Organized Crime and Corruption Reporting Project (OCCRP)
January 12, 2026
•[ DDoS, botnet, distributed denial-of-service ]
OCCRP reported its website was targeted by a sophisticated distributed denial-of-service (DDoS) attack beginning on Monday and still ongoing as of January 13, 2026. The organization said the assault appeared to involve a large international botnet and adaptive tactics, suggesting a coordinated effort with a human element responding to defenses. Recent infrastructure upgrades reportedly prevented a complete outage; however, readers could experience slower access and additional verification steps designed to block automated traffic. OCCRP stated the source of the attack had not been identified and framed the incident as an attempt to make its investigative reporting inaccessible by overwhelming online services rather than compromising internal data systems.
Undisclosed Taiwanese healthcare organization #5
January 12, 2026
•[ ransomware, cyber intrusion, data exfiltration ]
The CrazyHunter ransomware group conducted a cyber intrusion against a healthcare organization in Taiwan by exploiting application-layer access, resulting in unauthorized access and data exfiltration. Security reporting confirms the victim as one of multiple Taiwanese healthcare entities affected, though specific organizational details were not publicly disclosed.
Target
January 12, 2026
•[ data leak, source code theft, internal documentation ]
BleepingComputer reported that multiple current and former Target employees confirmed that source code and documentation posted online by a threat actor match real internal systems. Employees cited internal system names, platform references, and CI/CD tooling elements in the leaked sample that aligned with Targets development environment, and an internal communication referenced an accelerated security change restricting access to Targets Enterprise Git server shortly after the outlet contacted the company. The incident as described involves alleged theft and publication of internal repositories and development documentation rather than an outage or consumer-facing service disruption.
Bruno Fernandes?s X account
January 12, 2026
•[ account takeover, hacking, social media breach ]
Manchester United confirmed that captain Bruno Fernandes X account was hacked after a burst of bizarre posts and messages appeared. The club urged supporters not to engage with any posts or direct messages while access was being restored. Screenshots shared online showed the attacker posting inflammatory jokes and comments, including criticism of INEOS, the company that co-owns the club recently.
Congressional Staff email platform
January 11, 2026
•[ cyber intrusion, state-backed hacking, email compromise ]
TechStory reported that a cyber intrusion linked to the China-associated group known as Salt Typhoon compromised email systems used by staff supporting multiple powerful U.S. House committees (including foreign affairs, intelligence, and defense-related panels). The report said the intrusions were detected in December 2025, but investigators were still determining how long access persisted, what data was viewed or extracted, and whether any lawmakers personal accounts were affected. U.S. agencies and House offices were described as offering limited public comment while investigations continued, and China was reported as denying allegations of state-backed hacking.
Langley Twigg Law
January 11, 2026
•[ cyberattack, data breach, malware ]
Langley Twigg Law (Napier, New Zealand) stated it was hit by a cyberattack on January 11, 2026. The firm said digital forensics and cyber specialists confirmed a malicious third-party launched a virus on its IT network, which was not protected by its cybersecurity software at the time. The firm reported the attacker extracted a portion of data from its file server containing internal operational information and some client documents. Langley Twigg said it disconnected its network from the internet, notified the Privacy Commissioner and police, and was working to determine exactly what information was affected before contacting impacted clients.
American Vanguard
January 10, 2026
•[ data leak, data exfiltration, unauthorized access ]
The Osiris threat group gained unauthorized access to American Vanguard systems in early January 2026 and exfiltrated corporate and financial data. Security reporting and attacker leak listings indicate data theft, though no explicit confirmation of file encryption was reported. Operational impacts appear linked to incident response and remediation activities.
Eurail
January 10, 2026
•[ security breach, data leak, unauthorized access ]
Eurail B.V. (also operating as Interrail) confirmed a security breach that resulted in unauthorized access to customer data. Eurail/Interrail publicly posted notice on January 10, 2026 and began emailing affected customers on January 13, 2026, with the investigation described as ongoing. The companys early review stated that impacted data may include customer order and reservation information along with basic identity and contact details. Where provided, it may also include passport information such as passport number, country of issuance, and expiry date, particularly for customers who received passes through the DiscoverEU program. The report also referenced exposure of bank details and advised customers to remain vigilant for fraud attempts while Eurail monitored for misuse and notified data protection authorities.
Nissan Motor Corporation (Nissan Motor Co., Ltd.)
January 10, 2026
•[ ransomware, data leak, extortion ]
HackRead reported that the Everest ransomware group claimed it breached Nissan Motor Corporation and stole about 900GB of internal data. The article said the group posted the allegation on its leak site on January 10, 2026 and shared screenshots and directory listings suggesting access to internal operational documents, data extracts, and dealership-related records. Everest reportedly threatened to publish the data if Nissan did not respond within a set timeframe. Nissan had not publicly confirmed the claim at the time of reporting.
Betterment
January 9, 2026
•[ social engineering, phishing, data leak ]
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.
Betterment
January 9, 2026
•[ social engineering, data leak, phishing ]
TechCrunch reported that Betterment confirmed hackers accessed some of its systems on January 9, 2026 through a social engineering attack involving third-party platforms used for marketing and operations. Betterment said the attackers accessed customer personal information including names, email and postal addresses, phone numbers, and dates of birth, and used that access to send fraudulent scam notifications to users. The company said it detected and revoked unauthorized access the same day, launched an investigation with external help, and stated its ongoing investigation indicated no customer accounts were accessed and no passwords or login credentials were compromised. Betterment did not disclose how many customers were affected.
Sri Lanka's Public Security Ministry
January 9, 2026
•[ unauthorized access, website compromise, content manipulation ]
Sri Lankas Criminal Investigation Department opened an inquiry after the official website of the Ministry of Public Security showed multiple incidents of abnormal activity consistent with unauthorized access. Police indicated the site may have been compromised and said investigators were working to determine the source and extent of the intrusion. Reporting noted irregularities in how the national emblem was displayed during the affected period, suggesting possible content manipulation. Sri Lanka CERT and the Information and Communication Technology Agency reportedly took steps to restore the website and reinforce security controls while the investigation proceeded.
Apex Legends
January 9, 2026
•[ security incident, account hijacking, gameplay disruption ]
BleepingComputer reported that Apex Legends players experienced a security incident over the weekend beginning at least January 9, 2026, where an external actor hijacked player characters during live matches, attempted to move characters off-map, disconnected players, and altered nicknames. Respawn publicly acknowledged an active security incident and stated that its initial investigation found no evidence that the bad actor could install or execute code (i.e., no RCE/injection) and did not frame the incident as a malware infection. The primary confirmed impact described is disruption of gameplay integrity and player sessions during live matches.
Free Speech Union (FSU)
January 9, 2026
•[ data leak, hacktivism, donor exposure ]
Cybernews reported that the UK-based Free Speech Union (FSU) was hacked by trans activists and that the names of people who donated 50 or more were publicly listed online. The dataset was made available via Distributed Denial of Secrets (DDoSecrets). The article frames the attack as politically motivated (protest/ideological retaliation) and describes the outcome as exposure of supporter identities; it does not confirm the full set of leaked fields beyond donor names and the donation-threshold context, nor does it describe service disruption at the organization.
At least one organization in Southeastern Europe
January 8, 2026
•[ cyber espionage, vulnerability exploitation, SSH brute force ]
BleepingComputer reported on Cisco Talos research describing a sophisticated China-nexus actor tracked as UAT-7290 targeting telecommunications providers, historically in South Asia and recently expanded into Southeastern Europe. The group was described as conducting extensive reconnaissance and using one-day exploits plus target-specific SSH brute force to compromise public-facing edge devices for initial access and privilege escalation. Talos reported the actor deploys a primarily Linux-based malware suite (with occasional Windows implants) and establishes Operational Relay Box (ORB) infrastructure that can be used by other China-aligned threat actors. The report is campaign-level and does not enumerate a single named victim breach event date.
Undisclosed strategic advisory firm in the US
January 8, 2026
•[ spearphishing, QR codes, credential theft ]
An FBI flash alert described North Korea-linked Kimsuky (APT43) using spearphishing emails that contain QR codes to lure recipients to fake questionnaires, secure-drive links, or login pages, with the goal of stealing credentials or session tokens and hijacking cloud identities. The warning said the observed targeting includes U.S. organizations involved in North Korea policy/research/analysis such as NGOs, think tanks, academic institutions, strategic advisory firms, and government entities. The alert included examples (e.g., a June 2025 conference-invite lure) and explained that QR-driven flows can bypass traditional email controls by shifting the interaction to unmanaged mobile devices.
Cressi
January 8, 2026
•[ ransomware, data leak, leak site ]
Cybernews reported that the ransomware group Qilin claimed responsibility for an attack on Cressi, an Italian diving equipment manufacturer, by posting a ransom entry on its leak site on January 8, 2026. The report notes that at that stage it was unclear what data (if any) had been accessed or exfiltrated and that the group had not published data samples or set a countdown timer. As reported, the main confirmed indicator is the groups claim and listing on the leak site; independent confirmation of encryption, downtime, or data theft was not provided in the article.
At least one Telecom company in South Asia
January 8, 2026
•[ espionage, malware, threat intelligence ]
The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.
Truebit
January 8, 2026
•[ cryptocurrency theft, smart contract exploit, blockchain security ]
The Record reported that hackers stole more than $26 million in cryptocurrency from the Truebit platform on Thursday (January 8, 2026). Truebit said it became aware of a security incident involving one or more malicious actors and urged users not to interact with the affected smart contract. Blockchain security firms tracked 8,535 ETH taken (reported as about $26.44 million). The report frames the event as a major early-2026 crypto theft affecting Truebits on-chain assets, with ongoing law-enforcement contact and incident response actions mentioned, but without detailing the precise exploit mechanism in the article text provided.
Instagram
January 7, 2026
•[ data leak, scraping ]
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
