Breaches

Qilin Ransomware Gang Breaches Romania's National Oil Pipeline Operator Conpet, Claims 1TB Data Theft

Romania's national oil pipeline operator Conpet S.A. has confirmed that the Qilin ransomware group breached its corporate IT infrastructure and stole company data in an attack last week, marking another critical infrastructure target hit by the increasingly aggressive ransomware operation.

Conpet S.A. is a strategic company controlled by the Romanian Ministry of Energy, operating a 3,800 km pipeline network transporting crude oil, gas, and condensate across Romania.

Attack and Response

The company disclosed the incident the day after the breach, stating that while corporate IT systems were compromised, pipeline operations remained unaffected. Conpet is collaborating with the Romanian National Cyber Security Directorate (DNSC) on the investigation and says it cannot yet determine the full scope of data stolen.

Qilin's Claims

The Qilin ransomware gang claims to have exfiltrated nearly 1TB of documents from Conpet's systems. As proof of the breach, the group leaked a sample of 16 images of internal documents containing financial information and passport scans. Some documents are marked as confidential with dates as recent as November 2025 and include personal information — names, postal addresses, personal identification numbers, and bank account numbers.

Fraud Risk

Conpet warned that the compromised data may be exploited for fraudulent activities and advised potentially affected individuals to be wary of urgent requests over phone, email, or other channels. The company noted that scammers frequently impersonate employees of well-known organizations to extract personal and financial information.

Recommendation

Organizations in the energy and critical infrastructure sector should monitor for Qilin ransomware TTPs, which have escalated significantly in 2025-2026 with the group targeting healthcare, government, and now energy infrastructure. The operational technology and pipeline systems reportedly remained unaffected in this incident, but the breach of corporate IT containing sensitive personnel and financial data presents significant downstream risk. Verify any communications purporting to come from Conpet through official channels only.

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version