Github
August 26, 2025
•[ hack, leak, malware ]
Malicious versions of Nx packages on npm deployed AI-powered "telemetry.js" malware to harvest credentials and secrets via AI-assistant agents. Data exfiltrated to public GitHub repos. Widespread impact on developer workstations and CI systems.
Maryland Transit Administration (MDOT)
August 26, 2025
•[ ransomware, malware, government ]
Attack by Rhysida ransomware group disrupted Maryland Transit Administrations MobilityLink systems and exfiltrated internal and personal data. Group demanded 30 BTC ransom.
Unity Technologies (SpeedTree website)
August 26, 2025
•[ payment skimmer, data leak ]
A malicious payment skimmer was injected into the checkout page of Unity Technologies SpeedTree website, harvesting customer payment and personal data. The compromise, discovered on August 26 2025, affected 428 individuals according to regulatory filings. Impacted users were offered identity protection and credit monitoring.
Marshfield Clinic Health System
August 26, 2025
•[ data leak ]
Marshfield Clinic Health System reported that an unauthorized party accessed certain systems on August 26 and may have viewed personal and clinical information; the organization noted no operational disruption, no misuse evidence, and no confirmed actor attribution.
Saint Mary’s Home of Erie
August 26, 2025
•[ data leak, unauthorized access ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Xserver (エックスサーバー) sv13279 server
August 25, 2025
•[ ddos, technology ]
On August 25, 2025, Xserver reported that its sv13279 server was targeted by a DDoS attack beginning around 6:20 a.m. Access filtering was applied at 6:33 a.m. to mitigate the attack and restore normal service. No data was accessed or exfiltrated; the incident was limited to temporary service disruption. Actor and motive remain undetermined.
Centre de services scolaire des Appalaches (CSSA)
August 25, 2025
•[ ransomware, education ]
INC carried out a ransomware attack on CSSA on August 25, 2025, encrypting about 70% of archives and exfiltrating ~180 GB of data. Stolen data included personal records of students and staff, plus organizational financial, legal, and administrative documents. The incident lasted days to weeks before being publicly disclosed on September 3.
Miljödata
August 25, 2025
•[ ransomware, leak, malware ]
In August 2025, the Swedish system supplier Miljdata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.
City of Stockholm
August 25, 2025
•[ leak, government ]
Vendor Miljdata was breached, exposing PII (names, personal ID numbers, phone, email, employment IDs) for >40,000 City of Stockholm employees; detected late August; disclosed Sept 9; authorities and Truesec investigating; protected-identity individuals not included
Elche City Council
August 25, 2025
•[ ransomware, malware, government ]
Ransomware attack crippled the Elche City Councils operations, affecting Finance, Social Services, and the Mayor's Office; ~1,500 devices were shut down. Emergency manual protocols were activated. A full recovery plan is underway with 4.5 million allocated.
Wytec
August 25, 2025
•[ hack, financial, technology ]
On August 25, 2025, Wytec International's website was defaced twice; site remains offline. Operations impacted included cancellation of a September 2 seminar. Company notified authorities and engaged forensic experts, citing financial losses as a result.
Boyd Gaming Corporation
August 25, 2025
•[ hack ]
Boyd Gaming reported that it detected unauthorized access to internal application servers in late August 2025. No ransomware group or actor has claimed responsibility. The company disclosed the breach publicly on September 24 2025, noting no encryption or operational disruption and no figure released for records affected.
Nevada State Government (multiple agencies)
August 24, 2025
•[ ransomware, malware, government ]
State described a ransomware-based attack discovered Aug 24 that forced two-day office closures and knocked multiple agency websites/phones offline; CIO confirmed some state data was exfiltrated, but nature/volume unknown; no actor has claimed responsibility.
Maryland Transit Administration (MTA)
August 24, 2025
•[ hack, government ]
Cybersecurity incident led MTA to take Mobility paratransit scheduling, real-time tracking, and call center systems offline as a precaution. Core transit services continued to run. Specific cause and i
Reno Department of Motor Vehicles
August 24, 2025
•[ ransomware, data leak ]
A ransomware attack against Nevada state government systems disrupted public services, and the Reno-area DMV continued to experience connectivity issues nearly two weeks later. DMV officials stated that drivers license transactions were impacted and first-time Real ID issuance was unavailable at the time of reporting, while some renewals and other transactions could proceed. State officials also publicly acknowledged evidence of some data being exfiltrated from the state network during the broader incident, though details were not tied to DMV systems in the sourced updates.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, leak, malware ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
Internet Rimon (Kosher Internet provider)
August 23, 2025
•[ hack, technology ]
Iran-linked hacktivist group Promised Revenge attacked Israeli kosher internet provider Internet Rimon on August 23, 2025. Attackers disabled servers and deleted internal infrastructure, disrupting filtering and connectivity services for many customers. Hackers claimed access to internal data, but no evidence confirmed any customer data theft.
Several Iranian Ships (Fanava-linked network)
August 22, 2025
•[ hack, technology ]
Lab-Dookhtegan claimed root-level access to Fanavas satellite comms infrastructure, disabled the Falcon system, wiped critical shipboard storage, and severed communication between dozens of vessels and shore.
Government, tech, academic & telecom entities; global
August 22, 2025
•[ espionage, malware, government ]
CrowdStrike reports that multiple Chinese-linked groupsMurky Panda, Genesis Panda, and Glacial Pandahave exploited vulnerabilities (e.g., Citrix CVE-2023-3519, Commvault CVE-2025-3928) to deploy the CloudedHope malware for covert espionage against cloud, telecom, government, tech, academic, legal, and professional services organizations worldwide.
Anchorage Neighborhood Health Cente
August 22, 2025
•[ ransomware, data leak ]
Anchorage Neighborhood Health Center disclosed that an unauthorized third party gained access to certain systems and that sensitive personal information and protected health information may have been exposed, including identifiers (such as Social Security numbers and state ID numbers) and medical/insurance information. Reporting around the incident also described operational impacts at the clinic, including phone lines being down and appointment scheduling disruptions for more than a week in late August 2025. The organization filed a public notice and began sending notification letters to impacted individuals on November 19, 2025.
