Unnamed internet service provider (ISP) from Eastern Asia
January 21, 2025
•[ hack, ddos, technology ]
Cloudflare says it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date.
Rostelecom
January 21, 2025
•[ leak, technology ]
A major Russian telecommunications provider, Rostelecom, says that it is investigating a suspected cyberattack on one of its contractors after threat actors from Silent Crow claim to have leaked the company's data.
Otelier
January 17, 2025
•[ leak, misconfiguration, technology ]
Hotel management platform Otelier suffers a data breach after threat actors breached its Amazon S3 cloud storage to stole millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.
Apex Custom Software
January 16, 2025
•[ ransomware, malware, technology ]
Apex Custom Software is hit with a ransomware attack.
Multiple organizations in the Crypto Space
January 15, 2025
•[ espionage, financial, finance ]
Researchers at SecurityScorecard uncovered Operation 99, a campaign by the Lazarus Group, North Koreas state-sponsored hacking unit, targeting software developers looking for freelance Web3 and cryptocurrency work.
SURF Network
January 15, 2025
•[ ddos, technology ]
DDoS-aanval: De getroffen instellingen hebben last van een trage of zelfs helemaal geen verbinding. Door de grote hoeveelheid verkeer kunnen ook instellingen die buiten Brabant en Limburg op hun netwerk zitten hinder ondervinden.
FortiGate devices
January 14, 2025
•[ leak, misconfiguration, technology ]
A new group dubbed "Belsen Group" leaks the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web in a 1.6 GB archive, allegedly obtained exploiting CVE-2022-40684.
Infobis
January 13, 2025
•[ hack, technology ]
Ukrainian threat group Cyber Anarchy Squad takes responsibility for an attack against Russian agricultural tech firm Infobis, which purportedly leads to the theft of 3 TB of data in addition to infrastructure damage.
Grinding Gear Games (developer of Path 2 Exile 2)
January 13, 2025
•[ hack, technology ]
Path of Exile 2 developers confirm that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November.
Multiple Organizations
January 13, 2025
•[ ransomware, misconfiguration, technology ]
Researchers at Halcyon identify a new ransomware campaign targeting Amazon S3 buckets, and leveraging AWS' Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it.
LandAirSea
January 12, 2025
•[ hack, technology ]
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Crimean Telecom Operators
January 10, 2025
•[ hack, ddos, technology ]
A massive DDoS attack is targeting major fixed-line and mobile network operators in Crimea, according to the Ministry of Internal Policy, Information and Communications... RIA Novosti, January 11, 2025
GroupGreeting[.]com
January 9, 2025
•[ hack, technology ]
Researchers at Malwarebytes discover zqxq, a widespread cyberattack that compromised GroupGreeting[.]com, a popular platform used by major enterprises to send digital greeting cards.
Nodex
January 6, 2025
•[ hack, leak, technology ]
Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announce they had breached Russian internet service provider Nodex's network and wiped hacked systems after stealing sensitive documents.
Japan Weather Association
January 5, 2025
•[ hack, technology ]
The Japan Weather Association said on Thursday it was hit by a cyberattack that rendered its information website inaccessible for over nine hours from around 7 a.m.
T1 Esports
January 5, 2025
•[ hack, ddos, technology ]
Recently, Team T1 has trended due to being targeted by DDoS attacks and targeted again in 2025.
Gravy Analytics
January 4, 2025
•[ leak, technology ]
Gravy Analytics, a major player in the location data broker market confirms to Norway's Data Protection Authority that it was breached by a threat actor who obtained an unknown number of files.
Triplegangers
January 4, 2025
•[ hack, misconfiguration, technology ]
OpenAI was sending tens of thousands of server requests trying to download Triplegangers' entire site which hosts hundreds of thousands of photos.
Gravy Analytics
January 4, 2025
•[ hack, technology ]
Gravy Analytics, a major player in the location data broker market confirms to Norway's Data Protection Authority that it was breached by a threat actor who obtained an unknown number of files.
NTT Docomo
January 2, 2025
•[ hack, technology ]
Japan's largest mobile carrier, NTT Docomo, reports that it is working to restore services after a cyberattack temporarily disrupted operations.
