Mountain West Insurance & Financial Services LLC
March 17, 2025
•[ phishing, data leak ]
On March 17, 2025, Mountain West Insurance & Financial Services detected unauthorized access to several corporate email accounts. An investigation determined that emails containing extensive personal, financial, and health-related information may have been accessed or acquired without authorization. Mountain West issued breach notices on September 22, 2025.
Precision Orthopaedics and Sports Medicine
March 17, 2025
•[ phishing, data leak ]
Hospital reported mailbox compromise exposing patient demographic and clinical information.
AUTOSUR
March 16, 2025
•[ data leak, phishing ]
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
Leroy Merlin
March 12, 2025
•[ data leak, phishing ]
Leroy Merlin notified customers in France that a cyberattack targeted its information system and that some customers personal data may have leaked outside the company. The notification listed exposed data elements (identity/contact details, date of birth, and loyalty-program information) and stated that banking data and online account passwords were not included. The company said it took steps to block unauthorized access and contain the incident, and cautioned customers to watch for phishing attempts impersonating the brand.
Government of Canada
March 8, 2025
•[ hack, social, phishing ]
A software-update vulnerability at MFA provider 2Keys allowed access to contact data for federal service users (CRA/ESDC phone numbers; CBSA emails) authenticating between Aug 315, 2025; attacker sent phishing SMS to some numbers; government deems no further sensitive data accessed.
U.S.–China Business Council
March 7, 2025
•[ espionage, phishing, government ]
China-linked APT41/TA415 impersonated Rep. Moolenaar and USCBC in July 2025 spear-phishing to deliver malware and create remote tunnels to spy on U.S. trade-policy stakeholders; investigations ongoing; success not verified.
FlexCare Medical Staffing
March 6, 2025
•[ phishing, data leak ]
FlexCare sent breach letters after employee email compromises with sensitive data
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
Balkan Investigative Reporting Network Journalists
February 26, 2025
•[ spyware, phishing, targeted attack ]
Amnesty reported two Serbian journalists targeted with Pegasus spyware via one-click links.
NioCorp Developments Ltd.
February 14, 2025
•[ phishing, Business Email Compromise ]
Business email compromise exploiting NioCorps email system to redirect vendor payments; no encryption detected.
Multiple South Korean government and business entities
February 12, 2025
•[ phishing, espionage ]
Spear-phishing campaign leveraging LNK and PowerShell scripts deployed by North Koreas RGB 3rd Technical Surveillance Bureau (Kimsuky) targeting South Korean government, defense, and cryptocurrency sectors.
Illinois Department of Healthcare and Family Services
February 11, 2025
•[ phishing, data leak ]
Illinois Department of Healthcare and Family Services reported that an employees email account was compromised by a phishing attack discovered on February 11 2025.
Users of Indian banking mobile apps
February 11, 2025
•[ malware, phishing, data leak ]
Android malware campaign disguised as Indian bank apps, distributed via phishing links and fake APKs to install FinStealer; exfiltration of banking credentials and personal information confirmed by CYFIRMA and other researchers.
Users of fake DeepSeek sites
February 6, 2025
•[ phishing, data leak ]
Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
PrivatBank
February 6, 2025
•[ phishing, malware, data leak ]
A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
Chemical, Food, and Pharmaceutical Enterprises in Russia
February 5, 2025
•[ infostealer, phishing, data leak ]
Nova Infostealer campaign led by Rezet, also known as Rare Wolf, targeted Russian chemical, food, and pharmaceutical firms, harvesting credentials and internal documents through phishing and malicious installers.
Russian Industrial Facilities
February 5, 2025
•[ infostealer, phishing, malware ]
Nova Infostealer was deployed by the threat group NGC4020 in Russian industrial facilities, stealing host credentials and files from infected endpoints through phishing and malicious installer packages.
Russian Organizations Across Various Industries
February 5, 2025
•[ malware, phishing, data leak ]
Nova Infostealer malware campaign targeting Russian organizations across multiple industries collected credentials and files via phishing and malicious installers.
University end-users via cloned site
February 5, 2025
•[ malvertising, phishing, malware ]
Malvertising campaign cloning a German university website to distribute a fake Cisco AnyConnect installer which installed NetSupport RAT on victim machines.
Gregory & Appel Insurance
February 5, 2025
•[ phishing ]
Insurance firm reported unauthorized access linked to suspicious email purporting to be the Cfo.
