Full List

Search

Recent Breaches

• Assaf Harofeh Medical Center October 1, 2025 • [ extortion, data leak, healthcare ] Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
• Kaufman County October 1, 2025 • [ data leak, identity theft, government ] A letter dated Oct 1 states personal data in Kaufman County systems may have been accessed; residents received 24 months of credit monitoring. This disclosure came three weeks before a second October incident, indicating repeated compromise pressure against the countys environment and elevating identity-theft risk even where misuse is not yet observed.
• Multiple banks October 1, 2025 • [ jackpotting, physical compromise ] Report headline describes ATM jackpotting activity in Baton Rouge; specific victim bank(s) and loss amounts not accessible; likely cash-out via logical/physical compromise of ATMs.
• Georgetown Brewing Co. October 1, 2025 • [ data leak ] Class-action notice cites brewerys disclosure of a cybersecurity incident impacting nearly twenty thousand people with PII; vector not detailed.
• Jennings O'Donovan October 1, 2025 • [ data leak ] Engineering firm Jennings O'Donovan in County Sligo, Ireland experienced unauthorized access to part of its IT system used for the governments defective block grant scheme. The intrusion occurred in early October 2025 and potentially exposed personal data of roughly 861 applicants, while financial systems remained secure. Authorities consider it consistent with financially motivated criminal activity.
• Merkle, Inc. (Dentsu Group) October 1, 2025 • [ data leak, ransomware ] Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
• Canadian water facility October 1, 2025 • [ hacktivism, critical infrastructure, industrial control system ] Hacktivists tampered with water-pressure valves at a Canadian water facility, degrading water service to the local community; actions intended to draw attention to activist causes.
• Undisclosed Canadian oil & gas company October 1, 2025 • [ hacktivism, operational technology ] Hacktivists manipulated an automated tank gauge system at a Canadian oil & gas company, triggering erroneous alarms; no injuries or physical damage reported.
• Kansas City National Security Campus network October 1, 2025 • [ vulnerability exploitation, espionage, nation-state actor ] CSO reports KCNSC (NNSA nuclear components plant) was infiltrated via unpatched on-prem SharePoint. Microsoft tied the wider wave to China-linked actors, while a KCNSC source suggested a Russian group; DOE later said the department was minimally impacted. Primary effect: covert access/collection, not OT disruption.
• Undisclosed Canadian farm October 1, 2025 • [ Hacktivism, Sabotage, Operational Technology (OT) ] Hacktivists manipulated temperature and humidity parameters in a grain-drying silo at a Canadian farm, creating unsafe conditions that were detected and mitigated before damage occurred.
• WhatsApp users in Bijnor, Uttar Pradesh October 1, 2025 • [ malware, phishing, data leak ] Several WhatsApp users in Bijnor, Uttar Pradesh had their Android phones compromised after downloading a fake wedding invitation via WhatsApp. The malware granted remote access, exposing personal messages, photos, and financial app data. Victims filed complaints with the Bijnor Cyber Crime Police Station; authorities believe multiple individuals across the district were affected.
• Gcore October 1, 2025 • [ DDoS attack, botnet, volumetric flood ] Technology site CDR.cz and an underlying TechRadar report describe how gaming hosting and cloud provider Gcore was hit in October 2025 by one of the largest DDoS attacks ever recorded, a so called short burst volumetric flood that generated roughly 6 terabits per second of traffic and about 5.3 billion packets per second over 30 to 45 seconds. Analysis attributed the event to the AISURU botnet, with more than half of the malicious traffic sourced from Brazil and about a quarter from the United States, suggesting widespread abuse of poorly secured systems in those regions. Gcore stated that its globally distributed DDoS protection network, with over 210 points of presence and more than 200 terabits per second of filtering capacity, absorbed the attack and kept services online, but security experts warned that such brief, intense
• Anne Helen Petersen's Substack account October 1, 2025 • [ phishing, account takeover, impersonation ] Former Buzzfeed journalist Anne Helen Petersen received a phishing email that imitated a security alert from Substack, warning that her ability to send emails would be frozen unless she verified her account. After she responded, attackers captured her credentials and gained unauthorized access to her Culture Study Substack newsletter and podcast account, which has more than 25,000 followers. The intruders changed the newsletters name to impersonate cryptocurrency wallet company Trezor and added thousands of new email addresses to the mailing list, hijacking her distribution channel to push a crypto-related scam through her audience.
• GlobalLogic October 1, 2025 • [ ransomware, data leak, extortion ] cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
• Undisclosed Uzbekistan organization October 1, 2025 • [ nation-state, phishing, malware ] A nation-state actor known as Bloody Wolf expanded operations to Uzbekistan using geofenced spearphishing delivering malicious JAR loaders that installed NetSupport RAT for persistent access; no data theft was reported.
• Undisclosed Nigerian Telecom Firm October 1, 2025 • [ cyber-enabled fraud, unauthorized access, billing system breach ] The Nigeria Police uncovered a cyber-enabled fraud involving unlawful access to a telecom operators billing system, leading to ?7.7bn in diverted airtime and data; six suspects arrested.
• At least one official in Ukraine's Defense Forces October 1, 2025 • [ phishing, malware, backdoor ] BleepingComputer reported that officials of Ukraines Defense Forces were targeted in a charity-themed operation between October and December 2025 that delivered a backdoor malware family called PluggyApe. CERT-UA assessed the activity as likely linked to the Russian-aligned threat group known as Void Blizzard (also referred to as Laundry Bear), with medium confidence in attribution. The infection chain described begins with instant messages over Signal or WhatsApp directing targets to a purported charity website and prompting them to download a password-protected archive containing documents, which then leads to backdoor execution and follow-on access for information theft. The report focuses on the campaigns TTPs and targeting rather than publishing a confirmed list of compromised entities.
• Substack October 1, 2025 • [ phishing, data leak, unauthorized access ] Substack notified users of a data breach after it identified evidence on February 3, 2026 that an unauthorized third party accessed limited user data in October 2025. Substack stated that credit card numbers, passwords, and financial information were not accessed. The company did not disclose how access was obtained, but said it fixed the system issue that enabled it and warned users to be cautious of phishing. Reporting cited a database allegedly containing 697,313 records posted to a hacking forum, consistent with exposure of emails, phone numbers, and internal account metadata.
• At least one organization in Southeast Asia October 1, 2025 • [ espionage, APT activity, vulnerability exploitation ] BleepingComputer summarized Check Point research on a newly tracked actor Amaranth Dragon, linked to China-aligned APT activity, which exploited WinRAR CVE-2025-8088 in espionage operations against government and law enforcement entities in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines. The actor used geofenced infrastructure and a custom loader to deliver encrypted payloads (including Havoc and a newer TGAmaranth RAT using Telegram for C2). Because the article is campaign/threat-research reporting without a discrete, named victim event record and bounded impacts, event_type and event_subtype are coded as NA for CED incident purposes.
• Ministry of Higher Education, Research and Space (Parcoursup data-management module) October 1, 2025 • [ unauthorized access, credential compromise, data leak ] Fraudulent access using legitimate credentials to a Parcoursup data-management module for the Occitanie academic region in October 2025 resulted in unauthorized exfiltration of personal data for about 705,000 candidates from the 2023 and 2025 sessions.