Undisclosed Canadian Telecommunications Company
February 1, 2025
•[ data leak, vulnerability ]
Three network devices at a Canadian telecom were compromised in mid-Feb 2025 via Cisco IOS XE CVE-2023-20198; attackers retrieved configs and set up a GRE tunnel to collect network traffic; disclosed by Canadas Cyber Centre in June 2025.
Ascension
January 21, 2025
•[ data leak, vulnerability ]
Ascension disclosed a data breach linked to a former business partners software vulnerability; filings indicate 437,329 impacted individuals.
VeraCore (Advantive)
November 5, 2024
•[ data leak, vulnerability, web shell ]
The Vietnamese-linked cybercriminal group XE Group exploited two zero-day vulnerabilities (CVE-2024-57968, CVE-2025-25181) in the U.S. software vendor VeraCores warehouse management and fulfillment platform. Attackers uploaded web shells, maintained persistent access since 2020, exfiltrated configuration and system data, and executed commands on compromised servers, potentially exposing data from client organizations using VeraCore for logistics operations.
Multiple Ukrainian government and municipal organizations
September 25, 2024
•[ vulnerability, phishing, malware ]
A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited beginning September 25, 2024, by undetermined Russian-speaking cybercriminal actors via phishing and homoglyph-lure archives. Trend Micro and SecurityWeek confirmed at least nine Ukrainian government and public-service entities (including the Ministry of Justice, Kyiv Public Transportation, and water-utility systems) were compromised. The campaign delivered SmokeLoader malware through malicious archives bypassing Windows Mark-of-the-Web protections.
Medical Eye Services
August 30, 2023
•[ hack, vulnerability, healthcare ]
Medical Eye Services (MESVision) files a notice of data breach after discovering that MOVEit, a software program used by MESVision, contained a critical vulnerability that gave hackers access to confidential data in the company's possession.
Deloitte
July 26, 2023
•[ leak, vulnerability, technology ]
Deloitte confirms to be among the victims of a ctyber intrusion occurred exploiting the MOVEit vulnerability.
WellBe Senior Medical
February 1, 2023
•[ healthcare, vulnerability ]
WellBe Senior Medical joins the list of the victims of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
Twitter
July 22, 2022
•[ leak, vulnerability, technology ]
Twitter suffers a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000.
Korea Atomic Energy Research Institute
June 14, 2021
•[ espionage, vulnerability, government ]
South Korea's government-sponsored insitute for nuclear power research is hacked by North Korean actors exploiting a VPN vulnerability.
Yeshiva University
March 29, 2021
•[ leak, vulnerability, education ]
TA505 leaks the data belonging to the Yeshiva University stolen exploiting the Accellion vulnerability.
Mossack Fonseca
April 5, 2016
•[ hack, vulnerability, professional ]
Apparently the staggering leak of 2.6 TB from law firm Mossack Fonseca known as the Panama Papers seems to be due to a hack exploiting a Wordpress Vulnerability.
