Weymouth and Kingston Maurward College (Dorset College group)
August 15, 2025
•[ social, phishing, education ]
A phishing incident at Dorset Colleges Weymouth and Kingston Maurward campus resulted in the compromise of multiple staff email accounts around August 15, 2025. Spam was sent from affected accounts. Exposure may have included contact details of prior email correspondents. The breach was contained swiftly with minimal impact. Reported to the ICO.
300+ macOS end users worldwide
August 15, 2025
•[ hack, malware, phishing ]
Over 300 Macs were infected by the Shamos malware delivered via fake Apple Support websites shown in Google Search results. The malware bypassed macOS Gatekeeper and XProtect to steal passwords, personal notes, and cryptocurrency wallet data.
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
Npm ecosystem
August 9, 2025
•[ phishing, malware, hack ]
Phished npm maintainer account used to publish trojanized releases of widely used packages; malicious code attempted crypto address swapping. Packages were pulled within ~2 hours, yet reached ~10% of cloud environments; profits remained under $1,000; no confirmed data theft or sustained outages.
Town of Bar Harbor, Maine
July 30, 2025
•[ social, phishing, government ]
Bar Harbor discovered on July 30, 2025 that four municipal email accounts were compromised and used to send phishing messages. Town offices were closed July 31Aug 1 while systems were secured. CrowdStrike and FBI confirmed no ransomware, encryption, malware, financial theft, or data exfiltration.
Toys “R” Us Canada
July 30, 2025
•[ data leak, phishing ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
Toys “R†Us Canada
July 30, 2025
•[ data leak, phishing, dark web ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
Pi-hole (donations site)
July 28, 2025
•[ phishing, misconfiguration, technology ]
Donor names/emails shown in page source due to GiveWP plugin flaw; donors began reporting phishing on July 28; Pi-hole post-mortem confirms exposure and no payment data affected.
Cisco.com Registered Users
July 24, 2025
•[ social, phishing, technology ]
A voice phishing (vishing) call tricked a Cisco representative into granting access to a third-party CRM system on July 24, 2025. Attackers exfiltrated basic profile information of Cisco.com users (names, emails, phones, addresses, account metadata). No passwords or sensitive data affected; actor remains unknown. Breach discovered by August 5, 2025.
North St. Paul Police Department
July 23, 2025
•[ phishing, government, hack ]
A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
OutcomesOne
July 1, 2025
•[ social, phishing, healthcare ]
A phishing attack compromised a single employees email account for about one hour at OutcomesOne, a Florida-based professional services firm providing health IT and medication management support to insurers and pharmacies. Attackers accessed PHI stored in the organizations email application server, exposing data of roughly 149,000 individuals including names, demographics, provider, insurance, and medication information. No Social Security numbers or financial data were involved.
Undisclosed rural Nebraska school district
June 30, 2025
•[ phishing, BEC ]
A rural Nebraska school district lost approximately $1.8 million to a phishing/BEC scheme that diverted funds from intended recipients.
At least one individual tricked by phony Chinese e-commerce sites (multiple brands)
June 30, 2025
•[ phishing ]
GovInfoSecurity roundup highlights campaigns using phony Chinese retail websites to mimic brands and defraud consumers; treated here as campaign-level item.
CoinMarketCap
June 20, 2025
•[ phishing, malicious code injection ]
Malicious JavaScript injected into CoinMarketCaps website altered displayed content to show a fake wallet verification pop-up; code removed within hours; no confirmed data or monetary theft reported.
NetVision (Cellcom Israel)
June 17, 2025
•[ phishing, vulnerability exploitation, hacktivism ]
Pro-Palestinian hackers exploited a vulnerability in NetVisions legacy email infrastructure to send forged phishing messages impersonating Israeli government domains; servers used for distribution of malicious emails; no confirmed data theft or ransom demand reported.
Unnamed hotels in Brazil
June 13, 2025
•[ phishing, financial, malware ]
TA558 used LLM-generated JS/PowerShell loaders in phishing emails (Portuguese/Spanish) to deploy Venom RAT against hotels (Brazil/Spanish-speaking markets), aiming to siphon guest credit-card data from hotel systems/OTAs; observed in summer 2025, with no named victims or outages.
Lexington-Richland School District 5
June 5, 2025
•[ ransomware, phishing, education ]
On June 3, 2025, Lexington-Richland School District 5 detected a network intrusion following a phishing email that disrupted systems, delayed summer school and staff bonuses. Over 1.03 TB of data has been confirmed under review. Though Interlock claimed responsibility, this is unverified. The district refused ransom demands and is offering credit monitoring to affected individuals.
Microsoft Outlook / Office 365 Customers
June 1, 2025
•[ social, phishing, technology ]
Threat actors abused Proofpoint and Intermedia email-link wrapping services to deliver phishing emails posing as Teams notifications and voicemails, leading to theft of Microsoft Outlook / Office 365 login credentials from global users. No encryption occurred; actor identity unknown.
Multiple diplomatic and international organizations (particpating in Gaza peace talks)
June 1, 2025
•[ espionage, social, phishing ]
Homeland Justice, an Iranian MOIS-linked group, compromised an Omani Embassy email account and used it to deliver spear-phishing attachments to diplomats and international mediators engaged in Gaza ceasefire negotiations. This was an espionage operation with no service disruption reported. ~72K+ malicious Word emails sent via spear-phishing from a compromised Omani Embassy in Paris account; targeted Egyptian officials, U.S. and Qatari mediators, and organizations such as UN, UNICEF, World Bank, and African Union during Gaza ceasefire talks
Undisclosed Kyrgyzstan organization
June 1, 2025
•[ phishing, malware, state-sponsored ]
A nation-state actor known as Bloody Wolf conducted spearphishing impersonating the Kyrgyz Ministry of Justice to deploy JAR loaders and install NetSupport RAT for persistent access to organizational systems; no data theft was reported.
