Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
Centers for Medicare & Medicaid Services (Medicare.gov)
May 2, 2025
•[ data leak ]
CMS found malicious actors fraudulently created accounts between 2023 and 2025 using valid PII to access beneficiary info; ~103,000 affected; accounts deactivated and MBIs being replaced.
Albamon
May 2, 2025
•[ data leak ]
Albamon disclosed unauthorized access affecting 22,473 resume entries; the company reported the breach to KISA and notified impacted users.
Defense and critical-infrastructure entities in Ukraine
May 1, 2025
•[ phishing, unauthorized access, data leak ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Ukraine, resulting in unauthorized access and data exfiltration.
At least one unnamed European celebrity
May 1, 2025
•[ stalkerware, spyware, data leak ]
A researcher discovered a publicly accessible cloud repository containing 86,859 screenshots from an unnamed European celebrity's device. The files appeared to have been collected through Cocospy-linked stalkerware or spyware installed on the victim's endpoint and included private communications, intimate images, phone usage, business conversations, invoices, payment details, phone numbers, partial credit card numbers, emails, receipts, and identity documents. The dataset appeared to span activity from mid-2024 to mid-2025, but the exact installation or compromise date was not reported; the specific perpetrator was not publicly identified.
Defense and critical-infrastructure entities in Armenia
May 1, 2025
•[ phishing, data leak, espionage ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Armenia, resulting in unauthorized access and data exfiltration.
R.C. Manubhai
May 1, 2025
•[ ransomware, data leak ]
Qilin ransomware listed Fijian hardware chain R.C. Manubhai on its leak site, sharing samples (passport scans, salary/loan data) and claiming broader exfiltration; victim confirmation not published at time of report.
Defense and critical-infrastructure entities in Kazakhstan
May 1, 2025
•[ phishing, data leak, espionage ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Kazakhstan, resulting in unauthorized access and data exfiltration.
Multiple French government and critical infrastructure organizations
April 30, 2025
•[ espionage, data leak, vulnerability exploitation ]
On April 30 2025, Frances national cybersecurity agency (ANSSI) attributed a campaign of at least twelve cyberattacks on French entities to Russias GRU 85th Main Special Service Center (Unit 26165), known as FANCYBEAR. The espionage activity targeted government, media, energy, and critical-infrastructure organizations via exploitation of vulnerable Cisco routers to gain persistence and exfiltrate sensitive data. No operational disruption was reported.
Healthcare Therapy Services, Inc.
April 29, 2025
•[ data leak ]
Healthcare Therapy Services, Inc. reported that on April 29 it discovered unusual activity involving its email systems; investigation concluded on September 9 that patient personal and protected health information may have been affected, including SSNs, drivers license numbers, financial account information, and medical information; no misuse or operational disruption was reported.
ClickFunnels
April 29, 2025
•[ data leak ]
Hackers (Satanic) claimed a breach via a third party and leaked business data.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
Consero Global Solutions LLC
April 27, 2025
•[ data leak ]
A data breach at Consero Global Solutions LLC: unauthorized third-party access to internal systems between April 27 and July 4, 2025 resulted in possible acquisition of personal information (full name, SSN, other PII). Company has notified affected individuals and offered identity-protection services.
Hitachi Vantara
April 26, 2025
•[ ransomware, data leak ]
Akira ransomware infiltrated Hitachi Vantaras internal network, stealing corporate data and encrypting parts of its IT environment, prompting incident response and system restoration efforts.
Nova Scotia Power
April 25, 2025
•[ data leak ]
Sensitive customer data stolen in a cybersecurity incident disclosed on May 15, 2025; investigation ongoing and scope not fully detailed.
MTN Group
April 24, 2025
•[ data leak ]
On April 24 2025, Johannesburg-based telecommunications giant MTN Group disclosed a cybersecurity incident in which an unauthorized third party accessed personal information of some customers in unspecified African markets. The company confirmed that its core network, billing, and financial systems were not affected. Regulators and law enforcement were notified. The breachs timing and number of affected customers have not been disclosed.
Legal Aid Agency
April 23, 2025
•[ data leak, government ]
Breach of LAA digital services first detected April 23; by May 16 the scope was deemed far wider. Government confirms theft of sensitive data on applicants dating back to 2010; online services were shut down as a precaution while NCSC/NCA investigated.
Co-op (The Co-operative Group)
April 22, 2025
•[ data leak, social engineering ]
6.5M member records stolen following a social-engineering-enabled breach; AD password-hash database also taken; Co-op temporarily shut down some IT systems.
