BarNet
December 12, 2025
•[ ransomware, data leak ]
Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
At least one user of Notepad++
December 12, 2025
•[ vulnerability, supply chain attack, software update attack ]
PCGuia reported that a critical vulnerability in Notepad++s automatic update mechanism was actively exploited, allowing attackers to intercept update traffic and distribute compromised/malicious versions of the software to users of versions prior to 8.8.9. The article states developers urged users to avoid the built-in updater and instead manually download the installer from the official site or trusted repositories. It also cites reporting that several organizations suffered serious breaches shortly after updating, and notes that the mitigations in version 8.8.9 included forcing the update URL to GitHub and improvements related to certificate/signature verification. The specific attacker identity, the full list of affected downstream organizations, and whether any sensitive data was exfiltrated from victims are not detailed in the article.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Secretaría de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
National Credit Regulator (NCR)
December 12, 2025
•[ cyberattack, ransomware, data exfiltration ]
The South African National Credit Regulator confirmed it was the victim of a cyberattack in December 2025 that disrupted some of its systems. A ransomware group known as DragonForce claimed responsibility and alleged the exfiltration and publication of alleged 42 GB of data, but the regulator stated investigations were ongoing and has not confirmed data exfiltration, encryption, or the attackers identity.
Warren County
December 12, 2025
•[ phishing, Business Email Compromise (BEC), payment diversion ]
Warren County officials said the county Treasurers Office transmitted two electronic payments to a fraudulent bank account as part of a phishing scheme: one for $2.1 million on December 12, 2025, and another for $1.2 million on December 22, 2025. The incident was investigated by the Warren County Sheriffs Office, which reported identifying a person of interest. At the time of reporting, officials said the $1.2 million payment had been recovered and restored, while the initial loss totaled $3.3 million. The report frames the event as successful payment diversion via phishing/BEC rather than system disruption.
Ahome City Hall
December 12, 2025
•[ ransomware, data leak, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
China Xinchuang Initiative (at least one affiliated organization)
December 9, 2025
•[ phishing, malware, espionage ]
Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Cheyenne and Arapaho Tribes
December 8, 2025
•[ ransomware, network shutdown, operational disruption ]
A ransomware attack forced the Cheyenne and Arapaho Tribes to shut down tribal computer networks, disrupting email and phone service and suspending some operations while systems were restored in phases.
Eanes ISD
December 6, 2025
•[ ransomware, data leak, network outage ]
Eanes ISD experienced a weeklong Wi-Fi outage beginning December 6, 2025 that made tools including Skyward and Google Classroom unavailable and forced paper-based workarounds; later, Qilin claimed the district on a leak site, but no public theft details were confirmed.
Greater St. Louis Oral & Maxillofacial Surgery PC
December 4, 2025
•[ phishing, data leak ]
Unauthorized access to a server-hosted employee email account resulted in exposure of patient personal and protected health information and use of the account to send phishing emails.
Yokosuka Gakuin School Corporation
December 1, 2025
•[ ransomware, data leak ]
Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
Undisclosed Apple-assembler in China
December 1, 2025
•[ data leak ]
Hackers breached an Apple assembler in China and accessed internal systems, with reporting indicating that production and manufacturing-related data was targeted during the intrusion.
Call-On-Doc, Inc., dba Call-On-Doc.com
December 1, 2025
•[ data leak, telehealth breach, patient record exfiltration ]
A threat actor posted a sales listing on a hacking forum claiming that telehealth provider Call-On-Doc was breached in early December 2025 and that 1,144,223 patient records were exfiltrated. The listing reportedly included patient identifiers and contact details, transaction metadata, medical category and condition fields, prescribed services, and payment amounts. The reporting outlet reviewed screenshots and a sample file and assessed the data appeared plausible, but Call-On-Doc had not publicly confirmed the incident at the time of reporting.
MédecinDirect
November 28, 2025
•[ data leak ]
MdecinDirect, a French teleconsultation platform, reported a large-scale cyber incident in late November 2025. The provider stated it was the victim of an intrusion that was stopped upon detection on 11/28/2025. Approximately 285,000 patients were warned that their account information could have been compromised, and affected people were informed once the incident perimeter was clarified on 12/03/2025. MdecinDirect indicated that personal and health data potentially consulted included the reason for teleconsultation, information provided in pre-teleconsultation questionnaires, written exchanges between patients and physicians, and some Social Security numbers. The platform stated teleconsultation videos were not recorded and were therefore not impacted. It reported filing a complaint and notifying the CNIL (Frances data protection authority), and stated that services were functioning normally about ten days after the intrusion while additional technical investigation continued.
The Araneta Group of Companies
November 28, 2025
•[ data leak ]
The Araneta Group of Companies disclosed a cybersecurity breach affecting systems of multiple subsidiaries, including Araneta Center Inc., TicketNet Inc., and PPI Holdings Inc., and reported the incident to regulators while investigating the scope of impact.
