Undisclosed U.S. political associates (per Reuters)
July 1, 2025
•[ data leak, state-sponsored, political ]
Reuters-reported claim: Iran-linked actors threaten to release ~100 GB of emails allegedly stolen from associates of Donald Trump; CISA called material 'purportedly stolen' and 'unverified.'
Pulse Urgent Care Center
July 1, 2025
•[ data leak, unauthorized access, healthcare ]
Unauthorized access to Pulse Urgent Care Centers network exposed patient PHI; no encryption or quantitative scope reported and threat actor unconfirmed.
Accu Reference Medical Laboratory
July 1, 2025
•[ ransomware, data leak ]
Qilin listed Accu Reference on July 10 claiming they acquired data on July 1; screenshots display unredacted PHI; encryption not indicated.
Undisclosed Southeast Asian conglomerate
July 1, 2025
•[ intrusion, data exfiltration, corporate data ]
The Osiris threat group conducted a prolonged intrusion against an undisclosed Southeast Asian conglomerate beginning in mid-2025, resulting in the exfiltration of large volumes of sensitive corporate and financial data. The incident is documented through security research and attacker leak site claims, without confirmation of ransomware encryption.
LG Uplus
July 1, 2025
•[ unauthorized access, data leak, credential theft ]
LG Uplus reported illegal access to internal information after a breach affecting company servers. Investigators said exposed information included server lists, server account credentials, and employees names, and later found forensic reconstruction was hindered after key systems were reinstalled or discarded.
Qantas
June 30, 2025
•[ data leak, third-party ]
Qantas detected unusual activity on a thirdparty contactcenter platform; a significant amount of customer data may be stolen; airline core systems remained secure.
With Intelligence Ltd. (via third-party PeopleCheck)
June 28, 2025
•[ data leak, third-party breach, compromised credentials ]
On June 28, 2025, threat actors using compromised login credentials accessed PeopleCheck systems, a third-party provider for With Intelligence Ltd., resulting in exposure of sensitive personal information of job candidates and employeesincluding SSNs and birth dates. No evidence of data encryption or disruption. With Intelligence notified the affected parties by July 11, 2025 and provided 24 months of credit monitoring.
Undisclosed Ukrainian business services organization
June 27, 2025
•[ webshell, credential harvesting, data leak ]
Symantec-reported intrusion beginning June 27, 2025 used LocalOlive webshell and LOTL techniques to harvest credentials and system data; activity persisted through mid-2025; no disruption reported.
Radix (Swiss government IT service provider)
June 25, 2025
•[ ransomware, data leak ]
Swiss IT provider Radix suffered a ransomware intrusion by the Sarcoma group around June 25 2025; attackers exfiltrated ~1.3 TB of Swiss federal data, encrypted internal systems, and leaked the files online; NCSC confirmed no direct intrusion into federal networks.
Sistema para el Desarrollo Integral de la Familia de Guadalajara (DIF Guadalajara)
June 25, 2025
•[ data leak ]
Media reported unauthorized access to DIF Guadalajara application and database systems in June 2025. Authorities acknowledged a cyber intrusion and isolated systems as a precaution. Local media reported alleged exposure of beneficiary data, but no official forensic disclosure has been released.
Hospital Civil de Guadalajara
June 25, 2025
•[ data leak ]
Media reported unauthorized access to Hospital Civil de Guadalajara database systems in June 2025. Press accounts described a dataset allegedly offered for sale containing patient and administrative data; authorities confirmed an investigation but released no official forensic totals.
Gladney Center for Adoption
June 24, 2025
•[ data leak ]
Two distinct exposures in 2025; June server exposed June 2426; prior April incident involved ~1.93M records; adoption center responsiveness questioned.
United Australia Party (and Trumpet of Patriots)
June 23, 2025
•[ ransomware, data leak ]
Political parties confirmed ransomware on June 23 with possible exfiltration of all emails and documents; parties stated it is impracticable to notify individuals.
Saudi Games 2024 Registration Platform
June 22, 2025
•[ data leak, hacktivism, database breach ]
Pro-Iranian hacktivist group Cyber Fattah claimed access to the Saudi Games 2024 registration platform backend (phpMyAdmin), leaking SQL dumps with thousands of athlete and visitor recordspassport and ID scans, medical forms, IBANsand staff/government credentials as a protest against Saudi authorities.
Municipality of Tirana (City of Tirana)
June 20, 2025
•[ data leak, denial of service, state-sponsored attack ]
Iran-linked MOIS cluster EUROPIUM (Homeland Justice) conducted a coordinated cyberattack on Tiranas municipal government on Jun 20 2025, taking the city website offline and disrupting services; attackers claimed data theft and wiping of city databases; Microsoft and Albanian officials attributed the activity to MOIS-linked operators; restoration completed by Jun 24 2025.
Nippon Steel subsidiary (Japan)
June 20, 2025
•[ data leak, zero-day exploit ]
Subsidiary blamed data breach on a zeroday exploit; extent and data types under investigation.
Glasgow City Council
June 19, 2025
•[ data leak, government, supply chain attack ]
Glasgow City Council detected malicious activity on servers managed by supplier CGI on 19 June 2025; online payment and school-absence systems were taken offline; possible theft of customer data under investigation; no financial systems affected.
Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
Cock.li
June 14, 2025
•[ data leak, vulnerability exploit, email accounts ]
The Germany-based email provider Cock.li confirmed that a hacker exploited a vulnerability in its Roundcube webmail application.
