Cuban Embassy in Washington D.C.
January 1, 2026
•[ cyberespionage, data exfiltration, email breach ]
China-linked hackers exploited long-unpatched Microsoft Exchange vulnerabilities on the Cuban Embassy in Washington D.C.s email servers beginning in January 2026, accessing and exfiltrating the full inboxes of 68 diplomatic officials, including the ambassador and deputy chief of mission.
Truenorth Corporation
November 25, 2025
•[ ransomware, third-party breach, government ]
Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
Southold
November 24, 2025
•[ cyberattack, service disruption, government ]
Southold, New York suspended public access to its Laserfiche online record-keeping system for more than six weeks following a cyberattack reported to have breached town servers on November 24, 2025. According to reporting cited in the post, the town planned approximately $500,000 in security upgrades funded via a bond before restoring public access to Laserfiche, and officials stated they could not provide a timeline for restoration as of January 12, 2026. The confirmed impact described is prolonged loss of public access to the online records system while remediation and security hardening continued; public reporting in the cited excerpt did not confirm data theft or enumerate affected records.
Cleveland County Sheriff's Office (Oklahoma)
November 20, 2025
•[ ransomware, government ]
The Cleveland County Sheriffs Office in Oklahoma reported that a ransomware attack against portions of its internal computer systems was underway as of November 2021, 2025; officials emphasized that 911 and public safety response were not disrupted, but the countys IT team was still assessing scope and working on remediation, and no threat group had publicly claimed responsibility at the time.
Ministry of Transport of Denmark
November 13, 2025
•[ ddos, hacktivism, government ]
On November 13, 2025, the website of Denmark's Ministry of Transport was disrupted by an external denial-of-service attack. The pro-Russian hacktivist group NoName057(16) claimed responsibility for the attack as part of a broader campaign targeting Danish digital infrastructure. No data loss was reported.
Government of Denmark
November 13, 2025
•[ denial of service, hacktivism, government ]
On November 13, 2025, additional Danish government websites experienced outages due to external denial-of-service attacks. The Danish Civil Protection Agency confirmed that several sites and companies were affected, and the pro-Russian hacktivist group NoName057(16) claimed responsibility for the coordinated campaign. No data loss was reported.
French Ministry of the Interior
November 12, 2025
•[ government, data leak, email compromise ]
Frances Interior Minister confirmed that the Ministry of the Interior experienced a cyberattack affecting its email servers. The intrusion was detected overnight between 12/11/2025 and 12/12/2025 and enabled the threat actors to access the ministrys email infrastructure and some document files. At the time of public confirmation, officials had not confirmed whether data was exfiltrated. In response, the ministry reported implementing standard containment procedures, tightening security protocols, and strengthening access controls. French authorities opened an investigation to determine the origin, intent, and full scope of the breach; possible explanations cited publicly included foreign interference, activists, or cybercriminals. The ministry is a high-value target given its responsibility for police forces, internal security, and immigration services.
The Chamber of Deputies of Chaco
November 10, 2025
•[ ransomware, government, cybercrime ]
The Chamber of Deputies of Chaco province in Argentina reported that a cybersecurity incident affecting part of its server infrastructure had been identified as a ransomware attack, prompting technicians and the state IT firm ECOM Chaco to shut down the official website, the online system for tracking legislative procedures and the electronic legal digest while they contained the intrusion and preserved institutional information; authorities filed a criminal complaint with the provincial cybercrime unit and emphasized that maintaining the continuity of essential legislative functions and the security of data were priorities during the response.
Mower County
November 6, 2025
•[ ransomware, data leak, government ]
Mower County reported that it detected a ransomware attack on June 18, 2025 and investigated with cybersecurity and data forensics consultants. The county said unauthorized access to its systems occurred sometime between June 11 and June 18, 2025 and that sensitive personal data collected by the county was stolen. Reported affected data types include Social Security numbers, birthdates, names, ID card numbers, fingerprints, financial account information, medical/health insurance information, and payment card information. As of Dec. 3, 2025, the county said it had no indication the stolen information had been released or offered for sale; it also noted approximately 27,064 notification letters were being sent.
ZZ Dats
October 24, 2025
•[ data leak, government, regulatory action ]
Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
Ravin Academy
October 22, 2025
•[ hacktivism, data leak, government ]
Cyber intrusion into Ravin Academy, an Iranian cybersecurity training institution linked to the Ministry of Intelligence, by a hacktivist group. The stolen data was posted online with anti-regime rhetoric, indicating an ideologically motivated protest hack.
Somalia e-Visa Platform
October 20, 2025
•[ data leak, misconfiguration, government ]
Attackers accessed Somalias national e-visa application serverhosted on a misconfigured shared cPanel environmentallowing unauthorized retrieval of more than 125,000 visa applications and associated passport, biometric, contact, and payment data. U.S. and UK government alerts on November 13, 2025, warned that at least 35,000 travelers may have had their information compromised as the breach continued into mid-November.
City of La Vergne
October 17, 2025
•[ government ]
La Vergne shut systems after a cybersecurity breach on Oct 17; city offices remained closed while FBI/TBI assisted recovery.
Cyprus Post
October 13, 2025
•[ data leak, government ]
Hackers accessed Cyprus Post systems, leaking sensitive government correspondence and citizen data via the Thalis platform.
Francesco Gaetano Caltagirone
October 9, 2025
•[ spyware, espionage, government ]
Report that Graphite spyware was used to spy on the businessman; tool sold to governments.
The Information Technology and Cybersecurity Service (STISC)
October 8, 2025
•[ DDoS, government ]
New DDoS attacks against Moldovan government IT infrastructure; some services temporarily unavailable.
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
TISZA Világ
October 6, 2025
•[ leak, hack, government ]
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Vilg service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
Indonesian National Police
October 4, 2025
•[ data leak, government, hacker ]
Hacker Bjorka released a dataset of ~341k police personnel (names, ranks, units, contacts) from 2016 on a public site; authorities acknowledge leak discussions while probing identity of actor.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware, encryption, operational disruption ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
