Full List

Search

Recent Breaches

• E-Control Systems May 18, 2026 • [ ransomware, data-extortion, IoT ] The Gentlemen ransomware group publicly claimed responsibility for a data-extortion attack against E-Control Systems, a California-based IoT-powered wireless temperature-monitoring technology company, on May 18, 2026 and threatened to publish sensitive data unless negotiations began. Public reporting did not confirm encryption, deletion, operational disruption, or the specific data volume.
• GitHub May 18, 2026 • [ poisoned extension, data breach, internal repositories ] GitHub confirmed that attackers compromised an employee device through a poisoned Visual Studio Code extension and exfiltrated approximately 3,800 internal repositories. TeamPCP claimed responsibility and reportedly offered the stolen data for sale, while GitHub said customer repositories and external enterprise customer data were not impacted.
• Delano Public Schools May 18, 2026 • [ ransomware, network compromise, service disruption ] Delano Public Schools experienced a network compromise discovered after unauthorized activity caused ransom messages to print throughout the district. The district shut down internet access while experts tested systems and canceled classes on May 20, 2026. Public reporting did not confirm data theft or successful encryption.
• Koa Glass Co., Ltd. May 17, 2026 • [ ransomware, cyberattack, encryption ] Koa Glass Co., Ltd., a Japanese glass-container manufacturer, publicly reported on May 26, 2026 that some of its internal servers had been encrypted after a third-party ransomware cyberattack. The company said it was working with outside specialists to determine the cause, scope, and recovery path, and that it had not confirmed external data leakage at the time of disclosure. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.
• Advanced Diagnostic Imaging, P.C. d/b/a AdvancedHEALTH May 16, 2026 • [ data leak, ransomware, healthcare ] DragonForce listed AdvancedHEALTH on its leak site on May 16, 2026 and claimed to have stolen 390 GB of data, including 2.3 million lines of patient data, partner agreements, management, payroll, and HR files. Public reporting noted that AdvancedHEALTH had not confirmed the full scope of DragonForce's claim.
• THORChain May 15, 2026 • [ cryptocurrency theft, vulnerability exploit, private key reconstruction ] THORChain said a malicious newly churned node operator exploited a vulnerability in the GG20 threshold signature scheme on May 15, 2026, reconstructed a vault private key, and drained approximately $10.7 million from one vault across multiple blockchains. THORChain halted trading and signing operations as a defensive response after the exploit was identified. Public reporting did not identify the perpetrator by name or country.
• Salt Mobile SA May 15, 2026 • [ DDoS attack, service disruption, network security ] On May 15, 2026, Salt's fixed-line services in Switzerland were disrupted for about 40 minutes by an external distributed denial-of-service attack. Salt said technical teams activated protective measures and restored service; the mobile network was not affected.
• WholeHealth Chicago May 15, 2026 • [ data leak, PII, cyberattack ] Cmdorganization claimed responsibility for a cyberattack against WholeHealth Chicago on May 15, 2026. DataBreach later indexed 36,409 rows allegedly tied to the breach, including dates of birth, email addresses, phone numbers, and names. Public sources did not confirm file encryption, operational disruption, or a precise intrusion vector.
• Gas station operators May 15, 2026 • [ operational technology, critical infrastructure, cyberattack ] Iranian hackers reportedly accessed internet-connected automatic tank gauge systems at gas stations in multiple U.S. states. Automatic tank gauges are OT systems used to monitor physical fuel tanks, but reporting indicates the attackers altered displayed readings rather than changing actual fuel volumes or physically manipulating fuel operations.
• Chanhassen Dinner Theatres May 15, 2026 • [ cyberattack, operational disruption, system outage ] Chanhassen Dinner Theatres experienced a cyberattack affecting part of its computer network on May 15, 2026 and took systems offline while working with outside experts to restore operations. The incident disrupted internet, phone, customer-service, and operational functions and contributed to rescheduled or canceled performances, alongside a separate cast illness/norovirus disruption. Public reporting did not confirm encryption, data theft, a ransom demand, or a responsible actor.
• Raise the Bottom May 15, 2026 • [ substance use disorder treatment, addiction recovery, behavioral health services ] Raise the Bottom, an Idaho substance use disorder treatment organization, was listed in a breach involving 57,507 indexed rows. DataBreach identified exposed names, email addresses, and phone numbers; BreachSense attributed the breach to CMD and described Raise the Bottom as an Idaho-based addiction recovery, counseling, and behavioral health services provider.
• At least one node-ipc npm package users May 14, 2026 • [ supply chain attack, malicious package, credential theft ] Attackers abused a dormant node-ipc npm maintainer account, likely after re-registering an expired maintainer email domain, and published malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 on May 14, 2026. The packages contained an obfuscated credential-stealing payload that harvested developer and CI/CD secrets and exfiltrated them through DNS TXT queries.
• Murray County Government May 13, 2026 • [ cyberattack, government, service disruption ] Murray County, Georgia reported that a cyberattack hit the county government network, forcing several county offices to limit services or close until network systems were restored. The Tax Commissioner, Tax Assessor, Probate Court, and Juvenile Court offices were closed, while other county offices remained open with limited functionality; 911, public safety, and primary voting continued. Public reporting did not identify a threat actor, confirm ransomware or encryption, specify the technical mechanism, report data theft, or provide a final restoration date.
• RubyGems.org May 12, 2026 • [ malicious packages, supply chain attack, bot accounts ] RubyGems.org temporarily suspended new account registrations after threat actors used bot accounts to push more than 500 junk or malicious packages, including packages carrying exploits. Existing packages were not compromised, and gem installs and pushes for existing users were unaffected while maintainers tightened account-creation rate limiting and WAF protections.
• Boyne City, MI May 12, 2026 • [ cybersecurity incident, municipal computer network, utility bill payments ] Boyne City, Michigan reported a cybersecurity incident affecting limited portions of its municipal computer network and digital systems. The city worked with IT professionals and cybersecurity specialists to secure affected systems and notified the FBI. Later reporting said city computer systems were operating with limited functionality, online utility bill payments were temporarily disabled, account balance and payment history information was unavailable, the city could not accept utility payments in person, and utility late fees and shutoffs were waived during restoration. Public reporting did not identify a threat actor, confirm ransomware, specify the technical mechanism, report data theft, or confirm whether any data was compromised.
• Foxconn North American operations May 11, 2026 • [ cyberattack, data theft, operational disruption ] Nitrogen claimed responsibility for a cyberattack against Foxconn and alleged theft of roughly 8TB of data spanning more than 11 million files. Foxconn confirmed that some North American factories suffered a cyberattack and said affected factories were resuming normal production. Public reporting supports operational disruption and alleged large-scale data theft, but does not confirm file encryption, data destruction, or the specific disruption mechanism.
• Grafana Labs May 11, 2026 • [ source code leak, extortion, compromised credentials ] Grafana Labs confirmed that a cybercrime group used a compromised GitHub token to access its GitHub repositories and download its codebase and internal GitHub repository content. The attackers demanded ransom to prevent disclosure, but Grafana said customer production systems, Grafana Cloud, customer operations, customer data, and personal information from production systems were not compromised.
• Škoda Auto May 11, 2026 • [ data leak, vulnerability exploitation, unauthorized access ] Attackers exploited a vulnerability in koda Auto's online shop software and gained temporary unauthorized access to the shop system. koda said customer names, addresses, contact details, order details, account information, and password hashes may have been accessed, but credit card data was not stored in the system. The company took the online shop offline for containment, patched the vulnerability, reviewed security controls, notified authorities, and retained external forensic experts; the specific threat actor was not identified.
• Sistema Bancario Softbank May 11, 2026 • [ data leak, source code exposure, dark web ] Sistema Bancario Softbank was listed among the most severe Panamanian incidents in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 11, 2026 and described as compromising corporate and financial structures, with exposed data appearing in dark-web forums. Outside OSINT reporting attributed the leak to V0lt4r0x and referenced alleged source-code exposure for a Softbank banking system used in Latin America, but public reporting did not confirm the specific intrusion vector, encryption, data destruction, or operational disruption.
• Direction générale de la Comptabilité publique et du Trésor May 10, 2026 • [ cyberattack, data exfiltration, leak site ] Senegal's Direction gnrale de la Comptabilit publique et du Trsor reported an incident affecting part of its information systems beginning May 10, 2026 and activated continuity measures. Senegalese and cyber-specialist reporting later described the incident as a cyberattack, with AuditTeam claiming exfiltration of more than 70 GB of sensitive data and listing the target on a leak site. Public reporting did not confirm the full data set, final recovery date, or whether personal data was included.