T1 Esports
January 5, 2025
•[ hack, ddos, technology ]
Recently, Team T1 has trended due to being targeted by DDoS attacks and targeted again in 2025.
Gravy Analytics
January 4, 2025
•[ hack, technology ]
Gravy Analytics, a major player in the location data broker market confirms to Norway's Data Protection Authority that it was breached by a threat actor who obtained an unknown number of files.
Triplegangers
January 4, 2025
•[ hack, misconfiguration, technology ]
OpenAI was sending tens of thousands of server requests trying to download Triplegangers' entire site which hosts hundreds of thousands of photos.
Gravy Analytics
January 4, 2025
•[ leak, technology ]
Gravy Analytics, a major player in the location data broker market confirms to Norway's Data Protection Authority that it was breached by a threat actor who obtained an unknown number of files.
NTT Docomo
January 2, 2025
•[ hack, technology ]
Japan's largest mobile carrier, NTT Docomo, reports that it is working to restore services after a cyberattack temporarily disrupted operations.
InfoCert via Third Party Ticketing Vendor
January 2, 2025
•[ hack, leak, technology ]
I dati sottratti messi in vendita sul dark web. L'azienda provider di servizi di identit digitale rassicura:Informazioni sottratte sono quelle delle richieste di assistenza clienti, i dati di accesso a InfoCert non sono stati compromessi
Kong Inc.
January 2, 2025
•[ hack, malware, technology ]
An attacker accesses Kong's DockerHub account and replaces the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version containing malicious code that enabled cryptojacking.
Cell C
January 1, 2025
•[ ransomware, technology ]
Cell C said that the threat actors that breached its systems and stole a limited amount of customer data identified themselves as the RansomHouse hacking group.
Discord
January 1, 2025
•[ hack, technology ]
third-party customer support services hacked
Nominet
January 1, 2025
•[ hack, technology ]
Nominet, the official .UK domain registry and one of the largest country code registries, confirms that its network was breached two weeks ago using CVE-2025-0282, an Ivanti VPN zero-day vulnerability.
Fraunhofer Institute for Industrial Engineering IAO
December 27, 2024
•[ ransomware, malware, technology ]
On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.
Undisclosed U.S. telecommunications company
December 27, 2024
•[ hack, technology ]
A White House official adds a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
Speedio
December 24, 2024
•[ leak, misconfiguration, technology ]
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
CyberHaven
December 24, 2024
•[ hack, malware, technology ]
Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.
Multiple Organizations
December 19, 2024
•[ hack, malware, technology ]
The developers of Rspack reveal that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Microsoft/Google
December 15, 2024
•[ hack, sqlinjection, technology ]
The GhostRedirector group stealthily hijacked Windows servers using malwareRungan and Gamshento inject SEO content visible only to Googlebot, boosting gambling site rankings without user impact. Servers were targeted via SQL injection and privilege escalation exploits.
BitView
December 14, 2024
•[ insider, misconfiguration, technology ]
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
Telecom Namibia
December 11, 2024
•[ ransomware, malware, technology ]
Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
BeyondTrust
December 8, 2024
•[ hack, technology ]
Privileged access management company BeyondTrust suffers a cyberattack after threat actors breached some of its Remote Support SaaS instances.
BT Group
December 4, 2024
•[ ransomware, technology ]
BT Group confirmed that its BT Conferencing services were impacted in a ransomware incident by Black Basta.
