cloud-misconfiguration Archives

Screenshot of a forum post claiming to leak internal Lightning AI repositories following the PyTorch Lightning supply-chain compromise, showing partially redacted repository names and references to compromised PyPI credentials.

An alleged leak of internal Lightning AI repositories has surfaced online following the recent PyTorch Lightning supply-chain compromise that distributed...

Screenshot showing a new ShinyHunters leak-site listing targeting Houghton Mifflin Harcourt alongside a rare public statement issued by the threat group regarding its ongoing campaign.

ShinyHunters Expands Extortion Campaign With New Houghton Mifflin Harcourt Claim

by m00s3c

May 10, 2026

ShinyHunters has issued a rare public statement amid its ongoing extortion campaign, while adding education publisher Houghton Mifflin Harcourt Company...

Screenshot of a dark web forum thread allegedly posted by FulcrumSec claiming a breach of Arup Group involving 10,000 repositories, Azure and AWS infrastructure data, and sensitive internal documents.

FulcrumSec Claims Arup Group Cloud Infrastructure Breach

by m00s3c

May 9, 2026

Threat actor FulcrumSec has claimed responsibility for an alleged breach involving Arup Group, the multinational engineering and infrastructure consulting firm...

FulcrumSec: Threat Actor Profile

by m00s3c

May 8, 2026

Attribution: Unknown, financially motivated cybercriminal group First Observed: 2025 Primary Operations: Data exfiltration, cloud data exposure, source code leaks, public...

Screenshot of a threat actor leak page titled "The Stuf Leaks" advertising a downloadable 287GB archive allegedly containing customer data, call recordings, GPS logs, and source code.

FulcrumSec Claims 287GB Stuf Storage Data Breach

by m00s3c

May 8, 2026

A threat actor operating under the name FulcrumSec has claimed responsibility for a large-scale data breach involving Stuf Storage, a...

Forum post by ShinyHunters claiming a data breach of Vimeo, alleging compromised Snowflake and BigQuery instances via Anodot, with no supporting data shown.

ShinyHunters Claims Vimeo Data Compromise via Alleged Anodot Third-Party Access

by m00s3c

April 29, 2026

Update: Vimeo has since confirmed that unauthorized access to user data occurred through a breach involving third-party analytics provider Anodot....

Screenshot of forum post by threat actor xorcat claiming Polymarket API data exposure with exploit details and dataset listings

Polymarket APIs Allegedly Exposed 300K+ Records via Misconfiguration and Unauthenticated Endpoints

by m00s3c

April 28, 2026

A threat actor known as xorcat is claiming to have extracted more than 300,000 records from Polymarket, a decentralized prediction...

FulcrumSec leak page for the Analog Gold and Prospector Portal breach, showing claim summary and download package details

Mining Intelligence Platform Allegedly Leaked Guyana’s Sovereign Citizen Database in AWS Misconfiguration

by m00s3c

April 21, 2026

A financially motivated extortion group claims to have exfiltrated 2.2 terabytes of data across 52 AWS S3 buckets belonging to...

Forum post screenshot showing a claimed leak of 321transit.com database containing user records and transit pass data, April 6, 2026.

Brevard County Transit Site Allegedly Left a Database Backup Exposed for Months

by m00s3c

April 6, 2026

A SQL database backup belonging to 321transit.com, the official website for Space Coast Area Transit (SCAT), Brevard County's public transportation...

NEXUS Listener dashboard token breakdown showing credential types and counts stolen from React2Shell victims including database passwords, AWS keys, and Stripe secrets. Source: Cisco Talos.

Cisco Talos: Automated Credential Theft Campaign Exploits React2Shell Across 766 Hosts

by m00s3c

April 5, 2026

A large-scale automated credential harvesting campaign has been actively exploiting CVE-2025-55182, the critical React Server Components vulnerability known as React2Shell,...

Page 1 of 2 1 2 Next

Newsletter signup

Get the latest data breach and security news.

Please wait...

Newsletter signup

Thank you for signing up!

ShinyHunters Lists New Victims Including Zara, 7-Eleven, and Pitney Bowes in Alleged Data Release

ShinyHunters: Threat Actor Profile

ShinyHunters: Threat Actor Profile

Threat Actor Leaks Alleged Virginia DWR Database Containing SSNs

Instructure Confirms Ransom Payment Following ShinyHunters Canvas Breach

Mini Shai-Hulud Malware Abuses Trusted CI Pipelines in Expanding Supply-Chain Attack

AimSmarter Allegedly Breached Exposing Financial Records and Employee Login Hashes

Instructure Confirms Data Breach as ShinyHunters Claims Massive Student Data Theft

cloud-misconfiguration

Newsletter signup

Thank you for signing up!

Trending News