cloud-misconfiguration Archives

Screenshot of a cybercrime forum post by FulcrumSec claiming a breach of Global Schools Group (GSG), including allegations involving student passport records, internal communications, employee data, cloud infrastructure, and source code repositories. The image shows only a cropped portion of the original multi-page post.

FulcrumSec claims it exfiltrated 4.8TB of data from Global Schools Group, alleging exposure of student passport records, parent communications, employee...

Screenshot of a dark web forum post attributed to ShinyHunters claiming Charter Communications failed to reach an agreement with the threat actor. The post alleges that more than 42 million records containing personally identifiable information were compromised and states that the dataset has been released.

ShinyHunters Claims Charter Communications Data Released After Alleged Negotiations Collapse

by m00s3c

May 29, 2026

ShinyHunters claims to have released data stolen from Charter Communications after failed negotiations, alleging over 42 million compromised records, while...

Screenshot of an underground forum post claiming to release approximately 500 Docker images allegedly sourced from Allianz internal infrastructure, with portions of the service listing redacted.

Alleged Allianz Docker Image Dump Containing Source Code and Credentials

by m00s3c

May 28, 2026

A threat actor claims to have leaked about 500 internal Docker images from Allianz, potentially exposing sensitive source code, credentials,...

CISA Contractor Exposed Internal GovCloud Credentials in Public GitHub Repo

by m00s3c

May 19, 2026

A CISA contractor exposed sensitive internal GovCloud credentials, including plaintext passwords and AWS keys, in a public GitHub repository accessible...

Screenshot of a forum post claiming to leak internal Lightning AI repositories following the PyTorch Lightning supply-chain compromise, showing partially redacted repository names and references to compromised PyPI credentials.

Lightning AI Repositories Allegedly Leaked Following PyTorch Lightning Supply-Chain Incident

by m00s3c

May 15, 2026

An alleged leak of over 10,000 files from Lightning AI's internal repositories surfaced following a PyTorch Lightning supply-chain compromise involving...

Screenshot showing a new ShinyHunters leak-site listing targeting Houghton Mifflin Harcourt alongside a rare public statement issued by the threat group regarding its ongoing campaign.

ShinyHunters Expands Extortion Campaign With New Houghton Mifflin Harcourt Claim

by m00s3c

May 10, 2026

ShinyHunters has added education publisher Houghton Mifflin Harcourt to its extortion campaign, warning of a May 2026 data leak deadline...

Screenshot of a dark web forum thread allegedly posted by FulcrumSec claiming a breach of Arup Group involving 10,000 repositories, Azure and AWS infrastructure data, and sensitive internal documents.

FulcrumSec Claims Arup Group Cloud Infrastructure Breach

by m00s3c

May 9, 2026

Threat actor FulcrumSec claims to have breached Arup Group's cloud infrastructure, allegedly accessing 10,000 repositories and 3.5TB of Azure and...

FulcrumSec: Threat Actor Profile

by m00s3c

May 8, 2026

FulcrumSec is a financially motivated cybercriminal group active since 2025, known for large-scale data exfiltration and branded leak campaigns targeting...

Screenshot of a threat actor leak page titled "The Stuf Leaks" advertising a downloadable 287GB archive allegedly containing customer data, call recordings, GPS logs, and source code.

FulcrumSec Claims 287GB Stuf Storage Data Breach

by m00s3c

May 8, 2026

FulcrumSec claims to have breached Stuf Storage’s AWS cloud, exposing 287GB of sensitive customer data, access codes, call recordings, source...

Forum post by ShinyHunters claiming a data breach of Vimeo, alleging compromised Snowflake and BigQuery instances via Anodot, with no supporting data shown.

ShinyHunters Claims Vimeo Data Compromise via Alleged Anodot Third-Party Access

by m00s3c

April 29, 2026

ShinyHunters claims to have compromised Vimeo data via third-party analytics provider Anodot, exposing about 119,000 users' information, though Vimeo confirmed...