RUAG LLC
November 4, 2025
•[ ransomware, data leak ]
Ransomware group Akira launched a double-extortion style attack against RUAG LLC, the Virginia-based liaison office of Swiss defence contractor RUAG MRO Holding, encrypting local systems while threatening to publish roughly 24 GB of company data including employee details and confidential military information. RUAG reports the incident is isolated to RUAG LLC thanks to autonomous IT systems and says other RUAG networks in Switzerland remain unaffected. Authorities had previously warned Swiss organizations about Akiras surge in ransomware activity, and RUAG is considering filing a criminal complaint as forensic investigat
Doctor Alliance LLC
November 4, 2025
•[ ransomware, data leak, phi ]
Threat actor Kazu claimed theft of 353GB (?1.24M files) from Doctor Alliance LLC and demanded a $200,000 ransom; sample includes scanned patient PHI.
At least one drinking water supplier in Britain
November 3, 2025
•[ cyberattack, critical infrastructure, ransomware ]
A Recorded Future News investigation based on freedom-of-information disclosures from the UK Drinking Water Inspectorate found that five cyberattacks have been reported against Britains drinking water suppliers since the start of 2024, a record number over two years. The incidents, which affected out-of-NIS-scope IT systems rather than the operational technology delivering safe water, were shared with the regulator as resilience risks even though they did not trigger mandatory reporting thresholds. The findings highlight growing concern in British intelligence circles about ransomware and other attacks on critical infrastructure and are feeding into a planned Cyber Security and Resilience Bill to strengthen reporting and defences across essential services.
OnSolve CodeRED platform
November 1, 2025
•[ ransomware ]
Risk management firm Crisis24 confirmed that its OnSolve CodeRED emergency notification platform suffered a cyberattack attributed to the INC Ransom group which caused a widespread outage of automated phone text and email alerts for city county and state agencies leaving many jurisdictions in the Saint Louis region and elsewhere to rely on manual channels while remediation efforts continue
Paterson & Dowding Family Lawyers
October 28, 2025
•[ ransomware, data leak ]
Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
Poltronesofà
October 27, 2025
•[ ransomware, data leak, phishing ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data leak ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
AT&T Careers HR portal
October 24, 2025
•[ ransomware, data leak, fraud ]
Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
AllerVie Health
October 24, 2025
•[ ransomware, data leak ]
AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
Muji
October 20, 2025
•[ ransomware ]
Muji halted online sales after Askul ransomware outage disrupted logistics operations
Kaufman County
October 20, 2025
•[ ransomware ]
County officials reported a cyberattack discovered Oct 20 that knocked out multiple IT systems, disrupting courthouse operations and online services while essential public safety remained online. Response included coordination with state/federal partners and public guidance about service interruptions.
Askul
October 19, 2025
•[ ransomware ]
Askul halted orders and shipments across sites after ransomware crippled systems
London Womens Clinic
October 19, 2025
•[ ransomware, data leak, dark web ]
Russian ransomware group Qilin reportedly broke into systems used by the London Womens Clinic which runs seventeen IVF and fertility centres across the United Kingdom and is believed to have exfiltrated large volumes of sensitive patient data after posting about the breach on dark web channels on October 19 2025 raising concerns for both private and NHS patients
Envoy Air (American Airlines)
October 17, 2025
•[ ransomware, data leak, vulnerability ]
Envoy Air confirmed it was hit in a broader Clop campaign abusing an Oracle EBS zero-day. Reuters notes a small amount of Envoy business information may have been accessed; Clop listed American Airlines, but the target was Envoy, AAs regional carrier. Primary impact: unauthorized access/data theft for extortion, not operational outage.
City of Elne (France)
October 15, 2025
•[ ransomware, data leak, nation-state ]
French press reports Russian-linked Qilin targeted Elne shortly after school attacks
Volkswagen Group France
October 14, 2025
•[ ransomware, data leak ]
Qilin gang claimed a ransomware attack on Volkswagen France with ~150GB of data allegedly stolen; investigation ongoing.
Methodist Church of Southern Africa
October 13, 2025
•[ ransomware, data leak ]
Ransomware actors claimed an attack on the Methodist Church of Southern Africa; verification and technical details remain limited.
Banco Hipotecario del Uruguay
October 13, 2025
•[ ransomware, data leak ]
Uruguayan bank BHU said attackers leaked user data and demanded payments; reports attribute incident to Crypto24 group.
Omrin
October 13, 2025
•[ ransomware ]
Ransomware hit Friesland waste processor Omrin, forcing closures of associated thrift shops and disrupting services.
Undisclosed Croatian Company
October 8, 2025
•[ ransomware ]
Croatian DPA (AZOP) fined a company after a ransomware attack compromised parts of its IT systems.
