BYOND
May 26, 2025
•[ ddos, extortion ]
BYOND endured a weeks-long DDoS that repeatedly knocked services offline; an extortion note said attacks would stop if BYOND went open-source.
Tiffany & Co.
May 26, 2025
•[ data leak, third-party breach ]
Selected Tiffany Korea customers notified of unauthorized access to a vendor system used for customer data; reporting to date only confirms impact on Korean/Chinese customers and does not indicate EU/US exposure or operational disruption.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Chorna Pista (chernapista.com)
May 25, 2025
•[ ddos, disruption of service ]
From May 25 to May 31, 2025, Bulgarian website chernapista.com and its European hosting infrastructure suffered a massive DDoS campaign lasting six days; access was fully disrupted until mitigation; no data theft or encryption reported; perpetrator identity unconfirmed.
Anchor Industries Inc.
May 25, 2025
•[ ransomware, operational disruption ]
Over Memorial Day weekend 2025, Evansville-based Anchor Industries Inc. suffered a ransomware attack that encrypted manufacturing and administrative systems, causing several days of operational disruption. The company reported no confirmed data theft while restoring systems from backups. The responsible actor remains unidentified.
ColoCrossing
May 24, 2025
•[ leak, misconfiguration, technology ]
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
Kurla-based advertising firm
May 24, 2025
•[ ransomware ]
Mumbais Mid-Day reports a ransomware attack on a Kurla advertising firm: data encrypted, ransom demand of Rs 4.25 lakh in Bitcoin; police complaint filed.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Cetus Protocol
May 23, 2025
•[ cryptocurrency hack, theft, financial loss ]
DApp/DeFi project reported theft of ~$223M in crypto; bounty offered and legal action suspension proposed if funds returned.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
Undisclosed Tajikistan government agencies
May 22, 2025
•[ espionage, phishing, data collection ]
Researchers reported a Russia-aligned espionage campaign targeting Tajik government, academic, and research entities using phishing lures and macro-enabled docs to collect data.
Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
Undisclosed United States local governments
May 22, 2025
•[ data leak, zero-day exploit ]
Exfiltration via now-patched Trimble Cityworks zero-day; multiple U.S. local governments breached.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Keir Giles (UK academic)
May 22, 2025
•[ social engineering, phishing, data leak ]
Targeted social-engineering campaign impersonating U.S. State Department tricked Keir Giles into generating app-specific passwords, allowing a nation-state actor to access his Gmail account data stored on Google servers; no evidence of intrusion into affiliated institutional networks.
Independent film makers
May 21, 2025
•[ espionage, malware, government ]
While detained in May 2025, filmmakers phones were allegedly infected with FlexiSPY; forensic analysis ties installation to police custody (May 21). Devices were returned July 10. CPJ/Citizen Lab publicly detailed findings on Sept 1012; The Standard reported the allegations Sept 10.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
SYZEFXIS
May 21, 2025
•[ ddos ]
Karfitsa reported a large DDoS targeting Greeces SYZEFXIS public administration network, causing temporary access issues before services were restored the same morning.
Conseil départemental des Hauts-de-Seine
May 20, 2025
•[ ransomware ]
French outlets reported a massive cyberattack that paralyzed the Hauts-de-Seine departments systems, consistent with a large-scale ransomware-style disruption; restoration efforts continued into the following day.
Federal Tax Service
May 20, 2025
•[ ddos, service disruption ]
Access to several major Russian state services was disrupted in a DDoS attack reported as originating from abroad; outage trackers showed issues across tax and digital key/document services.
