Leonardo S.p.A.
February 21, 2025
•[ ddos, hacktivism ]
Pro-Russian hacktivist group NoName057(16) launched DDoS attacks against multiple Italian entities; on Feb 21, 2025 (Day 5) several sites including Leonardo and Edison were unreachable. ACN provided support and mitigation guidance; no data theft reported.
Italian Banks
February 21, 2025
•[ ddos, hacktivism ]
ProRussia hacktivist group NoName057 launched DDoS attacks against Italian banks (Mediobanca, Nexi, Intesa, Monte dei Paschi) in retaliation for statements by the Italian president; no significant disruption according to national cybersecurity agency
Bybit
February 21, 2025
•[ data leak ]
Bybit disclosed major security breach; services restored and recovery efforts reported shortly after.
CarMoney
February 21, 2025
•[ hacktivism, data leak, unverified ]
On February 21 2025, the hacktivist group Ukrainian Cyber Alliance claimed responsibility for a cyberattack on Russian vehicle-loan firm CarMoney. The group stated it destroyed digital infrastructure and exfiltrated terabytes of borrower data, including information tied to Russian military and intelligence officers. CarMoney confirmed shutting down all systems but denied any personal data compromise. No encryption or verified data leak has been independently confirmed.
Cumberland County Hospital
February 21, 2025
•[ data leak ]
Unauthorized access between Feb 21 Apr 3 2025 to hospital file servers outside the EMR system exposed personal and medical data of about 36 k patients and employees; no operational disruption reported; public disclosure Jun 2 2025.
Oracle Health
February 20, 2025
•[ data leak, compromised credentials, healthcare ]
A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
HCRG Care Group
February 20, 2025
•[ ransomware, data leak ]
Medusa ransomware group claimed theft of ~2.275 TB from HCRG and demanded $2m by Feb 27, leaking sample files; HCRG says containment measures are in place and services remain operational; reports indicate exposure of sensitive medical, personal and financial records
City of Jasper
February 20, 2025
•[ unauthorized access, government ]
Unauthorized access identified around Feb 20; no evidence of citizen/employee personal data access; services largely unaffected.
the private provider (contractor) supplying NHS services
February 20, 2025
•[ ransomware, data leak ]
A private provider serving the NHS was hit by ransomware, disrupting network operations and potentially exposing patient or internal data, causing service interruptions in NHS operations dependent on it.
Supreme Administrative Court of Bulgaria
February 20, 2025
•[ ransomware, data leak ]
RansomHouse used White Rabbit ransomware against Bulgarias Supreme Administrative Court on Jan 27, encrypting ~140 computers; group posted employee-related files as proof of data theft. Court remained operational via paper processes; investigation into data leakage ongoing.
Intellihartx, LLC (vendor for Arkansas Heart Hospital LLC)
February 20, 2025
•[ data leak, third-party breach ]
Intellihartx, LLC, a healthcare revenue-cycle and patient engagement vendor for Arkansas Heart Hospital, reported that unauthorized actors accessed and exfiltrated files from its systems between January 22 and February 20 2025. The vendors Maine Attorney General notice states 1,674,294 individuals were affected across its clients. Exposed data included names, Social Security numbers, dates of birth, contact information, and medical and insurance details for patients linked to Arkansas Heart Hospital.
Local media outlets in Azerbaijan
February 20, 2025
•[ targeted attack, data destruction, state-sponsored attack ]
Azerbaijans parliament commission head said APT29/Cozy Bear was behind a Feb 20 cyberattack that targeted internal servers at Baku TV and spread to other outlets, aiming to disrupt media infrastructure and alter/delete information; officials framed motive as retaliation over Russia-related media actions.
Commvault
February 20, 2025
•[ vulnerability, unauthorized access ]
A zero-day vulnerability (CVE-2025-3928) in Commvaults cloud backup platform was exploited, allowing unauthorized access to internal systems and credentials. Commvault stated that customer backup data was not impacted, and no data theft has been confirmed.
Raymond Lifestyle Ltd
February 20, 2025
•[ ransomware ]
Raymond reported a cybersecurity incident on Feb 20, 2025 that impacted some IT assets. In its Q4 FY25 results on May 13, the firm cited the ransomware attack and weak demand as factors weighing on total income and profit, indicating a disruptive event without confirmed exfiltration details.
Pulmonary Physicians Of South Florida
February 19, 2025
•[ ransomware, data leak ]
Ransomware Group Listed Provider And Posted Screenshots Suggesting Patient Records Exposure.
Freddie Mac
February 19, 2025
•[ data leak, personally identifiable information ]
Breach notice filed with Massachusetts AG on Feb 19, 2025; unauthorized access to files containing consumers SSNs.
Resort Data Processing
February 19, 2025
•[ data breach, hospitality ]
Hospitality PMS vendor mailed breach letters on March 20, 2025 after cyber incident.
Ministry for Enterprise and “Made in Italy”
February 18, 2025
•[ ddos, hacktivism, government ]
Pro-Russian hacktivist group NoName057(16) claimed coordinated DDoS attacks against Italian ministries and companies, causing brief service disruptions but no data compromise; politically motivated; mitigated by authorities over several days.
Multiple companies in Italy
February 18, 2025
•[ ddos, hacktivism ]
Attack by proRussian hackers Noname057 via DDoS on ~20 important Italian web portals, politically motivated.
Cardex
February 18, 2025
•[ vulnerability, theft, data leak ]
Abstract reported a session key vulnerability in Cardex that allowed an attacker to perform unauthorized transactions and drain funds from thousands of wallets.
