Nation-state

Threat actor s1ic3r leaks 175MB of IC schematics and IP from Shanghai Fudan Microelectronics.

Shanghai Fudan Microelectronics breach leaks 175MB of IC schematics and internal documents.

Bitter APT group conducts hack-for-hire spyware campaign targeting MENA journalists with ProSpy Android malware.

Actor coderx leaked 758MB database from Eastern Illinois University, citing retaliation for Iranian university attacks.

Threat actors claim to be selling financial data from SUFI, a Grupo Bancolombia financing company.

Initial access broker sells root RCE access to US aerospace/defense firewall for $1,000.

Threat actor NormalLeVrai selling alleged Service Telecom database with 2.8M user records and source code.

Microsoft attributes Medusa ransomware deployments to Storm-1175 exploiting N-day and zero-day vulnerabilities.

Threat actor sells 1.2M French banking records with IBANs, SSNs, and tax IDs from 15+ banks.

IntelBroker threat actor repeatedly compromised FBI systems and leaked sensitive data.

NyxarGroup allegedly selling stolen Colombian government personal data online.

Threat actor Florence selling root RCE access to Botswana health portal firewall for $300.

Threat actor offers root RCE shell access to Botswana government health portal firewall for $300.

Threat actor claims breach of Uruguayan Plan Ceibal, exposing 1.2M CREA users and 1M device records.

Threat actor Lvn4t1k0 leaks teacher and student data from Mexican education institution CONALEP Morelos.

Banco Agrario de Colombia internal databases allegedly leaked by Petro_Escobar and NyxarGroup.

Medusa ransomware group exploits zero-days and fresh vulnerabilities to breach 300+ organizations within days.

Hong Kong police gain power to force encryption key disclosure under National Security Law.

Hong Kong police gain legal power to compel encryption key disclosure.

German police identify Russian national as REvil/GandCrab ransomware leader.

German authorities identify two Russian nationals as leaders of GandCrab and REvil ransomware operations.

NyxarGroup breaches Colombia's Huila Department government extranet, exposing officer data and municipal records across

North Korean hackers stole $280M from Drift Protocol via 6-month social engineering and insider compromise operation.

Storm-1175 exploits recently disclosed vulnerabilities to deploy Medusa ransomware in high-velocity campaigns.

Threat actor claims to sell complete Mexican SAT taxpayer database with 13M+ records for $300.

Threat actor leaks Mexico Ministry of Health employee data including RFC and CURP identifiers.

North Korean UNC1069 targets Node.js maintainers with social engineering to compromise NPM packages.

German BKA identifies two REvil ransomware leaders behind 130 attacks in Germany.

Germany identifies Daniil Maksimovich Shchukin as UNKN, leader of GandCrab and REvil ransomware gangs.

Threat actor leaks internal databases from Colombian financial institutions with customer data.

Syrian government X accounts hijacked in March, revealing systemic cybersecurity failures and credential reuse.

North Korean UNC1069 compromised Axios npm maintainer via social engineering to publish malicious package versions.

US financial firm with $2B+ revenue's root firewall access allegedly sold by initial access broker.

Paraguay's Civil Status Registry database allegedly offered for sale by GordonFreeman on cybercrime forum.

UNC1069 targets Node.js maintainers via fake LinkedIn/Slack profiles to compromise npm packages.

BRUSHWORM malware spreads via USB drives using deceptive filenames targeting South Asian financial institutions.

Russian darknet forum Rehub infrastructure details leaked including IP and domain.

CERT-EU attributes European Commission breach to TeamPCP; ShinyHunters leaked 92GB of stolen data.

EU executive branch suffers cyberattack and data breach attributed to TeamPCP cybercriminal group.

Threat actor allegedly offers initial access to Iraqi education platform, African government system, and Chinese

Threat actor allegedly offers initial access to US MSP, government contractor, Saudi ministry, and Asian POS provider.

Insikt Group report on 2025 LAC cybercrime landscape reveals 452 ransomware incidents targeting Brazil, Mexico,

Saudi Arabia's Chamber of Commerce data breach exposes ~478k business contact records on cybercrime forum.

Qilin ransomware group claims attack on Die Linke German political party, threatens data leak.

8.3M police tipline records from US and Canada allegedly breached and sold on cybercrime forum.

80M Vietnamese phone numbers and 70M voice recordings leaked on cybercrime forum.

TeamPCP supply chain attacks expand as ShinyHunters and Lapsus$ claim involvement.

Chinese hackers exploit TrueConf zero-day in Asian government attacks via compromised update server.

UNC1069 social engineered Axios npm maintainer to publish trojanized package versions.

Drift loses $285M in sophisticated durable nonce social engineering attack linked to North Korea.