ZZ Dats
October 24, 2025
•[ data leak, government, regulatory action ]
Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
At least one LastPass user
October 24, 2025
•[ phishing, credential theft, account takeover ]
Phishing emails impersonated password-vault Emergency Access notices using false death claims to coerce replies (e.g., STOP), pivoting victims to a look-alike portal tied to CryptoChameleon infrastructure; harvested credentials enabled vault takeover attempts and secondary account compromise. Campaign reflects profit-seeking credential theft across many individuals rather than a single named organization.
Legacy Health, LLC
October 24, 2025
•[ data leak, healthcare ]
Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
AllerVie Health
October 24, 2025
•[ ransomware, data leak ]
AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
M-TIBA (CarePay Kenya)
October 23, 2025
•[ data leak ]
Threat actor Kazu claimed on Oct 23 2025 to have exfiltrated 2.15 TB of data (~4.8 M users) from M-TIBA, a Safaricom-backed health-finance platform; sample of 114 k records posted; Kenyas ODPC launched investigation Oct 29 2025; no encryption or operational outage confirmed.
Freedom Mobile
October 23, 2025
•[ data leak ]
Freedom Mobile disclosed a breach of its customer account management platform that it detected on Oct. 23, 2025. The company stated that an unknown third party used a subcontractors account to access personal information for a limited number of customers, and that suspicious accounts and related IP addresses were blocked as part of corrective measures. Reported exposed data elements include first and last names, home addresses, dates of birth, phone numbers (home and/or mobile), and customer account numbers; Freedom stated the incident was not ransomware and that its network and operations were not affected.
Substack
October 23, 2025
•[ data breach, data leak, PII ]
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
Two undisclosed government departments in a South American country
October 22, 2025
•[ vulnerability exploitation, espionage, data leak ]
Actors exploited a patched SharePoint ToolShell flaw to gain initial access at a telecom, harvest credentials, and pivot across AD-joined systems. Activity included beaconing and data staging consistent with telecom espionage. No operational shutdown reported; primary effect is unauthorized access and data collection.
Rosselkhoznadzor
October 22, 2025
•[ ddos, hacktivism ]
Large DDoS hit Russias food-safety agency, degrading VetIS/Mercury and Saturn services used to certify shipments; suppliers couldnt confirm deliveries and some retailers paused intake until access returned. Officials reported no data compromise, indicating a protest-driven disruption rather than theft.
At least one undisclosed e-commerce site (running Adobe Commerce / Magento 2)
October 22, 2025
•[ vulnerability, account takeover, skimming ]
Observed active attempts to hijack Magento/Adobe Commerce sessions via the SessionReaper flaw weeks after patches, enabling account takeover, checkout abuse, and skimmer deployment on e-commerce sites. This is broad criminal monetization activity against many sites; no single named victim with a confirmed primary effect, so not recorded as a discrete event.
At least one undisclosed Ukraine war-relief organization
October 22, 2025
•[ phishing, credential theft, malware ]
Targeted credential-theft/implant delivery against humanitarian and logistics organizations aiding Ukraine using well-crafted lures, HTML smuggling, and compartmentalized infrastructure. Intent is intelligence collection; campaign report covers multiple organizations without a single verified primary effect to code as an event.
Ravin Academy
October 22, 2025
•[ hacktivism, data leak, government ]
Cyber intrusion into Ravin Academy, an Iranian cybersecurity training institution linked to the Ministry of Intelligence, by a hacktivist group. The stolen data was posted online with anti-regime rhetoric, indicating an ideologically motivated protest hack.
National Time Service Center
October 20, 2025
•[ espionage, state-sponsored attack ]
China accuses U.S. NSA of cyber-espionage against NTSC timing systems
Verisure
October 20, 2025
•[ data leak ]
Verisure reports breach at Swedish subsidiary Alert Alarm; ~35,000 customers impacted
Muji
October 20, 2025
•[ ransomware ]
Muji halted online sales after Askul ransomware outage disrupted logistics operations
Wilkes University
October 20, 2025
•[ data leak, class action ]
Class-action filing alleges cybercriminals accessed Wilkes University systems and exposed personal information of thousands.
DSV
October 20, 2025
•[ data leak ]
Reports indicate DSV confirmed a breach impacting a smaller group of customers; details on scope and timing remain limited.
Kaufman County
October 20, 2025
•[ ransomware ]
County officials reported a cyberattack discovered Oct 20 that knocked out multiple IT systems, disrupting courthouse operations and online services while essential public safety remained online. Response included coordination with state/federal partners and public guidance about service interruptions.
Somalia e-Visa Platform
October 20, 2025
•[ data leak, misconfiguration, government ]
Attackers accessed Somalias national e-visa application serverhosted on a misconfigured shared cPanel environmentallowing unauthorized retrieval of more than 125,000 visa applications and associated passport, biometric, contact, and payment data. U.S. and UK government alerts on November 13, 2025, warned that at least 35,000 travelers may have had their information compromised as the breach continued into mid-November.
