Aeroflot
July 28, 2025
•[ hacktivism, data leak, data destruction ]
Two hacktivist groups claim to have gained access to 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO interfaces used for server management, and four Proxmox clusters. They say they exfiltrated all databases from flight history and employee workstations (including of top executives), wiretapping servers containing phone call recordings, and personnel monitoring systems. Claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email. Resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Gloucester County, Virginia
July 27, 2025
•[ ransomware ]
Gloucester County reported responding to a ransomware attack that impacted county systems and public access to some services.
City of Nitro, West Virginia
July 26, 2025
•[ data leak ]
Following a data breach, Nitro city employees faced uncertainty over tax withholdings and filings; investigation ongoing and guidance pending.
Everglades Correctional Institution (Florida Department of Corrections)
July 26, 2025
•[ data leak, exposed PII ]
Personal contact information from visitor applications at Everglades Correctional Institution was exposed to all inmates at the facility after a breach reported the prior weekend.
Chanel
July 25, 2025
•[ social, retail ]
Threat actors accessed Chanels Salesforce-hosted database at a third-party provider via social-engineering/OAuth tactics; data theft detected July 25, 2025; U.S. customer contact details exposed; no operational disruption reported.
Government servers of Russian-occupied Crimea
July 25, 2025
•[ hack, government ]
Ukraines military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russias forced deportation of Ukrainian children from occupied territories.
Parliament of Aruba
July 25, 2025
•[ hack, government ]
Parliamentary email systems in Aruba were hacked in late July 2025, compromising official accounts. The attack affected email communications but did not disrupt broader parliamentary operations. No attribution or data theft has been confirmed.
Harbor Behavioral Health
July 25, 2025
•[ leak, healthcare ]
Harbor reported that suspicious activity was identified on Aug 1, 2025; investigation determined an unauthorized party accessed and took files from the network between late July and Aug 1. Notifications were issued Sept 30; no encryption or operational disruption reported.
Harbor (Ohio mental health and substance use provider)
July 25, 2025
•[ leak, healthcare ]
An unauthorized actor accessed Harbors network between July 25 and August 1, 2025, and exfiltrated files containing patient, employee, and board member information. The organization disclosed the breach on September 30, 2025.
Hello Cake
July 25, 2025
•[ leak, healthcare ]
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
Tea App
July 25, 2025
•[ data leak, misconfiguration ]
Tea, a women-focused dating and safety app, suffered a breach via a misconfigured Firebase storage bucket, exposing ~72,000 images and up to 1.1M private DMs, later leaked on 4chan; users who signed up before Feb 2024 were affected.
City of Saint Paul, Minnesota
July 25, 2025
•[ cyberattack, government, service disruption ]
A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
Polish Air Navigation Services Agency (PANSA)
July 25, 2025
•[ cyberattack, sabotage, service disruption ]
Polish authorities opened an investigation into potential sabotage affecting air traffic control systems; disruptions triggered review of cyber causes.
Orange
July 25, 2025
•[ data breach, service disruption ]
Orange detected a breach of one information system on July 25; isolating affected services caused disruptions for some business and consumer services in France. Company reports no evidence of data exfiltration as of reporting.
Cisco.com Registered Users
July 24, 2025
•[ social, phishing, technology ]
A voice phishing (vishing) call tricked a Cisco representative into granting access to a third-party CRM system on July 24, 2025. Attackers exfiltrated basic profile information of Cisco.com users (names, emails, phones, addresses, account metadata). No passwords or sensitive data affected; actor remains unknown. Breach discovered by August 5, 2025.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Brightstar Lottery Group
July 24, 2025
•[ hack ]
Unauthorized access to Brightstar Lottery Groups corporate network occurred July 24 2025 and was discovered July 25 2025. The Rhode Island-based vendor notified affected individuals in September after confirming that roughly 550 Connecticut residents personal information was compromised. No operational disruption or encryption reported.
Sotheby’s
July 24, 2025
•[ data leak ]
Breach detected July 24; investigation found SSNs and financial details impacted employees
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
North St. Paul Police Department
July 23, 2025
•[ phishing, government, hack ]
A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
