Undisclosed United States local governments
May 22, 2025
•[ data leak, zero-day exploit ]
Exfiltration via now-patched Trimble Cityworks zero-day; multiple U.S. local governments breached.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Keir Giles (UK academic)
May 22, 2025
•[ social engineering, phishing, data leak ]
Targeted social-engineering campaign impersonating U.S. State Department tricked Keir Giles into generating app-specific passwords, allowing a nation-state actor to access his Gmail account data stored on Google servers; no evidence of intrusion into affiliated institutional networks.
Independent film makers
May 21, 2025
•[ espionage, malware, government ]
While detained in May 2025, filmmakers phones were allegedly infected with FlexiSPY; forensic analysis ties installation to police custody (May 21). Devices were returned July 10. CPJ/Citizen Lab publicly detailed findings on Sept 1012; The Standard reported the allegations Sept 10.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
SYZEFXIS
May 21, 2025
•[ ddos ]
Karfitsa reported a large DDoS targeting Greeces SYZEFXIS public administration network, causing temporary access issues before services were restored the same morning.
Conseil départemental des Hauts-de-Seine
May 20, 2025
•[ ransomware ]
French outlets reported a massive cyberattack that paralyzed the Hauts-de-Seine departments systems, consistent with a large-scale ransomware-style disruption; restoration efforts continued into the following day.
Federal Tax Service
May 20, 2025
•[ ddos, service disruption ]
Access to several major Russian state services was disrupted in a DDoS attack reported as originating from abroad; outage trackers showed issues across tax and digital key/document services.
Peter Green Chilled
May 20, 2025
•[ ransomware ]
Transport supplier to major UK supermarkets (Tesco, Aldi, Sainsburys) reported a cyberattack accompanied by a ransom demand. While no gang was named and encryption wasnt explicitly confirmed, the described impact and BBC-seen ransom note indicate an encryption-driven incident; the firm issued frequent client updates and enacted delivery workarounds to mitigate waste.
SBIS corporate accounting service
May 20, 2025
•[ ddos, service disruption ]
BFM reported a mass foreign DDoS on SBIS on May 20 causing widespread service issues across websites and mobile apps before mitigation.
Bradford Health Services
May 20, 2025
•[ data leak ]
Provider disclosed a data security incident; investigation concluded May 15, 2025 that multiple categories of PHI/PII may have been affected; notices and credit monitoring offered.
Arla Foods
May 19, 2025
•[ cyberattack ]
Arla confirmed a cyberattack that disrupted production and caused delivery delays while affected systems were isolated and restored.
Morgan County 911
May 19, 2025
•[ ransomware ]
Morgan County 911 reported a cyber issue affecting administrative systems; core dispatch, CAD, and radio services were not impacted while security measures were increased.
Fasana GmbH
May 19, 2025
•[ ransomware ]
German napkin manufacturer Fasana GmbH suffered a ransomware attack beginning May 19, 2025. All internal systems, including printers and servers, were encrypted, halting production and order processing. The company reported losses of around 2 million within two weeks and subsequently filed for insolvency. No group has claimed responsibility, and no data leak has been confirmed.
Union County (Ohio) government / county systems
May 18, 2025
•[ ransomware, malware, government ]
A ransomware attack on Union County, Ohios public administration systems led to both encryption and data exfiltration. Data was stolen from internal government databases containing personal, financial, and biometric records of 45,487 individuals. Approximately 12 systems were encrypted, causing partial disruption for several days. No ransomware group has claimed responsibility.
MathWorks
May 18, 2025
•[ ransomware ]
MathWorks confirmed a ransomware attack starting May 18 that disrupted customer-facing services; the firm reported containment, FBI notification, and restoration of services by early June.
Arthur Ashe Institute for Urban Health Inc.
May 18, 2025
•[ unauthorized access, personally identifiable information, health information ]
Unauthorized access to systems at Arthur Ashe Institute for Urban Health Inc. between April 4 and May 18, 2025 may have exposed personally identifiable and health information according to breach notifications.
Chief Electoral Officer – West Bengal
May 17, 2025
•[ data breach, insider threat, unauthorized access ]
A security breach led to deletion of at least 1,000 voters from the electoral roll in a West Bengal assembly constituency; subsequent reports cited misuse of AERO credentials.
Columbia University IT Systems
May 16, 2025
•[ leak, education ]
An unauthorized actor gained access to university systems on May 16, 2025, and exfiltrated approximately 460GB of sensitive personal, financial, and health data following an IT outage; patient records from the medical center were unaffected; notifications are underway
