VSK Insurance Joint-Stock Company
November 12, 2025
•[ ransomware ]
Russian insurer VSK disclosed that a large-scale cyberattack beginning around November 12, 2025 severely disrupted its IT systems and online services. Customers across Russia reported being unable to access the companys website, mobile app, and email, and some healthcare providers delayed or cancelled appointments because they could not verify insurance coverage. VSK said it was working with law enforcement and cybersecurity experts and claimed that no confirmed evidence of data theft had been found, while independent specialists suggested the incident was probably ransomware. The attack significantly impacted delivery of insurance and related health services nationwide.
At least one Andorid user in Latin America
November 12, 2025
•[ malware, ransomware, phishing ]
The Record described a newly identified Android malware/ransomware campaign (DroidLock) distributed through phishing websites that trick users into installing fake apps and then lock devices behind a ransom message. The reporting focuses on a broad campaign targeting Spanish-speaking users rather than a single named victim organization with a discrete primary effect suitable for this datasets event unit. Because there is no specific victim organization, confirmed disruption window, or bounded impact scope for one entity, it is not coded here as an individual cyber event record.
Mikord
November 12, 2025
•[ data leak, sabotage, hacktivism ]
The Record reported that an anonymous hacker group allegedly breached Mikords servers and provided a trove of internal documents to an anti-war human rights group, including source code, technical and financial records, and internal correspondence. The report stated the hackers claimed months-long access and said they destroyed parts of Mikords infrastructure; Mikords website was reportedly offline for days and had been defaced earlier in December. While the company did not publicly acknowledge involvement in Russias military registry, investigative verification cited in the article indicated the leaked materials supported its participation, suggesting the breach had both data-theft and disruptive/destructive elements.
French Ministry of the Interior
November 12, 2025
•[ government, data leak, email compromise ]
Frances Interior Minister confirmed that the Ministry of the Interior experienced a cyberattack affecting its email servers. The intrusion was detected overnight between 12/11/2025 and 12/12/2025 and enabled the threat actors to access the ministrys email infrastructure and some document files. At the time of public confirmation, officials had not confirmed whether data was exfiltrated. In response, the ministry reported implementing standard containment procedures, tightening security protocols, and strengthening access controls. French authorities opened an investigation to determine the origin, intent, and full scope of the breach; possible explanations cited publicly included foreign interference, activists, or cybercriminals. The ministry is a high-value target given its responsibility for police forces, internal security, and immigration services.
At least one individual dowloading One Battle After Another torrent
November 12, 2025
•[ malware, trojan ]
This article summarizes Bitdefenders reporting on a malware distribution campaign that uses fake torrents claiming to contain a Leonardo DiCaprio film (One Battle After Another). The torrent bundle reportedly contains shortcut and script components that trigger a multi-stage infection chain leveraging PowerShell and other built-in Windows utilities, culminating in memory-resident deployment of the Agent Tesla remote access trojan
Orion Telecom
November 12, 2025
•[ ddos, service disruption ]
TASS reported that Orion Telecom, described as the largest provider in Krasnoyarsk, experienced a powerful DDoS attack attributed to sources in foreign countries. The provider stated it repelled the attack and fully restored network operations, with central services stable again after engaging internal AntiDDoS capabilities and federal-scale external information security partners. The report indicates the disruption required building tailored protections for specific buildings/cities, implying service degradation/outage for some customers during mitigation. No data theft was described; the primary effect reported was disruption to communications services that was later restored.
Ireland's Office of the Ombudsman
November 12, 2025
•[ ransomware, service disruption ]
The Office of the Ombudsman in Ireland reported that it was the victim of a ransomware attack involving unauthorized access to its IT systems on December 11, 2025. As part of containment, the Office took systems offline and worked with the National Cyber Security Centre and external specialists to investigate and restore services, while notifying law enforcement and the Data Protection Commission. The Office later stated it was confident no personal data had been taken in the incident, and it incrementally restored services, reporting by early January 2026 that public-facing services were back online. The incident primarily caused disruption through precautionary shutdown and recovery operations rather than publicly reported data theft.
Telecom company in Khabarovsk
November 11, 2025
•[ ddos ]
A Kommersant Komsomolskaya Pravda article on cyberthreat statistics for Russia's Far East notes that security teams from MTS and RED Security logged more than fifty thousand DDoS attacks nationwide between July and September 2025, including a record setting assault on a telecom company in Khabarovsk where malicious traffic hammered the firm's online resources continuously for over thirty hours, highlighting that telecom, IT, transport, construction and government organizations in the region have become prime targets for attackers and underscoring calls for local businesses to invest in stronger cyber defences.
International Kiteboarding Organization
November 11, 2025
•[ data leak ]
In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.
The Chamber of Deputies of Chaco
November 10, 2025
•[ ransomware, government, cybercrime ]
The Chamber of Deputies of Chaco province in Argentina reported that a cybersecurity incident affecting part of its server infrastructure had been identified as a ransomware attack, prompting technicians and the state IT firm ECOM Chaco to shut down the official website, the online system for tracking legislative procedures and the electronic legal digest while they contained the intrusion and preserved institutional information; authorities filed a criminal complaint with the provincial cybercrime unit and emphasized that maintaining the continuity of essential legislative functions and the security of data were priorities during the response.
Princeton University
November 10, 2025
•[ phishing, data leak ]
A phone phishing scam enabled unauthorized access to Princeton Universitys Advancement database containing alumni, donor, student, parent, and some faculty information; the breach lasted under 24 hours and the university has not determined what data was viewed or extracted.
Weda (Medical Software)
November 10, 2025
•[ cyberattack, denial of service, healthcare ]
On November 10, 2025, Weda medical software used by general practitioners across France experienced a major cyberattack that rendered the system inaccessible. Physicians were unable to view or transmit patient medical records for several days. Service resumed only in degraded mode on November 14. No evidence of data encryption or exfiltration has been reported.
Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
Manassas City Public Schools
November 9, 2025
•[ cybersecurity incident, network disruption ]
Manassas City Public Schools in Virginia announced that all schools would be closed on Monday, November 10, 2025, after a cybersecurity incident disrupted phone and network systems across the district. According to statements from Superintendent Kevin Newman reported by WJLA and FOX 5, the breach was discovered over the weekend, more than 7,000 families were notified, and the district experienced significant connectivity and telephone outages while physical school security remained unaffected. Schools were already scheduled to be closed Tuesday for a holiday, and officials used the extended break to give IT staff time to investigate and restore systems so normal operations could resume on Wednesday.
Knownsec
November 9, 2025
•[ data leak, cyber espionage, malware ]
According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.
OpenAI (Mixpanel Incident)
November 9, 2025
•[ data leak ]
OpenAI reported that on November 9 an attacker accessed Mixpanels analytics application server and exported limited customer-identifiable metadata including names, emails, coarse location, browser and operating system information, referring websites, and account identifiers; no credentials, API keys, chat content, or service disruption occurred.
Beckett Collectibles
November 9, 2025
•[ data leak ]
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data included more than 500k email addresses reportedly belonging to North American customers, along with a smaller subset containing names, usernames, phone numbers and physical addresses.
Beckett Collectibles
November 9, 2025
•[ data leak, website defacement ]
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data initially included more than 500k email addresses reportedly belonging to North American customers, before a larger corpus of over 1M addresses was published the following month. The impacted data included names, usernames, phone numbers and physical addresses.
Tavria TV and Radio Company
November 8, 2025
•[ denial of service ]
At a media forum interview reported by TASS, the director of TRK Tavria in Russian occupied Kherson said the outlet's website is regularly subjected to DDoS attacks attributed to Ukrainian hackers, with several incidents that took the site down for a period before technicians restored it; he stressed that despite the repeated cyberattacks there has been no serious lasting damage, and that the company continues to operate its regional television, radio and online services.
MP Kalyan Banerjee
November 8, 2025
•[ online banking fraud, identity theft, insider threat ]
Reports from Indian media state that cybercriminals somehow obtained the ability to operate a dormant State Bank of India account held by Trinamool Congress MP Kalyan Banerjee, transferring about 5556 lakh from his active Kalighat branch account into the dormant account and then withdrawing the full amount; the bank has filed a complaint with the Kolkata Police cybercrime division, which is investigating how forged or manipulated KYC information, including Banerjees photo and mobile number, was used to facilitate the online banking fraud and whether any internal security lapses contributed to the theft.
