Full List

Search

Recent Breaches

• GlobalLogic October 1, 2025 • [ ransomware, data leak, extortion ] cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
• Undisclosed Uzbekistan organization October 1, 2025 • [ nation-state, phishing, malware ] A nation-state actor known as Bloody Wolf expanded operations to Uzbekistan using geofenced spearphishing delivering malicious JAR loaders that installed NetSupport RAT for persistent access; no data theft was reported.
• New Mexico Public Defender Department September 30, 2025 • [ ransomware ] Ransomware detected Sept 30 2025 shut down New Mexicos Public Defender Department, locking access to thousands of active case files and delaying court filings for about ten days. No data theft or leak has been reported.
• Comcast Corporation September 29, 2025 • [ ransomware, malware, technology ] Medusa ransomware group claimed theft of 834.4 GB (167,121 files) from Comcast, including internal actuarial, claims, and modeling information. Attackers demanded USD 1.2 million to delete or release data; no encryption or operational disruption reported.
• Asahi Group (Japan operations) September 29, 2025 • [ ransomware, malware, manufacturing ] A ransomware attack disrupted Asahi Groups Japanese operations, fully halting order processing, shipping logistics, and customer service systems nationwide. Beer production stopped at six domestic plants for about a week, and only partial restoration was achieved by October 6 2025. Asahi confirmed the attack targeted internal servers but reported no confirmed data exfiltration or actor attribution.
• National Health Service (NHS UK) September 29, 2025 • [ ransomware, data leak ] Cl0p ransomware actors exploited an Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882) as part of a broader campaign and contacted The Washington Post on 29 September 2025 claiming access to its Oracle EBS applications. A Maine Attorney General breach filing and subsequent reporting confirmed that Cl0p exfiltrated Washington Post data and that 9,720 individuals had their personal and financial information exposed, including names, bank account and routing numbers, Social Security numbers and tax IDs. The incident appears to be data-theft-focused with no confirmed operational disruption at the newspaper.
• Richmond Behavioral Health Authority (RBHA) September 29, 2025 • [ ransomware, data leak ] Richmond Behavioral Health Authority (RBHA), a public mental health services provider for the City of Richmond, reported a ransomware attack that began on September 29, 2025 and was identified on September 30, after which RBHA said it removed the attacker from its network. Despite rapid eviction, RBHA disclosed that an unknown actor may have accessed sensitive information including names, Social Security numbers, passport numbers, and financial account and health information. Reporting stated RBHA told U.S. HHS that 113,232 individuals were affected. The Qilin ransomware group later claimed responsibility and published a large dataset allegedly stolen from RBHA, consistent with a double-extortion incident involving both encryption and data exfiltration.
• Moldova Central Electoral Commission / election infrastructure September 27, 2025 • [ hack, ddos, government ] During Moldovas 2025 parliamentary election, distributed denial-of-service (DDoS) attacks targeted the Central Electoral Commissions public websites, briefly disrupting access for several hours with peaks around 400 Gbps. Officials accused Russian-aligned actors of interference, but attribution remains unconfirmed. Voting systems were unaffected.
• Undisclosed Italian Government Department (via Libraesva ESG vulnerability) September 27, 2025 • [ hack, government ] Libraesva confirmed that a zero-day vulnerability in its Email Security Gateway (ESG) was exploited beginning September 27 2025 by state-sponsored hackers to access one Italian government departments email system. The company released an emergency patch and reported no encryption or broader impact.
• RemoteCOM (SCOUT Monitoring Software) September 26, 2025 • [ leak, technology ] DataBreaches.net reported that RemoteCOM, developer of the SCOUT monitoring platform used by law enforcement, was breached in late September 2025. Attackers exfiltrated data on approximately 6,900 officers and 14,000 monitored clients. No encryption or operational disruption was reported.
• Avnet September 26, 2025 • [ data leak ] Avnet confirmed unauthorized access to externally hosted database supporting EMEA sales tool; company says most stolen data unreadable without proprietary tool; samples include non-sensitive PII.
• Cancer patient in charity livestream September 25, 2025 • [ financial, malware, healthcare ] A serious accusation in Argentina alleged that influencer Valentn scammed a cancer patient during a charity livestream using a video game called BlockBlasters, which contained hidden malware that stole cryptocurrency from the victims wallet.
• Kido Schools (nursery chain) September 25, 2025 • [ ransomware, data leak ] Hackers calling themselves Radiant stole sensitive child and parent data from Kido Schools, posting victims profiles online to extort a 600,000 ransom; after public backlash they blurred then deleted the leaked material.
• Undisclosed targets in Russian civil society September 24, 2025 • [ hack, malware ] Russia-linked APT COLDRIVER conducted a new ClickFix-style campaign delivering BAITSWITCH (DLL downloader) and SIMPLEFIX (PowerShell backdoor) against civil-society targets; technique involves fake CAPTCHA/checkbox leading to command execution and C2 beacons.
• Russia’s System for Fast Payments (SBP) September 24, 2025 • [ financial, ddos, finance ] Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
• Arizona Federal Public Defender’s Office September 24, 2025 • [ ransomware, data leak ] Ransomware detected Sept 24 2025 crippled Arizonas Federal Public Defender Office, encrypting decades of case files and deleting backups. Investigators suspectbut have not confirmeddata exfiltration. No threat group has claimed responsibility.
• Autorità Portuale del Mar Ligure Occidentale and Regione Liguria September 23, 2025 • [ hack, ddos, government ] On September 23, 2025, the pro-Russian hacktivist group Noname057 launched a distributed denial-of-service (DDoS) attack targeting the websites of Ligurias regional government and the Port Authority of the Western Ligurian Sea. The attack caused only partial service degradation and web slowdowns before being mitigated by Liguria Digitale and Italys cybersecurity agency. No data theft was reported.
• Teleradio-Moldova (Public TV and Radio) September 23, 2025 • [ hack, ddos, technology ] On September 23 2025, Moldovas public television and radio websites were targeted by coordinated denial-of-service attacks, briefly disrupting online access. CERT-GOV-MD linked the activity to pro-Russian hacktivists amid regional political tensions. Systems were restored the same day with no data exfiltration reported.
• City of Michigan September 23, 2025 • [ ransomware ] Ransomware on Sept 23 impacted part of city data and employees internet/telephone; systems being restored.
• Margaritaville at Sea September 23, 2025 • [ ransomware, data leak ] Margaritaville at Sea reported that on September 23 a ransomware group identified as Lynx infiltrated company systems and exfiltrated sensitive passenger personal data and protected health information; no operational disruption or internal data loss was confirmed.