At least one hospitality company in Europe
January 5, 2026
•[ phishing, malware, unauthorized access ]
The article reports that Russian-linked threat actors targeted European hospitality companies using phishing emails masquerading as booking inquiries. Victims who opened the attachments triggered malware that displayed a fake blue screen while enabling unauthorized access to internal systems.
At least one PT Taspen customer
January 1, 2026
•[ scam, phishing, malware ]
The online scam involving PT Taspen, which involved sending APK files to retirees, represents an increasingly structured and dangerous form of cybercrime, particularly as it involves the specific exploitation of personal data. The malicious APK applications sent to victims were designed to resemble official PT Taspen apps and were used to trick users into unknowingly granting access to various sensitive elements on their Android devices.
At least one government official
January 1, 2026
•[ espionage, phishing, surveillance tools ]
A Mustang Panda espionage campaign (late Dec 2025 to mid-Jan 2026) using fake diplomatic briefing documents to trick high-level targets into installing surveillance tools. It does not provide a single named victim organization with a confirmed primary effect suitable for one incident record; it is campaign-level reporting.
Raaga
December 15, 2025
•[ data leak, unauthorized access, credential stuffing ]
Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.
Warren County
December 12, 2025
•[ phishing, Business Email Compromise (BEC), payment diversion ]
Warren County officials said the county Treasurers Office transmitted two electronic payments to a fraudulent bank account as part of a phishing scheme: one for $2.1 million on December 12, 2025, and another for $1.2 million on December 22, 2025. The incident was investigated by the Warren County Sheriffs Office, which reported identifying a person of interest. At the time of reporting, officials said the $1.2 million payment had been recovered and restored, while the initial loss totaled $3.3 million. The report frames the event as successful payment diversion via phishing/BEC rather than system disruption.
China Xinchuang Initiative (at least one affiliated organization)
December 9, 2025
•[ phishing, malware, espionage ]
Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.
Greater St. Louis Oral & Maxillofacial Surgery PC
December 4, 2025
•[ phishing, data leak ]
Unauthorized access to a server-hosted employee email account resulted in exposure of patient personal and protected health information and use of the account to send phishing emails.
4 Student Email Accounts at New Haven Public Schools
November 20, 2025
•[ phishing, data leak ]
A phishing campaign against New Haven Public Schools used compromised student email accounts to send more than 10,000 messages districtwide that spoofed legitimate requests for bank details. Over 1,000 students opened the emails and an unknown number submitted financial and personal information, putting families at immediate risk of fraud and identity theft. The districts IT team is resetting affected accounts, purging malicious messages, and warning students to contact their banks and avoid clicking suspicious links.
Harvard University
November 18, 2025
•[ phishing, vishing, data leak ]
Harvard University reported that a voice-phishing attack against Alumni Affairs and Development staff on November 18, 2025 led to unauthorized access to its AAD information systems, exposing contact details, fundraising records and event data for alumni, donors, parents, some students and some faculty and staff; the university locked out the intruder, notified affected individuals beginning November 22, and is working with law enforcement and incident response specialists.
Coupang
November 18, 2025
•[ data leak, phishing ]
South Korean e-commerce firm Coupang reported that an unauthorized third party accessed a customer database and exfiltrated personal information on about 4,500 users. Exposed fields included names, contact details, shipping addresses, and information about recent purchases, raising the risk of targeted phishing and fraud using order history. Coupang says it blocked the intruders access as soon as the breach was detected and has notified regulators and customers while monitoring for signs of misuse of the stolen data.
At least one Andorid user in Latin America
November 12, 2025
•[ malware, ransomware, phishing ]
The Record described a newly identified Android malware/ransomware campaign (DroidLock) distributed through phishing websites that trick users into installing fake apps and then lock devices behind a ransom message. The reporting focuses on a broad campaign targeting Spanish-speaking users rather than a single named victim organization with a discrete primary effect suitable for this datasets event unit. Because there is no specific victim organization, confirmed disruption window, or bounded impact scope for one entity, it is not coded here as an individual cyber event record.
Princeton University
November 10, 2025
•[ phishing, data leak ]
A phone phishing scam enabled unauthorized access to Princeton Universitys Advancement database containing alumni, donor, student, parent, and some faculty information; the breach lasted under 24 hours and the university has not determined what data was viewed or extracted.
At least one policy expert on Iran
November 5, 2025
•[ phishing, credential theft, espionage ]
The Hacker News, citing a Proofpoint investigation, describes a newly identified threat cluster dubbed UNK_SmudgedSerpent conducting credential phishing and remote access operations against more than twenty Iran focused subject matter experts at a U.S. based foreign policy think tank between June and August 2025, amid heightened IranIsrael tensions. Attackers impersonated prominent policy figures and used benign email conversations to lure victims to fake Microsoft Teams and OnlyOffice login pages hosted on health themed domains that captured account credentials. In some cases the operation progressed to deploying legitimate remote monitoring tools such as PDQ Connect and ISL Online for hands on keyboard access, supporting longer term espionage against the target institution and aligning with tactics used by established Iranian cyber intelligence groups.
SuperGrosz
November 3, 2025
•[ vulnerability exploit, cryptocurrency theft, phishing ]
On 3 November 2025, attackers exploited faulty access-control logic in Balancer's V2 Composable Stable Pools to drain more than $100 million in cryptocurrency, with blockchain security firms estimating overall losses above $120 million and at least $99 million in ETH. Balancer acknowledged the exploit, began a forensic investigation and placed any pools it could pause into recovery mode while warning customers about phishing messages spoofing its security team. Partner platforms such as Berachain temporarily halted their networks and froze some of the stolen funds as they worked to protect user assets across the wider DeFi ecosystem.
Australian Treasury Department
November 1, 2025
•[ cyber espionage, phishing, Shadow Campaigns ]
BleepingComputer summarized Unit 42 research on a state-aligned espionage group tracked as TGR-STA-1030/UNC6619 conducting global operations dubbed Shadow Campaigns. The report said the actor compromised at least 70 government and critical infrastructure organizations across 37 countries and conducted reconnaissance activity targeting government entities connected to 155 countries during NovDec 2025. The article describes initial access via tailored phishing (Mega-hosted archives) and exploitation of multiple known vulnerabilities, use of webshells and tunneling tools, and a custom Linux eBPF rootkit (ShadowGuard)
An undisclosed critical infrastructure company in Zambia
November 1, 2025
•[ espionage, phishing, vulnerability exploitation ]
BleepingComputer summarized Unit 42 research on a state-aligned espionage group tracked as TGR-STA-1030/UNC6619 conducting global operations dubbed Shadow Campaigns. The report said the actor compromised at least 70 government and critical infrastructure organizations across 37 countries and conducted reconnaissance activity targeting government entities connected to 155 countries during NovDec 2025. The article describes initial access via tailored phishing (Mega-hosted archives) and exploitation of multiple known vulnerabilities, use of webshells and tunneling tools, and a custom Linux eBPF rootkit (ShadowGuard), but it does not provide a single discrete victim organization record with a specific primary effect suitable for one CED event entry.
Poltronesofà
October 27, 2025
•[ ransomware, data leak, phishing ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
PoltronesofÃ
October 27, 2025
•[ ransomware, phishing, data breach ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
MyVidster (2025)
October 24, 2025
•[ leak, phishing, technology ]
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
Unigym Gatineau
October 24, 2025
•[ phishing, data leak ]
Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
