University of Siena
May 10, 2024
•[ ransomware, malware, education ]
The University of Siena is hit with a LockBit ransomware attack.
Polish government institutions
May 9, 2024
•[ espionage, malware, government ]
Polands computer emergency response team, CERT-PL, reveals that it had observed a large-scale malware campaign targeting Polish government institutions, likely carried out by the hacker group APT28, associated with Russias military intelligence agency, the GRU.
Christie’s
May 9, 2024
•[ ransomware, malware, retail ]
A cyber-attack disrupts auction house Christies attempts to sell art and other high-value items worth an estimated $840m. The RansomHub ransomware group claims responsibility for the attack.
PyPI
May 9, 2024
•[ hack, malware, technology ]
GhostAction abused malicious GitHub Actions workflows to exfiltrate thousands of secrets (incl. PyPI tokens). PyPI found no evidence of malicious package publishes, revoked affected tokens, and issued guidance; campaign window early Sept 2025
Ascension
May 8, 2024
•[ ransomware, malware, healthcare ]
Ascension, one of the largest private healthcare systems in the United States, takes some of its systems offline to investigate what it describes as a "cyber security event" confirmed to be a Black Basta ransomware attack.
Richmond University Medical Center
May 6, 2024
•[ ransomware, malware, healthcare ]
The Richmond University Medical Center in New York is investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people.
City of Wichita
May 3, 2024
•[ ransomware, malware, government ]
The City of Wichita, Kansas, discloses it was forced to shut down portions of its network after suffering a weekend ransomware attack. The LockBit ransomware operation claims responsibility for the attack.
Teixeira Cândido (Angolan journalist) / Syndicate of Angolan Journalists context
May 3, 2024
•[ spyware, Predator, mobile infection ]
Amnesty Internationals Security Lab reported forensic confirmation that Intellexas Predator spyware successfully infected the iPhone of Angolan journalist and press freedom activist Teixeira Cndido on May 4, 2024 after he opened a malicious link sent via WhatsApp. Amnesty said the attacker could have gained wide access to device data (including messages and files) and that the infection appears to have been removed after the phone was restarted later that day. The investigation described multiple additional infection links sent afterward that did not appear to succeed. Attribution to a specific government customer was not made in the public report.
Brandywine Realty Trust
May 1, 2024
•[ ransomware, malware ]
Philadelphia-based real estate company Brandywine Realty Trust discloses to have fell victim to a ransomware attack that disrupted some of its business applications.
Atlas
May 1, 2024
•[ ransomware, malware, energy ]
The Back Basta extortion group claims to have breached Atlas, one of the largest national distributors of fuel in the United States. Black Basta purportedly stole 730 GB of data
At least three Wyndham hotels
May 1, 2024
•[ espionage, malware, hospitality ]
pcTattletale, a consumer-grade spyware app is found running on the check-in systems of at least three Wyndham hotels across the United States.
Regional Cancer Center
April 30, 2024
•[ ransomware, malware, healthcare ]
Details of at least 2 million patients with the Regional Cancer Center (RCC) are compromised, affecting 11 out of 14 servers and causing disruptions in many divisions, including the Radiation Department. The attackers demand a ransom.
Equinox
April 29, 2024
•[ ransomware, malware, government ]
Equinox notifies clients and staff members about a data security incident on April 29 due to a LockBit 3.0 ransomware attack.
London Drugs
April 28, 2024
•[ ransomware, malware, retail ]
Canadian pharmacy chain London Drugs closes all its retail stores to contain what it described as a "cybersecurity incident." One month later the LockBit ransomware operation claims responsibility for the attack.
Pueblo County School District 70
April 27, 2024
•[ ransomware, malware, education ]
Pueblo County School District 70 is the victim of a ransomware attack.
Keuka College
April 25, 2024
•[ ransomware, malware, education ]
Keuka College discloses a ransomware attack, allegedly carried out by the LockBit ransomware operation.
Skanlog
April 23, 2024
•[ ransomware, malware, retail ]
Skanlog, the Swedish logistics company that works with Swedens alcohol retail monopoly Systembolagethas, is hit with a ransomware attacks and prompts warnings from the countrys sole liquor retailer that its top shelves in stores around the country may be empty by the end of the week.
Union Hospital
April 18, 2024
•[ ransomware, malware, healthcare ]
The Union Hospital in Hong Kong is hit with an alleged LockBit ransomware attack.
Synlab Italia
April 18, 2024
•[ ransomware, malware, healthcare ]
Synlab Italia suspends all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. The BlackBasta ransomware gang claims responsibility for the attack.
New York Bill Drafting Commission
April 17, 2024
•[ hack, malware, government ]
The New York Bill Drafting Commission is taken down by a malware attack.
