Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Samsung Germany Customer Tickets
March 30, 2025
•[ leak, malware, technology ]
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Cocospy
February 14, 2025
•[ hack, malware, technology ]
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Stealer Logs, Jan 2025
January 13, 2025
•[ leak, malware ]
In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
CyberHaven
December 24, 2024
•[ hack, malware, technology ]
Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.
Multiple Organizations
December 19, 2024
•[ hack, malware, technology ]
The developers of Rspack reveal that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Pittsburgh Regional Transit
December 19, 2024
•[ ransomware, malware ]
Pittsburgh Regional Transit (PRT) is hit with a ransomware attack.
Undisclosed Malaysian educational institution
December 19, 2024
•[ financial, malware, education ]
Researchers from Trend Micro discover a Python-Based NodeStealer version targeting Facebook Ads Manager.
Military personnel in Ukraine
December 18, 2024
•[ social, malware, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discloses that a threat actor tracked as UAC-0125 is leveraging Cloudflare Workers to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Kaiser Permanente employees
December 15, 2024
•[ social, malware, healthcare ]
Researchers at Malwarebytes detect a malicious campaign targeting Kaiser Permanente employees via Google Search Ads.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
Two individuals in Serbia
December 15, 2024
•[ hack, malware ]
A Serbian journalist and an activist have their phones hacked by local authorities using a cellphone-unlocking device made by forensic tool maker Cellebrite.
RIBridges (Rhode Island's Integrated Eligibility System)
December 13, 2024
•[ ransomware, malware, government ]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
Thai Government Officials
December 13, 2024
•[ espionage, malware, government ]
Researchers at Netskope discover a campaign targeting Thai government officials through DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
Telecom Namibia
December 11, 2024
•[ ransomware, malware, technology ]
Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
Electrica Group
December 9, 2024
•[ ransomware, malware, energy ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
ITO EN North America
December 6, 2024
•[ ransomware, malware, manufacturing ]
The Japanese corporation Ito En confirms that its U.S. subsidiary was hit with ransomware. The company is the largest producer of green tea in Japan and has subsidiaries in the U.S., Australia, China and Indonesia.
