Undisclosed European drone manufacturer
March 25, 2025
•[ phishing, social engineering, malware ]
North Korean operators approached European defense engineers with fake job offers, delivering loaders that sideloaded ScoringMathTea and BinMergeLoader/MISTPEN to exfiltrate proprietary UAV designs and manufacturing know-how. Intelligence-collection focus; campaign targets several firms rather than one discrete victim record.
Pump.fun X account
February 26, 2025
•[ account takeover, social engineering, cryptocurrency scam ]
The official X account of Pump.fun was hijacked on February 26, 2025, and used to promote a fake governance token named PUMP and other scam cryptocurrencies, misleading users and causing financial harm before the fraudulent posts were removed and access was restored.
Charles County Public Schools
February 26, 2025
•[ social engineering, account compromise, payroll fraud ]
Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
Urban One, Inc.
February 13, 2025
•[ ransomware, social engineering, data leak ]
Ransomware group Cactus gained access to Urban Ones internal HR and payroll servers via social-engineering intrusion beginning February 2025, exfiltrating employee PII and financial data; company confirmed breach and notified affected staff.
Insight Partners
January 16, 2025
•[ ransomware, social engineering, data leak ]
On January 16, 2025, Insight Partners detected a cyberattack following a social engineering intrusion first traced to October 2024. Attackers exfiltrated sensitive files related to funds, management companies, portfolio companies, banking and tax records, and personally identifiable data of employees, partners, and investors. More than 12,000 individuals were affected. The incident escalated into a ransomware attack, with systems partially encrypted before containment. No named threat group has been identified, but the actor is criminal and financially motivated.
Coinbase users
December 1, 2024
•[ phishing, social engineering ]
Between December 2024 and January 2025, criminal phishing campaigns impersonating Coinbase support stole approximately $65 million in cryptocurrency from hundreds of users worldwide. Attackers used fake login pages, wallet-draining scripts, and social-engineering messages to capture credentials and bypass two-factor authentication. Coinbase confirmed that its own systems were not breached.
