Detmold Public Utilities
November 16, 2025
•[ ransomware, data leak ]
A ransomware attack against Stadtwerke Detmold forced the municipal utility to shut down its IT infrastructure, leaving the company largely unreachable by phone or email and knocking out online customer portals and related services. Multiple affiliated business units, including energy and public transport operations, were impacted in their back-office systems, though the delivery of electricity, gas, water, and district heating reportedly continued. Police cybercrime teams and external specialists were engaged to stabilize systems, analyze the intrusion, and determine whether customer data was accessed.
Grenoble École de Management
November 15, 2025
•[ data leak ]
Threat actors claimed access to and sale of a large CRM dataset associated with the institution, which the school acknowledged and began investigating.
CodeStepByStep
November 15, 2025
•[ data leak ]
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
CodeStepByStep
November 15, 2025
•[ data leak ]
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.
Petrobras
November 14, 2025
•[ ransomware, data leak ]
Everest ransomware group listed Petrobras and exploration partner SAExploration on its leak site and claims it stole a large seismic survey database with detailed technical information from Petrobras surveys and Campos Basin projects while threatening further action if the company does not contact the group
Trumbull County Recorder’s Office
November 14, 2025
•[ ransomware, data leak, supply chain attack ]
Trumbull County, Ohio reported that a ransomware attack on its third-party vendor C Systems Software led to a security breach affecting systems used for real-estate recordings and property records. County officials said they were alerted around November 14, 2025, and, with help from Ohio Homeland Security and external cybersecurity firm GuidePoint, determined that the same cybercriminals behind the vendor breach had attempted to exploit the county network. While they reported no evidence of successful intrusion into county systems, offices had to fall back on manual processing and suspend some online services for about ten days. The incident is believed to have exposed resident data held by the vendor and has prompted additional security and monitoring measures.
Sund & Bælt
November 14, 2025
•[ denial of service, hacktivism ]
On November 14, 2025, the Storeblt website operated by Sund & Blt was rendered inaccessible due to an external denial-of-service attack. Sund & Blt confirmed the DDoS incident, and DR reported that the pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram as part of a broader campaign targeting Danish entities. No data loss occurred.
Operation Endgame 3.0
November 14, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Sund & Bælt
November 14, 2025
•[ DDoS, Denial-of-service, Hacktivism ]
On November 14, 2025, the Storeblt website operated by Sund & Blt was rendered inaccessible due to an external denial-of-service attack. Sund & Blt confirmed the DDoS incident, and DR reported that the pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram as part of a broader campaign targeting Danish entities. No data loss occurred.
Borger.dk
November 13, 2025
•[ denial of service, hacktivism ]
On November 13, 2025, Denmark's national citizen service portal Borger.dk was targeted and disrupted by an external denial-of-service attack. The pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram. No data loss occurred.
Ministry of Transport of Denmark
November 13, 2025
•[ ddos, hacktivism, government ]
On November 13, 2025, the website of Denmark's Ministry of Transport was disrupted by an external denial-of-service attack. The pro-Russian hacktivist group NoName057(16) claimed responsibility for the attack as part of a broader campaign targeting Danish digital infrastructure. No data loss was reported.
Terma
November 13, 2025
•[ denial of service, hacktivism ]
On November 13, 2025, Danish defense contractor Terma experienced a disruption to its public-facing website due to an external denial-of-service attack. The incident was attributed to the pro-Russian hacktivist group NoName057(16). Terma confirmed that no data were lost.
Government of Denmark
November 13, 2025
•[ denial of service, hacktivism, government ]
On November 13, 2025, additional Danish government websites experienced outages due to external denial-of-service attacks. The Danish Civil Protection Agency confirmed that several sites and companies were affected, and the pro-Russian hacktivist group NoName057(16) claimed responsibility for the coordinated campaign. No data loss was reported.
YouFibre
November 13, 2025
•[ service disruption ]
YouFibre experienced a sustained DDoS attack starting on November 13, 2025, causing intermittent broadband service disruptions across multiple UK regions. The company stated it was working with upstream providers to mitigate the attack, which produced multi-day connectivity instability but no evidence of data compromise.
Attorney General’s Office of the State of Guanajuato (FGEG)
November 13, 2025
•[ ransomware, data leak, double-extortion ]
Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
Eurofiber
November 13, 2025
•[ data leak ]
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files.
Operation Endgame 3.0
November 13, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
Attorney General’s Office of the State of Guanajuato (FGEG)
November 13, 2025
•[ ransomware, data leak, double-extortion ]
Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
SitusAMC
November 12, 2025
•[ data leak ]
Real-estate finance services provider SitusAMC, headquartered in New York, disclosed that on November 12, 2025 it detected a breach affecting internal systems used to support back-office services for major lenders; investigations indicate that corporate data on some clients and unspecified data about their customers were accessed, though SitusAMC reports no impact on business operations and says no encrypting malware was deployed.
