University of Nottingham
June 9, 2026
•[ cyber attack, extortion, data leak ]
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
Central Board of Secondary Education
May 21, 2026
•[ unauthorized access, payment gateway vulnerability, price manipulation ]
The CBSE revaluation portal's payment system was hit by an unauthorized malicious attack linked to the HDFC payment gateway integration when the portal went live. Approximately 50 students gained unauthorized access or were affected after displayed fee amounts were manipulated, causing payable amounts in some cases to range from Re 1 to nearly Rs 67,000-68,000. Public reporting did not identify the individuals or confirm theft of student data.
Administration of Kursk region
April 20, 2026
•[ DDoS attack, government, service disruption ]
On April 20, 2026, Kursk regional authorities reported a DDoS attack against regional administration servers that made the live broadcast of a government session unavailable. Officials said the session recording would be published later on official governor and regional government resources, and corroborating reporting said the attack was localized the same day.
Minidoka Memorial Hospital
April 5, 2026
•[ cyber attack, healthcare, operational disruption ]
A cyber incident on Easter morning limited imaging services at Minidoka Memorial Hospital in Rupert, Idaho, leading to temporary emergency patient transfers; internal systems were affected but patient care continued, and imaging was fully restored by midnight on April 19, 2026.
Omi Kenshi Co., Ltd
March 16, 2026
•[ unauthorized access, system failure, operational disruption ]
On March 16, 2026, Omi Kenshi Co., Ltd. experienced unauthorized external access that caused system failure and suspension of core systems, delaying financial closing procedures.
Verifone
March 11, 2026
•[ hacktivism, data breach claim, cyber attack ]
Cybernews reported that the pro-Iranian hacktivist group Handala claimed it attacked two US multinationals with ties to Israelpayments firm Verifone and medical technology firm Strykerframing the actions as retaliation. Verifone denied the breach claims. The article describes actor claims and escalation risk, but does not provide independently verified evidence of successful compromise or confirmed stolen data for either company in the reporting.
Ministry of Defence of the Russian Federation
February 27, 2026
•[ DDoS attack, multi-vector attack, cyber attack ]
A multi-vector DDoS attack targeted online resources associated with the Russian Ministry of Defense. Traffic peaked at 33 Gbps and 36.9 million packets per second before mitigation restored access.
Clalit Health Services
February 25, 2026
•[ data leak, healthcare breach, cyber attack ]
Handala claimed it breached Clalit Health Services and published patient files and internal documents online; Clalit said it was investigating the incident and that systems were operating normally.
Cheyenne and Arapaho Tribes
December 8, 2025
•[ ransomware, network shutdown, operational disruption ]
A ransomware attack forced the Cheyenne and Arapaho Tribes to shut down tribal computer networks, disrupting email and phone service and suspending some operations while systems were restored in phases.
Sewage treatment plant in Kunica
August 19, 2025
•[ industrial control systems, hacktivism, operational disruption ]
Russian hacktivists allegedly interfered with industrial control systems at the sewage treatment plant in Kunica, and publicly released video that Polish analysts assessed as showing real operational disruption.
F.C. Copenhagen live stream (Champions League vs Malmö FF)
August 12, 2025
•[ DDoS attack, service disruption, cyber attack ]
F.C. Copenhagens Champions League stream was disrupted on August 12, 2025, by a large-scale DDoS attack that flooded its login system with traffic equal to six months usage in one hour. Fans were unable to access the match for 28 minutes until an alternate stream was activated. No data was stolen or encrypted.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, cryptocurrency, encryption ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
çõрýð ÿøÑÂтð
May 30, 2025
•[ DDoS, service disruption, cyber attack ]
Bulgarian outlets reported a DDoS that attempted to take down the crash-map site created by 18-year-old Martin Atanasov; the hosting firm confirmed a mass attack and service impact before restoration.
Grove City
March 24, 2025
•[ cyber attack ]
Yahoo item references a cyber attack hits Grove City .
Electronic School (ÓØá "ÃÂûõúтрþýýðѠшúþûð"), Novosibirsk
January 15, 2025
•[ DDoS attack, service disruption, cyber attack ]
On January 15, 2025, a powerful DDoS attack targeted Novosibirsks Electronic School digital diary platform. The attack, described as one of the most massive in the region, caused several hours of disruption before service was restored.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware, cyber attack ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Mutua Madrileña
September 27, 2024
•[ cyber attack, data leak, third-party breach ]
Mutua Madrilea suffers a cyber attack on its home customer base, through an external provider, which affects thousands of customers.
Boston Children’s Health Physicians
September 10, 2024
•[ ransomware, cyber attack, data breach ]
Boston Childrens Health Physicians (BCHP) discloses to have suffered a cyber attack The BianLian ransomware operation claims responsibility for the attack.
Bağcılar Training and Research Hospital
April 12, 2024
•[ cyber attack, medical records, ransomware ]
A cyber attack on the Baclar Training and Research Hospital in Istanbul compromises the confidential medical records, including X-ray scans and test results, taken at the hospital since 2007. It is rumored that the attackers asked for 200,000 dollars in exchange for the medical records.
