Prosper
September 1, 2025
•[ hack, finance ]
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
At least one undisclosed government entity in the MENA region
September 1, 2025
•[ espionage, malware, government ]
Reporting indicates a sustained espionage wave using updated Phoenix implants against government entities, with goals of persistence and data collection rather than overt disruption; activity aligns with prior MuddyWater TTPs and region-focused intelligence objectives.
Undisclosed Hungarian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Hungarian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Undisclosed Indian government or infrastructure organisation(s)
September 1, 2025
•[ espionage, malware, credential theft ]
Pakistan-linked APT36 used themed lures and HTML/shortcut droppers to deliver cross-platform implants on Windows and BOSS Linux systems used by Indian government organizations, enabling credential theft, persistence and covert collection. Activity is espionage-oriented with no reported service outage.
Undisclosed Belgian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Belgian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Artists&Clients
August 31, 2025
•[ ransomware, leak, technology ]
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
Artists&Clients
August 30, 2025
•[ ransomware, leak, technology ]
LunaLock breached Artists&Clients around Aug 30, encrypting and stealing data. They demanded $50K payment, threatening to expose data publicly and submit artworks to AI training datasets if unpaid.
Wealthsimple
August 30, 2025
•[ hack, misconfiguration, finance ]
A third-party software component was compromised, leading to unauthorized access to sensitive data of a small subset of Wealthsimple clients. Accounts and funds remained secure. Incident was rapidly contained and clients notified.
Vibra Hospital of Sacramento
August 30, 2025
•[ data leak, PHI ]
Attack on Vibra Hospital of Sacramentos network occurred between August 30 and September 5, 2025. The breach exposed protected health information, including medical and insurance details but no financial or Social Security data. No ransomware or encryption occurred, and no threat group has publicly claimed responsibility.
Federal Emergency Management Agency (FEMA)
August 29, 2025
•[ hack, insider, misconfiguration ]
DHS revealed on Aug 29, 2025 that a threat actor gained unauthorized access to FEMAs IT systems by exploiting unpatched vulnerabilities, outdated protocols, and lack of multi-factor authentication. No citizen data was stolen or exfiltrated. As a result, 24 FEMA IT employees, including the CIO and CISO, were terminated for negligence in cybersecurity oversight.
Jaguar Land Rover
August 29, 2025
•[ ransomware, malware, manufacturing ]
Jaguar Land Rover faced a severe disruption to retail and production operations after a ransomware attack forced the automaker to shut down systems proactively.
Kerrville Independent School District
August 29, 2025
•[ ransomware, malware, education ]
Qilin ransomware group infiltrated Kerrville ISD systems, accessed and copied sensitive personnel and student information. District secured its network, reported to FBI, and provided credit protection to affected individuals.
Sinqia
August 29, 2025
•[ financial, hack, finance ]
On Aug 29, 2025, attackers used stolen vendor credentials to breach Sinqia's access to Brazils Pix system, attempting $130M in fraudulent transfers. Immediate action halted operations; some funds recovered. No data breach occurred.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Personic Management Company LLC
August 29, 2025
•[ data leak, unauthorized access, third-party breach ]
Personic reported unauthorized activity affecting a third-party software platform it used to process patient information. The company stated it became aware of the issue on September 1, 2025, and an investigation concluded an unauthorized actor accessed the platform on August 29, 2025 and obtained certain data. The public notice stated the impacted data may include names and protected health information. Personic reported filing a notice with the Maine Attorney Generals office and beginning notification of impacted individuals on November 18, 2025.
Conifer Value-Based Care, LLC
August 28, 2025
•[ business email compromise, data leak ]
Conifer Value-Based Care, LLC disclosed unauthorized access to a Microsoft 365 business email account on August 2829, 2025. The incident may have exposed personal and health-related information contained in emails. Core systems were not compromised and the account was secured after discovery.
Surbhi Chandna Productions
August 27, 2025
•[ hack ]
Surbhi Chandnas official production accounts were hacked, disrupting operations and delaying the release of her upcoming production. The breach caused reputational and scheduling setbacks but no personal or customer data theft was reported.
Salesloft
August 26, 2025
•[ hack, technology ]
Breach of Salesloft allowed attackers to steal OAuth tokens, which were then used to access Salesforce data across hundreds of customer organizations, including major tech and cybersecurity companies.
West Chester Township
August 26, 2025
•[ leak, government ]
Claimants say ~2 TB of personal information (residents & employees) stolen, email server targeted and isolated; systems taken offline as precaution, critical services (e.g., 911) unaffected; FBI and IC3 engaged.
Auchan
August 26, 2025
•[ hack, retail ]
French retailer Auchan suffered a cyberattack that resulted in unauthorized access to loyalty account data of several hundred thousand customers, including names, postal and email addresses, phone numbers, and loyalty card numbers. Financial data such as banking details, passwords, and PINs were not compromised. Auchan notified affected individuals, deactivated cards, and reported the breach to CNIL.
