At least one Belgian diplomat
October 31, 2025
•[ cyber-espionage, spear-phishing, vulnerability ]
Arctic Wolf Labs and other researchers detailed a Chinese state-aligned cyber-espionage campaign in which UNC6384 targeted European diplomatic entities, notably in Hungary and Belgium, between September and October 2025. The group sent spear-phishing emails referencing real EU and NATO events that carried malicious Windows shortcut (.LNK) files exploiting the ZDI-CAN-25373 (CVE-2025-9491) vulnerability to execute obfuscated PowerShell, unpack a signed Canon utility and side-load a PlugX remote access trojan. The resulting implants, communicating over HTTPS to attacker-controlled domains, provide long-term access for reconnaissance, keylogging, command execution and collection of sensitive diplomatic documents and credentials aligned with PRC strategic intelligence priorities.
Blazer Real Estate Services LLC
October 30, 2025
•[ data leak ]
Blazer Real Estate Services LLC reported that an unauthorized party accessed company systems on October 30 and exfiltrated customer identity and financial information, including drivers license and Social Security numbers; no operational disruption was reported.
Associated Radiologists of the Finger Lakes P.C.
October 30, 2025
•[ data leak ]
A subset of ARFLs network was accessed by an unauthorized party between October 28 and October 30 2025 during which files containing personal and health information were viewed or copied without permission Notifications were issued on December 29
Paterson & Dowding Family Lawyers
October 28, 2025
•[ ransomware, data leak ]
Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
Cohen's Fashion Optical LLC
October 28, 2025
•[ data leak ]
Cohen's Fashion Optical LLC reported that an unauthorized third party accessed company systems on October 28 and acquired files containing customer personal, financial, insurance, and medical information; no operational disruption or actor attribution was identified.
Poltronesofà
October 27, 2025
•[ ransomware, data leak, phishing ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
CareOregon / Health Share of Oregon
October 27, 2025
•[ data leak ]
Unauthorized viewing of member information occurred within CareOregon-managed systems supporting Health Share of Oregon, leading to notifications to affected members.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data leak ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
DoorDash
October 25, 2025
•[ data leak ]
DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
700Credit
October 25, 2025
•[ data leak ]
700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
700Credit
October 25, 2025
•[ data leak ]
The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.
MyVidster (2025)
October 24, 2025
•[ leak, phishing, technology ]
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
AT&T Careers HR portal
October 24, 2025
•[ ransomware, data leak, fraud ]
Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
Unigym Gatineau
October 24, 2025
•[ phishing, data leak ]
Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
ModMed (Modernizing Medicine)
October 24, 2025
•[ data leak, healthcare, third-party breach ]
Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
ZZ Dats
October 24, 2025
•[ data leak, government, regulatory action ]
Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
At least one LastPass user
October 24, 2025
•[ phishing, credential theft, account takeover ]
Phishing emails impersonated password-vault Emergency Access notices using false death claims to coerce replies (e.g., STOP), pivoting victims to a look-alike portal tied to CryptoChameleon infrastructure; harvested credentials enabled vault takeover attempts and secondary account compromise. Campaign reflects profit-seeking credential theft across many individuals rather than a single named organization.
Legacy Health, LLC
October 24, 2025
•[ data leak, healthcare ]
Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
AllerVie Health
October 24, 2025
•[ ransomware, data leak ]
AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
