At least one individual in Greece
January 21, 2026
•[ phishing, SMS blaster, rogue mobile base station ]
The Record reported that Greek police dismantled a scam operation in the Athens area that used a fake cell tower concealed in a car to send phishing messages to nearby mobile users. Authorities said the device operated as a rogue mobile base station (SMS blaster), mimicking legitimate telecom infrastructure and forcing phones to connect while downgrading them to 2G, which the criminals used to facilitate mass scam messaging. The article focuses on law-enforcement action against the operators and describes the method used; it does not quantify victim counts, confirmed credential theft outcomes, or specific financial losses, so scope and data impacts are coded as undetermined.
Kansas City Police Department
November 5, 2025
•[ data leak, hack, law enforcement ]
Reporting by KCUR, WIRED, and DataBreaches.net describes a major hack of the Kansas City, Kansas Police Department whose internal records were exfiltrated in 2024 and later published by transparency collective Distributed Denial of Secrets. The leaked cache, reportedly more than one terabyte in size, includes a secret Veracity Disclosure or Giglio List that identifies officers whose documented misconduct could undermine their testimony, along with supporting case files and internal correspondence. Police officials confirmed that the department experienced a cyber incident reported to federal agencies but criticized publication of the names as relying on stolen, unverified data and potentially harming officers reputations.
At least one organization in Southeast Asia
October 1, 2025
•[ espionage, APT activity, vulnerability exploitation ]
BleepingComputer summarized Check Point research on a newly tracked actor Amaranth Dragon, linked to China-aligned APT activity, which exploited WinRAR CVE-2025-8088 in espionage operations against government and law enforcement entities in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines. The actor used geofenced infrastructure and a custom loader to deliver encrypted payloads (including Havoc and a newer TGAmaranth RAT using Telegram for C2). Because the article is campaign/threat-research reporting without a discrete, named victim event record and bounded impacts, event_type and event_subtype are coded as NA for CED incident purposes.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
