The World Leaks ransomware group posted 14.3 GB of contractor data from India's Kudankulam nuclear plant, exposing blueprints and supplier records in a classic third-party data center breach.
President Trump’s declassification announcement alleging a 220 million voter file compromise by China reignites debate over election infrastructure security. Cybersecurity professionals must assess the credibility of the claims and the potential exposure of sensitive voter data. The incident underscores persistent risks of nation-state cyber espionage targeting democratic processes.
A detailed look at the June 23 cyberattack on Partnered Health that compromised 21 clinics, stealing highly sensitive medical identities. With an NSW court injunction in place and an ongoing investigation, the incident highlights the preferred techniques of threat actors targeting healthcare and the critical need for segmentation and rapid response in large hospital networks.
Partnered Health’s swift application for an interim Supreme Court injunction reveals a legal tactic increasingly used by breached Australian firms, while threat actors net a rich haul of identity and health records.
Ransomware group World Leaks breached Tata Electronics, exposing over 200,000 files containing Apple and Tesla trade secrets. The 630 GB data dump includes proprietary design documents and employee passports, highlighting critical supply chain cyber risks. This incident underscores the urgent need for OT security and dark web monitoring.
Cybersecurity threats from AI in politics are a top concern for 80% of Australians, according to an ANU-Google report. The risk of sensitive political data breaches, deepfake attacks, and reliance on insecure foreign AI models creates a new attack surface. Cyber experts call for urgent security standards.
Apple’s lawsuit claims OpenAI orchestrated a campaign to exfiltrate hardware trade secrets through coached employee departures and interview 'show and tell' sessions, raising major cyber and insider threat concerns.
Amid 866,616 SARs flagged in a year, Reform UK claims the NCA may have suffered an insider data breach that exposed Richard Tice’s financial intelligence to the press. The incident highlights cybersecurity vulnerabilities in handling highly sensitive anti-money laundering reports.
The 2023 23andMe attack, which started with simply reusing leaked credentials, ultimately exposed the genetic and health data of 6.9 million users—and now costs $46.75 million. For cybersecurity teams, it is a textbook case of why basic anti‑credential‑stuffing controls and multi‑factor authentication are non‑negotiable for any platform holding sensitive data.
Two individuals have been charged over the alleged access of a federal parliamentarian’s restricted banking data at Commonwealth Bank. One is a former EY contractor, underscoring the persistent insider threat and third-party risk in financial institutions.
A simple Microsoft 365 settings error allowed two students to access 2,000 confidential files, one of 491 cybersecurity incidents logged in a damning NSW audit. The report exposes systemic weaknesses in cloud configuration management and third‑party app vetting across the state’s schools.
A serious insider threat event at Commonwealth Bank saw two EY secondees, aged 21 and 25, misuse system access to view Prime Minister Albanese’s personal banking data. The breach underscores the peril of embedding third-party personnel into critical financial infrastructure and highlights the human factor in cybersecurity.
The cyberattack on Tata Electronics by the World Leaks group resulted in the exfiltration of 200,000 files containing Apple’s upcoming product details. This breach exemplifies the growing threat of third-party supply chain attacks and double-extortion ransomware.
Phishing attack on Xsolis compromises 1.4M patient records, while a newly named ransomware group, Pear, extorts mortgage lender Optimum First. Both incidents expose critical attack vectors and sensitive data worth millions on dark markets.
Ransomware group World Leaks posted 630GB of manufacturing data from Tata Electronics, including iPhone QC specs and Tesla trade secrets. The breach highlights how attackers increasingly target factory floors, not just corporate IT. As Apple and Tesla launch investigations, the incident raises urgent questions about OT security in global supply chains.
Ransomware group World Leaks posted over 200,000 sensitive documents on the dark web from Tata Electronics, including purported Apple and Tesla component designs. The attack underscores the growing trend of double-extortion targeting manufacturing, with Tata now performing a forensic audit and locking down remote access.
Despite Dialog’s claim of a sophisticated hack, WIRED’s analysis shows a simple website misconfiguration exposed data on 200 attendees of its elite retreats, including top government officials. The incident underscores how basic security failures can endanger high-value targets and the importance of secure development practices.
A targeted phishing attack on Xsolis led to the exfiltration of highly sensitive personal and medical data affecting 1.4 million. The incident, detected in two days but notified months later, exemplifies persistent healthcare security gaps in email defense and incident response.
Two distinct threat groups, ShinyHunters and Icarus, have publicly claimed responsibility for separate breaches at JCPenney/Catalyst Brands and The Credit Pros, respectively. The attacks expose evolving cybercriminal tactics, including Salesforce environment exploitation and high-value PII harvesting.
A healthcare insider attempted to sell Kate Middleton’s records from The London Clinic, resulting in an ICO caution. Cybersecurity professionals must treat this as a classic insider threat case demanding DLP and UBA upgrades.
Two major threat actor groups are driving a crisis in education technology, with ShinyHunters stealing 137,000 staff records via Infinite Campus and FulcrumSec paralyzing Global Schools Foundation. The incidents reveal a shift in cybercriminal focus toward low-defence, high-value academic data repositories.
Novo Nordisk's breach reveals a stealthy exfiltration operation targeting high-value clinical and provider data, with no ransomware. The incident spotlights the pharmaceutical sector's expanding attack surface.
The EU’s investigation into smart glasses exposes critical cybersecurity risks, from covert recording to unauthorized data sharing. Meta’s subcontractor scandal shows how raw footage can be misused, alarming CISOs. Expect calls for mandatory encryption, on-device processing, and clear recording indicators.
Sony-owned streaming giant Crunchyroll is investigating a significant data breach after hackers allegedly stole 8 million support tickets containing personal data for 6.8 million unique users. The breach originated from a compromised third-party support agent at Telus International, highlighting ongoing vulnerabilities in the global supply chain.
South Korean e-commerce giant Coupang has nearly restored its active user base to pre-breach levels following a massive November 2025 security incident that exposed 33.7 million customers. The recovery, driven by aggressive compensation packages and a strategic pivot toward Nvidia-powered AI infrastructure, signals a resilient turnaround for the NYSE-listed firm.
A hacker known as 'Internet Yiff Machine' has reportedly compromised P3 Global Intel, a subsidiary of Navigate360, exfiltrating 93GB of data containing over 8 million confidential law enforcement tips. The breach, achieved through social engineering and vulnerability exploitation, poses a severe risk to the anonymity of informants and the integrity of ongoing investigations.
A class-action lawsuit has been filed against Swedish telecommunications giant Ericsson in a US court following a data breach reported earlier this month. The legal action alleges negligence in protecting sensitive information after a security incident reportedly impacted thousands of individuals.
Loblaw Cos. Ltd. has disclosed a data breach involving a criminal third-party that accessed customer names, phone numbers, and email addresses. While the company describes the incident as a low-level breach affecting a non-critical part of its network, it has proactively logged all customers out of their accounts to secure the environment.
Loblaw Companies Limited has notified customers of a 'low-level' data breach and launched a forensic investigation into its IT systems. The Canadian retail giant is currently assessing the scope of the unauthorized access while maintaining transparency with affected users.
A whistleblower complaint alleges a former Department of Government Efficiency (DOGE) employee exploited 'God-level' access to exfiltrate data on 500 million Americans from Social Security Administration databases. The staffer reportedly intended to share the data with a private employer and expressed confidence in receiving a presidential pardon for the actions.
A significant security breach at Canadian Tire has compromised the personal information of over 38 million account holders, including contact details and encrypted passwords. The scale of the leak, which nearly matches the entire population of Canada, signals a major systemic failure in the retailer's data protection protocols.
Coupang reported a surprise $26 million loss in the fourth quarter of 2025 as the fallout from a massive 34-million-user data breach eroded consumer trust and triggered a costly compensation campaign. Despite 11% revenue growth, the e-commerce giant faces significant regulatory scrutiny and a 30% stock decline since the incident was disclosed.
South Korean e-commerce leader Coupang is grappling with a significant loss of consumer trust and market value following a data breach affecting 34 million users. As the Science Ministry attributes the leak to management failures, rivals like Naver are capitalizing on the reputational damage, leading to a sharp decline in Coupang's active users and stock price.
The iconic Grand Hotel Taipei has issued a public warning regarding a potential data breach after detecting a cyberattack on its internal systems. As a primary venue for diplomatic functions, the incident raises significant concerns over the exposure of sensitive guest information and potential espionage risks.
A security lapse at Abu Dhabi Finance Week (ADFW) exposed the passport scans and identity documents of over 700 high-profile attendees, including former UK PM David Cameron and billionaire Alan Howard. The data was discovered on an unprotected cloud server managed by a third-party vendor, highlighting persistent risks in event-related data management.