Ramside Hall Hotel Golf and Spa
December 24, 2025
•[ data leak ]
A management system used by Ramside Hall was accessed by unauthorized actors resulting in exposure of some customer data The hotel confirmed the incident publicly and stated the breach originated from a system it uses
Trust wallet
December 24, 2025
•[ supply chain attack, cryptocurrency theft, malicious browser extension ]
Trust Wallet said a December 24, 2025 incident led to roughly $8.5M stolen from more than 2,500 crypto wallets after attackers published a malicious version of its Chrome extension (v2.68.0) containing a JavaScript payload that collected sensitive wallet data and enabled unauthorized transactions. Trust Wallet stated that developer GitHub secrets were exposed, giving the attacker access to extension source code and a Chrome Web Store API key; with that key, the attacker could upload builds directly, bypassing Trust Wallets internal approval/manual review process. Trust Wallet said it revoked release APIs, coordinated registrar action to suspend attacker domains used to host malicious code, began reimbursing affected users, and warned about impersonation scams targeting victims.
QualDerm
December 23, 2025
•[ data breach, data leak, unauthorized access ]
SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.
La Poste / La Banque Postale
December 22, 2025
•[ ddos, service disruption ]
La Poste confirmed a distributed denial-of-service (DDoS) incident disrupted its websites and mobile applications just days before Christmas, slowing deliveries and knocking some online services offline. The company said it had no evidence customer data was compromised, but acknowledged postal operations including parcel distribution were affected and some post offices operated at reduced capacity. La Banque Postale warned customers that access to online banking and its mobile app was affected, while card payments and ATM withdrawals continued to function and online payments were still possible when authenticated by text message. La Poste stated its teams were mobilized to restore services as quickly as possible.
At least one Russian Manufacturing Company
December 22, 2025
•[ unauthorized access, industrial operations ]
A manufacturing company based in Russia was affected by a cyber incident involving unauthorized access to corporate systems and potential disruption to industrial operations.
Kuaishou
December 22, 2025
•[ cyberattack, service disruption ]
Kuaishou experienced a cyberattack late on December 22, 2025 that disrupted livestreaming services for several hours, prompting market reaction and a decline in its share price the following day.
Navia Benefit Solutions, Inc.
December 22, 2025
•[ data breach, unauthorized access, personally identifiable information ]
BleepingComputer reported that Navia notified nearly 2.7 million people of a data breach after an investigation determined an unauthorized actor accessed and acquired certain information between December 22, 2025 and January 15, 2026; suspicious activity was discovered on January 23. Navia stated the exposed data can include full name, date of birth, Social Security number, phone number, email address, and benefits-administration details such as HRA participation, FSA information, and COBRA enrollment, while stating that claims and financial details were not exposed. The company reported notifying law enforcement and offering identity protection services.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Condé Nast / WIRED.com
December 20, 2025
•[ data leak ]
Hacker Lovely leaked 2.4M WIRED.com subscriber records (emails, names, IDs, contact info). Dataset verified by breach researchers and indexed by Have I Been Pwned. No official confirmation from Cond Nast; actor claims 40M more records may follow.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Square Enix / Final Fantasy XIV
December 19, 2025
•[ ddos, service disruption ]
Final Fantasy XIV experienced service disruption from recurring distributed denial-of-service (DDoS) activity reported around mid-to-late December 2025, impacting players ability to log in and remain connected to the game. Public reporting described repeated disconnects and instability affecting the titles North American data centers during peak play periods around the Patch 7.4 release window.
Club Atletico River Plate
December 19, 2025
•[ ransomware, data leak ]
On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
Hello Cake, Inc.
December 19, 2025
•[ data leak ]
Hello Cake, Inc. reported a cybersecurity incident involving unauthorized access to company systems that resulted in exposure of sensitive business information.
Nexar
December 19, 2025
•[ data leak ]
Nexar disclosed a cyber incident in which attackers gained unauthorized access to internal systems, prompting an investigation into potential data exposure.
Lexipol
December 19, 2025
•[ data leak ]
Lexipol experienced a cyberattack that led to unauthorized access to its systems, affecting data associated with public safety and law enforcement clients.
Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP)
December 19, 2025
•[ data leak, third-party breach ]
Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.
Undisclosed Ghana financial institution
December 19, 2025
•[ ransomware, data leak ]
A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
At least one organization in Japan
December 18, 2025
•[ data leak ]
A cyberattack targeted at least one organization in Japan, resulting in unauthorized access to internal systems and raising concerns about potential data exposure.
Passenger ferry owned by GNV
December 17, 2025
•[ malware, foreign interference, sabotage ]
French authorities reported that the passenger ferry 'Fantastic' (operated by Italian shipping company Grandi Navi Veloci, GNV) was infected with malware while docked in the port of Ste, France. Officials stated the malware could have enabled the ship to be remotely controlled, prompting an investigation into possible foreign interference. Prosecutors said a Latvian national was arrested and charged after the malware was discovered.
