Multiple Indian websites
May 13, 2025
•[ cyberattack, hacktivism ]
Maharashtra Cyber/press reports said Pakistan-allied hackers launched ~1.5 million attacks with ~150 successes.
Central Coalfields Limited
May 13, 2025
•[ website defacement, service disruption ]
Indian media reported a breach at Coal India subsidiary CCL with a defacement message left on the official site and disruption while systems were secured. Officials worked to restore functionality.
Tiffany & Co
May 12, 2025
•[ leak, retail ]
Tiffany determined on 09/09/2025 that an unauthorized party accessed gift cardrelated customer data from an incident occurring ~05/12/2025; 2,590 customers affected; exposed data include PII and gift card number + PIN; separate earlier Korea/vendor incident noted but relation unclear.
Service public de Wallonie
May 12, 2025
•[ government, unknown ]
Belgian media reported a cyberattaque at SPW but authorities said the attackers objective is unknown and there was no evidence of massive data exfiltration at the time.
Kerala State Film Development Corporation (KSFDC)
May 12, 2025
•[ data leak, insider threat, surveillance ]
Reporting described a major cybersecurity breach in which CCTV footage recorded inside government-owned theatres in Thiruvananthapuram (Kairali, Sree, and Nila) appeared on pornographic websites and then spread via Telegram/X and other channels. The leaked clips visibly displayed the KSFDC logo on seats, strongly indicating the source. Authorities opened a high-level inquiry and a cyber-cell investigation, with officials considering possibilities including insider misuse by staff with access to surveillance systems or an external intrusion into the CCTV network. No specific perpetrator, intrusion method, or exact timeframe for initial compromise was provided, but the incident resulted in non-consensual exposure of surveillance video of patrons.
Rochester Public School listserv
May 12, 2025
•[ misconfiguration, insider threat, email abuse ]
Rochester School District officials reported that students and staff were bombarded with sexually explicit and threatening emails after a student exploited a misconfiguration in an email distribution list. The distribution list had been inadvertently configured with broader permissions than intended, allowing a student to send an unauthorized mass message to a large number of student accounts across grade levels. The districts technology team worked to identify the source, recall the messages, and correct the permission setting; students were then blocked from sending to distribution groups. The incident primarily affected communications integrity and student safety, rather than causing extended operational downtime.
RTCG portal
May 12, 2025
•[ ddos ]
RTCG reported its news portal was hit by a series of DDoS attacks that made the site unavailable to users for a period during the evening. RTCG technical teams worked to repel the attacks so the portal could return online. The report characterized this as part of a broader pattern of attacks against the public broadcasters online services in recent years. No data theft was reported; the impact described was temporary loss of availability.
Government of India websites
May 10, 2025
•[ cyberattack ]
Maharashtra Cyber reported cross-border attempts to target Indian government websites amid tensions.
Anchorage Neighborhood Health Center
May 9, 2025
•[ leak, healthcare ]
Anonymous group claims theft of ANHC patient records (10k, later 60k); FBI aware; at least one patient contacted with personal data. ANHC initiated investigation and took systems offline; scope/details pending.
SonicWall
May 9, 2025
•[ hack, brute-force, technology ]
Threat actors brute-forced the MySonicWall portal and accessed cloud backup firewall preference files for a subset of customers (<5%). SonicWall terminated access, issued Essential Credential Reset guidance, and involved law enforcement. Risk centers on reuse of secrets/config intelligence for follow-on compromises.
Unnamed U.S. Banking Organization
May 9, 2025
•[ social, misconfiguration, finance ]
ReliaQuest links Scattered Spider to renewed activity against U.S. financial services, including a bank intrusion achieved via social engineering + Azure AD SSPR, followed by lateral movement (Citrix/VPN), ESXi compromise, and cloud data access attempts (Snowflake/AWS).
Undisclosed U.S. government agency (reported as “Department of Government Efficiency”)
May 8, 2025
•[ infostealer, malware, credential leak ]
Ars Technica reports a government software engineers workstation was infected with info-stealing malware, with login credentials appearing in multiple stealer-log dumps since 2023; investigation centers on credential exposure rather than confirmed enterprise compromise.
BitoPro Exchange
May 8, 2025
•[ cryptocurrency theft, unauthorized access, money laundering ]
Unauthorized access on May 8 2025 to BitoPro exchange hot wallets resulted in theft of about NT$345 million (US$11.5 million) in cryptocurrency; funds laundered via Tornado Cash, Thorchain, and Wasabi; attribution linked to North Koreas Lazarus Group (APT38); no operational disruption reported.
Outwood Academy Acklam
May 8, 2025
•[ data leak ]
Local reporting says the Middlesbrough school notified families on May 8 of a breach affecting parent information; letters indicated personal details were accessed and the school engaged with authorities.
Undisclosed Japan/Taiwan public institutions
May 8, 2025
•[ government, cyberattack campaign ]
The linked Asahi AJW page is blocked by robots; relying on parallel reporting, this is a campaign/technique article (no discrete victim outcome to code as an event).
Methodist Homes of Alabama and Northwest Florida
May 8, 2025
•[ data breach, investigation, legal investigation ]
Law firm Lynch Carpenter announced an investigation tied to a Methodist Homes data breach affecting notified individuals.
Undisclosed U.S. government agency (reported as “Department of Government Efficiencyâ€Â)
May 8, 2025
•[ malware, infostealer, credential theft ]
Ars Technica reports a government software engineers workstation was infected with info-stealing malware, with login credentials appearing in multiple stealer-log dumps since 2023; investigation centers on credential exposure rather than confirmed enterprise compromise.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
South African Airways
May 7, 2025
•[ cyberattack, service disruption ]
SAA reported a cyberattack that temporarily disrupted its website, mobile app, and multiple internal operational systems; containment actions minimized impact on core flight operations.
Ualabee
May 6, 2025
•[ leak, misconfiguration, technology ]
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
