NordVPN investigated claims of a data breach after a hacker leaked information on a cybercrime forum. The company found no evidence of a breach in its systems and stated that the leaked data came from a third-party testing environment, not its internal infrastructure.

A cybersecurity researcher found a massive data leak from the MagicEdit AI image generator, revealing over a million images, including explicit content and potential deepfakes. The database was unprotected, raising serious privacy and ethical concerns about the misuse of personal images. The leak has been addressed, but the implications for user safety remain significant.

BreachForums, a hacking forum, has experienced a data breach with nearly 324,000 user accounts exposed. The leak includes usernames, registration dates, and some public IP addresses, raising concerns for users and law enforcement. The forum's administrator claims this data is not recent, originating from an earlier backup.

Over 149 million stolen usernames and passwords were discovered online, affecting platforms like TikTok, Netflix, and several financial services. The data leak, found by cybersecurity researcher Jeremiah Fowler, highlights the risks of infostealer malware and the importance of password security. It took a month to take the exposed database offline, raising concerns about the potential for automated attacks.

A hacktivist known as Martha Root deleted three white supremacist websites during a live presentation at a hacker conference in Germany. The sites, which included platforms for racist matchmaking and labor, remain offline, and Root exposed serious security flaws in their data. The administrator of the websites condemned the act as cyberterrorism and claimed repercussions would follow.

A significant data breach at Knownsec, a Chinese cybersecurity firm, leaked over 12,000 classified documents detailing advanced state-sponsored cyber tools and a list of global surveillance targets. The breach, which occurred in November 2025, revealed extensive cyber espionage activities and sophisticated attack methods.

A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.

Over 4 billion user records, including sensitive financial, WeChat, and Alipay data, were exposed in what is believed to be the largest data leak in China’s history. The dataset, comprising 631 gigabytes, was left unprotected and is thought to have been collected for surveillance and profiling purposes. Affected individuals face significant risks with no clear recourse due to the anonymity of the data's source.

Hong Kong's privacy authority is investigating a data breach at Louis Vuitton that has affected approximately 419,000 customers. The leaked data includes personal details such as names, passport information, addresses, and shopping history, although no payment information was compromised. The investigation will assess whether there were delays in notifying the authorities about the breach.

A vulnerability in GitHub Copilot Chat, discovered by Legit Security, allowed the leakage of sensitive data such as AWS keys and zero-day bugs from private repositories. By exploiting hidden comments and remote prompt injection, attackers could control Copilot's responses and exfiltrate sensitive information from users. GitHub has since addressed the issue by blocking the method used for data leakage.

Interlock ransomware has leaked sensitive data from a cyberattack on the city of St. Paul, exposing critical information and raising concerns about cybersecurity and data protection. The breach highlights the ongoing threats posed by ransomware attacks to municipal systems.