Spartanburg County
August 6, 2025
•[ ransomware, government ]
Cyberattack led to disabling of certain online services, including County network connections; emergency services like 911 remained operational; third ransomware event in recent years
City of Greenville (TX)
August 5, 2025
•[ ransomware, malware, government ]
Hackers deployed ransomware targeting Greenvilles server infrastructure, affecting city services and utility billing in Hunt County; emergency 911 was unaffected, and no personal data breach has been reported.
Prospect Medical Holdings
August 4, 2025
•[ ransomware, healthcare ]
Prospect Medical Holdings, a chain that owns hospitals as well as more than 165 outpatient facilities, said ransomware hackers had breached its system. Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year. Prospect Medical Holdings, a []
99 Cents Only
August 1, 2025
•[ ransomware, retail ]
INC Ransom claims to have breached Dollar Tree
Institute Ruđer Bošković (administrative/professional services IT)
July 31, 2025
•[ ransomware, education ]
IRB was hit by a ransomware attack on July 31, 2025 via Microsoft SharePoint ToolShell vulnerabilities; administrative/professional services systems were encrypted. IRB refused to pay, isolated affected segments, and restored from backups by Aug 8; later updates confirmed full service restoration and no evidence of data exfiltration.
Acea
July 31, 2025
•[ ransomware, malware, energy ]
Italian utility company Acea suffered another ransomware attack, this time claimed by World Leaks. Systems were encrypted, disrupting operations, though the exact duration and number of affected customers were not disclosed.
Undisclosed Russian pharmacy chains
July 31, 2025
•[ ransomware ]
The Record reports multiple Russian pharmacies were shut down due to a cyberattack disrupting operations and payment/services.
Qilin ransomware group
July 31, 2025
•[ ransomware, hack, leak ]
Compromise of Qilins affiliate panel by rival actors enabled access to internal systems and stolen victim files.
Mailchimp
July 31, 2025
•[ ransomware, data leak ]
Everest ransomware group claimed a small breach of Mailchimp systems, sharing limited details; no disruption reported.
Herbapol Lublin S.A.
July 31, 2025
•[ ransomware ]
Polish trade press reports cyberattack on Herbapol Lublin with a ransom demand; operational interruptions mentioned.
99 Cents Only Stores (data linked to Dollar Tree acquisition context)
July 30, 2025
•[ ransomware, data leak ]
HackRead reports INC claimed 1.2TB of Dollar Tree data; company statements elsewhere indicate samples match data tied to defunct 99 Cents Only Stores.
Belk, Inc.
July 29, 2025
•[ ransomware ]
Ransomware group INC claimed an attack on Belk; the retailer's confirmation and scope had not been disclosed at report time.
Albavision (Albavisión)
July 28, 2025
•[ ransomware, data leak, business disruption ]
GlobalGroup ransomware group alleged breach and data theft at media giant Albavision affecting broadcast operations, with data samples posted.
Gloucester County, Virginia
July 27, 2025
•[ ransomware ]
Gloucester County reported responding to a ransomware attack that impacted county systems and public access to some services.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
American Lending Center
July 24, 2025
•[ ransomware, internal network compromise, data breach ]
American Lending Center experienced a ransomware attack between July 24 and July 30, 2025, in which a threat actor compromised its internal network, executed ransomware, and accessed files that may have contained personal and sensitive information. No named ransomware group, confirmed encryption details, outage duration, or specific disrupted systems were publicly reported.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Schools in Shropshire (11 schools)
July 21, 2025
•[ ransomware ]
Local council committee informed that a ransomware cyberattack impacted 11 schools in Shropshire.
Otjiwarongo Municipality
July 17, 2025
•[ ransomware ]
Namibian Sun reports Otjiwarongo Municipality was hit by a cyberattack and a ransom was demanded, impacting services.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
