An undisclosed company's cloud environment
November 28, 2025
•[ cloud security, credential exposure, misconfiguration ]
HackRead summarized Sysdig Threat Research Team observations of an attacker taking over an organizations AWS cloud environment on Nov. 28, 2025 in roughly eight minutes. The report described the compromise as being enabled by exposed AWS credentials stemming from a storage/configuration error, and stated the intruder rapidly escalated to full administrative control using automation and AI-assisted workflows.
Visage Imaging
November 26, 2025
•[ data leak ]
Visage Imaging reported a security incident involving unauthorized access to certain personal information within its systems. The organization indicated that an unauthorized party accessed personal information classified as personally identifiable information (PII), and that impacted elements may include individuals names and Social Security numbers. Visage Imaging filed a public notice with the Massachusetts Attorney General and began sending notification letters to impacted individuals on November 26, 2025.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
Clarksville ISD
November 26, 2025
•[ ransomware, data leak, Social Security numbers ]
Clarksville ISD reported on November 26, 2025 that all district computers and the district network were experiencing significant difficulties and told staff and students not to use district-connected devices while recovery work continued; later, Interlock claimed it stole student and employee information including Social Security numbers and financial records.
Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
Undisclosed Korean financial institutions
November 25, 2025
•[ ransomware, supply-chain attack, data leak ]
Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
Mallorca Public Transport System
November 25, 2025
•[ ddos, hacktivism ]
Security reporting described a claimed DDoS attempt attributed to the pro-Russian hacktivist collective NoName057(16) targeting public-facing transport websites linked to Mallorcas TIB. Available reporting indicated analysts believed the group attempted to overload public web endpoints with DDoS traffic, but no verified outages or service interruptions were observed for TIB platforms, and there were no reported impacts on trains, buses, or metro operations.
Truenorth Corporation
November 25, 2025
•[ ransomware, third-party breach, government ]
Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
Dolar Financial Group
November 25, 2025
•[ ransomware, data leak, extortion ]
Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
Donbas Post
November 24, 2025
•[ hacktivism, wiper attack, data destruction ]
Ukrainian Cyber Alliance claimed responsibility for wiping Donbas Post's systems in Russian-occupied Ukraine, deleting data from over 1,000 workstations and dozens of servers, disrupting web, email, and corporate operations.
Royal Borough of Kensington and Chelsea
November 24, 2025
•[ data leak ]
RBKC confirmed that attackers accessed council systems and copied data during a cyber incident identified on November 24. The council reports that only historical data was affected, though exfiltrated information may enter the public domain. Emergency plans were activated and some online services and phone lines were disrupted.
Westminster City Council
November 24, 2025
•[ service disruption ]
Westminster City Council was impacted by the same cyber incident identified on November 24, resulting in disruption to some online services and phone systems. The council reports that services are running but some disruption remains. No data compromise has been confirmed.
EIRC SPb JSC
November 24, 2025
•[ DDoS ]
A DDoS attack on November 24 disrupted customer access to personal accounts used for submitting meter readings at EIRC SPb JSC. The organization reported temporary unavailability of payment and meter-reading services and worked to restore operations. The incident followed unrelated scheduled maintenance the prior day.
The Miller Financial Group
November 24, 2025
•[ data leak ]
Unauthorized access to internal systems at The Miller Financial Group exposed sensitive personal data for at least seven Massachusetts residents, including names, Social Security numbers, state-issued IDs, and financial institution information. TMFG notified the Massachusetts Attorney General on November 7, 2025 and issued consumer notification letters.
Psyonix (Rocket League)
November 24, 2025
•[ denial of service, service disruption ]
Psyonix reported that Rocket League servers were experiencing ongoing attacks that caused service disruptions; the studio implemented code optimizations and new DDoS detection to reduce attack impact but did not report any data theft or identify the attackers. Initially, attackers would join a match, launch their attack, and disconnect all of the other players, forcing an unintentional forfeit. As long as the attacker is the last player to leave a match, they earn the win.
Milano Ristorazione
November 24, 2025
•[ ransomware, malware ]
On November 24, 2025, Milano Ristorazione experienced operational malfunctions caused by a LockBit 5.0 malware infection impacting internal systems. The disruption affected catering and restaurant service operations and triggered an investigation by authorities. No data theft or encryption was reported.
Village of Golf Manor
November 24, 2025
•[ ransomware ]
The Village of Golf Manor reported a ransomware attack that fully encrypted all municipal computer systems, including backups, resulting in a complete operational outage; no data theft or actor attribution was confirmed.
Southold
November 24, 2025
•[ cyberattack, service disruption, government ]
Southold, New York suspended public access to its Laserfiche online record-keeping system for more than six weeks following a cyberattack reported to have breached town servers on November 24, 2025. According to reporting cited in the post, the town planned approximately $500,000 in security upgrades funded via a bond before restoring public access to Laserfiche, and officials stated they could not provide a timeline for restoration as of January 12, 2026. The confirmed impact described is prolonged loss of public access to the online records system while remediation and security hardening continued; public reporting in the cited excerpt did not confirm data theft or enumerate affected records.
Iberia Líneas Aéreas de España S.A.
November 23, 2025
•[ data leak ]
Spanish flag carrier Iberia began notifying customers after discovering that unauthorized access to a suppliers systems had exposed limited loyalty-program data, including names, email addresses and Iberia Club card IDs, while emphasizing that passwords and payment information remained safe; the airline activated its security protocols, added additional protections around account email changes, notified regulators, and continues to investigate the vendor breach and a purported 77 GB data listing on hacker forums.
Department of the Interior and Local Government (DILG)
November 23, 2025
•[ data leak, hacktivism ]
Hacktivist group HappyGoLuckyPH claims to have infiltrated the Philippine Department of the Interior and Local Governments intranet and exfiltrated about 400GB of internal government data, including personal and financial details of roughly 10,000 employees and contractors, while DILG publicly states it is still verifying the alleged breach and says core systems remain stable; despite the ongoing verification, the combination of leaked samples and size claims is treated here as a successful cyberattack involving significant data theft.
