Northwest Asthma & Allergy Center
November 12, 2024
•[ hack, phishing, healthcare ]
An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
Fall Mountain Regional School District
November 1, 2024
•[ phishing, data leak ]
District warned community after phishing scam; vendor ids and emails exposed.
Individuals
October 31, 2024
•[ financial, phishing, retail ]
Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
Fillmore County Hospital
October 27, 2024
•[ phishing, data leak ]
An unauthorized party accessed an employee email account on 2024-10-27. Investigation completed 2024-12-18. Affected data includes personal, medical, payment, and insurance information. Individuals were notified 2025-02-13.
Ou Medicine (Ou Health)
October 18, 2024
•[ phishing, data leak ]
Ou Health reported unauthorized access to two email accounts impacting patient information.
Westmoreland County
October 16, 2024
•[ social, phishing, government ]
Municipal Authority of Westmoreland County officials say the water and sewer utility has recovered more than $826,000 that was stolen in what it called a vendor impersonator scheme.
The Good Life Medical Staff LLC
October 15, 2024
•[ phishing, data leak ]
Healthcare staffing firm reported email account compromise exposing sensitive information
General Dynamics
October 10, 2024
•[ social, phishing, manufacturing ]
Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel.
EigenLayer
October 4, 2024
•[ hack, phishing, finance ]
EigenLayer team says it is investigating an unapproved selling activity of about 1.6 million of EigenLayers EIGEN tokens, worth about $5.7 million. In a subsequent update the company reveals that the unapproved token-selling incident was due to a hack, after a malicious attacker compromised an email thread involving an investors token transfer into custody.
Charleston Area Medical Center
October 2, 2024
•[ phishing, data leak ]
Phishing attack on multiple email users; unauthorized access to one mailbox between Oct 23, 2024, possibly exposing personal and health information. No other systems impacted.
Heartland Community Health Center
October 1, 2024
•[ phishing, data leak ]
Clinic reported email account breach exposing sensitive patient and insurance information.
Onsite Mammography
October 1, 2024
•[ phishing, data leak ]
Phishing attack compromised a single employees email account, enabling exfiltration of PII and PHI data affecting over 350,000 individuals; no encryption involved.
Hunter Health Clinic
September 30, 2024
•[ phishing, data leak ]
Clinic said an unauthorized party accessed one employee mailbox around Sept 30, 2024; on May 1, 2025 it confirmed files with PHI/PII may have been accessed; notices issued May 15.
Dove Healthcare
September 29, 2024
•[ phishing, data leak ]
Healthcare provider disclosed email account compromise containing patient and employee information.
Senator Ben Cardin
September 26, 2024
•[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
AultCare Corporation
September 25, 2024
•[ phishing, data leak ]
An unauthorized party accessed an employee email account and a SharePoint instance on 2024-09-25. AultCare reviewed affected content and began notifying brokers and affected individuals by 2025-01-21.
Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Multiple Ukrainian government and municipal organizations
September 25, 2024
•[ vulnerability, phishing, malware ]
A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited beginning September 25, 2024, by undetermined Russian-speaking cybercriminal actors via phishing and homoglyph-lure archives. Trend Micro and SecurityWeek confirmed at least nine Ukrainian government and public-service entities (including the Ministry of Justice, Kyiv Public Transportation, and water-utility systems) were compromised. The campaign delivered SmokeLoader malware through malicious archives bypassing Windows Mark-of-the-Web protections.
Equiniti Trust Company, formerly known as American Stock Transfer & Trust Company
September 19, 2024
•[ financial, phishing, finance ]
Equiniti Trust Company agrees to pay $850K after an unknown threat actor, pretending to be an employee of a U.S.-based public issuer client of American Stock Transfer, instructed the Company to issue millions of new shares, liquidate those shares, and send the proceeds to an bank in Hong Kong, leading to a loss of roughly $4.78 million.
Zenith American Solutions, Inc.
September 6, 2024
•[ phishing, data leak ]
Unauthorized access to Zenith American Solutions network discovered September 6 2024 after an employee email account was compromised via phishing; over 12,000 individuals names, dates of birth, Social Security numbers, and benefit-plan documents potentially accessed. The firm notified regulators January 2025 and publicly disclosed in June 2025. No actor attribution or ransom demand reported.
