Askul
October 19, 2025
•[ ransomware ]
Askul halted orders and shipments across sites after ransomware crippled systems
Dodd Group
October 19, 2025
•[ data leak, third-party breach ]
Report claims Russian group accessed contractor and leaked MoD base documents
London Womens Clinic
October 19, 2025
•[ ransomware, data leak, dark web ]
Russian ransomware group Qilin reportedly broke into systems used by the London Womens Clinic which runs seventeen IVF and fertility centres across the United Kingdom and is believed to have exfiltrated large volumes of sensitive patient data after posting about the breach on dark web channels on October 19 2025 raising concerns for both private and NHS patients
Naxtel; AZ Smart Offers; BirMarket; Elit Optimal; two additional Azerbaijani websites
October 18, 2025
•[ DDoS ]
Hezi Rash Group launched a politically motivated DDoS campaign against Azerbaijan on October 18, 2025. Six Azerbaijani websites, including telecom operator Naxtel and retailers AZ Smart Offers, BirMarket, and Elit Optimal, were rendered inaccessible for several hours. Outages were verified through Check-Host reports posted by the group.
DeKalb County
October 18, 2025
•[ system intrusion, service disruption ]
The city reported a network intrusion that disabled billing and administrative systems. Residents were temporarily limited to checks/money orders; late fees were waived and hearings were postponed while forensic work and system rebuild proceeded with state and federal assistance.
Xubuntu
October 18, 2025
•[ malware, data theft, supply chain attack ]
Pplware reports the official Xubuntu site was briefly compromised; the torrent download link served a ZIP with a Windows EXE that stole sensitive data (e.g., crypto addresses). Xubuntu removed the page and accelerated infra migration; ISO mirrors were unaffected. Financially motivated malware delivery via a trusted brand.
FullBeauty Brands, Inc.
October 18, 2025
•[ ransomware, data leak, unauthorized access ]
Unauthorized actors accessed FullBeauty Brands systems over several weeks in late 2025 and exfiltrated internal company data, later claimed by the Everest ransomware group, with no confirmed operational disruption publicly disclosed.
Envoy Air (American Airlines)
October 17, 2025
•[ ransomware, data leak, vulnerability ]
Envoy Air confirmed it was hit in a broader Clop campaign abusing an Oracle EBS zero-day. Reuters notes a small amount of Envoy business information may have been accessed; Clop listed American Airlines, but the target was Envoy, AAs regional carrier. Primary impact: unauthorized access/data theft for extortion, not operational outage.
Serbian Civil Aviation Directorate
October 17, 2025
•[ cyber-espionage, phishing, malware ]
A cyber-espionage campaign linked to suspected Chinese threat actors compromised application servers at Serbias Civil Aviation Directorate. Attackers used phishing emails to deploy Sogu, PlugX, and Korplug malware, gaining persistent access for intelligence collection. No operational disruption was reported.
University of the Witwatersrand
October 17, 2025
•[ zero-day, data leak ]
University statement confirms zero-day event impacting Oracle E-Business; investigation ongoing
City of La Vergne
October 17, 2025
•[ government ]
La Vergne shut systems after a cybersecurity breach on Oct 17; city offices remained closed while FBI/TBI assisted recovery.
Fairfield City Council
October 16, 2025
•[ unauthorized access, data exfiltration, system disruption ]
Fairfield City Council said threat actors illegally accessed a portion of its IT environment in October 2025, disrupted systems, and exfiltrated sensitive staff and resident information while most council services continued operating with temporary workarounds.
Mitchell County
October 16, 2025
•[ ransomware, unauthorized access, theft of personal information ]
Mitchell County detected ransomware on its computer network on October 20, 2025, after unauthorized access between October 16 and October 20. The incident encrypted files, disrupted email and phone systems for several days, and involved the theft of personal information and protected health information from Department of Social Services records.
City of Elne (France)
October 15, 2025
•[ ransomware, data leak, nation-state ]
French press reports Russian-linked Qilin targeted Elne shortly after school attacks
Heywood Hospital and Athol Hospital
October 15, 2025
•[ cybersecurity, healthcare, outage ]
Hospitals reported cybersecurity incident causing outages and Code Black ambulance diversion
Mango
October 15, 2025
•[ data leak ]
External marketing provider breach exposed limited customer contact data; Mango said core systems unaffected
Russian IT service provider
October 15, 2025
•[ data leak, espionage, apt ]
China-linked Jewelbug infiltrated Russian IT provider for months, exfiltrating repositories and data
Zerodha
October 15, 2025
•[ phishing, account compromise ]
Economic Times details Kamaths brief X account compromise after clicking phishing email
