Undisclosed targets in Russian civil society
September 24, 2025
•[ hack, malware ]
Russia-linked APT COLDRIVER conducted a new ClickFix-style campaign delivering BAITSWITCH (DLL downloader) and SIMPLEFIX (PowerShell backdoor) against civil-society targets; technique involves fake CAPTCHA/checkbox leading to command execution and C2 beacons.
Russia’s System for Fast Payments (SBP)
September 24, 2025
•[ financial, ddos, finance ]
Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
Arizona Federal Public Defender’s Office
September 24, 2025
•[ ransomware, data leak ]
Ransomware detected Sept 24 2025 crippled Arizonas Federal Public Defender Office, encrypting decades of case files and deleting backups. Investigators suspectbut have not confirmeddata exfiltration. No threat group has claimed responsibility.
Arizona Federal Public Defender’s Office
September 24, 2025
•[ ransomware, data exfiltration, backup deletion ]
Ransomware detected Sept 24 2025 crippled Arizonas Federal Public Defender Office, encrypting decades of case files and deleting backups. Investigators suspectbut have not confirmeddata exfiltration. No threat group has claimed responsibility.
Russia’s System for Fast Payments (SBP)
September 24, 2025
•[ DDoS, cyberattack, financial disruption ]
Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
Autorità Portuale del Mar Ligure Occidentale and Regione Liguria
September 23, 2025
•[ hack, ddos, government ]
On September 23, 2025, the pro-Russian hacktivist group Noname057 launched a distributed denial-of-service (DDoS) attack targeting the websites of Ligurias regional government and the Port Authority of the Western Ligurian Sea. The attack caused only partial service degradation and web slowdowns before being mitigated by Liguria Digitale and Italys cybersecurity agency. No data theft was reported.
Teleradio-Moldova (Public TV and Radio)
September 23, 2025
•[ hack, ddos, technology ]
On September 23 2025, Moldovas public television and radio websites were targeted by coordinated denial-of-service attacks, briefly disrupting online access. CERT-GOV-MD linked the activity to pro-Russian hacktivists amid regional political tensions. Systems were restored the same day with no data exfiltration reported.
City of Michigan
September 23, 2025
•[ ransomware ]
Ransomware on Sept 23 impacted part of city data and employees internet/telephone; systems being restored.
Margaritaville at Sea
September 23, 2025
•[ ransomware, data leak ]
Margaritaville at Sea reported that on September 23 a ransomware group identified as Lynx infiltrated company systems and exfiltrated sensitive passenger personal data and protected health information; no operational disruption or internal data loss was confirmed.
AutoritàPortuale del Mar Ligure Occidentale and Regione Liguria
September 23, 2025
•[ DDoS, hacktivism, pro-Russian ]
On September 23, 2025, the pro-Russian hacktivist group Noname057 launched a distributed denial-of-service (DDoS) attack targeting the websites of Ligurias regional government and the Port Authority of the Western Ligurian Sea. The attack caused only partial service degradation and web slowdowns before being mitigated by Liguria Digitale and Italys cybersecurity agency. No data theft was reported.
Oxford County
September 22, 2025
•[ ransomware, data leak ]
Oxford County in Ontario, Canada disclosed on 22 September 2025 that it had experienced a cybersecurity incident affecting its information systems. County IT staff detected unexpected activity, contained it, and engaged third-party experts to conduct a forensic investigation while keeping public services operating normally. Subsequent dark-web monitoring and local reporting linked the incident to the BrainCipher ransomware group, which claimed Oxford County as a victim and suggested that personal information on roughly 4,000 current and former employees may have been stolen.
Office of the Deputy Chief Minister of Maharashtra
September 21, 2025
•[ hack, government ]
Maharashtra Deputy Chief Minister Eknak Shinde's ex-account was recently hacked during the high-voltage India-Pakistan-Asia Cup match. Hackers posted images of Pakistan and Turkey flags, sparking concern. However, thanks to the swift action of Shinde's social media team, the account was restored within 30-45 minutes and no sensitive data was compromised. The cybercrime police were immediately alerted and investigation is underway to determine the cause of the breach. This incident highlights the...
Stellantis / Jeep / Dodge (via third-party service provider)
September 21, 2025
•[ hack, manufacturing ]
Stellantis confirmed a breach of a third-party vendors platform supporting its North American customer services. Attackers claimed Salesforce was the compromised system and alleged theft of 18 million records, but Stellantis has not confirmed this. Only contact information was reportedly exposed, and no financial or sensitive personal data was accessed.
Circle K Hong Kong (Alimentation Couche-Tard)
September 21, 2025
•[ hack, retail ]
Circle K Hong Kong experienced a network disruption beginning September 21 2025 that partially halted e-payment and loyalty systems across approximately 400 stores. The company described it as a suspected cyberattack. No data encryption or data theft was reported.
Bureau of the Treasury (BTr)
September 21, 2025
•[ cyberattack, government ]
DICT/CICC reported a coordinated wave of cyberattacks on government websites amid Sept 21 rallies.
Vitas Hospice
September 21, 2025
•[ data leak, third-party breach, healthcare ]
Vitas Hospice Services (Vitas Healthcare) detected a cybersecurity intrusion on 10/24/2025. According to the organizations breach notice and subsequent reporting, the threat actor gained access to certain Vitas systems by using a compromised third-party vendor account. The unauthorized access persisted from approximately 09/21/2025 through 10/27/2025, and the attacker downloaded files containing personal information of current and former patients. Exposed data elements included identifiers (name, address, phone number, date of birth), government identifiers (drivers license number and Social Security number), and protected health information such as medical and insurance details, plus next-of-kin contact information. Government breach tracking and reporting indicated 319,177 individuals were affected. Vitas stated it took steps to secure systems, investigate, and notify impacted individuals, though the specific malware or group responsible was not publicly identified.
Collins Aerospace
September 20, 2025
•[ hack ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Cyberattack on Collins Aerospaces "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"MUSE"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" software caused check-in/bag-drop outages and knock-on flight disruptions at Heathrow, Brussels, Berlin (and minor impact at Dublin/Cork). RTX said issues were limited and mitigated via manual check-in; cancellations/delays continued into Sunday. Attribution/technique unknown."}]}
Crimean Occupation Authorities / Government of Crimea
September 20, 2025
•[ hack, leak, government ]
Ukraines Defense Intelligence Directorate (GUR) announced it breached servers of the Russian-installed authorities in occupied Crimea, exfiltrating over 100 TB of official records. No encryption or service disruption reported.
Harrods (via third-party service provider)
September 20, 2025
•[ leak, retail ]
The luxury retailer Harrods disclosed that a third-party service provider was compromised, leading to exposure of roughly 430,000 customer records. The company confirmed no encryption, ransom activity, or service disruption occurred.
Templeton Properties (Halifax, Nova Scotia)
September 20, 2025
•[ social, phishing ]
An employee at Templeton Properties clicked a phishing email link impersonating an invoice, triggering suspicious activity on company computers. The IT administrator confirmed it was a fraudulent email and contained malicious content. No confirmed data theft was reported.
