📰 Cyber Feed Aggregator

💥 Breach

Latest Breach coverage curated from trusted cybersecurity sources.

• Streamlit: The Tip of The Shadow AI Iceberg | UpGuard
  UpGuard Data Breach Research — Tue, 09 Dec 2025 23:19:01 GMT

  Tens of thousands of AI-enabled web applications using the Streamlit framework are publicly available, exposing PII and other confidential data.

• KinoKong - 817,808 breached accounts
  Have I Been Pwned latest breaches — Sat, 06 Dec 2025 08:13:57 Z

  In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

• Zilvia.net - 287,863 breached accounts
  Have I Been Pwned latest breaches — Mon, 01 Dec 2025 07:34:16 Z

  In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident...

• China Software Developer Network - 6,414,990 breached accounts
  Have I Been Pwned latest breaches — Thu, 27 Nov 2025 05:49:56 Z

  In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.

• CodeStepByStep - 103,077 breached accounts
  Have I Been Pwned latest breaches — Sun, 23 Nov 2025 05:54:02 Z

  In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.

• ADDA - 1,829,314 breached accounts
  Have I Been Pwned latest breaches — Sun, 23 Nov 2025 01:16:58 Z

  In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.

• Identifying Companies Affected by the Shai-Hulud NPM Supply Chain Attack | UpGuard
  UpGuard Data Breach Research — Fri, 24 Oct 2025 04:08:27 GMT

  Using Github event archives, UpGuard Research identifies companies with indicators of compromise of the Shai-Hulud attacks, even after the repos have been deleted.

• Unclaimed Property: How an Unknown Entity Exposed Indian Banking Information | UpGuard
  UpGuard Data Breach Research — Fri, 26 Sep 2025 16:05:20 GMT

  UpGuard discovered a rapidly growing data leak of bank accounts in India– and no one to take responsibility for it.

• Traffic Patterns: The Leakzone Part 2 | UpGuard
  UpGuard Data Breach Research — Tue, 12 Aug 2025 23:13:57 GMT

  UpGuard analyzes the universities, governments, and private companies mentioned in the access logs of hacker forum Leakzone.

• Insufficient Coverage: WorkCycle, Langflow, and TPL | UpGuard
  UpGuard Data Breach Research — Tue, 12 Aug 2025 16:00:01 GMT

  UpGuard can now report that we have secured a Langflow instance leaking data for around 97,000 insurance customers in Pakistan.

• Snowflake
  Public Cloud Security Breaches — Sun, 30 Jun 2024 11:08:05 -0400

  In the spring of 2024, a number of Snowflake customers suffered data breaches when cybercriminals announced they had data sets from high-profile customers like TicketMaster, LendingTree, Neiman Marcus, and Santander. While Snowflake & Mandiant found no evidence their cloud offering was compromised, these incidents...

• Football Australia
  Public Cloud Security Breaches — Mon, 05 Feb 2024 07:27:16 -0500

  Football Australia, the national governing authority for the sport, embedded an AWS Access Key in their website that granted access to 126 S3 Buckets containing sensitive information for players and fans.

• Microsoft (Midnight Blizzard)
  Public Cloud Security Breaches — Sat, 20 Jan 2024 20:14:38 -0500

  Leveraging an unused account, the Russian APT Midnight Blizzard was able to pivot into Microsoft’s corporate Office 365 to access the emails of key executives and cyber-security employees. Midnight Blizzard was searching for what information Microsoft knew about themselves.

• First Republic Bank
  Public Cloud Security Breaches — Wed, 13 Dec 2023 04:16:54 -0500

  In March 2020, a cloud engineer was terminated from First Republic Bank and subsequently accessed their AWS & GitHub environment to cause damage.

• Retool MFA
  Public Cloud Security Breaches — Fri, 10 Nov 2023 19:43:16 -0500

  An engineer at Retool fell victim to a social engineering attack that led to the compromise of an engineer’s MFA tokens and the account takeover of a small number of Retool customers.