Multiple compromised email accounts at second undisclosed US university
October 9, 2025
•[ phishing ]
Credential-phishing campaign diverting university employee salary payments via third-party platforms.
Methodist Homes
October 9, 2025
•[ data leak ]
Law firm Lynch Carpenter announced an investigation tied to a Methodist Homes data breach affecting notified individuals.
Prospect
October 9, 2025
•[ data leak ]
Security incident at Prospect exposed Bectu members personal and bank details.
Multiple compromised email accounts at third undisclosed US university
October 9, 2025
•[ phishing, data leak ]
Credential-phishing on university payroll platforms diverted salary payments.
Simply.com
October 9, 2025
•[ ddos ]
Massive DDoS on DNS affected many customer sites per provider updates.
Francesco Gaetano Caltagirone
October 9, 2025
•[ spyware, espionage, government ]
Report that Graphite spyware was used to spy on the businessman; tool sold to governments.
Chipotle Mexican Grill, Inc.
October 9, 2025
•[ phishing, social engineering, data leak ]
Chipotle Mexican Grill disclosed unauthorized access to employee Workday payroll accounts between October 9 and October 26, 2025. Attackers used phishing and social engineering to access accounts and alter payroll information. State breach notices identified 31 affected employees in Maine and 2 in New Hampshire; the company has not disclosed a nationwide total, and state figures represent only partial reporting.
Williams & Connolly
October 8, 2025
•[ espionage, state-sponsored attack, data leak ]
Breach of U.S. law firm with major political clients linked to Chinese espionage campaign.
Memphis-Shelby County Schools (MSCS)
October 8, 2025
•[ supply chain attack, service disruption ]
Vendor messaging platform breach caused districtwide outage; data impact not indicated.
Undisclosed Croatian Company
October 8, 2025
•[ ransomware ]
Croatian DPA (AZOP) fined a company after a ransomware attack compromised parts of its IT systems.
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
The Information Technology and Cybersecurity Service (STISC)
October 8, 2025
•[ DDoS, government ]
New DDoS attacks against Moldovan government IT infrastructure; some services temporarily unavailable.
London North Eastern Railway
October 8, 2025
•[ data leak, supply chain attack ]
Media report warns LNER customers after supplier breach exposed contact and journey data
Policing Board laptop
October 8, 2025
•[ data leak, stolen hardware ]
A laptop belonging to a staff member of the Northern Ireland Policing Board was stolen from a Belfast city centre pub on October 8, 2025, prompting a data-breach report and a Police Service of Northern Ireland investigation. The rucksack containing the laptop was taken between 5 p.m. and 6 p.m.; a suspect was arrested and charged shortly afterwards. The board says the laptop was immediately decommissioned remotely by IT Assist, other items from the bag were recovered, and there is no identified or residual risk arising from data on the device, but the incident has drawn scrutiny because of previous PSNI data breaches.
Riot Games
October 7, 2025
•[ ddos ]
Record DDoS disrupted major gaming platforms including Steam and Riot Games.
PTOE Corporation
October 7, 2025
•[ website defacement, malware, phishing ]
Company confirmed official website was replaced and redirected to a fraudulent Chinese shopping site serving malware.
Sunweb Group
October 7, 2025
•[ data leak, phishing ]
Data breach exposed customer contact and booking details; agency warned customers to stay vigilant.
Sony Interactive Entertainment (PlayStation Network)
October 7, 2025
•[ account takeover, poor security practices, hacking ]
Hackers compromised a PlayStation Network account belonging to well-known gamer dav1d_123, apparently exploiting weak account protection or internal credential handling by PSN support. The incident revealed deficiencies in Sonys customer-support and account-security processes.
Appalachian Community Federal Credit Union
October 7, 2025
•[ data leak ]
Appalachian Community Federal Credit Union detected unauthorized access to its systems in early October 2025 The institution confirmed a cyber incident involving unauthorized access and data theft and issued breach notifications to affected members including residents of Massachusetts following forensic investigation
