WhiteDate
January 2, 2026
•[ hacktivism, data leak, data destruction ]
Reporting describes a hacktivist using the pseudonym Martha Root who infiltrated an extremist dating website and related sites and later demonstrated deleting them live on stage during the Chaos Communication Congress. The coverage indicates the actor used automated tools/AI chatbots to extract and download user profile information and then published the acquired dataset. As described, the incident combined disruptive impact (site/service deletion) with unauthorized access and data acquisition affecting site users.
LawPavilion
January 1, 2026
•[ data breach, unauthorized access, data leak ]
Unauthorized actors accessed systems associated with the Nigerian legal technology platform LawPavilion and exposed a database containing user account information affecting approximately 63,000 users, with no reported operational disruption.
Tokyo FM Broadcasting Co., LTD
January 1, 2026
•[ data leak, personal information, telemetry ]
HackRead reported that on January 1, 2026 an actor using the alias victim claimed to have breached Tokyo FMs private computer systems and stolen data exceeding three million records. The stolen dataset was described as containing personal details (full names, birthdays, email addresses) plus technical telemetry (IP addresses and user-agent strings). The actor also claimed to have obtained internal system login IDs and information related to individuals jobs. The report emphasized that the claim was listed as pending verification at the time of publication, but Tokyo FM was described as investigating the allegation.
Missouri State Government Employee Self-Service
December 31, 2025
•[ unauthorized access, forensic investigation, financial fraud prevention ]
Missouris Office of Administration temporarily shut down the Employee Self-Service portal to contain suspicious activity and support a forensic investigation. The agency said the incident was highly localized and involved 47 accounts, and that fraud protection systems detected the unauthorized activity and prevented unauthorized transactions. Reporting noted the issue centered on an unauthorized attempt to access workers deferred savings account information and that the portal remained offline while the state worked to restore service before the next pay date, with contingency plans for pay stubs and W-2 access if downtime continued.
Sports Medicine and Orthopedics
December 30, 2025
•[ ransomware, data leak, healthcare ]
Sports Medicine & Orthopaedics, a now-closed practice in East Providence, Rhode Island, reported that it was impacted by a ransomware incident in October 2025. Reporting indicates the attack exposed personal and health-related information for roughly 4,000 patients, prompting the practice to issue breach notifications after it had already shut down operations. Public accounts describe a ransomware-driven compromise that resulted in unauthorized access to patient information (typical elements in these incidents include identifiers and clinical/billing-related data), with the key confirmed impact being exposure of patient data tied to the practice rather than a long-running operational outage (since the practice was shuttered).
Southern Oregon Neurosurgery
December 30, 2025
•[ email compromise, hacking, data leak ]
Southern Oregon Neurosurgery (Southern Oregon Neurosurgical and Spine Associates, PC) disclosed a hacking incident that stemmed from an email breach and affected at least 1,000 individuals. According to reporting, the incident occurred in November 2025; the organization said its IT staff isolated the issue immediately once identified. The breach was reported to HHS as a hacking/IT incident involving email, indicating unauthorized access to email content (and potentially attachments) that contained patient-related information. While public reporting did not enumerate every exposed field, the confirmed impact is unauthorized access via email compromise with resultant exposure risk to individuals whose information was present in the affected mailbox(es).
Unleash Protocol
December 26, 2025
•[ Theft, Cryptocurrency, Smart Contract Exploit ]
Unauthorized multisig takeover allowed attacker to deploy a malicious contract upgrade and drain protocol funds, which were later laundered through Tornado Cash.
Kamunikat.org
December 25, 2025
•[ unauthorized access, data destruction ]
An attacker obtained administrator-level access to Kamunikat.org and deleted several thousand publications and news items from the online library before access was blocked and restoration began.
At least one Russian Manufacturing Company
December 22, 2025
•[ unauthorized access, industrial operations ]
A manufacturing company based in Russia was affected by a cyber incident involving unauthorized access to corporate systems and potential disruption to industrial operations.
At least one organization in the energy sector
December 16, 2025
•[ energy sector, unauthorized access, operational disruption ]
An organization operating in the energy sector was targeted by cyber activity that sought to access or interfere with systems supporting energy operations.
Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary)
December 15, 2025
•[ ransomware, unauthorized access, data leak ]
Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
Raaga
December 15, 2025
•[ data leak, unauthorized access, credential stuffing ]
Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Precipio Inc.
November 23, 2025
•[ unauthorized access, data leak, protected health information ]
Precipio posted a Notice of Data Event stating it learned on or about November 25, 2025 that an unauthorized user accessed an employees cloud-based storage account. The companys investigation (with third-party cybersecurity specialists) determined the unauthorized access occurred on or around November 23, 2025 and that certain files in the account were copied without authorization. Precipio stated the impacted information varies by person but may include identifiers and protected health information such as names, addresses, MRNs, DOB, clinical/treatment and procedure information, provider name, prescription information, and health insurance information. The notice said law enforcement was notified and that additional notifications would follow after file review completion.
French Football Federation (FFF)
November 22, 2025
•[ data leak, unauthorized access ]
The French Football Federation disclosed that an unauthorized party accessed administrative software on November 22 and exfiltrated personal and membership information for registered members; no operational disruption or actor attribution was identified.
