CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Companies House WebFiling Dashboard Vulnerability Exploited for Fraud

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

The UK's Companies House suspended its WebFiling dashboard after a security flaw allowed unauthorized access to corporate and personal details of directors. The vulnerability, introduced during an update in October 2025, enabled attackers to view and potentially modify registration details of around five million companies, exposing them to phishing and fraud. The flaw was discovered by Dan Neidle and John Hewitt, who demonstrated how easy it was to exploit. Companies House has taken the dashboard offline for investigation and has since restored the service. The agency confirmed that the flaw could only be exploited by logged-in users and that no user passwords or identity verification data were compromised. The extent of the impact and whether modifications were made remains unclear, and the agency is investigating further.

Timeline

  1. 16.03.2026 12:30 2 articles · 1d ago

    Companies House WebFiling Dashboard Vulnerability Exploited for Fraud

    The UK's Companies House suspended its WebFiling dashboard after a security flaw allowed unauthorized access to corporate and personal details of directors. The vulnerability, introduced during an update in October 2025, enabled attackers to view and potentially modify registration details of around five million companies, exposing them to phishing and fraud. The flaw was discovered by Dan Neidle and John Hewitt, who demonstrated how easy it was to exploit. Companies House has taken the dashboard offline for investigation and has since restored the service. The agency confirmed that the flaw could only be exploited by logged-in users and that no user passwords or identity verification data were compromised. The extent of the impact and whether modifications were made remains unclear, and the agency is investigating further.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

LexisNexis Breach via React2Shell Vulnerability

LexisNexis Legal & Professional confirmed a data breach after hackers exploited the React2Shell vulnerability in an unpatched React frontend app. The breach exposed legacy, non-critical data, including customer names, user IDs, and business contact information. The threat actor, FulcrumSec, leaked 2GB of files on underground forums, claiming to have accessed sensitive data related to U.S. government employees and other officials. LexisNexis stated that the intrusion has been contained and no sensitive personally identifiable information or financial data was compromised. The company has notified law enforcement and engaged external cybersecurity experts to assist with the investigation.

Open in new tab

700Credit Data Breach Exposes 5.8 Million Records via Compromised API

700Credit, a major credit report and identity verification service, disclosed a data breach affecting 5,836,521 individuals. The breach, linked to a compromised third-party API, occurred between May and October 2025. Hackers accessed personal information, including names, addresses, dates of birth, and Social Security numbers, through a partner's system compromised in July 2025. The incident was contained to the 700Dealer.com application layer, and the company is offering affected individuals 12 months of free credit monitoring and identity restoration services. 700Credit began notifying impacted dealership clients on November 21 and will notify affected individuals starting December 22. The company has collaborated with the National Automobile Dealers Association (NADA) and reported the incident to the Federal Trade Commission (FTC), FBI, and various state attorney general offices. 700Credit serves over 23,000 automotive, RV, Powersports, and Marine dealer customers. The breach was due to a failure to validate consumer reference IDs against the original requester, and the attacker exfiltrated around 20% of consumer data. 700Credit revealed the breach in a notification to the Maine Office of the Attorney General (OAG) and advised affected customers to place a fraud alert and security freeze on their credit file.

Open in new tab

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused. Additionally, Volvo Group North America disclosed that nearly 17,000 customers and/or staff had their personal details exposed in the Conduent data breach. Conduent is sending notifications to impacted parties, offering free membership to identity monitoring services for at least a year, along with credit and dark web monitoring, and identity restoration. Volvo Group North America has recently suffered a new data breach caused by a third-party supplier, Miljödata, exposing staff data such as full names and Social Security Numbers. The breach at Miljödata in August 2025 exposed the information of 1.5 million people, including Volvo Group employees in Sweden and the U.S. Ingram Micro, a major IT services provider, revealed a ransomware attack in July 2025 that affected over 42,000 individuals. The SafePay ransomware group was behind this attack, claiming to have stolen 3.5TB of documents. The attack triggered a massive outage and highlighted SafePay's growing activity as a significant ransomware threat.

Open in new tab

TransUnion Data Breach Affects Over 4 Million Customers

TransUnion, a major credit reporting agency, confirmed a data breach that compromised the personal information of over 4 million customers. The breach occurred on July 28, 2025, and was discovered two days later. An unauthorized actor accessed personal data through a third-party application used by TransUnion's US customer support operations. The compromised information was limited to specific data elements and did not include credit reports or core credit information. TransUnion is offering impacted customers two years of free credit monitoring services. The identity of the threat actor remains unknown, and there is no confirmed correlation with other recent security incidents.

Open in new tab

Qilin ransomware group targets multiple organizations, including South Korean financial sector and Romanian oil pipeline operator Conpet

The Qilin ransomware group has confirmed the theft of nearly **1TB of data** from **Conpet S.A.**, Romania’s national oil pipeline operator, following a cyberattack on February 5, 2026. While the company’s **operational technologies (SCADA and telecommunications) remained unaffected**, the breach compromised corporate IT systems, exposing internal documents—including financial records and passport scans—some dated as recently as **November 2025**. Conpet has warned of potential fraud risks stemming from the stolen data and is working with Romania’s **National Cyber Security Directorate (DNSC)** to investigate the incident. This attack is part of Qilin’s broader 2025–2026 campaign, which has targeted high-profile victims across **62 countries**, including **Asahi Group (Japan)**, **Mecklenburg County Public Schools (U.S.)**, **Creative Box Inc. (Nissan subsidiary)**, and **Synnovis (UK pathology provider)**. The group employs **hybrid tactics**, such as abusing **Windows Subsystem for Linux (WSL)** to deploy Linux encryptors on Windows systems, **BYOVD (Bring Your Own Vulnerable Driver) exploits**, and **supply-chain compromises via Managed Service Providers (MSPs)**. Qilin’s **double-extortion model**—combining encryption with data leaks—has disrupted critical infrastructure, manufacturing, and financial sectors, with **over 700 confirmed victims in 2025 alone**. Recent developments include **politically charged leaks in South Korea** and **collaborations with affiliates like Scattered Spider**, underscoring the group’s evolving threat to global cybersecurity.

Open in new tab