Data Extortion
-
Grafana says GitHub token breach let intruder download codebase
Grafana said a stolen token let an unauthorized party access its GitHub environment and download code. The company said no customer data was exposed and that the attacker later tried to extort payment.
-
Threat actor compromises about 1,400 exposed MongoDB servers in low-value extortion campaign
A technical analysis found a threat actor compromised about 1,400 exposed MongoDB servers, leaving ransom notes demanding about 0.005 BTC per victim. Researchers identified roughly 208,500 exposed servers and many running outdated versions.
-
PornHub targeted by ShinyHunters after Premium member activity data reportedly stolen
PornHub says it is being extorted by the ShinyHunters gang after activity data for some Premium members was reportedly stolen in a Mixpanel-related incident; Mixpanel says it can find no indication the records were taken in its November 2025 incident.
-
Eurofiber reports data stolen in cyberattack on its French business
Eurofiber said a November 13 cyberattack on its French business exploited a ticketing-platform vulnerability and resulted in stolen data; the company said banking information was not affected, the flaw is patched, and it has notified customers and French authorities.
-
Washington Post breach exposes personal data of nearly 10,000 workers
The Washington Post notified 9,720 employees and contractors that their personal and financial information was exposed after attackers exploited a zero-day in Oracle E-Business Suite; the flaw (CVE-2025-61884) has been linked to the Clop group and other major organisations were also affected.
-
Crimson Collective targets AWS cloud instances to steal data and extort firms
Researchers at Rapid7 said the Crimson Collective has been exploiting exposed AWS credentials to create privileged IAM users, export database and storage snapshots for exfiltration, and issue extortion demands; AWS recommended using short‑term, least‑privileged credentials and provided remediation guidance.
-
FBI warns of UNC6040 and UNC6395 hackers targeting Salesforce to steal data and extort victims
The FBI has issued a FLASH alert about UNC6040 and UNC6395 hacking groups that are compromising Salesforce environments to steal data and extort victims, releasing IOCs to aid defense efforts across organizations and multiple cloud platforms.
-
Storm-0501 Debuts Brutal Hybrid Ransomware Attack Chain, Microsoft Warns
Microsoft Threat Intelligence warns Storm-0501 has deployed a brutal hybrid ransomware chain, exploiting hijacked privileged accounts to pivot between on‑prem and cloud, exfiltrate data, delete backups and encrypt remaining cloud resources, pressuring victims to pay or face potential shutdown.
-
Dell Confirms Breach by Rebranded Extortion Group World Leaks
Dell Technologies has confirmed a security breach of its Customer Solution Centers platform by the extortion group World Leaks, prompting concerns over the safety of company data as the group exploits the situation for ransom.
-
Scania Confirms Cybersecurity Breach Involving Compromised Credentials and Extortion Attempt
Scania has confirmed a cybersecurity breach that involved the theft of insurance claim documents using compromised credentials. The attack was followed by extortion attempts, with the attackers threatening to leak the data unless demands were met.
