A self-proclaimed hacktivist group named NullBulge claims to have breached Disney’s internal Slack infrastructure, leaking 1.1 TiB (1.2 TB) of data. This breach, announced on the notorious cybercrime platform Breach Forums on July 12, 2024, supposedly includes the entire development team's Slack communications, encompassing messages, files, and various data exchanged within the workspace. NullBulge publicized the breach on X (formerly Twitter), highlighting the significant scope of the data obtained, which allegedly spans nearly 10,000 channels filled with messages, unreleased projects, raw images, code, logins, and links to internal APIs and web pages. NullBulge, whose origins remain unknown, claims to protect artists’ rights and ensure fair compensation for their work. There are rumors suggesting a connection to the LockBit ransomware gang, as they appear to be using LockBit’s leaked builder. Disney has recently faced criticism and legal challenges concerning fair payment to artists and writers, with notable figures like Neil Gaiman highlighting issues of unpaid royalties for novelizations and graphic novels of Disney-owned properties. This controversy gained attention when author Alan Dean Foster publicly disclosed that he had not received royalties for his “Star Wars” and “Alien” novels following Disney's acquisition of these franchises. Despite some settlements, many creators continue to struggle for their rightful payments, with organizations like the Science Fiction & Fantasy Writers of America (SFWA) actively campaigning for these creators. The alleged Disney data breach is part of a larger pattern of cyberattacks affecting major U.S. companies. On the same day, July 12, 2024, AT&T announced a breach where hackers stole call records and text message logs of nearly all customers, impacting over 110 million Americans. Meanwhile, the Ticketmaster breach continues to plague Live Nation as hackers demand an $8 million ransom to halt the leak of 10 million ticketing barcodes related to top celebrities’ concerts. These incidents underscore the growing cybersecurity threats faced by corporations and the widespread implications of such breaches.
Customers of Renault and its subsidiary Dacia in the United Kingdom have been informed that their personal data was compromised after a cyberattack on one of the carmaker’s third...
DrayTek has recently fixed a serious security problem called CVE-2025-10547 that affects its DrayOS router series. This problem lets attackers take control of weak routers by sendi...
A threat actor known as Cavalry Werewolf, with overlaps in sharing with the hacking group YoroTrooper, has been seen attacking the Russian public sector using malware families like...