DraftKings
October 2, 2025
•[ credential stuffing ]
Credential stuffing allowed unauthorized access to a small number of customer accounts and limited data; company says internal systems not breached and no financial loss.
Latvian government portals
October 2, 2025
•[ ddos ]
Large DDoS disrupted access to many Latvian state and municipal websites; services restored after roughly an hour; investigation ongoing.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire Corporation
October 2, 2025
•[ data leak ]
Retailer reported Oct 2 breach of e-commerce database impacting customer information across multiple banners.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
United States Air Force
October 2, 2025
•[ data leak ]
USAF investigating a SharePoint permissions issue leading to exposure of PII/PHI; SharePoint access was blocked Air Force-wide while Microsoft and authorities investigate; no attribution yet.
BNB Chain
October 1, 2025
•[ phishing ]
BNB Chains X account was hijacked and used to post phishing links; control was restored and malicious posts removed; no data theft reported.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
Kaufman County
October 1, 2025
•[ data leak, identity theft, government ]
A letter dated Oct 1 states personal data in Kaufman County systems may have been accessed; residents received 24 months of credit monitoring. This disclosure came three weeks before a second October incident, indicating repeated compromise pressure against the countys environment and elevating identity-theft risk even where misuse is not yet observed.
Multiple banks
October 1, 2025
•[ jackpotting, physical compromise ]
Report headline describes ATM jackpotting activity in Baton Rouge; specific victim bank(s) and loss amounts not accessible; likely cash-out via logical/physical compromise of ATMs.
Georgetown Brewing Co.
October 1, 2025
•[ data leak ]
Class-action notice cites brewerys disclosure of a cybersecurity incident impacting nearly twenty thousand people with PII; vector not detailed.
Jennings O'Donovan
October 1, 2025
•[ data leak ]
Engineering firm Jennings O'Donovan in County Sligo, Ireland experienced unauthorized access to part of its IT system used for the governments defective block grant scheme. The intrusion occurred in early October 2025 and potentially exposed personal data of roughly 861 applicants, while financial systems remained secure. Authorities consider it consistent with financially motivated criminal activity.
Merkle, Inc. (Dentsu Group)
October 1, 2025
•[ data leak, ransomware ]
Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
Canadian water facility
October 1, 2025
•[ hacktivism, critical infrastructure, industrial control system ]
Hacktivists tampered with water-pressure valves at a Canadian water facility, degrading water service to the local community; actions intended to draw attention to activist causes.
Undisclosed Canadian oil & gas company
October 1, 2025
•[ hacktivism, operational technology ]
Hacktivists manipulated an automated tank gauge system at a Canadian oil & gas company, triggering erroneous alarms; no injuries or physical damage reported.
Kansas City National Security Campus network
October 1, 2025
•[ vulnerability exploitation, espionage, nation-state actor ]
CSO reports KCNSC (NNSA nuclear components plant) was infiltrated via unpatched on-prem SharePoint. Microsoft tied the wider wave to China-linked actors, while a KCNSC source suggested a Russian group; DOE later said the department was minimally impacted. Primary effect: covert access/collection, not OT disruption.
Undisclosed Canadian farm
October 1, 2025
•[ Hacktivism, Sabotage, Operational Technology (OT) ]
Hacktivists manipulated temperature and humidity parameters in a grain-drying silo at a Canadian farm, creating unsafe conditions that were detected and mitigated before damage occurred.
WhatsApp users in Bijnor, Uttar Pradesh
October 1, 2025
•[ malware, phishing, data leak ]
Several WhatsApp users in Bijnor, Uttar Pradesh had their Android phones compromised after downloading a fake wedding invitation via WhatsApp. The malware granted remote access, exposing personal messages, photos, and financial app data. Victims filed complaints with the Bijnor Cyber Crime Police Station; authorities believe multiple individuals across the district were affected.
Gcore
October 1, 2025
•[ DDoS attack, botnet, volumetric flood ]
Technology site CDR.cz and an underlying TechRadar report describe how gaming hosting and cloud provider Gcore was hit in October 2025 by one of the largest DDoS attacks ever recorded, a so called short burst volumetric flood that generated roughly 6 terabits per second of traffic and about 5.3 billion packets per second over 30 to 45 seconds. Analysis attributed the event to the AISURU botnet, with more than half of the malicious traffic sourced from Brazil and about a quarter from the United States, suggesting widespread abuse of poorly secured systems in those regions. Gcore stated that its globally distributed DDoS protection network, with over 210 points of presence and more than 200 terabits per second of filtering capacity, absorbed the attack and kept services online, but security experts warned that such brief, intense
Anne Helen Petersen's Substack account
October 1, 2025
•[ phishing, account takeover, impersonation ]
Former Buzzfeed journalist Anne Helen Petersen received a phishing email that imitated a security alert from Substack, warning that her ability to send emails would be frozen unless she verified her account. After she responded, attackers captured her credentials and gained unauthorized access to her Culture Study Substack newsletter and podcast account, which has more than 25,000 followers. The intruders changed the newsletters name to impersonate cryptocurrency wallet company Trezor and added thousands of new email addresses to the mailing list, hijacking her distribution channel to push a crypto-related scam through her audience.
