At least one individual in Singapore
January 11, 2025
•[ malware, extortion, data leak ]
Singapore Police warned of a malware-enabled sextortion scam in which victims were lured via social media offers of online sexual services and deceived into downloading a malicious application. Police said the malware enabled scammers to remotely access victims photo galleries and contact lists, and in some cases capture or retrieve compromising content. Attackers then threatened to send the images to the victims contacts unless payments were made. Police reported at least six cases since November 2025 with total losses of at least S$20,000.
Slovakian Geodesy, Cartography and Cadastre Office (UGKK)
January 10, 2025
•[ ransomware, malware, government ]
A cyber attack targets the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agencys systems are shut down, and its physical offices closed following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom.
Excelsior Orthopaedics
January 7, 2025
•[ ransomware, malware, healthcare ]
Excelsior Orthopaedics notifies approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.
Laramie County Library System
January 7, 2025
•[ ransomware, malware, education ]
CHEYENNE Early Tuesday morning, the Laramie County Library System was the victim of a ransomware attack that shut down library servers and immobilized most digital services.
Green Bay Packers (Online Store)
January 6, 2025
•[ financial, hack, malware ]
The Green Bay Packers American football team notifies fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information.
Kong Inc.
January 2, 2025
•[ hack, malware, technology ]
An attacker accesses Kong's DockerHub account and replaces the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version containing malicious code that enabled cryptojacking.
Unnamed high-profile Ukrainian entities
January 2, 2025
•[ espionage, malware, government ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"ESET observed coordination where "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Gamaredon tools (PteroGraphin/PteroOdd/PteroPaste)"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" deployed or restarted "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Turlas Kazuar"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" on Ukrainian systems during "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"FebApr 2025"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":", marking the first documented collaboration between these FSB-linked groups; focus is "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"espionage access"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" rather than disruption."}]}
Nikki‑Universal Co. Ltd
January 1, 2025
•[ ransomware, malware, manufacturing ]
Nikki-Universal Co. Ltd., produsen kimia asal Jepang jadi korban serangan ransomware pada Desember 2024. Data dicuri, server tak berfungsi
Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
Jamnagar cyber-fraud case (farmers targeted)
January 1, 2025
•[ fraud, malware ]
Two men arrested by Jamnagar cybercrime police for siphoning 6.4 lakh INR through a fraudulent mobile app scam targeting farmers phones in Gujarat
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
Fraunhofer Institute for Industrial Engineering IAO
December 27, 2024
•[ ransomware, malware, technology ]
On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.
CyberHaven
December 24, 2024
•[ hack, malware, technology ]
Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.
Multiple Organizations
December 19, 2024
•[ hack, malware, technology ]
The developers of Rspack reveal that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Pittsburgh Regional Transit
December 19, 2024
•[ ransomware, malware ]
Pittsburgh Regional Transit (PRT) is hit with a ransomware attack.
Undisclosed Malaysian educational institution
December 19, 2024
•[ financial, malware, education ]
Researchers from Trend Micro discover a Python-Based NodeStealer version targeting Facebook Ads Manager.
Military personnel in Ukraine
December 18, 2024
•[ social, malware, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discloses that a threat actor tracked as UAC-0125 is leveraging Cloudflare Workers to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Kaiser Permanente employees
December 15, 2024
•[ social, malware, healthcare ]
Researchers at Malwarebytes detect a malicious campaign targeting Kaiser Permanente employees via Google Search Ads.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
