Czech Police, Interior Ministry, and other government offices
July 31, 2025
•[ government, hacktivism ]
iRozhlas reports hackers attacked Czech police and government websites in retaliation for cooperation in Ukraine-related operations.
Town of Bar Harbor, Maine
July 30, 2025
•[ social, phishing, government ]
Bar Harbor discovered on July 30, 2025 that four municipal email accounts were compromised and used to send phishing messages. Town offices were closed July 31Aug 1 while systems were secured. CrowdStrike and FBI confirmed no ransomware, encryption, malware, financial theft, or data exfiltration.
Government servers of Russian-occupied Crimea
July 25, 2025
•[ hack, government ]
Ukraines military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russias forced deportation of Ukrainian children from occupied territories.
Parliament of Aruba
July 25, 2025
•[ hack, government ]
Parliamentary email systems in Aruba were hacked in late July 2025, compromising official accounts. The attack affected email communications but did not disrupt broader parliamentary operations. No attribution or data theft has been confirmed.
City of Saint Paul, Minnesota
July 25, 2025
•[ cyberattack, government, service disruption ]
A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
North St. Paul Police Department
July 23, 2025
•[ phishing, government, hack ]
A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
Joint Court of Justice (Dutch Caribbean)
July 23, 2025
•[ hack, malware, government ]
A malware infection on July 23, 2025 forced the shutdown of the Joint Court of Justices entire IT network across six islands. Judicial case management, filings, and email were fully disrupted until restoration began around July 28. No group has claimed responsibility; no data exfiltration confirmed.
Dutch Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ hack, government ]
Systems shut down after discovery of unauthorized access via Citrix.
U.S. federal judiciary CM/ECF & PACER systems
July 4, 2025
•[ hack, leak, government ]
The U.S. federal judiciarys electronic case filing systems (CM/ECF and PACER) were breached around July 4, 2025. Sensitive sealed dataincluding indictments, arrest warrants, and identities of confidential informantswas accessed across multiple district courts. Reports suggest possible theft of system source code and tampering with ~12 dockets. The precise volume of data stolen is unknown, but officials confirmed that a significant number of sealed case files were exposed.
Luzerne County Government
July 1, 2025
•[ hack, government ]
Luzerne County, Pennsylvania reported a data breach in July 2025 after discovering unauthorized access to county servers. Investigation suggests personal and possibly financial data were exposed, though no service disruption or encryption was reported.
Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection (CBP)
July 1, 2025
•[ hack, government ]
Attackers gained unauthorized access to FEMA Region 6s Citrix-based virtual desktop infrastructure beginning July 2025, exfiltrating sensitive employee data from both FEMA and CBP systems. The compromise originated from stolen credentials and enabled lateral movement between federal systems before detection.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Glasgow City Council
June 19, 2025
•[ data leak, government, supply chain attack ]
Glasgow City Council detected malicious activity on servers managed by supplier CGI on 19 June 2025; online payment and school-absence systems were taken offline; possible theft of customer data under investigation; no financial systems affected.
Multiple Ukrainian Government Ministries
June 6, 2025
•[ wiper malware, data destruction, government ]
Pro-Russian wiper campaign deployed PathWiper malware across multiple Ukrainian government networks around June 6, 2025; Cisco Talos and CERT-UA confirmed data destruction without exfiltration; activity attributed to a Russia-linked APT.
Ingonyama Trust Board
June 1, 2025
•[ ransomware, malware, government ]
On June 1, 2025, the NightSpire ransomware group attacked the Ingonyama Trust Board in South Africa, stealing around 30 GB of potentially sensitive organizational data. Reports confirm exfiltration but no encryption or disruption of systems. The incident became public on August 29, 2025.
Multiple diplomatic and international organizations (particpating in Gaza peace talks)
June 1, 2025
•[ espionage, social, phishing ]
Homeland Justice, an Iranian MOIS-linked group, compromised an Omani Embassy email account and used it to deliver spear-phishing attachments to diplomats and international mediators engaged in Gaza ceasefire negotiations. This was an espionage operation with no service disruption reported. ~72K+ malicious Word emails sent via spear-phishing from a compromised Omani Embassy in Paris account; targeted Egyptian officials, U.S. and Qatari mediators, and organizations such as UN, UNICEF, World Bank, and African Union during Gaza ceasefire talks
Rosselkhoznadzor – Mercury (VetIS) platform
June 1, 2025
•[ service disruption, supply chain attack, government ]
Cyberattack took Russias Mercury (VetIS) animal-product certification platform offline, forcing paper certificates and disrupting dairy supply chains; major retailers (e.g., Lenta, Yandex Lavka, Miratorg) reported interruptions; restoration ongoing; no attribution.
Lorain County Government
May 30, 2025
•[ government, ransomware ]
Lorain County, Ohio detected a network security incident on May 30 2025 that forced courts and several county departments offline; officials reported no evidence of data theft or encryption, and investigations remain ongoing.
Saifuddin Nasution Ismail (WhatsApp account)
May 28, 2025
•[ phishing, account takeover, government ]
WhatsApp account of Malaysias Home Minister hacked in late May 2025 and used via a foreign VPN to send malicious/phishing links to contacts; government confirmed account compromise Jun 2 2025; no evidence of large-scale data theft or system outage.
