This page collects WhisperX intelligence signals tagged #data-breach. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been discovered within the main.py source code, where sensitive usernames and passwords are embedded directly into the codebase as hardcoded credentials. This practice fundamentally exposes the system's most sensitive access points, leaving them completely unprotected if the reposi...
A critical security vulnerability has exposed full, unmasked credit card numbers in a payment processing API response. The flaw directly violates core PCI DSS requirements by transmitting sensitive cardholder data without protection, creating a severe risk of data exposure and potential financial fraud. The vulnerabil...
A critical security vulnerability has been discovered within a main.py file, exposing hardcoded usernames and passwords directly in the source code. This practice places sensitive authentication data within reach of anyone with access to the repository, creating a direct and severe risk of unauthorized system access an...
A critical security vulnerability has been exposed within the main.py source code: the presence of hardcoded credentials. This practice embeds sensitive usernames and passwords directly into the codebase, making them visible to anyone with repository access. The flaw creates a direct pathway for unauthorized system acc...
A critical security vulnerability has been exposed within the main.py source code file: the direct embedding of sensitive credentials. This practice, known as hardcoding, leaves usernames, passwords, and other authentication secrets plainly visible within the codebase. If the repository is compromised—whether through a...
A critical security audit has exposed 12 high-severity vulnerabilities within the `carespace-bug-tracker` npm dependencies, creating a direct attack vector for malicious actors. The presence of these known CVEs allows for potential exploitation leading to arbitrary code execution within the application or its CI/CD pip...
The QILIN ransomware operation has listed Ruiz Barbarin Arquitectos Slp—a Spanish architectural firm—among its claimed victims, according to a victim tracking report from RedPacket Security. The listing suggests the threat actors may have gained access to the firm's systems and potentially exfiltrated data, though the ...
The QILIN ransomware operation has publicly listed CAD-IT UK as its latest claimed victim, adding the UK-based engineering software solutions provider to its dark web leak site. The listing surfaced on threat intelligence channels, marking another escalation in the group's targeting of European technology and professio...
The Genesis ransomware operation has posted the American Board of Preventive Medicine to its dark web leak site, signaling a potential compromise of the medical certification organization. The listing appeared on RansomLook, a ransomware monitoring platform, marking the organization as the latest alleged target in an o...
The ShinyHunters ransomware group has listed Houghton Mifflin Harcourt Company on their dark web leak site, marking the educational publishing giant as a confirmed target of the threat actor. The posting suggests that data exfiltration may have occurred during the attack, though the full scope and nature of the comprom...
A threat actor operating under the alias "sinobi" has published an unverified claim alleging a ransomware attack against Neurotrials Research Inc, according to threat intelligence surfaced on dark web monitoring channels. The claim, which appeared on the intelligence platform Yazoul, remains classified as unverified, w...
A new ransomware actor identifying as "Lynx" has posted claims against two organizations on its dark web blog, signaling the emergence of a fresh threat in the ransomware landscape. The group's posts target funkychunky.com and csb-battery.com, though the extent of any alleged breach remains unverified at this stage. Se...
The ransomware-as-a-service group Qilin has posted a claim on a dark-web forum asserting that it obtained undisclosed data from Fogel Capital Management, a financial services firm. The claim, dated May 2026 according to the associated intelligence link, appeared on the social media platform Mastodon and remains unverif...
A threat actor operating under the alias "Akira" has reportedly claimed responsibility for a cyberattack against SDK Environmental, alleging the exfiltration of approximately 10 gigabytes of corporate data. The claim, currently unverified, surfaced on dark web channels and includes reference to sensitive internal docum...
INC Ransom has claimed responsibility for a ransomware attack targeting cmswpc.com, a U.S.-based entity, allegedly resulting in the exfiltration of complete patient medical records. The threat actor group, known for targeting healthcare organizations and other critical infrastructure, posted the claim on known dark web...
The ransomware-as-a-service group Qilin has reportedly posted about Exco Technologies, a Canadian industrial extrusion machinery manufacturer, on a dark-web leak site linked to the threat actor. The post, detected via threat intelligence monitoring feeds, signals a potential ransomware incident or data exfiltration tar...
A massive data breach has exposed the personal information of 275 million students across 9,000 schools, highlighting the systemic risk of concentrated vendor dependencies in the education sector. Cybersecurity researchers at Malwarebytes traced the attack to ShinyHunters, a threat actor known for large-scale data thef...
Instructure, the parent company of the Canvas learning platform, has confirmed two separate unauthorized intrusions within two weeks after the ShinyHunters extortion group claimed responsibility and set a pay-or-leak deadline for data allegedly belonging to more than 275 million students, teachers, and staff tied to ne...
Instructure, the Utah-based parent company of the Canvas learning management system, disclosed that it reached an agreement with the ShinyHunters cybercrime group following a network breach that exposed sensitive data from thousands of educational institutions. The company confirmed the deal in an official update, stop...
The ransomware group Nitrogen has claimed responsibility for a significant cyberattack on Foxconn, asserting that Apple project files were part of its haul—estimated at 8 terabytes of data. The claim, if verified, would represent a serious breach of one of Apple's key manufacturing suppliers and raises immediate questi...