Full List

Search

Recent Breaches

• Adpost February 14, 2025 • [ leak ] In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
• Cocospy & Spyic February 14, 2025 • [ data leak, stalkerware, vulnerability ] Vulnerability allowed unauthenticated access to servers exposing stalkerware customer lists and victims uploaded data.
• Genea February 14, 2025 • [ ransomware, data leak ] Genea suffered a ransomware/data-theft incident attributed to Termite. Attackers had access from Jan 31 and exfiltrated data on Feb 14, prompting days of system disruption. Sensitive patient information was later posted to the dark web.
• Undisclosed Riyadh-based real estate and construction company February 14, 2025 • [ ransomware, data leak ] The DragonForce ransomware group attacked a major Riyadh-based real estate and construction firm, exfiltrating over 6 TB of internal corporate data and encrypting systems as part of a double-extortion campaign. The group demanded ransom payment by February 27, 2025, ahead of Ramadan, and later leaked the stolen data when unpaid.
• U.S. Coast Guard February 14, 2025 • [ data leak ] Coast Guards Direct Access system was breached on 02/14/2025, exposing financial/PII and delaying pay for 1,135 members; system was taken offline while CG Cyber Command & CGIS investigated; offline payments processed and security measures pursued; no attribution yet.
• NioCorp Developments Ltd. February 14, 2025 • [ phishing, Business Email Compromise ] Business email compromise exploiting NioCorps email system to redirect vendor payments; no encryption detected.
• Lake Washington Vascular February 14, 2025 • [ network intrusion ] Provider reported network intrusion; notice filed with Hhs on February twenty-five.
• Vital Imaging Medical Diagnostic Centers February 13, 2025 • [ hack, healthcare ] A hacking incident on 13 Feb 2025 led to unauthorized access to Vital Imagings network, exposing sensitive personal and medical information of approximately 260,000 individuals. Notifications were sent in August 2025, and legal investigations are active.
• Philippine Charity Sweepstakes Office (PCSO) February 13, 2025 • [ data leak, hacktivism, government ] Hacktivist group Philippine Exodus Security claimed responsibility for exfiltrating approximately 100 GB of data from PCSO branch office email accounts in February 2025. While PCSO denied a central database breach, DICT confirmed that unauthorized access to email systems occurred. The group stated its goal was to expose alleged corruption, not to extort funds.
• Included Health February 13, 2025 • [ data leak ] Included Health detected a security incident on Feb 13, 2025; investigation found unauthorized access to sensitive data (names, SSNs, medical record info). Notices were filed and letters sent to affected individuals the same day
• GS Shop February 13, 2025 • [ credential stuffing, data leak ] Credential-stuffing led to extraction of ~1.58M GS Shop customer records (21-06-2024 to 13-02-2025); financial data not affected; GS Retail blocked offending IPs, urged password changes, and launched a security task force.
• Urban One, Inc. February 13, 2025 • [ ransomware, social engineering, data leak ] Ransomware group Cactus gained access to Urban Ones internal HR and payroll servers via social-engineering intrusion beginning February 2025, exfiltrating employee PII and financial data; company confirmed breach and notified affected staff.
• Baltimore City Public Schools February 13, 2025 • [ ransomware, data leak ] The Cloak ransomware group exfiltrated sensitive personal and student data from Baltimore City Public Schools in February 2025. While the attack was ransomware-related, no encryption or service disruption occurred; over 31,000 people were notified of data theft.
• Bell Ambulance February 13, 2025 • [ ransomware, data leak, healthcare ] Bell Ambulance detected a network intrusion on Feb 13, 2025. Medusa ransomware claimed responsibility and data theft; HHS/state filings list ~114,000 impacted.
• The Lovesac Company February 12, 2025 • [ ransomware, leak, retail ] Lovesac confirmed a data breach after a ransomware site listing; letters say attackers accessed internal systems between Feb 12Mar 3, stole PII, and the firm offered 24 months of credit monitoring; RansomHub claimed the attack and threatened leaks; no encryption/service disruption reported.
• zkLend February 12, 2025 • [ smart contract exploit, cryptocurrency theft, defi ] Smart-contract vulnerability exploited in zkLends DeFi protocol allowed unauthorized withdrawal of ~3,600 ETH (~USD 9.5 m); zkLend offered a 10 % white-hat bounty for fund return.
• Doxbin February 12, 2025 • [ data leak ] Hackers compromised Doxbin, locked out admins, deleted accounts, and leaked a database containing user records and a blacklist file.
• Multiple South Korean government and business entities February 12, 2025 • [ phishing, espionage ] Spear-phishing campaign leveraging LNK and PowerShell scripts deployed by North Koreas RGB 3rd Technical Surveillance Bureau (Kimsuky) targeting South Korean government, defense, and cryptocurrency sectors.
• Undisclosed software and services company (South Asia) February 12, 2025 • [ data exfiltration, vulnerability, APT ] A China-linked group known as Emperor Dragonfly exploited a Palo Alto PAN-OS vulnerability (CVE-2024-0012) to compromise an undisclosed medium-sized software and services company in South Asia. The attackers exfiltrated d
• Cistec February 12, 2025 • [ ransomware, healthcare ] Swiss healthcare software vendor reported ransomware; internal systems shut down; rebuilding underway.