Full List

Search

Recent Breaches

• The Chamber of Deputies of Chaco November 10, 2025 • [ ransomware, government, cybercrime ] The Chamber of Deputies of Chaco province in Argentina reported that a cybersecurity incident affecting part of its server infrastructure had been identified as a ransomware attack, prompting technicians and the state IT firm ECOM Chaco to shut down the official website, the online system for tracking legislative procedures and the electronic legal digest while they contained the intrusion and preserved institutional information; authorities filed a criminal complaint with the provincial cybercrime unit and emphasized that maintaining the continuity of essential legislative functions and the security of data were priorities during the response.
• Princeton University November 10, 2025 • [ phishing, data leak ] A phone phishing scam enabled unauthorized access to Princeton Universitys Advancement database containing alumni, donor, student, parent, and some faculty information; the breach lasted under 24 hours and the university has not determined what data was viewed or extracted.
• Weda (Medical Software) November 10, 2025 • [ cyberattack, denial of service, healthcare ] On November 10, 2025, Weda medical software used by general practitioners across France experienced a major cyberattack that rendered the system inaccessible. Physicians were unable to view or transmit patient medical records for several days. Service resumed only in degraded mode on November 14. No evidence of data encryption or exfiltration has been reported.
• Central Ozarks Medical Center November 10, 2025 • [ cyberattack, unauthorized access, data breach ] Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
• Valley View ISD November 10, 2025 • [ cybersecurity incident, data theft, ransomware ] Valley View ISD said it was experiencing a cybersecurity incident on November 10, 2025 that affected computer systems and phone lines while instruction continued; later, Inc claimed it stole 68 GB of data and issued a ransom demand.
• Manassas City Public Schools November 9, 2025 • [ cybersecurity incident, network disruption ] Manassas City Public Schools in Virginia announced that all schools would be closed on Monday, November 10, 2025, after a cybersecurity incident disrupted phone and network systems across the district. According to statements from Superintendent Kevin Newman reported by WJLA and FOX 5, the breach was discovered over the weekend, more than 7,000 families were notified, and the district experienced significant connectivity and telephone outages while physical school security remained unaffected. Schools were already scheduled to be closed Tuesday for a holiday, and officials used the extended break to give IT staff time to investigate and restore systems so normal operations could resume on Wednesday.
• Knownsec November 9, 2025 • [ data leak, cyber espionage, malware ] According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.
• OpenAI (Mixpanel Incident) November 9, 2025 • [ data leak ] OpenAI reported that on November 9 an attacker accessed Mixpanels analytics application server and exported limited customer-identifiable metadata including names, emails, coarse location, browser and operating system information, referring websites, and account identifiers; no credentials, API keys, chat content, or service disruption occurred.
• Beckett Collectibles November 9, 2025 • [ data leak ] In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data included more than 500k email addresses reportedly belonging to North American customers, along with a smaller subset containing names, usernames, phone numbers and physical addresses.
• Beckett Collectibles November 9, 2025 • [ data leak, website defacement ] In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data initially included more than 500k email addresses reportedly belonging to North American customers, before a larger corpus of over 1M addresses was published the following month. The impacted data included names, usernames, phone numbers and physical addresses.
• Tavria TV and Radio Company November 8, 2025 • [ denial of service ] At a media forum interview reported by TASS, the director of TRK Tavria in Russian occupied Kherson said the outlet's website is regularly subjected to DDoS attacks attributed to Ukrainian hackers, with several incidents that took the site down for a period before technicians restored it; he stressed that despite the repeated cyberattacks there has been no serious lasting damage, and that the company continues to operate its regional television, radio and online services.
• MP Kalyan Banerjee November 8, 2025 • [ online banking fraud, identity theft, insider threat ] Reports from Indian media state that cybercriminals somehow obtained the ability to operate a dormant State Bank of India account held by Trinamool Congress MP Kalyan Banerjee, transferring about 5556 lakh from his active Kalighat branch account into the dormant account and then withdrawing the full amount; the bank has filed a complaint with the Kolkata Police cybercrime division, which is investigating how forged or manipulated KYC information, including Banerjees photo and mobile number, was used to facilitate the online banking fraud and whether any internal security lapses contributed to the theft.
• Logitech November 8, 2025 • [ ransomware, data leak ] Swiss outlet watson.ch, citing Tribune de Genve and 24 Heures, reports that Swiss peripherals maker Logitech was listed on the Clop ransomware gangs dark web leak site, with extortionists claiming to have stolen data and threatening to publish it unless a ransom was paid; subsequent regulatory filings and security reporting confirm t
• Protei November 8, 2025 • [ data leak, hack, website defacement ] Surveillance-technology and telecom systems provider Protei, founded in Russia and now headquartered in Jordan, was hacked by an unidentified actor who defaced its public website around November 8, 2025 and stole the contents of its web server, including about 182 GB of historical emails and files related to its deep packet inspection and lawful intercept products used by telecoms across dozens of countries.
• Salesforce customers via Gainsight-published applications November 8, 2025 • [ data leak, supply chain attack, API abuse ] A large-scale supply-chain campaign abused OAuth tokens linked to Gainsight-published applications integrated with Salesforce, enabling unauthorized API calls that accessed certain customers Salesforce data; according to Salesforce and multiple security advisories, suspicious activity began around November 8, 2025, and may have affected more than 200 Salesforce instances before tokens were revoked and the apps were pulled from the AppExchange.
• Georgia Superior Court Clerks’ Cooperative Authority November 8, 2025 • [ ransomware, data leak ] The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
• Georgia Superior Court Clerks’ Cooperative Authority November 8, 2025 • [ ransomware, data exfiltration, cyber threat ] The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
• Catalyst RCM November 8, 2025 • [ unauthorized access, credential misuse, data leak ] Catalyst RCM disclosed that an unauthorized actor used valid credentials to access a secure file management server between November 8 and 9, 2025, and copied data without permission, affecting client data including records tied to Vikor Scientific.
• WOG November 7, 2025 WOG reported a massive cyberattack that temporarily disrupted its online services; specialists restored most functions the same day and all services were fully operational shortly after.
• Abraham Andreu's computer (part of Andromeda botnet) November 6, 2025 • [ botnet, malware ] A ComputerHoy journalist describes deliberately infecting a Windows PC in 2025 with the Andrmeda malware, which enrolls machines into a botnet so attackers can download additional payloads and execute arbitrary files remotely. The piece walks through how the author obtained the malware sample, how the infection behaves on the system, the use of Spains INCIBE antibotnet service and security tools to detect and remove Andrmeda, and what readers should do if they discover their own devices are part of the botnet. This is a self-inflicted test infection rather than an unsolicited attack on an organization.