-
Barbados Revenue Authority
September 30, 2024
230GB of records from the Barbados Revenue Authority, such as property tax records and vehicle owners registration records, are being offered for sale.
-
Rackspace
September 30, 2024
Rackspace tells customers that threat actors exploited a zero-day vulnerability in ScienceLogic, a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.
-
Byte Federal
September 30, 2024
US Bitcoin ATM operator Byte Federal discloses a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability.
-
Hunter Health Clinic
September 30, 2024
•
[ phishing, data leak ]
Clinic said an unauthorized party accessed one employee mailbox around Sept 30, 2024; on May 1, 2025 it confirmed files with PHI/PII may have been accessed; notices issued May 15.
-
digiDirect
September 29, 2024
In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield.
-
Dove Healthcare
September 29, 2024
•
[ phishing, data leak ]
Healthcare provider disclosed email account compromise containing patient and employee information.
-
Richmond Community Schools
September 28, 2024
•
[ ransomware, malware, education ]
Richmond Community Schools in Indiana posts to social media that student and staff information in the PowerSchool software system was breached in a ransomware attack.
-
Rafic Hariri International Airport
September 28, 2024
•
[ hack, government ]
The Israeli cyber army allegedly hacks into the control tower of the Rafic Hariri International Airport in Beirut, and threatens an Iranian civilian plane attempting to land, forcing it to return.
-
SelectBlinds
September 28, 2024
•
[ financial, malware, retail ]
More than 200,000 who shopped for blinds or window dressing this year had their credit card information and other data stolen after threat actors placed malware on the website of SelectBlinds, a major retailer.
-
Internet Archive
September 28, 2024
•
[ hack, technology ]
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
-
University Medical Center Health System
September 27, 2024
•
[ ransomware, malware, healthcare ]
University Medical Center Health System (UMC) in Lubbock is forced to divert ambulances after a ransomware attack shuts down many of its systems.
-
National Dutch police (Politie)
September 27, 2024
•
[ espionage, government ]
The National Dutch police (Politie) says that a state actor was likely behind a data breach detected the previous week.
-
AFP (Agence France-Presse)
September 27, 2024
•
[ hack ]
Global news agency AFP (Agence France-Presse) warns that it suffered a cyberattack, which impacted IT systems and content delivery services for its partners.
-
Diehl Defence
September 27, 2024
•
[ espionage, malware, manufacturing ]
The North Korea-linked APT Kimsuky is linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems.
-
Bedrock
September 27, 2024
•
[ financial, finance ]
Crypto liquid restaking protocol Bedrock loses roughly $2 million in a security exploit. In return, the attacker is offered the job of securing the very protocol it stole from.
-
Mutua Madrileña
September 27, 2024
•
[ hack, misconfiguration, finance ]
Mutua Madrilea suffers a cyber attack on its home customer base, through an external provider, which affects thousands of customers.
-
14 water facilities in southern Lebanon and Beirut
September 26, 2024
A pro-Israel hacktivist group known as Red Evil and We Red Evils claims to have compromised water systems used by Hezbollah, taking control of supervisory control and data acquisition (SCADA) software associated with 14 water facilities in southern Lebanon and Beirut, and managed to change chlorine levels.
-
Senator Ben Cardin
September 26, 2024
•
[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
-
Onyx
September 26, 2024
Decentralized finance (DeFi) protocol Onyx is exploited for $3.8 million, using a known bug that had already been used to exploit Onyx previously.
-
19 stations, including London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria, Waterloo, Reading, Guildford, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Leeds, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central
September 26, 2024
•
[ hack, misconfiguration, government ]
U.K. transport officials and police say they are investigating a cyber-security incident that hit the public Wi-Fi networks at the countrys biggest railway stations and displayed an anti-Islam message in the login page.
