Intellihartx, LLC (vendor for Arkansas Heart Hospital LLC)
February 20, 2025
•[ data leak, third-party breach ]
Intellihartx, LLC, a healthcare revenue-cycle and patient engagement vendor for Arkansas Heart Hospital, reported that unauthorized actors accessed and exfiltrated files from its systems between January 22 and February 20 2025. The vendors Maine Attorney General notice states 1,674,294 individuals were affected across its clients. Exposed data included names, Social Security numbers, dates of birth, contact information, and medical and insurance details for patients linked to Arkansas Heart Hospital.
Local media outlets in Azerbaijan
February 20, 2025
•[ targeted attack, data destruction, state-sponsored attack ]
Azerbaijans parliament commission head said APT29/Cozy Bear was behind a Feb 20 cyberattack that targeted internal servers at Baku TV and spread to other outlets, aiming to disrupt media infrastructure and alter/delete information; officials framed motive as retaliation over Russia-related media actions.
Commvault
February 20, 2025
•[ vulnerability, unauthorized access ]
A zero-day vulnerability (CVE-2025-3928) in Commvaults cloud backup platform was exploited, allowing unauthorized access to internal systems and credentials. Commvault stated that customer backup data was not impacted, and no data theft has been confirmed.
Raymond Lifestyle Ltd
February 20, 2025
•[ ransomware ]
Raymond reported a cybersecurity incident on Feb 20, 2025 that impacted some IT assets. In its Q4 FY25 results on May 13, the firm cited the ransomware attack and weak demand as factors weighing on total income and profit, indicating a disruptive event without confirmed exfiltration details.
Pulmonary Physicians Of South Florida
February 19, 2025
•[ ransomware, data leak ]
Ransomware Group Listed Provider And Posted Screenshots Suggesting Patient Records Exposure.
Freddie Mac
February 19, 2025
•[ data leak, personally identifiable information ]
Breach notice filed with Massachusetts AG on Feb 19, 2025; unauthorized access to files containing consumers SSNs.
Resort Data Processing
February 19, 2025
•[ data breach, hospitality ]
Hospitality PMS vendor mailed breach letters on March 20, 2025 after cyber incident.
Ministry for Enterprise and “Made in Italy”
February 18, 2025
•[ ddos, hacktivism, government ]
Pro-Russian hacktivist group NoName057(16) claimed coordinated DDoS attacks against Italian ministries and companies, causing brief service disruptions but no data compromise; politically motivated; mitigated by authorities over several days.
Multiple companies in Italy
February 18, 2025
•[ ddos, hacktivism ]
Attack by proRussian hackers Noname057 via DDoS on ~20 important Italian web portals, politically motivated.
Cardex
February 18, 2025
•[ vulnerability, theft, data leak ]
Abstract reported a session key vulnerability in Cardex that allowed an attacker to perform unauthorized transactions and drain funds from thousands of wallets.
Transport Authority
February 17, 2025
•[ ddos, hacktivism, service disruption ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on Italys Transport Authority, causing temporary service slowdowns. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
Port of Taranto
February 17, 2025
•[ ddos, hacktivism ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on the Port of Taranto in Italy, causing temporary disruptions. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
Malpensa Airport
February 17, 2025
•[ ddos, hacktivism ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on Malpensa Airport in Italy, causing temporary slowdowns. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
Linate Airport
February 17, 2025
•[ ddos, hacktivism ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on Linate Airport in Italy, causing temporary slowdowns. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
Port of Trieste
February 17, 2025
•[ ddos, hacktivism, government ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on the Port of Trieste in Italy, causing temporary disruptions. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
~14 undisclosed Italian air transport and banking websites
February 17, 2025
•[ ddos, hacktivism ]
According to Italian press (Finance.si, Reuters), pro-Russian hacktivist group NoName057(16) conducted coordinated DDoS attacks against Italian institutions on February 17, 2025. While six named victims were identified (Malpensa, Linate, Transport Authority, Port of Taranto, Port of Trieste, Intesa Sanpaolo), reports indicate approximately 20 total websites were targeted. This record represents ~14 additional undisclosed Italian websites that experienced partial disruption.
India Post
February 17, 2025
•[ data leak, vulnerability, idor ]
IDOR flaw allowed retrieval of KYC documents by altering IDs in URLs; reports indicate thousands of records were exposed.
National Assembly of Ecuador
February 17, 2025
•[ government, data leak ]
Cyberattack targeting Ecuadors National Assembly aimed at accessing confidential legislative information; intrusion detected and contained without confirmed data theft or attribution.
Ministry of Health and Human Services (Palau)
February 17, 2025
•[ ransomware, data leak ]
The Ministry of Health and Human Services of Palau suffered a ransomware-attributed data breach by the Qilin group on February 17, 2025. The attackers exfiltrated patient and hospital data from internal servers but no encryption of systems was confirmed. Authorities reported service restoration and an investigation into the scope of data theft.
Seneweb
February 17, 2025
•[ ddos ]
Massive Ddos campaign hit Seneweb over ten days, disrupting access.
