Berkeley Research Group
March 1, 2025
•[ ransomware, data leak ]
BRG suffered a ransomware intrusion detected in March 2025 that led to data theft and encryption activity. Subsequent disclosures and DOJ statements indicate exposure of sensitive information relating to survivors involved in multiple Catholic diocesan bankruptcy cases; the firm engaged external responders and notified affected parties.
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
An Giang Central General Hospital
March 1, 2025
•[ ransomware ]
Hackers encrypted the virtualized server system of An Giang Central General Hospital, halting all operations and forcing a switch to manual recordkeeping; no data exfiltration was reported.
Undisclosed Myanmar government organization
March 1, 2025
•[ state-sponsored attack, malware, rootkit ]
Chinese state-linked threat actors deployed a kernel-mode rootkit to conceal ToneShell malware on systems belonging to a Myanmar government organization, enabling stealthy persistent access.
Undisclosed Thailand government organization
March 1, 2025
•[ malware ]
Researchers identified the use of a signed kernel-mode driver to hide ToneShell malware activity on systems of a Thai government organization, allowing covert long-term access.
Missouri Department of Conservation
February 28, 2025
•[ data leak, hipaa breach ]
Missouri Department of Conservation reported suspicious cybersecurity activity on February 28, 2025. Forensic investigation found that a threat actor accessed internal servers containing employee and former employee health-plan data. The agency confirmed that files with HIPAA-protected information were exposed but not encrypted. No operational disruption occurred.
French Institutional Websites
February 28, 2025
•[ ddos, hacktivism ]
Pro-Russian group launched coordinated ddos waves against multiple French targets.
Real Academia Española
February 28, 2025
•[ ransomware ]
Spains language academy confirmed a ransomware attack affecting its systems.
Whitman Hospital & Medical Clinics
February 28, 2025
•[ ransomware ]
Hospital Reported Internal Electronic Systems Down Following Cyberattack; Care Continued With Delays.
Serbian Student Activist
February 28, 2025
•[ vulnerability, zero-day, surveillance ]
Amnesty reported Cellebrite zero-day used to unlock Serbian activists Android device.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
Central New York Cardiology
February 27, 2025
•[ data leak, healthcare ]
Practice reported a data breach impacting extensive patient PHI/PII per public notice.
Angel One Ltd.
February 27, 2025
•[ unauthorized access, data leak ]
Indian stock brokerage Angel One disclosed on February 27, 2025, that unauthorized actors accessed some of its Amazon Web Services (AWS) resources following a dark web alert. The company confirmed exposure of limited client information but no compromise of funds or credentials. Investigation and containment measures were initiated immediately.
Las Cruces-based organization
February 27, 2025
•[ data leak ]
Article reports a Las Cruces organization disclosed a data breach involving health information; specific systems and counts not provided in accessible copy.
Ally Financial
February 27, 2025
•[ data leak ]
Class action alleges a data breach at Ally Financial exposed personal data of ~4.2M customers; litigation filed Feb 2025.
Comune di Perugia
February 27, 2025
•[ ddos ]
DDoS took the city website offline briefly; operations continued; no theft of information reported.
NorthWest Arkansas Community College
February 27, 2025
•[ data leak ]
NWACC began mailing letters indicating personal information may have been affected; incident under review and notifications ongoing.
DermCare Management (practice management company)
February 26, 2025
•[ hack, healthcare ]
Attack identified Feb 26, 2025; investigation confirmed Mar 3 that patient data may have been copied from DermCares network. At least 10 affiliated dermatology practices (mainly FL, plus TX) issued substitute notices; totals still being determined.
State information resources (Azerbaijan)
February 26, 2025
•[ ddos ]
Special Service reported massive DDoS on state resources; mitigation by filtering malicious traffic may temporarily block real IPs.
Balkan Investigative Reporting Network Journalists
February 26, 2025
•[ spyware, phishing, targeted attack ]
Amnesty reported two Serbian journalists targeted with Pegasus spyware via one-click links.
