Vanta has started informing affected customers that their employee account data was incorrectly inserted into their Vanta instance and out of it into other customers’ instances.

Compassion Health Care (CHC), a healthcare provider in North Carolina, has disclosed a ransomware attack that compromised the personal and medical data of 23,282 individuals.

The North Face has disclosed a credential stuffing attack on its website, thenorthface[.]com, that occurred on April 23, 2025. This marks the fourth credential stuffing incident since 2020.

In May 2025, ColoCrossing experienced a data breach affecting its ColoCloud virtual server product. The breach exposed sensitive customer data, including email addresses, names, and password hashes.

Next Step Healthcare, a provider of nursing and rehabilitation services in Massachusetts, experienced a ransomware attack in June 2024 that compromised sensitive patient data.

A significant Distributed Denial-of-Service (DDoS) attack targeted Russian internet service provider ASVT, disrupting internet access for tens of thousands of residents in Moscow and surrounding areas.

A ransomware attack attributed to the Qilin group has targeted Botetourt County Public Schools (BCPS) in Virginia. The attackers claim to have exfiltrated 315 GB of sensitive data.

A sophisticated phishing campaign has been uncovered leveraging the legitimate infrastructure of Japanese ISP Nifty[.]com. This multi-wave operation bypassed traditional email defenses by exploiting trusted domains and authentication protocols.

ConnectWise has confirmed a cyberattack on its ScreenConnect remote access platform, attributed to a sophisticated nation-state threat actor. The breach affected a limited number of customers