STIIIZY
January 1, 2025
•[ ransomware, retail ]
Popular cannabis brand STIIIZY discloses a data breach after threat actors breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. The Everest. ransomware group claims responsibility for the attack.
Undisclosed law firm in Canada
January 1, 2025
•[ espionage ]
EarthKapre, also known as RedCurl, is a highly sophisticated cyber espionage group known for its advanced operations, primarily targeting private-sector organizations with a focus on corporate espionage. The target of this attack is an organization within the Law Firms & Legal Services industry.
Nominet
January 1, 2025
•[ hack, technology ]
Nominet, the official .UK domain registry and one of the largest country code registries, confirms that its network was breached two weeks ago using CVE-2025-0282, an Ivanti VPN zero-day vulnerability.
Italian banks
January 1, 2025
•[ hack, ddos, finance ]
Pro-Russia threat actors from Noname057(16) target again Italian ministries, institutions, critical infrastructures websites and private organizations in coincidence with the visit of Ukrainian President Volodymyr Zelensky to Italy.
PANDORA
January 1, 2025
•[ hack, retail ]
hacked third party service
Mitsubishi UFJ Financial Group (MUFG Bank)
January 1, 2025
•[ ddos, finance ]
MUFG faced a temporary outage in internet banking services, which was later attributed to a suspected distributed denial-of-service (DDoS) attack.
Lukoil
January 1, 2025
•[ hack, ddos, energy ]
Ukraines military intelligence agency (GUR) launched a coordinated DDoS attack against Russian oil giant Lukoil and digital infrastructure like Evotor and Chestny Znak, disrupting payment terminals and authentication systems nationwide. The politically motivated operation caused significant service outages during the New Year holiday, demonstrating Ukraine's expanding offensive cyber capabilities.
Vallianz Holdings
January 1, 2025
•[ hack ]
Singaporean OSV player Vallianz is the latest shipowner to be hit with a cyberattack, and has reported the details of the incident publicly.In an inv...
Visionworks
January 1, 2025
•[ leak, healthcare ]
The federal suit, which seeks class-action status, alleges a data breach exposed 40,000 customers' private data.
Nikki‑Universal Co. Ltd
January 1, 2025
•[ ransomware, malware, manufacturing ]
Nikki-Universal Co. Ltd., produsen kimia asal Jepang jadi korban serangan ransomware pada Desember 2024. Data dicuri, server tak berfungsi
Cell C
January 1, 2025
•[ ransomware, technology ]
Cell C said that the threat actors that breached its systems and stole a limited amount of customer data identified themselves as the RansomHouse hacking group.
Starkville-Oktibbeha Consolidated School District
January 1, 2025
•[ ransomware, education ]
A data breach that has crippled Starkville-Oktibbeha Consolidated School Districts network appears to be a ransomware attack, according to online sources.
Valdosta State University (VSU)
January 1, 2025
•[ hack, education ]
Valdosta State University is working to fully restore its network and university systems after discovering a significant cybersecurity intrusion.
Carruth Compliance Consulting, Inc.
January 1, 2025
•[ hack ]
On January 13, 2025, Carruth Compliance Consulting (CCC) posted a website notice entitled Notice of Data Security Incident after discovering that...
Discord
January 1, 2025
•[ hack, technology ]
third-party customer support services hacked
Santa Barbara County Department of Social Services
January 1, 2025
•[ skimming, theft, data leak ]
County reported widespread EBT skimming causing mass card cancellations and benefit delays for students and residents.
University Of Valladolid
January 1, 2025
•[ cyberattack, service disruption ]
Spanish university continued recovery efforts after January cyberattack impacting services.
British Broadcasting Corporation Pension Scheme
January 1, 2025
•[ data leak ]
Bbc reported breach exposing pension members personal details on May twenty-nine.
Pearson plc
January 1, 2025
•[ data leak, source code leak, credential leak ]
Threat actors used an exposed GitLab PAT to access source code and cloud credentials, stealing terabytes of corporate and customer data over months.
Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
