Trumbull County Recorder’s Office
November 14, 2025
•[ ransomware, data leak, supply chain attack ]
Trumbull County, Ohio reported that a ransomware attack on its third-party vendor C Systems Software led to a security breach affecting systems used for real-estate recordings and property records. County officials said they were alerted around November 14, 2025, and, with help from Ohio Homeland Security and external cybersecurity firm GuidePoint, determined that the same cybercriminals behind the vendor breach had attempted to exploit the county network. While they reported no evidence of successful intrusion into county systems, offices had to fall back on manual processing and suspend some online services for about ten days. The incident is believed to have exposed resident data held by the vendor and has prompted additional security and monitoring measures.
Sund & Bælt
November 14, 2025
•[ denial of service, hacktivism ]
On November 14, 2025, the Storeblt website operated by Sund & Blt was rendered inaccessible due to an external denial-of-service attack. Sund & Blt confirmed the DDoS incident, and DR reported that the pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram as part of a broader campaign targeting Danish entities. No data loss occurred.
Operation Endgame 3.0
November 14, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
Borger.dk
November 13, 2025
•[ denial of service, hacktivism ]
On November 13, 2025, Denmark's national citizen service portal Borger.dk was targeted and disrupted by an external denial-of-service attack. The pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram. No data loss occurred.
Ministry of Transport of Denmark
November 13, 2025
•[ ddos, hacktivism, government ]
On November 13, 2025, the website of Denmark's Ministry of Transport was disrupted by an external denial-of-service attack. The pro-Russian hacktivist group NoName057(16) claimed responsibility for the attack as part of a broader campaign targeting Danish digital infrastructure. No data loss was reported.
Terma
November 13, 2025
•[ denial of service, hacktivism ]
On November 13, 2025, Danish defense contractor Terma experienced a disruption to its public-facing website due to an external denial-of-service attack. The incident was attributed to the pro-Russian hacktivist group NoName057(16). Terma confirmed that no data were lost.
Government of Denmark
November 13, 2025
•[ denial of service, hacktivism, government ]
On November 13, 2025, additional Danish government websites experienced outages due to external denial-of-service attacks. The Danish Civil Protection Agency confirmed that several sites and companies were affected, and the pro-Russian hacktivist group NoName057(16) claimed responsibility for the coordinated campaign. No data loss was reported.
YouFibre
November 13, 2025
•[ service disruption ]
YouFibre experienced a sustained DDoS attack starting on November 13, 2025, causing intermittent broadband service disruptions across multiple UK regions. The company stated it was working with upstream providers to mitigate the attack, which produced multi-day connectivity instability but no evidence of data compromise.
Attorney General’s Office of the State of Guanajuato (FGEG)
November 13, 2025
•[ ransomware, data leak, double-extortion ]
Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
Eurofiber
November 13, 2025
•[ data leak ]
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files.
Operation Endgame 3.0
November 13, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
SitusAMC
November 12, 2025
•[ data leak ]
Real-estate finance services provider SitusAMC, headquartered in New York, disclosed that on November 12, 2025 it detected a breach affecting internal systems used to support back-office services for major lenders; investigations indicate that corporate data on some clients and unspecified data about their customers were accessed, though SitusAMC reports no impact on business operations and says no encrypting malware was deployed.
VSK Insurance Joint-Stock Company
November 12, 2025
•[ ransomware ]
Russian insurer VSK disclosed that a large-scale cyberattack beginning around November 12, 2025 severely disrupted its IT systems and online services. Customers across Russia reported being unable to access the companys website, mobile app, and email, and some healthcare providers delayed or cancelled appointments because they could not verify insurance coverage. VSK said it was working with law enforcement and cybersecurity experts and claimed that no confirmed evidence of data theft had been found, while independent specialists suggested the incident was probably ransomware. The attack significantly impacted delivery of insurance and related health services nationwide.
At least one Andorid user in Latin America
November 12, 2025
•[ malware, ransomware, phishing ]
The Record described a newly identified Android malware/ransomware campaign (DroidLock) distributed through phishing websites that trick users into installing fake apps and then lock devices behind a ransom message. The reporting focuses on a broad campaign targeting Spanish-speaking users rather than a single named victim organization with a discrete primary effect suitable for this datasets event unit. Because there is no specific victim organization, confirmed disruption window, or bounded impact scope for one entity, it is not coded here as an individual cyber event record.
Mikord
November 12, 2025
•[ data leak, sabotage, hacktivism ]
The Record reported that an anonymous hacker group allegedly breached Mikords servers and provided a trove of internal documents to an anti-war human rights group, including source code, technical and financial records, and internal correspondence. The report stated the hackers claimed months-long access and said they destroyed parts of Mikords infrastructure; Mikords website was reportedly offline for days and had been defaced earlier in December. While the company did not publicly acknowledge involvement in Russias military registry, investigative verification cited in the article indicated the leaked materials supported its participation, suggesting the breach had both data-theft and disruptive/destructive elements.
French Ministry of the Interior
November 12, 2025
•[ government, data leak, email compromise ]
Frances Interior Minister confirmed that the Ministry of the Interior experienced a cyberattack affecting its email servers. The intrusion was detected overnight between 12/11/2025 and 12/12/2025 and enabled the threat actors to access the ministrys email infrastructure and some document files. At the time of public confirmation, officials had not confirmed whether data was exfiltrated. In response, the ministry reported implementing standard containment procedures, tightening security protocols, and strengthening access controls. French authorities opened an investigation to determine the origin, intent, and full scope of the breach; possible explanations cited publicly included foreign interference, activists, or cybercriminals. The ministry is a high-value target given its responsibility for police forces, internal security, and immigration services.
At least one individual dowloading One Battle After Another torrent
November 12, 2025
•[ malware, trojan ]
This article summarizes Bitdefenders reporting on a malware distribution campaign that uses fake torrents claiming to contain a Leonardo DiCaprio film (One Battle After Another). The torrent bundle reportedly contains shortcut and script components that trigger a multi-stage infection chain leveraging PowerShell and other built-in Windows utilities, culminating in memory-resident deployment of the Agent Tesla remote access trojan
Orion Telecom
November 12, 2025
•[ ddos, service disruption ]
TASS reported that Orion Telecom, described as the largest provider in Krasnoyarsk, experienced a powerful DDoS attack attributed to sources in foreign countries. The provider stated it repelled the attack and fully restored network operations, with central services stable again after engaging internal AntiDDoS capabilities and federal-scale external information security partners. The report indicates the disruption required building tailored protections for specific buildings/cities, implying service degradation/outage for some customers during mitigation. No data theft was described; the primary effect reported was disruption to communications services that was later restored.
Ireland's Office of the Ombudsman
November 12, 2025
•[ ransomware, service disruption ]
The Office of the Ombudsman in Ireland reported that it was the victim of a ransomware attack involving unauthorized access to its IT systems on December 11, 2025. As part of containment, the Office took systems offline and worked with the National Cyber Security Centre and external specialists to investigate and restore services, while notifying law enforcement and the Data Protection Commission. The Office later stated it was confident no personal data had been taken in the incident, and it incrementally restored services, reporting by early January 2026 that public-facing services were back online. The incident primarily caused disruption through precautionary shutdown and recovery operations rather than publicly reported data theft.
Telecom company in Khabarovsk
November 11, 2025
•[ ddos ]
A Kommersant Komsomolskaya Pravda article on cyberthreat statistics for Russia's Far East notes that security teams from MTS and RED Security logged more than fifty thousand DDoS attacks nationwide between July and September 2025, including a record setting assault on a telecom company in Khabarovsk where malicious traffic hammered the firm's online resources continuously for over thirty hours, highlighting that telecom, IT, transport, construction and government organizations in the region have become prime targets for attackers and underscoring calls for local businesses to invest in stronger cyber defences.
