Cybersecurity breach analyses, threat intelligence, and data exposure research across MENA, Europe, and the United States.https://zerotolerance.me/en-ushttps://zerotolerance.me/cyberthreats/fbi-dcs3000-surveillance-breach-china-salt-typhoon/https://zerotolerance.me/cyberthreats/fbi-dcs3000-surveillance-breach-china-salt-typhoon/FBI's DCS-3000 pen register system compromised via ISP vendor supply chain. Surveillance target phone numbers and PII exposed.Sun, 05 Apr 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/linkedin-browsergate-extension-scanning/https://zerotolerance.me/cyberthreats/linkedin-browsergate-extension-scanning/LinkedIn deployed hidden JavaScript scanning visitors for 6,236 browser extensions - including 200+ competitors - while harvesting device telemetry.Fri, 03 Apr 2026 00:00:00 GMTsurveillance-privacyhttps://zerotolerance.me/cyberthreats/cisco-shinyhunters-salesforce-aws-trivy-breach/https://zerotolerance.me/cyberthreats/cisco-shinyhunters-salesforce-aws-trivy-breach/ShinyHunters claims 3M Salesforce records, 300+ GitHub repos, and AWS data from three breach vectors in a triple-vector extortion against Cisco.Tue, 31 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/uspto-govdelivery-trademark-scam-investigation-2026/https://zerotolerance.me/cyberthreats/uspto-govdelivery-trademark-scam-investigation-2026/Fraudsters weaponize the USPTO's real GovDelivery email system as a social engineering prop during live phone scams targeting trademark filers. 77,000+ victims.Wed, 01 Apr 2026 00:00:00 GMTenforcementhttps://zerotolerance.me/cyberthreats/axios-npm-supply-chain-attack-2026/https://zerotolerance.me/cyberthreats/axios-npm-supply-chain-attack-2026/North Korea's UNC1069 social-engineered the lead Axios maintainer, hijacking npm and GitHub accounts to deploy the WAVESHAPER.V2 RAT via 100M weekly downloads.Tue, 31 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/passaic-county-medusa-ransomware-2026/https://zerotolerance.me/cyberthreats/passaic-county-medusa-ransomware-2026/Medusa ransomware knocked out Passaic County phone lines and IT systems. $800K ransom demanded. Same group that shut down UMMC's 35 clinics.Wed, 04 Mar 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/lacoste-lapsus-data-breach-2026/https://zerotolerance.me/cyberthreats/lacoste-lapsus-data-breach-2026/Lapsus$ - the extortion group whose core members were arrested and convicted in 2022-2023 - claimed Lacoste as a victim, stealing source code.Wed, 07 Jan 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/interpol-synergia-iii-takedown-2026/https://zerotolerance.me/cyberthreats/interpol-synergia-iii-takedown-2026/INTERPOL's largest coordinated cyber takedown of 2026 dismantled 45,000+ malicious IPs, arrested 94 suspects, and seized 212 devices across 72 countries.Fri, 13 Mar 2026 00:00:00 GMTenforcementhttps://zerotolerance.me/cyberthreats/oracle-cloud-health-dual-breach-2025/https://zerotolerance.me/cyberthreats/oracle-cloud-health-dual-breach-2025/Passport scans of 700+ VIP attendees leaked - former UK PM David Cameron, Binance CEO, hedge fund billionaires. Open cloud storage, zero authentication.Fri, 21 Mar 2025 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/conduent-safepay-ransomware-25m-breach/https://zerotolerance.me/cyberthreats/conduent-safepay-ransomware-25m-breach/SafePay ransomware operators spent 84 days inside Conduent's network, exfiltrating 8.5TB of data affecting 25M+ Americans across 30+ states.Mon, 13 Jan 2025 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/trizetto-cognizant-healthcare-breach-2025/https://zerotolerance.me/cyberthreats/trizetto-cognizant-healthcare-breach-2025/An unauthorized actor accessed TriZetto's eligibility verification portal for 11 months, stealing SSNs and medical data belonging to 3.4M patients.Fri, 06 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/glassworm-supply-chain-campaign-2026/https://zerotolerance.me/cyberthreats/glassworm-supply-chain-campaign-2026/A Russian-speaking actor deployed GlassWorm across 433 components in four developer ecosystems using invisible Unicode payloads and Solana blockchain C2.Tue, 31 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/infinite-campus-shinyhunters-k12-breach/https://zerotolerance.me/cyberthreats/infinite-campus-shinyhunters-k12-breach/ShinyHunters vished an Infinite Campus employee, bypassed MFA in real time, and exported Salesforce customer directory data in a 10-minute attack window.Wed, 18 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/crunchyroll-telus-okta-shinyhunters-breach/https://zerotolerance.me/cyberthreats/crunchyroll-telus-okta-shinyhunters-breach/A phishing email delivered infostealer malware to a TELUS Digital support agent in India, capturing Okta SSO credentials that unlocked Crunchyroll's.Thu, 12 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/lloyds-banking-group-api-race-condition-data-exposure/https://zerotolerance.me/cyberthreats/lloyds-banking-group-api-race-condition-data-exposure/A software defect in an overnight API update broke transaction isolation across Lloyds, Halifax, and Bank of Scotland mobile apps for 4 hours and 40.Thu, 12 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/uk-companies-house-webfiling-broken-access-control/https://zerotolerance.me/cyberthreats/uk-companies-house-webfiling-broken-access-control/A broken access control flaw in the Companies House WebFiling service - introduced during the October 2025 GOV.UK One Login migration.Fri, 13 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/aura-identity-protection-shinyhunters-breach/https://zerotolerance.me/cyberthreats/aura-identity-protection-shinyhunters-breach/ShinyHunters vished an Aura employee, compromised their Okta SSO credentials, and exfiltrated 903,100 records from a legacy marketing platform inherited.Wed, 11 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/unc2814-gridtide-china-espionage-google-sheets-c2/https://zerotolerance.me/cyberthreats/unc2814-gridtide-china-espionage-google-sheets-c2/Google disrupted UNC2814, a suspected PRC espionage group that breached 53 telecoms and governments across 42 countries using Google Sheets as C2.Wed, 25 Feb 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/intoxalock-cyberattack-dui-interlock-devices-bricked/https://zerotolerance.me/cyberthreats/intoxalock-cyberattack-dui-interlock-devices-bricked/A cyberattack on Consumer Safety Technology disabled backend calibration systems for Intoxalock ignition interlock devices from March 14-22.Sat, 14 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/woflow-shinyhunters-supply-chain-breach-walmart-doordash-uber-deliveroo/https://zerotolerance.me/cyberthreats/woflow-shinyhunters-supply-chain-breach-walmart-doordash-uber-deliveroo/ShinyHunters breached Woflow, an AI merchant data platform serving as the data infrastructure layer for four major delivery/retail platforms.Tue, 03 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/apt-iran-lockheed-martin-375tb-fabrication/https://zerotolerance.me/cyberthreats/apt-iran-lockheed-martin-375tb-fabrication/Self-named hacktivist collective claims 375TB exfiltration from Lockheed Martin. Zero verified samples after 10 days. Separately, MOIS-backed Handala.Mon, 30 Mar 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/f5-big-ip-cve-2025-53521-rce-exploitation/https://zerotolerance.me/cyberthreats/f5-big-ip-cve-2025-53521-rce-exploitation/F5 reclassifies BIG-IP APM vulnerability CVE-2025-53521 from denial-of-service to unauthenticated RCE. Memory-resident webshells deployed.Mon, 30 Mar 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/voidstealer-chrome-abe-bypass-hardware-breakpoints/https://zerotolerance.me/cyberthreats/voidstealer-chrome-abe-bypass-hardware-breakpoints/VoidStealer is the first infostealer in the wild to bypass Chrome's Application-Bound Encryption without code injection or privilege escalation.Sun, 29 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/handala-fbi-director-patel-gmail-hack/https://zerotolerance.me/cyberthreats/handala-fbi-director-patel-gmail-hack/Iran's MOIS-backed Handala published 300+ emails and photos from FBI Director Kash Patel's personal Gmail. The account appeared in 11 prior data breaches.Sun, 29 Mar 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/teampcp-telnyx-pypi-wav-steganography/https://zerotolerance.me/cyberthreats/teampcp-telnyx-pypi-wav-steganography/TeamPCP backdoored the Telnyx Python SDK using credentials stolen during the LiteLLM compromise. Payloads hidden via WAV steganography. Quarantined in 6 hours.Sun, 29 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/european-commission-aws-shinyhunters-breach/https://zerotolerance.me/cyberthreats/european-commission-aws-shinyhunters-breach/Attackers compromised the Commission's AWS account hosting Europa.eu. ShinyHunters claim 350GB stolen including mail servers, databases, and contracts.Sun, 29 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/infiniti-stealer-macos-clickfix-nuitka/https://zerotolerance.me/cyberthreats/infiniti-stealer-macos-clickfix-nuitka/A new macOS stealer uses fake Cloudflare CAPTCHAs to trick users into pasting a curl command into Terminal. Steals Keychain, browser credentials.Sat, 28 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/darksword-ios-exploit-chain-saudi/https://zerotolerance.me/cyberthreats/darksword-ios-exploit-chain-saudi/A 6-vulnerability iOS exploit chain deploying three malware variants targeted users across Saudi Arabia, Turkey, Malaysia, and Ukraine.Thu, 26 Mar 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/infutor-676m-ssn-exposure/https://zerotolerance.me/cyberthreats/infutor-676m-ssn-exposure/Elasticsearch 8.15.2 with security explicitly disabled exposed 676M consumer records including full SSNs Mar 8, 2026 · 676M records.Sun, 08 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/telus-digital-shinyhunters-1pb/https://zerotolerance.me/cyberthreats/telus-digital-shinyhunters-1pb/ShinyHunters exfiltrated ~1PB from the US$2.7B Canadian BPO giant - FBI background checks, voice recordings, source code, AI training data.Wed, 11 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/interlock-cisco-fmc-cve-2026-20131/https://zerotolerance.me/cyberthreats/interlock-cisco-fmc-cve-2026-20131/Interlock ransomware exploited a Cisco FMC zero-day for 36 days before disclosure. Unauthenticated RCE as root. Also affects Cisco Security Cloud Control.Wed, 04 Mar 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/akzonobel-anubis-ransomware/https://zerotolerance.me/cyberthreats/akzonobel-anubis-ransomware/Dutch paint giant AkzoNobel confirmed breach of US site. Anubis ransomware exfiltrated 170,000 files including passport scans, financial records.Sun, 01 Mar 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/dragonforce-salford-city-college/https://zerotolerance.me/cyberthreats/dragonforce-salford-city-college/DragonForce ransomware cartel claims exfiltration of 256.92GB from one of Greater Manchester's largest FE colleges Mar 6, 2026.Fri, 06 Mar 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/muddywater-dindoor-fakeset-us-infrastructure/https://zerotolerance.me/cyberthreats/muddywater-dindoor-fakeset-us-infrastructure/Iran's MuddyWater embedded Deno-based and Python backdoors on a US bank, airport, and defense company weeks before US-Israeli strikes on Iran.Thu, 05 Mar 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/navia-benefit-solutions-bola-api-breach/https://zerotolerance.me/cyberthreats/navia-benefit-solutions-bola-api-breach/A BOLA flaw in Navia Benefit Solutions' API exposed 2.7 million benefit plan participants including HackerOne employees. Seven years of records.Thu, 26 Mar 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/nasirsecurity-gulf-energy-supply-chain/https://zerotolerance.me/cyberthreats/nasirsecurity-gulf-energy-supply-chain/Pro-Iranian NasirSecurity claimed breaches of four Gulf energy firms. Resecurity traced the data to compromised supply chain vendors, not the majors.Thu, 26 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/litellm-teampcp-pypi-supply-chain/https://zerotolerance.me/cyberthreats/litellm-teampcp-pypi-supply-chain/TeamPCP backdoored LiteLLM on PyPI using credentials stolen from the Trivy compromise. 480M total downloads. .pth persistence infects all Python processes.Tue, 24 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/trivy-supply-chain-cve-2026-33634/https://zerotolerance.me/cyberthreats/trivy-supply-chain-cve-2026-33634/TeamPCP weaponized Aqua Security's Trivy scanner (CVE-2026-33634, CVSS 9.9), infecting 1,000+ cloud environments across five package ecosystems.Thu, 19 Mar 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/gcc-hacktivist-ddos-campaign-2026/https://zerotolerance.me/cyberthreats/gcc-hacktivist-ddos-campaign-2026/Coordinated hacktivist DDoS campaign triggered by US-Israeli strikes on Iran. 12 pro-Iranian and allied groups conducted 149 attacks against banks, airports.Sat, 28 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/cisco-sdwan-cve-2026-20127-uat8616/https://zerotolerance.me/cyberthreats/cisco-sdwan-cve-2026-20127-uat8616/Critical auth bypass in Cisco Catalyst SD-WAN exploited by APT UAT-8616 since 2023. CVSS 10.0. Five Eyes joint advisory. CISA emergency directive ED 26-03.Wed, 25 Feb 2026 00:00:00 GMTnation-statehttps://zerotolerance.me/cyberthreats/lexisnexis-hardcoded-password-breach/https://zerotolerance.me/cyberthreats/lexisnexis-hardcoded-password-breach/Threat actor FULCRUMSEC exploited CVE-2025-55182 to breach LexisNexis AWS infrastructure. 400K user profiles, 118 .gov accounts including 3 federal judges.Tue, 24 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/ummc-ransomware-35-clinics/https://zerotolerance.me/cyberthreats/ummc-ransomware-35-clinics/Ransomware attack shut down all 35 statewide clinics for 9 days. Mississippi's only Level 1 trauma center. Recovery expected to take weeks to months.Thu, 19 Feb 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/uae-ai-ransomware-campaign-2026/https://zerotolerance.me/cyberthreats/uae-ai-ransomware-campaign-2026/UAE Cybersecurity Council announced disruption of coordinated attacks involving AI-powered ransomware targeting national platforms.Sat, 21 Feb 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/ficoba-french-bank-registry-breach/https://zerotolerance.me/cyberthreats/ficoba-french-bank-registry-breach/Attacker used stolen civil servant credentials to access France's centralized registry of all bank accounts. 1.2M accounts including IBANs and tax IDs exposed.Wed, 18 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/chrome-zero-day-cve-2026-2441/https://zerotolerance.me/cyberthreats/chrome-zero-day-cve-2026-2441/Google patched a high-severity Chrome zero-day after confirming active exploitation. CSSFontFeatureValuesMap use-after-free affecting all Chromium browsers.Sun, 01 Feb 2026 00:00:00 GMTsupply-chainhttps://zerotolerance.me/cyberthreats/odido-shinyhunters-breach/https://zerotolerance.me/cyberthreats/odido-shinyhunters-breach/ShinyHunters social-engineered Odido's Salesforce CRM via phishing + vishing, scraping 6.5M individuals + 600K companies over 48 hours.Sun, 01 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/abu-dhabi-finance-week-passport-leak/https://zerotolerance.me/cyberthreats/abu-dhabi-finance-week-passport-leak/Passport scans of 700+ VIP attendees including former UK PM David Cameron, Binance CEO, hedge fund billionaires Feb 1, 2026.Sun, 01 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/acwa-power-inc-ransom-breach/https://zerotolerance.me/cyberthreats/acwa-power-inc-ransom-breach/INC Ransom exfiltrated 400GB from Saudi Arabia's largest private energy company - engineering drawings, financial records.Sun, 01 Feb 2026 00:00:00 GMTransomwarehttps://zerotolerance.me/cyberthreats/bahrain-nsa-email-exfiltration/https://zerotolerance.me/cyberthreats/bahrain-nsa-email-exfiltration/Three threat actors claimed 200GB from Bahrain's NSA email infrastructure in 8 months. ESIX 7.13. US Fifth Fleet and UK intelligence-sharing implications.Sun, 01 Feb 2026 00:00:00 GMTdata-breacheshttps://zerotolerance.me/cyberthreats/european-commission-mdm-breach/https://zerotolerance.me/cyberthreats/european-commission-mdm-breach/CERT-EU detected attack on the European Commission's MDM infrastructure. Staff names, phone numbers, emails exposed. Contained within 9 hours.Fri, 30 Jan 2026 00:00:00 GMTdata-breaches