Full List

Search

Recent Breaches

• Truflation September 25, 2024 • [ financial, malware, finance ] Crypto project Truflation loses over $5 million from its treasury multisig and personal wallets in a malware attack
• Suburb of Richardson September 25, 2024 • [ ransomware, malware, government ] Richardson, a large Dallas suburb is dealing with a ransomware attack that has required help from the FBI to resolve.
• Dell September 25, 2024 • [ leak, technology ] The threat actor going by the handle of 'grep' claims to have breached Dell for the third time and leaks 500 MB of sensitive data.
• Kuwait’s Health Ministry September 25, 2024 • [ hack, ddos, healthcare ] The Kuwaits Health Ministry is recovering from a cyberattack that took down systems at several of the countrys hospitals, as well as the countrys Sahel healthcare app.
• French Citizens September 25, 2024 • [ leak, misconfiguration, finance ] In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
• AultCare Corporation September 25, 2024 • [ phishing, data leak ] An unauthorized party accessed an employee email account and a SharePoint instance on 2024-09-25. AultCare reviewed affected content and began notifying brokers and affected individuals by 2025-01-21.
• Ukrainian government and critical infrastructure organizations September 25, 2024 • [ phishing, malware, espionage ] Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
• Multiple Ukrainian government and municipal organizations September 25, 2024 • [ vulnerability, phishing, malware ] A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited beginning September 25, 2024, by undetermined Russian-speaking cybercriminal actors via phishing and homoglyph-lure archives. Trend Micro and SecurityWeek confirmed at least nine Ukrainian government and public-service entities (including the Ministry of Justice, Kyiv Public Transportation, and water-utility systems) were compromised. The campaign delivered SmokeLoader malware through malicious archives bypassing Windows Mark-of-the-Web protections.
• City of Pleasanton September 24, 2024 • [ ransomware, malware, government ] The City of Pleasanton in California is hit with a Valencia ransomware attack. The threat actor claims to have stolen 283GB of sensitive information.
• Duopharma Biotech September 24, 2024 • [ ransomware, malware, healthcare ] Malaysian pharmaceutical firm Duopharma Biotech is hit with a Valencia ransomware attack. The threat actor claims to have stolen 25.7GB of sensitive information.
• Deloitte September 24, 2024 • [ leak, misconfiguration, technology ] The threat actor known as IntelBroker announces late last week on the BreachForums cybercrime forum the availability of internal communications obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. However the company replies that there is no thret to sensitive data.
• Water utility in Arkansas City September 24, 2024 • [ hack, government ] Arkansas City, a small city in Cowley County, Kansas, is forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
• Satia September 24, 2024 • [ ransomware, malware, manufacturing ] Indian paper manufacturer Satia is hit with a Valencia ransomware attack. The threat actor claims to have stolen 7.1GB of sensitive information.
• Globe Pharmaceuticals September 24, 2024 Bangladeshi drugs maker Globe Pharmaceuticals is hit with a Valencia ransomware attack. The threat actor claims to have stolen 200MB of sensitive information.
• U.S. Capitol September 24, 2024 • [ leak, government ] The personal information of over 3,000 congressional staffers is leaked on the dark web following a major breach on the U.S. Capitol.
• MoneyGram September 23, 2024 • [ hack, finance ] Money transfer giant MoneyGram confirms it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.
• Undisclosed 3rd party software tool September 23, 2024 The threat actor, going by the alias grep, leaks over 12,000 (11,802) call records with audio, which they claim belong to Twilio customers. Twilio denies the claims, clarifying that they were not breached, but a customers data was exposed due to a vulnerability in a third-party tool used by the customers developers.
• OpenAI's press account on X September 23, 2024 • [ financial, social, finance ] Crypto scammers hijack OpenAI Newsroom, OpenAI's press account on X, formerly Twitter, to advertise a nonexistent token $OPENAI.
• Lebanon’s telecoms networks September 23, 2024 • [ hack, technology ] Israeli military officials warn residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking concerns that Israel had hacked into its northern neighbours telecommunications networks.
• American Addiction Centers (AAC) September 23, 2024 • [ ransomware, malware, healthcare ] A ransomware attack on American Addiction Centers exposes the sensitive healthcare information of more than 400,000 people. The Rhysida ransomware gang claims responsibility for the attack.