Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Multiple Ukrainian government and municipal organizations
September 25, 2024
•[ vulnerability, phishing, malware ]
A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited beginning September 25, 2024, by undetermined Russian-speaking cybercriminal actors via phishing and homoglyph-lure archives. Trend Micro and SecurityWeek confirmed at least nine Ukrainian government and public-service entities (including the Ministry of Justice, Kyiv Public Transportation, and water-utility systems) were compromised. The campaign delivered SmokeLoader malware through malicious archives bypassing Windows Mark-of-the-Web protections.
City of Pleasanton
September 24, 2024
•[ ransomware, malware, government ]
The City of Pleasanton in California is hit with a Valencia ransomware attack. The threat actor claims to have stolen 283GB of sensitive information.
Duopharma Biotech
September 24, 2024
•[ ransomware, malware, healthcare ]
Malaysian pharmaceutical firm Duopharma Biotech is hit with a Valencia ransomware attack. The threat actor claims to have stolen 25.7GB of sensitive information.
Satia
September 24, 2024
•[ ransomware, malware, manufacturing ]
Indian paper manufacturer Satia is hit with a Valencia ransomware attack. The threat actor claims to have stolen 7.1GB of sensitive information.
American Addiction Centers (AAC)
September 23, 2024
•[ ransomware, malware, healthcare ]
A ransomware attack on American Addiction Centers exposes the sensitive healthcare information of more than 400,000 people. The Rhysida ransomware gang claims responsibility for the attack.
Houston Housing Authority
September 22, 2024
•[ ransomware, malware, government ]
The Houston Housing Authority falls victim of a ransomware attack.
Fylde Coast Academy Trust
September 20, 2024
•[ ransomware, malware, education ]
The Fylde Coast Academy Trust is hit with a ransomware attack.
MCNA Dental
September 16, 2024
•[ ransomware, malware, healthcare ]
MCNA Dental allegedly suffers a new breach by the Everest Team ransomware group.
Radio Geretsried
September 15, 2024
•[ ransomware, malware, technology ]
Radio Geretsried, a local station in Germany, has blamed unknown attackers from Russia after an apparent ransomware incident left it broadcasting music from emergency backups.
Providence Public School District
September 12, 2024
•[ ransomware, malware, education ]
The Providence Public School District (PPSD) faces internet outages after discovering irregular activity." The Medusa ransomware gang claims responsibility for the attack.
Granite School District
September 11, 2024
•[ ransomware, malware, education ]
Granite School District discloses that a cyber attack affected all the students' records. The Rhysida ransomware gang claims responsibility for the attack.
Boston Children’s Health Physicians
September 10, 2024
•[ ransomware, malware, healthcare ]
Boston Childrens Health Physicians (BCHP) discloses to have suffered a cyber attack The BianLian ransomware operation claims responsibility for the attack.
Great Plains Regional Medical Center
September 8, 2024
•[ ransomware, malware, healthcare ]
Great Plains Regional Medical Center in Oklahoma notifies over 133,000 individuals that their personal information was compromised in a ransomware attack.
Tendam
September 7, 2024
•[ ransomware, malware, retail ]
Spanish fashion multinational Tendam is hit with a ransomware attack by the Medusa group. The attackers claim to have stolen 724.59 GB of confidential data from the company's servers and are demanding a ransom of $800,000.
Cardiology of Virginia
September 7, 2024
•[ ransomware, malware, healthcare ]
Cardiology of Virginia patient data appears to be up for sale after an alleged RansomHub ransomware attack.
Charles Darwin School
September 6, 2024
•[ ransomware, malware, education ]
The Charles Darwin School in south London is hit with a ransomware attack.
Undisclosed organization
September 5, 2024
•[ ransomware, malware ]
Researchers at Palo Alto discover a ransomware incident where the threat actor Jumpy Pisces, tied to North Korea, collaborated with the Play ransomware group.
Cisco
September 4, 2024
•[ leak, malware, technology ]
Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
Undisclosed Victims In Mena
September 1, 2024
•[ malware, data theft ]
Campaign used Facebook ads and Telegram links to deliver Asyncrat and steal data.
