Strategic Retail Partners (SRP), a major North American merchandise distributor, experienced a ransomware attack in February 2025, with the Medusa gang claiming responsibility. The breach exposed sensitive personal data.

A significant data breach has impacted all users of SonicWall’s MySonicWall cloud backup service. Threat actors accessed firewall configuration backup files, potentially exposing encrypted credentials and configuration data.

Williams & Connolly, a prominent Washington, DC-based law firm, was breached by Chinese state-sponsored hackers who exploited a zero-day vulnerability to access a limited number of attorney email accounts.

A threat actor group identifying as Scattered Lapsus$ Hunters claimed responsibility for a massive data breach involving Australian telecom giant Telstra. The group claims to have exfiltrated over 100GB of PII.

The Institute of Culinary Education (ICE) has disclosed a ransomware attack affecting 33,342 individuals. The ransomware group Payouts King claimed responsibility, stating it exfiltrated 1.5 TB of data.

The Russia-based Qilin ransomware group added Asahi to its leak site, claiming responsibility for the attack. The group alleges the theft of 27 GB of sensitive data, including contracts, employee records, financial documents, and business forecasts.

BK Technologies, a manufacturer of mission-critical communication radios for police, fire, and military services, has disclosed a cyber intrusion that resulted in the compromise of internal systems and potential exposure of employee data.

DraftKings, a leading online sports betting and fantasy sports platform, has disclosed a security incident involving a credential stuffing attack that compromised an undisclosed number of user accounts.

A significant data breach at Doctors Imaging Group compromised the personal and medical information of over 171,000 individuals. Doctors Imaging Group experienced unauthorized access to its network between November 5 and November 11, 2024.

The Qilin ransomware group has claimed responsibility for a cyberattack on Mecklenburg County Public Schools (MCPS) in Virginia, which occurred in September 2025. The group alleges it exfiltrated 305 GB of sensitive data.