-
Pembina Trails School Division
December 2, 2024
•
[ ransomware, financial, leak ]
Canadian school division compromised by Rhysida ransomware Dec 2, 2024. Attack disrupted thousands of devices and exposed ~35,000+ student records and staff payroll/financial data. Group attempted $1.7M ransom before leaking stolen data on the dark web.
-
-
PIH Health
December 1, 2024
•
[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
-
AEAT (Spanish Tax Agency)
December 1, 2024
The ransomware group Trinity claims it stole 560 gigabytes of data from the AEAT.
-
Coinbase users
December 1, 2024
•
[ phishing, social engineering ]
Between December 2024 and January 2025, criminal phishing campaigns impersonating Coinbase support stole approximately $65 million in cryptocurrency from hundreds of users worldwide. Attackers used fake login pages, wallet-draining scripts, and social-engineering messages to capture credentials and bypass two-factor authentication. Coinbase confirmed that its own systems were not breached.
-
Sayanmoloko / Semyonishna Dairy Plant
December 1, 2024
•
[ ransomware ]
The Sayanmoloko Semyonishna dairy plant in Khakassia, Russia, experienced a ransomware attack in December 2024 attributed to a LockBit variant. The attack encrypted labeling and tracking systems, hijacked printers to output anti-war leaflets, and disabled the company website while milk processing continued. Operations were restored within several days.
-
Check Point Software Technologies
December 1, 2024
•
[ data leak ]
On March 30 2025, hacker CoreInjection advertised alleged Check Point internal data for sale on BreachForums for 5 BTC. Check Point confirmed a past, limited incident with no customer impact and no encryption or disruption. Scope and amount of data remain unverified.
-
Hertz Global Holdings
December 1, 2024
•
[ data leak, supply chain attack, vulnerability exploit ]
Hertz confirmed that customer personal data was stolen through exploitation of zero-day vulnerabilities in its vendor Cleo Communications managed file transfer platform between October and December 2024. The company completed analysis on April 2 2025 and disclosed the breach publicly on April 10 2025. The compromised data included names, contact information, drivers license numbers, and limited payment and identification information. No encryption or operational disruption was reported.
-
At least one undisclosed government or financial organization
December 1, 2024
•
[ malware, espionage, data theft ]
Kaspersky tracks PassiveNeuron using bespoke Neursite and NeuralExecutor implants, often gaining RCE on exposed Windows servers (e.g., via MSSQL) and then staging modular plugins for stealthy collection through compromised internal servers. Campaign-level report without a single victim suitable for event coding.
-
Port of Rijeka
November 30, 2024
•
[ ransomware, financial, leak ]
The 8Base ransomware group hits Croatias Port of Rijeka, stealing sensitive data, including contracts and accounting info.
-
Krispy Kreme
November 29, 2024
•
[ ransomware, malware, retail ]
US doughnut chain Krispy Kreme reveals it suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. The Play ransomware gang claims responsibility for the attack.
-
Kurita America
November 29, 2024
•
[ ransomware, malware, manufacturing ]
The U.S. subsidiary of Kurita Water, a Japanese water treatment company says ransomware actors have stolen data from systems and encrypted some servers.
-
Bologna Football Club 1909
November 29, 2024
•
[ ransomware, leak ]
Bologna Football Club 1909 confirms it suffered a ransomware attack after its stolen data is leaked online by the RansomHub extortion group.
-
Stoli Group USA
November 29, 2024
•
[ ransomware, malware, manufacturing ]
Stoli Group's U.S. companies file for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.
-
Alder Hey Children’s Hospital
November 28, 2024
•
[ ransomware, malware, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
-
Bank of Uganda
November 28, 2024
Ugandan officials confirms that the countrys central bank system was hacked by financially-motivated cybercriminals, following several media reports claiming that a Southeast Asian hacker group breached the Bank of Ugandas accounts and stole as much as $17 million.
-
Cabot Financial
November 28, 2024
•
[ hack, finance ]
A cyber attack targets acquisition and credit servicing firm Cabot involving the theft of some 394,000 data files, including material related to its direct customers and its loan book.
-
Permanent Electoral Authority (AEP) of Romania
November 28, 2024
Romanias national security council warns that cyber-attacks are being used to influence the fairness of the countrys live presidential election, strongly suggesting that Russia could be behind these cyber influence attempts.
-
Liverpool Heart and Chest
November 28, 2024
The INC Ransom group begins leaking on its dark website data allegedly stolen from IT systems shared by Alder Hey Children's NHS Foundation Trust and Liverpool Heart and Chest's NHS Foundation Trust.
-
American Heart of Poland
November 28, 2024
•
[ hack, healthcare ]
American Heart of Poland receives a fine of 330,000, after suffering a hacking incident.
