Belgian General Intelligence and Security Service
November 6, 2025
•[ DDoS, hacktivism ]
Belgiums Defense Ministry confirmed that the website of the military intelligence service SGRS was hit by a DDoS attack claimed by pro-Russian hacktivist group NoName057, briefly degrading access to the portal without leading to any intrusion into backend systems or exposure of sensitive data; in messages on Telegram the group framed the operation as a warning to Defense Minister Theo Francken over his remarks that NATO would devastate Moscow if Russia attacked Brussels, continuing a pattern of politically motivated nuisance attacks on Belgian government and strategic targets.
Checkout.com
November 6, 2025
•[ extortion, unauthorized access, data leak ]
Checkout.com reported that an extortion actor accessed a legacy cloud file storage system and claimed to have obtained data; the company confirmed unauthorized access but no operational disruption or verified data theft.
Mower County
November 6, 2025
•[ ransomware, data leak, government ]
Mower County reported that it detected a ransomware attack on June 18, 2025 and investigated with cybersecurity and data forensics consultants. The county said unauthorized access to its systems occurred sometime between June 11 and June 18, 2025 and that sensitive personal data collected by the county was stolen. Reported affected data types include Social Security numbers, birthdates, names, ID card numbers, fingerprints, financial account information, medical/health insurance information, and payment card information. As of Dec. 3, 2025, the county said it had no indication the stolen information had been released or offered for sale; it also noted approximately 27,064 notification letters were being sent.
Zilvia.net
November 6, 2025
•[ data leak ]
In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful.
Kansas City Police Department
November 5, 2025
•[ data leak, hack, law enforcement ]
Reporting by KCUR, WIRED, and DataBreaches.net describes a major hack of the Kansas City, Kansas Police Department whose internal records were exfiltrated in 2024 and later published by transparency collective Distributed Denial of Secrets. The leaked cache, reportedly more than one terabyte in size, includes a secret Veracity Disclosure or Giglio List that identifies officers whose documented misconduct could undermine their testimony, along with supporting case files and internal correspondence. Police officials confirmed that the department experienced a cyber incident reported to federal agencies but criticized publication of the names as relying on stolen, unverified data and potentially harming officers reputations.
At least one policy expert on Iran
November 5, 2025
•[ phishing, credential theft, espionage ]
The Hacker News, citing a Proofpoint investigation, describes a newly identified threat cluster dubbed UNK_SmudgedSerpent conducting credential phishing and remote access operations against more than twenty Iran focused subject matter experts at a U.S. based foreign policy think tank between June and August 2025, amid heightened IranIsrael tensions. Attackers impersonated prominent policy figures and used benign email conversations to lure victims to fake Microsoft Teams and OnlyOffice login pages hosted on health themed domains that captured account credentials. In some cases the operation progressed to deploying legitimate remote monitoring tools such as PDQ Connect and ISL Online for hands on keyboard access, supporting longer term espionage against the target institution and aligning with tactics used by established Iranian cyber intelligence groups.
Oscars Group
November 5, 2025
•[ ransomware, data leak ]
Insurance Business reports that Australian hospitality conglomerate Oscars Group was listed on the Medusa ransomware gang's leak site on November 5, 2025, with the criminals claiming to have exfiltrated more than one hundred and thirty thousand internal files and threatening to publish them unless a ransom of one hundred thousand US dollars is paid or daily fees are provided to delay release; samples posted as proof reportedly include invoices, staff rosters, event schedules, daily financial records and identity documents such as passports and driver licences, much of it tied to the recently acquired Lakes Resort Hotel in South Australia, indicating a significant data breach even though no operational outages have been publicly disclosed.
Microbix Biosystems Inc.
November 5, 2025
•[ ransomware, data leak ]
Microbix Biosystems disclosed that an international ransomware group infiltrated and corrupted one of its corporate servers, deploying ransomware that temporarily took file storage systems offline but did not disrupt manufacturing, safety or communications. The company successfully recovered the server and data from backups yet later learned that at least some data had been copied externally, including commercially sensitive information and employee data
Habib Bank AG Zurich
November 5, 2025
•[ ransomware, data leak ]
Qilin ransomware group listed Habib Bank AG Zurich on its leak site on November 5, 2025, claiming theft of more than 2.5 TB of data and nearly 2 million files. Cybernews verified screenshots showing stolen passport numbers, account balances, transaction notifications, and internal tool source code.
Nikkei
November 4, 2025
•[ malware, data leak ]
Japanese media conglomerate Nikkei disclosed on 4 November 2025 that attackers had compromised its Slack messaging environment after malware on an employee's computer stole authentication credentials, which were then used to access multiple Slack accounts. The breach, discovered in September, exposed data for 17,368 employees and business partners, including their names, email addresses and chat histories. Nikkei forced password resets, reported the incident to Japan's Personal Information Protection Commission despite believing the stolen data falls outside formal reporting rules, and said no information related to confidential journalistic sources or reporting activities has been confirmed leaked.
Tisza Party App
November 4, 2025
•[ data leak, malware ]
Ahead of Hungarys 2026 parliamentary elections, opposition leader Pter Magyar said a malware-based cyberattack against his TISZA partys mobile application led to the illegal leak of his supporters personal data. Pro-government media reported that a database of roughly 200,000 names from the app, containing users names, email and postal addresses and phone numbers, was briefly published online before being taken down. Magyar alleges that international cyber pirates backed by Russian services have been attacking his systems for months to intimidate supporters and hinder planned primary elections on the app, prompting the party to move the vote to a different website.
RUAG LLC
November 4, 2025
•[ ransomware, data leak ]
Ransomware group Akira launched a double-extortion style attack against RUAG LLC, the Virginia-based liaison office of Swiss defence contractor RUAG MRO Holding, encrypting local systems while threatening to publish roughly 24 GB of company data including employee details and confidential military information. RUAG reports the incident is isolated to RUAG LLC thanks to autonomous IT systems and says other RUAG networks in Switzerland remain unaffected. Authorities had previously warned Swiss organizations about Akiras surge in ransomware activity, and RUAG is considering filing a criminal complaint as forensic investigat
Doctor Alliance LLC
November 4, 2025
•[ ransomware, data leak, phi ]
Threat actor Kazu claimed theft of 353GB (?1.24M files) from Doctor Alliance LLC and demanded a $200,000 ransom; sample includes scanned patient PHI.
Gen Digital
November 3, 2025
•[ spear-phishing, malware, backdoor ]
Gen Digital reported that the North Korea-linked Kimsuky group used spear-phishing emails carrying a fake VPN invoice ZIP archive to compromise at least one South Korean victim and deploy a new HttpTroy backdoor. Execution of the malicious SCR file launches a three-stage chain (dropper, MemLoad loader and HttpTroy DLL) that displays a decoy PDF while silently establishing persistence via a scheduled task masquerading as an AhnLab update. HttpTroy then connects to a remote command-and-control server and gives the attackers full remote-access capabilities, including file transfer, command execution, reverse shell, process control and screenshot capture.
At least one drinking water supplier in Britain
November 3, 2025
•[ cyberattack, critical infrastructure, ransomware ]
A Recorded Future News investigation based on freedom-of-information disclosures from the UK Drinking Water Inspectorate found that five cyberattacks have been reported against Britains drinking water suppliers since the start of 2024, a record number over two years. The incidents, which affected out-of-NIS-scope IT systems rather than the operational technology delivering safe water, were shared with the regulator as resilience risks even though they did not trigger mandatory reporting thresholds. The findings highlight growing concern in British intelligence circles about ransomware and other attacks on critical infrastructure and are feeding into a planned Cyber Security and Resilience Bill to strengthen reporting and defences across essential services.
SuperGrosz
November 3, 2025
•[ vulnerability exploit, cryptocurrency theft, phishing ]
On 3 November 2025, attackers exploited faulty access-control logic in Balancer's V2 Composable Stable Pools to drain more than $100 million in cryptocurrency, with blockchain security firms estimating overall losses above $120 million and at least $99 million in ETH. Balancer acknowledged the exploit, began a forensic investigation and placed any pools it could pause into recovery mode while warning customers about phishing messages spoofing its security team. Partner platforms such as Berachain temporarily halted their networks and froze some of the stolen funds as they worked to protect user assets across the wider DeFi ecosystem.
Millicom (TIGO)
November 3, 2025
•[ data leak ]
Millicom was contacted by ShinyHunters on November 3 following an intrusion in which threat actors exfiltrated hundreds of millions of customer-related records; negotiations failed after Millicom attempted to make installment payments, leading the group to list the stolen data for sale on November 13.
BLIK
November 1, 2025
•[ denial of service ]
Polish outlet GazetaPrawna, citing BLIKs statements and comments by the minister for digital affairs, reports that from the early morning of November 1, 2025 the operator observed a significant external distributed denial-of-service attack against Polish settlement infrastructure supporting the BLIK mobile payment system. The volumetric attack generated enough malicious traffic to disrupt the smooth processing of BLIK transactions and caused users to encounter problems with mobile payments. BLIKs operator said that it secured the infrastructure, continued to monitor the systems and by 10:33 stated that users should no longer experience transaction issues, later confirming on social media that BLIK functions had been restored and apologizing for the inconvenience while officials noted that such DDoS attacks occur regularly but are usually blocked before users notice.
OnSolve CodeRED platform
November 1, 2025
•[ ransomware ]
Risk management firm Crisis24 confirmed that its OnSolve CodeRED emergency notification platform suffered a cyberattack attributed to the INC Ransom group which caused a widespread outage of automated phone text and email alerts for city county and state agencies leaving many jurisdictions in the Saint Louis region and elsewhere to rely on manual channels while remediation efforts continue
University of Pennsylvania
October 31, 2025
•[ data leak ]
Hacker alias WeGotHacked infiltrated University of Pennsylvania systems around Oct 31 2025, stealing an estimated 1.2 million donor records and compromising multiple @upenn.edu email accounts. On Nov 1 the actor used those accounts to send vulgar emails to the campus community. BleepingComputer later verified portions of the dataset. UPenn initially denied a breach but launched an investigation after the claims were substantiated.
