Cyberattack News Alert
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Die Linke
Domain:
Country: ๐ฉ๐ช DE
Date: Mar 26th, 2026
Summary:
The German political party Die Linke reported a cybersecurity incident involving ransomware attributed to the Russian hacker group Qilin, forcing the party to take its infrastructure offline on Thursday. While the party has filed a complaint and is in contact with authorities, member data was not compromised and the extent of affected internal data remains to be determined. This event is part of a series of attacks targeting German political parties, with the CDU also falling victim to a cyberattack in May 2024.
Source: https://www.heise.de/news/Qilin-Linkspartei-meldet-russischen-Ransomware-Angriff-11227181.html
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Die Linke
Domain:
die-linke.deCountry: ๐ฉ๐ช DE
Date: Mar 26th, 2026
Summary:
The German political party Die Linke reported a cybersecurity incident involving ransomware attributed to the Russian hacker group Qilin, forcing the party to take its infrastructure offline on Thursday. While the party has filed a complaint and is in contact with authorities, member data was not compromised and the extent of affected internal data remains to be determined. This event is part of a series of attacks targeting German political parties, with the CDU also falling victim to a cyberattack in May 2024.
Source: https://www.heise.de/news/Qilin-Linkspartei-meldet-russischen-Ransomware-Angriff-11227181.html
heise online
Qilin: Linkspartei meldet russischen Ransomware-Angriff
Die Partei โDie Linkeโ sieht sich mit einem Cybersicherheitsvorfall konfrontiert โ Mitgliederdaten seien jedoch nicht betroffen.
๐ช๐บ Europol Press Release
โโโโโโโโโโโโโโโโโโโโโ
Major operation targets one of Scotlandโs most violent crime networks
Full Press Release โ europol.europa.eu
โโโโโโโโโโโโโโโโโโโโโ
๐ต๏ธ Dark Web Informer โข Europol Monitor
โโโโโโโโโโโโโโโโโโโโโ
Major operation targets one of Scotlandโs most violent crime networks
Full Press Release โ europol.europa.eu
โโโโโโโโโโโโโโโโโโโโโ
๐ต๏ธ Dark Web Informer โข Europol Monitor
Europol
Major operation targets one of Scotlandโs most violent crime networks | Europol
One of Scotlandโs most violent organised crime networks has been hit in an international operation across the Netherlands, Spain, and the United Kingdom, with coordination from Europol and Eurojust.
โ ๏ธ FBI Watchdog - DNS New Domain (A) โ ๏ธ
๐ DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-team.to
Record Type: DNS New Domain (A)
Time Detected: 2026-03-27 14:35:30 UTC
Previous Records:
New Records:
๐ DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-team.to
Record Type: DNS New Domain (A)
Time Detected: 2026-03-27 14:35:30 UTC
Previous Records:
None
New Records:
185.178.208.137
im going to guess their new domain will be seized at some point lul
๐1
๐ช Slice For Life ๐ช
https://x.com/DarkWebInformer/status/2037533650653233249
โผ๏ธReuters has confirmed FBI Director Kash Patel's email was indeed hacked.
https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/
https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/
๐4๐ฅ1
โผ๏ธ๐จ๐ด A massive breach of the Superintendencia Nacional de Salud de Colombia (Supersalud), Colombia's national health oversight authority, is being leaked on a popular cybercrime forum. This is labeled as "Package 1" with more threatened to follow.
โช๏ธ Total Records: 50 million lines
โช๏ธ Total Size: 2TB (full database)
The exposed data is extremely sensitive, covering patient records, healthcare claims, and internal systems including: PQR numbers and internal record IDs, patient full names, document type/number, DOB, age, gender, phone, email, full address, special population status, education level, affiliated health entity (EPS) and regime type, associated clinic/provider (IPS) with branch location and NIT, diagnosed pathology category and ICD-10 codes, life-risk priority status, high cost disease (Alto Costo) indicators, full claim descriptions with urgency and assigned doctor, PQR internal follow-up logs with agent comments and resolution statuses, claim deadlines, medication details (drugs, quantities, authorization status), and petitioner details.
The leak also includes internal system data such as staff names, emails, password hashes, roles, IDs, cedula numbers, LDAP Active Directory status, and SuperSalud internal department routing and entity notification statuses.
โช๏ธ Total Records: 50 million lines
โช๏ธ Total Size: 2TB (full database)
The exposed data is extremely sensitive, covering patient records, healthcare claims, and internal systems including: PQR numbers and internal record IDs, patient full names, document type/number, DOB, age, gender, phone, email, full address, special population status, education level, affiliated health entity (EPS) and regime type, associated clinic/provider (IPS) with branch location and NIT, diagnosed pathology category and ICD-10 codes, life-risk priority status, high cost disease (Alto Costo) indicators, full claim descriptions with urgency and assigned doctor, PQR internal follow-up logs with agent comments and resolution statuses, claim deadlines, medication details (drugs, quantities, authorization status), and petitioner details.
The leak also includes internal system data such as staff names, emails, password hashes, roles, IDs, cedula numbers, LDAP Active Directory status, and SuperSalud internal department routing and entity notification statuses.
โค1
โผ๏ธ๐บ๐ธ The group ShadowByt3$ claims to have breached the University of Georgia, stealing approximately 3.2 MB of employee data in raw text files. No customer data was reportedly affected.
โช๏ธ Physical Locations: Home addresses (e.g., Columbus, GA) and specific office numbers
โช๏ธ Private Contact Info: Personal cell and home phone numbers
โช๏ธ Employee Info: Full names, contact details, institutional ID photos
โช๏ธ Project Documentation: Internal university project tracking logs and admin data
โช๏ธ Workforce Data: Position numbers, departmental assignments, work schedules
โช๏ธ Technical Details: System maintenance and development notes
โช๏ธ Critical Infrastructure: Active project maps for GEMA (Emergency Management), Georgia Broadband, and GDOT (Transportation) through 2026
โช๏ธ Government Records: Asset forfeiture logs and county-level GIS (Athens-Clarke, Bibb) underpinning 911 dispatch and land taxes
โช๏ธ Leadership Secrets: UGA Office of the President Mail Tracker and Gov360 anonymous executive coaching logs
โช๏ธ SME Map: Identified "Subject Matter Experts" with detailed work hour tracking on specific code projects
โช๏ธ Security Clearances: Differentiation between "Benefited" full-time employees (high-value targets) and "Student Assistants" (low-value entry points)
โช๏ธ Physical Locations: Home addresses (e.g., Columbus, GA) and specific office numbers
โช๏ธ Private Contact Info: Personal cell and home phone numbers
โช๏ธ Employee Info: Full names, contact details, institutional ID photos
โช๏ธ Project Documentation: Internal university project tracking logs and admin data
โช๏ธ Workforce Data: Position numbers, departmental assignments, work schedules
โช๏ธ Technical Details: System maintenance and development notes
โช๏ธ Critical Infrastructure: Active project maps for GEMA (Emergency Management), Georgia Broadband, and GDOT (Transportation) through 2026
โช๏ธ Government Records: Asset forfeiture logs and county-level GIS (Athens-Clarke, Bibb) underpinning 911 dispatch and land taxes
โช๏ธ Leadership Secrets: UGA Office of the President Mail Tracker and Gov360 anonymous executive coaching logs
โช๏ธ SME Map: Identified "Subject Matter Experts" with detailed work hour tracking on specific code projects
โช๏ธ Security Clearances: Differentiation between "Benefited" full-time employees (high-value targets) and "Student Assistants" (low-value entry points)
โค1
โผ๏ธ๐ฒ๐ฝ The Mexico dataset of C&A Modas, the international fashion retailer, has allegedly been leaked and made available for download on a popular cybercrime forum.
โช๏ธ Records: 286,094 lines
The sample data shows Mexican customer records with full names, dates of birth, unique customer IDs, phone numbers, and personal email addresses.
โช๏ธ Records: 286,094 lines
The sample data shows Mexican customer records with full names, dates of birth, unique customer IDs, phone numbers, and personal email addresses.
โผ๏ธ๐ฒ๐ฝ A database allegedly belonging to the Instituto Tecnolรณgico Superior de Irapuato, a Mexican higher education institution, has been leaked on a popular cybercrime forum.
Exposed fields reportedly include: full name (nombre completo), paternal surname (apellido paterno), maternal surname (apellido materno), phone number, personal Gmail, date of birth, address (domicilio), age, CURP (Mexican national ID number), career/major, disability status, income received (dinero que recibe), and more.
Exposed fields reportedly include: full name (nombre completo), paternal surname (apellido paterno), maternal surname (apellido materno), phone number, personal Gmail, date of birth, address (domicilio), age, CURP (Mexican national ID number), career/major, disability status, income received (dinero que recibe), and more.
๐ฅ1
โผ๏ธ The Dutch National Police have issued a press release stating they were targeted of a successful phishing attack, discovered it quickly, and immediately closed access.
https://www.politie.nl/nieuws/2026/maart/25/00-politie-doelwit-van-phishing.html
https://www.politie.nl/nieuws/2026/maart/25/00-politie-doelwit-van-phishing.html
Politie
Politie doelwit van phishing
De politie is doelwit geweest van phishing. Het Security Operations Center van de politie heeft dit zeer snel ontdekt en heeft de toegang direct afgesloten. De impact wordt nog onderzocht maar lijkt beperkt. Gegevens van burgers en onderzoeksinformatie zijnโฆ
Cyberattack News Alert
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Omax Autos Limited
Domain:
Country: ๐ฎ๐ณ IN
Date: Mar 27th, 2026
Claimed by: Lockbit5 ransomware gang
Summary:
Omax Autos Limited confirmed on March 27, 2026 that it suffered a ransomware attack on its IT infrastructure, following the detection of suspicious anomalies the day before. Although the company reported the incident to the Bombay and Delhi stock exchanges, it specified that its core operations and production chains remain currently intact. Investors reacted with volatility to the news, fluctuating between confidence in the security of critical systems and concerns related to a potential leak of sensitive data.
Source: https://tradebrains.in/omax-autos-reports-ransomware-attack-it-systems-under-investigation-after-cyber-breach/
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Omax Autos Limited
Domain:
omaxauto.comCountry: ๐ฎ๐ณ IN
Date: Mar 27th, 2026
Claimed by: Lockbit5 ransomware gang
Summary:
Omax Autos Limited confirmed on March 27, 2026 that it suffered a ransomware attack on its IT infrastructure, following the detection of suspicious anomalies the day before. Although the company reported the incident to the Bombay and Delhi stock exchanges, it specified that its core operations and production chains remain currently intact. Investors reacted with volatility to the news, fluctuating between confidence in the security of critical systems and concerns related to a potential leak of sensitive data.
Source: https://tradebrains.in/omax-autos-reports-ransomware-attack-it-systems-under-investigation-after-cyber-breach/
Trade Brains
Omax Autos Reports Ransomware Attack โ IT Systems Under Investigation After Cyber Breach
Omax Autos Limited (OMAXAUTO) confirmed a ransomware attack on its IT infrastructure on March 27, 2026. While the company is assessing the impact, it stated that core operations and systems currently remain unaffected.
โผ๏ธ๐ฒ๐ฝ A database allegedly containing 318,000 user records from Bienestar.org, a healthcare organization serving the Latino Gay Community with HIV/AIDS treatment, sexual health, mental health, substance abuse counseling, and medication-assisted treatment since 1989, is being sold on a popular cybercrime forum.
โช๏ธ Records: 318,000 users
โช๏ธ Data Fields: First name, last name, mobile phone number, email, date of birth
โช๏ธ Price: $300
Given the nature of the organization, this breach is particularly sensitive as it could potentially expose individuals' sexual orientation and healthcare status. The listing includes both the dataset and access to the platform.
โช๏ธ Records: 318,000 users
โช๏ธ Data Fields: First name, last name, mobile phone number, email, date of birth
โช๏ธ Price: $300
Given the nature of the organization, this breach is particularly sensitive as it could potentially expose individuals' sexual orientation and healthcare status. The listing includes both the dataset and access to the platform.
๐ญ3
โผ๏ธ๐ฆ๐ช Source code from multiple UAE websites has allegedly been leaked on a popular cybercrime forum, including exposed repositories and projects.
โช๏ธ Country: UAE
โช๏ธ Leak Type: Source code + exposed repositories/projects
โช๏ธ Includes: PHP code samples and GitHub Personal Access Token (PAT)
The post lists multiple affected platforms and includes a PHP code sample as proof.
โช๏ธ Country: UAE
โช๏ธ Leak Type: Source code + exposed repositories/projects
โช๏ธ Includes: PHP code samples and GitHub Personal Access Token (PAT)
The post lists multiple affected platforms and includes a PHP code sample as proof.