Adda.io
November 23, 2025
•[ data leak ]
Data breach at Adda.io: a hacker using the alias Blinkers posted a dataset claiming to contain personal information for approximately 1.86 million users, including names, phone numbers, email addresses, owner IDs, and MD5-hashed passwords.
Jackson County Public Schools
November 23, 2025
•[ denial of service, service disruption ]
A reflection DDoS attack on November 23 targeted the district firewall, taking down internet, Wi-Fi, phones, and internal systems for Jackson County Public Schools in North Carolina. Schools closed on November 25 due to continuing network instability. Officials reported no evidence of student or staff data access or theft.
Precipio Inc.
November 23, 2025
•[ unauthorized access, data leak, protected health information ]
Precipio posted a Notice of Data Event stating it learned on or about November 25, 2025 that an unauthorized user accessed an employees cloud-based storage account. The companys investigation (with third-party cybersecurity specialists) determined the unauthorized access occurred on or around November 23, 2025 and that certain files in the account were copied without authorization. Precipio stated the impacted information varies by person but may include identifiers and protected health information such as names, addresses, MRNs, DOB, clinical/treatment and procedure information, provider name, prescription information, and health insurance information. The notice said law enforcement was notified and that additional notifications would follow after file review completion.
French Football Federation (FFF)
November 22, 2025
•[ data leak, unauthorized access ]
The French Football Federation disclosed that an unauthorized party accessed administrative software on November 22 and exfiltrated personal and membership information for registered members; no operational disruption or actor attribution was identified.
City of Attleboro Massachusetts
November 21, 2025
•[ ransomware ]
City officials in Attleboro Massachusetts reported a cybersecurity incident that took numerous municipal information technology systems offline leaving all non emergency phone lines and citywide email unavailable while public safety operations and 911 calls continued and investigators from city state and federal partners worked to contain and remediate the disruption
"Other Ukraine" Movement website
November 21, 2025
•[ ddos ]
The website of the pro-Russian political movement 'Other Ukraine', led by Viktor Medvedchuk, was hit by what the organization described as a powerful DDoS attack that overwhelmed its online infrastructure. The traffic flood knocked the site offline, forcing technical staff to work on restoring access while warning supporters via Telegram about repeated waves of DDoS activity since September. The incident disrupted the movements ability to publish statements and reach supporters but did not involve data theft.
Resecurity honeypot
November 21, 2025
•[ honeypot, data leak, threat intelligence ]
Threat actors identifying as 'Scattered Lapsus$ Hunters' claimed they had gained full access to Resecurity systems and stolen employee data, internal chats/logs, threat intelligence reports, and client lists, posting screenshots on Telegram. Resecurity denied that its production environment was breached and said the actor interacted with an isolated honeypot account and systems populated with synthetic (fabricated) customer, employee, and payment data. Resecurity reported it first detected suspicious probing activity on November 21, 2025 and monitored subsequent automated extraction attempts against the decoy environment, treating the incident as an intrusion attempt rather than a confirmed compromise of real systems/data.
Almaviva S.p.A.
November 20, 2025
•[ data leak ]
Threat actor breached Almaviva (IT services provider for FS Italiane Group), exfiltrated about 2.3TB of internal data including technical documentation, contracts, accounting records, HR archives and multicompany repositories across several FS Group companies; data appears recently generated (Q3 2025); Almaviva confirmed a breach, isolated systems, and launched response procedures.
Cleveland County Sheriff's Office (Oklahoma)
November 20, 2025
•[ ransomware, government ]
The Cleveland County Sheriffs Office in Oklahoma reported that a ransomware attack against portions of its internal computer systems was underway as of November 2021, 2025; officials emphasized that 911 and public safety response were not disrupted, but the countys IT team was still assessing scope and working on remediation, and no threat group had publicly claimed responsibility at the time.
International Game Technology PLC (IGT)
November 20, 2025
•[ ransomware, data leak ]
Ransomware-as-a-service group Qilin added gambling-technology giant IGT to its data leak site and claims to have stolen about 10GB of data, roughly 21,600 files, from the companys systems; the archive is labeled as already published on the dark web, but no file samples or detailed data contents were shared publicly at the time of reporting, and IGT has not confirmed or denied the incident, so this entry treats the event as a threat-actor-claimed data-theft attack with the nature of the exposed information still undetermined.
4 Student Email Accounts at New Haven Public Schools
November 20, 2025
•[ phishing, data leak ]
A phishing campaign against New Haven Public Schools used compromised student email accounts to send more than 10,000 messages districtwide that spoofed legitimate requests for bank details. Over 1,000 students opened the emails and an unknown number submitted financial and personal information, putting families at immediate risk of fraud and identity theft. The districts IT team is resetting affected accounts, purging malicious messages, and warning students to contact their banks and avoid clicking suspicious links.
DocuBizz
November 20, 2025
•[ ransomware, data leak ]
A ransomware attack against Danish automotive IT provider DocuBizz resulted in theft of drivers license information, CPR numbers, bank account numbers, and other customer data belonging to car dealerships and their clients. No encryption or service disruption has been confirmed.
LLPlanning Inc.
November 20, 2025
•[ DDoS ]
LLPlanning Inc. reported that its website and SkillAnalyst Online/ASP services were intermittently unavailable due to a DDoS attack on its hosting provider between 12:30 AM and 2:00 PM on November 20.
Heart of Texas Behavioral Health Network
November 20, 2025
•[ data leak, physical security ]
A local report stated that Heart of Texas Behavioral Health Network identified a privacy incident on November 20, 2025 after an unauthorized person broke into a McLennan County facility. The organization said paper patient records stored in the building may have been accessed or removed. The potentially involved information includes patient identifiers and protected health information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses, and treatment/procedure information, as well as Medicaid or other health insurance details.
Pajemploi
November 19, 2025
•[ data leak ]
French social security service Pajemploi reported that its systems suffered a theft of personal data belonging to professional caregivers registered with the program and estimates that information for about 1 point 2 million individuals may have been exposed according to an announcement by parent organisation URSSAF and coverage by DataBreaches
Logius (DigiD national login service)
November 19, 2025
•[ denial of service ]
On November 19, 2025, Dutch digital identity service DigiD was again targeted by a distributed denial-of-service attack. According to Logius, the agency responsible for DigiD, the attack caused intermittent login failures for users during the morning, with a peak in problems around 11:00 before the situation gradually improved as defenses took effect. Officials advised users to wait or try again later while mitigation was ongoing and said they did not yet know who was behind the attack. The incident followed multiple earlier cyberattacks on DigiD in the same year, highlighting persistent targeting of critical e-government authentication services.
An undisclosed company in Pakistan
November 19, 2025
•[ threat actor collaboration, shared infrastructure ]
Gen Threat Labs published research describing evidence of rare coordination and shared infrastructure between Russia-aligned Gamaredon and North Koreas Lazarus.
City of Leavenworth (Kansas)
November 19, 2025
•[ cyberattack, network outage, ransomware ]
DataBreaches reported that Leavenworth, Kansas officials said a cyberattack caused a network outage on November 19, 2025 after computer and phone systems began failing late that morning. The city brought in outside IT experts and later confirmed on November 25 that the disruption stemmed from a cyberattack on the municipal internal network. As of the December 8 report, impacts were still ongoing for invoicing, permitting, and hiring systems, while emergency services were reported unaffected, and no ransomware or extortion group had publicly claimed responsibility.
Doctor Alliance LLC
November 18, 2025
•[ ransomware, data leak ]
Ransomware actor Kazu again compromised Dallas-based healthcare document and billing platform Doctor Alliance, exploiting an unpatched vulnerability and reused admin credentials to access a high-privilege account and steal nearly 1.27 TB of medical documents and related files affecting potentially more than a million patients; the firm has acknowledged unauthorized access to at least one client account and faces multiple federal class actions while still providing limited public transparency.
