Eastern Idaho College
May 30, 2025
•[ malware ]
Malware infection discovered around May 30, 2025 forced College of Eastern Idaho to shut down all computer systems, including internet and email services, for several days; operations gradually restored; no data theft or encryption reported.
Lorain County Government
May 30, 2025
•[ government, ransomware ]
Lorain County, Ohio detected a network security incident on May 30 2025 that forced courts and several county departments offline; officials reported no evidence of data theft or encryption, and investigations remain ongoing.
West Texas Oral Facial Surgery
May 29, 2025
•[ hack, ransomware, leak ]
West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
Farmers Insurance (via third-party vendor)
May 29, 2025
•[ social, phishing, finance ]
Over 1.1 million customers impacted by breach via Salesforce-linked vendor breach. Exfiltration involved social engineering/vishing and malicious OAuth apps, with ShinyHunters and Scattered Spider providing access and exfiltration. Two years of identity protection offered.
ConnectWise
May 29, 2025
•[ nation-state attack, security incident, cloud security ]
ConnectWise reported a suspected nation-state breach impacting a small number of ScreenConnect cloud customers; investigation with Mandiant ongoing; no counts shared.
ASUS consumer routers
May 29, 2025
•[ botnet, compromised devices ]
Report describes thousands of ASUS routers compromised to build a botnet; this is a broad campaign summary effect.
The Salvation Army
May 29, 2025
•[ ransomware, data leak ]
Media cite Chaos ransomware listing The Salvation Army and claim of data exfiltration, but no verified confirmation from the organization at time of reporting.
Victoria's Secret
May 29, 2025
•[ ransomware ]
Victoria's Secret took down its website and limited some store services as part of response to a security incident; recovery in progress at time of report.
UCLH & University Hospital Southampton NHS Trusts
May 29, 2025
•[ vulnerability exploit, data leak ]
Hackers exploited a critical Ivanti EPMM flaw affecting two NHS trusts; data theft involved staff device details, with no patient data accessed according to UCLH; NHSE investigating.
Saifuddin Nasution Ismail (WhatsApp account)
May 28, 2025
•[ phishing, account takeover, government ]
WhatsApp account of Malaysias Home Minister hacked in late May 2025 and used via a foreign VPN to send malicious/phishing links to contacts; government confirmed account compromise Jun 2 2025; no evidence of large-scale data theft or system outage.
Legal Practice Board of Western Australia
May 28, 2025
•[ ransomware, data leak ]
The regulator confirmed a ransomware attack; threat actors claimed 300 GB exfiltration. The Board took some systems offline, investigated with external experts, and notified affected parties.
Cork Protocol
May 28, 2025
•[ cryptocurrency theft, decentralized finance (DeFi) ]
DeFi platform reported ~$12.1M (4,530 ETH) stolen from the wstETH:weETH market; all markets paused during investigation.
Multiple Thai bank ATMs
May 28, 2025
•[ skimming, malware ]
Police arrested a Bulgarian for allegedly installing devices/malware on ATMs; article cites arrests rather than a confirmed disruptive/theft effect on a named victim org. Not coded as a cyberattack event.
Scania AB
May 28, 2025
•[ data leak, extortion ]
Scania confirms insurance claim data breach in extortion attempt
Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
McElroy & Associates, Inc.
May 28, 2025
•[ data leak, unauthorized access, HIPAA ]
McElroy & Associates, Inc., a professional services firm operating as a HIPAA-covered healthcare business associate, disclosed unauthorized access to an employee email account occurring between May 28 and May 30, 2025. A forensic investigation determined that personal and protected health information may have been exposed. The company notified affected individuals and regulators; no operational disruption was publicly reported.
Undisclosed organizations in China
May 27, 2025
•[ cyberattacks, espionage ]
China publicly accused individuals allegedly linked to Taiwans military of cyberattacks and espionage against Chinese entities.
Adidas
May 27, 2025
•[ data leak ]
Adidas disclosed that an unauthorized party accessed consumer data via a third-party customer service provider; impacted data is contact information of people who interacted with customer support.
ASVT
May 27, 2025
•[ ddos, hacktivism, service disruption ]
Major DDoS on Russian ISP ASVT disrupted internet for tens of thousands in Moscow; ASVT attributed the attack to the pro-Kyiv IT Army.
York County
May 27, 2025
•[ data leak, third-party ]
County alerted residents to a possible data privacy event involving a vendor.
