Brian @ Krebs on Security • 3w
0day Syndicate Breach of GoKids Educational Mobile Platforms
On May 28, 2026, the ransomware collective 0day Syndicate breached GoKids, a Bulgarian developer of educational mobile applications. The attack targeted multiple infrastructure points, including gokidspublishing.com, dev.redpilotstudio.com, and gokidsmobile.com, utilizing a double-extortion model. The threat actor exfiltrated sensitive datasets and issued a public ransom demand via their Tor-based leak site (odaygplp3zhyx7zl45egetl6dzc4reduisnoyym34rjdmaryfaz5doqd.onion). This breach potentially exposes the personally identifiable information (PII) of toddlers and their parents, triggering severe GDPR compliance risks and operational disruption for the organization.
Links:Krebs on Security, Unimelb, Malware News, Dexpose, csoonline.com, Hipaapulse, Medixdental, Teiss, Mallory, Cloudian, Ransomware, Apps, Play, En, Theeduledger, Apnews, Safecomputing, Govtech, Fdd •