Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
SuperGrosz
November 3, 2025
•[ vulnerability exploit, cryptocurrency theft, phishing ]
On 3 November 2025, attackers exploited faulty access-control logic in Balancer's V2 Composable Stable Pools to drain more than $100 million in cryptocurrency, with blockchain security firms estimating overall losses above $120 million and at least $99 million in ETH. Balancer acknowledged the exploit, began a forensic investigation and placed any pools it could pause into recovery mode while warning customers about phishing messages spoofing its security team. Partner platforms such as Berachain temporarily halted their networks and froze some of the stolen funds as they worked to protect user assets across the wider DeFi ecosystem.
GlobalLogic
October 1, 2025
•[ ransomware, data leak, extortion ]
cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
Undisclosed Government Agency
September 15, 2025
•[ nation-state, data leak, vulnerability exploit ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed government agency where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Belgian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Belgian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Dartmouth College
August 9, 2025
•[ data leak, ransomware, vulnerability exploit ]
Dartmouth College confirmed that attackers exploited its Oracle E-Business Suite instance between August 9 and 12, 2025 and exfiltrated files containing personal and financial information, including Social Security numbers. Nearly 1,500 Maine residents and over 31,000 New Hampshire residents were impacted. Cl0p later leaked 226 GB of allegedly stolen data.
Netherlands Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ cyberattack, vulnerability exploit, state-sponsored attack ]
Strong indications that Russia was behind a cyberattack exploiting a Citrix vulnerability; the OM took systems offline on July 17 as a response; extent of data access not yet disclosed.
Cock.li
June 14, 2025
•[ data leak, vulnerability exploit, email accounts ]
The Germany-based email provider Cock.li confirmed that a hacker exploited a vulnerability in its Roundcube webmail application.
UCLH & University Hospital Southampton NHS Trusts
May 29, 2025
•[ vulnerability exploit, data leak ]
Hackers exploited a critical Ivanti EPMM flaw affecting two NHS trusts; data theft involved staff device details, with no patient data accessed according to UCLH; NHSE investigating.
Digital Realty
March 1, 2025
•[ state-sponsored attack, espionage, vulnerability exploit ]
The Ministry of State Security (MSS)linked group Salt Typhoon infiltrated Digital Realty and other data-center operators in early 2025 by exploiting vulnerabilities in network-appliance infrastructure and stolen credentials. Microsoft attributed the campaign to PRC state-sponsored espionage targeting Western critical-infrastructure providers.
Barts Health NHS
January 8, 2025
•[ ransomware, data leak, vulnerability exploit ]
Barts Health NHS Trust confirmed that the Cl0p ransomware group exploited a vulnerability in Oracle E-Business Suite to access and steal files from one of its invoice databases. The stolen material was described as including patient names and addresses associated with billed care, records related to former staff with unresolved salary issues, and supplier payment details (much of which is already public). The breach was reported as occurring in August 2025 and was not detected until later when data appeared on the threat actors leak site. Barts stated that core clinical systems and electronic patient records were not affected, and it reported the incident to relevant UK authorities and regulators while taking steps to limit further dissemination.
Hertz Global Holdings
December 1, 2024
•[ data leak, supply chain attack, vulnerability exploit ]
Hertz confirmed that customer personal data was stolen through exploitation of zero-day vulnerabilities in its vendor Cleo Communications managed file transfer platform between October and December 2024. The company completed analysis on April 2 2025 and disclosed the breach publicly on April 10 2025. The compromised data included names, contact information, drivers license numbers, and limited payment and identification information. No encryption or operational disruption was reported.
Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Belgian State Security Service (VSSE)
May 31, 2023
•[ data leak, nation-state attack, vulnerability exploit ]
China-linked threat actors compromised VSSEs Barracuda Email Security Gateway between February 2021 and May 2023, exfiltrating around 10% of all staff email communications and employee personal data. No encryption or operational disruption was reported.
