The Arc of Palm Beach County
March 28, 2025
•[ phishing ]
Attackers compromised a staff email account at The Arc of Palm Beach County, Florida, and used it to send fraudulent payment instructions that resulted in the theft of approximately US $3 million; no data exfiltration or ransomware reported.
Parcel Plus (Hanover)
March 28, 2025
•[ phishing, data leak ]
York County tax preparer reported spearphishing breach linked to foreign actors.
Troy Hunt's Mailchimp List
March 25, 2025
•[ hack, phishing, technology ]
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Troy Hunt / Have I Been Pwned Mailing List
March 25, 2025
•[ phishing, data leak, account takeover ]
Phishing led to Mailchimp account takeover and export of subscriber list.
Undisclosed European drone manufacturer
March 25, 2025
•[ phishing, social engineering, malware ]
North Korean operators approached European defense engineers with fake job offers, delivering loaders that sideloaded ScoringMathTea and BinMergeLoader/MISTPEN to exfiltrate proprietary UAV designs and manufacturing know-how. Intelligence-collection focus; campaign targets several firms rather than one discrete victim record.
Delta Dental of Virginia
March 21, 2025
•[ phishing, data leak ]
An unauthorized actor accessed a Delta Dental of Virginia employee email account between March 21 and April 23, 2025, viewing or acquiring emails and attachments containing personal, financial, and protected health information for 145,918 individuals. Notification letters were issued on November 21, 2025.
StreamElements
March 20, 2025
•[ phishing, data leak ]
StreamElements confirmed that one of its former third-party service providers experienced a data breach, which led to the exposure of customer information including names, addresses, phone numbers and email addresses. The breach is believed to relate to the period between 2020 and 2024. Although StreamElements stated its own servers were not compromised, it is actively contacting affected customers and warning of increased phishing risk.
Precision Orthopaedics and Sports Medicine
March 17, 2025
•[ phishing, data leak ]
Hospital reported mailbox compromise exposing patient demographic and clinical information.
Mountain West Insurance & Financial Services LLC
March 17, 2025
•[ phishing, data leak ]
On March 17, 2025, Mountain West Insurance & Financial Services detected unauthorized access to several corporate email accounts. An investigation determined that emails containing extensive personal, financial, and health-related information may have been accessed or acquired without authorization. Mountain West issued breach notices on September 22, 2025.
AUTOSUR
March 16, 2025
•[ data leak, phishing ]
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
Leroy Merlin
March 12, 2025
•[ data leak, phishing ]
Leroy Merlin notified customers in France that a cyberattack targeted its information system and that some customers personal data may have leaked outside the company. The notification listed exposed data elements (identity/contact details, date of birth, and loyalty-program information) and stated that banking data and online account passwords were not included. The company said it took steps to block unauthorized access and contain the incident, and cautioned customers to watch for phishing attempts impersonating the brand.
Government of Canada
March 8, 2025
•[ hack, social, phishing ]
A software-update vulnerability at MFA provider 2Keys allowed access to contact data for federal service users (CRA/ESDC phone numbers; CBSA emails) authenticating between Aug 315, 2025; attacker sent phishing SMS to some numbers; government deems no further sensitive data accessed.
U.S.–China Business Council
March 7, 2025
•[ espionage, phishing, government ]
China-linked APT41/TA415 impersonated Rep. Moolenaar and USCBC in July 2025 spear-phishing to deliver malware and create remote tunnels to spy on U.S. trade-policy stakeholders; investigations ongoing; success not verified.
FlexCare Medical Staffing
March 6, 2025
•[ phishing, data leak ]
FlexCare sent breach letters after employee email compromises with sensitive data
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
Balkan Investigative Reporting Network Journalists
February 26, 2025
•[ spyware, phishing, targeted attack ]
Amnesty reported two Serbian journalists targeted with Pegasus spyware via one-click links.
NioCorp Developments Ltd.
February 14, 2025
•[ phishing, Business Email Compromise ]
Business email compromise exploiting NioCorps email system to redirect vendor payments; no encryption detected.
Multiple South Korean government and business entities
February 12, 2025
•[ phishing, espionage ]
Spear-phishing campaign leveraging LNK and PowerShell scripts deployed by North Koreas RGB 3rd Technical Surveillance Bureau (Kimsuky) targeting South Korean government, defense, and cryptocurrency sectors.
Users of Indian banking mobile apps
February 11, 2025
•[ malware, phishing, data leak ]
Android malware campaign disguised as Indian bank apps, distributed via phishing links and fake APKs to install FinStealer; exfiltration of banking credentials and personal information confirmed by CYFIRMA and other researchers.
Illinois Department of Healthcare and Family Services
February 11, 2025
•[ phishing, data leak ]
Illinois Department of Healthcare and Family Services reported that an employees email account was compromised by a phishing attack discovered on February 11 2025.
