1000ua.ru (Russian POW portal)
August 6, 2025
•[ hack, ddos, government ]
On August 6, 2025, immediately after launch, the Russian website 1000ua.ru which published portraits of 1,000 Ukrainian POWs was hit with a DDoS attack. RT attributed the traffic to Ukraine, but no specific group has been identified. The attack caused partial disruption but no data theft or encryption.
Pakistan Petroleum Limited (PPL)
August 6, 2025
•[ ransomware, leak, malware ]
PPLs servers and backups were encrypted and disabled by Blue Locker ransomware; IT and financial operations were disrupted for days; a ransom note threatened data leaks; NCERT issued high alert advisory to national institutions
South Alabama Regional Planning Commission
August 6, 2025
•[ hacking, unauthorized access, protected health information ]
South Alabama Regional Planning Commission reported a hacking/IT incident involving unauthorized access to protected health information. Public reporting states that the substitute breach notice did not identify when access was detected or when unauthorized access occurred, but the investigation determined on August 6, 2025 that certain files had been copied from its systems. The incident affected 3,043 individuals.
City of Greenville (TX)
August 5, 2025
•[ ransomware, malware, government ]
Hackers deployed ransomware targeting Greenvilles server infrastructure, affecting city services and utility billing in Hunt County; emergency 911 was unaffected, and no personal data breach has been reported.
Bouygues Telecom
August 4, 2025
•[ hack, technology ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Public Broadcasting Service (PBS)
August 4, 2025
•[ leak, technology ]
BleedingComputer confirmed a file posted on Discord with JSON records of 3,997 PBS employees and affiliates came from PBSs MyPBS.org internal service, and PBS confirmed the datas authenticity
Bouygues Telecom
August 4, 2025
•[ hack, technology ]
In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer records, including 5.7M unique email addresses. The breach also exposed names, physical addresses, phone numbers, dates of birth and IBANs (International Bank Account Numbers). Bouygues Telecom advised that all affected customers had been notified about the incident.
Prospect Medical Holdings
August 4, 2025
•[ ransomware, healthcare ]
Prospect Medical Holdings, a chain that owns hospitals as well as more than 165 outpatient facilities, said ransomware hackers had breached its system. Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year. Prospect Medical Holdings, a []
Bouygues Telecom
August 4, 2025
•[ cyberattack, data leak, IBAN ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Sevastopol main internet provider (Miranda Media)
August 2, 2025
•[ hack, ddos, technology ]
On August 2, 2025, Sevastopols main internet provider Miranda Media came under a large-scale DDoS attack, causing widespread disruption of mobile and fixed-line connectivity across the city. Services were intermittently unavailable for several days. Officials acknowledged the disruption on August 4, 2025. No group has claimed responsibility.
99 Cents Only
August 1, 2025
•[ ransomware, retail ]
INC Ransom claims to have breached Dollar Tree
Undisclosed Bank in Asia-Pacific Region
August 1, 2025
•[ financial, malware, finance ]
A financially-motivated crew physically snuck a 4G-equipped Raspberry Pi into an Asia-Pacific banks network, plugging it into the ATM network switch to get remote access past perimeter defenses. Their goal was to reach the ATM switching server and deploy a custom CAKETAP rootkit to approve fraudulent ATM withdrawals; responders interrupted the operation before cash-out
National prison management platform of the National Penitentiary Administration (ANP)
August 1, 2025
•[ insider threat, financial fraud, unauthorized access ]
A prisoner in the Dej hospital prison hacked tablet/kiosk systems used to access the national inmate-services portal, manipulating requests and financial accounts tied to commissary and sentence-credit workflows. Activity persisted for weeks across multiple institutions before detection; the union and national media detail platform misuse and credential abuse rather than broad IT outages.
Panera Bread
August 1, 2025
•[ data breach, unauthorized access, data leak ]
Panera Bread reportedly suffered a data breach that exposed approximately 14 million customer records after unauthorized access to an application database, with no evidence of operational disruption disclosed at the time of reporting.
Colombian Justice Minister Andres Idarraga
August 1, 2025
•[ spyware, Pegasus, surveillance ]
Colombias justice minister stated that forensic evidence indicates his phone was hacked using Israeli Pegasus spyware during the second half of 2025 while he was investigating alleged corruption in the military. He alleged the operation was ordered through the Defense Ministry using state counterintelligence structures and confidential funds. According to his statement, investigators found his phone was taken over more than 8,700 times and that 2.3 GB of data were downloaded, including sensitive corruption complaints, and that the camera/microphone were illicitly activated on numerous occasions. The incident is characterized as a targeted spyware intrusion against a senior government official with alleged state involvement.
Canada Goose
August 1, 2025
•[ data leak, third-party breach, customer records ]
BleepingComputer reported that Canada Goose was investigating after ShinyHunters leaked more than 600,000 customer records. Canada Goose said it had not found evidence its own systems were breached and believed the data related to past customer transactions. ShinyHunters told BleepingComputer the dataset was unrelated to recent SSO attacks and claimed it originated from a third-party payment processor breach and dates back to August 2025. The exposed data was described as including purchase history plus device/browser information and order values; it did not appear to include full payment card numbers.
Jabłonna Lacka Water Treatment Plant
August 1, 2025
•[ industrial control systems, ICS, critical infrastructure ]
Poland's Internal Security Agency reported that attackers breached industrial control systems at multiple water treatment facilities in 2025, including Jabonna Lacka. The attackers gained access to operational systems controlling water treatment processes and in some cases obtained the ability to modify equipment operational parameters, creating a direct risk to operational continuity and public water supply. Public reporting says the August 2025 incident nearly caused a municipality to lose its water supply before authorities intervened. Polish cybersecurity reporting linked several water-facility incidents to a pro-Russian hacktivist group, but no public source identified the specific named perpetrator for the Jabonna Lacka incident.
Qilin ransomware group
July 31, 2025
•[ ransomware, hack, leak ]
Compromise of Qilins affiliate panel by rival actors enabled access to internal systems and stolen victim files.
Foreign embassies in Moscow (multiple missions)
July 31, 2025
•[ espionage, malware, government ]
FSB-linked APT Secret Blizzard (Turla) used ISP-level access in Russia to deliver espionage malware against multiple foreign embassies in Moscow; campaign disclosed by Microsoft. Data stolen likely includes diplomatic emails/credentials; exact volume not reported.
Acea
July 31, 2025
•[ ransomware, malware, energy ]
Italian utility company Acea suffered another ransomware attack, this time claimed by World Leaks. Systems were encrypted, disrupting operations, though the exact duration and number of affected customers were not disclosed.
