Full List

Search

Recent Breaches

• SK Group (SK Inc.) April 10, 2025 • [ ransomware, data leak ] Qilin listed sk.com on its leak site on April 10 2025, claiming it stole approximately 1 TB of SK Group corporate data. SK has not publicly confirmed the breach or the claimed data volume, and no encryption or operational disruption has been reported.
• At least one government agency or state-owned enterprise in Southeast Asia April 10, 2025 • [ data leak, espionage, government ] The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.
• 3P Corporation Pty Ltd April 10, 2025 • [ ransomware, data leak ] Melbourne-based financial and tax advisory firm 3P Corporation was listed by the Space Bears ransomware group on Apr 10 2025, which claimed to have stolen ~213 GB of corporate and client data; no encryption or service disruption confirmed; breach publicly reported Jun 2 2025.
• Great Plains Federal Credit Union April 8, 2025 • [ malware, jackpotting ] On April 8, 2025, two ATMs at Great Plains Federal Credit Union branches in Salina, Kansas, were compromised in a jackpotting incident; attackers installed malware on the ATM OS to force illicit cash dispensing. Amount stolen not disclosed; no data theft reported.
• Finnish Parliamentary Parties April 8, 2025 • [ ddos, hacktivism ] Pro-Russian hacktivist group NoName057(16) conducted DDoS attacks against websites of Finnish parliamentary parties, temporarily disrupting access for several hours.
• Caisse Nationale de Sécurité Sociale (CNSS) April 8, 2025 • [ data leak, hacktivism ] Moroccos CNSS confirmed a major data breach claimed by the hacktivist group Jabaroot. The attackers accessed and leaked millions of social-security records belonging to private-sector employees and companies. CNSS stated no operational disruption or encryption occurred.
• Kaukokiito April 8, 2025 • [ denial-of-service, hacktivism, logistics ] NoName057(16) carried out denial-of-service attacks against Kaukokiitos website, briefly disrupting logistics service access in Finland.
• Eezy Plc April 8, 2025 • [ ddos ] NoName057(16) conducted a DDoS attack on employment-services provider Eezy Plc, briefly disrupting its website during the coordinated Finnish campaign on April 8 2025.
• Finnish polling-place portal (äänestyspaikat.fi) April 8, 2025 • [ ddos ] On April 8 2025, NoName057(16) targeted Finlands polling-place website nestyspaikat.fi with a DDoS attack linked to protests over Ukraine policy, briefly disrupting voter-information access.
• Czech Government – Prime Minister’s X (Twitter) Account April 8, 2025 • [ account takeover, hacktivism, disinformation ] On April 8 2025, hacktivists compromised the official X account of Czech Prime Minister Petr Fiala and posted fabricated messages about Russian attacks and U.S. tariffs in protest of Czech government policies. Authorities confirmed the intrusion, removed the posts, and restored control within hours. No data theft or encryption occurred.
• OP Group April 8, 2025 • [ ddos, hacktivism ] Pro-Russian hacktivist group NoName057(16) launched DDoS attacks against OP Group, causing temporary disruption of online banking services in Finland.
• Panostaja Oyj April 8, 2025 • [ ddos, hacktivism ] NoName057(16) hacktivists targeted Panostaja Oyjs website in a politically motivated DDoS campaign linked to Finlands ceasefire proposal on Ukraine, causing brief outages.
• Taaleri Plc April 8, 2025 • [ denial-of-service, hacktivism ] Taaleri Plcs public website experienced temporary unavailability after a denial-of-service attack by pro-Russian hacktivist group NoName057(16) on April 8 2025.
• Finnish election information portal (vaalit.fi) April 8, 2025 • [ ddos, hacktivism, service disruption ] Pro-Russian hacktivist group NoName057(16) carried out a DDoS attack against Finlands official election information site vaalit.fi on April 8 2025, temporarily preventing public access.
• Integrated Orthopedics of Arizona April 7, 2025 • [ healthcare ] The practice first detected unauthorized activity on April 7, 2025, and began notifying affected patients and regulators on August 11.
• Fall River Public Schools April 7, 2025 • [ ransomware, data leak ] Fall River Public Schools, Massachusetts, suffered a ransomware attack by the Medusa group that encrypted internal systems and disrupted district operations for several weeks. Attackers demanded $400,000 and claimed to have exfiltrated sensitive data, though the district has not verified theft. Recovery costs exceeded $130,000.
• War & Sanctions Portal April 7, 2025 • [ ddos, state-sponsored, disruption ] On April 7 2025, Ukraines Main Intelligence Directorate (HUR) reported that a large-scale distributed denial-of-service (DDoS) attack targeted the War & Sanctions portal. The attack generated more than 56 million requests in 30 minutes from over 3,700 virtual machines located in at least ten countries, including Russia and China. It was attributed to Russian special services, but no specific agency was identified. The aim was to disrupt access to sanction-related information; the site remained online and suffered no data loss.
• Bremanger Kraft AS April 7, 2025 • [ hacktivism, unauthorized access, industrial control systems ] On April 7 2025, hacktivists accessed a web-exposed control interface for Bremanger Kraft ASs hydroelectric dam in western Norway and opened a valve releasing 500 L/s of water for four hours; no casualties or structural damage reported; Norwegian authorities attributed the incident to pro-Russian hacktivists.
• Toppan Next Tech April 7, 2025 • [ ransomware, data leak, third-party breach ] A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
• Tempo Media Group April 6, 2025 • [ ddos, service disruption ] From April 6 to 10, 2025, Tempo Media Groups news portals (Tempo.co, Tempo English) suffered a large-scale Distributed Denial of Service (DDoS) attack that rendered the sites inaccessible for several days. The disruption followed Tempos investigative reporting on online gambling networks. No data theft or system compromise was reported, and the perpetrators remain unidentified.