at Donald Trump's inauguration, followed in his hero's footsteps by trying to shill a …

Tweet by Melania Trump

Before people had a chance to process the fact that the incoming president of the United States had just launched his own transparent crypto cash-grab, the soon-to-be First Lady …

"Students for Trump co-founder denies rug pull accusations after selling half of 'TIKTOK' memecoin's supply"

Ryan Fournier, a co-founder of the Students for Trump organization, worked with a memecoin creator to create a $TIKTOK memecoin, which he said was intended to celebrate TikTok …

Tweet by Donald Trump

In what is likely a preview of the levels of grift about to come — levels previously not thought possible — Trump has launched a Solana memecoin two days before his inauguration. …

Order

The Digital Currency Group has agreed to settle with the SEC for $38 million over charges that its Genesis subsidiary misled investors. When the hedge fund Three Arrows Capital …

"MakersPlace Announces Market Exit"

Citing "ongoing market challenges and funding difficulties", the MakersPlace NFT platform announced it will be shutting down after six years of operations. The company had raised …

"Global Cryptocurrency Exchange BitMEX Fined $100 Million For Violating Bank Secrecy Act"

Although BitMEX had previously tried to argue that they should not face additional penalties after being fined $110 million in 2024 for Bank Secrecy Act violations, a judge has …

"Traders seethe after Sony freezes memecoins on its new blockchain"

Only hours after Sony launched its "Soneium" layer-2 Ethereum blockchain, the company was accused of "rugging" people who had purchased various memecoins launched on Soneium when …

"The Idols NFT"

An attacker noticed a vulnerability in a smart contract for The Idols, an NFT project that also incorporates ETH staking functionality. They discovered that a function used to …

"Almost 10,000 images of tennis balls plunge up to 90% in value as Australian Open appears to ditch NFTs"

Holders of any of the several thousand "AO ArtBall" NFTs may be disappointed as the Australian Open appears to have abandoned the project aimed at tennis fans. The first NFTs …

Tweet by SlowMist

The UniLend project, which advertises itself as a "unified platform for all things AI and defi", was exploited for almost $200,000. An attacker was able to take advantage of a bug …

Tweet by David Hoffman

The hosts of the Bankless crypto podcast have landed in hot water after selling off some of the substantial quantities of $AICC tokens they were allocated as investors in the …

"Attorney General James Stops Text Message Scam Targeting Vulnerable New Yorkers Looking for Remote Job Opportunities"

New York Attorney General Letitia James announced a lawsuit against a group of scammers operating a scheme in which they promised fake job opportunities to victims, convincing them …

"Dutch police arrest law student behind multi-million euro crypto scheme"

A self-described crypto banker from Hengelo, Netherlands was arrested in connection to an alleged crypto pyramid scheme he'd been running. He'd originally told police that he was …

"Moby Post-Mortem Report / Growth Plan"

The Moby Trade defi options protocol suffered a $1 million loss, narrowly avoiding the loss of another nearly $1.5 million. The project team stated that a hacker had "identified …

Tweet by Orange Finance

The Arbitrum-based liquidity management project Orange Finance suffered at least $840,000 in losses after hackers compromised the project's admin address, then used it to upgrade …

"'Money we don't have to spare': Spoofed website causes Toronto man to lose $100K"

A man who received an inheritance in 2021 and decided to put it into crypto lost his entire $100,000 balance when he fell victim to a spoofing site in 2023. When he decided to …

Tata Technologies Hunters International Ransomware Attack

Tata Technologies, a Tata Group subsidiary providing engineering and technology services in automotive, aerospace, and industrial sectors (12,500+ employees, operating in 27 …

Coinbase TaskUs Outsourced Customer Support Bribery Breach

Starting in approximately early 2025, cybercriminals recruited and bribed several customer support agents employed by TaskUs, Coinbase's outsourced support provider operating from …

94 K-12 Schools Third-Party Breach (January 2025)

PowerSchool hack exposes student, teacher data from K-12 districts. Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat …

Allegheny Health Network Third-Party Breach (January 2025)

294,000 Allegheny Health Network Patients Affected by Business Associate Cyberattack. Allegheny Health Network (AHN), a Pittsburgh-based 14-hospital academic medical system, has …

CenterPoint Energy Third-Party Breach (January 2025)

Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach. A large Texas energy company confirmed it is investigating reports of stolen customer …

Khalil Foundation Third-Party Breach (January 2025)

Billing Support Vendor Notifies 701K Patients About December 2023 Data Breach. Medusind, a Florida-based revenue cycle management vendor and practice management software provider, …

Rostelecom Third-Party Breach (January 2025)

Russian telecom giant Rostelecom investigates suspected cyberattack on contractor. Russia's Rostelecom said that it was responding to a cyberattack on a contractor that helps to …

Square Medical Group Third-Party Breach (January 2025)

Frederick Health Recovering from Ransomware Attack. Frederick Health in Maryland is investigating a ransomware attack, Holdrege Memorial Homes in Nebraska has mailed notification …

Stiiizy Third-Party Breach (January 2025)

380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy. This website stores cookies on your computer. These cookies are used to improve your website experience and provide …

TalkTalk Third-Party Breach (January 2025)

TalkTalk investigates breach after data for sale on hacking forum. UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor …

TalkTalk CSG Ascendon Telecom Platform Breach

In January 2025, TalkTalk, the UK telecommunications provider, disclosed that a data breach had occurred via CSG Ascendon, its third-party subscriber management and billing …

Magento Extension Supply Chain Attack (Tigren, Meetanshi, MGS — 500-1000 E-Commerce Stores)

In May 2025, security researchers disclosed that three Magento extension vendors — Tigren, Meetanshi, and MGS (Mageplaza) — had their extension distribution servers compromised. …

Trimble Cityworks Vulnerability Exploited Against US Local Governments

Beginning in early 2025, threat actors exploited CVE-2025-0994, a critical deserialization vulnerability in Trimble Cityworks, to compromise GIS asset and work-order management …

Coinbase Insider Bribery Data Breach

Attackers bribed at least one overseas customer support agent contracted through third-party vendor TaskUs to access and steal Coinbase customer data from internal support systems. …

AI-Enabled Cyberattack Acceleration — Reduced Breakout Times, Autonomous Attack Chains

By 2025-2026, documented evidence shows AI is systematically accelerating cyberattack timelines and lowering barriers to entry for attackers, while defenders face structural …

AI-Powered Identity Theft Wave — Synthetic Identity Fraud, Deepfake KYC Bypass 2025-2026

By 2025-2026, AI-powered identity theft had emerged as a major and growing threat category, representing a structural shift in how identity fraud and credential theft are conducted …

Oracle Cloud (OCI) Infrastructure Breach — 6 Million Records, Login Credentials

In March 2025, a threat actor known as 'rose87168' advertised on BreachForums the sale of approximately 6 million records allegedly stolen from Oracle Cloud's federated SSO login …

Wyndham Third-Party Breach (January 2025)

Otelier data breach exposes info, hotel reservations of millions. Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage …

Grubhub Data Breach via Third-Party Contractor

Grubhub detected unusual activity traced to a compromised third-party contractor account in early 2025. The contractor had access to internal systems used for customer care. Stolen …

Telegram post

After crypto sleuth zachxbt noticed an apparent theft from the NoOnes peer-to-peer crypto trading platform on January 1, CEO Ray Youssef was forced to acknowledge the theft. He …

Machine-Speed Cyberattacks — AI-Automated Attack Chains Outpace Human Defence

By 2025-2026, documented case studies from Darktrace, CrowdStrike, Palo Alto Networks Unit 42, and Microsoft MSTIC demonstrate that the most advanced attackers are executing …

"FEG token holders in despair after third hack causes 99% dump"

The "Feed Every Gorilla" project has once again been hacked, after suffering a pair of flash loan attacks in May 2022 amounting to $1.9 million in losses. The protocol also …

“Tai Mo Shan to Pay $123 Million for Negligently Misleading Investors About Stability of Terra USD”

The SEC has levied a $123 million fine against Jump Crypto subsidiary Tai Mo Shan, which was part of a secret deal with Terraform Labs to help prop up the floundering Terra …

K-12 Dive

PowerSchool, the dominant K-12 student information system provider serving approximately 16,000 schools and 50 million students in North America, suffered a data breach beginning …

PowerSchool SIS data breach — 62 million students and 9.5 million educators

Attacker (later identified as Massachusetts college student Matthew D. Lane, 19) used compromised credentials to access PowerSchool's PowerSource support portal on 19 December …

Indictment

Gabriel Hay and Gavin Mayo, two LA-based NFT creators, have been charged for defrauding investors of more than $22.4 million through a series of NFT rug pulls and other crypto …

Ivanti Connect Secure zero-day CVE-2025-0282 exploited by UNC5221 (China-nexus)

CVE-2025-0282 is an unauthenticated stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways enabling remote code execution. Mandiant identified …

Tweet by Anchor Drops

A crypto holder tweeted at the Ledger hardware wallet manufacturer to report that 10 BTC (~$1 million) and "~1.5m of NFTs" had been stolen from a Ledger wallet they were using. …

"Kraken crypto exchange operator to pay $8 million following ASIC enforcement action"

The US-based cryptocurrency exchange Kraken has been fined AU$8 million (US$5.1 million) for illegally offering margin trading to Australian customers. The firm had offered the …

"CFTC Charges Washington State Pastor with Fraud, Misappropriation in Multilevel Marketing Scheme Targeting Hispanic Americans"

The CFTC has filed suit against Francier Obando Pinillo, an American former pastor who targeted his former congregants and other unsophisticated investors with a crypto pyramid …

"Clober Dex Incident Analysis"

Clober, a DEX built on Coinbase's Base Ethereum layer-2, suffered an exploit only about a week after its launch. A re-entrancy bug in the project allowed an attacker to siphon …

"False prophet"

Users of the Alpaca Finance lending protocol suffered losses when the protocol's sloppy oracle implementation finally resulted in consequences. Although many had warned the project …

BleepingComputer

Monroe University, a New York-based for-profit university, suffered a cyberattack between December 9 and December 23, 2024, in which threat actors exfiltrated data on 320,973 …

"Brooklyn District Attorney Shuts Down 40 Domains Associated With NFT Crypto Scam Targeting Artists, After Brooklyn Painter Lost Over $135,00"

An 85-year-old painter from Brooklyn was convinced to send scammers $135,000 after they promised they would sell his artwork as NFTs on OpenSea. After agreeing to have a supposed …

"Hawk Tuah memecoin dumps 90% amid backlash over controversial launch"

Who could have guessed that buying up a token based around the long-past-its-expiration-date hawk tuah meme might turn out to be an unwise investment? Haliey Welch, the originator …

Ultralytics YOLO PyPI Package Supply Chain Attack

The popular Ultralytics YOLO AI/ML library (60M+ downloads, 30K+ GitHub stars) was backdoored on 4 December 2024. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 deployed XMRig to mine …

"Solana Web3.js library backdoored to steal secret, private keys"

An attacker was able to compromise an account that had publish access for the official Solana web3.js library, which is widely used by dApps to read and write from the Solana …

Tweet by RTFKT

Nike will be shutting down its RTFKT "virtual collectibles" project at the end of January 2025, according to an announcement made in early December. Nike had acquired RTFKT in 2021 …

Hertz Cleo MFT Clop Breach (100K+ Customers including Thrifty and Dollar)

Hertz Corporation disclosed in April 2025 that customer data had been stolen in attacks exploiting Cleo managed file transfer (MFT) software vulnerabilities in approximately …

Monument Health Third-Party Breach (December 2024)

Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss. A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach …

Pavilion of Bridgeview Third-Party Breach (December 2024)

Gastroenterology, Cardiology, and Nursing Care Providers Suffer Cyberattacks. Cyberattacks have recently been announced by Connecticut GI and Gastroenterology Associates of …

RIBridges system Third-Party Breach (December 2024)

Rhode Island confirms data breach after Brain Cipher ransomware attack. Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing …

Veterans Health Administration Third-Party Breach (December 2024)

Colonial Behavioral Health & Veterans Health Administration Patients Affected by Ransomware Attacks. Colonial Behavioral Health and a medical transcription service provider used by …

Whittier Hospital Third-Party Breach (December 2024)

Californian Hospitals Continue to be Disrupted by Thanksgiving Ransomware Attacks. Over Thanksgiving weekend, Watsonville Community Hospital and PIH Health in California fell …

Ascension Health Former Business Partner EHR Data Breach

Ascension Health disclosed in April 2025 a second security incident, separate from the May 2024 Black Basta ransomware attack. This breach involved a former business partner that …

Orange Romania HellCat/Rey Data Breach - 600K Records

In early 2025, the HellCat-affiliated threat actor 'Rey' exfiltrated 6.5 GB of data (12,000 files) from Orange Romania's back-office systems, resulting in exposure of over 600,000 …

Tweet by Clipper DEX

The Clipper decentralized exchange suffered a $450,000 exploit across two Ethereum layer-2 chains. Although some speculated that the issue may have been a private key leak, Clipper …

Krispy Kreme cyberattack (Play ransomware)

Krispy Kreme detected unauthorized IT activity 29 November 2024; disclosed via SEC 8-K 11 December 2024. Online ordering disrupted. Play ransomware gang claimed attack in December; …

"Crypto exchange XT.com suspends withdrawals after suspected $1.7M hack"

On November 28, cryptocurrency exchange XT.com abruptly suspended withdrawals, citing a "wallet upgrade and maintenance". However, after a blockchain security firm identified $1.7 …

Southeast Series of Lockton Companies Data Breach - 1.1M Individuals

On November 20, 2024, an unauthorized party gained access to a single employee account and computer within the Southeast Series of Lockton Companies' network — one of the largest …

"This Child Made $30K Rugging a Solana Meme Coin—Then Crypto Degens Got Revenge"

A 13-year-old known as the "Gen Z Quant kid," created a token called QUANT and executed a rug pull, making $30,000. In retaliation, various people in the cryptocurrency world …

Tweet by DEXX

DEXX, a platform that advertises itself as the "first memecoins trading terminal application", disclosed that it had been hacked when it posted a message on social media addressed …

"Crypto lender Polter Finance halts operations after $12M hack"

The Fantom-based Polter Finance defi project was exploited for $7 million when an attacker was able to perform an oracle manipulation attack. By artificially increasing the price …

"Thala recovers $25.5M in crypto lost through v1 farming vulnerability"

The Thala Labs Aptos-based defi project suffered a $25.5 million theft when an attacker exploited a vulnerability in one of their smart contracts. They paused related smart …

Cleo MFT zero-day exploitation by Clop ransomware (CVE-2024-50623 / CVE-2024-55956)

Clop ransomware group exploited CVE-2024-50623 in Cleo's MFT products starting November 2024, bypassing the initial patch. Huntress identified active exploitation 3 December 2024 …

Tweet by DeltaPrime

The DeltaPrime defi protocol was hacked for the second time in two months, losing $4.8 million in Arbitrum and Avalanche tokens. The attacker appeared to have exploited a flaw in …

"Trader who lost $26M to copy-paste error says it’s been ‘max pain’"

After apparently exhausting all his other options, a trader has put out a call to "all skilled hackers and white hats out there" to help him recover 7,912 Renzo staked ETH (ezETH) …

Legends International Entertainment Services Data Breach

Legends International, a major entertainment venue management and premium services company, detected unauthorized activity on November 9, 2024. The company manages venue services …

Tweet by CyversAlerts

Crypto-powered poker website CoinPoker was apparently exploited for around $2 million when an attacker was able to compromise a hot wallet controlled by the platform. The attacker …

Ahold Delhaize USA INC Ransom Attack

INC Ransom breached Ahold Delhaize USA (parent of Stop & Shop, Food Lion, Giant Food, Hannaford, and The Giant Company) between 5-6 November 2024, stealing up to 6 TB of data. …

"Online Casino MetaWin hacked for $4 million — ZackXBT"

Hot wallets used by the MetaWin crypto casino were drained of around $4 million. According to the company's CEO, the attacker "t[ook] advantage of our frictionless withdrawal …

Bologna FC RansomHub Ransomware Attack

Italian Serie A football club Bologna FC was attacked by RansomHub in November 2024. RansomHub claimed to have stolen 200 GB of data including player contracts, passports, …

Schneider Electric Hellcat Ransomware Attack

Hellcat ransomware group breached Schneider Electric's internal Atlassian Jira project tracking platform in November 2024, stealing over 40 GB of compressed data including 75,000 …

HIPAA Journal

ARC Community Services, a Wisconsin-based nonprofit providing community living and support services for people with intellectual and developmental disabilities, announced a …

Mid-Minnesota Management Services (Central Resources) Third-Party Breach (November 2024)

Data Breaches Reported by Hopscotch; Athenahealth; Central Resources. Hopscotch Health Management has learned that a bad actor accessed the physical records of almost 5,000 …

Ministère du Travail et de l'Emploi Third-Party Breach (November 2024)

Young people’s data feared stolen in cyberattack on French government contractor. The French government said an incident directly impacted an unnamed service provider used by the …

Nokia Third-Party Breach (November 2024)

Nokia investigates breach after hacker claims to steal source code. Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the …

Presbyterian Healthcare Services Third-Party Breach (November 2024)

Presbyterian Healthcare Services & ORM Fertility Patients Affected by Data Breaches. Oregon Reproductive Medicine, doing business as ORM Fertility, has announced a security breach …

Sainsbury's Third-Party Breach (November 2024)

Ransomware attack on software supplier disrupts operations for Starbucks and other retailers. A ransomware attack that hit a major software provider last week caused disruptions …

TriHealth Physician Partners (TriHealth) Third-Party Breach (November 2024)

TriHealth Physician Partners Confirms Patient Data Exposed in Cyberattack. Cyberattacks have recently been announced by TriHealth Physician Partners in Ohio and Harmac Medical …

Schneider Electric Third-Party Breach (November 2024)

Schneider Electric confirms dev platform breach after hacker steals data. Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal …

Finastra SFTP Banking Software Data Breach

Finastra (London-based fintech serving 45 of the world's top 50 banks and 8,100+ financial institutions in 130 countries) had its SFTP platform accessed between 31 October and 8 …

"Crypto apps see malicious popups after Ace Drainer hacks animation library"

Attackers were able to inject malicious code into the popular "LottieFiles" JavaScript animations library. Visitors to websites using the library saw a prompt to connect their …

"Security Update"

The UAE-based M2 cryptocurrency exchange was hacked for $13.7 million in bitcoin, ether, and Solana tokens. The exploiter compromised several of the exchange's hot wallets to take …

"Bitcoin scammers impersonate police, Sunray Finance $2.7M drain: Crypto-Sec"

A perpetuals trading platform called Sunray Finance was hacked on October 30 by an attacker who was able to upgrade a smart contract used by the protocol. They then were able to …

"US Government Crypto Wallet Drained of $20 Million in Suspicious Transfers"

More than $20 million in stablecoins and Ethereum were transferred from a wallet identified as belonging to the US government, and holding funds connected to the 2016 hack of the …

"Solana Meme Coin Sharpei Plunges 96% in Seconds in Epic Rug Pull"

A dog-themed memecoin project called Sharpei abruptly cashed out $3.4 million, tanking the token price by more than 96% in seconds. The project had been promoted by crypto …

"What happens when a secretive blockchain company buys your game studio"

Sometime in 2023, blockchain firm Forte acquired game studios Phoenix Labs and Rumble Games. However, it would be a year before this came to light, because according to a report …

Midnight Blizzard Large-Scale RDP Spear-Phishing Campaign

From 22 October 2024, Midnight Blizzard targeted thousands of users across 100+ organizations in government, academia, defense, and NGOs in UK, Europe, Australia, and Japan. Emails …

Conduent Business Services SafePay Ransomware Attack

Conduent, a company providing payment processing and document services to major health insurers and state government programs, was breached by the SafePay ransomware group. …

Conduent Business Services SafePay Ransomware - 25M+ State Benefits Recipients

An unauthorized third party had access to Conduent Business Services' systems from October 21, 2024, to January 13, 2025, when operational disruption was triggered. Conduent …

Tweet by Tapioca DAO

The defi lending protocol Tapioca DAO was exploited after an attacker reportedly socially engineered the DAO's co-founder and gain access to their private key. The attacker then …

Radiant Capital DeFi Hack

On 16 October 2024, attackers executed transferOwnership on Radiant Capital's Pool Provider contract using 3 collected malicious signatures, gaining control of all lending pool …

"Radiant Capital Loses $50M to Second Blockchain Exploit This Year"

The cryptocurrency lending project Radiant Capital was hacked for the second time in under a year, this time for more than $50 million in the USDC stablecoin, wBNB, ETH, and other …

"On the LSM Module"

Cosmos creator Jae Kwon has raised concerns about a portion of the Cosmos protocol called the "Liquid Staking Module" after learning it was developed by North Korean agents. …

Tweet by Scam Sniffer

An attacker using the permit phishing technique stole $1.39 million in tokens from an unsuspecting holder. The victim unknowingly signed a "Permit2" signature — a function intended …

MUT-8694 npm and PyPI Malicious Package Campaign

Datadog Security Labs identified a coordinated supply chain attack campaign (tracked as MUT-8694) active from at least October 10, 2024, targeting both the npm and PyPI package …

Casio Ransomware Attack (Underground Group)

Casio, the Japanese electronics and watchmaking company, suffered a ransomware attack on October 5, 2024. The Underground ransomware group claimed responsibility on October 10, …

"EigenLayer Says Unauthorized Selling Was an 'Isolated Incident', But Critics Still Have Concerns"

Around 1.67 million EIGEN tokens belonging to an investor in the popular Ethereum-based EigenLayer project were stolen after the investor was tricked into transferring the tokens …

BleepingComputer