Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Red Hat hit by network compromise

Incident
First reported
Last updated
Happening score
H score 42
4 unique sources, 7 articles

Summary

Hide ▲

Red Hat is dealing with a consulting GitLab breach that was disclosed on October 2 and later tied to extortion by Crimson Collective. The group claimed it stole about 570 GB of data from thousands of private GitLab repositories and pressed the company for ransom, while Red Hat said the incident affected its consulting environment and did not indicate other services or products were impacted. Recent reporting also links the threat group’s broader activity to AWS cloud environments, including credential abuse, AdministratorAccess escalation, data collection from RDS, S3, EBS, and EC2, and extortion notes sent through AWS SES.

Related Happenings

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

0APT and KryBit ransomware turf war forces rebuild and rebrand pressure

Threat Actor Meta
First: 28.04.2026 16:00 Last: 28.04.2026 16:00 Sources 1

About this happening: **0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...

Open Happening

Prt-scan GitHub Actions secret-theft campaign

Campaign
First: 22.04.2026 20:33 Last: 22.04.2026 20:33 Sources 1

About this happening: The **prt-scan** campaign has been systematically abusing **pull_request_target** GitHub Actions workflows to steal developer secrets and, when possible, publish **malicious packa...

Open Happening

Vercel hit by network compromise

Incident
First: 19.04.2026 20:32 Last: 19.04.2026 20:32 Sources 1

About this happening: Vercel disclosed unauthorized access to certain internal systems and said a limited subset of customers was affected, while services remained operational during the investigation...

Latest development: 21.04.2026 00:01

Vercel disclosed that attackers used a compromised OAuth token tied to a Vercel employee's Google Workspace account and access to Context.ai to reach some Vercel environments and environment variables that were not marked as sensitive, and the company said a limited subset of customers had Vercel credentials compromised and were told to rotate them. Vercel said sensitive environment variables were not known to be accessed and that it was working with Mandiant, other security firms, Context.ai, and law enforcement while keeping services operational; Context separately said it had identified and stopped an AWS breach last month and later learned the actor likely also compromised OAuth tokens for some consumer users.

Open Happening

Timeline

  1. 23.12.2025 12:15 1 articles · 5mo ago

    Nissan reports 21,000 customers impacted by Red Hat breach

    Victim Impact Update

    Nissan said a third-party breach at Red Hat exposed information for 21,000 customers after Red Hat notified Nissan on October 3. The leaked data included names, addresses, phone numbers, partial email addresses and other customer-related information used for sales activities, but not card details. Nissan also said some customer information for Nissan Fukuoka Sales Co. was included and that it informed the Personal Information Protection Commission and began contacting affected customers.

    Show sources
    Open in new tab
  2. 07.10.2025 00:08 3 articles · 7mo ago

    ShinyHunters escalates extortion against Red Hat

    Campaign Scope Update

    ShinyHunters began extorting Red Hat over stolen Customer Engagement Reports from the compromised GitLab instance, partnered with Crimson Collective and Scattered Lapsus$ Hunters, posted Red Hat on a new leak site, leaked CER samples, and set an October 10 disclosure deadline if no ransom is negotiated.

    Show sources
    Open in new tab
  3. 02.10.2025 09:15 4 articles · 7mo ago

    Red Hat confirms consulting GitLab breach

    Initial Disclosure

    Red Hat confirmed a security incident affecting its consulting business after Crimson Collective claimed it breached a Red Hat GitLab instance used solely for Red Hat Consulting, stole nearly 570GB of compressed data from 28,000 internal development repositories, and obtained about 800 Customer Engagement Reports (CERs). Red Hat said it had no reason to believe other Red Hat services or products were affected and initiated remediation steps, while the group said the intrusion occurred approximately two weeks ago, attempted extortion, and later published repository and CER directory listings on Telegram.

    Show sources
    Open in new tab
  4. 02.10.2025 09:15 4 articles · 7mo ago

    Red Hat confirms consulting GitLab breach

    Initial Disclosure

    Red Hat confirmed a security incident affecting its consulting business after Crimson Collective claimed it breached a Red Hat GitLab instance used solely for Red Hat Consulting, stole nearly 570GB of compressed data from 28,000 internal development repositories, and obtained about 800 Customer Engagement Reports (CERs). Red Hat said it had no reason to believe other Red Hat services or products were affected and initiated remediation steps, while the group said the intrusion occurred approximately two weeks ago, attempted extortion, and later published repository and CER directory listings on Telegram.

    Show sources
    Open in new tab