A massive data breach (allegedly) has occurred at Adobe. Carried out by a threat actor calling themselves "Mr. Raccoon", the claims are that over 13M support ticket details have been leaked along with details of over 15,000 employees. Additionally, they have access to their microsoft SharePoint instance and also to make matters worse, Adobe's HackerOne account. Adobe is yet to comment on this matter.

On March 24, 2026, Mercor AI was reportedly affected by a breach linked to the hacking group Lapsus$. The incident is believed to have originated from a supply chain attack involving a compromised LiteLLM package, which may have been inadvertently pulled by one of Mercor’s AI agents.

Through this vector, attackers allegedly gained access to internal systems, including Tailscale VPN credentials, and exfiltrated approximately 4TB of data. The leaked data reportedly included 211GB of candidate records, 939GB of source code, and around 3TB of video interviews and identity documents.

In a public statement on X (formerly Twitter), Mercor said that it had identified itself as one of many companies impacted by the LiteLLM supply chain attack. The company added that its security team acted quickly to contain the breach and begin remediation efforts. Possible attack chain pathway linked.

Cisco reportedly suffered a breach of its internal development environment after attackers leveraged credentials stolen during the recent Trivy supply-chain compromise. More details linked with sample data

Axios is one of the most used npm packages which just got hit by a supply chain attack. Malicious versions of Axios (1.14.1 and 0.30.4) hit the npm registry yesterday. They carry a malware dropper called plain-crypto-js@4.2.1. If you ran npm install in the last 24 hours, check your lockfile. Roll back to 1.14.0 and rotate every credential that was in your environment. Currently, as of now, npmjs has removed the compromised versions of axios package along with the malicious plain crypto js package. Live updates + info linked.

Backdoor operates at the kernel level using BPF to passively inspect traffic and trigger on crafted packets, avoiding exposed ports or typical C2 indicators.

Tradecraft enables long-term persistence and covert access inside core network infrastructure, with very limited visibility from standard monitoring.

Interesting case of network-layer backdoor design rather than traditional userland implants.

Analysis of the LiteLLM incident: stolen CI tokens → malicious PyPI releases → credential exfiltration from runtime environments.

With focus on trust boundaries in CI/CD and secret exposure.

Breach occurred at Navia Benefit Solutions, a 3rd party, not HackerOne infra.

Around 287 HackerOne employees PII leaked.

Navia delayed breach notifications by weeks. Filed at Maine AG.

Navia was independently breached. Over 10K US employee's PII exposed.

Reports point to an auth flaw (BOLA-type) enabling access to employee PII (SSNs, DoB, addresses, benefits data).

Exposure window: Dec 2025 to Jan 2026.

There are reports of OVHcloud-related data being posted on a forum for sale. No official confirmation so far from OVHCloud. Given OVH’s scale, potential impact could be significant depending on scope, especially in Europe

UPDATE: OVHcloud CEO, Octave Klaba has commented that the sample dataset was not found in their system.