Full List

Search

Recent Breaches

• SimonMed Imaging February 5, 2025 • [ ransomware, data leak, healthcare ] Medusa claimed theft of 212GB of data impacting 1.2M patients after JanuaryFebruary attack window.
• Jefferson School District 251 February 4, 2025 • [ ransomware, data leak ] Ransomware was discovered on Jefferson School Districts computer systems in early February 2025, leading to the cancellation of classes across all 11 schools in the district while networks were rebuilt. About 5,000 student devices were affected, and the FBI and third-party forensic teams were engaged. No evidence of student data theft or exfiltration has been reported.
• 163.com Users February 4, 2025 • [ phishing, espionage ] The Taiwanese-linked espionage group GreenSpot APT (aka PoisonVine / APT-Q-20) created spoofed 163.com domains and fake download pages to harvest email credentials from users in mainland China, Hong Kong, and Taiwan. Hunt.io attributed the campaigns infrastructure to Taiwan but no government department link has been identified.
• Ionic Money February 3, 2025 • [ DeFi exploit, impersonation, protocol manipulation ] On February 3 2025, attackers exploited Ionic Money on the Mode Network by impersonating members of Lombard Finance and convincing the project to list a fake token (LBTC). They minted counterfeit collateral, borrowed legitimate assets, and drained about $8.6 million in funds, later laundering part of it through Tornado Cash. The incident was a decentralized finance exploit involving protocol manipulation, with no system encryption or service disruption.
• Lee Enterprises February 3, 2025 • [ ransomware, data leak ] On February 3, 2025, Lee Enterprises suffered a ransomware attack that encrypted multiple critical applications and exfiltrated files. The Qilin group claimed responsibility, asserting theft of about 350 GB of data. The incident caused partial but significant disruption of operations for roughly one week, affecting printing, billing, and vendor systems. Approximately 39,779 individuals had personal information compromised.
• News.bg and other Bulgarian media outlets February 2, 2025 • [ denial of service, hacktivism ] Massive SSL-based distributed denial-of-service (DDoS) attacks targeted News.bg and several other Bulgarian media websites beginning on February 2, 2025. The attacks, described as large-scale and difficult to trace, disrupted access for several days until at least February 6, 2025. Mitigation involved blocking international traffic. Attribution remains undetermined; motive appears protest-related.
• University of The Bahamas February 2, 2025 • [ ransomware ] The University of The Bahamas suffered a ransomware attack starting on 2025-02-02 that disrupted online systems including email, telephone, and academic platforms while in-person classes persisted. The school serves ~5,000 students across three campuses.
• Rubrik February 2, 2025 • [ data leak ] Rubrik disclosed on February 2, 2025, that an unauthorized actor accessed a log server containing telemetry data. The company rotated all authentication keys, confirmed no customer data or source code was affected, and reported the incident to authorities.
• Baltimore Archdiocese (via Stinson LLP & BRG) February 1, 2025 • [ leak, finance ] Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
• Rainbow District School Board February 1, 2025 • [ data leak ] School Board Reported Data Access During Incident; Services Restored And Data Allegedly Deleted.
• Valsoft Corporation February 1, 2025 • [ data leak ] Valsoft disclosed a February 2025 breach where attackers accessed company files for several days; personal information for over 160,000 people was compromised.
• Pacific Rehabilitation Centers February 1, 2025 • [ ransomware ] Organization reported ransomware on an employee computer; restoration and notifications followed.
• Opexus February 1, 2025 • [ insider threat, data leak, sabotage ] Insider compromise at Opexus by two employees previously convicted of hacking led to improper access, and the compromise/deletion of dozens of databases (including IRS and GSA data sets), triggering outages in two key software systems used by federal agencies; terminations followed and investigations cite a major lapse in security controls.
• Undisclosed Canadian Telecommunications Company February 1, 2025 • [ data leak, vulnerability ] Three network devices at a Canadian telecom were compromised in mid-Feb 2025 via Cisco IOS XE CVE-2023-20198; attackers retrieved configs and set up a GRE tunnel to collect network traffic; disclosed by Canadas Cyber Centre in June 2025.
• Oil and gas facility control panels in the U.S. January 31, 2025 • [ hack, energy ] Researchers at Cyble identify Sector 16, a new pro-Russian hacktivist group targeting into oil and gas facility control panels in the U.S.
• Tata Technologies January 31, 2025 • [ ransomware, malware, technology ] Tata Technologies Ltd. suspends some of its IT services following a ransomware attack that impacted the company network.
• Asheville Eye Associates January 31, 2025 • [ hack, healthcare ] Asheville Eye Associates says the personal and medical information of a subset of its patients was compromised as a result of a cybersecurity incident. The DragonForce claims responsibility for the attack, claiming to have stolen hundreds of gigabytes of data.
• Delta County Memorial Hospital January 31, 2025 • [ hack, healthcare ] Non-profit hospital district Delta County Memorial Hospital informs that threat actors had compromised the personal information of 148,363 people in a May 2024 cyberattack.
• Business Registration Service (Kenya) January 31, 2025 • [ data leak, criminal actors ] Kenyas Business Registration Service confirmed a major data breach on January 31 2025 that exposed registry and beneficial-owner data, including national ID numbers, addresses, phone numbers, and company ownership details. Media reports suggest over two million company and shareholder records were compromised and sold on the dark web. The attack was financially motivated and attributed to criminal actors; the government continues to assess the extent of the breach.
• Fanpage.it / Francesco Cancellato January 31, 2025 • [ spyware, espionage, zero-click ] Francesco Cancellato, editor-in-chief of Fanpage.it, was targeted with the Israeli-made Graphite spyware developed by Paragon Solutions, delivered via WhatsApp zero-click exploit. Citizen Lab and CPJ linked the campaign to a likely state client of Paragon, with political-espionage motives tied to Fanpages undercover investigation exposing neo-fascist youth elements within Italys ruling party. No confirmed infection or data exfiltration publicly reported.