Full List

Search

Recent Breaches

• Multiple Organizations in South Korea February 6, 2025 • [ cryptomining, malware, trojan ] ASEC analysis shows CoinMiner/XMRig variants delivered through trojanized removable media using DLL sideloading and PowerShell to mine cryptocurrency on compromised endpoints across Korea (the Republic of)n organizations.
• Users of fake DeepSeek sites February 6, 2025 • [ phishing, data leak ] Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
• Islamic Emirate of Afghanistan – Ministries and Agencies February 6, 2025 • [ data leak ] Hackers breached Taliban-run Afghan government systems (TalibLeaks) and published tens of gigabytes of confidential records from 21 ministries online.
• PrivatBank February 6, 2025 • [ phishing, malware, data leak ] A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
• Multiple Organizations in Asia February 6, 2025 • [ espionage, backdoor, credential theft ] Evasive Panda, a Chinese state-sponsored group operating under the Ministry of State Securitys Guangdong State Security Department / Technical Reconnaissance Bureau, deployed a custom SSH backdoor across enterprise network devices to exfiltrate credentials and maintain long-term covert access in espionage operations identified by Cisco Talos in February 2025.
• IMI plc February 6, 2025 • [ data leak ] IMI plc disclosed unauthorised access to its systems, engaged external cybersecurity experts, and stated it will provide further updates; no details on data stolen, systems impacted or threat actor identified were included.
• Bohemia Interactive February 6, 2025 • [ DDoS, service disruption ] Bohemia Interactives DayZ and Arma servers experienced a distributed denial of service attack beginning 2025-02-06, disrupting connectivity for players. Some claims attributed the incident to the group Xiangjang_zhi, though no official confirmation exists.
• Users of Steam game PirateFi February 6, 2025 • [ malware, data leak ] Free-to-play game PirateFi on Steam removed after being discovered to install Vidar infostealer; victims urged by Valve to scan or reformat their systems.
• Franklin County Government February 6, 2025 • [ ransomware ] On February 6 2025, Franklin County, Maine, experienced a sophisticated ransomware attack that briefly disrupted county computer systems. Officials confirmed no permanent data loss, no evidence of exfiltration, and rapid restoration using backups within 24 hours. The incident caused minor service delays but did not result in data exposure or financial loss beyond restoration costs.
• MacKay Memorial Hospital February 6, 2025 • [ ransomware, data leak ] Ransomware attack by Chinese actor CrazyHunter encrypted hospital systems and exfiltrated 32.5 GB of patient data; over 500 computers crashed, disrupting clinical services for several days; attacker linked to other Taiwanese targets.
• American Israel Public Affairs Committee (AIPAC) February 6, 2025 • [ data leak, third-party breach ] AIPAC reported that a criminal cyberattack on a third party led to unauthorized access to files on its own information systems from October 2024 through February 2025 and a review later determined that personal identifiers for 810 individuals had been taken prompting notification letters and additional security controls
• St. Anthony Hospital (Chicago) February 6, 2025 • [ data leak, healthcare, unauthorized access ] St. Anthony Hospital in Chicago reported that on February 6, 2025 it discovered a data breach involving a small number of employee email accounts that had been accessed by an unauthorized actor. The compromised mailboxes contained personal and medical information such as names, addresses, dates of birth, Social Security numbers, medical record and account numbers, prescription details, and medical histories for roughly 6,679 individuals. The hospital engaged outside cybersecurity experts, reset credentials, and began notifying potentially affected patients and staff while offering guidance on credit monitoring. Officials said there was no evidence of misuse yet but warned people to remain vigilant for fraud or identity theft.
• University end-users via cloned site February 5, 2025 • [ malvertising, phishing, malware ] Malvertising campaign cloning a German university website to distribute a fake Cisco AnyConnect installer which installed NetSupport RAT on victim machines.
• Chemical, Food, and Pharmaceutical Enterprises in Russia February 5, 2025 • [ infostealer, phishing, data leak ] Nova Infostealer campaign led by Rezet, also known as Rare Wolf, targeted Russian chemical, food, and pharmaceutical firms, harvesting credentials and internal documents through phishing and malicious installers.
• Russian Organizations Across Various Industries February 5, 2025 • [ malware, phishing, data leak ] Nova Infostealer malware campaign targeting Russian organizations across multiple industries collected credentials and files via phishing and malicious installers.
• Russian Industrial Facilities February 5, 2025 • [ infostealer, phishing, malware ] Nova Infostealer was deployed by the threat group NGC4020 in Russian industrial facilities, stealing host credentials and files from infected endpoints through phishing and malicious installer packages.
• Gregory & Appel Insurance February 5, 2025 • [ phishing ] Insurance firm reported unauthorized access linked to suspicious email purporting to be the Cfo.
• Hewlett Packard Enterprise February 5, 2025 • [ data leak ] HPE filed notice with MA AG after a cybersecurity incident allowed access to consumer data; notification letters sent Feb 5, 2025.
• Ntt Communications Corporation February 5, 2025 • [ data leak ] Data exfiltration impacted thousands of corporate customers at ntt communications.
• Professional Finance Company February 5, 2025 • [ ransomware, data leak ] A ransomware attack detected February 5 2025 disrupted Professional Finance Companys billing and collection systems and resulted in confirmed theft of patient financial and medical data for roughly 125,000 individuals. The firm disclosed the incident publicly in April 2025 and reported it to HHS as both a ransomware and data-exfiltration event.