Logius (DigiD national login service)
November 19, 2025
•[ denial of service ]
On November 19, 2025, Dutch digital identity service DigiD was again targeted by a distributed denial-of-service attack. According to Logius, the agency responsible for DigiD, the attack caused intermittent login failures for users during the morning, with a peak in problems around 11:00 before the situation gradually improved as defenses took effect. Officials advised users to wait or try again later while mitigation was ongoing and said they did not yet know who was behind the attack. The incident followed multiple earlier cyberattacks on DigiD in the same year, highlighting persistent targeting of critical e-government authentication services.
An undisclosed company in Pakistan
November 19, 2025
•[ threat actor collaboration, shared infrastructure ]
Gen Threat Labs published research describing evidence of rare coordination and shared infrastructure between Russia-aligned Gamaredon and North Koreas Lazarus.
City of Leavenworth (Kansas)
November 19, 2025
•[ cyberattack, network outage, ransomware ]
DataBreaches reported that Leavenworth, Kansas officials said a cyberattack caused a network outage on November 19, 2025 after computer and phone systems began failing late that morning. The city brought in outside IT experts and later confirmed on November 25 that the disruption stemmed from a cyberattack on the municipal internal network. As of the December 8 report, impacts were still ongoing for invoicing, permitting, and hiring systems, while emergency services were reported unaffected, and no ransomware or extortion group had publicly claimed responsibility.
Doctor Alliance LLC
November 18, 2025
•[ ransomware, data leak ]
Ransomware actor Kazu again compromised Dallas-based healthcare document and billing platform Doctor Alliance, exploiting an unpatched vulnerability and reused admin credentials to access a high-privilege account and steal nearly 1.27 TB of medical documents and related files affecting potentially more than a million patients; the firm has acknowledged unauthorized access to at least one client account and faces multiple federal class actions while still providing limited public transparency.
Harvard University
November 18, 2025
•[ phishing, vishing, data leak ]
Harvard University reported that a voice-phishing attack against Alumni Affairs and Development staff on November 18, 2025 led to unauthorized access to its AAD information systems, exposing contact details, fundraising records and event data for alumni, donors, parents, some students and some faculty and staff; the university locked out the intruder, notified affected individuals beginning November 22, and is working with law enforcement and incident response specialists.
Coupang
November 18, 2025
•[ data leak, phishing ]
South Korean e-commerce firm Coupang reported that an unauthorized third party accessed a customer database and exfiltrated personal information on about 4,500 users. Exposed fields included names, contact details, shipping addresses, and information about recent purchases, raising the risk of targeted phishing and fraud using order history. Coupang says it blocked the intruders access as soon as the breach was detected and has notified regulators and customers while monitoring for signs of misuse of the stolen data.
Eurofiber France
November 17, 2025
•[ data leak ]
Eurofiber France confirmed that an unauthorized party accessed a customer account system and that verified customer data was offered for sale online; the company reported exposure of contact and account information but no operational disruption or compromise of passwords or payment data.
Government of Kenya
November 17, 2025
•[ denial of service, defacement ]
Kenyan government websites were the target of cyber attacks promoting white supremacist messages. On November 17, 2025, multiple critical e-government websites in Kenya were made unserviceable by a self-proclaimed hacking group, PCP@Kenya [2]. When users attempted to access these web pages, they would be greeted with denied access, white supremacist messages, and credit to the mentioned group. All government sites are now operational again, just one day after the initial attacks took place.
Venstre
November 17, 2025
•[ ddos, hacktivism, political ]
A DDoS attack attributed to NoName057(16) temporarily disrupted Venstres website on the eve of Denmarks municipal and regional elections.
Socialdemokratiet
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Social Democrats website on the eve of Denmarks municipal and regional elections.
Det Konservative Folkeparti
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Conservative Peoples Party website ahead of Danish local and regional elections.
Danmarksdemokraterne
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Denmark Democrats website on the eve of Danish municipal and regional elections.
The Copenhagen Post
November 17, 2025
•[ ddos, hacktivism, denial-of-service ]
A DDoS attack attributed to NoName057(16) temporarily disrupted The Copenhagen Posts website during coordinated attacks on Danish political organizations.
Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
Under Armour
November 17, 2025
•[ ransomware, data leak ]
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
Detmold Public Utilities
November 16, 2025
•[ ransomware, data leak ]
A ransomware attack against Stadtwerke Detmold forced the municipal utility to shut down its IT infrastructure, leaving the company largely unreachable by phone or email and knocking out online customer portals and related services. Multiple affiliated business units, including energy and public transport operations, were impacted in their back-office systems, though the delivery of electricity, gas, water, and district heating reportedly continued. Police cybercrime teams and external specialists were engaged to stabilize systems, analyze the intrusion, and determine whether customer data was accessed.
Grenoble École de Management
November 15, 2025
•[ data leak ]
Threat actors claimed access to and sale of a large CRM dataset associated with the institution, which the school acknowledged and began investigating.
CodeStepByStep
November 15, 2025
•[ data leak ]
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
CodeStepByStep
November 15, 2025
•[ data leak ]
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.
Petrobras
November 14, 2025
•[ ransomware, data leak ]
Everest ransomware group listed Petrobras and exploration partner SAExploration on its leak site and claims it stole a large seismic survey database with detailed technical information from Petrobras surveys and Campos Basin projects while threatening further action if the company does not contact the group
