notable events -data breaches
The Australian government moved to double the maximum penalty for breaches of its under-16 social-media ban to A$99 million and to expand the eSafety Commissioner's powers to compel compliance evidence from platforms and third-party age-assurance providers. eSafety is investigating Instagram, Facebook, YouTube, Snapchat, and TikTok.
The Chinese open-source DCloud Uni-App framework underpinned a global investment-scam economy, fingerprinted across 236,493 scam-site domains observed from 2022 to 2026 on major cloud and bulletproof hosts. Spread via social engineering, it powered fraud schemes including the RainbowEx pig-butchering operation that defrauded an Argentine town.
Mozilla's 0DIN team demonstrated a proof-of-concept attack in which a clean-looking GitHub repository with deliberately failing setup steps coaxes AI coding agents into an auto-recovery flow that fetches and executes a DNS-hosted reverse shell. Claude Code was shown vulnerable, with no in-the-wild exploitation reported.
Symantec attributed a stealthy in-memory backdoor, Mistic, to the initial-access broker Woodgnat (KongTuke), active since 2024 and feeding footholds to Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. Distribution spanned compromised WordPress sites, ClickFix social engineering, and fake IT-helpdesk messages on Microsoft Teams.
The US First Circuit affirmed dismissal of a putative class action over Bayamon Medical Center's 2019 ransomware breach, holding the plaintiff failed to plausibly allege her identity-theft injury was fairly traceable to that breach. The ruling reinforces the Article III traceability defense in data-breach litigation.
Ontario Superior Court sentenced Canadian hacktivist Aubrey Cottle to 18 months for the September 2021 Anonymous-linked breach of the Texas Republican Party, which defaced its website and exfiltrated 180 GB of donor and personal data via web host Epik. Time served left roughly 175 days.
Kaspersky's GReAT uncovered StrikeShark, a global espionage campaign deploying a novel SharkLoader dropper and Cobalt Strike Beacon against government, diplomatic, and software-development targets across Asia, the Middle East, Latin America, and Europe. Operators exploited internet-facing Exchange, SharePoint, FortiOS, and other flaws, with low-confidence Chinese-speaking attribution.
Investigators tied the September 2025 ransomware attack that halted Jaguar Land Rover production for five weeks to Russian cybercriminals who used phishing and social engineering. The Cyber Monitoring Centre estimated the shutdown cost the UK economy £1.9 billion, roughly $2.5 billion, hitting over 5,000 businesses.
An FBI and CISA advisory detailed an expanded Russian intelligence phishing campaign that tricks targets into surrendering their Signal backup recovery key, letting operators restore message history and hijack accounts. Targets include US and Ukrainian officials, military personnel, and journalists; the stolen key remains reusable.
The Bureau of Alcohol, Tobacco, Firearms and Explosives terminated its contract for Penlink's Webloc location-tracking tool after Senator Ron Wyden pressed the agency on warrantless cellphone tracking. Director Robert Cekada confirmed the agency had run over 340 searches, 222 tied to active cases, without warrants.
Google's Threat Intelligence Group attributed a new espionage backdoor, STOCKSTAY, to FSB-linked Turla, used against Ukrainian government and military targets through at least January 2026. Delivered via phishing from a compromised university account and CVE-2025-8088, it enabled file exfiltration, screen capture, and command execution.
A compromised third-party vendor injected a malicious script into Polymarket's web frontend, draining about $3 million in pUSD from at least 11 users via a phishing flow. Attackers converted the proceeds to roughly 1,893 ETH. Polymarket pledged to refund affected users.
Palo Alto Networks Unit 42 attributed a custom backdoor, TinyRCT, to China-aligned cluster CL-STA-1062, which compromised at least ten state-owned energy and government organizations across Southeast Asia between October and December 2025. The espionage toolset enabled stealthy data theft, command execution, and long-term network access.
Poland's Cybercrime Bureau, with the FBI and Homeland Security Investigations, arrested four members of a SIM-swapping ring that hijacked phone numbers to loot cryptocurrency-exchange accounts and launder millions. Suspects face up to 25 years for organized crime, hacking, and money laundering.
Montenegrin police and the FBI arrested a 39-year-old dual Iranian-Turkish national in Kotor, wanted in New York on hacking charges. US prosecutors accuse him of breaching over 150 universities since 2013, causing $3.4 billion in damage and funneling stolen access to Iran's Revolutionary Guard.
