M-TIBA (CarePay Kenya)
October 23, 2025
•[ data leak ]
Threat actor Kazu claimed on Oct 23 2025 to have exfiltrated 2.15 TB of data (~4.8 M users) from M-TIBA, a Safaricom-backed health-finance platform; sample of 114 k records posted; Kenyas ODPC launched investigation Oct 29 2025; no encryption or operational outage confirmed.
Freedom Mobile
October 23, 2025
•[ data leak ]
Freedom Mobile disclosed a breach of its customer account management platform that it detected on Oct. 23, 2025. The company stated that an unknown third party used a subcontractors account to access personal information for a limited number of customers, and that suspicious accounts and related IP addresses were blocked as part of corrective measures. Reported exposed data elements include first and last names, home addresses, dates of birth, phone numbers (home and/or mobile), and customer account numbers; Freedom stated the incident was not ransomware and that its network and operations were not affected.
Two undisclosed government departments in a South American country
October 22, 2025
•[ vulnerability exploitation, espionage, data leak ]
Actors exploited a patched SharePoint ToolShell flaw to gain initial access at a telecom, harvest credentials, and pivot across AD-joined systems. Activity included beaconing and data staging consistent with telecom espionage. No operational shutdown reported; primary effect is unauthorized access and data collection.
Rosselkhoznadzor
October 22, 2025
•[ ddos, hacktivism ]
Large DDoS hit Russias food-safety agency, degrading VetIS/Mercury and Saturn services used to certify shipments; suppliers couldnt confirm deliveries and some retailers paused intake until access returned. Officials reported no data compromise, indicating a protest-driven disruption rather than theft.
At least one undisclosed e-commerce site (running Adobe Commerce / Magento 2)
October 22, 2025
•[ vulnerability, account takeover, skimming ]
Observed active attempts to hijack Magento/Adobe Commerce sessions via the SessionReaper flaw weeks after patches, enabling account takeover, checkout abuse, and skimmer deployment on e-commerce sites. This is broad criminal monetization activity against many sites; no single named victim with a confirmed primary effect, so not recorded as a discrete event.
At least one undisclosed Ukraine war-relief organization
October 22, 2025
•[ phishing, credential theft, malware ]
Targeted credential-theft/implant delivery against humanitarian and logistics organizations aiding Ukraine using well-crafted lures, HTML smuggling, and compartmentalized infrastructure. Intent is intelligence collection; campaign report covers multiple organizations without a single verified primary effect to code as an event.
Ravin Academy
October 22, 2025
•[ hacktivism, data leak, government ]
Cyber intrusion into Ravin Academy, an Iranian cybersecurity training institution linked to the Ministry of Intelligence, by a hacktivist group. The stolen data was posted online with anti-regime rhetoric, indicating an ideologically motivated protest hack.
National Time Service Center
October 20, 2025
•[ espionage, state-sponsored attack ]
China accuses U.S. NSA of cyber-espionage against NTSC timing systems
Verisure
October 20, 2025
•[ data leak ]
Verisure reports breach at Swedish subsidiary Alert Alarm; ~35,000 customers impacted
Muji
October 20, 2025
•[ ransomware ]
Muji halted online sales after Askul ransomware outage disrupted logistics operations
Wilkes University
October 20, 2025
•[ data leak, class action ]
Class-action filing alleges cybercriminals accessed Wilkes University systems and exposed personal information of thousands.
DSV
October 20, 2025
•[ data leak ]
Reports indicate DSV confirmed a breach impacting a smaller group of customers; details on scope and timing remain limited.
Kaufman County
October 20, 2025
•[ ransomware ]
County officials reported a cyberattack discovered Oct 20 that knocked out multiple IT systems, disrupting courthouse operations and online services while essential public safety remained online. Response included coordination with state/federal partners and public guidance about service interruptions.
Somalia e-Visa Platform
October 20, 2025
•[ data leak, misconfiguration, government ]
Attackers accessed Somalias national e-visa application serverhosted on a misconfigured shared cPanel environmentallowing unauthorized retrieval of more than 125,000 visa applications and associated passport, biometric, contact, and payment data. U.S. and UK government alerts on November 13, 2025, warned that at least 35,000 travelers may have had their information compromised as the breach continued into mid-November.
Askul
October 19, 2025
•[ ransomware ]
Askul halted orders and shipments across sites after ransomware crippled systems
Dodd Group
October 19, 2025
•[ data leak, third-party breach ]
Report claims Russian group accessed contractor and leaked MoD base documents
London Womens Clinic
October 19, 2025
•[ ransomware, data leak, dark web ]
Russian ransomware group Qilin reportedly broke into systems used by the London Womens Clinic which runs seventeen IVF and fertility centres across the United Kingdom and is believed to have exfiltrated large volumes of sensitive patient data after posting about the breach on dark web channels on October 19 2025 raising concerns for both private and NHS patients
Naxtel; AZ Smart Offers; BirMarket; Elit Optimal; two additional Azerbaijani websites
October 18, 2025
•[ DDoS ]
Hezi Rash Group launched a politically motivated DDoS campaign against Azerbaijan on October 18, 2025. Six Azerbaijani websites, including telecom operator Naxtel and retailers AZ Smart Offers, BirMarket, and Elit Optimal, were rendered inaccessible for several hours. Outages were verified through Check-Host reports posted by the group.
DeKalb County
October 18, 2025
•[ system intrusion, service disruption ]
The city reported a network intrusion that disabled billing and administrative systems. Residents were temporarily limited to checks/money orders; late fees were waived and hearings were postponed while forensic work and system rebuild proceeded with state and federal assistance.
Xubuntu
October 18, 2025
•[ malware, data theft, supply chain attack ]
Pplware reports the official Xubuntu site was briefly compromised; the torrent download link served a ZIP with a Windows EXE that stole sensitive data (e.g., crypto addresses). Xubuntu removed the page and accelerated infra migration; ISO mirrors were unaffected. Financially motivated malware delivery via a trusted brand.
