SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
Southold
November 24, 2025
•[ cyberattack, service disruption, government ]
Southold, New York suspended public access to its Laserfiche online record-keeping system for more than six weeks following a cyberattack reported to have breached town servers on November 24, 2025. According to reporting cited in the post, the town planned approximately $500,000 in security upgrades funded via a bond before restoring public access to Laserfiche, and officials stated they could not provide a timeline for restoration as of January 12, 2026. The confirmed impact described is prolonged loss of public access to the online records system while remediation and security hardening continued; public reporting in the cited excerpt did not confirm data theft or enumerate affected records.
City of Leavenworth (Kansas)
November 19, 2025
•[ cyberattack, network outage, ransomware ]
DataBreaches reported that Leavenworth, Kansas officials said a cyberattack caused a network outage on November 19, 2025 after computer and phone systems began failing late that morning. The city brought in outside IT experts and later confirmed on November 25 that the disruption stemmed from a cyberattack on the municipal internal network. As of the December 8 report, impacts were still ongoing for invoicing, permitting, and hiring systems, while emergency services were reported unaffected, and no ransomware or extortion group had publicly claimed responsibility.
Weda (Medical Software)
November 10, 2025
•[ cyberattack, denial of service, healthcare ]
On November 10, 2025, Weda medical software used by general practitioners across France experienced a major cyberattack that rendered the system inaccessible. Physicians were unable to view or transmit patient medical records for several days. Service resumed only in degraded mode on November 14. No evidence of data encryption or exfiltration has been reported.
Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
At least one drinking water supplier in Britain
November 3, 2025
•[ cyberattack, critical infrastructure, ransomware ]
A Recorded Future News investigation based on freedom-of-information disclosures from the UK Drinking Water Inspectorate found that five cyberattacks have been reported against Britains drinking water suppliers since the start of 2024, a record number over two years. The incidents, which affected out-of-NIS-scope IT systems rather than the operational technology delivering safe water, were shared with the regulator as resilience risks even though they did not trigger mandatory reporting thresholds. The findings highlight growing concern in British intelligence circles about ransomware and other attacks on critical infrastructure and are feeding into a planned Cyber Security and Resilience Bill to strengthen reporting and defences across essential services.
The Nobel Foundation
October 10, 2025
•[ cyberattack, data leak, unauthorized access ]
The Norwegian Nobel Institute concluded that a cyberattack was the most likely explanation for the leak of information about the 2025 Nobel Peace Prize, after prediction-market activity shifted sharply hours before the official announcement. The report frames the incident as unauthorized access leading to premature disclosure of confidential prize-related information. The article does not provide technical details on the access vector, attacker identity, or the specific systems compromised beyond the Institutes conclusion that hacking was the likely cause.
Moldova Central Electoral Commission / election infrastructure
September 27, 2025
•[ DDoS, election interference, cyberattack ]
During Moldovas 2025 parliamentary election, distributed denial-of-service (DDoS) attacks targeted the Central Electoral Commissions public websites, briefly disrupting access for several hours with peaks around 400 Gbps. Officials accused Russian-aligned actors of interference, but attribution remains unconfirmed. Voting systems were unaffected.
Russia’s System for Fast Payments (SBP)
September 24, 2025
•[ DDoS, cyberattack, financial disruption ]
Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
Bureau of the Treasury (BTr)
September 21, 2025
•[ cyberattack, government ]
DICT/CICC reported a coordinated wave of cyberattacks on government websites amid Sept 21 rallies.
Movement “Ãâ€Ã‘€ÑƒÃ³aѠãúрðøýðâ€Â
September 9, 2025
•[ DDoS attack, website unavailability, cyberattack ]
DDoS attack against the Other Ukraine movements website limited access; technical teams working to restore availability; no attribution or data breach reported.
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, cyberattack, operational disruption ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
Infoniqa
August 15, 2025
•[ cyberattack, service disruption, IT security incident ]
Heise reported that Infoniqa, a provider of payroll and HR software services, suffered an IT security incident described as a cyberattack that disrupted services. The companys customer communications described technical restrictions and noted that the ONE Start Cloud service was not usable, with operational alternatives offered while investigations continued. Infoniqa stated that technical restrictions were resolved by Tuesday August 12, 2025, but reporting also included claims that at least some customers were unable to use services for more than a week. Infoniqa said external cybersecurity and forensic specialists were analyzing the incident and that it was not yet able to say whether any data was leaked.
Bouygues Telecom
August 4, 2025
•[ cyberattack, data leak, IBAN ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Louis Vuitton UK (LVMH)
July 31, 2025
•[ cyberattack, data leak ]
HackRead notes a cyberattack affecting Louis Vuitton UK customers, marking the third LVMH incident in three months; details limited.
Undisclosed Canadian electric utility
July 29, 2025
•[ cyberattack, service disruption, critical infrastructure ]
Canadian utility reported a cyberattack that disrupted smart/power meters and required onsite remediation to restore accurate billing and service.
City of Saint Paul, Minnesota
July 25, 2025
•[ cyberattack, government, service disruption ]
A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
Polish Air Navigation Services Agency (PANSA)
July 25, 2025
•[ cyberattack, sabotage, service disruption ]
Polish authorities opened an investigation into potential sabotage affecting air traffic control systems; disruptions triggered review of cyber causes.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
