Top stories
// 5 stories cyclingGrindr — alleged 15M+ user database listing
Forum seller listed an alleged 15-million-record Grindr database for $400 covering bcrypt hashes, geolocation and HIV-status field; Grindr has not commented.
Red Hat (@redhat-cloud-services npm) — Miasma supply-chain worm via compromised employee GitHub account
Wiz researchers found 32 trojanised releases under the @redhat-cloud-services npm scope, traced to a compromised Red Hat employee's GitHub account, deploying a credential-stealing self-propagating worm.
Palo Alto Networks PAN-OS GlobalProtect — CVE-2026-0257
Authentication-override flaw in PAN-OS GlobalProtect lets unauthenticated attackers forge cookies and establish VPN tunnels; CISA added it to KEV with a 1 June deadline.
OpenAI — two employee devices compromised in TanStack npm supply-chain attack
Two OpenAI staff devices compromised by poisoned @tanstack npm packages; limited credentials exfiltrated and OpenAI is re-signing all desktop and mobile applications.
DentaQuest — ShinyHunters leak-site listing, US dental insurer
ShinyHunters listed US dental-insurance provider DentaQuest on its leak site, claiming 744 user records and threatening publication after the extortion deadline lapsed.
Profiles and interviews with the people behind the keyboard. Some made the news. Some made the millions. Some did the time. Some came back with something to say.
Open the profiles →GS Yuasa Lithium Power — Akira leak-site listing, US aerospace battery supplier
Akira listed US aerospace battery supplier GS Yuasa Lithium Power on its leak site, naming Boeing satellite project data among the allegedly stolen material.
7-Eleven — misconfigured Salesforce Experience Cloud, ShinyHunters dump
ShinyHunters dumped a 9.4 GB archive of 7-Eleven franchise applicant data after exploiting a misconfigured Salesforce Experience Cloud instance with the AuraInspector audit tool.
Charter Communications — vishing-led Salesforce CRM breach, ShinyHunters extortion
ShinyHunters claims 42 million Charter customer records exfiltrated from Salesforce after vishing an employee into surrendering their Microsoft Entra account.
Panasonic Avionics — CoinbaseCartel extortion claim, unverified
CoinbaseCartel listed in-flight entertainment supplier Panasonic Avionics on its data-leak site claiming corporate data theft; the company has not publicly confirmed an intrusion.
GitHub — internal repositories breached via poisoned Nx Console VS Code extension
A poisoned Nx Console VS Code extension on a GitHub employee's device harvested credentials; attackers cloned roughly 3,800 internal repositories and listed them for $50,000.