Infini (Infini Earn)
February 24, 2025
•[ insider threat, financial theft, cryptocurrency ]
A former developer or compromised admin key was used to withdraw $49.5 million from Infinis smart-contract vault on February 24 2025. The attacker converted USDC to ETH and moved the funds off-chain. Infini, a Hong Kong-based stablecoin bank, offered a 20% bounty for fund return and filed legal action against a former developer in Hong Kong.
Fort Bend County Libraries
February 24, 2025
•[ service disruption ]
Fort Bend County is recovering from a Feb. 24 cyber incident that disrupted library catalogue and e-library services for weeks and led to significant cybersecurity contracting; officials reported no leakage of personal information.
Cleveland Municipal Court
February 23, 2025
•[ ransomware, data leak ]
Cleveland Municipal Court experienced a full shutdown beginning 2025-02-23 due to a Qilin ransomware attack that encrypted court systems and exfiltrated roughly 44 GB of data. Operations were halted for about 17 days. The attacker demanded $4 million and threatened to leak stolen court documents.
Invest Hong Kong
February 22, 2025
•[ ransomware, data leak ]
Follow-up coverage of InvestHK ransomware; checking possible client/staff info exposure; later update: no evidence of leakage.
Philippine Army & Navy
February 22, 2025
•[ data leak ]
Local group claimed breach of PH Army/Navy mail; claim public, no confirmation of access or data exposure.
Anne Arundel County
February 22, 2025
•[ data leak ]
Between Jan 28 and Feb 22 2025, attackers accessed and downloaded files from a limited portion of Anne Arundel Countys network, including health-related systems. County officials confirm data was not encrypted, but certain files were exfiltrated. A subsequent HHS/OCR filing in May 2025 listed roughly 500 affected individuals.
Hyundai AutoEver America
February 22, 2025
•[ data leak, employee data, PII exposure ]
Hyundai AutoEver America, an IT services affiliate of Hyundai Motor Group based in Orange County, California, reported that Undetermined attackers gained unauthorized access to its IT environment between February 22 and March 2, 2025, with the incident discovered on March 1. Forensic investigation and U.S. state regulator filings indicate that personal information stored in employment related systems was exposed, including names, Social Security numbers, and drivers license details. Subsequent updates clarified that approximately 2,000 primarily current and former employees of Hyundai AutoEver America and Hyundai Motor America were notified. The company engaged external cybersecurity experts, cooperated with law enforcement, and is offering two years of credit monitoring while stressing that no connected vehicle data or broader customer information appears to have been affected.
Paysera
February 21, 2025
•[ denial of service ]
No customer data or funds affected; the DDoS attack slowed access to Paysera systems starting ~13:30, with most issues resolved by ~15:30 and full restoration by midnight. ([turn0search0]:contentReference[oaicite:0]{index=0})
Niva Bupa Health Insurance Company Ltd
February 21, 2025
•[ data leak ]
Niva Bupa received a threat email from an unidentified actor claiming possession of customer data and referencing a leak site; the company reported the incident and obtained a Delhi High Court order to block the site while investigating. No data theft has been confirmed as of Oct 2025.
LANIT Group
February 21, 2025
•[ ransomware ]
On 2025-02-21, LANIT Group, a major Russian IT service provider, suffered a cyber incident that encrypted portions of its internal infrastructure and prompted a national warning to financial institutions using its subsidiaries. Authorities confirmed encryption and service isolation but no verified data exfiltration.
Leonardo S.p.A.
February 21, 2025
•[ ddos, hacktivism ]
Pro-Russian hacktivist group NoName057(16) launched DDoS attacks against multiple Italian entities; on Feb 21, 2025 (Day 5) several sites including Leonardo and Edison were unreachable. ACN provided support and mitigation guidance; no data theft reported.
Italian Banks
February 21, 2025
•[ ddos, hacktivism ]
ProRussia hacktivist group NoName057 launched DDoS attacks against Italian banks (Mediobanca, Nexi, Intesa, Monte dei Paschi) in retaliation for statements by the Italian president; no significant disruption according to national cybersecurity agency
Bybit
February 21, 2025
•[ data leak ]
Bybit disclosed major security breach; services restored and recovery efforts reported shortly after.
CarMoney
February 21, 2025
•[ hacktivism, data leak, unverified ]
On February 21 2025, the hacktivist group Ukrainian Cyber Alliance claimed responsibility for a cyberattack on Russian vehicle-loan firm CarMoney. The group stated it destroyed digital infrastructure and exfiltrated terabytes of borrower data, including information tied to Russian military and intelligence officers. CarMoney confirmed shutting down all systems but denied any personal data compromise. No encryption or verified data leak has been independently confirmed.
Cumberland County Hospital
February 21, 2025
•[ data leak ]
Unauthorized access between Feb 21 Apr 3 2025 to hospital file servers outside the EMR system exposed personal and medical data of about 36 k patients and employees; no operational disruption reported; public disclosure Jun 2 2025.
Oracle Health
February 20, 2025
•[ data leak, compromised credentials, healthcare ]
A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
HCRG Care Group
February 20, 2025
•[ ransomware, data leak ]
Medusa ransomware group claimed theft of ~2.275 TB from HCRG and demanded $2m by Feb 27, leaking sample files; HCRG says containment measures are in place and services remain operational; reports indicate exposure of sensitive medical, personal and financial records
City of Jasper
February 20, 2025
•[ unauthorized access, government ]
Unauthorized access identified around Feb 20; no evidence of citizen/employee personal data access; services largely unaffected.
the private provider (contractor) supplying NHS services
February 20, 2025
•[ ransomware, data leak ]
A private provider serving the NHS was hit by ransomware, disrupting network operations and potentially exposing patient or internal data, causing service interruptions in NHS operations dependent on it.
Supreme Administrative Court of Bulgaria
February 20, 2025
•[ ransomware, data leak ]
RansomHouse used White Rabbit ransomware against Bulgarias Supreme Administrative Court on Jan 27, encrypting ~140 computers; group posted employee-related files as proof of data theft. Court remained operational via paper processes; investigation into data leakage ongoing.
