Data Security

Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
ShinyHunters listed Charter Communications with 42 million claimed records and a May 27 dump deadline; Charter confirmed an investigation with authorities.
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Baker Distributing Company was added to ShinyHunters' Salesforce extortion campaign with 260,000 CRM records exposed and a May 27 public leak deadline.
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Security researcher Louis found that Trump Mobile's HTTP POST API returned 27,000 customer records without any authorization check during the T1 phone launch.
Cybersecurity
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Mysk researchers found WhatsApp stores chat history unencrypted in a file accessible to Facebook and Instagram on iOS and macOS without user permission.
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Group-IB identified five dark web brokers posting 500–1,000 fake corporate breach ads monthly using recycled Facebook 2021, Eatigo, and Truecaller leak data.
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Cybersecurity
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
Ukrainian cyberpolice and U.S. law enforcement identified an 18-year-old from Odesa behind 28,000 stolen accounts and $721,000 in fraudulent purchases.
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Grafana Breach Traced to TanStack npm Supply Chain Attack
Cybersecurity
Grafana Breach Traced to TanStack npm Supply Chain Attack
Grafana revealed the source code breach that exposed its GitHub repositories originated from a TanStack npm package poisoned by the TeamPCP threat actor.