Troy Hunt's Mailchimp List
March 25, 2025
•[ hack, phishing, technology ]
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Orange Romania
February 24, 2025
•[ financial, hack, leak ]
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Cocospy
February 14, 2025
•[ hack, malware, technology ]
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
LandAirSea
January 12, 2025
•[ hack, technology ]
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Scholastic
January 8, 2025
•[ hack, education ]
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
Habib Bank Limited
January 1, 2025
•[ hack, finance ]
hacked
Federal Board of Revenue
January 1, 2025
•[ hack, finance ]
hacked
Ford X Account
December 31, 2024
•[ hack, manufacturing ]
Ford confirms that its X account was briefly compromised, after posts referencing the Israel-Palestine war are published.
Thomas Cook (India) Ltd.
December 31, 2024
•[ hack, retail ]
Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.
Undisclosed U.S. telecommunications company
December 27, 2024
•[ hack, technology ]
A White House official adds a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
Japan Airlines
December 26, 2024
•[ hack ]
Japans flag carrier announces that it has restored its systems following a cyber incident that delayed some domestic and international flights.
Mi Argentina
December 25, 2024
•[ hack, government ]
The Mi Argentina site and the SUBE card app, two of the governments most important digital platforms, suffer a cyber attack.
ArdyssLife
December 24, 2024
•[ hack, manufacturing ]
The threat actor known as 0mid16B claims to have successfully attacked Ardyss[.]com and ArdyssLife[.]com, stealin 596 GB of data from United States ArdyssLife[.]com and Ardyss[.]com server network.
CyberHaven
December 24, 2024
•[ hack, malware, technology ]
Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.
European Space Agency
December 23, 2024
•[ hack, xss, government ]
The European Space Agency's official web shop is hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
Multiple Organizations
December 19, 2024
•[ hack, malware, technology ]
The developers of Rspack reveal that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Ukrainian State Registers
December 19, 2024
•[ hack, government ]
Suspected Russian threat actors from the XakNet collective launch one of the largest cyberattacks on Ukraines state services in recent months.
French Governmental and Critical Infrastructure
December 16, 2024
•[ hack, ddos, government ]
The hacktivist collective Holy League launches a DDoS campaign against French governmental and critical infrastructure.
Undisclosed Targets in Germany
December 16, 2024
•[ hack, ddos ]
The hacktivist collective Holy League launches a DDoS campaign against undisclosed targets in Germany.
Two individuals in Serbia
December 15, 2024
•[ hack, malware ]
A Serbian journalist and an activist have their phones hacked by local authorities using a cellphone-unlocking device made by forensic tool maker Cellebrite.
