[{"id":"lkc-001","source":"Combo list — `KS_2025_Q1_breach.txt` (LAB)","discovered_at":"2026-04-22T08:14:00Z","confidence_score":92,"severity":"high","affected_asset":"vpn.user@keensafeglobalbank.com","evidence":"vpn.user@keensafeglobalbank.com:Summer2025!","recommended_action":"Force password reset; revoke all active sessions; check VPN auth logs.","mitre_mapping":["T1078.004","T1110.004"],"compliance_mapping":["NIST 800-53 IA-5","PCI-DSS 8.3","ISO 27001 A.9.2.4"]},{"id":"lkc-002","source":"Telegram channel @combolist_eu (LAB)","discovered_at":"2026-04-21T19:02:00Z","confidence_score":88,"severity":"high","affected_asset":"devops@keensafeglobalbank.com","evidence":"devops@keensafeglobalbank.com:DevOps123!","recommended_action":"Reset, enforce FIDO2, audit Jenkins / Gitea last-90-day actions.","mitre_mapping":["T1078.004"],"compliance_mapping":["NIST CSF PR.AC-1","ISO 27001 A.9.2.4"]},{"id":"lkc-003","source":"BreachForums dump 'EUcorp_2026' (LAB)","discovered_at":"2026-04-20T11:42:00Z","confidence_score":84,"severity":"medium","affected_asset":"employee1@keensafeglobalbank.com","evidence":"employee1@keensafeglobalbank.com:Password123!","recommended_action":"Reset; require new MFA enrolment; check for credential reuse.","mitre_mapping":["T1110.001"],"compliance_mapping":["GDPR Art.32","PCI-DSS 8.6"]},{"id":"lkc-004","source":"DarkWeb scraper — RaidForums alt (LAB)","discovered_at":"2026-04-19T03:11:00Z","confidence_score":76,"severity":"medium","affected_asset":"support.user@keensafeglobalbank.com","evidence":"support.user@keensafeglobalbank.com:Support123!","recommended_action":"Reset; revoke admin-panel sessions; review impersonation logs.","mitre_mapping":["T1078"],"compliance_mapping":["NIST 800-53 AC-2"]},{"id":"lkc-005","source":"Combo list 'EUbanks_2025' (LAB)","discovered_at":"2026-04-18T22:55:00Z","confidence_score":70,"severity":"medium","affected_asset":"customer1@keensafeglobalbank.com","evidence":"customer1@keensafeglobalbank.com:Customer123!","recommended_action":"Notify customer; force password reset on next login.","mitre_mapping":["T1110.004"],"compliance_mapping":["GDPR Art.34"]},{"id":"lkc-006","source":"Pastebin paste 'KS_logins_q1' (LAB)","discovered_at":"2026-04-15T07:00:00Z","confidence_score":65,"severity":"low","affected_asset":"marketing@keensafeglobalbank.com","evidence":"marketing@keensafeglobalbank.com:Marketing2024","recommended_action":"Reset; remove orphaned account if not active.","mitre_mapping":["T1078"],"compliance_mapping":["ISO 27001 A.9.2.6"]},{"id":"lkc-007","source":"Stealer log dump 'redline_KS_18' (LAB)","discovered_at":"2026-04-12T14:23:00Z","confidence_score":95,"severity":"critical","affected_asset":"admin@keensafeglobalbank.com","evidence":"admin@keensafeglobalbank.com:Admin123! (browser-stored)","recommended_action":"IMMEDIATE: rotate, force re-MFA, hunt for unauthorised admin actions in last 30 days.","mitre_mapping":["T1555.003","T1078.004"],"compliance_mapping":["NIST 800-53 IA-5(7)","PCI-DSS 8.2.3","DORA Art.10"]},{"id":"lkc-008","source":"GitHub Gist (deleted, cached) (LAB)","discovered_at":"2026-04-08T11:30:00Z","confidence_score":80,"severity":"high","affected_asset":"ci-runner@keensafeglobalbank.com","evidence":"ci-runner@keensafeglobalbank.com:CI_DeployBot_2025!","recommended_action":"Reset; rotate all CI tokens; inspect Jenkins build history.","mitre_mapping":["T1552.001"],"compliance_mapping":["NIST CSF PR.DS-1","PCI-DSS 6.3"]}]