Department of Pensions
April 2, 2025
•[ ransomware, data theft ]
Department reported a ransomware attack first notified to CERT on April 2; officials overhauling systems and advising pensioners, with no detailed disruption reported; treated as data-theft incident pending further specifics.
AustralianSuper
April 1, 2025
•[ account takeover, credential stuffing, theft ]
Hackers used stolen credentials to access about 600 AustralianSuper accounts in a coordinated campaign targeting Australias superannuation funds; small monetary thefts reported.
Rest Super
April 1, 2025
•[ credential stuffing, account takeover ]
Rest Super confirmed credential-stuffing attempts compromising some member accounts as part of coordinated April 2025 campaign; no losses disclosed.
Ukrainian government and military entities
April 1, 2025
•[ malware, data leak, espionage ]
Russian FSB 18th Center for Information Security (Gamaredon) deployed updated GammaSteel malware to exfiltrate sensitive data from Ukrainian government and defense networks in an ongoing espionage campaign; no operational disruption reported.
Insignia Financial
April 1, 2025
•[ credential stuffing, data leak ]
Insignia Financial confirmed attempts to access customer portals using stolen credentials during April 2025 campaign; extent of compromise under investigation.
Undisclosed Ukrainian critical infrastructure organization
April 1, 2025
•[ malware, data exfiltration, wiper ]
The FSBs 18th Center for Information Security (Gamaredon) deployed PathWiper malware against an undisclosed Ukrainian critical-infrastructure operator in early April 2025, exfiltrating large volumes of operational data before executing a destructive wiper that caused temporary service degradation.
Multiple e-commerce stores using Magento extensions
April 1, 2025
•[ supply-chain attack, malware, webshell ]
Supply-chain compromise of 21 Magento extensions backdoored since 2019, activated in April 2025; between 5001,000 e-stores impacted; at least one webshell observed.
Oregon Department of Environmental Quality (DEQ)
April 1, 2025
•[ ransomware, data leak ]
On April 1 2025, the Oregon Department of Environmental Quality experienced a ransomware attack attributed to the Rhysida group. The incident encrypted internal servers and disabled key systems, including statewide vehicle inspection services, email, web portals, and internal databases. Rhysida claimed to have exfiltrated over 1 million files and demanded a $2.5 million ransom, though DEQ has not confirmed data theft.
Australian Retirement Trust
April 1, 2025
•[ data leak ]
Cyber criminals used stolen credentials to access ART member accounts during coordinated attacks on Australias pension funds; no confirmed financial loss.
Hostplus
April 1, 2025
•[ credential stuffing ]
Hostplus reported limited unauthorized logins to member accounts linked to credential-stuffing attacks on multiple Australian superannuation funds in April 2025.
DuPage County Government (Justice Systems)
April 1, 2025
•[ ransomware, data leak ]
Cyberattack on DuPage County, Illinois in early April 2025 encrypted servers supporting court, probation, and clerk operations, forcing justice-system portals offline for several days. Officials confirmed encryption but found no evidence of data theft or leak as of April 10 2025.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Pillsbury Winthrop Shaw Pittman LLP
April 1, 2025
•[ social engineering, data leak, personally identifiable information ]
Global law firm Pillsbury Winthrop Shaw Pittman reported that in April 2025 a sophisticated social-engineering attack allowed an intruder to gain limited access to its internal systems. The attacker convinced a single user to grant access and then rapidly downloaded a set of documents containing sensitive personal information, including names, Social Security numbers, addresses, birthdates, and some financial account details for thousands of people. Pillsbury stated that the activity was quickly detected and blocked, and it subsequently bolstered its security controls and notified affected individuals, with public disclosure occurring on November 6, 2025. The breach has since led to class-action litigation alleging inadequate safeguards and delayed notification.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware, cyberattack, government ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Cincinnati Pain Physicians
March 31, 2025
•[ ransomware ]
Ransomware hit Blue Ash clinic; systems locked and records rebuilt manually.
Atlas CPAs & Advisors
March 31, 2025
•[ data leak ]
Accounting firm mailed breach letters beginning March twentieth to impacted individuals.
ImagineX Management Company Limited
March 31, 2025
•[ data leak, misconfiguration, outdated systems ]
A breach at the Hong Kong brand-management firm ImagineX Management Company Limited led to the exposure of nearly 128,000 individuals personal data after attackers exploited an unused temporary user account and gained access to the company intranet, with the root cause attributed to outdated operating systems and delayed deletion of temporary accounts
Assa Abloy
March 31, 2025
•[ ransomware ]
Swedish lock manufacturer reported ransomware affecting operations; investigation and recovery ongoing.
Moscow Metro
March 31, 2025
•[ hacktivism, disruption of service ]
Moscow subway website and app disrupted; site displayed Ukraine railway message before removal.
Samsung Germany
March 31, 2025
•[ data leak, compromised credentials ]
Threat Actor Published Samsung Germany Customer Ticket Records Using Long-Compromised Credentials.
