Breaches

Breaches

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Breaches

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Breaches

West Pharmaceutical Services Hit by Ransomware, Systems Taken Offline Globally

West Pharmaceutical Services, a Pennsylvania-based pharmaceutical manufacturing giant, has confirmed a ransomware attack that disrupted operations across its global footprint after attackers exfiltrated data and deployed file-encrypting ransomware. The attack occurred on May 4 and prompted the company to proactively shut down and isolate affected on-premise infrastructure. In an SEC

Breaches

Instructure Pays ShinyHunters to Prevent 3.6TB Canvas Data Leak

Instructure, the company behind Canvas LMS — used by over 30 million educators and students across more than 8,000 institutions worldwide — has confirmed it reached a financial agreement with the ShinyHunters extortion group to prevent the release of stolen data from a recent breach. The company stated that ShinyHunters returned

Breaches

Former Ransomware Negotiators Pleads Guilty to Running BlackCat Attacks Against the Companies They Were Hired to Protect

Angelo Martino, a 41-year-old former ransomware negotiator at cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat (ALPHV) ransomware while simultaneously working as a negotiator supposedly helping victims resolve attacks. Martino is the third defendant to plead guilty in a case that exposes one

Breaches

Scattered Spider Member Pleads Guilty to Hacking Dozen Companies and Stealing $8 Million in Cryptocurrency

Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, has pleaded guilty in a California federal court to conspiracy to commit wire fraud and aggravated identity theft for his role in a hacking operation that breached at least twelve companies and stole $8 million in cryptocurrency from individual victims across the

Breaches

Vercel Breached via OAuth Supply Chain Attack — Attacker Bypassed MFA Without Stealing a Single Credential

A threat actor has breached Vercel's developer infrastructure through an identity supply chain attack that bypassed multi-factor authentication entirely — without stealing a single credential. The compromise, disclosed in April 2026, exploited a breached third-party OAuth integration to inherit valid Google Workspace sessions belonging to Vercel developers, representing a

Breaches

KelpDAO Loses $290 Million in Cross-Chain Exploit as Lazarus Group Indicators Emerge

Attackers have drained approximately $290 million from KelpDAO in one of the largest DeFi exploits of 2026, targeting the protocol's rsETH liquid restaking configuration through a sophisticated infrastructure-level attack that bypassed verification controls without compromising private keys or exploiting a direct protocol flaw. The attack targeted the RPC

Breaches

RedLine Infostealer Administrator Extradited to US, Faces Up to 20 Years for Running MaaS Infrastructure

The US Department of Justice has announced the extradition and first court appearance of Hambardzum Minasyan, an Armenian national accused of serving as an administrator of the RedLine infostealer malware operation. Minasyan appeared in a Texas court on Wednesday facing charges that carry up to 20 years in prison. According

Breaches

ShinyHunters Claims 100 High-Profile Victims in Salesforce Data Heist Using Modified Mandiant Tool to Exploit Experience Cloud Misconfigurations

The ShinyHunters extortion gang claims to have stolen data from approximately 100 high-profile companies — including Salesforce itself, Snowflake, Okta, LastPass, Sony, and AMD — in a months-long campaign exploiting misconfigured Salesforce Experience Cloud sites using a weaponized version of an open-source tool originally developed by Mandiant for defensive purposes. Salesforce confirmed

Breaches

FBI Investigates Breach of Internal Surveillance System Containing Wiretap Data and Investigation Subject PII

The FBI has disclosed to Congress that it is investigating a breach of an internal system containing sensitive surveillance data — including wiretap-related records and personally identifiable information on subjects of FBI investigations. The bureau began investigating abnormal log activity on February 17, 2026, and notified members of Congress this week.

Breaches

Iranian Drone Strikes Hit Three AWS Data Centers in UAE and Bahrain — First Kinetic Attacks on Major Cloud Infrastructure

Iranian drone strikes have physically damaged three Amazon Web Services data centers across the Middle East — two in the United Arab Emirates that were "directly struck" and a third in Bahrain damaged when a drone landed nearby — marking the first time a major cloud infrastructure provider has suffered