Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
McElroy & Associates, Inc.
May 28, 2025
•[ data leak, unauthorized access, HIPAA ]
McElroy & Associates, Inc., a professional services firm operating as a HIPAA-covered healthcare business associate, disclosed unauthorized access to an employee email account occurring between May 28 and May 30, 2025. A forensic investigation determined that personal and protected health information may have been exposed. The company notified affected individuals and regulators; no operational disruption was publicly reported.
Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
Undisclosed organizations in China
May 27, 2025
•[ cyberattacks, espionage ]
China publicly accused individuals allegedly linked to Taiwans military of cyberattacks and espionage against Chinese entities.
Adidas
May 27, 2025
•[ data leak ]
Adidas disclosed that an unauthorized party accessed consumer data via a third-party customer service provider; impacted data is contact information of people who interacted with customer support.
ASVT
May 27, 2025
•[ ddos, hacktivism, service disruption ]
Major DDoS on Russian ISP ASVT disrupted internet for tens of thousands in Moscow; ASVT attributed the attack to the pro-Kyiv IT Army.
York County
May 27, 2025
•[ data leak, third-party ]
County alerted residents to a possible data privacy event involving a vendor.
Murex Petroleum Corporation
May 27, 2025
•[ unauthorized access, data breach, personal information ]
Unauthorized access to Murex Petroleum Corporation systems resulted in the access and acquisition of certain individuals personal information, as disclosed in a regulatory filing with the New Hampshire Department of Justice.
BYOND
May 26, 2025
•[ ddos, extortion ]
BYOND endured a weeks-long DDoS that repeatedly knocked services offline; an extortion note said attacks would stop if BYOND went open-source.
Tiffany & Co.
May 26, 2025
•[ data leak, third-party breach ]
Selected Tiffany Korea customers notified of unauthorized access to a vendor system used for customer data; reporting to date only confirms impact on Korean/Chinese customers and does not indicate EU/US exposure or operational disruption.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Chorna Pista (chernapista.com)
May 25, 2025
•[ ddos, disruption of service ]
From May 25 to May 31, 2025, Bulgarian website chernapista.com and its European hosting infrastructure suffered a massive DDoS campaign lasting six days; access was fully disrupted until mitigation; no data theft or encryption reported; perpetrator identity unconfirmed.
Anchor Industries Inc.
May 25, 2025
•[ ransomware, operational disruption ]
Over Memorial Day weekend 2025, Evansville-based Anchor Industries Inc. suffered a ransomware attack that encrypted manufacturing and administrative systems, causing several days of operational disruption. The company reported no confirmed data theft while restoring systems from backups. The responsible actor remains unidentified.
ColoCrossing
May 24, 2025
•[ leak, misconfiguration, technology ]
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
Kurla-based advertising firm
May 24, 2025
•[ ransomware ]
Mumbais Mid-Day reports a ransomware attack on a Kurla advertising firm: data encrypted, ransom demand of Rs 4.25 lakh in Bitcoin; police complaint filed.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Cetus Protocol
May 23, 2025
•[ cryptocurrency hack, theft, financial loss ]
DApp/DeFi project reported theft of ~$223M in crypto; bounty offered and legal action suspension proposed if funds returned.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
Undisclosed Tajikistan government agencies
May 22, 2025
•[ espionage, phishing, data collection ]
Researchers reported a Russia-aligned espionage campaign targeting Tajik government, academic, and research entities using phishing lures and macro-enabled docs to collect data.
Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
