Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

ShinyHunters leaks Madison Square Garden Sports data on nearly 10 million people

The extortion group ShinyHunters has published data stolen from Madison Square Garden Sports, owner of the New York Knicks and Rangers, after the company did not pay. Have I Been Pwned indexed 9,796,738 unique email addresses spanning staff and customers, alongside extensive personal, employment, and customer-relationship records including names, addresses, phone numbers, and some dates of birth. Reporting on the leak describes an internal "Talent" file profiling former players, executives' family members, and celebrities, in some cases with so-called threat assessments. The intrusion reportedly began with voice-phishing of staff, the same social-engineering pattern behind ShinyHunters' wider 2026 campaign against large enterprises.

Check
People who interacted with Madison Square Garden venues or teams should check Have I Been Pwned for their email and watch for targeted phishing or fraud referencing tickets, accounts, or events.
Affected
Staff and customers of Madison Square Garden Sports whose contact and personal data was exposed (9,796,738 emails); high-profile individuals named in internal files face heightened targeting and impersonation risk.
Fix
Reset and avoid reusing affected account passwords, enable phishing-resistant MFA, and stay alert to convincing phishing. Organizations should harden help desks against voice-phishing with strict caller-identity verification.

Bajaj Auto confirms ransomware attack on its and subsidiary's systems

Bajaj Auto, one of India's largest makers of motorcycles and three-wheelers, has disclosed a ransomware attack that hit its systems and those of its wholly owned subsidiary Bajaj Auto Technology Limited on the morning of June 23. In a regulatory filing, the company said its technical team and outside experts responded quickly and that containment measures have so far been effective. Bajaj Auto has not disclosed the ransomware strain, whether data was stolen, or whether production was affected, and reported the incident to India's CERT-In. Its shares fell more than 2 percent, and the attack follows a separate breach at Tata Electronics.

Check
Manufacturers should review the resilience of production and IT systems against ransomware, confirm offline backups are tested, and watch for follow-on extortion or leaks tied to this and related Indian manufacturing attacks.
Affected
Bajaj Auto and its subsidiary Bajaj Auto Technology Limited; the strain, data impact, and operational effects are not yet disclosed, part of a wider wave of ransomware hitting Indian manufacturers.
Fix
Maintain tested offline backups, segment IT from production networks, enforce phishing-resistant MFA and least privilege, and prepare incident-response and regulatory-notification plans before an attack, not during one.

Healthcare AI vendor Xsolis breach exposes data on 1.4 million people

Xsolis, a US healthcare technology company whose AI software is used by more than 600 hospitals and insurers for utilization management and reimbursement decisions, has disclosed a breach affecting 1,396,519 people. Attackers got in through a targeted phishing attack on an employee in January, accessing files containing patient data Xsolis handles for its clients. The exposed information includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. Because Xsolis is a vendor, affected individuals may never have dealt with it directly; downstream health systems including Mayo Clinic are among those whose patients are impacted.

Check
Healthcare organizations should check whether they share data with Xsolis and confirm their breach-notification obligations; affected individuals should watch for medical, insurance, and identity fraud and any Xsolis-related notice.
Affected
Patients and health-plan members whose data Xsolis processed for hospitals and insurers (1,396,519 affected); exposed Social Security numbers and medical information carry lasting identity-theft and medical-fraud risk.
Fix
Affected people should enroll in the offered monitoring, freeze credit, and watch insurance statements. Healthcare organizations should strengthen phishing-resistant MFA, map which vendors hold patient data, and tighten access to health-data repositories.

Tata Electronics confirms breach as extortion gang leaks Apple and Tesla files

Tata Electronics, the Indian manufacturer that assembles roughly a third of Apple's iPhones in India, has confirmed a cyberattack affecting part of its IT systems after the extortion group World Leaks began leaking stolen data. The group claims to have taken around 200,000 files, including confidential Apple and Tesla manufacturing and component design documents, internal emails, years of event logs, and copies of employee passports, some belonging to foreign nationals. Researchers say the data has been on the dark web since at least June 10, and a ransom was demanded. World Leaks, a rebrand of the Hunters International group, also claimed breaches at Nike and Dell.

Check
Manufacturers and their partners should review how design documents, supplier data, and employee identity records are segmented and monitored, and watch for phishing or fraud using leaked passport and email data.
Affected
Tata Electronics, its employees whose passports and emails were exposed, and partners like Apple and Tesla whose confidential design and manufacturing documents were reportedly included in the roughly 200,000 leaked files.
Fix
Segment and tightly control access to sensitive design and HR data, monitor for large data exfiltration, enforce phishing-resistant MFA, and prepare partners for downstream phishing and fraud using the leaked information.

Attacker drains Ethereum MEV bot JaredFromSubway using fake-token honeypot

An attacker drained the well-known Ethereum trading bot JaredFromSubway by patiently baiting it into a trap rather than exploiting a software bug. Over several weeks, the attacker deployed 66 fake token contracts and sham liquidity pools mimicking WETH, USDC, and USDT, structured so the bot's automated logic treated them as profitable opportunities and granted token-spending approvals to attacker-controlled contracts. Later trades left those approvals active, and a single transaction then swept the bot's real funds. Security firms estimate the loss near $7.5 million, while the operator claims around $15 million. It is a reminder that standing token approvals in automated systems are dangerous even when the underlying contracts are sound.

Check
If you run automated trading or other systems that grant token or spending permissions, review where standing approvals exist, whether they are scoped, and whether they are revoked after each use.
Affected
Operators of automated on-chain trading bots and similar systems that grant token-spending approvals based on automated logic; attackers can manipulate that logic with fake but convincing opportunities to win lasting permissions.
Fix
Scope and time-limit token approvals, revoke them immediately after use, validate counterparties beyond surface-level profitability signals, and monitor for unusual approval grants so automated systems cannot be tricked into arming attackers.

Texas Parks and Wildlife vendor breach exposes 3 million license holders

The Texas Parks and Wildlife Department says a breach at the third-party vendor that runs its hunting and fishing license sales exposed personal data for 3,087,721 customers, in what officials call the state's largest government data breach this year. The exposed information includes driver's license details, passport numbers where provided, email addresses, phone numbers, and home addresses; the department says Social Security numbers, dates of birth, and financial data were not taken. Texas Cyber Command detected the intrusion, which reached customer profile data through the vendor's systems. Because driver's license and passport numbers cannot be reset, affected people face lasting identity-theft and phishing risk.

Check
Texas hunting and fishing license holders should enroll in the offered Kroll credit monitoring before September 14, watch for phishing referencing licenses or state agencies, and review financial statements for fraud.
Affected
The 3,087,721 Texas hunting and fishing license customers whose driver's license, passport, and contact details were exposed through the department's third-party license vendor; minors were reportedly not affected.
Fix
Place a credit freeze or fraud alert with the major credit bureaus, enroll in the free monitoring, and stay alert to identity fraud. Organizations should tighten third-party vendor access controls and monitoring.

Ralph Lauren breach exposes customer data as ShinyHunters extends retail spree

Have I Been Pwned has added 139,903 accounts from a breach of fashion brand Ralph Lauren, which the extortion group ShinyHunters claimed as part of its sweeping 2026 campaign against retail and luxury names. ShinyHunters says it took around 220 GB of data, including customer personal information, purchase histories, and financial transaction details, along with unreleased product and strategy plans. The group typically breaks in not through a brand's core systems but via connected platforms like Salesforce or customer-service tools. Exposed purchase and contact data is prime material for convincing phishing and fraud aimed at the retailer's customers.

Check
Ralph Lauren customers should check Have I Been Pwned for their email, watch for phishing or fraudulent charges referencing orders or accounts, and review payment statements for unauthorized activity.
Affected
Ralph Lauren customers whose personal, purchase, and transaction data was exposed (139,903 accounts confirmed); the breach is part of a broader ShinyHunters wave hitting retail and luxury brands through connected platforms.
Fix
Reset and stop reusing any Ralph Lauren account passwords, enable MFA, stay alert to order- and refund-themed phishing, and consider monitoring payment cards used with the retailer for fraud.

JCPenney breach exposes Social Security numbers and tax records of 368,000

Have I Been Pwned has added 368,418 accounts from a breach of JCPenney, after the extortion group ShinyHunters claimed in mid-June it stole data from the retailer and several sister brands under Catalyst Brands and Authentic Brands Group. ShinyHunters says the haul includes highly sensitive employee and customer data: Social Security numbers, dates of birth, W-2 tax forms, payroll records, and scans of government-issued IDs. Unlike passwords, these identifiers cannot simply be reset, raising long-term identity-theft and tax-fraud risk. JCPenney has not confirmed the full scope, and the group has not published samples, but the data types make this a serious exposure.

Check
Current and former JCPenney and Catalyst Brands staff and customers should check Have I Been Pwned, watch for tax, payroll, and identity-themed phishing, and monitor for fraudulent tax filings or new-account activity.
Affected
JCPenney employees and customers, plus those tied to sister brands like Aeropostale, Brooks Brothers, Lucky Brand, and Nautica; exposed Social Security numbers, W-2s, and ID scans carry lasting fraud risk.
Fix
Consider a credit freeze and fraud alert, file taxes early to pre-empt fraudulent returns, reset any reused JCPenney passwords, enable MFA, and treat tax or payroll messages referencing the breach with caution.

Exposed database leaks 24 billion stolen credentials from infostealer logs

Cybernews researchers found an unprotected Elasticsearch database holding 24 billion records and over 8 terabytes of data, most of it infostealer logs: stolen usernames, passwords, and the services they unlock. The collection also pulls from Telegram channels and older breach dumps. Oddly, it included thousands of records tracking CVE vulnerabilities, breach news articles, and social-media posts about cyber incidents, with content as recent as 2026, suggesting the owner is actively curating and refreshing the stash with new leaks. The researchers could not determine how many records are duplicates, how old the data is, or who owns it.

Check
Check whether your email or domains appear in breach-tracking services, watch for credential-stuffing and account-takeover attempts, and look for infostealer infections on endpoints that could feed such collections.
Affected
Anyone whose credentials were captured by infostealer malware or exposed in past breaches; reused passwords are especially dangerous given the dataset's scale and the attacker's apparent effort to keep it current.
Fix
Reset reused passwords from clean devices, adopt a password manager with unique passwords, enable phishing-resistant MFA everywhere, and run endpoint scans to find and remove infostealer infections at the source.

Nintendo employee survey data stolen via third-party HR tool TinyPulse

Nintendo of America has confirmed that attackers stole internal employee data through TinyPulse, a third-party employee-survey service run by WebMD Health Services, after a threat actor calling itself SHADOWBYT3$ posted the haul and demanded a $2 million ransom. Nintendo says its own systems were not breached, no customer or financial data was touched, and the exposure is limited to internal survey content for a small subset of employees, mostly several years old. The attacker, however, claims to hold more, including bank statements and tax forms. The incident is a textbook third-party vendor breach affecting a major brand.

Check
Review which third-party HR and survey tools hold employee data, what they store, and how access is secured, and watch for phishing aimed at employees referencing surveys or HR programs.
Affected
Nintendo of America employees whose internal survey responses were exposed via the TinyPulse service; the threat actor claims additional data, which Nintendo has not confirmed.
Fix
Inventory and risk-assess third-party tools holding employee data, require strong authentication and least-privilege access for vendor integrations, and minimize the sensitive data shared with such services.