-
Polish Press Agency
May 31, 2024
•
[ espionage, government ]
Polish prosecutors investigate a suspected Russian cyberattack on the countrys state news agency Polish Press Agency (PAP) spreading disinformation with fake news claiming the countrys authorities had announced a partial mobilization of 200,000 men who were to be sent to fight in a war in Ukraine.
-
Tibet Post and Gyudmed Tantric University
May 31, 2024
•
[ espionage, malware, education ]
Researchers at Recorded Future reveal that the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware
-
Ticketek
May 31, 2024
•
[ leak, misconfiguration, retail ]
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
-
FinWise
May 31, 2024
•
[ insider, finance ]
Former FinWise employee accessed AFF customer files after termination, impacting 689k individuals; discovered June 18, 2025; investigation and credit monitoring offered; multiple lawsuits filed.
-
Operation Endgame
May 30, 2024
In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.
-
Alternate Solutions Health Network, LLC
May 30, 2024
•
[ phishing, data leak ]
On or around May 30 2024, an unauthorized actor accessed an employee email account at Alternate Solutions Health Network. The account was secured after discovery; investigation concluded February 14 2025 and confirmed exposure of PHI. Notifications were issued beginning April 14 2025.
-
Maryhaven, Inc.
May 30, 2024
•
[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
-
RestorixHealth
May 29, 2024
•
[ phishing, data leak ]
Investigation confirmed unauthorized access to one mailbox (May 729, 2024); notification letters commenced Feb 14, 2025.
-
Bring Me the Horizon Webpage
May 28, 2024
•
[ hack ]
Someone hacks the Bring Me the Horizon hidden web site in an attempt to get ahead in the game.
-
Combolists Posted to Telegram
May 28, 2024
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have been sourced from a combination of existing combolists and info stealer malware.
-
Daniel Freund
May 27, 2024
•
[ espionage, malware, government ]
Daniel Freund, a German member of Europes Parliament says his mobile phone was targeted with the Candiru mobile spyware on May.
-
Internet Archive
May 26, 2024
•
[ hack, ddos, technology ]
The Internet Archive is hit with a prolonged DDoS attack.
-
-
pcTattletale
May 25, 2024
•
[ hack, sqlinjection, technology ]
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.
-
Albany County
May 24, 2024
•
[ hack, government ]
Officials in Albany County, New Yorks state capital region, say they are investigating a cyberattack ahead of the Memorial Day weekend.
-
pcTattletale
May 24, 2024
A threat actor defaces the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaks over a dozen archives containing database and source code data.
-
United Urology Group
May 23, 2024
•
[ ransomware, malware, healthcare ]
The RansomHouse threat actors claim to have encrypted the system of United Urology Group and exfiltrated about 300 GB of files.
-
CDEK
May 23, 2024
•
[ hack ]
Head Mare, a little-known group, claims responsibility for an attack that has disrupted service for days at CDEK, one of Russias largest delivery companies.
-
Michigan Medicine
May 23, 2024
•
[ leak, healthcare ]
Michigan Medicine, the academic medical center of the University of Michigan, notifies roughly 57,000 individuals that their personal and health information might have been compromised in a data breach.
-
Varsity Brands
May 22, 2024
The apparel company Varsity Brands discloses a data breach impacting 65,000 individuals.
