Undisclosed private company in Granada
May 1, 2025
•[ malware, man-in-the-middle ]
Approximately 13,000 was stolen after malware infected the email account of a private company in Granada, Spain, allowing attackers to monitor correspondence and alter supplier payment instructions. Six individuals were arrested in Spain in connection with the man-in-the-middle fraud.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
SK Telecom
April 19, 2025
•[ malware, data leak ]
Malware on internal servers enabled theft of USIM identifiers and related network data over an extended period.
Chile national football team (official YouTube channel)
April 18, 2025
•[ malware, account takeover ]
Hackers hijacked the Chile national football teams verified YouTube channel (~43,000 subscribers) for about 48 hours (April 1820 2025), replacing legitimate videos with gaming content embedding malware links and maintaining full administrative control until recovery.
Pepe memecoin website
April 12, 2025
•[ website compromise, phishing, malware ]
The official website for the Pepe (PEPE) memecoin was compromised in a front-end attack that redirected visitors to a malicious site. According to Blockaid and Cointelegraph reporting, the compromised front-end contained code associated with the Inferno Drainer family and redirected users to a fake site that injects malicious code intended to drain crypto wallets. Users were advised to avoid interacting with the site while the issue was being addressed; the reporting did not quantify how many users were affected or whether wallet losses occurred.
At least one individual in southeast Asia
April 12, 2025
•[ malware, fraud, financially motivated attack ]
A criminal threat group tracked as GoldFactory distributed malware targeting users in Southeast Asia, compromising endpoint devices to enable fraud and other financially motivated activity.
Synthient Stealer Log Threat Data
April 11, 2025
•[ hack, malware, technology ]
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
Great Plains Federal Credit Union
April 8, 2025
•[ malware, jackpotting ]
On April 8, 2025, two ATMs at Great Plains Federal Credit Union branches in Salina, Kansas, were compromised in a jackpotting incident; attackers installed malware on the ATM OS to force illicit cash dispensing. Amount stolen not disclosed; no data theft reported.
Ukrainian government and military entities
April 1, 2025
•[ malware, data leak, espionage ]
Russian FSB 18th Center for Information Security (Gamaredon) deployed updated GammaSteel malware to exfiltrate sensitive data from Ukrainian government and defense networks in an ongoing espionage campaign; no operational disruption reported.
Undisclosed Ukrainian critical infrastructure organization
April 1, 2025
•[ malware, data exfiltration, wiper ]
The FSBs 18th Center for Information Security (Gamaredon) deployed PathWiper malware against an undisclosed Ukrainian critical-infrastructure operator in early April 2025, exfiltrating large volumes of operational data before executing a destructive wiper that caused temporary service degradation.
Multiple e-commerce stores using Magento extensions
April 1, 2025
•[ supply-chain attack, malware, webshell ]
Supply-chain compromise of 21 Magento extensions backdoored since 2019, activated in April 2025; between 5001,000 e-stores impacted; at least one webshell observed.
Samsung Germany Customer Tickets
March 30, 2025
•[ leak, malware, technology ]
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Undisclosed European drone manufacturer
March 25, 2025
•[ phishing, social engineering, malware ]
North Korean operators approached European defense engineers with fake job offers, delivering loaders that sideloaded ScoringMathTea and BinMergeLoader/MISTPEN to exfiltrate proprietary UAV designs and manufacturing know-how. Intelligence-collection focus; campaign targets several firms rather than one discrete victim record.
Les Automotive
March 17, 2025
•[ supply chain attack, malware ]
Supply-chain compromise at vendor led dealership sites to serve malicious clickfix.
Apple Customers
March 9, 2025
•[ hack, malware, technology ]
The French government says Apple sent out threat notifications to customers alerting them to spyware attacks earlier in September.
French government officials
March 9, 2025
•[ espionage, malware, government ]
Apple notified French officials of targeted mercenary-spyware attacks (latest Sep 3, 2025); CERT-FR says this is the fourth wave in 2025; highly targeted espionage against high-profile users; Apple recommends Lockdown Mode and expert assistance; no attribution disclosed.
Szpital MSWiA (Ministry of Interior Hospital) Kraków
March 8, 2025
•[ ransomware, malware, healthcare ]
Cyberattack on the Ministry of Interior hospital in Krakw encrypted administrative and medical IT systems, fully paralyzing patient care and access to records. Hospital departments began restoring systems by March 11, indicating ~3 days of disruption. No data exfiltration or perpetrator identified.
United Arab Emirates Government Entities
March 4, 2025
•[ malware, backdoor ]
Researchers reported Sosano backdoor used against UAE aviation and transport organizations.
Multiple U.S. Targets (Law Firms, SaaS, Tech Firms)
March 1, 2025
•[ espionage, malware, technology ]
Chinese APT UNC5221 deployed the BRICKSTORM backdoor to infiltrate U.S. law firms and SaaS providers for intelligence collection. Campaign active from March through September 2025.
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
