• Asia
• Retail
• Saudi Arabia
• Middle East
• Cyber Fattah Team
• Saudi Games

Cyber Fattah Behind Saudi Games Data Breach

The threat actor group “Cyber Fattah” has allegedly leaked thousands of sensitive records from the Saudi Games, which may include personal information, bank details, and medical certificates of athletes and visitors. The threat actor group gained unauthorized access through phpMyAdmin and exfiltrated data in the form of SQL dumps. The breach is believed to be part of a broader Iranian-led information operation aimed at spreading insecurity and damaging Saudi Arabia’s reputation.

• Retail
• Gonjeshke Darande
• Nobitex

Hacktivist Group "Gonjeshke Darande" Claims Cyberattack on Iran’s Nobitex Exchange

The Iranian cryptocurrency exchange Nobitex has allegedly been breached by the anti-regime group “Gonjeshke Darande” (Predatory Sparrow), which claims to have breached the platform’s internal systems in protest against its alleged role in aiding terrorism financing and sanction evasion. As Iran's largest crypto exchange, Nobitex plays a critical role in the country's international financial access, making it a prime target. The group has threatened to release sensitive stolen data, including the exchange’s full source code, internal operations details, and user information.

• Retail
• Europe
• Ghna
• Food And Kindred Products
• Coca-Cola Europacific Partners
• United Kingdom

Coca-Cola Europacific Partners - Breach - 2025-05-22

On May 22, 2025, the threat actor Gehenna claimed responsibility for breaching Coca-Cola Europacific Partners’ Salesforce infrastructure, exfiltrating a substantial volume of business data. The breach reportedly includes over 75 million records spanning accounts, contacts, products, and customer service cases from 2016 to 2025, totaling more than 63 GB of sensitive CRM data. Gehenna, linked to previous incidents involving Samsung Germany and Royal Mail, is offering this data for sale, emphasizing the scale and commercial relevance of the compromised information.

• Whitecoat
• Retail
• Europe
• Southern Europe
• Mercadona
• Spain

Threat Actor Claims Breach of Mercadona's Home Brand - Hacendado

In June 2025, a threat actor named WhiteCoat claimed to have breached Mercadona's home brand Hacendado through a third-party vendor and to have gained access to its database. According to the threat actor, over 27 million unique users' data was taken, including full names, emails, hashed passwords, location data, purchase history, internal employee emails, operational logs, fragmented payment metadata, and tokens and access credentials.

• 303
• Gucci
• Southern Europe
• Europe
• Retail
• Italy

Threat Actor Claims Gucci Supplier Data Leak on darkforum

A threat actor known as "303" claimed on the dark net forum "darkforum" to have compromised a subdomain of the luxury fashion brand "Gucci" and leaked internal documents. The alleged data includes detailed information on Gucci’s suppliers, including their addresses, countries, and the percentage of immigrant workers. The post also contains sample images and a pay-to-unlock download link for the full leak.