Data Breaches

From a Europol press release: A major online forum for stolen data has been dismantled following an international operation coordinated by Europol. The forum, known as LeakBase, had established itself as a central hub in the cybercrime ecosystem, specialising in the trade of leaked databases and so-called “stealer logs” – archives of stolen credentials harvested… Source

From the Google Threat Intelligence Group: Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of… Source

Dutch Police reports: Nearly 1,700 police officers will receive a letter in the coming period because they used police systems when there was likely no need to do so. These colleagues were looking for information about the violent death of 17-year-old Lisa from Abcoude. The letter is primarily intended to remind police officers of the… Source

Maira Butt reports: Israeli spies hacked nearly every traffic camera in Tehran for years in order to monitor the movements of Ayatollah Ali Khamenei in an unprecedented intelligence-gathering campaign, according to a report. Officials surveilled highly trained and loyal security guards, bodyguards and drivers of senior Iranian officials to pick up on their “pattern of life”, the Financial Times reported. This real-time data, including from cameras focused… Source

A congressional investigation estimates broker breaches have cost consumers $20 billion in identity theft. Major brokers now promise to make it easier to opt out of their databases. By: Colin Lecher Breaches at data brokers have cost American consumers more than $20 billion, Congress’s Joint Economic Committee revealed Friday as part of an investigation triggered… Source

On February 27, external counsel for OCAT, LLC dba Evoke Wellness at Hilliard (“Evoke”), submitted a breach notification to the Maine Attorney General’s Office. The sample notification letter submitted with it claims that the Ohio addiction treatment center learned of an incident on August 7, 2025: On August 7, 2025, OCAT became aware of unauthorized… Source

On or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within its network. An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. As of the date… Source

Dysruption Hub reports: A reported “cyber incident” left the Denmark School District in the Village of Denmark, Wisconsin, without internet access for five school days, forcing teachers and students to rely on paper-based workarounds, according to a local news report. But that “cyberincident” appears to be a cyberattack by INC Ransom, or so the gang… Source

Europol reports: In its first year of operation, Project Compass has delivered concrete operational results against “The Com”, a decentralised extremist network targeting minors and vulnerable individuals both online and offline. Since January 2025, Project Compass has contributed to: 4 victims safeguarded 30 perpetrators arrested 62 identified and partially identified victims 179 identified and partially… Source

Lorenzo Franceschi-Bicchierai reports: A group of hacktivists calling themselves “Department of Peace” claimed to have hacked the Department of Homeland Security (DHS), leaking allegedly stolen documents online. On Sunday, the nonprofit transparency collective DDoSecrets published data relating to contracts between DHS, Immigration and Customs Enforcement (ICE), and more than 6,000 companies, including defense contractors Anduril, L3Harris, Raytheon,… Source