OpenEMR 7.0.2 - Arbitrary File Read

WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

Drupal Core 10.5.5 - Error-Based SQL Injection

WordPress OrderConvo 14 - Path Traversal

Notepad++ 8.9.6 - Arbitrary Code Execution

YAMCS yamcs-core 5.12.7 - No Rate Limiting

YAMCS yamcs-core 5.12.7 - User Enumeration

YAMCS yamcs-core 5.12.7 - LDAP Injection

Microsoft - NTLMv2 Hash Capture

MikroORM 7.0.13 - SQL Injection

Un pirate affirme vendre 120 millions de profils attribués à bet365. La nature des données évoquée par le hacker pourrait sembler bien plus grave qu’une "simple" liste d’adresses électroniques.

Fuites revendiquées chez Tripadvisor, Bet365 et Zalando Australia : attribution faible, prudence cyber maximale.

Fuite présumée de 318 751 données liées à la Carte Jeune Occitanie : risques, prudence et enjeu cyber pour les élèves et les parents.

Deux suspects arrêtés pour soupçon de contournement des sanctions européennes contre la russie. 800 serveurs saisis.

Polymarket visé par une affaire d’initié Google et une interdiction en Espagne : enjeux cyber et renseignement.

Une jeune française de 22 ans ouvre des comptes pour un faux ami : son identité sert à détourner des centaines de milliers d’euros.

Operation Endgame neutralise SocGholish, nettoie 14 971 sites WordPress et vise l’accès initial lié à Evil Corp.

ShinyHunters diffuse des données volées non-stop et impose une extorsion publique durable aux grandes organisations depuis 6 mois.

Fuite Autosur : données clients, véhicules et contrôleurs exposées, avec risque de phishing ciblé.

INTERPOL décrit une hausse majeure des fraudes, rançongiciels, DDoS et deepfakes en Asie-Pacifique.

In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign. The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along with extensive personal, employment and customer relationship information.

In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a cri...

In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.

On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromise...

In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.

In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in

In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.

In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets.

In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolme...

In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HV...