Multiple Crypto Users
August 9, 2025
•[ financial, hack, malware ]
Malicious updates to popular npm packages deployed credential/wallet-stealing malware impacting crypto/DeFi users; community advisories urged halting transactions and rotating secrets; maintainers removed tainted packages; early losses ~$900$1,043 total.
MedicSolution
August 9, 2025
•[ ransomware, leak, malware ]
KillSec claimed ransomware attack against Brazilian healthcare IT vendor MedicSolution, disrupting operations and threatening a data leak unless negotiations commence; broader impact under investigation.
Npm ecosystem
August 9, 2025
•[ phishing, malware, hack ]
Phished npm maintainer account used to publish trojanized releases of widely used packages; malicious code attempted crypto address swapping. Packages were pulled within ~2 hours, yet reached ~10% of cloud environments; profits remained under $1,000; no confirmed data theft or sustained outages.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, malware, technology ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
Pakistan Petroleum Limited (PPL)
August 6, 2025
•[ ransomware, leak, malware ]
PPLs servers and backups were encrypted and disabled by Blue Locker ransomware; IT and financial operations were disrupted for days; a ransom note threatened data leaks; NCERT issued high alert advisory to national institutions
City of Greenville (TX)
August 5, 2025
•[ ransomware, malware, government ]
Hackers deployed ransomware targeting Greenvilles server infrastructure, affecting city services and utility billing in Hunt County; emergency 911 was unaffected, and no personal data breach has been reported.
Undisclosed Bank in Asia-Pacific Region
August 1, 2025
•[ financial, malware, finance ]
A financially-motivated crew physically snuck a 4G-equipped Raspberry Pi into an Asia-Pacific banks network, plugging it into the ATM network switch to get remote access past perimeter defenses. Their goal was to reach the ATM switching server and deploy a custom CAKETAP rootkit to approve fraudulent ATM withdrawals; responders interrupted the operation before cash-out
Foreign embassies in Moscow (multiple missions)
July 31, 2025
•[ espionage, malware, government ]
FSB-linked APT Secret Blizzard (Turla) used ISP-level access in Russia to deliver espionage malware against multiple foreign embassies in Moscow; campaign disclosed by Microsoft. Data stolen likely includes diplomatic emails/credentials; exact volume not reported.
Acea
July 31, 2025
•[ ransomware, malware, energy ]
Italian utility company Acea suffered another ransomware attack, this time claimed by World Leaks. Systems were encrypted, disrupting operations, though the exact duration and number of affected customers were not disclosed.
Undisclosed European ministry
July 31, 2025
•[ malware, apt, intelligence collection ]
HackRead reports DoNot APT deployed LOPTiKMod malware against a European ministry to collect intelligence; attribution aligns with prior DoNot operations.
Undisclosed gaming mouse manufacturer (download site)
July 29, 2025
•[ malware, supply chain attack ]
PCWorld reports a gaming mouse vendors download page hosted malware for weeks, infecting users who downloaded driver/software packages.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Joint Court of Justice (Dutch Caribbean)
July 23, 2025
•[ hack, malware, government ]
A malware infection on July 23, 2025 forced the shutdown of the Joint Court of Justices entire IT network across six islands. Judicial case management, filings, and email were fully disrupted until restoration began around July 28. No group has claimed responsibility; no data exfiltration confirmed.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
One undisclosed university in the United States
July 15, 2025
•[ espionage, vulnerability exploitation, malware ]
China-linked operators abused CVE-2025-53770 (ToolShell) weeks after Microsofts July patch to gain initial access at a telecom, escalate privileges (e.g., PetitPotam), harvest credentials, and deploy ShadowPad/Zingdoor/KrustyLoader for persistent espionage against telecom and government networks. Primary effect was covert access and collection, not service outage.
Undisclosed European telecommunications company
July 15, 2025
•[ espionage, vulnerability exploitation, malware ]
China-nexus operators breached a telecom by exploiting an edge service (e.g., NetScaler/SharePoint), then established persistence with SnappyBee-family tooling, harvested credentials and moved laterally to support systems for intelligence collection. No service interruption reported; primary effect is covert access and data staging.
Gravity Forms (Rocketgenius)
July 14, 2025
•[ vulnerability, malware ]
Patchstack reported malicious code in official Gravity Forms installers affecting versions 2.9.11.1 and 2.9.12, enabling command execution on sites using the installers.
Woodlawn Health
July 5, 2025
•[ ransomware, malware, healthcare ]
Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
Undisclosed European telecommunications organisation
July 3, 2025
•[ espionage, malware, vulnerability exploitation ]
Darktrace reports a China-aligned espionage actor (Salt Typhoon) breached a European telecom by exploiting a Citrix NetScaler Gateway, deploying SnappyBee malware for persistence and data staging. Activity reflects classic intelligence collection rather than service disruption; defenders observed beaconing, credential access, and movement to support systems.
At least one Crypto firm targeted via macOS malware
June 30, 2025
•[ malware, cryptocurrency, theft ]
Indonesian outlet Liputan6 reports North Korean actors using macOS malware to target cryptocurrency companies, consistent with DPRKs crypto theft campaigns.
