WhiteDate
December 29, 2025
•[ data leak ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.
WhiteDate
December 29, 2025
•[ data leak ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages and a total of 20k unique email addresses.
WhiteDate
December 29, 2025
•[ data breach, data leak, personal information ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.
Undisclosed Poland distributed energy facilities
December 29, 2025
•[ cyberattack, OT security, critical infrastructure ]
Coordinated cyberattack targeted distributed energy sites in Poland, compromising OT control and communications systems at roughly 30 facilities and damaging some equipment beyond repair, but failing to disrupt electricity supply.
Ubisoft
December 27, 2025
•[ data leak, service disruption ]
Ubisoft suffered a breach in which attackers accessed internal systems controlling the Rainbow Six Siege economy and moderation tools. Game services were globally disrupted, requiring rollback and shutdown of servers for nearly two days.
Unleash Protocol
December 26, 2025
•[ Theft, Cryptocurrency, Smart Contract Exploit ]
Unauthorized multisig takeover allowed attacker to deploy a malicious contract upgrade and drain protocol funds, which were later laundered through Tornado Cash.
Complexul Energetic Oltenia
December 26, 2025
•[ ransomware ]
A ransomware attack attributed to the Gentlemen group encrypted internal IT systems at Complexul Energetic Oltenia on December 26 2025 causing partial operational disruption The company isolated affected systems restored operations from backups and stated that national energy supply was not affected Data exfiltration has not been confirmed
At least one customer of Canada Computers
December 26, 2025
•[ Magecart, card skimming, data leak ]
Canada Computers acknowledged a web-based data security incident affecting its online store after a Magecart-style card-skimming script was found embedded on the checkout page. According to reporting, a shopper identified the suspicious script on January 18, 2026, and the malicious code was removed after the findings were publicized. Archived versions of the checkout page suggested the skimmer may have been active since at least late December 2025, meaning payment-form data entered by customers during that window could have been captured. Canada Computers customer notice said an unauthorized user may have accessed customer information such as names, email addresses, and possibly credit card numbers; customers were advised to monitor statements and consider replacing cards.
Chrysler (Stellantis)
December 25, 2025
•[ ransomware, data leak ]
Everest ransomware group claimed it breached Chrysler systems and exfiltrated 1088 GB of data, including Salesforce-related CRM exports and recall/customer service records, and threatened to leak the full dataset.
SudamericaData
December 25, 2025
•[ data leak ]
Threat actors advertised an alleged database from SudamericaData on underground forums, claiming exposure of a large volume of personal and registry data; the company has not publicly confirmed the breach at the time of reporting.
Kamunikat.org
December 25, 2025
•[ unauthorized access, data destruction ]
An attacker obtained administrator-level access to Kamunikat.org and deleted several thousand publications and news items from the online library before access was blocked and restoration began.
Arch Linux
December 25, 2025
•[ DDoS, service disruption ]
Arch Linuxs official website experienced a distributed denial-of-service attack that rendered the site inaccessible over IPv4 while remaining reachable via IPv6 as a mitigation measure.
Undisclosed Austrian pharmaceutical company
December 25, 2025
•[ ransomware, data leak, extortion ]
The article reports that a Vienna-based pharmaceutical company was affected by a ransomware attack in which threat actors compromised systems and leaked corporate data as part of an extortion campaign.
Leduc County
December 25, 2025
•[ ransomware, cybersecurity incident, IT systems outage ]
Leduc County in Alberta reported that it became aware on December 25, 2025 of a deliberate cybersecurity incident later identified as a ransomware attack. The county said the activity disabled some of its IT systems, and that other systems were proactively taken offline during an ongoing forensic investigation and recovery. Reporting noted that law enforcement and key stakeholders (including insurance and banking providers) were notified. Public reporting did not specify confirmed data theft, the number of affected endpoints, or a restoration date.
Asiana Airlines
December 24, 2025
•[ data leak ]
Asiana Airlines experienced unauthorized access to its internal intranet via an overseas server on December 24 2025 resulting in the exposure of personal information for approximately 10000 employees and partner staff No customer data was affected The company blocked access reset credentials and notified authorities
Ramside Hall Hotel Golf and Spa
December 24, 2025
•[ data leak ]
A management system used by Ramside Hall was accessed by unauthorized actors resulting in exposure of some customer data The hotel confirmed the incident publicly and stated the breach originated from a system it uses
Trust wallet
December 24, 2025
•[ supply chain attack, cryptocurrency theft, malicious browser extension ]
Trust Wallet said a December 24, 2025 incident led to roughly $8.5M stolen from more than 2,500 crypto wallets after attackers published a malicious version of its Chrome extension (v2.68.0) containing a JavaScript payload that collected sensitive wallet data and enabled unauthorized transactions. Trust Wallet stated that developer GitHub secrets were exposed, giving the attacker access to extension source code and a Chrome Web Store API key; with that key, the attacker could upload builds directly, bypassing Trust Wallets internal approval/manual review process. Trust Wallet said it revoked release APIs, coordinated registrar action to suspend attacker domains used to host malicious code, began reimbursing affected users, and warned about impersonation scams targeting victims.
La Poste / La Banque Postale
December 22, 2025
•[ ddos, service disruption ]
La Poste confirmed a distributed denial-of-service (DDoS) incident disrupted its websites and mobile applications just days before Christmas, slowing deliveries and knocking some online services offline. The company said it had no evidence customer data was compromised, but acknowledged postal operations including parcel distribution were affected and some post offices operated at reduced capacity. La Banque Postale warned customers that access to online banking and its mobile app was affected, while card payments and ATM withdrawals continued to function and online payments were still possible when authenticated by text message. La Poste stated its teams were mobilized to restore services as quickly as possible.
At least one Russian Manufacturing Company
December 22, 2025
•[ unauthorized access, industrial operations ]
A manufacturing company based in Russia was affected by a cyber incident involving unauthorized access to corporate systems and potential disruption to industrial operations.
Kuaishou
December 22, 2025
•[ cyberattack, service disruption ]
Kuaishou experienced a cyberattack late on December 22, 2025 that disrupted livestreaming services for several hours, prompting market reaction and a decline in its share price the following day.
