Southern Oregon Neurosurgery
December 30, 2025
•[ email compromise, hacking, data leak ]
Southern Oregon Neurosurgery (Southern Oregon Neurosurgical and Spine Associates, PC) disclosed a hacking incident that stemmed from an email breach and affected at least 1,000 individuals. According to reporting, the incident occurred in November 2025; the organization said its IT staff isolated the issue immediately once identified. The breach was reported to HHS as a hacking/IT incident involving email, indicating unauthorized access to email content (and potentially attachments) that contained patient-related information. While public reporting did not enumerate every exposed field, the confirmed impact is unauthorized access via email compromise with resultant exposure risk to individuals whose information was present in the affected mailbox(es).
Unleash Protocol
December 26, 2025
•[ Theft, Cryptocurrency, Smart Contract Exploit ]
Unauthorized multisig takeover allowed attacker to deploy a malicious contract upgrade and drain protocol funds, which were later laundered through Tornado Cash.
Kamunikat.org
December 25, 2025
•[ unauthorized access, data destruction ]
An attacker obtained administrator-level access to Kamunikat.org and deleted several thousand publications and news items from the online library before access was blocked and restoration began.
QualDerm
December 23, 2025
•[ data breach, data leak, unauthorized access ]
SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.
At least one Russian Manufacturing Company
December 22, 2025
•[ unauthorized access, industrial operations ]
A manufacturing company based in Russia was affected by a cyber incident involving unauthorized access to corporate systems and potential disruption to industrial operations.
Navia Benefit Solutions, Inc.
December 22, 2025
•[ data breach, unauthorized access, personally identifiable information ]
BleepingComputer reported that Navia notified nearly 2.7 million people of a data breach after an investigation determined an unauthorized actor accessed and acquired certain information between December 22, 2025 and January 15, 2026; suspicious activity was discovered on January 23. Navia stated the exposed data can include full name, date of birth, Social Security number, phone number, email address, and benefits-administration details such as HRA participation, FSA information, and COBRA enrollment, while stating that claims and financial details were not exposed. The company reported notifying law enforcement and offering identity protection services.
At least one organization in the energy sector
December 16, 2025
•[ energy sector, unauthorized access, operational disruption ]
An organization operating in the energy sector was targeted by cyber activity that sought to access or interfere with systems supporting energy operations.
Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary)
December 15, 2025
•[ ransomware, unauthorized access, data leak ]
Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
Raaga
December 15, 2025
•[ data leak, unauthorized access, credential stuffing ]
Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.
Mazda Motor Corporation
December 15, 2025
•[ cyberattack, unauthorized access, data leak ]
SecurityWeek reported Mazda disclosed a mid-December cyberattack involving unauthorized access to a management system used for warehouse operations involving parts procured from Thailand. Mazda said 692 records tied to employees of Mazda and its group companies and business partners were compromised. Exposed data included company-issued user IDs, names, email addresses, company names, and business partner IDs. Mazda stated no customer data was affected because it is not stored in the compromised system and said attackers exploited security defects in the application, without naming the software or vulnerabilities.
Stockton Cardiology Medical Group
December 15, 2025
•[ unauthorized access, data leak, extortion ]
Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Precipio Inc.
November 23, 2025
•[ unauthorized access, data leak, protected health information ]
Precipio posted a Notice of Data Event stating it learned on or about November 25, 2025 that an unauthorized user accessed an employees cloud-based storage account. The companys investigation (with third-party cybersecurity specialists) determined the unauthorized access occurred on or around November 23, 2025 and that certain files in the account were copied without authorization. Precipio stated the impacted information varies by person but may include identifiers and protected health information such as names, addresses, MRNs, DOB, clinical/treatment and procedure information, provider name, prescription information, and health insurance information. The notice said law enforcement was notified and that additional notifications would follow after file review completion.
French Football Federation (FFF)
November 22, 2025
•[ data leak, unauthorized access ]
The French Football Federation disclosed that an unauthorized party accessed administrative software on November 22 and exfiltrated personal and membership information for registered members; no operational disruption or actor attribution was identified.
Harvard University
November 18, 2025
•[ phishing, vishing, data leak ]
Harvard University reported that a voice-phishing attack against Alumni Affairs and Development staff on November 18, 2025 led to unauthorized access to its AAD information systems, exposing contact details, fundraising records and event data for alumni, donors, parents, some students and some faculty and staff; the university locked out the intruder, notified affected individuals beginning November 22, and is working with law enforcement and incident response specialists.
