KT Corp
September 11, 2025
•[ leak, technology ]
KT reported a breach where rogue mini base stations intercepted traffic, leading to a possible IMSI leak for 5,561 subscribers; authorities notified (PIPC), customers alerted, compensation pledged; broader probes ongoing.
Ministry of Economy and Finance of Panama
September 11, 2025
•[ ransomware, malware, government ]
MEF reported a malware incident on one workstation and containment with no impact to core platforms; INC Ransom simultaneously claimed an intrusion and >1.5 TB data theft with proof-of-hack samples. Extent of breach remains unconfirmed.
Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Geedge Networks
September 11, 2025
•[ leak, technology ]
Largest known Great Firewall leak exposed online on Sept. 11, 2025: hundreds of GB from Geedge Networks and MESA Lab (IIE CAS) covering DPI/SSL fingerprinting, VPN detection, build/runbooks, and packaging repos; links provided for public download; no operational disruption reported.
Google
September 11, 2025
•[ hack, technology ]
Group posted screenshots alleging access to CJIS and Google LERS; Google confirmed only a fraudulent LERS account, disabled before use, with no data accessed; FBI declined comment. No confirmed victims or exfiltration.
National Credit Information Center (CIC)
September 11, 2025
•[ data leak ]
Personal/credit records for citizens and companies held by the State Banks CIC; Vietnams CERT confirmed data theft with scope still being assessed; operations continued without disruption.
Virginia Urology
September 11, 2025
•[ data leak, ransomware ]
DataBreaches reported that threat actors calling themselves MS13-089 claimed they hacked Virginia Urology on November 9, 2025 and exfiltrated about 927 GB of data, while stating they did not encrypt systems so as not to harm the patients. The outlet reviewed sample files and described faxed referrals and medical reports whose filenames appeared to include patients names and dates of birth, with additional pages containing extensive protected health information such as insurance and contact details and clinical histories. Virginia Urology had not publicly confirmed the incident or responded to inquiries in the reporting, but the presence of leaked sample data indicates unauthorized access and exfiltration consistent with an exploitive breach.
London North Eastern Railway
September 10, 2025
•[ leak ]
LNER disclosed that a supplier breach led to unauthorised access to customer files containing contact details and past journey info; no financial data or passwords affected; services unaffected; investigation ongoing and customers urged to be vigilant.
Campaign of Denis Pasler
September 10, 2025
•[ hack, ddos, government ]
United Russia said a DDoS knocked the Pasler campaign site offline late Sept 10; local media confirmed downtime overnight/morning. Residents also received mass SMS urging votes for Pasler, which the party disowned; observers advised not to follow suspicious links. No data theft
Unnamed European DDoS mitigation
September 10, 2025
•[ hack, ddos, malware ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"A massive DDoS (UDP packet flood) reached "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"1.5 Bpps"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" against an unnamed European DDoS-scrubbing provider; traffic originated from IoT/MikroTik botnets spanning thousands of networks; "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"FastNetMon"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" mitigated the attack; no data theft reported."}]}
National Credit Information Center (CIC), State Bank of Vietnam
September 10, 2025
•[ hack, leak, financial ]
VNCERT confirmed signs of intrusion targeting personal-data theft at CIC; ShinyHunters/Scattered Spider claimed ~160M records, allegedly exploiting end-of-life software; data offered for sale with samples posted.
Allegis Group (parent of Aerotek, TEKsystems, MarketSource, etc.)
September 10, 2025
•[ leak, technology ]
Everest listed Allegis on its leak site, claiming access to internal docs and large client-contact datasets; Cybernews saw two screenshots but no samples beyond that; Allegis had not commented and no outage/encryption was reported
Kido International (London Nurseries)
September 10, 2025
•[ ransomware, education ]
Ransomware group Radiant claimed intrusion into Kido Internationals London nursery network in early September 2025, stealing data on over 8,000 children. The group leaked samples and demanded ransom. Kido confirmed the breach in late September but reported no encryption or operational disruption.
Movement “Другaя Украина”
September 9, 2025
•[ hack, ddos ]
DDoS attack against the Other Ukraine movements website limited access; technical teams working to restore availability; no attribution or data breach reported.
Movement “Ãâ€Ã‘€ÑƒÃ³aѠãúрðøýðâ€Â
September 9, 2025
•[ DDoS attack, website unavailability, cyberattack ]
DDoS attack against the Other Ukraine movements website limited access; technical teams working to restore availability; no attribution or data breach reported.
WIRED
September 8, 2025
•[ data leak ]
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Cond Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Cond Nast brands the hacker also claims to have obtained.
Indian Hotels Company Limited
September 5, 2025
•[ hack, malware ]
Indian Hotels Company Limited (IHCL) reports malware incident, taking immediate action to secure systems and monitoring the situation closely.
KakaoTalk account of a South Korea–based counselor
September 5, 2025
•[ spear-phishing, malware, credential theft ]
According to research by Genians reported by BleepingComputer, a North Korean activity cluster linked to APT37 and KONNI targets South Koreans via spear-phishing emails that spoof national agencies and deliver signed MSI installers. Once executed, the chain installs a remote access toolkit that steals Google and Naver account credentials, giving attackers full
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, government ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, cyberattack, operational disruption ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
