Meat processing facility in Los Angeles
December 12, 2025
•[ spearphishing, vulnerability exploitation, critical infrastructure ]
This article reports on a DOJ/CISA warning and related indictments about Russia-linked cyber actors targeting U.S. critical infrastructure, including techniques like spearphishing and exploiting known vulnerabilities.
BarNet
December 12, 2025
•[ ransomware, data leak ]
Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
At least one user of Notepad++
December 12, 2025
•[ vulnerability, supply chain attack, software update attack ]
PCGuia reported that a critical vulnerability in Notepad++s automatic update mechanism was actively exploited, allowing attackers to intercept update traffic and distribute compromised/malicious versions of the software to users of versions prior to 8.8.9. The article states developers urged users to avoid the built-in updater and instead manually download the installer from the official site or trusted repositories. It also cites reporting that several organizations suffered serious breaches shortly after updating, and notes that the mitigations in version 8.8.9 included forcing the update URL to GitHub and improvements related to certificate/signature verification. The specific attacker identity, the full list of affected downstream organizations, and whether any sensitive data was exfiltrated from victims are not detailed in the article.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Secretaría de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
China Xinchuang Initiative (at least one affiliated organization)
December 9, 2025
•[ phishing, malware, espionage ]
Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.
Greater St. Louis Oral & Maxillofacial Surgery PC
December 4, 2025
•[ phishing, data leak ]
Unauthorized access to a server-hosted employee email account resulted in exposure of patient personal and protected health information and use of the account to send phishing emails.
Yokosuka Gakuin School Corporation
December 1, 2025
•[ ransomware, data leak ]
Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
Undisclosed Apple-assembler in China
December 1, 2025
•[ data leak ]
Hackers breached an Apple assembler in China and accessed internal systems, with reporting indicating that production and manufacturing-related data was targeted during the intrusion.
MédecinDirect
November 28, 2025
•[ data leak ]
MdecinDirect, a French teleconsultation platform, reported a large-scale cyber incident in late November 2025. The provider stated it was the victim of an intrusion that was stopped upon detection on 11/28/2025. Approximately 285,000 patients were warned that their account information could have been compromised, and affected people were informed once the incident perimeter was clarified on 12/03/2025. MdecinDirect indicated that personal and health data potentially consulted included the reason for teleconsultation, information provided in pre-teleconsultation questionnaires, written exchanges between patients and physicians, and some Social Security numbers. The platform stated teleconsultation videos were not recorded and were therefore not impacted. It reported filing a complaint and notifying the CNIL (Frances data protection authority), and stated that services were functioning normally about ten days after the intrusion while additional technical investigation continued.
The Araneta Group of Companies
November 28, 2025
•[ data leak ]
The Araneta Group of Companies disclosed a cybersecurity breach affecting systems of multiple subsidiaries, including Araneta Center Inc., TicketNet Inc., and PPI Holdings Inc., and reported the incident to regulators while investigating the scope of impact.
Visage Imaging
November 26, 2025
•[ data leak ]
Visage Imaging reported a security incident involving unauthorized access to certain personal information within its systems. The organization indicated that an unauthorized party accessed personal information classified as personally identifiable information (PII), and that impacted elements may include individuals names and Social Security numbers. Visage Imaging filed a public notice with the Massachusetts Attorney General and began sending notification letters to impacted individuals on November 26, 2025.
Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
Undisclosed Korean financial institutions
November 25, 2025
•[ ransomware, supply-chain attack, data leak ]
Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
Mallorca Public Transport System
November 25, 2025
•[ ddos, hacktivism ]
Security reporting described a claimed DDoS attempt attributed to the pro-Russian hacktivist collective NoName057(16) targeting public-facing transport websites linked to Mallorcas TIB. Available reporting indicated analysts believed the group attempted to overload public web endpoints with DDoS traffic, but no verified outages or service interruptions were observed for TIB platforms, and there were no reported impacts on trains, buses, or metro operations.
Truenorth Corporation
November 25, 2025
•[ ransomware, third-party breach, government ]
Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
Dolar Financial Group
November 25, 2025
•[ ransomware, data leak, extortion ]
Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
Donbas Post
November 24, 2025
•[ hacktivism, wiper attack, data destruction ]
Ukrainian Cyber Alliance claimed responsibility for wiping Donbas Post's systems in Russian-occupied Ukraine, deleting data from over 1,000 workstations and dozens of servers, disrupting web, email, and corporate operations.
Royal Borough of Kensington and Chelsea
November 24, 2025
•[ data leak ]
RBKC confirmed that attackers accessed council systems and copied data during a cyber incident identified on November 24. The council reports that only historical data was affected, though exfiltrated information may enter the public domain. Emergency plans were activated and some online services and phone lines were disrupted.
Westminster City Council
November 24, 2025
•[ service disruption ]
Westminster City Council was impacted by the same cyber incident identified on November 24, resulting in disruption to some online services and phone systems. The council reports that services are running but some disruption remains. No data compromise has been confirmed.
