Data Security

Application Security
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
OpenAI confirmed two employee devices were compromised through a supply chain attack, exposing code-signing certificates for macOS, Windows, iOS, and Android apps.
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Cybersecurity
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Grafana Labs confirmed CoinbaseCartel stole its source code via a stolen GitHub token; the group has links to ShinyHunters; no customer data was affected.
Cybersecurity
ShinyHunters Claims 600,000-Record 7-Eleven Salesforce Breach
ShinyHunters claimed and 7-Eleven confirmed a breach of its Salesforce CRM containing over 600,000 records, with a ransom demand issued to the retail chain.
Cybersecurity
Foxconn Confirms Nitrogen Ransomware Stole 8TB of Customer IP
Nitrogen ransomware hit Foxconn's North American factories, encrypting systems and stealing 8TB of files containing schematics from Apple, Intel, and Google.
Cybersecurity
OpenLoop Health Breach Exposes 716,000 Patient Records
OpenLoop Health disclosed a January 2026 breach affecting 716,000 patients across two days, with a threat actor claiming the true total exceeds 1.6 million.
Application Security
GemStuffer Campaign Abuses 150+ RubyGems as Data Dead Drops
Socket identified GemStuffer, a campaign abusing 150+ RubyGems packages to scrape UK government council portals and publish collected data as gem archives.
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
Cybersecurity
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
The UK ICO fined South Staffordshire Water £963,900 after Cl0p ransomware went undetected inside the utility's systems for 20 months, exposing 633,887 records.
Cybersecurity
ShinyHunters Sets HMH Extortion Deadline, Student Data at Risk
ShinyHunters posted Houghton Mifflin Harcourt with a May 12 pay-or-leak deadline, threatening to expose student and educator data from one of the largest US edtech ...
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access to enterprise storage.