Region: us
All items tagged us.
- Xsolis healthcare-AI vendor breach exposes 1.4M patients across seven US health systems — third-party processor pattern
- UPDATE: 8x8 confirms Klue/Icarus Salesforce exfiltration in an SEC 8-K Item 1.05 filing
- Klue / Icarus — one dormant integration credential cascades into multi-tenant Salesforce CRM theft
- Public administration — named European institutions and government data in the firing line
- Healthcare — third-party exposure and a 16-month notification gap
- Threat actor: INC ransomware's Rust rewrite and BYOVD evolution
- Texas Parks & Wildlife: 3.08M licence holders exposed via an unnamed third-party vendor — with a public-vs-AG-filing SSN contradiction
- Amazon's One Medical confirms a legacy-storage breach; ShinyHunters' 8.8TB claim is unverified and its deadline expires today `[SINGLE-SOURCE]`
- UPDATE: Klue OAuth-token breach — victim list grows, CRM-API abuse chain detailed
- Nintendo employee data stolen from third-party HR-survey SaaS (TinyPulse), not Nintendo's own systems
- Kodak confirms breach after ShinyHunters leak-site listing; June 18 deadline passed without publication
- Icarus extortion group turns a dormant Klue credential into bulk Salesforce CRM theft across customers
- iRhythm discloses data theft via social engineering of a third-party-hosted application (SEC 8-K) [SINGLE-SOURCE]
- Handala breaches California Water Service through an internet-exposed RTKBase GNSS platform — billing PII for ~2M customers leaked, no OT access
- UPDATE: FBI "Operation Ghost Hook" seizes the Outsider PhaaS infrastructure Google had sued
- Maine breach-notification portal hoax — fraudulent filings against VRChat and Discord, then the portal goes dark
- Law-enforcement follow-through — Conti loader developer pleads guilty, AudiA6 laundering service dismantled
- CISA replaces the flat KEV 14-day rule with risk-tiered remediation (BOD 26-04)
- Conti loader developer Oleksii Lytvynenko pleads guilty in US federal court after extradition from Ireland
- UPDATE: Maine AG takes its breach-notification portal offline after confirming the VRChat/Discord filings were a hoax
- AudiA6 ransomware crypto-laundering service dismantled — two charged, Switzerland among the participating countries
- CISA replaces the KEV 14-day rule: BOD 26-04 introduces risk-tiered remediation with a 3-day class for the worst exposures
- [SINGLE-SOURCE] Maine's breach-notification portal abused for fraudulent filings against VRChat and Discord — both companies deny any breach
- Healthcare — HIPAA breach + healthcare supply-chain exposure
- Finance / payments — Stripe-abusing Magecart and OFAC Iran sanctions
- Luna Moth / UNC3753: vishing-to-physical-USB data-theft extortion reaches ~$20 M suppression payment and DNS fast-flux C2
- ShinyHunters — DentaQuest: 234 GB HIPAA claims data published after ransom refusal, 2.6 M Medicaid and dental-benefit records
- UPDATE: ShinyHunters extortion campaign adds DentaQuest — 234 GB published after refusal to pay, 2.6 M dental-benefit records exposed
- OFAC sanctions Nobitex and three Iranian exchanges as conduits for IRGC-affiliated ransomware proceeds
- UPDATE: ShinyHunters publishes the Charter Communications dataset after ransom refusal
- PostHog rotates all AWS credentials after researcher-confirmed cloud exploit; EU and US clouds degraded
- California AG sues former 23andMe (Chrome Holding Co.) over the 2023 genetic-data breach — bulk-enumeration coding error plus absent credential-stuffing defences
- Carnival Corporation confirms 5.99 M-record ShinyHunters breach — passport + driver's-licence numbers exposed across four cruise brands
- FBI FLASH CSA 260526 — Silent Ransom Group sends operatives physically into US law-firm offices to insert USB exfiltration devices when remote social engineering fails
- Iran MOIS attributed to LACMTA destructive breach via "Ababil of Minab" hacktivist front — 700 GB exfiltrated, backups and VMs deliberately destroyed
- UPDATE: ShinyHunters Salesforce campaign — Charter and 7-Eleven both confirm; 7-Eleven count put at ~185,000 affected
- UPDATE: Nimbus Manticore (UNC1549 / Screening Serpens) — Check Point details MiniFast backdoor, Zoom-task hijacking and SEO-poisoning delivery
- UPDATE: ShinyHunters lists Charter Communications (Spectrum) — telco victim in the Salesforce-credential campaign
- ShinyHunters Salesforce-credential extortion — three named victims confirmed across the week, capped by Carnival's 5.99M-record disclosure
- Transport — Iran-MOIS destructive breach against LACMTA with deliberate backup and VM destruction
- ShinyHunters Salesforce campaign — 40+ listed victims; Canada Life and Pitney Bowes confirm; the BreachForums extortion channel was previously seized
- Data-protection enforcement converges on a health-data controls floor — CNIL fines IQVIA €5M; California AG sues over 23andMe
- Kimwolf / "Dort" DDoS-for-hire operator arrested — 30+ Tbps IoT botnet, U.S. DoD-range targeting, AISURU variant
- UPDATE: West Pharmaceutical Services — 8-K/A confirms full operational restoration, data investigation ongoing
- B1ack's Stash carding marketplace publicly releases 4.6M card records — SOCRadar attributes collection to e-skimming and phishing; not confirmed by issuing banks
- Microsoft DCU disrupts Fox Tempest malware-signing-as-a-service feeding Rhysida, INC, Qilin and Akira ransomware operations
- CISA contractor (Nightwing) exposed AWS GovCloud admin keys and internal credentials in public GitHub repo for ~6 months
- 7-Eleven confirms ShinyHunters breach of 600,000+ Salesforce franchise-application records — same campaign as Instructure, Vimeo, Wynn Resorts, Vercel, Medtronic
- Canvas / Instructure extortion — ransom paid, US House investigation, second-intrusion vulnerability re-exploited
- Manufacturing
- Hospitality
- Foxconn — Nitrogen ransomware confirmed against North-American manufacturing sites
- BWH Hotels — 181-day unauthorised access to guest-reservation web application
- West Pharmaceutical Services — SEC Form 8-K Item 1.05 [SINGLE-SOURCE-OTHER]
- Canvas / Instructure — ShinyHunters / WorldLeaks ransom-paid, US House investigation
- CISA Emergency Directive ED-26-03 — Cisco Catalyst SD-WAN
- BKA arrests Dream Market lead administrator "Speedstepper" in Germany — cryptocurrency-to-physical-gold OPSEC failure after seven years at large
- Foxconn confirms Nitrogen ransomware crippled North-American manufacturing sites; 8 TB / 11M files claimed
- UPDATE: Instructure Canvas — US House Homeland Security Committee opens formal investigation; Instructure paid ransom
- [SINGLE-SOURCE-OTHER] West Pharmaceutical Services files SEC Form 8-K Item 1.05 — data exfiltrated, systems encrypted, global operations partially restarted
- ShinyHunters / WorldLeaks — week-long cross-incident operator activity touching Inditex, Vimeo, ADT, and Instructure / Canvas
- MuddyWater (Iran / MOIS) Chaos ransomware false-flag + Teams BEC