The Richmond Behavioral Health Authority in Virginia experienced a data breach, affecting 113,232 individuals. The compromised data includes names, SSNs, passport numbers, financial account information, and protected health information.

Rockrose Development, a prominent real estate developer, has notified 47,392 individuals of a data breach that occurred in July 2025. The breach, attributed to the Play ransomware group, compromised sensitive personal information.

PornHub has been targeted by the ShinyHunters extortion gang following a data breach at Mixpanel, a third-party analytics provider. The breach exposed the search and watch history of PornHub Premium members.

Askul Corporation, a major Japanese e-commerce company, suffered a ransomware attack by the RansomHouse group, resulting in the theft of approximately 740,000 customer records.

SoundCloud has confirmed a security breach affecting approximately 28 million accounts, which is 20% of its user base. The breach involved unauthorized access to a database containing user information.

A sophisticated adversary-in-the-middle (AiTM) phishing campaign has been identified, targeting Microsoft 365 and Okta users. The campaign bypasses multi-factor authentication (MFA) by hijacking legitimate single sign-on (SSO) authentication flows.

Fieldtex, a New York-based manufacturer, has notified 247,363 individuals of a data breach that occurred in August 2025. The breach, claimed by the ransomware group Akira, involved the theft of personal information.

A cyberattack on the Pierce County Library System in Washington has exposed the personal information of over 340,000 individuals. The breach, attributed to the INC ransomware gang, forced the library system to shut down all its systems.

An unsecured 16TB MongoDB database containing 4.3 billion professional records was discovered, posing a significant risk for large-scale AI-driven social engineering attacks. The database included LinkedIn-style data.

Rainbow Communications, a broadband provider in Kansas, experienced a ransomware attack by the group Inc, leading to service disruptions from November 16 to November 19, 2025. Inc claims to have stolen 200 GB of data.