Vodafone Source Code Leak
Vodafone, a major international telecom, sustained a source code leak claimed by the Lapsus$ extortion group on May 18, 2026. The company confirmed limited access to GitHub files through compromised third-party development software, but stated that customer data and core network infrastructure were not affected.
Signal context
First seen: May 18, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Source code leak claimed by Lapsus$ extortion group.
- Limited access to GitHub files.
- Compromised third-party development software as the vector.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 22 signals in the same sector
- 80 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
18th May – Threat Intelligence Report - Check Point Researchhttps://research.checkpoint.com/2026/18th-may-threat-intelligence-report/Public source from research.checkpoint.com.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://cybermanagementalliance.com/biggest-cyber-attacks-data-breaches-ransomware-attacks-of-may-2026/Public source from cybermanagementalliance.com.
Related signals
Grouped by why the signal is relevant.
ShinyHunters Leaks Charter Communications Data
The cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications (operating under the Spectrum brand). The leak, reported on May 31, 2026, followed a failed extortion attempt. The exposed data included approximately 4.9 million unique email addresses, names, phone numbers, and physical addresses. A smaller set of about 85,000 records from an internal employee directory also included job titles. Charter confirmed the incident but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
Dutch civil servants from Authority for Consumers and Markets (ACM) affected by Microsoft data leak
Names of civil servants from the Authority for Consumers and Markets (ACM), involved in implementing the Digital Services Act (DSA), were reportedly shared by Microsoft with the U.S. House of Representatives without redaction.
HackerOne Affected by Klue Supply Chain Attack
Cybersecurity firm HackerOne was among the organizations impacted by the Klue supply chain attack, which involved unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Snyk Affected by Klue Supply Chain Data Breach
Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Sprout Social Data Compromised in Klue Supply Chain Attack
Sprout Social, a social media management platform, was among the companies affected by the Klue supply chain attack. The incident led to unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.
Jamf Customer Data Exposed in Klue Supply Chain Attack
Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.