Monday , July 13 2026
Chinese

8.7 billion records leaked: Inside the huge Chinese data breach

Cybernews reported that Elasticsearch cluster exposed billions of primary Chinese records, cantaining over 160 indices. The leaked data has the record of national citizen ID numbers to various business records. Cybernews dubbed it the massive leak is among the largest single Elasticsearch exposures ever recorded.

On January 1st 2026, the Cybernews research team discovered 8.73 billion Chinese records exposed online. The exposed data was on a large Elasticsearch cluster. Businesses use Elasticsearch for fast sorting, real-time searches, and scalability. Our team found a cluster with 163 indices containing billions of records.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

A large data cluster was found in early 2026 and stayed accessible for over three weeks. There’s no evidence of misuse, but if our researchers discovered it, others could have as well.

“Despite the short exposure window, the scale of the dataset means that automated scraping during this period could have resulted in widespread secondary dissemination,” cybernews researchers said.

Bob Diachenko, a Cybernews contributor and cybersecurity researcher, discovered a significant data cluster. He noted that the metadata indicates data was imported as recently as late 2025.

“The presence of timestamps and import dates points to a long-running aggregation effort rather than a single historical breach,” the team explained.

The Cybernews report claim that leaked data includes personal identifiers, contact details, government IDs, online account information, and credentials at an unprecedented scale. The info categorize like personally identifiable information (PII), account and platform data, authentication data, as well as corporate and business records.

Researchers found the exposed cluster to be well-organized and segmented by data type, including phone-centric, ID-centric, and account-centric datasets.

“The infrastructure was hosted on a bulletproof hosting provider, commonly associated with high-risk or non-compliant data operations. Moreover, the dataset structure and scale suggest intentional aggregation, not accidental logging or misconfiguration by a single consumer service,” the researchers said.

Check Also

Polymarket

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what …