Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
A sophisticated Chinese-speaking threat actor has been caught exploiting a trio of VMware ESXi zero-day vulnerabilities, allowing them to escape virtual machines and gain full control of the underlying hypervisor.
Gulshan Management Services, a Texas-based operator of ~150 gas stations, has disclosed a major data breach affecting over 377,000 individuals. The breach, resulting from a phishing attack that led to a ransomware infection, exposed highly sensitive personal and financial information.
Gulshan Management Services, a Texas-based operator of ~150 gas stations, has disclosed a major data breach affecting over 377,000 individuals. The breach, resulting from a phishing attack that led to a ransomware infection, exposed highly sensitive personal and financial information.
Cyber News Centre's cyber update for 6th January 2026: A classic phishing attack has led to a massive data breach at a US-based gas station operator, exposing the sensitive personal and financial data of over 377,000 people and serving as a critical reminder of the vulnerabilities in the retail fuel sector.
Gulshan Management Services, Inc., a company based in Sugar Land, Texas, operates approximately 150 gas stations, including the Handi Plus and Handi Stop brands. The company handles a significant volume of customer payment and personal data daily.
Update: Gulshan Management Services has begun notifying 377,082 individuals that their personal information was compromised in a data breach that occurred in September 2025. According to the company's disclosure, an unauthorised third party gained access to its systems on September 17, 2025, via a successful phishing attack. This initial foothold allowed the attackers to deploy ransomware that encrypted parts of the company's network.
The attackers had access to the systems for a full 10 days, until September 27, 2025, when the breach was discovered. The compromised data is highly sensitive and includes full names, Social Security numbers, credit and debit card numbers, driver's license numbers, and other personal contact information. The notification to victims was not sent until January 5, 2026, over three months after the breach was discovered. In response, Gulshan is offering 12 months of identity monitoring services through Kroll and is now facing multiple class-action lawsuits.
Why it Matters: This incident is a textbook example of how a simple, employee-targeted phishing email can escalate into a major ransomware event with significant consequences. For Australian businesses, particularly in the retail and fuel sectors, this serves as a potent case study. The types of data stolen are a goldmine for identity thieves, and the long delay between discovery and notification left hundreds of thousands of victims unknowingly exposed for months.
The 10-day dwell time before the attackers were detected highlights a critical gap in security monitoring that is all too common. It underscores the absolute necessity of continuous employee security awareness training to defend against phishing, robust endpoint detection and response (EDR) to spot malicious software, and a well-rehearsed incident response plan to ensure swift detection, containment, and transparent communication in the event of a breach.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
A sophisticated Chinese-speaking threat actor has been caught exploiting a trio of VMware ESXi zero-day vulnerabilities, allowing them to escape virtual machines and gain full control of the underlying hypervisor.
A critical zero-day attack is actively targeting WatchGuard Firebox firewalls, exposing thousands of organisations worldwide. Australian cyber authorities have issued an urgent alert, warning the flaw enables remote takeover of network devices, with more than 115,000 systems still exposed online.
Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
