BreachNews | Data Breach News & Threat Intelligence

Check Point Headquarters in Redwood City, CA.

Check Point says attackers have exploited CVE-2026-50751 since May, with one intrusion linked to a Qilin ransomware affiliate.

ShinyHunters Linked to Active Exploitation of Oracle PeopleSoft Zero-Day Affecting Universities

by m00s3c

June 13, 2026

Researchers have linked ShinyHunters to active exploitation of a critical Oracle PeopleSoft vulnerability affecting universities and other organizations.

Screenshot of a forum post claiming the release of a database allegedly belonging to Gastroenterology & Hepatology of CNY and Digestive Disease Center of CNY, listing purported patient, diagnosis, medication, pathology, and Social Security number record counts.

Alleged CNY Leak Includes 1 Million Diagnoses and 167,000 Patient Records

by m00s3c

June 12, 2026

A forum user claims to have released a database allegedly stolen from Gastroenterology & Hepatology of CNY and Digestive Disease Center of CNY containing patient...

Cybercrime forum post claiming unauthorized access to NASA web infrastructure, alleging exposure of unpublished content records, NASA and JPL email addresses, internal mailing lists, and development systems.

Forum User Claims NASA WordPress Endpoint Exposed 3,970 Draft Content Records

by m00s3c

June 11, 2026

A forum user claims access to NASA systems, alleging exposure of unpublished content, employee emails, mailing lists, and internal infrastructure data.

Handala blog post claiming cyberattack against California water infrastructure

Handala Claims Cyberattack on California Water Infrastructure

by m00s3c

June 11, 2026

Handala claims it breached California water infrastructure and released alleged proof-of-access material, customer data samples, and utility system screenshots.

Forum post advertising the alleged sale of data from Wiyak.com, showing claims of access to user, driver, transaction, and location information alongside screenshots of database records and attached file listings.

Wiyak Allegedly Breached as Full Customer and Driver Database Offered for Sale

by m00s3c

June 11, 2026

A cybercrime forum listing claims to offer Wiyak's full database, allegedly exposing customer records, driver information, trip histories, transaction data, and location records.

Screenshot of a cybercrime forum post advertising the alleged sale of Dynatrace internal GitHub organization data. The listing claims access to 246 repositories obtained through a developer personal access token and references infrastructure topology, CI/CD systems, Kubernetes management, cloud infrastructure, employee information, and deployment tooling. BreachNews redacted contact information, sample links, and other sensitive details.

Threat Actor Claims Sale of Dynatrace Internal GitHub Repositories

by m00s3c

June 10, 2026

A cybercrime forum listing claims to offer hundreds of internal Dynatrace repositories containing infrastructure, CI/CD, and operational intelligence.

Screenshot of a forum post titled "Wickr Enterprise Admin API Access - Internal Infrastructure Proof." The post claims access to Wickr Enterprise administrative infrastructure and includes an alleged internal API response showing AWS related service references and administrative endpoint information. Sensitive credentials and infrastructure details have been redacted.

Threat Actor Claims Alleged Wickr Enterprise Admin API Access

by m00s3c

June 10, 2026

A cybercrime forum account claims alleged access to a Wickr Enterprise Admin API, though the available evidence remains limited and unverified.

Screenshot of the ShinyHunters data leak site displaying an alleged University of Nottingham dataset. The listing claims more than 40 GB of data from the university and its Malaysia and China campuses, including billing records, payment information, student finance data, and campus portal exports. The entry shows a SHA-256 checksum, a compressed archive size exceeding 19 GB, an update date of 10 June 2026, and a download button.

ShinyHunters Claims University of Nottingham Breach Affecting Multiple Campuses

by m00s3c

June 10, 2026

ShinyHunters claims to possess more than 40GB of alleged University of Nottingham data, including financial and student records from multiple campuses.

Screenshot of a cybercrime forum post in which a threat actor claims to be selling a database allegedly stolen from the Healthcare Financial Management Association (HFMA). The post claims more than 200,000 records were compromised and includes redacted samples described as sponsor contact lists and board member email directories.

HFMA Allegedly Breached as Threat Actor Claims Sale of 200K Records

by m00s3c

June 9, 2026

A threat actor claims to be selling 200,000 HFMA records after an alleged failed extortion attempt, though the breach remains unverified.

Evanston Township High School Closes Campus Following Confirmed Ransomware Attack

by m00s3c

June 9, 2026

Evanston Township High School canceled summer programs and closed campus after a ransomware attack disrupted critical systems, prompting an FBI-assisted recovery effort.