Undisclosed Financial Institution
September 15, 2025
•[ data leak, nation-state, vulnerability exploitation ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed financial institution where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Chemical Manufacturer
September 15, 2025
•[ data leak, nation-state, AI-automated attack ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed chemical manufacturer where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Government Agency
September 15, 2025
•[ nation-state, data leak, vulnerability exploit ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed government agency where sensitive information was stolen via exploitation of application server infrastructure.
Central Election Commission (CEC) of Russia
September 14, 2025
•[ hack, ddos, government ]
Regulator reported 99 DDoS attacks on CEC/Moscow IT/online voting portal on Sept. 14 (3h40m total), but CEC said voting and systems operated normally.
Central Election Commission of the Russian Federation
September 14, 2025
•[ hack, ddos, government ]
HUR/GUR executed DDoS against Russias election infrastructure to hinder online voting; Russia confirmed sustained attacks causing intermittent outages/slowdowns, router reboots, and later restoration; CEC tallied 500k+ attack events.
VAS AG
September 14, 2025
•[ ransomware, malware, manufacturing ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"VAS AG reported a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"ransomware"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident on 09/14/2025 disrupting daily operations; systems were disconnected from the internet, authorities notified, and recovery underway; no attribution or data-theft confirmation yet."}]}
Miljodata
September 14, 2025
•[ hack, leak, technology ]
Cyberattack on Miljdata led to theft and dark-web leak of data on >1.5M people; Datacarry claimed responsibility; prosecutor rules out state involvement at this time. Data includes PII/personal numbers; hundreds of municipalities and some companies (e.g., Volvo, SAS) impacted.
Uvalde Consolidated Independent School District
September 13, 2025
•[ ransomware, malware, education ]
Ransomware detected on UCISD servers led to cancellation of most/all classes the week of Sept. 15; investigation and recovery continued, with essential safety/operations systems disrupted; classes to resume Sept. 22; district reports no data breach
Wood Personnel Services
September 12, 2025
•[ data leak ]
Wood Personnel Services reported unauthorized access to certain files on its network discovered in September 2025. The company stated that files containing personal information may have been accessed without authorization and notified affected individuals in December 2025. No operational disruption or data volume was disclosed.
KT Corp
September 11, 2025
•[ leak, technology ]
KT reported a breach where rogue mini base stations intercepted traffic, leading to a possible IMSI leak for 5,561 subscribers; authorities notified (PIPC), customers alerted, compensation pledged; broader probes ongoing.
Ministry of Economy and Finance of Panama
September 11, 2025
•[ ransomware, malware, government ]
MEF reported a malware incident on one workstation and containment with no impact to core platforms; INC Ransom simultaneously claimed an intrusion and >1.5 TB data theft with proof-of-hack samples. Extent of breach remains unconfirmed.
Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Geedge Networks
September 11, 2025
•[ leak, technology ]
Largest known Great Firewall leak exposed online on Sept. 11, 2025: hundreds of GB from Geedge Networks and MESA Lab (IIE CAS) covering DPI/SSL fingerprinting, VPN detection, build/runbooks, and packaging repos; links provided for public download; no operational disruption reported.
Google
September 11, 2025
•[ hack, technology ]
Group posted screenshots alleging access to CJIS and Google LERS; Google confirmed only a fraudulent LERS account, disabled before use, with no data accessed; FBI declined comment. No confirmed victims or exfiltration.
National Credit Information Center (CIC)
September 11, 2025
•[ data leak ]
Personal/credit records for citizens and companies held by the State Banks CIC; Vietnams CERT confirmed data theft with scope still being assessed; operations continued without disruption.
Virginia Urology
September 11, 2025
•[ data leak, ransomware ]
DataBreaches reported that threat actors calling themselves MS13-089 claimed they hacked Virginia Urology on November 9, 2025 and exfiltrated about 927 GB of data, while stating they did not encrypt systems so as not to harm the patients. The outlet reviewed sample files and described faxed referrals and medical reports whose filenames appeared to include patients names and dates of birth, with additional pages containing extensive protected health information such as insurance and contact details and clinical histories. Virginia Urology had not publicly confirmed the incident or responded to inquiries in the reporting, but the presence of leaked sample data indicates unauthorized access and exfiltration consistent with an exploitive breach.
London North Eastern Railway
September 10, 2025
•[ leak ]
LNER disclosed that a supplier breach led to unauthorised access to customer files containing contact details and past journey info; no financial data or passwords affected; services unaffected; investigation ongoing and customers urged to be vigilant.
Campaign of Denis Pasler
September 10, 2025
•[ hack, ddos, government ]
United Russia said a DDoS knocked the Pasler campaign site offline late Sept 10; local media confirmed downtime overnight/morning. Residents also received mass SMS urging votes for Pasler, which the party disowned; observers advised not to follow suspicious links. No data theft
Unnamed European DDoS mitigation
September 10, 2025
•[ hack, ddos, malware ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"A massive DDoS (UDP packet flood) reached "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"1.5 Bpps"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" against an unnamed European DDoS-scrubbing provider; traffic originated from IoT/MikroTik botnets spanning thousands of networks; "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"FastNetMon"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" mitigated the attack; no data theft reported."}]}
National Credit Information Center (CIC), State Bank of Vietnam
September 10, 2025
•[ hack, leak, financial ]
VNCERT confirmed signs of intrusion targeting personal-data theft at CIC; ShinyHunters/Scattered Spider claimed ~160M records, allegedly exploiting end-of-life software; data offered for sale with samples posted.
