Undisclosed private company in Granada
May 1, 2025
•[ malware, man-in-the-middle ]
Approximately 13,000 was stolen after malware infected the email account of a private company in Granada, Spain, allowing attackers to monitor correspondence and alter supplier payment instructions. Six individuals were arrested in Spain in connection with the man-in-the-middle fraud.
Santeda International B.V.
May 1, 2025
•[ data breach, credential leak, unencrypted data ]
Investigators reported a data breach affecting MyStake, a Curaao-licensed online casino operated by Santeda International B.V., tracing the exposure back to approximately May 2025. A PDF containing login credentials for 540 MyStake accounts was shared online, and specialists reportedly confirmed they could log into most accounts listed, indicating passwords were still valid long after the leak became known. Once logged in, auditors said they could view sensitive player details stored without encryption, including names, home addresses, phone numbers, dates of birth, and detailed transaction histories. Reporting alleged that users were not notified for more than eight months and that MyStake did not enforce password resets or suspend compromised accounts during that period, increasing risk of account takeover, fraud, and identity misuse.
At least one unnamed European celebrity
May 1, 2025
•[ stalkerware, spyware, data leak ]
A researcher discovered a publicly accessible cloud repository containing 86,859 screenshots from an unnamed European celebrity's device. The files appeared to have been collected through Cocospy-linked stalkerware or spyware installed on the victim's endpoint and included private communications, intimate images, phone usage, business conversations, invoices, payment details, phone numbers, partial credit card numbers, emails, receipts, and identity documents. The dataset appeared to span activity from mid-2024 to mid-2025, but the exact installation or compromise date was not reported; the specific perpetrator was not publicly identified.
City of Tahlequah municipal systems
April 30, 2025
•[ hack, government ]
City of Tahlequah reported a cyberattack; IT isolated affected systems the same day. Officials reported no ransomware encryption and no evidence of data exfiltration or resident impact.
Bartlesville Public Schools
April 30, 2025
•[ hack, education ]
On April 30, 2025, unauthorized intruders stole files from Bartlesville Public Schools containing names and Social Security numbers of staff and students. The breach was discovered by August 4 and reported on August 27. Affected individuals received credit monitoring support.
City Administration of Dresden
April 30, 2025
•[ ddos, government, outage ]
On April 30 2025, the City of Dresdens official websites became inaccessible due to a massive distributed denial-of-service (DDoS) attack. Officials blocked access to protect municipal IT systems, causing full disruption of online services such as parking ticket applications, petitions, and appointment scheduling. A similar outage occurred the previous weekend. No data theft, ransom demand, or perpetrator identification has been reported.
Multiple French government and critical infrastructure organizations
April 30, 2025
•[ espionage, data leak, vulnerability exploitation ]
On April 30 2025, Frances national cybersecurity agency (ANSSI) attributed a campaign of at least twelve cyberattacks on French entities to Russias GRU 85th Main Special Service Center (Unit 26165), known as FANCYBEAR. The espionage activity targeted government, media, energy, and critical-infrastructure organizations via exploitation of vulnerable Cisco routers to gain persistence and exfiltrate sensitive data. No operational disruption was reported.
System Rejestrów Państwowych (Polish State Register System)
April 30, 2025
•[ ddos, hacktivism ]
On April 30, 2025, Polands System Rejestrw Pastwowych, which supports the national tax and registration systems, was targeted by a hacktivist DDoS campaign that caused temporary outages. Access to e-Declarations, CEPiK, and related government portals was disrupted for about one hour. No data theft or encryption occurred, and services were quickly restored.
System Rejestrów Państwowych (Polish State Register System)
April 30, 2025
•[ DDoS, hacktivism, outage ]
On April 30, 2025, Polands System Rejestrw Pastwowych, which supports the national tax and registration systems, was targeted by a hacktivist DDoS campaign that caused temporary outages. Access to e-Declarations, CEPiK, and related government portals was disrupted for about one hour. No data theft or encryption occurred, and services were quickly restored.
ClickFunnels
April 29, 2025
•[ data leak ]
Hackers (Satanic) claimed a breach via a third party and leaked business data.
Army Public Schools (Srinagar and Ranikhet)
April 29, 2025
•[ website defacement, hacktivism ]
Pakistan-based hacktivist IOK Hacker defaced the websites of Army Public Schools in Srinagar and Ranikhet with pro-Pakistan slogans referencing Kashmir; sites were restored shortly after discovery.
Rajasthan Education Department
April 29, 2025
•[ hacktivism, defacement ]
Hacktivist group Pakistan Cyber Force defaced the Rajasthan Education Department website with inflammatory political messages claiming the Pahalgam attack was an inside job; the portal was taken offline and later restored.
Healthcare Therapy Services, Inc.
April 29, 2025
•[ data leak ]
Healthcare Therapy Services, Inc. reported that on April 29 it discovered unusual activity involving its email systems; investigation concluded on September 9 that patient personal and protected health information may have been affected, including SSNs, drivers license numbers, financial account information, and medical information; no misuse or operational disruption was reported.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
NRC Media B.V. (publisher of NRC Handelsblad)
April 28, 2025
•[ DDoS, hacktivism ]
On April 28, 2025, the Dutch news organization NRC Media suffered a DDoS attack that rendered nrc.nl unreachable for nearly a full day; pro-Russian hacktivist group NoName057(16) claimed responsibility, linking the attack to Dutch support for Ukraine.
Iowa County Government
April 28, 2025
•[ ransomware ]
Iowa County detected ransomware on April 28, 2025 and took systems offline; officials confirmed ransomware and issued public notices during recovery.
Multiple Gelderland Municipalities / NotuBiz Customers
April 28, 2025
•[ ddos, hacktivism, service disruption ]
On April 28 2025, a coordinated distributed denial-of-service (DDoS) attack claimed by the pro-Russian hacktivist group NoName057(16) targeted the Dutch municipal IT supplier NotuBiz, disrupting connectivity for at least 15 municipal and provincial websites in the province of Gelderland. The attack caused complete but temporary loss of access to public portals for several hours; no data theft or secondary compromise was reported.
Epicentr K
April 28, 2025
•[ ransomware ]
On April 28 2025, Ukraines largest home improvement retailer Epicentr K suffered a ransomware attack that fully encrypted servers and back-office systems, taking down cash registers, accounting, and logistics across its nationwide network. Operations were halted for at least 24 hours before gradual restoration began. No data theft has been confirmed, and the attacker remains unidentified.
Doctors Hospital Cayman Islands
April 28, 2025
•[ ransomware ]
On April 28 2025, Doctors Hospital in the Cayman Islands contained a ransomware incident that encrypted portions of its administrative IT environment. The hospital reported that its patient-record platform, hosted on a separate proprietary system, was unaffected. Operations continued with minimal disruption, and no evidence of data exfiltration was found.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
