Highlands Oncology Group
June 2, 2025
•[ ransomware, healthcare ]
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
National Council of Notaries of Morocco (Tawtik.ma Platform)
June 2, 2025
•[ data leak, hacktivism ]
Hacktivist group Jabaroot DZ exfiltrated data from Moroccos Tawtik.ma platform used by the National Council of Notaries; DGSSI confirmed the breach was limited to this platform and did not affect ANCFCC; attackers claimed to have accessed 4 TB of non-classified notarial records.
Connex Credit Union systems
June 2, 2025
•[ data leak ]
An unauthorized access between June 23, 2025, allowed attackers to steal sensitive personal and financial data; no evidence of account compromise; notifications began late July into early August; credit monitoring offered
Microsoft Outlook / Office 365 Customers
June 1, 2025
•[ social, phishing, technology ]
Threat actors abused Proofpoint and Intermedia email-link wrapping services to deliver phishing emails posing as Teams notifications and voicemails, leading to theft of Microsoft Outlook / Office 365 login credentials from global users. No encryption occurred; actor identity unknown.
Ingonyama Trust Board
June 1, 2025
•[ ransomware, malware, government ]
On June 1, 2025, the NightSpire ransomware group attacked the Ingonyama Trust Board in South Africa, stealing around 30 GB of potentially sensitive organizational data. Reports confirm exfiltration but no encryption or disruption of systems. The incident became public on August 29, 2025.
Multiple diplomatic and international organizations (particpating in Gaza peace talks)
June 1, 2025
•[ espionage, social, phishing ]
Homeland Justice, an Iranian MOIS-linked group, compromised an Omani Embassy email account and used it to deliver spear-phishing attachments to diplomats and international mediators engaged in Gaza ceasefire negotiations. This was an espionage operation with no service disruption reported. ~72K+ malicious Word emails sent via spear-phishing from a compromised Omani Embassy in Paris account; targeted Egyptian officials, U.S. and Qatari mediators, and organizations such as UN, UNICEF, World Bank, and African Union during Gaza ceasefire talks
WhatsApp/Apple
June 1, 2025
•[ espionage, malware, technology ]
A zero-click spyware campaign exploited WhatsApp and Apple zero-day flaws, infecting fewer than 200 civil society individuals globally between June and August 2025. Attackers likely state-sponsored.
Rosselkhoznadzor – Mercury (VetIS) platform
June 1, 2025
•[ service disruption, supply chain attack, government ]
Cyberattack took Russias Mercury (VetIS) animal-product certification platform offline, forcing paper certificates and disrupting dairy supply chains; major retailers (e.g., Lenta, Yandex Lavka, Miratorg) reported interruptions; restoration ongoing; no attribution.
American Hospital Dubai
June 1, 2025
•[ ransomware, data leak ]
Ransomware group Gunra claimed on June 1 2025 to have breached AHDs Cerner Millennium EHR and exfiltrated a multi-terabyte dataset; figures include a claimed 450M records and 4,589,196 patients; no independent confirmation of volume or encryption.
Newsler.ru
June 1, 2025
•[ ddos ]
Newsler.ru, a regional Russian news outlet, experienced a DDoS attack on June 1, 2025 generating over 1,000 requests per second and disrupting access for about 1.5 hours; mitigation restored full service; attacker identity not confirmed.
City of Durant
June 1, 2025
•[ ransomware, data leak ]
City of Durant experienced a cyber intrusion on June 1 2025 attributed to INC
KT Corporation
June 1, 2025
•[ financial fraud, data breach ]
KT told lawmakers its CEO would step down once the unauthorized micropayment breach is resolved. The case involves widespread illicit small-value charges through subscriber accounts, prompting government probes, customer redress, and leadership accountability. Technical details point to abuse of payment flows rather than core network outage; impact is financial and reputational, not operational.
McDonald’s recruitment chatbot platform
June 1, 2025
•[ data leak ]
SecurityWeek reported that a recruitment chatbot platform used by McDonalds leaked data on approximately 64 million job applicants worldwide.
At least one Ukrainian grain producer
June 1, 2025
•[ malware, wiper attack, state-sponsored attack ]
Russian state-backed threat group Sandworm, also known as APT44, used several data-wiping malware families in a series of destructive attacks against Ukrainian organizations in 2025, including newly reported operations targeting the countrys grain sector. An ESET APT activity report cited by BleepingComputer says that in June and September Sandworm deployed wipers like ZEROLOT and Sting against entities in the governmental, energy, logistics, and grain industries, with the grain sector highlighted as a less frequent but strategically important target. The wipers corrupt files, disk partitions, and master boot records in ways that prevent recovery, likely aiming to weaken Ukraines war economy by disrupting a critical export industry.
Undisclosed Kyrgyzstan organization
June 1, 2025
•[ phishing, malware, state-sponsored ]
A nation-state actor known as Bloody Wolf conducted spearphishing impersonating the Kyrgyz Ministry of Justice to deploy JAR loaders and install NetSupport RAT for persistent access to organizational systems; no data theft was reported.
Undisclosed Greek company
May 31, 2025
•[ hacking ]
Brief wire notes that Russian hackers targeted a Greek company but provides no confirmed primary effect.
Gastroenterology Consultants of South Texas
May 31, 2025
•[ data leak ]
Gastroenterology Consultants of South Texas (Texas Digestive Specialists) detected unauthorized access to its IT systems in late May 2025.
Ordine degli Psicologi della Lombardia
May 30, 2025
•[ ransomware, data breach ]
Italys data protection authority fined the Lombardy Psychologists Order 30,000 following a data breach; the Order states the incident traces to a serious ransomware attack in 2023, with no operational details disclosed in the article.
Department of Justice of Puerto Rico
May 30, 2025
•[ service disruption ]
Cyberattack led PR DOJ and PRITS to suspend SIJC-PR services (including criminal record certificates) while containing the incident; officials reported no compromise of private data and gave no details on encryption or exfiltration.
Черна писта
May 30, 2025
•[ denial of service ]
Bulgarian outlets reported a DDoS that attempted to take down the crash-map site created by 18-year-old Martin Atanasov; the hosting firm confirmed a mass attack and service impact before restoration.
