Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
At least one drinking water supplier in Britain
November 3, 2025
•[ cyberattack, critical infrastructure, ransomware ]
A Recorded Future News investigation based on freedom-of-information disclosures from the UK Drinking Water Inspectorate found that five cyberattacks have been reported against Britains drinking water suppliers since the start of 2024, a record number over two years. The incidents, which affected out-of-NIS-scope IT systems rather than the operational technology delivering safe water, were shared with the regulator as resilience risks even though they did not trigger mandatory reporting thresholds. The findings highlight growing concern in British intelligence circles about ransomware and other attacks on critical infrastructure and are feeding into a planned Cyber Security and Resilience Bill to strengthen reporting and defences across essential services.
The Nobel Foundation
October 10, 2025
•[ cyberattack, data leak, unauthorized access ]
The Norwegian Nobel Institute concluded that a cyberattack was the most likely explanation for the leak of information about the 2025 Nobel Peace Prize, after prediction-market activity shifted sharply hours before the official announcement. The report frames the incident as unauthorized access leading to premature disclosure of confidential prize-related information. The article does not provide technical details on the access vector, attacker identity, or the specific systems compromised beyond the Institutes conclusion that hacking was the likely cause.
Moldova Central Electoral Commission / election infrastructure
September 27, 2025
•[ DDoS, election interference, cyberattack ]
During Moldovas 2025 parliamentary election, distributed denial-of-service (DDoS) attacks targeted the Central Electoral Commissions public websites, briefly disrupting access for several hours with peaks around 400 Gbps. Officials accused Russian-aligned actors of interference, but attribution remains unconfirmed. Voting systems were unaffected.
Russia’s System for Fast Payments (SBP)
September 24, 2025
•[ DDoS, cyberattack, financial disruption ]
Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
Bureau of the Treasury (BTr)
September 21, 2025
•[ cyberattack, government ]
DICT/CICC reported a coordinated wave of cyberattacks on government websites amid Sept 21 rallies.
Movement “Ãâ€Ã‘€ÑƒÃ³aѠãúрðøýðâ€Â
September 9, 2025
•[ DDoS attack, website unavailability, cyberattack ]
DDoS attack against the Other Ukraine movements website limited access; technical teams working to restore availability; no attribution or data breach reported.
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, cyberattack, operational disruption ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
Polish hydropower plant in Tczew in August 2025
August 19, 2025
•[ hacktivism, industrial control systems, critical infrastructure ]
Russian hacktivists allegedly targeted a hydropower plant in Tczew in August 2025, releasing video evidence that Polish analysts said showed disruption to control systems and turbine operations.
Infoniqa
August 15, 2025
•[ cyberattack, service disruption, IT security incident ]
Heise reported that Infoniqa, a provider of payroll and HR software services, suffered an IT security incident described as a cyberattack that disrupted services. The companys customer communications described technical restrictions and noted that the ONE Start Cloud service was not usable, with operational alternatives offered while investigations continued. Infoniqa stated that technical restrictions were resolved by Tuesday August 12, 2025, but reporting also included claims that at least some customers were unable to use services for more than a week. Infoniqa said external cybersecurity and forensic specialists were analyzing the incident and that it was not yet able to say whether any data was leaked.
Bouygues Telecom
August 4, 2025
•[ cyberattack, data leak, IBAN ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Louis Vuitton UK (LVMH)
July 31, 2025
•[ cyberattack, data leak ]
HackRead notes a cyberattack affecting Louis Vuitton UK customers, marking the third LVMH incident in three months; details limited.
Undisclosed Canadian electric utility
July 29, 2025
•[ cyberattack, service disruption, critical infrastructure ]
Canadian utility reported a cyberattack that disrupted smart/power meters and required onsite remediation to restore accurate billing and service.
City of Saint Paul, Minnesota
July 25, 2025
•[ cyberattack, government, service disruption ]
A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
Polish Air Navigation Services Agency (PANSA)
July 25, 2025
•[ cyberattack, sabotage, service disruption ]
Polish authorities opened an investigation into potential sabotage affecting air traffic control systems; disruptions triggered review of cyber causes.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
POST Luxembourg (national telecommunications infrastructure)
July 23, 2025
•[ cyberattack, outage, critical infrastructure ]
Cyberattack targeting Huawei telecommunications equipment caused a nationwide outage of 4G and 5G mobile networks in Luxembourg, disrupting emergency services, internet access, and electronic transactions for several hours.
Netherlands Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ cyberattack, vulnerability exploit, state-sponsored attack ]
Strong indications that Russia was behind a cyberattack exploiting a Citrix vulnerability; the OM took systems offline on July 17 as a response; extent of data access not yet disclosed.
woom GmbH
July 11, 2025
•[ cyberattack, data breach, incident response ]
woom stated that on Friday November 7, 2025 it was affected by a cyberattack in which an internationally operating hacker group gained access to parts of the companys systems despite security measures. woom said it immediately initiated incident response with external experts, contained and processed the incident, and restored systems as quickly as possible. The company said there were indications that some customer information may have been affected, but it reported no sensitive customer data exposure and emphasized ongoing investments in security improvements.
