@BushidoToken Threat Intel

  What Happened: On 10 May 2026, the UK-based firm Arup Group was listed as a victim on the Tor data leak site of FulcrumSec.   On their Tor data leak site, FulcrumSec stated that they have exposed 700GB of GitHub repos and 2TB of Azure and AWS S3 cloud, plus database backups. Other types of data the adversary claims to have stolen includes Neuron BMS client databases, Odoo ERP data, A66 landowner files, Apple code-signing certificates with plaintext passwords, a Google Cloud Platform (GCP) project with production payment gateway credentials, and the source code of ArupCompute and Oasys.   The FulcrumSec operators also claimed to have spent over half a year analysing the data and went through “email correspondence” with the company before publishing the stolen data. On the victim post, FulcrumSec wrote a detailed incident breakdown. In it, they stated they gained initial access in September 2025 via a GitHub personal access token found hardcoded in a JavaScript file on a ...

  What Happened: On 3 May 2026, ShinyHunters, the English-speaking adolescent cybercrime collective, claimed they breached Instructure by listing them on their Tor data leak site. Instructure is a US-based software provider behind the widely adopted Canvas Learning Management System (LMS).   ShinyHunters reportedly exfiltrated 3.65 terabytes of data, spanning 275 million global records from up to 9,000 institutions, before posting extortion messages across university login portals demanding Bitcoin. The outage forced prominent UK higher education institutions, including the University of Liverpool, Queen’s University Belfast, and the University of Manchester, to take systems offline and hastily rewrite their end-of-year exam submission schedules. Instructure confirmed the affected data includes names, student ID numbers, email addresses, and private student-instructor messages. Instructure also confirmed no passwords, financial data, or government IDs were pilfered. When the i...