Unnamed U.S. Banking Organization
May 9, 2025
•[ social, misconfiguration, finance ]
ReliaQuest links Scattered Spider to renewed activity against U.S. financial services, including a bank intrusion achieved via social engineering + Azure AD SSPR, followed by lateral movement (Citrix/VPN), ESXi compromise, and cloud data access attempts (Snowflake/AWS).
Undisclosed U.S. government agency (reported as “Department of Government Efficiency”)
May 8, 2025
•[ infostealer, malware, credential leak ]
Ars Technica reports a government software engineers workstation was infected with info-stealing malware, with login credentials appearing in multiple stealer-log dumps since 2023; investigation centers on credential exposure rather than confirmed enterprise compromise.
BitoPro Exchange
May 8, 2025
•[ cryptocurrency theft, unauthorized access, money laundering ]
Unauthorized access on May 8 2025 to BitoPro exchange hot wallets resulted in theft of about NT$345 million (US$11.5 million) in cryptocurrency; funds laundered via Tornado Cash, Thorchain, and Wasabi; attribution linked to North Koreas Lazarus Group (APT38); no operational disruption reported.
Outwood Academy Acklam
May 8, 2025
•[ data leak ]
Local reporting says the Middlesbrough school notified families on May 8 of a breach affecting parent information; letters indicated personal details were accessed and the school engaged with authorities.
Undisclosed Japan/Taiwan public institutions
May 8, 2025
•[ government, cyberattack campaign ]
The linked Asahi AJW page is blocked by robots; relying on parallel reporting, this is a campaign/technique article (no discrete victim outcome to code as an event).
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
South African Airways
May 7, 2025
•[ cyberattack, service disruption ]
SAA reported a cyberattack that temporarily disrupted its website, mobile app, and multiple internal operational systems; containment actions minimized impact on core flight operations.
Ualabee
May 6, 2025
•[ leak, misconfiguration, technology ]
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
GlobalX
May 6, 2025
•[ hacktivism, defacement, data leak ]
Hacktivists defaced GlobalXs website and claimed theft of flight records and deportation passenger manifests; reporting cites defacement message referencing deportations. https://databreaches.net/2025/05/06/globalx-airline-for-trumps-deportations-hacked/
Arun District Council
May 6, 2025
•[ ddos, hacktivism ]
Pro-Russia group NoName057(16) ran a DDoS campaign against multiple UK local government sites; Arun DC confirmed website issues on May 6 that were resolved within hours; other councils reported little/no impact.
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
Alvin Independent School District
May 6, 2025
•[ data leak ]
Alvin ISD in Texas notified over 47,000 people of a data breach exposing personal information; investigation and notifications underway.
West Lothian Council, Education Network
May 6, 2025
•[ ransomware, education ]
West Lothian Council reported a ransomware cyberattack affecting the education network; contingency plans kept schools open while systems were restored.
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
KazMunaiGas
May 5, 2025
•[ social, hack, phishing ]
A spear-phishing campaign disguised as internal HR communications delivered multi-stage malware to KMG employees. Attackers used a compromised business email, LNK downloader, PowerShell (DOWNSHELL), and DLL implant to establish reverse shell access. KMG later labeled it a phishing test.
Government of Romania
May 5, 2025
•[ ddos, hacktivism, election interference ]
Russia-aligned hacktivists claimed DDoS attacks on Romanian state and candidate websites on election day, temporarily knocking portals offline before restoration.
Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
TeleMessage
May 5, 2025
•[ data leak ]
TeleMessage (an unofficial Signal archiving tool owned by Smarsh) suspended services while investigating a breach that exposed backend credentials and some archived data.
Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
