BreachNews | Data Breach News & Threat Intelligence

Screenshot of a cybercrime forum post advertising the alleged sale of Dynatrace internal GitHub organization data. The listing claims access to 246 repositories obtained through a developer personal access token and references infrastructure topology, CI/CD systems, Kubernetes management, cloud infrastructure, employee information, and deployment tooling. BreachNews redacted contact information, sample links, and other sensitive details.

A cybercrime forum listing claims to offer hundreds of internal Dynatrace repositories containing infrastructure, CI/CD, and operational intelligence.

Screenshot of a forum post titled "Wickr Enterprise Admin API Access - Internal Infrastructure Proof." The post claims access to Wickr Enterprise administrative infrastructure and includes an alleged internal API response showing AWS related service references and administrative endpoint information. Sensitive credentials and infrastructure details have been redacted.

Threat Actor Claims Alleged Wickr Enterprise Admin API Access

by m00s3c

June 10, 2026

A cybercrime forum account claims alleged access to a Wickr Enterprise Admin API, though the available evidence remains limited and unverified.

Screenshot of the ShinyHunters data leak site displaying an alleged University of Nottingham dataset. The listing claims more than 40 GB of data from the university and its Malaysia and China campuses, including billing records, payment information, student finance data, and campus portal exports. The entry shows a SHA-256 checksum, a compressed archive size exceeding 19 GB, an update date of 10 June 2026, and a download button.

ShinyHunters Claims University of Nottingham Breach Affecting Multiple Campuses

by m00s3c

June 10, 2026

ShinyHunters claims to possess more than 40GB of alleged University of Nottingham data, including financial and student records from multiple campuses.

Screenshot of a cybercrime forum post in which a threat actor claims to be selling a database allegedly stolen from the Healthcare Financial Management Association (HFMA). The post claims more than 200,000 records were compromised and includes redacted samples described as sponsor contact lists and board member email directories.

HFMA Allegedly Breached as Threat Actor Claims Sale of 200K Records

by m00s3c

June 9, 2026

A threat actor claims to be selling 200,000 HFMA records after an alleged failed extortion attempt, though the breach remains unverified.

Evanston Township High School Closes Campus Following Confirmed Ransomware Attack

by m00s3c

June 9, 2026

Evanston Township High School canceled summer programs and closed campus after a ransomware attack disrupted critical systems, prompting an FBI-assisted recovery effort.

Redacted screenshot from a cybercrime forum post in which a newly created account claims to be selling an alleged OkCupid dataset containing 20 million user records. The post references purported API access, a sample dataset, and session-related information. Sensitive details have been obscured by BreachNews.

Threat Actor Claims Sale of 20 Million Alleged OkCupid User Records

by m00s3c

June 9, 2026

A newly created forum account claims to be selling 20 million OkCupid records, though the alleged breach and API access remain unverified.

Redacted screenshot from a cybercrime forum post in which a threat actor claims access to a Fortinet SSL VPN environment allegedly associated with the Argentine Army. The image includes the Argentine Army emblem, screenshots of a VPN portal, and the actor’s description of purported internal network access capabilities. BreachNews has not independently verified the claim.

Threat Actor Claims Access to Argentine Army Fortinet SSL VPN Infrastructure

by m00s3c

June 7, 2026

A threat actor linked to Ecuador's electoral breach claims access to the Argentine Army's Fortinet SSL VPN, potentially enabling internal network compromise, though the claim...

Threat Actor Claims Sale of Alleged OfferUp Database Affecting Up to 25 Million Users

by m00s3c

June 6, 2026

A threat actor is selling an alleged OfferUp database containing up to 25 million user records, including account and authentication data, posing potential security risks...

Screenshot of a forum post advertising the Atlas Menu database. The post references a May 2026 breach of the GTA V and CS2 cheat service Atlas Menu and claims approximately 64,000 user records were exposed. The listing states the dataset contains email addresses, usernames, IP addresses, support ticket information, and bcrypt password hashes. Sample filenames are shown while the underlying data remains hidden behind a forum access restriction.

Atlas Menu Breach Exposes 64,000 GTA V and CS2 Cheat Service Users

by m00s3c

June 6, 2026

A data breach of Atlas Menu, a cheat service for GTA V and CS2, exposed 64,000 user accounts including emails, IPs, support tickets, and bcrypt-hashed...

Screenshot of a forum post claiming unauthorized access to Ecuador's National Electoral Council (CNE) systems. The post alleges full SSH access to internal infrastructure, compromise of the electoral registry database, exfiltration of 13.5 million voter records, and the ability to alter voter data. Several supporting screenshots and a network architecture diagram are included alongside a ransom demand.

Threat Actor Claims Access to Ecuador Electoral Registry Systems

by m00s3c

June 5, 2026

A threat actor claims to have accessed Ecuador's National Electoral Council systems, allegedly exfiltrating over 13.5 million voter records and threatening election infrastructure manipulation.

Miasma Supply Chain Attack Hits 57 npm Packages and AI Developer Tools

by m00s3c

June 4, 2026

A rapid Miasma supply chain attack compromised 57 npm packages and Microsoft GitHub repositories, targeting AI developer tools and stealing credentials to infiltrate cloud environments...

Eversource Confirms Data Breach After Phishing Attack Compromised Employee Accounts

by m00s3c

June 3, 2026

Eversource Energy confirmed a data breach after phishing attacks compromised two employee accounts, exposing personal information of 3,049 customers in Connecticut, Massachusetts, and New Hampshire.