Envoy Air (American Airlines)
October 17, 2025
•[ ransomware, data leak, vulnerability ]
Envoy Air confirmed it was hit in a broader Clop campaign abusing an Oracle EBS zero-day. Reuters notes a small amount of Envoy business information may have been accessed; Clop listed American Airlines, but the target was Envoy, AAs regional carrier. Primary impact: unauthorized access/data theft for extortion, not operational outage.
Serbian Civil Aviation Directorate
October 17, 2025
•[ cyber-espionage, phishing, malware ]
A cyber-espionage campaign linked to suspected Chinese threat actors compromised application servers at Serbias Civil Aviation Directorate. Attackers used phishing emails to deploy Sogu, PlugX, and Korplug malware, gaining persistent access for intelligence collection. No operational disruption was reported.
University of the Witwatersrand
October 17, 2025
•[ zero-day, data leak ]
University statement confirms zero-day event impacting Oracle E-Business; investigation ongoing
City of La Vergne
October 17, 2025
•[ government ]
La Vergne shut systems after a cybersecurity breach on Oct 17; city offices remained closed while FBI/TBI assisted recovery.
City of Elne (France)
October 15, 2025
•[ ransomware, data leak, nation-state ]
French press reports Russian-linked Qilin targeted Elne shortly after school attacks
Heywood Hospital and Athol Hospital
October 15, 2025
•[ cybersecurity, healthcare, outage ]
Hospitals reported cybersecurity incident causing outages and Code Black ambulance diversion
Mango
October 15, 2025
•[ data leak ]
External marketing provider breach exposed limited customer contact data; Mango said core systems unaffected
Russian IT service provider
October 15, 2025
•[ data leak, espionage, apt ]
China-linked Jewelbug infiltrated Russian IT provider for months, exfiltrating repositories and data
Zerodha
October 15, 2025
•[ phishing, account compromise ]
Economic Times details Kamaths brief X account compromise after clicking phishing email
Windsor International Airport
October 14, 2025
•[ hacktivism, unauthorized access, third-party breach ]
Unauthorized pro-Palestinian messages played; one Delta flight delayed; third-party cloud PA cited
Ansell Limited
October 14, 2025
•[ data leak ]
Ansell disclosed unauthorized access to certain company data and began mitigation; no operational disruption reported.
Waymo
October 14, 2025
•[ ddos, service disruption ]
Local coverage shows a prank dubbed a Waymo DDoS herded ~50 robotaxis
Kelowna International Airport
October 14, 2025
•[ hacktivism, system intrusion ]
Pro-Palestinian messages appeared on PA/displays; brief disruption while systems isolated and restored
Volkswagen Group France
October 14, 2025
•[ ransomware, data leak ]
Qilin gang claimed a ransomware attack on Volkswagen France with ~150GB of data allegedly stolen; investigation ongoing.
(German Procurement Portal) dtvp.de
October 14, 2025
•[ ddos, hacktivism ]
Reports say pro-Russian NoName057(16) knocked Germanys tender portal offline via DDoS
Vietnam Airlines
October 14, 2025
•[ data leak ]
Reuters/MarketScreener notes customer data breach; internal IT systems not impacted
Methodist Church of Southern Africa
October 13, 2025
•[ ransomware, data leak ]
Ransomware actors claimed an attack on the Methodist Church of Southern Africa; verification and technical details remain limited.
Cyprus Post
October 13, 2025
•[ data leak, government ]
Hackers accessed Cyprus Post systems, leaking sensitive government correspondence and citizen data via the Thalis platform.
