AirNet (St. Petersburg ISP)
July 30, 2025
•[ ddos, technology ]
DDoS attack attributed to IT Army of Ukraine caused an outage across AirNets entire network in St. Petersburg; Roskomnadzor and GlobalNet assisted in mitigation.
Orange Belgium S.A.
July 30, 2025
•[ hack, technology ]
On July 30, 2025, Orange Belgium S.A. suffered a cyberattack that compromised data from approximately 850,000 customers. Exposed information included names, phone numbers, SIM card and PUK codes, and tariff plan details. Passwords, email addresses, and financial information were not affected. The incident was disclosed publicly on August 20, 2025, and is separate from other Orange Group cyber incidents.
Pi-hole (donations site)
July 28, 2025
•[ phishing, misconfiguration, technology ]
Donor names/emails shown in page source due to GiveWP plugin flaw; donors began reporting phishing on July 28; Pi-hole post-mortem confirms exposure and no payment data affected.
Cisco.com Registered Users
July 24, 2025
•[ social, phishing, technology ]
A voice phishing (vishing) call tricked a Cisco representative into granting access to a third-party CRM system on July 24, 2025. Attackers exfiltrated basic profile information of Cisco.com users (names, emails, phones, addresses, account metadata). No passwords or sensitive data affected; actor remains unknown. Breach discovered by August 5, 2025.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
Automated Business Solutions (ABS)
July 16, 2025
•[ hack, technology ]
ABS reported unauthorized network access (July 1617, 2025); investigation confirmed on Aug. 22 that names, SSNs, and bank account data were copied; notifications and Equifax monitoring offered.
Workday Inc. (via undisclosed third-party CRM)
July 10, 2025
•[ hack, technology ]
Workday disclosed in Aug 2025 that hackers accessed a third-party CRM system, stealing personal data of ~1.6M people linked to enterprise customers; core HR/payroll systems were unaffected.
Multiple Russian Entitites
July 9, 2025
•[ financial, ddos, technology ]
A DDoS attack by Ukrainian military intelligence disabling fuel payment services (fuel cards), taking down infrastructure of Rostelecom, Lukoil, KCorp, etc., causing disruption in fuel card functionality; over 700 switches and 13 servers in two data centers disabled; financial damage estimated at US$13 million.
Vietnam Airlines
June 20, 2025
•[ hack, leak, technology ]
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
Catwatchful
June 9, 2025
•[ espionage, sqlinjection, technology ]
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
Microsoft Outlook / Office 365 Customers
June 1, 2025
•[ social, phishing, technology ]
Threat actors abused Proofpoint and Intermedia email-link wrapping services to deliver phishing emails posing as Teams notifications and voicemails, leading to theft of Microsoft Outlook / Office 365 login credentials from global users. No encryption occurred; actor identity unknown.
WhatsApp/Apple
June 1, 2025
•[ espionage, malware, technology ]
A zero-click spyware campaign exploited WhatsApp and Apple zero-day flaws, infecting fewer than 200 civil society individuals globally between June and August 2025. Attackers likely state-sponsored.
ColoCrossing
May 24, 2025
•[ leak, misconfiguration, technology ]
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
SonicWall
May 9, 2025
•[ hack, brute-force, technology ]
Threat actors brute-forced the MySonicWall portal and accessed cloud backup firewall preference files for a subset of customers (<5%). SonicWall terminated access, issued Essential Credential Reset guidance, and involved law enforcement. Risk centers on reuse of secrets/config intelligence for follow-on compromises.
Ualabee
May 6, 2025
•[ leak, misconfiguration, technology ]
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
Multiple devices at undisclosed telecommunications firm(s)
May 1, 2025
•[ social, hack, phishing ]
UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in Canada using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
Multiple devices at undisclosed telecommunications firm(s)
May 1, 2025
•[ social, espionage, phishing ]
UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in France using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
Multiple devices at undisclosed telecommunications firm(s)
May 1, 2025
•[ social, hack, malware ]
UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United Arab Emirates using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
Multiple devices at undisclosed telecommunications firm(s)
May 1, 2025
•[ social, hack, malware ]
UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United Kingdom using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
Multiple devices at undisclosed telecommunications firm(s)
May 1, 2025
•[ hack, social, malware ]
UNC1549 (Subtle Snail) compromised multiple devices at an undisclosed telecommunications firm in United States of America using LinkedIn job-lures and the MINIBIKE backdoor; Azure-hosted C2 infrastructure was observed. No confirmed data exfiltration volumes or operational disruption reported.
