IStories & Verstka (independent media)
June 20, 2025
•[ denial of service ]
Qurium linked a Russian hosting provider (Biterika) to DoS floods that hit IStories and Verstka after a sensitive expos; ownership ties point to a sanctioned tech institute staffer.
Nippon Steel subsidiary (Japan)
June 20, 2025
•[ data leak, zero-day exploit ]
Subsidiary blamed data breach on a zeroday exploit; extent and data types under investigation.
Glasgow City Council
June 19, 2025
•[ data leak, government, supply chain attack ]
Glasgow City Council detected malicious activity on servers managed by supplier CGI on 19 June 2025; online payment and school-absence systems were taken offline; possible theft of customer data under investigation; no financial systems affected.
Nobitex Cryptocurrency Exchange
June 18, 2025
•[ hacktivism, cryptocurrency, theft ]
Predatory Sparrow (pro-Israel hacktivist group) breached Irans Nobitex cryptocurrency exchange on June 18 2025, transferring roughly $90 million USD in assets to unrecoverable wallet addresses; action was intended to punish Iranian regime-linked financial infrastructure; no evidence of ransom or profit motive.
Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Bank Sepah
June 17, 2025
•[ hacking, data destruction ]
Suspected Israeli hackers claim to destroy data at Iran's Bank Sepah.
NetVision (Cellcom Israel)
June 17, 2025
•[ phishing, vulnerability exploitation, hacktivism ]
Pro-Palestinian hackers exploited a vulnerability in NetVisions legacy email infrastructure to send forged phishing messages impersonating Israeli government domains; servers used for distribution of malicious emails; no confirmed data theft or ransom demand reported.
Unnamed Jerusalem CCTV streaming provider
June 17, 2025
•[ Espionage, Nation-State Actor, CCTV compromise ]
According to Amazons threat intelligence team, Iranian-linked group MuddyWater provisioned attack infrastructure in mid-May 2025 and then used it on June 17, 2025 to access a compromised server streaming live CCTV footage from Jerusalem. Analysts assess that the group leveraged this access to gather real-time visual intelligence to refine targeting for a June 23 missile attack launched by Iran, in what Amazon terms cyber-enabled kinetic targeting. The case highlights how cyber intrusions against surveillance systems can directly support physical military operations without necessarily causing digital outages or data theft in the traditional sense.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
United States National Guard (select components)
June 15, 2025
•[ espionage, nation-state ]
SecurityWeek reported that China-linked Salt Typhoon compromised National Guard systems in an espionage operation; details limited.
Undisclosed city in Sweetwater County, WY
June 15, 2025
•[ ransomware ]
Local outlet notes ongoing silence from a Sweetwater County city one month after a June ransomware attack.
Viva Health Insurance
June 14, 2025
•[ leak, misconfiguration, healthcare ]
Viva Health, an Alabama-based health insurance company headquartered in Birmingham, experienced exposure of a web-accessible file from June 14 to August 27, 2025. The file contained limited PHI for about 4,945 members and was removed upon discovery. No misuse or encryption was reported.
Cock.li
June 14, 2025
•[ data leak, vulnerability exploit, email accounts ]
The Germany-based email provider Cock.li confirmed that a hacker exploited a vulnerability in its Roundcube webmail application.
Vice Ministry of Economy (Paraguay) et al.
June 14, 2025
•[ hacktivism, website defacement, unauthorized access ]
Hacktivist group CyberTeam launched coordinated website intrusions against Paraguayan government institutions, defacing and accessing official systems while denouncing national cybersecurity as ineffective; the Ministry of Economy confirmed limited unauthorized access but no data leak.
Sree Padmanabhaswamy Temple
June 13, 2025
•[ hack, insider, financial ]
On June 13, 2025, the Sree Padmanabhaswamy Temples computer system in Kerala, India, was hacked, suspected to involve a former IT staff member retaining access after transfer. Critical operational and financial records were accessed and tampered with, though no encryption or ransomware-style disruption was reported. The breach was discovered by temple officials and reported to police, with a forensic probe launched.
Unnamed hotels in Brazil
June 13, 2025
•[ phishing, financial, malware ]
TA558 used LLM-generated JS/PowerShell loaders in phishing emails (Portuguese/Spanish) to deploy Venom RAT against hotels (Brazil/Spanish-speaking markets), aiming to siphon guest credit-card data from hotel systems/OTAs; observed in summer 2025, with no named victims or outages.
WestJet Airlines
June 13, 2025
•[ data leak ]
On June 13 2025, WestJet experienced unauthorized access causing internal system and app disruption. A subsequent investigation confirmed that a sophisticated criminal actor exfiltrated passenger and employee data, including contact and travel records, though flight operations were unaffected. The company disclosed the data theft on September 29 2025.
Orion Telekom
June 13, 2025
•[ ddos, service disruption ]
Russian internet provider Orion Telekom reported repelling a DDoS attack without data loss; temporary service interruptions were observed.
The Washington Post
June 13, 2025
•[ data leak, espionage, email compromise ]
A targeted intrusion discovered on June 13 2025 compromised a limited number of Washington Post journalist email accounts, exposing internal correspondence and attachments. The publication stated no subscriber or HR data was affected. Investigation remains ongoing with indications of potential state-sponsored activity.
Manassas Park City Schools
June 12, 2025
•[ ransomware, malware, education ]
The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
