Billericay School
May 31, 2024
•[ hack, malware, education ]
The Billericay School is hit with a malware attack.
Tibet Post and Gyudmed Tantric University
May 31, 2024
•[ espionage, malware, education ]
Researchers at Recorded Future reveal that the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware
Daniel Freund
May 27, 2024
•[ espionage, malware, government ]
Daniel Freund, a German member of Europes Parliament says his mobile phone was targeted with the Candiru mobile spyware on May.
Seattle Public Library
May 25, 2024
•[ ransomware, malware, government ]
The Seattle Public Library is hit with a ransomware attack.
United Urology Group
May 23, 2024
•[ ransomware, malware, healthcare ]
The RansomHouse threat actors claim to have encrypted the system of United Urology Group and exfiltrated about 300 GB of files.
American Clinical Solutions
May 15, 2024
•[ ransomware, malware, healthcare ]
American Clinical Solutions is hit with a RansomHub ransomware attack, leading to the possible exfiltration of a total of over 700GB of data with over 35GB pertaining to more than 400,000 medical records.
First Nations Health Authority
May 13, 2024
•[ ransomware, malware, healthcare ]
First Nations Health Authority (FNHA) discloses to have suffered a cyber attack. The INC ransomware gang claims responsibility for the attack.
University of Siena
May 10, 2024
•[ ransomware, malware, education ]
The University of Siena is hit with a LockBit ransomware attack.
Polish government institutions
May 9, 2024
•[ espionage, malware, government ]
Polands computer emergency response team, CERT-PL, reveals that it had observed a large-scale malware campaign targeting Polish government institutions, likely carried out by the hacker group APT28, associated with Russias military intelligence agency, the GRU.
Christie’s
May 9, 2024
•[ ransomware, malware, retail ]
A cyber-attack disrupts auction house Christies attempts to sell art and other high-value items worth an estimated $840m. The RansomHub ransomware group claims responsibility for the attack.
PyPI
May 9, 2024
•[ hack, malware, technology ]
GhostAction abused malicious GitHub Actions workflows to exfiltrate thousands of secrets (incl. PyPI tokens). PyPI found no evidence of malicious package publishes, revoked affected tokens, and issued guidance; campaign window early Sept 2025
Ascension
May 8, 2024
•[ ransomware, malware, healthcare ]
Ascension, one of the largest private healthcare systems in the United States, takes some of its systems offline to investigate what it describes as a "cyber security event" confirmed to be a Black Basta ransomware attack.
Richmond University Medical Center
May 6, 2024
•[ ransomware, malware, healthcare ]
The Richmond University Medical Center in New York is investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people.
City of Wichita
May 3, 2024
•[ ransomware, malware, government ]
The City of Wichita, Kansas, discloses it was forced to shut down portions of its network after suffering a weekend ransomware attack. The LockBit ransomware operation claims responsibility for the attack.
Brandywine Realty Trust
May 1, 2024
•[ ransomware, malware ]
Philadelphia-based real estate company Brandywine Realty Trust discloses to have fell victim to a ransomware attack that disrupted some of its business applications.
Atlas
May 1, 2024
•[ ransomware, malware, energy ]
The Back Basta extortion group claims to have breached Atlas, one of the largest national distributors of fuel in the United States. Black Basta purportedly stole 730 GB of data
At least three Wyndham hotels
May 1, 2024
•[ espionage, malware, hospitality ]
pcTattletale, a consumer-grade spyware app is found running on the check-in systems of at least three Wyndham hotels across the United States.
Regional Cancer Center
April 30, 2024
•[ ransomware, malware, healthcare ]
Details of at least 2 million patients with the Regional Cancer Center (RCC) are compromised, affecting 11 out of 14 servers and causing disruptions in many divisions, including the Radiation Department. The attackers demand a ransom.
Equinox
April 29, 2024
•[ ransomware, malware, government ]
Equinox notifies clients and staff members about a data security incident on April 29 due to a LockBit 3.0 ransomware attack.
London Drugs
April 28, 2024
•[ ransomware, malware, retail ]
Canadian pharmacy chain London Drugs closes all its retail stores to contain what it described as a "cybersecurity incident." One month later the LockBit ransomware operation claims responsibility for the attack.
