DraftKings
October 2, 2025
•[ credential stuffing ]
Credential stuffing allowed unauthorized access to a small number of customer accounts and limited data; company says internal systems not breached and no financial loss.
Latvian government portals
October 2, 2025
•[ ddos ]
Large DDoS disrupted access to many Latvian state and municipal websites; services restored after roughly an hour; investigation ongoing.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire Corporation
October 2, 2025
•[ data leak ]
Retailer reported Oct 2 breach of e-commerce database impacting customer information across multiple banners.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
United States Air Force
October 2, 2025
•[ data leak ]
USAF investigating a SharePoint permissions issue leading to exposure of PII/PHI; SharePoint access was blocked Air Force-wide while Microsoft and authorities investigate; no attribution yet.
Canadian Tire
October 2, 2025
•[ data breach, retail, PII ]
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
BNB Chain
October 1, 2025
•[ phishing ]
BNB Chains X account was hijacked and used to post phishing links; control was restored and malicious posts removed; no data theft reported.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
Kaufman County
October 1, 2025
•[ data leak, identity theft, government ]
A letter dated Oct 1 states personal data in Kaufman County systems may have been accessed; residents received 24 months of credit monitoring. This disclosure came three weeks before a second October incident, indicating repeated compromise pressure against the countys environment and elevating identity-theft risk even where misuse is not yet observed.
Multiple banks
October 1, 2025
•[ jackpotting, physical compromise ]
Report headline describes ATM jackpotting activity in Baton Rouge; specific victim bank(s) and loss amounts not accessible; likely cash-out via logical/physical compromise of ATMs.
Georgetown Brewing Co.
October 1, 2025
•[ data leak ]
Class-action notice cites brewerys disclosure of a cybersecurity incident impacting nearly twenty thousand people with PII; vector not detailed.
Jennings O'Donovan
October 1, 2025
•[ data leak ]
Engineering firm Jennings O'Donovan in County Sligo, Ireland experienced unauthorized access to part of its IT system used for the governments defective block grant scheme. The intrusion occurred in early October 2025 and potentially exposed personal data of roughly 861 applicants, while financial systems remained secure. Authorities consider it consistent with financially motivated criminal activity.
Merkle, Inc. (Dentsu Group)
October 1, 2025
•[ data leak, ransomware ]
Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
Canadian water facility
October 1, 2025
•[ hacktivism, critical infrastructure, industrial control system ]
Hacktivists tampered with water-pressure valves at a Canadian water facility, degrading water service to the local community; actions intended to draw attention to activist causes.
Undisclosed Canadian oil & gas company
October 1, 2025
•[ hacktivism, operational technology ]
Hacktivists manipulated an automated tank gauge system at a Canadian oil & gas company, triggering erroneous alarms; no injuries or physical damage reported.
Kansas City National Security Campus network
October 1, 2025
•[ vulnerability exploitation, espionage, nation-state actor ]
CSO reports KCNSC (NNSA nuclear components plant) was infiltrated via unpatched on-prem SharePoint. Microsoft tied the wider wave to China-linked actors, while a KCNSC source suggested a Russian group; DOE later said the department was minimally impacted. Primary effect: covert access/collection, not OT disruption.
Undisclosed Canadian farm
October 1, 2025
•[ Hacktivism, Sabotage, Operational Technology (OT) ]
Hacktivists manipulated temperature and humidity parameters in a grain-drying silo at a Canadian farm, creating unsafe conditions that were detected and mitigated before damage occurred.
WhatsApp users in Bijnor, Uttar Pradesh
October 1, 2025
•[ malware, phishing, data leak ]
Several WhatsApp users in Bijnor, Uttar Pradesh had their Android phones compromised after downloading a fake wedding invitation via WhatsApp. The malware granted remote access, exposing personal messages, photos, and financial app data. Victims filed complaints with the Bijnor Cyber Crime Police Station; authorities believe multiple individuals across the district were affected.
Gcore
October 1, 2025
•[ DDoS attack, botnet, volumetric flood ]
Technology site CDR.cz and an underlying TechRadar report describe how gaming hosting and cloud provider Gcore was hit in October 2025 by one of the largest DDoS attacks ever recorded, a so called short burst volumetric flood that generated roughly 6 terabits per second of traffic and about 5.3 billion packets per second over 30 to 45 seconds. Analysis attributed the event to the AISURU botnet, with more than half of the malicious traffic sourced from Brazil and about a quarter from the United States, suggesting widespread abuse of poorly secured systems in those regions. Gcore stated that its globally distributed DDoS protection network, with over 210 points of presence and more than 200 terabits per second of filtering capacity, absorbed the attack and kept services online, but security experts warned that such brief, intense
