ВЗГЛЯД (Vzglyad)
May 9, 2026
•[ DDoS attack, cybersecurity, news media ]
The Russian news site reported a massive DDoS attack on the morning of May 9, 2026, detected at 9:45 Moscow time shortly before the Victory Day parade in Moscow. Technical staff and cybersecurity specialists said the main flow of junk traffic came from servers in the European Union, with peak loads from Germany and the Netherlands. Traffic filtering kept the site operational, with only a short slowdown in homepage updates.
Instructure
May 7, 2026
•[ vulnerability, page-alteration, threat actor ]
On May 7, 2026, ShinyHunters gained additional access through a second Canvas vulnerability and altered pages shown to some logged-in students and teachers. Instructure detected and disabled the page-alteration activity after approximately 10 minutes, took Canvas offline into maintenance mode to contain the incident, and later took Free-for-Teacher offline.
Powell Electronics
May 7, 2026
•[ data breach, Personally Identifiable Information (PII), extortion ]
PayoutsKING claimed responsibility for an attack on Powell Electronics and threatened to release sensitive data unless the company negotiated. DataBreach indexed 198,676 rows with names, email addresses, phone numbers, and street addresses. Later breach-notification reporting said Powell began notifying affected individuals that data including Social Security numbers and driver's license information had been accessed. Public reporting did not confirm encryption, data destruction, or attacker-caused operational disruption.
Nova Poshta
May 7, 2026
•[ DDoS attack, IT systems disruption, service availability ]
Nova Poshta reported a DDoS attack on its IT systems on May 7, 2026, warning users of minor temporary difficulties in company services. The company said the situation was under control, IT specialists were countering the attack, and backup service schemes had been activated.
Cushman & Wakefield
May 5, 2026
•[ vishing, extortion, data leak ]
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
Trellix
May 5, 2026
•[ source code leakage, unauthorized access, cyberattack ]
Trellix disclosed unauthorized access to a portion of its source code repository in May 2026. RansomHouse later claimed responsibility and published screenshots as proof of access. Trellix said it had found no evidence that its source-code release or distribution process was affected or that its source code had been exploited. Public reporting did not confirm encryption, data destruction, operational disruption, or customer data exposure.
Arbeitsgemeinschaft Wirtschaftlichkeitsprüfung Niedersachsen e.V. (Arwini)
May 5, 2026
•[ ransomware, data exfiltration, health information ]
Kairos ransomware actors attacked Arbeitsgemeinschaft Wirtschaftlichkeitsprfung Niedersachsen e.V. (Arwini), the prescription-review association for statutory health insurance prescriptions in Lower Saxony. Police confirmed Kairos was responsible, that ransomware was used to encrypt data, and that data exfiltration occurred. Potentially affected data included contact, health, and billing information for patients; more than 70,000 records may have been stolen, though the exact scope remained under investigation.
West Pharmaceutical Services
May 4, 2026
•[ ransomware, data exfiltration, encryption ]
West Pharmaceutical Services detected a ransomware intrusion on May 4, 2026. The company reported that attackers exfiltrated data and encrypted systems, prompting containment actions and disrupting manufacturing, shipping, and receiving operations across multiple global facilities. Public reporting did not identify the threat actor or specify the volume or type of exfiltrated data.
Braintrust
May 4, 2026
•[ unauthorized access, API keys, cloud security ]
Braintrust confirmed unauthorized access to an internal AWS account on May 4, 2026 that likely exposed customer org-level AI-provider API keys used to access cloud-based AI models. Braintrust locked down the compromised account, audited and restricted related systems, rotated internal secrets, and instructed customers to rotate affected keys.
Oriental Diamond Co., Ltd.
May 4, 2026
•[ ransomware, cyberattack, data leak ]
Oriental Diamond Co., Ltd. confirmed that on May 4, 2026 a third party used ransomware in a cyberattack against a company-managed server, encrypting system data and causing business stoppage. The company reported possible leakage of names, addresses, and phone numbers, said bank account, credit card, and My Number information were not included, and stated that it would stop using the VPN path identified as the intrusion route. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.
Cushman & Wakefield
May 3, 2026
•[ vishing, PII, data leak ]
Cushman & Wakefield confirmed a vishing-related security breach in May 2026 after ShinyHunters and Qilin separately listed the company. ShinyHunters claimed theft of more than 500,000 Salesforce records containing PII and internal corporate data and later reportedly published a 50GB Salesforce-linked dataset after negotiations failed. DataBreach indexed 2,198,033 rows associated with the breach. Public sources did not confirm encryption or operational disruption.
Red Radimagen
May 3, 2026
•[ data leak, health-sector, medical records ]
Red Radimagen was listed among the Panamanian health-sector entities directly affected by data exposure in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 3, 2026. Outside OSINT reporting attributed the Radimagen leak to ohmydays, linked the actor to Waxx Org., and referenced exposed medical or patient-related records from an unsecured server, but public reporting did not confirm encryption, data destruction, or operational disruption.
4VPS
May 2, 2026
•[ ransomware, infrastructure compromise, billing systems ]
4VPS disclosed on May 2, 2026 that an attack affected its website and billing systems. DataBreaches.net reported that The Gentlemen ransomware group later acknowledged that part of its own backend infrastructure had been compromised because some of it was hosted with 4VPS. Public reporting did not identify the attacker, the exact intrusion method, the total data volume, or the duration of service disruption.
Standard-Examiner
May 2, 2026
•[ ransomware, data leak, cyberattack ]
Qilin listed Standard-Examiner on its leak site on May 2, 2026 and claimed responsibility for a cyberattack, threatening to release sensitive data. Separate reporting noted earlier April production difficulties at the newspaper, but the Standard-Examiner had not publicly confirmed ransomware, data theft, or a connection between the printing disruption and Qilin's claim.
Government of Guam
May 2, 2026
•[ zero-day vulnerability, cyber incident response, website disruption ]
The Government of Guam activated its cyber incident response on May 2, 2026 after hackers exploited a critical zero-day vulnerability affecting globally used cPanel-hosted websites. Multiple GovGuam websites were disrupted, prompting a government-wide assessment and response. Officials said emergency services remained unaffected; public reporting did not identify the actor, confirm data theft, or quantify the disruption duration.
MiniMed Panamá
May 2, 2026
•[ data exposure, PII, plaintext credentials ]
MiniMed Panam was listed among the Panamanian health-sector platforms directly affected by data exposure in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 2, 2026, and outside OSINT reporting described roughly 400,000 exposed records associated with MiniMed, including a usersdata table with 74,233 records containing PII and plaintext credentials. Public reporting did not identify the threat actor, encryption, data destruction, or operational disruption.
Clínica Hospital Panamericano
May 2, 2026
•[ data leak, healthcare, patient database exposure ]
Ch-panamericana.com was listed among the Panamanian incidents in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The domain appears to correspond to Clnica Hospital Panamericano, a healthcare provider in Panam Oeste, and outside monitoring referenced alleged patient database exposure from ch-panamericano.com. The incident was dated May 2, 2026. Outside OSINT reporting linked the leak to ohmydays and Waxx Org., but public reporting did not confirm encryption, data destruction, or operational disruption.
webhostingnz.com
May 1, 2026
•[ API token compromise, authentication bypass, unauthorized access ]
A fullaccess API token was added to a cPanel account for webhostingnz.com server rosie.whsl206.com, giving an attacker control of the account for several hours. The client area and server login were unavailable for ~6hours, and the provider did not shut down the server. The incident is linked to the cPanel authentication bypass vulnerability (CVE202641940).
Reborn Gaming
April 30, 2026
•[ data breach, gaming, vulnerability ]
In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.
Canonical
April 30, 2026
•[ DDoS, hacktivism, service outage ]
A hacktivist group claimed responsibility for a distributed denialofservice attack that flooded Canonicals publicfacing infrastructure on 1May2026, causing Ubuntu website, package repositories and security API to become unavailable for over 24hours.
