Target Source Code and Developer Documentation Theft

Key points

• Internal source code and developer documentation stolen.
• Approximately 860 GB of data exfiltrated.
• Data released on Gitea.

It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Target

Likely country: Location not provided

Threat source

Hacking activity

Watch internet-facing systems, credential abuse and exploit activity.

• Source type: outside the affected organization

Business impact

Potential data exposure

Impact area: Confidentiality

Trend context

17 signals with similar action pattern

• 1 signal in the same sector
• 22 signals with the same likely impact area
• 1 signal linked to this organization/domain

Mentioned entities

TargetSuspected Data ExposureTarget Source Code and DeveloperDocumentation Theft On JanuaryTargetGitea. InternalApproximatelyGitea

External sources

• 7 Data Breaches, Exposures to Know About (January 2026) - Security Magazinehttps://www.securitymagazine.com/articles/99999-data-breaches-exposures-to-know-about-january-2026Public source from securitymagazine.com.

Related signals

Grouped by why the signal is relevant.

Oracle·Jun 19, 2026

Same action patternSame impact area

Oracle Affected by FortiBleed Campaign

Oracle was identified as one of over 22,000 corporate domains affected by the FortiBleed campaign. A Russian-speaking criminal group compromised Fortinet firewall and VPN devices globally, exfiltrating credentials and potentially gaining full network access.

Tweakers·Jun 19, 2026

Same action patternSame impact area

Paywall Bypass Vulnerability

Tweakers.net has identified a vulnerability that allows for the bypass of its paywall. This issue is listed as a 'Known issue' within their bug bounty program, indicating that the company is aware of the flaw and is seeking ethical hackers to report findings related to it. A successful bypass could allow unauthorized access to premium content.

Hfmgt·Jun 18, 2026

Same action patternSame impact area

Horizon Family Medical Group Data Breach

Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.

Coe·Jun 14, 2026

Same action patternSame impact area

Council of Europe Hacked by ShinyHunters, 297 GB of Data Stolen

The notorious extortion group ShinyHunters claimed to have hacked the Council of Europe, stealing nearly 300 gigabytes of data, including employee personal information, payroll data, CVs, and medical records. The group threatened to leak the data if negotiations were not initiated.

Americanexpress·Jun 11, 2026

Same action patternSame impact area

American Express Insider Data Breach Reported

American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.

Fortinet·Jun 9, 2026

Same action patternSame impact area

Active Exploitation of Multiple Critical FortiSandbox Vulnerabilities

Threat actors are actively exploiting multiple critical vulnerabilities in Fortinet FortiSandbox products, including CVE-2026-39813 (path traversal), CVE-2026-39808 (OS command injection), and CVE-2026-25089 (OS command injection). These flaws could allow unauthenticated attackers to bypass authentication, execute unauthorized code or commands, and escalate privileges. Fortinet released patches for these vulnerabilities in April and June 2026. Exploitation has been observed from multiple sources across various countries.