Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
National prison management platform of the National Penitentiary Administration (ANP)
August 1, 2025
•[ insider threat, financial fraud, unauthorized access ]
A prisoner in the Dej hospital prison hacked tablet/kiosk systems used to access the national inmate-services portal, manipulating requests and financial accounts tied to commissary and sentence-credit workflows. Activity persisted for weeks across multiple institutions before detection; the union and national media detail platform misuse and credential abuse rather than broad IT outages.
Orange
July 25, 2025
•[ data breach, service disruption ]
Orange detected a breach of one information system on July 25; isolating affected services caused disruptions for some business and consumer services in France. Company reports no evidence of data exfiltration as of reporting.
U.S. National Nuclear Security Administration (NNSA)
July 18, 2025
•[ data breach, vulnerability, zero-day ]
Breach of NNSA systems through a Microsoft SharePoint zero-day vulnerability. DOE stated a small number of systems were impacted and are being restored. Attack was later linked to Chinese state hacking groups Linen Typhoon and Violet Typhoon.
Netherlands Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ cyberattack, vulnerability exploit, state-sponsored attack ]
Strong indications that Russia was behind a cyberattack exploiting a Citrix vulnerability; the OM took systems offline on July 17 as a response; extent of data access not yet disclosed.
Hawaiian Airlines
June 23, 2025
•[ unauthorized access, data breach, threat actor attribution ]
On June 23 2025, Hawaiian Airlines detected unauthorized access affecting certain IT systems; flights and safety operations were unaffected. The company reported the breach in an SEC 8-K filing and began investigation with external experts and the FBI. No confirmed data-theft volume or ransom demand disclosed; security researchers suspect the Scattered Spider threat group, but attribution remains unconfirmed.
KT Corporation
June 1, 2025
•[ financial fraud, data breach ]
KT told lawmakers its CEO would step down once the unauthorized micropayment breach is resolved. The case involves widespread illicit small-value charges through subscriber accounts, prompting government probes, customer redress, and leadership accountability. Technical details point to abuse of payment flows rather than core network outage; impact is financial and reputational, not operational.
Ordine degli Psicologi della Lombardia
May 30, 2025
•[ ransomware, data breach ]
Italys data protection authority fined the Lombardy Psychologists Order 30,000 following a data breach; the Order states the incident traces to a serious ransomware attack in 2023, with no operational details disclosed in the article.
Chief Electoral Officer – West Bengal
May 17, 2025
•[ data breach, insider threat, unauthorized access ]
A security breach led to deletion of at least 1,000 voters from the electoral roll in a West Bengal assembly constituency; subsequent reports cited misuse of AERO credentials.
Central Point School District 6
May 14, 2025
•[ data breach, unauthorized access ]
The Oregon district reported unauthorized access to its digital systems on May 14 and isolated affected systems while law enforcement and external experts investigated. No confirmed data types or quantities were disclosed at the time of reporting.
Uncle Henry’s
March 11, 2025
•[ ransomware, data breach ]
On March 11 2025, Maine-based classified ads publisher Uncle Henrys suffered a ransomware-style attack that deleted its primary website database and took the site offline until April 15. Attackers demanded Bitcoin. Management stated only a few advertisement entries were copied and no personal data compromise was confirmed.
OmniGPT Chatbot Platform
March 10, 2025
•[ data leak, data breach, hacking ]
A hacker known as Gloomer claimed to have breached the OmniGPT AI chatbot platform, stealing and leaking millions of user messages and account details. Data samples were posted on BreachForums and reported by multiple cybersecurity outlets, though OmniGPT has not confirmed the incident.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
Resort Data Processing
February 19, 2025
•[ data breach, hospitality ]
Hospitality PMS vendor mailed breach letters on March 20, 2025 after cyber incident.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, data breach, third-party breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
Behavioral Health Resources
November 20, 2024
•[ data breach, data leak ]
Unauthorized actor accessed Behavioral Health Resources network in Nov 2024, exfiltrating client PII and medical records; organization confirmed breach via Maine AG filing and began notifications in Apr 2025.
At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
Storage Durango Blue Diamond
August 31, 2024
•[ data breach, cybersecurity incident ]
Company reported data breach under investigation following cybersecurity incident disclosure.
