BreachNews | Data Breach News & Threat Intelligence

Screenshot of a forum post claiming the release of a database allegedly belonging to Gastroenterology & Hepatology of CNY and Digestive Disease Center of CNY, listing purported patient, diagnosis, medication, pathology, and Social Security number record counts.

A forum user claims to have released a database allegedly stolen from Gastroenterology & Hepatology of CNY and Digestive Disease Center of CNY containing patient...

Cybercrime forum post claiming unauthorized access to NASA web infrastructure, alleging exposure of unpublished content records, NASA and JPL email addresses, internal mailing lists, and development systems.

Forum User Claims NASA WordPress Endpoint Exposed 3,970 Draft Content Records

by m00s3c

June 11, 2026

A forum user claims access to NASA systems, alleging exposure of unpublished content, employee emails, mailing lists, and internal infrastructure data.

Handala blog post claiming cyberattack against California water infrastructure

Handala Claims Cyberattack on California Water Infrastructure

by m00s3c

June 11, 2026

Handala claims it breached California water infrastructure and released alleged proof-of-access material, customer data samples, and utility system screenshots.

Forum post advertising the alleged sale of data from Wiyak.com, showing claims of access to user, driver, transaction, and location information alongside screenshots of database records and attached file listings.

Wiyak Allegedly Breached as Full Customer and Driver Database Offered for Sale

by m00s3c

June 11, 2026

A cybercrime forum listing claims to offer Wiyak's full database, allegedly exposing customer records, driver information, trip histories, transaction data, and location records.

Screenshot of a cybercrime forum post advertising the alleged sale of Dynatrace internal GitHub organization data. The listing claims access to 246 repositories obtained through a developer personal access token and references infrastructure topology, CI/CD systems, Kubernetes management, cloud infrastructure, employee information, and deployment tooling. BreachNews redacted contact information, sample links, and other sensitive details.

Threat Actor Claims Sale of Dynatrace Internal GitHub Repositories

by m00s3c

June 10, 2026

A cybercrime forum listing claims to offer hundreds of internal Dynatrace repositories containing infrastructure, CI/CD, and operational intelligence.

Screenshot of a forum post titled "Wickr Enterprise Admin API Access - Internal Infrastructure Proof." The post claims access to Wickr Enterprise administrative infrastructure and includes an alleged internal API response showing AWS related service references and administrative endpoint information. Sensitive credentials and infrastructure details have been redacted.

Threat Actor Claims Alleged Wickr Enterprise Admin API Access

by m00s3c

June 10, 2026

A cybercrime forum account claims alleged access to a Wickr Enterprise Admin API, though the available evidence remains limited and unverified.

Screenshot of the ShinyHunters data leak site displaying an alleged University of Nottingham dataset. The listing claims more than 40 GB of data from the university and its Malaysia and China campuses, including billing records, payment information, student finance data, and campus portal exports. The entry shows a SHA-256 checksum, a compressed archive size exceeding 19 GB, an update date of 10 June 2026, and a download button.

ShinyHunters Claims University of Nottingham Breach Affecting Multiple Campuses

by m00s3c

June 10, 2026

ShinyHunters claims to possess more than 40GB of alleged University of Nottingham data, including financial and student records from multiple campuses.

Screenshot of a cybercrime forum post in which a threat actor claims to be selling a database allegedly stolen from the Healthcare Financial Management Association (HFMA). The post claims more than 200,000 records were compromised and includes redacted samples described as sponsor contact lists and board member email directories.

HFMA Allegedly Breached as Threat Actor Claims Sale of 200K Records

by m00s3c

June 9, 2026

A threat actor claims to be selling 200,000 HFMA records after an alleged failed extortion attempt, though the breach remains unverified.

Evanston Township High School Closes Campus Following Confirmed Ransomware Attack

by m00s3c

June 9, 2026

Evanston Township High School canceled summer programs and closed campus after a ransomware attack disrupted critical systems, prompting an FBI-assisted recovery effort.

Redacted screenshot from a cybercrime forum post in which a newly created account claims to be selling an alleged OkCupid dataset containing 20 million user records. The post references purported API access, a sample dataset, and session-related information. Sensitive details have been obscured by BreachNews.

Threat Actor Claims Sale of 20 Million Alleged OkCupid User Records

by m00s3c

June 9, 2026

A newly created forum account claims to be selling 20 million OkCupid records, though the alleged breach and API access remain unverified.

Redacted screenshot from a cybercrime forum post in which a threat actor claims access to a Fortinet SSL VPN environment allegedly associated with the Argentine Army. The image includes the Argentine Army emblem, screenshots of a VPN portal, and the actor’s description of purported internal network access capabilities. BreachNews has not independently verified the claim.

Threat Actor Claims Access to Argentine Army Fortinet SSL VPN Infrastructure

by m00s3c

June 7, 2026

A threat actor linked to Ecuador's electoral breach claims access to the Argentine Army's Fortinet SSL VPN, potentially enabling internal network compromise, though the claim...