Collecting Cyber-News from over 60 sources

Tag: breach

7-Eleven confirms breach after ShinyHunters claims

May 20, 2026 7:00 PM

Tags: access, breach, cybercrime

The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.” First seen on therecord.media Jump to article: therecord.media/7-eleven-reports-data-breach-shinyhunters
7-Eleven confirms breach after ShinyHunters claims

May 20, 2026 7:00 PM

Tags: access, breach, cybercrime

The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.” First seen on therecord.media Jump to article: therecord.media/7-eleven-reports-data-breach-shinyhunters
Grafana breach caused by missed token rotation after TanStack attack

May 20, 2026 7:00 PM

Tags: attack, breach, data, data-breach, github, supply-chain

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
7-Eleven hit by data breach

May 20, 2026 6:00 PM

Tags: access, breach, data, data-breach, unauthorized

The retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/7-eleven-cyberattack-franchisee-data/820698/
Compromised coding tool helped hackers breach thousands of GitHub repositories

May 20, 2026 6:00 PM

Tags: attack, breach, github, hacker, open-source, tool

The attack is the latest example of hackers’ intense focus on open-source packages. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/github-hacked-repository-data/820722/
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

May 20, 2026 5:00 PM

Tags: breach, data, github, malicious

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000. First seen on hackread.com Jump to article: hackread.com/github-breach-teampcp-repositories-vs-code-extension/
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

May 20, 2026 5:00 PM

Tags: access, breach, credentials, data, data-breach, exploit, network, vulnerability

Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/verizon-2026-dbir-findings/
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware

May 20, 2026 5:00 PM

Tags: access, breach, cyber, exploit, github, programming, ransomware, security-incident, software, supply-chain, unauthorized

Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthorized access to its GitHub repositories after exploiting a compromised workflow token. The breach, detected on May 11, 2026,…
Identity Alone Isn’t Enough: Why Device Security Has to Share the Load

May 20, 2026 5:00 PM

Tags: breach, identity, software, strategy, zero-trust

Identity checks alone can’t stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/identity-alone-isnt-enough-why-device-security-has-to-share-the-load/
GitHub says hackers stole data from thousands of internal repositories

May 20, 2026 4:00 PM

Tags: breach, data, github, hacker

The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/20/github-says-hackers-stole-data-from-thousands-of-internal-repositories/
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free

May 20, 2026 4:00 PM

Tags: breach, credit-card, dark-web, law, marketplace

Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, not because of a law enforcement action or a system compromise, but…
Instructure cyberattack reignites ransom payment debate

May 20, 2026 4:00 PM

Tags: breach, business, ciso, cyberattack, cybercrime, data, ransom

Instructure struck a deal to recover its stolen data — likely paying a hefty ransom. For CISOs, deciding whether to negotiate with cybercriminals should come down to business risk. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366642963/Instructure-cyberattack-reignites-ransom-payment-debate
GitHub confirms being hacked by TeamPCP, says customer data unaffected

May 20, 2026 3:00 PM

Tags: breach, cybercrime, data, github

Github, which hosts code for more than 100 million developers worldwide, confirmed the breach on social media after TeamPCP advertised stolen source code on a cybercrime forum. First seen on therecord.media Jump to article: therecord.media/github-confirms-teampcp-hack-customers-unaffected
Senator presses CISA for answers about alleged GitHub repository leak

May 20, 2026 3:00 PM

Tags: breach, cisa, cybersecurity, github, government, infrastructure, leak

U.S. Senator Maggie Hassan (D-NH) sent a letter to the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday demanding answers about an alleged breach uncovered by cybersecurity reporter Brian Krebs involving government contractor Nightwing. First seen on therecord.media Jump to article: therecord.media/hassan-presses-cisa-github-leak
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

May 20, 2026 3:00 PM

Tags: ai, breach, cyberattack, exploit, flaw, hacker, password, software, vulnerability

Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. First seen on hackread.com Jump to article: hackread.com/verizon-dbir-ai-hackers-exploit-vulnerabilities-breaches/
Old Breaches Resold as New Corporate Data Leaks

May 20, 2026 3:00 PM

Tags: breach, china, corporate, cyber, cybercrime, dark-web, data, group, leak

Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources toward investigating claims that often lack credibility. Group-IB identified a surge in high-volume data advertisements targeting companies across…
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

May 20, 2026 2:01 PM

Tags: breach, github, group, malicious, threat

The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

May 20, 2026 12:00 PM

Tags: access, breach, credentials, data, exploit, flaw, software, vulnerability

Verizon DBIR finds 31% of data breaches began with software flaws last year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/
GitHub confirms breach of 3,800 repos via malicious VSCode extension

May 20, 2026 11:00 AM

Tags: breach, github, malicious

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

May 20, 2026 11:00 AM

Tags: attack, breach, extortion, ransom

Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-shinyhunters-canvas-breach
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

May 20, 2026 9:00 AM

Tags: attack, breach, github

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.”After the initial assessment, we found…
GitHub investigates internal repositories breach claimed by TeamPCP

May 20, 2026 8:00 AM

Tags: breach, github, group, hacker

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-investigates-internal-repositories-breach-claimed-by-teampcp/
GitHub Source Code Reportedly Compromised, TeamPCP Claims Breach

May 20, 2026 8:00 AM

Tags: breach, cyber, cybercrime, github, group, theft, threat

A threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitive source code and proprietary organizational data. The group is currently offering the allegedly stolen dataset for sale on underground cybercrime forums, with asking prices reportedly exceeding $50,000. According to posts shared on…
Vulnerability exploitation now primary origin of data breaches

May 20, 2026 7:00 AM

Tags: breach, cyber, data, exploit, vulnerability

Verizon’s annual cyber report reveals a major change in how data breaches originate, highlighting the impact of artificial intelligence. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643315/Vulnerability-exploitation-now-primary-origin-of-data-breaches
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

May 20, 2026 7:00 AM

Tags: access, breach, cybercrime, github, threat, unauthorized

GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.”While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,…
Public NYC Health System Notifying 1.8M of Hack

May 20, 2026 1:00 AM

Tags: breach, data, hacking, healthcare

Incident Involved an Unnamed Third-Party Vendor. New York City’s municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/public-nyc-health-system-notifying-18m-hack-a-31726
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut

May 20, 2026 1:00 AM

Tags: access, breach, data, data-breach, exploit, update, vulnerability

Verizon’s 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/verizon-dbir-enterprises-vulnerability-glut
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches

May 20, 2026 12:00 AM

Tags: breach, data, data-breach, exploit, vulnerability

Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. First seen on cyberscoop.com Jump to article: cyberscoop.com/verizon-data-breach-investigations-report-2026/
AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines

May 19, 2026 9:00 PM

Tags: breach, data, ransomware

DragonForce claims it stole 390GB from AdvancedHEALTH, including patient data and minors’ records, as breach notices and legal scrutiny begin. The post AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-advancedhealth-ransomware-patient-data-claim/
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft

May 19, 2026 9:00 PM

Tags: breach, data, data-breach, extortion, github, ransom, theft

Grafana refused an extortion demand after attackers used a stolen GitHub token to download code, with no customer data exposed so far. The post Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-grafana-github-token-codebase-breach/