Scarva Street Surgery
September 3, 2025
•[ hack, healthcare ]
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June.
Sun Valley Surgery Center
September 3, 2025
•[ data leak ]
During a September 3, 2025 incident, an unauthorized third party accessed Sun Valley Surgery Centers information systems; more than 27,000 individuals sensitive personal and protected health information may have been exposed, though the facility reports no confirmed misuse or operational disruption.
MetroWest Community Federal Credit Union
September 3, 2025
•[ ransomware, data leak ]
MetroWest Community Federal Credit Union disclosed that unauthorized access to its systems in early September 2025 resulted in the compromise of sensitive member information, with the incident attributed to the Akira cybercriminal group.
Indonesian National Police Mobile Brigade Corps
September 2, 2025
•[ hack, government ]
The site with the address korbrimob.polri.go.id has been inaccessible since Tuesday afternoon, September 2, 2025, at 15.07 WIB.
Bridgestone Americas
September 2, 2025
•[ hack, manufacturing ]
A cyber incident disrupted production at Bridgestone Americas plants in South Carolina and Quebec. IT systems required shutdown; staff performed preventive maintenance or were sent home. Incident was contained rapidly with no data loss, and operations have since normalized.
Indigo Publications (Glitz Paris, La Lettre, Africa Intelligence, Intelligence Online)
September 2, 2025
•[ hack, ddos, technology ]
Indigo Publications reported a massive DDoS campaign in early September 2025 targeting its web infrastructure, rendering Glitz Paris and other affiliated media outlets intermittently inaccessible. Motive unconfirmed but suspected retaliation for investigative reporting.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, malware, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Prosper
September 2, 2025
•[ data leak ]
Prosper disclosed September breach; HIBP reports 17.6M affected with sensitive data
Mecklenburg County Public Schools
September 2, 2025
•[ ransomware ]
Ransomware disrupted classes; district reported incident and restoration after a week.
California Casualty Companies
September 2, 2025
•[ data leak ]
California Casualty Companies reported that an unauthorized third party accessed company systems on September 2 and acquired files containing customer personal, financial, insurance, and identification information; no operational disruption or actor attribution was reported.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Ordine dei Giornalisti del Lazio
September 1, 2025
•[ ransomware, malware, government ]
A sophisticated ransomware attack targeted the IT infrastructure and internet access of the Lazio Journalists Order in Rome affecting over 20 000 members. The group DragonForce is suspected and authorities and data protection bodies are involved.
Austrian Ministry of the Interior
September 1, 2025
•[ hack, government ]
A professional cyberattack compromised about 100 government email accounts. IT systems were disconnected; investigations launched. No sensitive citizen or law enforcement data was impacted. Attack vector remains unconfirmed.
Waterford Surgical Center
September 1, 2025
•[ ransomware, malware, healthcare ]
Safepay ransomware group attacked Waterford Surgical Center on September 1, 2025, claiming access to internal systems and exfiltration of sensitive patient and payment data. No disclosure of affected numbers.
Prosper
September 1, 2025
•[ hack, finance ]
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
At least one undisclosed government entity in the MENA region
September 1, 2025
•[ espionage, malware, government ]
Reporting indicates a sustained espionage wave using updated Phoenix implants against government entities, with goals of persistence and data collection rather than overt disruption; activity aligns with prior MuddyWater TTPs and region-focused intelligence objectives.
Undisclosed Hungarian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Hungarian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Undisclosed Indian government or infrastructure organisation(s)
September 1, 2025
•[ espionage, malware, credential theft ]
Pakistan-linked APT36 used themed lures and HTML/shortcut droppers to deliver cross-platform implants on Windows and BOSS Linux systems used by Indian government organizations, enabling credential theft, persistence and covert collection. Activity is espionage-oriented with no reported service outage.
Undisclosed Belgian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Belgian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Wynn Resorts
September 1, 2025
•[ data leak, employee personnel records, Social Security numbers ]
Attackers associated with the ShinyHunters cybercriminal group gained unauthorized access to Wynn Resorts systems in September 2025. The intrusion exposed approximately 800,000 employee personnel records containing Social Security numbers and other personal identifying information.
