Date of Incident: 2023-08-11 Overview: The CIRO Data Breach, reported on January 18, 2026, affected approximately 750,000 Canadian investors by exposing sensitive personal information, including dates of birth, social insurance numbers, and investment details. Occurring on August 11, 2023, the breach involved unauthorized access to CIRO’s internal systems using credential dumping techniques and included lateral… Read More »CIRO Data Breach
Date of Incident: 2025 Overview: In the Grubhub Data Breach of 2025, hackers from the ShinyHunters group accessed Grubhub’s systems, targeting older Salesforce and newer Zendesk data. The breach, discovered and reported in early 2026, left financial information and order history untouched. Attackers utilized MITRE ATT&CK techniques T1078 (Valid Accounts) and T1566 (Phishing) to infiltrate… Read More »Grubhub Data Breach 2025
Between January 7-12, 2026, four developments stand out for enterprise defenders: n8n CVE-2026-21858 (Ni8mare): A maximum-severity (CVSS 10.0) unauthenticated remote code execution vulnerability in n8n workflow automation platform, enabling complete infrastructure takeover through content-type confusion. The vulnerability was disclosed January 7, 2026, with proof-of-concept exploit publicly available; 26,500+ internet-exposed instances remain at risk. Trust Wallet… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 7 Jan – 12 Jan 2026
The first full operational week of 2026 (January 7-12) shattered expectations with a cascade of maximum-severity vulnerabilities and mass-scale data exposures. The week was dominated by Cyera’s disclosure of CVE-2026-21858 (Ni8mare)-a CVSS 10.0 unauthenticated RCE in n8n workflow automation affecting ~100,000 instances globally-and the re-emergence of 17.5 million Instagram user records on dark web forums,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 7 Jan – 12 Jan 2026
The first week of 2026 confirmed a clear trend: attackers are shifting from noisy infrastructure takeovers to trust abuse and perception manipulation. Instead of large, unambiguous “smash-and-grab” breaches, the week was shaped by: A high‑profile but non‑production NordVPN “breach” claim, weaponizing incomplete test data exposure and social perception. An escalation in Russia‑aligned UAC‑0184 espionage using… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 1 Jan – 6 Jan 2026