Full List

Search

Search Results (hack)

• SonicWall May 9, 2025 • [ hack, brute-force, technology ] Threat actors brute-forced the MySonicWall portal and accessed cloud backup firewall preference files for a subset of customers (<5%). SonicWall terminated access, issued Essential Credential Reset guidance, and involved law enforcement. Risk centers on reuse of secrets/config intelligence for follow-on compromises.
• Unnamed U.S. Banking Organization May 9, 2025 • [ social, misconfiguration, finance ] ReliaQuest links Scattered Spider to renewed activity against U.S. financial services, including a bank intrusion achieved via social engineering + Azure AD SSPR, followed by lateral movement (Citrix/VPN), ESXi compromise, and cloud data access attempts (Snowflake/AWS).
• KazMunaiGas May 5, 2025 • [ social, hack, phishing ] A spear-phishing campaign disguised as internal HR communications delivered multi-stage malware to KMG employees. Attackers used a compromised business email, LNK downloader, PowerShell (DOWNSHELL), and DLL implant to establish reverse shell access. KMG later labeled it a phishing test.
• Multiple devices at undisclosed telecommunications firm(s) May 1, 2025 • [ social, hack, phishing ] UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in Canada using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
• Multiple devices at undisclosed telecommunications firm(s) May 1, 2025 • [ social, hack, malware ] UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United Arab Emirates using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
• Multiple devices at undisclosed telecommunications firm(s) May 1, 2025 • [ social, hack, malware ] UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United Kingdom using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
• Multiple devices at undisclosed telecommunications firm(s) May 1, 2025 • [ hack, social, malware ] UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United States of America using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
• City of Tahlequah municipal systems April 30, 2025 • [ hack, government ] City of Tahlequah reported a cyberattack; IT isolated affected systems the same day. Officials reported no ransomware encryption and no evidence of data exfiltration or resident impact.
• Bartlesville Public Schools April 30, 2025 • [ hack, education ] On April 30, 2025, unauthorized intruders stole files from Bartlesville Public Schools containing names and Social Security numbers of staff and students. The breach was discovered by August 4 and reported on August 27. Affected individuals received credit monitoring support.
• Synthient Stealer Log Threat Data April 11, 2025 • [ hack, malware, technology ] During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
• Synthient Credential Stuffing Threat Data April 11, 2025 • [ hack, brute-force, technology ] During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords.
• Troy Hunt's Mailchimp List March 25, 2025 • [ hack, phishing, technology ] In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
• Fundamental Administrative Services, LLC March 21, 2025 • [ hack, healthcare ] On March 21, 2025, Fundamental Administrative Services, a healthcare management company based in Maryland, confirmed a data breach after discovering unauthorized access. Sensitive PII and PHI belonging to 56,235 patients was stolen, including SSNs, medical, and insurance data. No encryption or service disruption was reported.
• Central Maine Healthcare March 19, 2025 • [ hack, healthcare ] An unauthorized actor accessed Central Maine Healthcares IT environment between March 19 and June 1, 2025, compromising sensitive patient data; systems were secured immediately and patient notifications began in late July 2025
• Apple Customers March 9, 2025 • [ hack, malware, technology ] The French government says Apple sent out threat notifications to customers alerting them to spyware attacks earlier in September.
• Government of Canada March 8, 2025 • [ hack, social, phishing ] A software-update vulnerability at MFA provider 2Keys allowed access to contact data for federal service users (CRA/ESDC phone numbers; CBSA emails) authenticating between Aug 315, 2025; attacker sent phishing SMS to some numbers; government deems no further sensitive data accessed.
• DermCare Management (practice management company) February 26, 2025 • [ hack, healthcare ] Attack identified Feb 26, 2025; investigation confirmed Mar 3 that patient data may have been copied from DermCares network. At least 10 affiliated dermatology practices (mainly FL, plus TX) issued substitute notices; totals still being determined.
• Orange Romania February 24, 2025 • [ financial, hack, leak ] In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
• Cocospy February 14, 2025 • [ hack, malware, technology ] In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
• Vital Imaging Medical Diagnostic Centers February 13, 2025 • [ hack, healthcare ] A hacking incident on 13 Feb 2025 led to unauthorized access to Vital Imagings network, exposing sensitive personal and medical information of approximately 260,000 individuals. Notifications were sent in August 2025, and legal investigations are active.