-
Nuclear scientist and senior Israeli officials
November 11, 2024
•
[ espionage, government ]
Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.
-
Hyp
November 10, 2024
•
[ financial, ddos, finance ]
Devices used across Israel to read credit cards malfunction after a suspected DDoS targets the payment gateway company Hyps CreditGuard product.
-
Tibber
November 10, 2024
•
[ hack, energy ]
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
-
Legends International
November 9, 2024
•
[ data leak ]
On November 9 2024, Legends International detected unauthorized access to its internal systems. The investigation confirmed that an external actor exfiltrated files containing sensitive personal and financial data of employees and customers. No ransomware, encryption, or operational disruption was reported.
-
Ahold Delhaize
November 8, 2024
•
[ hack, retail ]
Ahold Delhaize, the Dutch parent company of Stop & Shop, Hannaford, Food Lion, and Giant Food releases a statement warning that it recently discovered a cyberattack within its U.S. network.
-
Hungary Defense Procurement Agency
November 8, 2024
•
[ ransomware, malware, government ]
Hungarian officials confirm to local media that the countrys defense procurement agency (VB) was attacked by an international group of hackers. The INC Ransom group claims responsibility for the attack.
-
Government Websites and Private Companies in South Korea
November 8, 2024
•
[ hack, ddos, government ]
Pro-Russian hacktivists target South Korea with DDoS attacks as North Korea joins the Ukraine war.
-
Guardian Healthcare
November 8, 2024
•
[ ransomware, malware, healthcare ]
Guardian Healthcare is the victim of a Stormous ransomware attack. The threat actors leaked 3 GB of files, many of which contain protected health information (PHI) of patients.
-
Park'N Fly
November 7, 2024
Park'N Fly warns that a data breach exposed the personal and account information of 1 million customers in Canada after threat actors breached its network.
-
Finastra
November 7, 2024
Finastra confirms it warned customers of a cybersecurity incident after a threat actor begins selling allegedly stolen data on a hacking forum after using compromised credentials to access one of Finastra's Secure File Transfer Platform (SFTP) systems.
-
Call of Duty gamers
November 7, 2024
•
[ hack, misconfiguration, technology ]
A threat actor dubbed Vizor reveals that they banned thousands of Call of Duty gamers by abusing anti-cheat flaw.
-
Stillwater Mining Company
November 6, 2024
•
[ ransomware, malware, manufacturing ]
Stillwater Mining Company, the owner of the only platinum and palladium mines in the U.S. confirms that it experienced a cyberattack this Summer. The RansomHub ransomware gang claims responsibility for the attack.
-
Microlise
November 6, 2024
•
[ hack, government ]
A cyberattack on Microlise leaves British prison vans without tracking systems or panic alarms.
-
VeraCore (Advantive)
November 5, 2024
•
[ data leak, vulnerability, web shell ]
The Vietnamese-linked cybercriminal group XE Group exploited two zero-day vulnerabilities (CVE-2024-57968, CVE-2025-25181) in the U.S. software vendor VeraCores warehouse management and fulfillment platform. Attackers uploaded web shells, maintained persistent access since 2020, exfiltrated configuration and system data, and executed commands on compromised servers, potentially exposing data from client organizations using VeraCore for logistics operations.
-
Wexford County Register of Deeds
November 5, 2024
•
[ cyberattack, data loss, government ]
The Wexford County, Michigan, Register of Deeds office experienced a cyber incident on 2024-11-05. Access was shut off, systems went offline, and a small portion of documents (less than 5%) from a defined time period were not recoverable.
-
Hixson Holdings, Inc
November 5, 2024
•
[ data leak ]
Hixson Holdings Inc., a Cincinnati-based architecture, engineering and project management firm, detected suspicious activity on its network on November 5, 2024. A forensic investigation later determined that an Undetermined intruder may have accessed sensitive data on Hixson's systems from that date through October 9, 2025, before the review concluded. Exposed information includes names, contact details, Social Security numbers and medical or insurance identifiers, highlighting that the firm handled protected health information for some clients. Hixson filed notice with the Massachusetts Attorney General and began mailing breach letters on October 31, 2025, while law firms and regulators assess potential legal and remediation obligations.
-
Nokia
November 4, 2024
Nokia investigates whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code.
-
South East Technological University
November 4, 2024
•
[ hack, education ]
The South East Technological University (SETU) in Ireland announces experiencing a cybersecurity incident targeting its IT systems.
-
Schneider Electric
November 4, 2024
•
[ leak, misconfiguration, manufacturing ]
Schneider Electric confirms that a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.
-
MIT’s Technology Review
November 4, 2024
•
[ leak, misconfiguration, technology ]
The threat actor known as Intel Broker claims to have stolen the personal data of 290,762 individuals from MITs Technology Review website via a third-party contractor.
