The Cloak ransomware group breached Baltimore City Public Schools’ IT systems on February 13, 2025, stealing sensitive data from over 25,000 students, staff, volunteers, and contractors dating back to 2010.
Continue Reading
The State Bar of Texas, which serves over 100,000 attorneys, suffered a ransomware attack between Jan. 28 and Feb. 9, 2025.
Continue Reading
A hacker known as Rose87168 is threatening to leak or sell data allegedly stolen from Oracle Cloud, claiming access to 6 million records across 140,000 tenants.
Continue Reading
Union County, Pennsylvania, confirmed a ransomware attack on March 13 that led to the exfiltration of residents’ personal data, including Social Security and driver’s license numbers.
Continue Reading
A hacker breached New York University’s website on March 22, replacing its homepage with racialized test score charts and links to datasets containing personal information on over 1 million applicants. Though the hacker claimed the data was redacted, cybersecurity experts confirmed that names, addresses, GPAs, emails, and more were exposed.
Continue Reading
Elon Musk’s social media platform X (formerly Twitter) experienced widespread outages on March 10, 2025, which Musk claimed stemmed from a “massive cyberattack” with IP addresses traced to Ukraine. The attack reportedly caused platform access issues for tens of thousands of users globally, with disruptions peaking around 10 a.m. ET and subsiding later in the day.
Continue Reading
Grubhub announced a data breach caused by unauthorized access via a third-party support provider’s account.
Continue Reading
The crypto industry suffered $73.9 million in losses from 19 hacks and exploits in January 2025, a ninefold increase from December, according to blockchain security firm Immunefi. However, losses were down 44.6% compared to January 2024.
Continue Reading
Conduent has confirmed a cybersecurity incident after multiple U.S. state agencies, including those in Wisconsin and Oklahoma, reported service outages. The Wisconsin Department of Children and Families noted that the disruption affected payments in at least four states and was linked to a “global network issue” at Conduent.
Continue Reading
A new ransomware threat called Codefinger is targeting Amazon Web Services (AWS) S3 users, leveraging AWS’s server-side encryption with customer-provided keys (SSE-C). Once attackers gain account credentials—often through reused or weak passwords—they encrypt user data with AES-256 keys that are not stored on AWS, making recovery impossible without the attacker’s key.
Continue Reading
