Real-world breach coverage focused on exposed systems, business impact, detection patterns, third-party risk, and response lessons.
7-Eleven confirmed an unauthorized third party accessed systems used to store franchisee documents, discovered on April 8, 2026, with notices sent to affected individuals on May 1, 2026. ShinyHunters claimed responsibility and alleged access to hundreds of thousands of Salesforce records — but attacker claims and confirmed facts are two different things.
May 26, 2026OPEN CASEA reported compromise of the community-maintained Laravel Lang project introduced remote code execution backdoors into multiple Laravel localization packages. Malicious tags appeared across affected repositories on May 22 and May 23, 2026, with Composer's autoload mechanism enabling automatic execution at application startup.
On May 20, 2026, GitHub confirmed that an employee device was compromised through a poisoned Visual Studio Code extension, leading to unauthorized access to GitHub-internal repositories. Here is what was confirmed and what it means for every team that relies on developer tooling.
West Pharmaceutical Services confirmed a material cybersecurity incident in May 2026 involving data exfiltration and system encryption that disrupted global operations. This seven-level breakdown separates what is officially confirmed from what remains unknown.
Grafana Labs disclosed a security incident in which an unauthorized party obtained a GitHub token and downloaded part of the company's codebase. The attacker attempted extortion. Grafana Labs refused to pay and says there is no evidence that customer data or systems were affected.
Five months of breach data reveals that the biggest threat to most organizations is not a zero-day exploit - it is the trusted infrastructure already inside the perimeter: vendors, tokens, SaaS integrations, and machine identities.
In April 2026, a third-party breach exposed 197,400 Zara customer email addresses and commerce data. The ShinyHunters group reportedly used compromised Anodot tokens to access connected SaaS environments.
ShinyHunters claimed to have stolen 6.65 terabytes of data from nearly 9,000 schools using Canvas, then defaced login pages to pressure Instructure publicly. The incident reveals how centralized edtech platforms can become single points of failure, turning one exploited account tier into disruption for millions of students and teachers across thousands of institutions.
A threat actor claimed to have obtained around 150,000 records connected to Iberdrola customers and former customers, traced to Zirconite, one of the energy company's commercial partners. This is the breakdown of what happened and what it teaches about third-party breach risk in modern business ecosystems.
On May 1, 2026, Spanish energy company Naturgy confirmed that customer identifying, contractual, and banking data may have been exposed through unauthorized access to a supplier's database. The breach did not originate from Naturgy's own systems. Here is a full breakdown of what happened and what it reveals about third-party security risk.
A cyberattack hit Moldova's national health insurance authority, with officials disputing the scale. The agency called it limited. A senior cybersecurity official suggested up to one-third of the database may have been affected. No ransom was demanded, pointing toward data theft over extortion. Here is a full breakdown of what is confirmed, what is contested, and what it reveals.
Vimeo didn't get hacked directly. Their vendor did. The Anodot breach is a modern supply chain story where attackers bypassed perimeter defenses entirely by compromising a trusted analytics integration. Here is a full breakdown of what happened and what it reveals about third-party risk.
In March 2026, Checkmarx disclosed a supply chain incident involving malicious developer artifacts distributed through trusted third-party channels. What started as a poisoned package event expanded into credential theft risk, Docker image compromise, and GitHub repository data posted on the dark web.
ADT disclosed in April 2026 that attackers accessed customer names, phone numbers, home addresses, and in some cases partial Social Security numbers. ShinyHunters allegedly claimed responsibility and threatened to leak 10 million records. Here is what happened and what it reveals about modern identity-based attacks.
Vercel disclosed unauthorized access to internal systems originating from a compromised third-party AI tool's Google Workspace OAuth app. The incident points to a familiar and growing pattern modern breaches increasingly enter through delegated trust, not direct exploits.
Booking.com confirmed unauthorized access to customers' booking-related information including names, contact details, and reservation data. The decision to reset affected reservation PINs suggests the exposed data had operational value beyond simple contact records.
On April 13, 2026, Basic-Fit disclosed unauthorized access to its member-visit recording system. Around 1 million members across multiple countries had personal data and bank account details downloaded before containment. Here is what the facts tell us.
Rockstar confirmed a limited data breach tied to a third-party integration. The real story is not about dramatic hacking. It is about trusted SaaS connections, stolen tokens, and a familiar modern compromise pattern that affects any organization relying on cloud integrations.
An unauthorized actor exfiltrated files from Eurail's network in December 2025, affecting 308,777 people. The breach exposed identity documents, contact details, and potentially IBAN and health data across both commercial customers and DiscoverEU program participants.
A ransomware attack against ChipSoft, used by roughly 70% of Dutch hospitals, shows how centralized healthcare IT creates ecosystem-scale risk. When the vendor goes down, the whole network feels it.
Mercor has confirmed it was affected by a supply-chain attack involving LiteLLM, an open-source package widely used in AI workflows. This was not a simple one-company story. It shows how AI infrastructure has created a new kind of risk concentration - and what happens when a poisoned dependency sits close to secrets, cloud credentials, and proprietary model pipelines.
On March 24, 2026, the European Commission discovered a cyberattack on the cloud infrastructure hosting its Europa web presence. Data were likely taken. Internal systems were reportedly unaffected. Most of the questions that matter for defenders remain unanswered.
What happened, what probably happened, and what we still do not know
Healthcare data breaches have become one of the most damaging types of cyber incidents. Medical data is long-lived, deeply personal, and extremely valuable on criminal markets. When attackers compromise healthcare infrastructure, the effect...
In early 2026, Cloud Imperium Games, the studio behind Star Citizen, disclosed that attackers accessed internal systems containing player account information. The incident did not involve passwords or payment data, but it still exposed pers...
A layered analysis of how the incident happened and what it teaches about modern cloud security
In early 2026, European DIY marketplace ManoMano confirmed a large-scale data breach affecting roughly 38 million users.
The gaming world runs on more than boss fights and loot drops. Behind every login screen is a stack of servers, databases, payment processors, and analytics tools quietly doing their jobs.
When a company the size of CarGurus gets hit, the headline number grabs attention. In this case, it’s more than 12 million records. But the number alone doesn’t tell you much.
In late February 2026, the University of Mississippi Medical Center (UMMC), the state’s only academic medical center and a critical healthcare provider across Mississippi, was hit by a ransomware attack that disrupted large portions of its
In mid-February 2026, Washington Hotel, a well-known hotel chain in Japan, disclosed that it had been hit by a ransomware attack. The company reported that its corporate network was compromised on February 13. Internal business data was enc...
In early February 2026, Figure Technology, a publicly traded fintech company that uses blockchain infrastructure for lending and financial services, confirmed it suffered a significant data breach. The company stated that hackers accessed c...
In early February 2026, Dutch telecom provider Odido confirmed it had been hit by a cyberattack that exposed customer data.
Third-party breaches are no longer edge cases. They are the main event. The Conduent incident that exposed data tied to Volvo Group North America is a clean example of how one supplier compromise can ripple outward and quietly affect thousa...
In early February 2026, BridgePay Network Solutions began experiencing widespread service disruptions across its payment processing platform. Merchants, integrators, and some municipal payment systems reported failed transactions, offline p...
In early February 2026, La Sapienza University of Rome, one of the largest universities in Europe, abruptly shut down its entire network after a cyberattack crippled core IT systems. Websites went offline, student platforms stopped working,...
In early February 2026, users of Flickr, one of the internet’s long-standing photo-sharing platforms, received unexpected breach notification emails. Unlike the massive breaches we sometimes hear about, this incident was linked not to a dra...
In early 2026, Substack disclosed that it had experienced a data breach affecting user information. While the company confirmed that passwords and financial data were not compromised, the incident raised important questions about how the br...
What Happened and What It Teaches Us About Modern Ransomware
In January 2026, NationStates, a long-running browser-based political simulation game, confirmed a security breach that resulted in unauthorized access to its production server and the exposure of user account data.
In early 2026, Crunchbase, a private company intelligence platform, confirmed a data breach following claims by the ShinyHunters threat group. After a ransom demand was refused, attackers published stolen internal files reportedly containin...
A CyberLeveling Breach Anatomy Model Review
Ransomware attacks against local governments have become so common that headlines often blur together: “Municipality hit by cyberattack, services disrupted.”
In recent days, SegurCaixa Adeslas, one of Spain’s largest health and insurance providers, has confirmed a cybersecurity incident that resulted in the exposure of personal and financial data belonging to some of its policyholders. The incid...
In April 2025, Marks & Spencer, one of the UK’s most recognisable and trusted retailers, disclosed that it had suffered a ransomware-related cyber attack. What followed was weeks of operational disruption, confirmed data exposure, a major l...
Under Armour has confirmed it is investigating claims of a significant data breach after hackers posted what they allege are 72 million customer records online. While the company has stopped short of confirming the full scale of the inciden...
In January 2026, the Illinois Department of Human Services (IDHS) publicly disclosed a large-scale data exposure that affected more than 700,000 Illinois residents. While often referred to as a “data breach,” the incident was the result of
In early January 2026, the Victorian Department of Education confirmed a cybersecurity incident affecting government schools across Victoria, raising concerns among parents, students, and educators about the safety of student data. The brea...
In mid-January, two Belgian hospitals suddenly lost access to their digital nervous system. Servers were shut down. Surgeries were postponed. Critical patients were transferred elsewhere. The trigger was a cyber incident.
In late December 2025, New Zealand’s digital health sector faced one of its most serious privacy incidents to date when ManageMyHealth, a widely used patient portal, confirmed it had suffered a cyber breach. Because the platform is used by
Over the past few weeks, headlines have claimed that the European Space Agency (ESA) suffered a catastrophic cyberattack involving “Lapsus$ Hunters,” stolen spacecraft designs, and half a terabyte of sensitive mission data. Some of these cl...
Updated with verified reporting | January 15, 2026
In early January 2026, news broke of a major data breach at Gulshan Management Services, Inc., a business services company that operates convenience stores and gas stations in the United States. The incident has raised serious questions abo...
In early January 2026, a startling cybersecurity incident unfolded within the French immigration ecosystem that has raised serious concerns about the protection of highly sensitive personal data.
In January 2026, Energía XXI, the regulated electricity and gas supplier owned by Endesa, confirmed a cybersecurity breach affecting its commercial customer platform in Spain. While the incident did not involve passwords or service disrupti...
In late December 2025, Romania’s largest coal-based energy producer, Complexul Energetic Oltenia (CEO), became the target of a sophisticated cyberattack, highlighting the growing threat ransomware poses to critical infrastructure worldwide....