Full List

Search

Recent Breaches

• PlayDapp February 8, 2024 • [ hack, finance ] Threat actors are believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem.
• St. Andrew’s Resources for Seniors System February 8, 2024 • [ data leak ] An unauthorized actor accessed certain employee email accounts; suspicious activity was detected on 2024-02-08. Review concluded 2025-01-06, and notifications began 2025-02-07.
• Critical infrastructure network in the United States February 7, 2024 A joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies reveal that the Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered.
• Greylock McKinnon Associates February 7, 2024 Greylock McKinnon Associates reports a data breach, telling victims that personal information like Social Security numbers and more were accessed during an incident last May.
• Multiple organizations in South Korea February 7, 2024 Researchers from S2W discover a Go language-based information-stealing malware distributed from a security program download page, dubbed Troll Stealer, attributed to the Kimsuky North Korean threat actor and targeting users in South Korea.
• John P. Meehan Agency February 7, 2024 • [ email compromise, data leak ] John P. Meehan Agency disclosed that it discovered unusual network activity on July 8, 2024 and later confirmed unauthorized access to a single employee email account between July 2 and July 8, 2024, during which data on the account was acquired. The agency reported that impacted information varied by individual and could include highly sensitive identifiers (SSNs and government IDs), financial account/payment card data, dates of birth, and medical information. Affected individuals began receiving notice in November 2025, more than a year after the email account compromise was discovered.
• iTITAN Hosting February 6, 2024 • [ hack, technology ] iTITAN Hosting, another hosting provider in Romania, suffers a data breach.
• CBIZ Benefits & Insurance Services February 6, 2024 CBIZ Benefits & Insurance Services (CBIZ) discloses a data breach that involves unauthorized access of client information stored in specific databases.
• Japanese Ministry of Foreign Affairs February 5, 2024 • [ leak, espionage, government ] A government source reveals that classified Japanese diplomatic documents were leaked after a Chinese cyberattacks on the Ministry of Foreign Affairs.
• Pennsylvania’s court system February 4, 2024 • [ hack, ddos, government ] Pennsylvanias court system is hit with a distributed denial-of-service (DDoS) attack and experiences disruptions.
• State Street February 4, 2024 • [ leak, finance ] State Street files a notice of data breach after discovering that an unauthorized party was able to access confidential information in the companys possession.
• Northern Light Health February 4, 2024 • [ hack, healthcare ] Northern Light Health is hit with a cyber attack.
• Prudential Financial February 4, 2024 • [ ransomware, malware, finance ] Prudential Financial discloses that its network was breached, with the attackers stealing employee and contractor data before being blocked from compromised systems. Few days later the ALPHV/BlackCat ransomware gang claims responsibility for the attack.
• Undisclosed U.S. Company February 4, 2024 Researchers at Volexity reveal that the Russian state threat actor APT28 breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack."
• Arab Civil Aviation Organization (ACAO) February 4, 2024 • [ sql injection, data leak, cyber-espionage ] Threat actors exploited a vulnerable web application belonging to the Arab Civil Aviation Organization via SQL injection, exfiltrating staff and member credentials and communications. The stolen data, published on dark-web forums on February 4 2024, was identified by Resecurity, which assessed the activity as part of a cyber-espionage campaign targeting aviation-safety specialists across multiple Arab states.
• Cooper Aerobics February 3, 2024 • [ hack, misconfiguration, healthcare ] Cooper Aerobics files a notice of data breach after discovering unauthorized access to its computer network.
• Multiple government agencies in the Philippines February 2, 2024 • [ espionage, government ] Government agencies in the Philippines announce they had repelled a cyberattack from threat actors suspected to be based in China.
• Municipality of Germantown February 2, 2024 • [ ransomware, malware, government ] Tennessee's Germantown announces a ransomware attack.
• Ukrainian military February 2, 2024 • [ espionage, malware, government ] Researchers from Securonix reveal the details of the STEADY#URSA campaign, an ongoing operation carried on by the russia-linked APT group Shuckworm (aka Gamaredon, and Primitive Bear, targeting the Ukrainian military with a new PowerShell backdoor called Subtle-Paws
• Municipality of Korneuburg February 2, 2024 • [ ransomware, malware, government ] The municipality of Korneuburg in Austria says it was hit by a LockBit ransomware attack, leading to funerals reportedly being canceled and the town hall informing residents its staff can only be reached via telephone.