Instructure
May 7, 2026
•[ vulnerability, page-alteration, threat actor ]
On May 7, 2026, ShinyHunters gained additional access through a second Canvas vulnerability and altered pages shown to some logged-in students and teachers. Instructure detected and disabled the page-alteration activity after approximately 10 minutes, took Canvas offline into maintenance mode to contain the incident, and later took Free-for-Teacher offline.
Cushman & Wakefield
May 3, 2026
•[ vishing, PII, data leak ]
Cushman & Wakefield confirmed a vishing-related security breach in May 2026 after ShinyHunters and Qilin separately listed the company. ShinyHunters claimed theft of more than 500,000 Salesforce records containing PII and internal corporate data and later reportedly published a 50GB Salesforce-linked dataset after negotiations failed. DataBreach indexed 2,198,033 rows associated with the breach. Public sources did not confirm encryption or operational disruption.
Empower Group
April 15, 2026
•[ data leak, personally identifiable information, finance ]
DragonForce reportedly claimed responsibility for a breach of Empower Group, a New York-based alternative financing provider, and claimed to have exfiltrated approximately 316GB of data. DataBreach later indexed 6,691,415 rows allegedly tied to the breach, including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public sources did not confirm file encryption or operational disruption.
Adelante Soluciones Financieras
March 1, 2026
•[ data leak, unauthorized access, PII ]
Addi identified unauthorized activity on its platform in March 2026 and advised customers that personal information may have been compromised. ShinyHunters later claimed responsibility and published a large trove of personal data allegedly obtained from Addi. DataBreach indexed 67,979,172 rows tied to the breach, while HIBP reported approximately 34 million exposed email addresses and credit-related data points. Public sources did not confirm encryption, data destruction, operational disruption, or a precise intrusion vector.
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
Undisclosed Southeast Asian conglomerate
July 1, 2025
•[ intrusion, data exfiltration, corporate data ]
The Osiris threat group conducted a prolonged intrusion against an undisclosed Southeast Asian conglomerate beginning in mid-2025, resulting in the exfiltration of large volumes of sensitive corporate and financial data. The incident is documented through security research and attacker leak site claims, without confirmation of ransomware encryption.
Undisclosed South Korean company 4
November 1, 2024
•[ watering hole, exploit, threat actor ]
Watering-hole campaign redirected visitors from financial industry websites to Lazarus-controlled exploit servers.
