📰 Cyber Feed Aggregator

💥 Breach

Latest Breach coverage curated from trusted cybersecurity sources.

• ANNOUNCE: A new resource to help small and mid-sized HIPAA-regulated entities
  DataBreaches.Net — Mon, 15 Dec 2025 12:00:07 +0000

  DataBreaches.net has a long-standing policy of not promoting commercial enterprises. This post is a well-deserved exception. A new consultancy provides expert advice and support to help small and mid-sized healthcare entities comply with HIPAA privacy, security, and breach notification requirements. North Country...

• Askul says 740,000 sets of data breached in cyberattack
  DataBreaches.Net — Sun, 14 Dec 2025 13:56:06 +0000

  The Japan Times reports: Japanese office supplies retailer Askul said that a ransomware cyberattack discovered in October led to the leakage of about 740,000 sets of data concerning its individual customers, corporate clients and employees. Of the total, about 590,000 sets of data were linked to its office supplies...

• Google and Apple roll out emergency security updates after zero-day attacks
  DataBreaches.Net — Sat, 13 Dec 2025 00:52:19 +0000

  Lorenzo Franceschi-Bicchierai reports: Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively...

• Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data
  DataBreaches.Net — Fri, 12 Dec 2025 23:40:23 +0000

  David Gilbert reports: When a privacy specialist at the legal response operations center of Charter Communications received an emergency data request via email on September 4 from Officer Jason Corse of the Jacksonville Sheriff’s Office, it took her just minutes to respond, with the name, home address, phone...

• Virginia Urology Silent on Possible Data Breach as Purported Patient Data Begins to Leak
  DataBreaches.Net — Fri, 12 Dec 2025 21:27:36 +0000

  There are various reasons entities may not want to disclose a data breach or respond to journalists’ inquiries. But when entities do not disclose a breach or deny it, and they do not respond to inquiries, they risk threat actors controlling the narrative. And if threat actors control the narrative, the entity may...

• Streamlit: The Tip of The Shadow AI Iceberg | UpGuard
  UpGuard Data Breach Research — Tue, 09 Dec 2025 23:19:01 GMT

  Tens of thousands of AI-enabled web applications using the Streamlit framework are publicly available, exposing PII and other confidential data.

• KinoKong - 817,808 breached accounts
  Have I Been Pwned latest breaches — Sat, 06 Dec 2025 08:13:57 Z

  In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

• Zilvia.net - 287,863 breached accounts
  Have I Been Pwned latest breaches — Mon, 01 Dec 2025 07:34:16 Z

  In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident...

• China Software Developer Network - 6,414,990 breached accounts
  Have I Been Pwned latest breaches — Thu, 27 Nov 2025 05:49:56 Z

  In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.

• CodeStepByStep - 103,077 breached accounts
  Have I Been Pwned latest breaches — Sun, 23 Nov 2025 05:54:02 Z

  In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.

• ADDA - 1,829,314 breached accounts
  Have I Been Pwned latest breaches — Sun, 23 Nov 2025 01:16:58 Z

  In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.

• Identifying Companies Affected by the Shai-Hulud NPM Supply Chain Attack | UpGuard
  UpGuard Data Breach Research — Fri, 24 Oct 2025 04:08:27 GMT

  Using Github event archives, UpGuard Research identifies companies with indicators of compromise of the Shai-Hulud attacks, even after the repos have been deleted.

• Unclaimed Property: How an Unknown Entity Exposed Indian Banking Information | UpGuard
  UpGuard Data Breach Research — Fri, 26 Sep 2025 16:05:20 GMT

  UpGuard discovered a rapidly growing data leak of bank accounts in India– and no one to take responsibility for it.

• Traffic Patterns: The Leakzone Part 2 | UpGuard
  UpGuard Data Breach Research — Tue, 12 Aug 2025 23:13:57 GMT

  UpGuard analyzes the universities, governments, and private companies mentioned in the access logs of hacker forum Leakzone.

• Insufficient Coverage: WorkCycle, Langflow, and TPL | UpGuard
  UpGuard Data Breach Research — Tue, 12 Aug 2025 16:00:01 GMT

  UpGuard can now report that we have secured a Langflow instance leaking data for around 97,000 insurance customers in Pakistan.

• Snowflake
  Public Cloud Security Breaches — Sun, 30 Jun 2024 11:08:05 -0400

  In the spring of 2024, a number of Snowflake customers suffered data breaches when cybercriminals announced they had data sets from high-profile customers like TicketMaster, LendingTree, Neiman Marcus, and Santander. While Snowflake & Mandiant found no evidence their cloud offering was compromised, these incidents...

• Football Australia
  Public Cloud Security Breaches — Mon, 05 Feb 2024 07:27:16 -0500

  Football Australia, the national governing authority for the sport, embedded an AWS Access Key in their website that granted access to 126 S3 Buckets containing sensitive information for players and fans.

• Microsoft (Midnight Blizzard)
  Public Cloud Security Breaches — Sat, 20 Jan 2024 20:14:38 -0500

  Leveraging an unused account, the Russian APT Midnight Blizzard was able to pivot into Microsoft’s corporate Office 365 to access the emails of key executives and cyber-security employees. Midnight Blizzard was searching for what information Microsoft knew about themselves.

• First Republic Bank
  Public Cloud Security Breaches — Wed, 13 Dec 2023 04:16:54 -0500

  In March 2020, a cloud engineer was terminated from First Republic Bank and subsequently accessed their AWS & GitHub environment to cause damage.

• Retool MFA
  Public Cloud Security Breaches — Fri, 10 Nov 2023 19:43:16 -0500

  An engineer at Retool fell victim to a social engineering attack that led to the compromise of an engineer’s MFA tokens and the account takeover of a small number of Retool customers.