Full List

Search

Recent Breaches

• Guardian Healthcare November 8, 2024 • [ ransomware, malware, healthcare ] Guardian Healthcare is the victim of a Stormous ransomware attack. The threat actors leaked 3 GB of files, many of which contain protected health information (PHI) of patients.
• Park'N Fly November 7, 2024 Park'N Fly warns that a data breach exposed the personal and account information of 1 million customers in Canada after threat actors breached its network.
• Finastra November 7, 2024 Finastra confirms it warned customers of a cybersecurity incident after a threat actor begins selling allegedly stolen data on a hacking forum after using compromised credentials to access one of Finastra's Secure File Transfer Platform (SFTP) systems.
• Call of Duty gamers November 7, 2024 • [ hack, misconfiguration, technology ] A threat actor dubbed Vizor reveals that they banned thousands of Call of Duty gamers by abusing anti-cheat flaw.
• Stillwater Mining Company November 6, 2024 • [ ransomware, malware, manufacturing ] Stillwater Mining Company, the owner of the only platinum and palladium mines in the U.S. confirms that it experienced a cyberattack this Summer. The RansomHub ransomware gang claims responsibility for the attack.
• Microlise November 6, 2024 • [ hack, government ] A cyberattack on Microlise leaves British prison vans without tracking systems or panic alarms.
• VeraCore (Advantive) November 5, 2024 • [ data leak, vulnerability, web shell ] The Vietnamese-linked cybercriminal group XE Group exploited two zero-day vulnerabilities (CVE-2024-57968, CVE-2025-25181) in the U.S. software vendor VeraCores warehouse management and fulfillment platform. Attackers uploaded web shells, maintained persistent access since 2020, exfiltrated configuration and system data, and executed commands on compromised servers, potentially exposing data from client organizations using VeraCore for logistics operations.
• Wexford County Register of Deeds November 5, 2024 • [ cyberattack, data loss, government ] The Wexford County, Michigan, Register of Deeds office experienced a cyber incident on 2024-11-05. Access was shut off, systems went offline, and a small portion of documents (less than 5%) from a defined time period were not recoverable.
• Hixson Holdings, Inc November 5, 2024 • [ data leak ] Hixson Holdings Inc., a Cincinnati-based architecture, engineering and project management firm, detected suspicious activity on its network on November 5, 2024. A forensic investigation later determined that an Undetermined intruder may have accessed sensitive data on Hixson's systems from that date through October 9, 2025, before the review concluded. Exposed information includes names, contact details, Social Security numbers and medical or insurance identifiers, highlighting that the firm handled protected health information for some clients. Hixson filed notice with the Massachusetts Attorney General and began mailing breach letters on October 31, 2025, while law firms and regulators assess potential legal and remediation obligations.
• Nokia November 4, 2024 Nokia investigates whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code.
• South East Technological University November 4, 2024 • [ hack, education ] The South East Technological University (SETU) in Ireland announces experiencing a cybersecurity incident targeting its IT systems.
• Schneider Electric November 4, 2024 • [ leak, misconfiguration, manufacturing ] Schneider Electric confirms that a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.
• MIT’s Technology Review November 4, 2024 • [ leak, misconfiguration, technology ] The threat actor known as Intel Broker claims to have stolen the personal data of 290,762 individuals from MITs Technology Review website via a third-party contractor.
• Alaska Division of Retirement and Benefits November 4, 2024 • [ hack, financial, government ] The Alaska Division of Retirement and Benefits is hacked and State residents who work in the public sector, have employer contributions to their retirement accounts impacted
• The Plastic Surgery Center November 4, 2024 • [ data leak ] Names, dates of birth, Social Security numbers, passport and drivers license numbers, financial, biometric, and medical information
• At least one undisclosed government and/or tech company November 4, 2024 • [ state-sponsored, malware, backdoor ] Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
• ARC Community Services November 4, 2024 • [ unauthorized activity, data breach, protected health information ] ARC Community Services disclosed it became aware of unauthorized activity in its network on November 4, 2024 and initiated incident response actions, including taking systems offline until operations could be safely restored. During the ensuing investigation and data review, ARC determined that files containing protected health information (PHI) were taken from its network. The potentially affected PHI varies by individual but may include contact information (name/address), date of birth, medical record number, health information, drivers license number, and financial account information.
• MIT’s Technology Review November 4, 2024 • [ data leak, third-party contractor, Intel Broker ] The threat actor known as Intel Broker claims to have stolen the personal data of 290,762 individuals from MITs Technology Review website via a third-party contractor.
• Washington State Administrative Office of the Courts (AOC) November 3, 2024 • [ hack, government ] Court systems across Washington are down after officials said "unauthorized activity" was detected on their networks.
• Middlesbrough Council November 3, 2024 Middlesbrough Council's website is affected by a distributed denial of service (DDoS) attack.