Real Academia Española
February 28, 2025
•[ ransomware, cyberattack ]
Spains language academy confirmed a ransomware attack affecting its systems.
Central New York Cardiology
February 27, 2025
•[ data leak, healthcare ]
Practice reported a data breach impacting extensive patient PHI/PII per public notice.
Angel One Ltd.
February 27, 2025
•[ unauthorized access, data leak ]
Indian stock brokerage Angel One disclosed on February 27, 2025, that unauthorized actors accessed some of its Amazon Web Services (AWS) resources following a dark web alert. The company confirmed exposure of limited client information but no compromise of funds or credentials. Investigation and containment measures were initiated immediately.
Las Cruces-based organization
February 27, 2025
•[ data leak ]
Article reports a Las Cruces organization disclosed a data breach involving health information; specific systems and counts not provided in accessible copy.
Ally Financial
February 27, 2025
•[ data leak ]
Class action alleges a data breach at Ally Financial exposed personal data of ~4.2M customers; litigation filed Feb 2025.
Comune di Perugia
February 27, 2025
•[ ddos ]
DDoS took the city website offline briefly; operations continued; no theft of information reported.
NorthWest Arkansas Community College
February 27, 2025
•[ data leak ]
NWACC began mailing letters indicating personal information may have been affected; incident under review and notifications ongoing.
DermCare Management (practice management company)
February 26, 2025
•[ hack, healthcare ]
Attack identified Feb 26, 2025; investigation confirmed Mar 3 that patient data may have been copied from DermCares network. At least 10 affiliated dermatology practices (mainly FL, plus TX) issued substitute notices; totals still being determined.
State information resources (Azerbaijan)
February 26, 2025
•[ ddos ]
Special Service reported massive DDoS on state resources; mitigation by filtering malicious traffic may temporarily block real IPs.
Balkan Investigative Reporting Network Journalists
February 26, 2025
•[ spyware, phishing, targeted attack ]
Amnesty reported two Serbian journalists targeted with Pegasus spyware via one-click links.
Pump.fun X account
February 26, 2025
•[ account takeover, social engineering, cryptocurrency scam ]
The official X account of Pump.fun was hijacked on February 26, 2025, and used to promote a fake governance token named PUMP and other scam cryptocurrencies, misleading users and causing financial harm before the fraudulent posts were removed and access was restored.
Charles County Public Schools
February 26, 2025
•[ social engineering, account compromise, payroll fraud ]
Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
Rockhill Women's Care
February 26, 2025
•[ data leak ]
Rockhill Womens Care reported that it became aware of a security incident on or about 02/26/2025 and that an unauthorized third party gained access to its systems. Reporting indicates that sensitive personal and protected health information was involved, and that the organization publicly disclosed the incident and began notifying impacted individuals on or around 09/30/2025. The available descriptions do not specify the initial intrusion vector, but do indicate unauthorized access and potential exposure of patient data.
City Of Fort St. John
February 25, 2025
•[ ransomware ]
Ransomware confirmed; data restored and most services back online.
Orange Group
February 25, 2025
•[ data leak ]
Orange confirmed breach of a non-critical back-office app; hacker leaked internal docs and data from Orange Romania.
Hometeamns
February 25, 2025
•[ ransomware ]
Ransomware hit Singapores HomeTeamNS; no evidence of data extraction.
Brydens Lawyers
February 25, 2025
•[ ransomware, data leak ]
Sydney law firm reported ransomware with alleged 600GB data leak under investigation.
WindTre S.p.A.
February 25, 2025
•[ data leak ]
WindTre confirmed unauthorized access was detected on 25 Feb 2025 affecting a resellers system; limited customer personal data (names/IDs/contacts) may have been exposed; incident reported to Italys DPA and described as contained.
Orange Romania
February 24, 2025
•[ financial, hack, leak ]
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Northern Caribbean University
February 24, 2025
•[ data leak ]
Cyberattack crippled key systems; NCU warned students of possible data release.
