City of Martinsville
March 25, 2026
•[ data breach, personal information, municipal computer systems ]
The City of Martinsville disclosed that, on or about March 25, 2026, its technology team became aware of disruptions to municipal computer systems and took steps to stop the incident. Early reporting said some services in the city municipal building could be delayed or limited for the rest of the week. The city later said personal information may have been accessed by the perpetrators, but public reporting did not identify the threat actor, confirm ransomware or encryption, specify the disruption mechanism, or quantify the affected data.
ARC Dialysis LLC
March 25, 2026
•[ ransomware, data leak, Personally Identifiable Information (PII) ]
PEAR claimed responsibility for a cyberattack against ARC Dialysis LLC, an independent U.S. dialysis provider, with ransomware-monitoring sources listing an estimated attack date of March 25, 2026 and discovery on April 7, 2026. DataBreach later indexed 310,566 rows allegedly tied to the breach, including Social Security numbers, dates of birth, emails, phone numbers, names, and street addresses. Public sources did not confirm file encryption, operational disruption, or a precise intrusion vector.
Undisclosed Israeli firm #50
March 24, 2026
•[ cyberattack, data wiping, security cameras ]
Bloomberg reported an Israeli official said Iran-linked hackers stepped up cyberattacks on Israel, wiping the data of more than 50 small businesses in recent weeks and compromising dozens of security cameras. The official stated critical infrastructure such as energy grids, banks, and hospitals was not infiltrated or disrupted, and that most targeted companies had existing cybersecurity vulnerabilities while stronger-defended companies were not affected. Victim names and specific camera locations were not provided in the report.
LiteLLM
March 24, 2026
•[ supply chain attack, malware, credential theft ]
TeamPCP used compromised release access to publish malicious LiteLLM versions to PyPI, embedding code that exfiltrated secrets and established persistence on systems that installed the poisoned packages.
Aroostook Mental Health Center
March 24, 2026
•[ ransomware, data leak, network disruption ]
Aroostook Mental Health Center said a recent network disruption affected some business operations and temporarily interrupted connectivity, while outside reporting linked the incident to the Qilin ransomware group and a related leak-site extortion claim.
At least one TikTok Business account
March 24, 2026
•[ phishing, adversary-in-the-middle, credential theft ]
Threat actors used adversary-in-the-middle phishing pages impersonating TikTok for Business and Google Careers to capture credentials and session cookies and hijack at least one TikTok Business account while bypassing 2FA.
Port of Vigo
March 24, 2026
•[ ransomware, critical infrastructure, logistics ]
A ransomware attack disrupted digital systems at Spain's Port of Vigo, affecting servers used for cargo traffic and other services, locking some equipment, and forcing parts of the port's logistics coordination to shift to manual procedures.
Hong Kong Correctional Services Department
March 24, 2026
•[ unauthorized access, data breach, personal data leak ]
Hong Kong's Correctional Services Department said a hacker illegally accessed its internal Knowledge Management System on March 24, 2026 and then accessed another system containing personal data of about 6,800 current and former staff.
Centrum Medyczne Eskulap
March 24, 2026
•[ ransomware, medical records, encryption ]
Centrum Medyczne Eskulap reported that a ransomware attack on March 24, 2026 encrypted servers dedicated to patient services and blocked access to medical data and medical histories; reporting also said there was a high probability patient data may have been obtained before encryption, but no theft was confirmed.
Mercor
March 24, 2026
•[ supply-chain compromise, data leak, source code theft ]
Mercor confirmed it was affected by the LiteLLM supply-chain compromise linked to TeamPCP. Lapsus$ claimed to have stolen more than 4 TB of Mercor data, including a 200+ GB database, nearly 1 TB of source code, and 3 TB of videos and other information; TechCrunch reviewed a sample containing Slack data, ticketing data, and apparent contractor-video material, while Mercor said it contained and remediated the incident and was investigating with outside forensics experts.
Checkmarx
March 23, 2026
•[ supply chain attack, malware distribution, compromised artifacts ]
TeamPCP used compromised Checkmarx distribution channels to publish malicious versions of developer tooling, exposing users who downloaded the affected artifacts during the publication window.
At least one Ukrainian official
March 23, 2026
•[ phishing, remote administration tool, malware ]
A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.
Liberty
March 23, 2026
•[ unauthorized access, data leak, personal information ]
Liberty notified customers that unauthorized access to personal information had occurred and said the exposed data included names, surnames, and identity numbers, while policies, investments, and services remained secure and operational.
TheBurntPeanut
March 23, 2026
•[ DDoS attack, streaming ]
TheBurntPeanut was forced off a Sea of Thieves stream after a reported DDoS attack interrupted the session shortly after it began.
Russell Cellular
March 23, 2026
•[ data leak, customer records, employee credentials ]
Russell Cellular was reported to be the source of a dataset offered for sale containing alleged customer records and employee credentials.
Le Centre national des œuvres universitaires et scolaires
March 23, 2026
•[ data leak, data exfiltration, personal information ]
The Cnous said data was exfiltrated from its mesrdv.etudiant.gouv.fr appointment platform, exposing personal information from student social-services and housing appointments taken over the past ten years.
Alamo Heights Independent School District
March 23, 2026
•[ ransomware, network attack ]
Alamo Heights ISD suffered a ransomware-related network attack that left the district without Internet access for nearly a week.
Bitcoin Depot
March 23, 2026
•[ unauthorized access, credential theft, cryptocurrency theft ]
Bitcoin Depot detected unauthorized access to its IT systems on March 23, 2026; attackers obtained credentials for digital asset settlement accounts and transferred 50.903 Bitcoin, worth about $3.665 million, from company wallets, while customer platforms and data were not affected.
Pick n Pay Stores Limited
March 23, 2026
•[ data breach, dark web, customer information ]
Pick n Pay confirmed a data breach involving customer information from an older version of its on-demand delivery platform, first known as Bottles and later Pick n Pay asap!. Reporting said the historical customer dataset had been offered for sale on a dark-web forum since March 23, 2026 and included names, contact details, residential addresses, dates of birth, partial payment-card information, encrypted passwords, and certain banking details. Public reporting did not identify the threat actor, encryption, data destruction, or operational disruption.
Resolv
March 22, 2026
•[ DeFi, cryptocurrency theft, exploit ]
The Record reported that an attacker exploited Resolv DeFi, walking away with about $24.5 million in ETH after creating unbacked assets and causing potential secondary market impacts. Resolv posted an on-chain message offering the attacker 10% of the stolen ETH if they returned the remaining funds and ceased activity, threatening exchange coordination, law enforcement contact, and legal action otherwise. Reporting referenced a Chainalysis postmortem describing the incident as a failure of security assumptions around off-chain infrastructure. The attacker and access method were not publicly identified in the article excerpt.
