Find notable cyber news and cases, enriched with sources, timelines, and signals.

LexisNexis Legal & Professional data leak after AWS intrusion

Data Leak
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

FulcrumSec leaked 2GB of files tied to LexisNexis Legal & Professional, exposing customer and business information that could be used for follow-on abuse. The company confirmed unauthorized access to limited servers and said the material was mostly legacy data from prior to 2020. The exposed records included customer names, user IDs, business contact information, support tickets, and about 400,000 cloud user profiles.

Related Happenings

FortiBleed Fortinet/FortiGate VPN credential leak

Data Leak
H score80 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...

Latest development: 19.06.2026 09:47

CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.

IRhythm patient data exfiltration from third-party business applications

Data Leak
H score34 First: 16.06.2026 09:31 Last: 16.06.2026 09:31 Sources 1

About this happening: **iRhythm Holdings** disclosed a **data breach** involving **third-party-hosted business applications** after a threat actor used **social engineering** to access data and demande...

CISA contractor GitHub repository exposed internal credentials

Data Leak
H score28 First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

CareCloud hit by network compromise

Incident
H score23 First: 31.03.2026 00:44 Last: 31.03.2026 00:44 Sources 1

About this happening: **CareCloud** disclosed a **network intrusion** that disrupted **1 of 6 electronic health record environments** and raised the possibility that **patient data** was accessed. The...

AkzoNobel partial Anubis data leak

Data Leak
H score50 First: 04.03.2026 01:00 Last: 04.03.2026 01:00 Sources 1

About this happening: **AkzoNobel** faces a **partial data leak** after **Anubis ransomware** claimed it stole **170GB of data** and **almost 170,000 files**. The leak site posted **sample screenshots*...

Timeline

  1. 03.03.2026 17:40 1 articles · 4mo ago

    FulcrumSec exploits an unpatched React frontend app to reach LexisNexis Legal & Professional AWS infrastructure

    Exploitation Observed

    FulcrumSec gained access to LexisNexis Legal & Professional's AWS infrastructure by exploiting the React2Shell vulnerability in an unpatched React frontend app on February 24, 2026.

    Show sources
  2. 03.03.2026 17:40 2 articles · 4mo ago

    LexisNexis Legal & Professional confirms unauthorized access and FulcrumSec leaks 2GB of files

    Initial Disclosure

    On March 3, 2026, LexisNexis Legal & Professional confirmed unauthorized access to limited servers and said the affected data was mostly legacy, deprecated information from prior to 2020, while FulcrumSec publicly leaked 2GB of files and claimed exfiltration of 2.04 GB of structured data, about 400,000 cloud user profiles, 21,042 customer accounts, and records tied to .gov users; the company said there was no evidence that products or services were impacted.

    Show sources