Full List

Search

Recent Breaches

• Logitech November 8, 2025 • [ ransomware, data leak ] Swiss outlet watson.ch, citing Tribune de Genve and 24 Heures, reports that Swiss peripherals maker Logitech was listed on the Clop ransomware gangs dark web leak site, with extortionists claiming to have stolen data and threatening to publish it unless a ransom was paid; subsequent regulatory filings and security reporting confirm t
• Protei November 8, 2025 • [ data leak, hack, website defacement ] Surveillance-technology and telecom systems provider Protei, founded in Russia and now headquartered in Jordan, was hacked by an unidentified actor who defaced its public website around November 8, 2025 and stole the contents of its web server, including about 182 GB of historical emails and files related to its deep packet inspection and lawful intercept products used by telecoms across dozens of countries.
• Salesforce customers via Gainsight-published applications November 8, 2025 • [ data leak, supply chain attack, API abuse ] A large-scale supply-chain campaign abused OAuth tokens linked to Gainsight-published applications integrated with Salesforce, enabling unauthorized API calls that accessed certain customers Salesforce data; according to Salesforce and multiple security advisories, suspicious activity began around November 8, 2025, and may have affected more than 200 Salesforce instances before tokens were revoked and the apps were pulled from the AppExchange.
• Georgia Superior Court Clerks’ Cooperative Authority November 8, 2025 • [ ransomware, data leak ] The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
• Georgia Superior Court Clerks’ Cooperative Authority November 8, 2025 • [ ransomware, data exfiltration, cyber threat ] The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
• Catalyst RCM November 8, 2025 • [ unauthorized access, credential misuse, data leak ] Catalyst RCM disclosed that an unauthorized actor used valid credentials to access a secure file management server between November 8 and 9, 2025, and copied data without permission, affecting client data including records tied to Vikor Scientific.
• WOG November 7, 2025 WOG reported a massive cyberattack that temporarily disrupted its online services; specialists restored most functions the same day and all services were fully operational shortly after.
• Abraham Andreu's computer (part of Andromeda botnet) November 6, 2025 • [ botnet, malware ] A ComputerHoy journalist describes deliberately infecting a Windows PC in 2025 with the Andrmeda malware, which enrolls machines into a botnet so attackers can download additional payloads and execute arbitrary files remotely. The piece walks through how the author obtained the malware sample, how the infection behaves on the system, the use of Spains INCIBE antibotnet service and security tools to detect and remove Andrmeda, and what readers should do if they discover their own devices are part of the botnet. This is a self-inflicted test infection rather than an unsolicited attack on an organization.
• Ghent University Hospital November 6, 2025 • [ denial of service, hacktivism ] According to Belgian News Agency coverage relayed by DataBreaches.net, pro Russian hacktivist group NoName057 claimed responsibility on Telegram for a distributed denial of service attack that briefly disrupted the public websites of Belgian telecom operators Proximus and Scarlet, as well as Ghent University Hospital, on a Wednesday morning in November 2025. Proximus said technicians detected unusual traffic around 7:20 and a sharp rise in volume shortly after, but countermeasures meant overall impact on service was very limited and core systems remained resilient. The group also boasted of targeting an internal Telenet portal, a claim Telenet publicly rejected, emphasizing that its systems were not hacked and no sites went offline, and authorities noted that such DDoS attacks do not involve any compromise of user data.
• Scarlet November 6, 2025 • [ ddos, hacktivism ] Pro-Russian hacktivist group NoName057 claimed responsibility for a distributed denial-of-service attack that briefly disrupted the public websites of Belgian telecom operators Proximus and Scarlet and Ghent University Hospital in November 2025. According to the Belgian News Agency, Proximus technicians detected unusual traffic around 7:20 a.m., saw a sharp spike by 7:30, and deployed countermeasures that kept core systems running so overall impact on services remained very limited. Officials stressed that the DDoS campaign affected website availability only and did not involve any intrusion into internal networks or compromise of customer data.
• U.S. Congressional Budget Office November 6, 2025 • [ data leak ] The U.S. Congressional Budget Office confirmed a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive internal information. A CBO spokesperson told BleepingComputer that the agency identified the intrusion, immediately contained it, and deployed additional monitoring and new security controls while the investigation continues. Reporting based on U.S. officials indicates that emails and exchanges between congressional offices and CBO analysts may have been accessed, raising concerns that draft reports, economic forecasts, and other confidential communications could be at risk, although the extent of any data exfiltration has not yet been established and CBOs work for Congress is continuing.
• Belgian General Intelligence and Security Service November 6, 2025 • [ DDoS, hacktivism ] Belgiums Defense Ministry confirmed that the website of the military intelligence service SGRS was hit by a DDoS attack claimed by pro-Russian hacktivist group NoName057, briefly degrading access to the portal without leading to any intrusion into backend systems or exposure of sensitive data; in messages on Telegram the group framed the operation as a warning to Defense Minister Theo Francken over his remarks that NATO would devastate Moscow if Russia attacked Brussels, continuing a pattern of politically motivated nuisance attacks on Belgian government and strategic targets.
• Checkout.com November 6, 2025 • [ extortion, unauthorized access, data leak ] Checkout.com reported that an extortion actor accessed a legacy cloud file storage system and claimed to have obtained data; the company confirmed unauthorized access but no operational disruption or verified data theft.
• Mower County November 6, 2025 • [ ransomware, data leak, government ] Mower County reported that it detected a ransomware attack on June 18, 2025 and investigated with cybersecurity and data forensics consultants. The county said unauthorized access to its systems occurred sometime between June 11 and June 18, 2025 and that sensitive personal data collected by the county was stolen. Reported affected data types include Social Security numbers, birthdates, names, ID card numbers, fingerprints, financial account information, medical/health insurance information, and payment card information. As of Dec. 3, 2025, the county said it had no indication the stolen information had been released or offered for sale; it also noted approximately 27,064 notification letters were being sent.
• Zilvia.net November 6, 2025 • [ data leak ] In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful.
• Kansas City Police Department November 5, 2025 • [ data leak, hack, law enforcement ] Reporting by KCUR, WIRED, and DataBreaches.net describes a major hack of the Kansas City, Kansas Police Department whose internal records were exfiltrated in 2024 and later published by transparency collective Distributed Denial of Secrets. The leaked cache, reportedly more than one terabyte in size, includes a secret Veracity Disclosure or Giglio List that identifies officers whose documented misconduct could undermine their testimony, along with supporting case files and internal correspondence. Police officials confirmed that the department experienced a cyber incident reported to federal agencies but criticized publication of the names as relying on stolen, unverified data and potentially harming officers reputations.
• At least one policy expert on Iran November 5, 2025 • [ phishing, credential theft, espionage ] The Hacker News, citing a Proofpoint investigation, describes a newly identified threat cluster dubbed UNK_SmudgedSerpent conducting credential phishing and remote access operations against more than twenty Iran focused subject matter experts at a U.S. based foreign policy think tank between June and August 2025, amid heightened IranIsrael tensions. Attackers impersonated prominent policy figures and used benign email conversations to lure victims to fake Microsoft Teams and OnlyOffice login pages hosted on health themed domains that captured account credentials. In some cases the operation progressed to deploying legitimate remote monitoring tools such as PDQ Connect and ISL Online for hands on keyboard access, supporting longer term espionage against the target institution and aligning with tactics used by established Iranian cyber intelligence groups.
• Oscars Group November 5, 2025 • [ ransomware, data leak ] Insurance Business reports that Australian hospitality conglomerate Oscars Group was listed on the Medusa ransomware gang's leak site on November 5, 2025, with the criminals claiming to have exfiltrated more than one hundred and thirty thousand internal files and threatening to publish them unless a ransom of one hundred thousand US dollars is paid or daily fees are provided to delay release; samples posted as proof reportedly include invoices, staff rosters, event schedules, daily financial records and identity documents such as passports and driver licences, much of it tied to the recently acquired Lakes Resort Hotel in South Australia, indicating a significant data breach even though no operational outages have been publicly disclosed.
• Microbix Biosystems Inc. November 5, 2025 • [ ransomware, data leak ] Microbix Biosystems disclosed that an international ransomware group infiltrated and corrupted one of its corporate servers, deploying ransomware that temporarily took file storage systems offline but did not disrupt manufacturing, safety or communications. The company successfully recovered the server and data from backups yet later learned that at least some data had been copied externally, including commercially sensitive information and employee data
• Habib Bank AG Zurich November 5, 2025 • [ ransomware, data leak ] Qilin ransomware group listed Habib Bank AG Zurich on its leak site on November 5, 2025, claiming theft of more than 2.5 TB of data and nearly 2 million files. Cybernews verified screenshots showing stolen passport numbers, account balances, transaction notifications, and internal tool source code.