Farmer Bros Co.
March 6, 2025
•[ ransomware, data leak ]
Farmer Bros Co., a Texas-based coffee and foodservice manufacturer, experienced a ransomware attack beginning March 6 2025 that encrypted portions of its administrative network and exposed personal data of 14,460 individuals. FalconFeeds.io reported on June 23 2025 that the Chaos ransomware group claimed responsibility via its leak site; the company has not independently confirmed this attribution.
Goosehead Insurance Agency, LLC
March 6, 2025
•[ data leak ]
Between March 613 2025 an unauthorized third party accessed and copied files from Gooseheads network environment; Goosehead began investigation and later mailed breach notices in October 2025. Some open-source posts attributed the incident to a group calling itself CHAOS and claimed ~300 GB exfiltrated, but that actor attribution and total volume remain unconfirmed by Goosehead.
Toronto Zoo
March 5, 2025
•[ data leak, cyberattack ]
Zoo reported cyberattack with decades of visitor data stolen and leaked.
Czech Building Authority It System
March 5, 2025
•[ cyberattack, government ]
Authorities reported likely cyberattack impacting online system for building offices.
United Arab Emirates Government Entities
March 4, 2025
•[ malware, backdoor ]
Researchers reported Sosano backdoor used against UAE aviation and transport organizations.
MainStreet Bank (via third-party vendor)
March 4, 2025
•[ data leak, third-party breach ]
MainStreet Bancshares (Nasdaq: MNSB & MNSBP), the financial holding company behind MainStreet Bank, has disclosed a data breach impacting some of its customers.
Beeline
March 3, 2025
•[ ddos, service disruption ]
Targeted DDoS disrupted Beeline internet services across parts of Russia.
Penn-Harris-Madison School Corporation
March 3, 2025
•[ ransomware ]
Indiana school district reported ransomware network breach and service interruptions.
Rackray
March 3, 2025
•[ ransomware ]
Lithuanian data center provider suffered ransomware disrupting public cloud services
Amherst College
March 3, 2025
•[ data leak ]
Amherst College disclosed unauthorized access to its email and payroll system. The college initiated an investigation with third-party cybersecurity experts, confirming on March 3 2025 that an unauthorized party had viewed and possibly copied sensitive personal information. Compromised data included employee names and Social Security numbers. The college notified the Massachusetts Attorney General and affected individuals on March 28 2025.
Polish Space Agency (Polsa)
March 2, 2025
•[ cyberattack, network intrusion, service disruption ]
The Polish Space Agency (POLSA) went offline after detecting a cyberattack that forced it to disconnect its internal network from the internet to contain the incident. National cybersecurity teams, including CSIRT NASK and CSIRT MON, were engaged to assist in investigating and restoring operations. While POLSA did not disclose specific details, internal sources suggested that email systems were compromised. As a member of the European Space Agency, POLSA temporarily suspended several digital services while ensuring containment, system recovery, and investigation into potential espionage or disruption motives behind the attack.
Orthopaedic Specialists of Connecticut
March 2, 2025
•[ data leak, unauthorized access, personally identifiable information ]
Names, dates of birth, Social Security numbers, insurance and medical information for 22,541 individuals were exposed after an unauthorized third party accessed the practices network on March 2, 2025, per the provider notice and HHS filing.
Multiple U.S. Targets (Law Firms, SaaS, Tech Firms)
March 1, 2025
•[ espionage, malware, technology ]
Chinese APT UNC5221 deployed the BRICKSTORM backdoor to infiltrate U.S. law firms and SaaS providers for intelligence collection. Campaign active from March through September 2025.
Multiple U.K. Targets (Professional Services, Law Firms)
March 1, 2025
•[ espionage, technology ]
UNC5221 targeted British professional-services firms for espionage, part of the broader BRICKSTORM campaign observed globally in 2025.
Multiple Netherlands Targets (BPO, MSP Providers)
March 1, 2025
•[ espionage, technology ]
UNC5221 compromised Netherlands-based BPO and MSP providers to gain secondary access to client environments; activity attributed to Chinese cyber-espionage operations.
Multiple German Targets (Corporate Legal, Professional Services)
March 1, 2025
•[ espionage, technology ]
German professional-services and corporate-law entities were likely compromised by UNC5221 during the 2025 BRICKSTORM espionage campaign exploiting Ivanti edge devices.
Singapore Cloud / Hosting Providers
March 1, 2025
•[ espionage, technology ]
UNC5221 leveraged Singapore hosting infrastructure for staging and potential local access during the 2025 BRICKSTORM campaign; targeting aligns with Chinese state-linked espionage.
Multiple Japanese Targets (MSPs, Cloud Partners)
March 1, 2025
•[ espionage, technology ]
UNC5221 activity included compromises of Japanese managed-service providers as part of the BRICKSTORM espionage operation active in 2025.
National Presto Industries
March 1, 2025
•[ ransomware, data leak ]
National Presto Industries disclosed a cybersecurity incident on March 6 2025 after the Interlock ransomware group claimed responsibility for an attack on March 1 2025. The company confirmed operational disruptions affecting manufacturing, shipping, and back-office systems. Interlock claimed to have stolen approximately 3 million files across about 450,000 folders from a subsidiary, though the company has not verified the data theft. No encryption has been confirmed in company statements or reporting.
Digital Realty
March 1, 2025
•[ state-sponsored attack, espionage, vulnerability exploit ]
The Ministry of State Security (MSS)linked group Salt Typhoon infiltrated Digital Realty and other data-center operators in early 2025 by exploiting vulnerabilities in network-appliance infrastructure and stolen credentials. Microsoft attributed the campaign to PRC state-sponsored espionage targeting Western critical-infrastructure providers.
