Riot Games
October 7, 2025
•[ ddos ]
Record DDoS disrupted major gaming platforms including Steam and Riot Games.
PTOE Corporation
October 7, 2025
•[ website defacement, malware, phishing ]
Company confirmed official website was replaced and redirected to a fraudulent Chinese shopping site serving malware.
Sunweb Group
October 7, 2025
•[ data leak, phishing ]
Data breach exposed customer contact and booking details; agency warned customers to stay vigilant.
Sony Interactive Entertainment (PlayStation Network)
October 7, 2025
•[ account takeover, poor security practices, hacking ]
Hackers compromised a PlayStation Network account belonging to well-known gamer dav1d_123, apparently exploiting weak account protection or internal credential handling by PSN support. The incident revealed deficiencies in Sonys customer-support and account-security processes.
Appalachian Community Federal Credit Union
October 7, 2025
•[ data leak ]
Appalachian Community Federal Credit Union detected unauthorized access to its systems in early October 2025 The institution confirmed a cyber incident involving unauthorized access and data theft and issued breach notifications to affected members including residents of Massachusetts following forensic investigation
TISZA Világ
October 6, 2025
•[ leak, hack, government ]
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Vilg service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Western Sydney University
October 6, 2025
•[ phishing ]
Mass fraudulent emails to students/alumni claiming degree revocation; university says messages were not legitimate.
Indonesian National Police
October 4, 2025
•[ data leak, government, hacker ]
Hacker Bjorka released a dataset of ~341k police personnel (names, ranks, units, contacts) from 2016 on a public site; authorities acknowledge leak discussions while probing identity of actor.
Renault UK
October 3, 2025
•[ data leak, third-party breach ]
Third-party service provider breach affecting Renault UK customer records; exposed contact and vehicle identifiers; Renault says own systems not compromised.
General Directorate of Taxes and Domains
October 3, 2025
•[ data leak ]
Criminal group 'Black Shrantac' claims breach of Senegals DGID with large-scale data exfiltration; impact on DGID operations not detailed.
Discord
October 3, 2025
•[ data leak, third-party breach ]
Third-party customer support vendor was breached, exposing support tickets, personal data, limited billing details, and a small number of government-ID images; Discord core systems unaffected.
Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
My ServiceOttawa
October 3, 2025
•[ data leak, phishing ]
On 3 October 2025 a My ServiceOttawa account using an automated bot exploited a bug in the service request lookup tool, allowing it to pull details of other residents service requests when a valid request number was supplied. The City of Ottawa says the breach was limited to email and postal addresses tied to about 2,454 service requests and did not include financial information, passwords or other sensitive data. The city immediately blocked the bot, patched the application, identified all potentially affected records and began notifying impacted residents with advice on spotting phishing or misuse of their contact details.
Apple Federal Credit Union
October 3, 2025
•[ atm jackpotting ]
ATM jackpotting attack at an Apple Federal Credit Union drive-thru ATM in Fair Oaks, Virginia, where attackers manipulated ATM systems to force unauthorized cash dispensing, resulting in approximately $175,000 stolen.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware, encryption, operational disruption ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
DraftKings
October 2, 2025
•[ credential stuffing ]
Credential stuffing allowed unauthorized access to a small number of customer accounts and limited data; company says internal systems not breached and no financial loss.
Latvian government portals
October 2, 2025
•[ ddos ]
Large DDoS disrupted access to many Latvian state and municipal websites; services restored after roughly an hour; investigation ongoing.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
