Allegis Group (parent of Aerotek, TEKsystems, MarketSource, etc.)
September 10, 2025
•[ leak, technology ]
Everest listed Allegis on its leak site, claiming access to internal docs and large client-contact datasets; Cybernews saw two screenshots but no samples beyond that; Allegis had not commented and no outage/encryption was reported
Kido International (London Nurseries)
September 10, 2025
•[ ransomware, education ]
Ransomware group Radiant claimed intrusion into Kido Internationals London nursery network in early September 2025, stealing data on over 8,000 children. The group leaked samples and demanded ransom. Kido confirmed the breach in late September but reported no encryption or operational disruption.
Movement “Другaя Украина”
September 9, 2025
•[ hack, ddos ]
DDoS attack against the Other Ukraine movements website limited access; technical teams working to restore availability; no attribution or data breach reported.
WIRED
September 8, 2025
•[ data leak ]
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Cond Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Cond Nast brands the hacker also claims to have obtained.
Indian Hotels Company Limited
September 5, 2025
•[ hack, malware ]
Indian Hotels Company Limited (IHCL) reports malware incident, taking immediate action to secure systems and monitoring the situation closely.
KakaoTalk account of a South Korea–based counselor
September 5, 2025
•[ spear-phishing, malware, credential theft ]
According to research by Genians reported by BleepingComputer, a North Korean activity cluster linked to APT37 and KONNI targets South Koreans via spear-phishing emails that spoof national agencies and deliver signed MSI installers. Once executed, the chain installs a remote access toolkit that steals Google and Naver account credentials, giving attackers full
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, government ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
Scarva Street Surgery
September 3, 2025
•[ hack, healthcare ]
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June.
Sun Valley Surgery Center
September 3, 2025
•[ data leak ]
During a September 3, 2025 incident, an unauthorized third party accessed Sun Valley Surgery Centers information systems; more than 27,000 individuals sensitive personal and protected health information may have been exposed, though the facility reports no confirmed misuse or operational disruption.
MetroWest Community Federal Credit Union
September 3, 2025
•[ ransomware, data leak ]
MetroWest Community Federal Credit Union disclosed that unauthorized access to its systems in early September 2025 resulted in the compromise of sensitive member information, with the incident attributed to the Akira cybercriminal group.
Indonesian National Police Mobile Brigade Corps
September 2, 2025
•[ hack, government ]
The site with the address korbrimob.polri.go.id has been inaccessible since Tuesday afternoon, September 2, 2025, at 15.07 WIB.
Bridgestone Americas
September 2, 2025
•[ hack, manufacturing ]
A cyber incident disrupted production at Bridgestone Americas plants in South Carolina and Quebec. IT systems required shutdown; staff performed preventive maintenance or were sent home. Incident was contained rapidly with no data loss, and operations have since normalized.
Indigo Publications (Glitz Paris, La Lettre, Africa Intelligence, Intelligence Online)
September 2, 2025
•[ hack, ddos, technology ]
Indigo Publications reported a massive DDoS campaign in early September 2025 targeting its web infrastructure, rendering Glitz Paris and other affiliated media outlets intermittently inaccessible. Motive unconfirmed but suspected retaliation for investigative reporting.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, malware, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Prosper
September 2, 2025
•[ data leak ]
Prosper disclosed September breach; HIBP reports 17.6M affected with sensitive data
Mecklenburg County Public Schools
September 2, 2025
•[ ransomware ]
Ransomware disrupted classes; district reported incident and restoration after a week.
California Casualty Companies
September 2, 2025
•[ data leak ]
California Casualty Companies reported that an unauthorized third party accessed company systems on September 2 and acquired files containing customer personal, financial, insurance, and identification information; no operational disruption or actor attribution was reported.
Ordine dei Giornalisti del Lazio
September 1, 2025
•[ ransomware, malware, government ]
A sophisticated ransomware attack targeted the IT infrastructure and internet access of the Lazio Journalists Order in Rome affecting over 20 000 members. The group DragonForce is suspected and authorities and data protection bodies are involved.
Austrian Ministry of the Interior
September 1, 2025
•[ hack, government ]
A professional cyberattack compromised about 100 government email accounts. IT systems were disconnected; investigations launched. No sensitive citizen or law enforcement data was impacted. Attack vector remains unconfirmed.
Waterford Surgical Center
September 1, 2025
•[ ransomware, malware, healthcare ]
Safepay ransomware group attacked Waterford Surgical Center on September 1, 2025, claiming access to internal systems and exfiltration of sensitive patient and payment data. No disclosure of affected numbers.
