Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Condé Nast / WIRED.com
December 20, 2025
•[ data leak ]
Hacker Lovely leaked 2.4M WIRED.com subscriber records (emails, names, IDs, contact info). Dataset verified by breach researchers and indexed by Have I Been Pwned. No official confirmation from Cond Nast; actor claims 40M more records may follow.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Square Enix / Final Fantasy XIV
December 19, 2025
•[ ddos, service disruption ]
Final Fantasy XIV experienced service disruption from recurring distributed denial-of-service (DDoS) activity reported around mid-to-late December 2025, impacting players ability to log in and remain connected to the game. Public reporting described repeated disconnects and instability affecting the titles North American data centers during peak play periods around the Patch 7.4 release window.
Club Atletico River Plate
December 19, 2025
•[ ransomware, data leak ]
On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
Hello Cake, Inc.
December 19, 2025
•[ data leak ]
Hello Cake, Inc. reported a cybersecurity incident involving unauthorized access to company systems that resulted in exposure of sensitive business information.
Nexar
December 19, 2025
•[ data leak ]
Nexar disclosed a cyber incident in which attackers gained unauthorized access to internal systems, prompting an investigation into potential data exposure.
Lexipol
December 19, 2025
•[ data leak ]
Lexipol experienced a cyberattack that led to unauthorized access to its systems, affecting data associated with public safety and law enforcement clients.
Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP)
December 19, 2025
•[ data leak, third-party breach ]
Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.
Undisclosed Ghana financial institution
December 19, 2025
•[ ransomware, data leak ]
A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
At least one organization in Japan
December 18, 2025
•[ data leak ]
A cyberattack targeted at least one organization in Japan, resulting in unauthorized access to internal systems and raising concerns about potential data exposure.
Passenger ferry owned by GNV
December 17, 2025
•[ malware, foreign interference, sabotage ]
French authorities reported that the passenger ferry 'Fantastic' (operated by Italian shipping company Grandi Navi Veloci, GNV) was infected with malware while docked in the port of Ste, France. Officials stated the malware could have enabled the ship to be remotely controlled, prompting an investigation into possible foreign interference. Prosecutors said a Latvian national was arrested and charged after the malware was discovered.
Naftali Bennett's phone
December 17, 2025
•[ data leak, hacking ]
Israel National News reported that the Iranian-affiliated hacker group Handala claimed it infiltrated Naftali Bennetts personal iPhone 13 as part of Operation Octopus and published files it said were extracted from the device, including a contact list with names of senior Israeli officials, internal communications, sensitive documents, and personal photos. The outlet also reported Bennett responded that the matter was being handled by security authorities. Subsequent coverage elsewhere reported Bennetts office said tests indicated the phone was not hacked, though content tied to his accounts/contacts circulated online; the exact extent of compromise is therefore not fully verified beyond an unauthorized leak claim.
Pass'Sport
December 17, 2025
•[ data leak ]
In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.
At least one organization in the energy sector
December 16, 2025
•[ energy sector, unauthorized access, operational disruption ]
An organization operating in the energy sector was targeted by cyber activity that sought to access or interfere with systems supporting energy operations.
APOIA.se
December 16, 2025
•[ data breach, data leak, PII exposure ]
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
SoundCloud
December 15, 2025
•[ data leak, ddos ]
SoundCloud disclosed that it detected unauthorized activity involving an ancillary service dashboard and investigated the incident with external experts. SoundCloud said an attacker accessed information for roughly 20% of user accounts, limited to email addresses and information visible on public SoundCloud profiles, and stated that passwords and payment information were not exposed. The company implemented additional security controls, forced logouts and token rotations, and temporarily restricted some access while mitigating follow-on activity; it also reported experiencing a DDoS attack that contributed to short-lived service availability issues on the web version.
The Minersville School District
December 15, 2025
•[ malware ]
Minersville Area School District reported a cybersecurity incident after security tools detected attempts to install malware on certain district systems on Monday, December 15, 2025. As a precaution, the district took its computer network offline to contain any potential infection and engaged cybersecurity specialists to investigate the activity, validate system integrity, and plan a safe restoration. The network shutdown disrupted district operations and led to the closure of schools on Tuesday, December 16, 2025. Public reporting did not confirm whether data was accessed or exfiltrated, and the incident was described primarily as a malware-install attempt and precautionary outage.
Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary)
December 15, 2025
•[ ransomware, unauthorized access, data leak ]
Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
