Sweden's E-Government Platform Source Code Leaked via Compromised CGI Infrastructure

Incident Overview
Threat actor ByteToBreach has leaked the entire source code of Sweden's E-Government platform, claiming it was obtained through compromised CGI Sverige AB infrastructure. CGI Sverige is the Swedish subsidiary of global IT services giant CGI Group and manages critical government digital services.
Compromised Data Categories
- Full E-Gov Platform Source Code
- Staff Database
- API Document Signing Systems
- Jenkins SSH Pivot Credentials
- RCE Test Endpoints
- Initial Foothold & Jailbreak Artifacts
- Citizen PII Databases (Sold Separately)
- Electronic Signing Documents (Sold Separately)
Attack Details
The disclosed vulnerabilities used in the attack include:
- Full Jenkins compromise
- Docker escape via the Jenkins user being in the Docker group
- SSH private key pivots
- Analysis of local .hprof files for reconnaissance
- SQL copy-to-program pivots
The actor makes a pointed note about companies blaming breaches on third parties, explicitly stating that this compromise belongs clearly to CGI infrastructure, referencing Viking Line and Slavia Pojistovna as other examples.
The source code is being released for free with multiple backup download links, while citizen databases are sold separately. This is the same actor behind the Viking Line breach posted yesterday.
📖 Read the full source: HN AI Agents
👀 See Also

ClawVault Security Enhancement Adds Sensitive Data Detection for OpenClaw
A new enhancement to ClawVault adds real-time sensitive data detection and automatic sanitization for OpenClaw API traffic, intercepting plaintext passwords, API keys, and tokens before they reach LLM providers.

MCP Sandbox: Run MCP Servers in Isolated Containers Without Trusting Them
A developer built MCP Sandbox, which runs MCP servers in isolated gVisor containers with default-deny network access and safe secret injection, plus pre-execution CVE scanning and pattern checking.

Open-source playground for red-teaming AI agents with published exploits
Fabraix has open-sourced a live environment to stress-test AI agent defenses through adversarial challenges. Each challenge deploys a live agent with real tools and published system prompts, with winning conversation transcripts and guardrail logs documented publicly.

MCP Server CVE Exposure Mapping and Public API Released
Researchers have mapped CVE exposure across thousands of MCP servers and built a public API for querying dependency vulnerabilities. The API allows searching by repo/name, filtering by severity, and sorting by CVE count or recency.