Plex Inc
August 9, 2025
•[ hack, leak, technology ]
Plex reported an intrusion into one database leading to theft of a subset of customer authentication data (emails, usernames, securely hashed passwords). Plex urged password resets, recommended signing out all devices, and enabling 2FA; no credit-card data was affected.
Multiple Crypto Users
August 9, 2025
•[ financial, hack, malware ]
Malicious updates to popular npm packages deployed credential/wallet-stealing malware impacting crypto/DeFi users; community advisories urged halting transactions and rotating secrets; maintainers removed tainted packages; early losses ~$900$1,043 total.
Npm ecosystem
August 9, 2025
•[ phishing, malware, hack ]
Phished npm maintainer account used to publish trojanized releases of widely used packages; malicious code attempted crypto address swapping. Packages were pulled within ~2 hours, yet reached ~10% of cloud environments; profits remained under $1,000; no confirmed data theft or sustained outages.
1000ua.ru (Russian POW portal)
August 6, 2025
•[ hack, ddos, government ]
On August 6, 2025, immediately after launch, the Russian website 1000ua.ru which published portraits of 1,000 Ukrainian POWs was hit with a DDoS attack. RT attributed the traffic to Ukraine, but no specific group has been identified. The attack caused partial disruption but no data theft or encryption.
Bouygues Telecom
August 4, 2025
•[ hack, technology ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Bouygues Telecom
August 4, 2025
•[ hack, technology ]
In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer records, including 5.7M unique email addresses. The breach also exposed names, physical addresses, phone numbers, dates of birth and IBANs (International Bank Account Numbers). Bouygues Telecom advised that all affected customers had been notified about the incident.
Sevastopol main internet provider (Miranda Media)
August 2, 2025
•[ hack, ddos, technology ]
On August 2, 2025, Sevastopols main internet provider Miranda Media came under a large-scale DDoS attack, causing widespread disruption of mobile and fixed-line connectivity across the city. Services were intermittently unavailable for several days. Officials acknowledged the disruption on August 4, 2025. No group has claimed responsibility.
Qilin ransomware group
July 31, 2025
•[ ransomware, hack, leak ]
Compromise of Qilins affiliate panel by rival actors enabled access to internal systems and stolen victim files.
Ministry of iTaukei Affairs
July 31, 2025
•[ hack, government ]
The Ministry of iTaukei Affairs official Facebook page was hacked again after an April 2025 incident.
Orange Belgium S.A.
July 30, 2025
•[ hack, technology ]
On July 30, 2025, Orange Belgium S.A. suffered a cyberattack that compromised data from approximately 850,000 customers. Exposed information included names, phone numbers, SIM card and PUK codes, and tariff plan details. Passwords, email addresses, and financial information were not affected. The incident was disclosed publicly on August 20, 2025, and is separate from other Orange Group cyber incidents.
TransUnion
July 28, 2025
•[ hack, misconfiguration, finance ]
Unauthorized access via third-party contractor application used in U.S. consumer support operations enabled viewing and copying of files.
Government servers of Russian-occupied Crimea
July 25, 2025
•[ hack, government ]
Ukraines military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russias forced deportation of Ukrainian children from occupied territories.
Parliament of Aruba
July 25, 2025
•[ hack, government ]
Parliamentary email systems in Aruba were hacked in late July 2025, compromising official accounts. The attack affected email communications but did not disrupt broader parliamentary operations. No attribution or data theft has been confirmed.
Brightstar Lottery Group
July 24, 2025
•[ hack ]
Unauthorized access to Brightstar Lottery Groups corporate network occurred July 24 2025 and was discovered July 25 2025. The Rhode Island-based vendor notified affected individuals in September after confirming that roughly 550 Connecticut residents personal information was compromised. No operational disruption or encryption reported.
North St. Paul Police Department
July 23, 2025
•[ phishing, government, hack ]
A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
Joint Court of Justice (Dutch Caribbean)
July 23, 2025
•[ hack, malware, government ]
A malware infection on July 23, 2025 forced the shutdown of the Joint Court of Justices entire IT network across six islands. Judicial case management, filings, and email were fully disrupted until restoration began around July 28. No group has claimed responsibility; no data exfiltration confirmed.
CoinDCX
July 19, 2025
•[ financial, hack, finance ]
CoinDCX, Indias largest crypto exchange, suffered a $44M breach in July 2025 after attackers compromised a backend server connected to a hot wallet. Withdrawals were suspended but later resumed with assurances user funds were safe. Attribution remains undetermined; some analysts suggest Lazarus Group, while Indian police arrested a local engineer tied to suspicious freelance work.
Dutch Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ hack, government ]
Systems shut down after discovery of unauthorized access via Citrix.
Automated Business Solutions (ABS)
July 16, 2025
•[ hack, technology ]
ABS reported unauthorized network access (July 1617, 2025); investigation confirmed on Aug. 22 that names, SSNs, and bank account data were copied; notifications and Equifax monitoring offered.
IMDataCenter
July 15, 2025
•[ leak, hack, misconfiguration ]
Unsecured AWS S3 bucket exposed ~38GB of records; hacker downloaded ~75GB, including ~20M emails, ~37M phone numbers, 50k SSNs/DOBs; affects multiple industries (healthcare, airlines, universities, dealerships). Bucket later secured; lawsuits pending.
