Databasehooligan Dominates as AI Supply-Chain Attacks Surge

Summary

Today's picture was defined less by volume than by concentration: a single operator ran a country-by-country data-sale spree spanning telecom carriers, schools and government registries on four continents -- the kind of industrialised reselling that keeps breach data in circulation long after the original intrusion. The sharper warning came from the research side, where attackers kept moving toward the tools developers trust -- AI coding agents, package registries and self-hosted git servers -- even as defenders scored a rare coordinated botnet takedown. The throughline is the software supply chain, now increasingly mediated by AI.

Today's developments

Forum activity was dominated by the actor known as Databasehooligan, credited with 36 of the day's 148 posts. The operator claimed breaches or data sales against telecom carriers across several regions -- Fastweb and WINDTRE in Italy, Masmovil in Spain, and KDDI Corporation in Japan -- alongside Japan's National Personnel Authority, Mexico's national science agency CONACYT, Spain's state training foundation Fundae, India's Fortis Healthcare and the education provider BYJU'S Exam Prep, and Standard Lesotho Bank. The same actor advertised data from e-commerce and education targets in South Korea, Taiwan and South Africa, a breadth that points to bulk database reselling rather than targeted intrusion.

Other operators claimed higher-profile single victims. The actor "The BlackH4t MD-Ghost" alleged a breach of Amazon and of Chile's Banco Falabella, and posted data it attributed to Nepal's Ministry of Physical Infrastructure Development. "Black0ut_Exi" claimed a sale of records from Argentina's Ministerio de Salud de Catamarca, and "azazeljakel" claimed a breach of Mexico's national civil-protection coordination body. Indonesian government and school systems featured heavily: "BROTHERHOOD CAPUNG INDONESIA" claimed a leak from the country's food-affairs coordinating ministry, while several actors posted data from provincial schools and city governments. Hacktivist-flavoured posts reached the Middle East, including an alleged breach of Iran's MTN Irancell and an alleged leak attributed to Israel. All of these remain unverified claims drawn from forum posts.

On the research side, the day's biggest defensive win was the disruption of the GlassWorm botnet: CrowdStrike, working with Google and the Shadowserver Foundation, said it had taken down all four command-and-control channels behind a campaign that had seeded malware into hundreds of open-source packages since early 2025. The offensive research ran toward the developer toolchain. Security researchers detailed a "SymJack" technique in which malicious repositories and disguised symlinks trick AI coding agents into installing attacker-controlled MCP servers able to steal secrets and poison CI pipelines, and flagged a malicious npm package built to exfiltrate files from an AI assistant's user directory. Microsoft warned of a cryptojacking campaign that uses AI chatbot answers to surface malicious download sites, and a newly disclosed Gitea flaw was shown to let unauthenticated attackers pull private container images.

Conventional threats stayed busy alongside the AI angle. WatchGuard and ESET tracked Grandoreiro and BTMOB banking-trojan campaigns against Windows and Android users across Latin America and Europe. The FBI warned that an extortion crew has been physically visiting US law firms to socially engineer remote access and exfiltrate data, Dutch police arrested a man over a breach of the Ajax football club, and a Romanian national was sentenced in the US for selling access to an Oregon state network. Researchers at Gambit Security linked a cyberattack on the Los Angeles transit system to Iran's Ministry of Intelligence, despite a hacktivist cover story.

Threat landscape signals

Concentration was the day's defining metric. The top three actors -- Databasehooligan, the ransomware crew DragonForce, and BROTHERHOOD CAPUNG INDONESIA -- together accounted for roughly 45 percent of all activity, with Databasehooligan alone near a quarter. Data breaches and leaks made up 76 of the 148 events, well ahead of 32 ransomware posts and 11 distributed-denial-of-service claims, the latter largely from the pro-Russian group NoName057(16). Victims clustered in the United States (24 incidents), Indonesia and Mexico, and in the education and government-administration sectors -- a reminder that under-resourced public bodies and schools remain the soft underbelly of the data-theft economy.

The clearer signal for defenders is directional. With AI coding agents, package registries and self-hosted git servers all under active attack this week, the practical priority is provenance: pin dependencies, vet MCP and IDE integrations before granting them file access, and treat AI-surfaced download links as untrusted by default. The GlassWorm takedown shows coordinated action can still claw back ground -- but only against infrastructure that was left to grow for more than a year.