Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Resecurity hit by data theft breach linked to Scattered Lapsus$ Hunters

Incident
First reported
Last updated
Happening score
H score 22
1 unique sources, 3 articles

Summary

Hide ▲

Resecurity is disputing a claimed breach after Scattered Lapsus$ Hunters said they stole internal data, making the event a contested compromise with unresolved exposure status. The company says the activity was limited to a deliberately deployed honeypot containing fake employee, customer, and payment data, while the actors posted screenshots on Telegram and claimed access to chats, logs, threat intel, and client details. Resecurity says it detected probing on November 21, 2025, monitored automated exfiltration attempts through December 24, and shared telemetry with law enforcement.

Related Happenings

House Homeland Security briefing request on Instructure attacks

Public Sector Action
First: 14.05.2026 23:19 Last: 14.05.2026 23:19 Sources 1

About this happening: The **House Committee on Homeland Security** requested **Instructure** appear for a briefing on the **recent attacks**, escalating congressional scrutiny of the Canvas compromise...

Open Happening

Ariomex leaked database exposing 11,826 verified user records

Data Leak
First: 03.03.2026 16:30 Last: 03.03.2026 16:30 Sources 1

About this happening: A **newly obtained Ariomex database** exposed **11,826 verified user records**, creating a concrete view of activity tied to **sanctions evasion** and **large-scale capital transf...

Open Happening

ShinyHunters data-leak site exposing stolen attack data

Data Leak
First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.

Open Happening

CISA releases insider-threat infographic and framework for critical infrastructure and SLTT governments

Public Sector Action
First: 29.01.2026 18:00 Last: 29.01.2026 18:00 Sources 1

About this happening: **CISA** released a new insider-threat infographic and framework, giving **critical infrastructure operators** and **SLTT governments** a structured way to prevent, detect, and re...

Open Happening

Polish power grid hit by network compromise

Incident
First: 28.01.2026 18:06 Last: 28.01.2026 18:06 Sources 1

About this happening: Dragos disclosed a late-December cyberattack on the Polish power grid that disrupted OT communication and control at distributed generation sites. The intrusion affected combined...

Latest development: 29.01.2026 00:14

Dragos says a coordinated cyberattack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. The activity compromised OT systems, damaged key equipment beyond repair, disabled communications equipment at multiple sites, wiped Windows systems, and left power generation uninterrupted while affecting at least 12 confirmed sites, with Dragos estimating about 30. Dragos attributes the activity with moderate confidence to the Russian threat actor Electrum and describes it as distinct from Sandworm (APT44).

Open Happening

Timeline

  1. 03.01.2026 22:34 1 articles · 4mo ago

    Resecurity detects probing of publicly exposed systems

    Detection Ioc Update

    Resecurity's DFIR team first detected a threat actor probing publicly exposed systems on November 21, 2025, logged multiple linked IP addresses including addresses associated with Egypt and Mullvad VPN services, and treated the activity as reconnaissance against the company's environment.

    Show sources
    Open in new tab
  2. 03.01.2026 22:34 1 articles · 4mo ago

    Resecurity tracks automated exfiltration attempts and infrastructure

    Technical Analysis Update

    Resecurity says the threat actor attempted to automate data exfiltration during December 12-24, 2025, generated more than 188,000 requests through residential proxy IP addresses, briefly exposed confirmed IP addresses when proxies failed, and allowed the company to collect telemetry, add more fake datasets, and share infrastructure intelligence with law enforcement.

    Show sources
    Open in new tab
  3. 03.01.2026 22:34 4 articles · 4mo ago

    Scattered Lapsus$ Hunters claim access to Resecurity systems on Telegram

    Initial Disclosure

    Scattered Lapsus$ Hunters posted Telegram screenshots claiming full access to Resecurity systems and alleging theft of internal chats, logs, employee data, threat-intelligence reports, and a complete client list; Resecurity said the access was limited to a deliberately deployed honeypot with synthetic employee, customer, and payment data, and ShinyHunters later denied involvement in the activity.

    Show sources
    Open in new tab