At least one undisclosed e-commerce site (running Adobe Commerce / Magento 2)
October 22, 2025
•[ vulnerability, account takeover, skimming ]
Observed active attempts to hijack Magento/Adobe Commerce sessions via the SessionReaper flaw weeks after patches, enabling account takeover, checkout abuse, and skimmer deployment on e-commerce sites. This is broad criminal monetization activity against many sites; no single named victim with a confirmed primary effect, so not recorded as a discrete event.
Multiple Thai bank ATMs
May 28, 2025
•[ skimming, malware ]
Police arrested a Bulgarian for allegedly installing devices/malware on ATMs; article cites arrests rather than a confirmed disruptive/theft effect on a named victim org. Not coded as a cyberattack event.
City of Lubbock Utilities
January 6, 2025
•[ data leak, skimming ]
The City of Lubbock Utilities, Texas, reported that malicious code was injected into its third-party online utility payment portal between December 18, 2024 and January 6, 2025. The injected script presented a fake payment window that captured customers cardholder information. According to the Texas state breach portal and public notices, 12,503 Texans were affected. Compromised data included names, billing addresses, payment card numbers, expiration dates, and CVV codes. Officials confirmed no impact to internal systems or encryption of city data.
Santa Barbara County Department of Social Services
January 1, 2025
•[ skimming, theft, data leak ]
County reported widespread EBT skimming causing mass card cancellations and benefit delays for students and residents.
