Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Red Hat consulting data leak claim

Data Leak
First reported
Last updated
Happening score
H score 51
2 unique sources, 3 articles

Summary

Hide ▲

Red Hat confirmed a security incident affecting a GitLab instance used for Red Hat Consulting after Crimson Collective claimed access to 28,000 private repositories. The attacker also said the stolen material included customer engagement reports (CERs), which The Centre for Cybersecurity Belgium (CCB) said may contain network information, configuration data, and authentication tokens and keys. Red Hat said it had started remediation and had no reason to believe other services or products were affected, while the CCB warned of possible supply chain impact for organizations that used Red Hat Consulting.

Related Happenings

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

GitHub hit by network compromise

Incident
First: 20.05.2026 07:01 Last: 20.05.2026 07:01 Sources 1

About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...

Latest development: 20.05.2026 13:45

GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

Open Happening

CISA contractor GitHub repository exposed internal credentials

Data Leak
First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

Open Happening

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Timeline

  1. 07.10.2025 00:08 1 articles · 7mo ago

    ShinyHunters leaks Red Hat CER samples

    Victim Impact Update

    ShinyHunters posted samples of stolen Red Hat Customer Engagement Reports (CERs) on a new data leak site and warned that additional data would be publicly leaked on October 10th unless a ransom demand was negotiated. The leaked CER samples included reports for Walmart, HSBC, Bank of Canada, Atos Group, American Express, Department of Defence, and Société Française du Radiotéléphone.

    Show sources
    Open in new tab
  2. 02.10.2025 09:15 3 articles · 7mo ago

    Crimson Collective claims breach of Red Hat GitHub repositories

    Initial Disclosure

    Crimson Collective claimed a breach of Red Hat's private GitHub repositories, alleging theft of nearly 570GB of compressed data from 28,000 internal projects and about 800 Customer Engagement Reports (CERs), and said it published repository listings and CER lists on Telegram; Red Hat said it was aware of a security incident related to its consulting business and had begun remediation, but did not verify the attackers' claims.

    Show sources
    Open in new tab