69 articles. Data breach intelligence and exposure analysis. PII theft, credential leaks, and unauthorized access incidents across MENA, EU, and US.
ShinyHunters claims 3M Salesforce records, 300+ GitHub repos, and AWS data from three breach vectors in a triple-vector extortion against Cisco.
Passport scans of 700+ VIP attendees leaked - former UK PM David Cameron, Binance CEO, hedge fund billionaires. Open cloud storage, zero authentication.
An unauthorized actor accessed TriZetto's eligibility verification portal for 11 months, stealing SSNs and medical data belonging to 3.4M patients.
ShinyHunters vished an Infinite Campus employee, bypassed MFA in real time, and exported Salesforce customer directory data in a 10-minute attack window.
A phishing email delivered infostealer malware to a TELUS Digital support agent in India, capturing Okta SSO credentials that unlocked Crunchyroll's.
A software defect in an overnight API update broke transaction isolation across Lloyds, Halifax, and Bank of Scotland mobile apps for 4 hours and 40.
A broken access control flaw in the Companies House WebFiling service - introduced during the October 2025 GOV.UK One Login migration.
ShinyHunters vished an Aura employee, compromised their Okta SSO credentials, and exfiltrated 903,100 records from a legacy marketing platform inherited.
A cyberattack on Consumer Safety Technology disabled backend calibration systems for Intoxalock ignition interlock devices from March 14-22.
ShinyHunters breached Woflow, an AI merchant data platform serving as the data infrastructure layer for four major delivery/retail platforms.
VoidStealer is the first infostealer in the wild to bypass Chrome's Application-Bound Encryption without code injection or privilege escalation.
Attackers compromised the Commission's AWS account hosting Europa.eu. ShinyHunters claim 350GB stolen including mail servers, databases, and contracts.
A new macOS stealer uses fake Cloudflare CAPTCHAs to trick users into pasting a curl command into Terminal. Steals Keychain, browser credentials.
A BOLA flaw in Navia Benefit Solutions' API exposed 2.7 million benefit plan participants including HackerOne employees. Seven years of records.
Coordinated hacktivist DDoS campaign triggered by US-Israeli strikes on Iran. 12 pro-Iranian and allied groups conducted 149 attacks against banks, airports.
Threat actor FULCRUMSEC exploited CVE-2025-55182 to breach LexisNexis AWS infrastructure. 400K user profiles, 118 .gov accounts including 3 federal judges.
Attacker used stolen civil servant credentials to access France's centralized registry of all bank accounts. 1.2M accounts including IBANs and tax IDs exposed.
CERT-EU detected attack on the European Commission's MDM infrastructure. Staff names, phone numbers, emails exposed. Contained within 9 hours.
ShinyHunters used real-time MFA relay vishing to breach Figure Technology, America's largest non-bank HELOC lender, exfiltrating 967,000 accounts in 90 minutes.
Elasticsearch 8.15.2 with security explicitly disabled exposed 676M consumer records including full SSNs Mar 8, 2026 Β· 676M records.
ShinyHunters exfiltrated ~1PB from the US$2.7B Canadian BPO giant - FBI background checks, voice recordings, source code, AI training data.
ShinyHunters social-engineered Odido's Salesforce CRM via phishing + vishing, scraping 6.5M individuals + 600K companies over 48 hours.
Passport scans of 700+ VIP attendees including former UK PM David Cameron, Binance CEO, hedge fund billionaires Feb 1, 2026.
Three threat actors claimed 200GB from Bahrain's NSA email infrastructure in 8 months. ESIX 7.13. US Fifth Fleet and UK intelligence-sharing implications.
Threat actors exfiltrated 371,000 customer records from the UAE's second-largest telecom operator and set a ransom deadline. Emirates IDs and billing data.
Attackers accessed Prosper databases for three months undetected via cloud misconfiguration, exfiltrating SSNs, bank accounts, and tax records of 17.6M.
A threat actor exfiltrated 239GB containing 417,000 files from the UAE's mandatory engineering licensing body, including Emirates IDs, passports.
Threat actor Kazu exfiltrated 1.94TB containing 13M files from Dubai's Ports, Customs and Free Zone Corporation, selling passport scans and gate logs for $50K.
700,000 credit card holder records from the Middle East's largest bank sold for just $430 on a Chinese-language forum. Third Emirates NBD breach in 18 months.
A database of 690,000 Saudi bank account holders with full names, IBANs, and account balances was sold for $420 on a Chinese-language cybercrime forum.
Pro-Iranian hacktivist group Cyber Fattah leaked passport scans, IBANs, and medical certificates of 6,000+ Saudi Games 2024 participants via unsecured.
11GB of classified data from Saudi Arabia's General Intelligence Presidency surfaced on dark web platforms, exposing personnel records and operational.
A 19-year-old used stolen credentials on PowerSchool's MFA-less support portal, stealing 62.4M student and 9.5M teacher records including SSNs and medical.
NEOM's recruitment portal was compromised and 280,000 applicant records sold on BreachForums. Prior credential leaks dating to 2023 had gone unremediated.
Patient records from four Lebanese hospitals spanning 2010-2021 posted to dark web with cleartext passwords, including medical records, passports.
A politically motivated threat actor published 15,500 Bahraini government service portal credentials on a dark web forum. No acknowledgment from Bahraini.
Four separate breaches from 2021 to 2023 exposed SSNs and driver's licenses for 76M+ customers, resulting in a $350M class action settlement and $31.5M.
A data broker's 2.9B records including 272M Social Security numbers were posted for free on BreachForums. NPD filed bankruptcy shortly after.
Hellcat ransomware co-founder Pryx exploited an IDOR vulnerability in saudi.gov.sa to exfiltrate 40GB of citizen data including national IDs and driver's.
Threat actor IntelBroker published 196,000 Lulu Hypermarket customer records on BreachForums, exposing names, emails, phone numbers, and loyalty card data.
Coordinated DDoS attacks simultaneously hit ADCB, FAB, Mashreq, and RAKBANK, disrupting critical banking services and raising systemic risk concerns.
Multiple threat actors breached TDRA and uae.gov portals throughout 2024, listing citizen data, employee records, admin credentials.
FBI arrested Jordanian national Feras Albashiti after an XSS forum undercover operation exposed him as a prolific initial access broker who sold RCE.
Threat actor 'sentap' listed 7M+ Saudi patient records on the Exploit forum, including blood types, pregnancy status, payment methods, and home addresses.
A threat actor published 864 employee records from Riyadh Airports Company, operator of King Khalid International Airport, on a cybercrime forum for $290.
A health insurance database covering 85 million Egyptian citizens appeared for sale on BreachForums, containing national IDs, addresses.
73 million AT&T customer records with SSNs and trivially reversible passcodes were published on the dark web. A second breach of 110M call records.
Qatar's largest expat community platform had its Elasticsearch database posted on BreachForums, exposing user IDs, names, emails, and phone numbers.
Credential stuffing exposed immutable genetic ancestry data for 6.9M 23andMe users via the DNA Relatives feature, triggering a $50M settlement.
A database of 2 million Egyptian patient records from the Ministry of Health appeared for sale on dark web markets, containing Arabic names, national IDs.
600MB containing 1.4M employee records from Saudi Arabia's Ministry of Foreign Affairs surfaced on dark web forums, exposing diplomatic staff at embassies.
Hacktivist group 'Egypt Leaks' published account records, transaction histories, and internal communications from multiple Egyptian banks online.
A Nigerian cybercrime gang breached BBK's server infrastructure over two days and fraudulently transferred ~$739,000 from three customer accounts to 87.
A SQL database of Saudi MOH patient records appeared for sale on dark web forums, containing Arabic names, national IDs, medical diagnoses.
Internal activation reports from Virgin Mobile KSA leaked on breach forums, exposing employee IDs, customer names, phone numbers, national IDs.
Attackers compromised Kuwait News Agency's official Twitter account and broadcast fabricated reports of a US military withdrawal, causing a diplomatic crisis.
585GB of data from 5M Saudi users including real names, phone numbers, and precise GPS locations was left on an unprotected MongoDB database with no.
Attackers maintained access to Starwood's systems for four years undetected, compromising 339M guest records including 5.25M unencrypted passport numbers.
Trip histories, location data, and personal details of 14.5M Careem users and drivers across 14 MENA countries were stolen, helping catalyze the UAE data.
Uber paid hackers $100K in bitcoin to stay silent, then concealed a 57M-user breach from the FTC for over a year. CSO Joe Sullivan was later convicted.
Attackers planted fake quotes attributed to the Emir on QNA's website, triggering the 3.5-year Saudi-led blockade of Qatar and a major Gulf diplomatic crisis.
The largest bank in the Middle East suffered a massive 1.4GB data exfiltration exposing 465,000 account numbers, credit card details.
Attackers breached two payment processors to remove withdrawal limits on 12 prepaid cards, enabling a $40M global ATM cash-out heist across 24 countries.
Hacktivist group Al-Toufan launched multi-wave attacks on Bahrain's airport, news agency, and financial institutions timed to the 2011 Pearl Roundabout.
An unprotected AWS S3 bucket exposed data of 72,000+ Egyptian children including names, birth dates, national IDs, and test scores.
SMT Group found Jordan's telecom sector leaked 92% of all credentials between 2017-2019, with Orange Jordan responsible for more than half of telecom.
Two foreign cybercrime gangs arrested using rogue BTS/IMSI catchers in Kuwait to intercept SMS and inject fraudulent bank messages.
Lebanon's Education Ministry accidentally published 56,000 student exam results and 27,000 teacher bank account numbers on its website.
Lapsus$ - the extortion group whose core members were arrested and convicted in 2022-2023 - claimed Lacoste as a victim, stealing source code.