Welcome to DBD. Cybercrime is making headlines globally. Attacks on well-known brands and organizations are raising public awareness of the severity, frequency and impact of cyber attacks. Proving cybercrime is growing at an alarming rate, DBD has recorded more ransomware attacks this year than any other, and we continue to provide visibility of these in our 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th October and 26th October 2025.22nd October
Attackers turn trusted OAuth apps into cloud backdoors
Brazilian “Caminho” Loader Turns Images into Malware Delivery Chain
China accuses US of cyberattack against National Time Service Center
Companies want the benefits of AI without the cyber blowback
Cyber attack costs Jaguar Land Rover dearly
Cyber attack on Jaguar Land Rover 'most financially damaging' in UK history, experts say
Cyberattack Disrupts Operations at Heywood and Athol Hospitals in Massachusetts
DisplayMedia and DMCware Admin Access and Database Sale
ExtraHop Report Finds Ransomware Payouts Hit Record Highs as Attackers Adapt
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
Figment POS Data Breach Results in Stolen Source Code
For blind people, staying safe online means working around the tools designed to help
Gerar Targeted in Massive Data Breach
Half of 2025 ransomware attacks hit critical sectors as manufacturing, healthcare, and energy top global targets
How “Unseeable Prompt Injections” Threaten AI Agents
Impact of Jaguar Land Rover (JLR) cyber attack estimated at almost £2 billion, say industry experts
India: dmwapp Data Breach Exposes User and Payment Records
Information Commissioner’s Office (ICO) insists it was right not to investigate Ministry of Defence (MoD) data breach
Integris Health reaches $30 million settlement in data breach lawsuit affecting 2.4 million patients
Jaguar Land Rover (JLR) cyber attack causes record £1.9 billion UK impact
Jaguar Land Rover (JLR) cyber attack 'most financially damaging ever to hit the UK'
Jaguar Land Rover cyber attack the costliest in UK history
Jaguar Land Rover Cyber-attack Estimated to be the Most Costly in UK History
Jaguar Land Rover (JLR) hack is costliest cyber attack in UK history, say analysts
Jaguar Land Rover (JLR) hack UK's Costliest Ever, Hitting Economy with £1.9 Billion Loss
Life, death, and online identity: What happens to your online accounts after death?
Lithuanian police bust major bot farm, 75K SIM cards seized
Major crypto platforms team up against phishing threat
Nintendo Confirms Data Breach After Hacker Group Claims Theft of Sensitive Corporate Data
Patron Insurance confirms data breach after Akira ransomware attack exposes sensitive information
Phishing Scams Weaponize Common Apps to Fool Users
Protecting Payments: How a Multilayer Defense Addresses Modern Banking Scams
Qilin Ransomware Attack Hits Northern Light Technologies and ATR
Ransomware Attack on Askul Disrupts Muji’s Retail Operations
Ransomware Attacks Escalate in APAC Targeting VPN Flaws, Microsoft 365 Logins, Python Scripts
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Resilience After the Breach: 6 Cyber Incident Response Best Practices
Retail Cyberattacks Reveal Hidden Weaknesses In Supply Chain Security
Scattered Lapsus$ Hunters Signal Shift in Tactics
Security Leaders Discuss Cyberattack on American Airlines Subsidiary
Sharepoint ToolShell attacks targeted orgs across four continents
South Korea: 59 Repatriated from Cambodia Arrested in Voice Phishing Crackdown
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
TikTok could quietly give Immigration and Customs Enforcement (ICE) and Department of Homeland Security (DHS) your IP address
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
UK data regulator defends decision not to investigate MoD Afghan data breach
Vidal Health Insurance TPA Data Breach Exposes Patient Data
Vivid Infotech Data Breach Exposes US User Information
Why You Should Swap Passwords for Passphrases
21st October
52% of Attacks Driven by Ransomware and Extortion
76 Percent of Organizations Struggle to Match the Speed of AI-Powered Attacks
A detailed investigation into the TechCorp data breach incident
‘A few unrecorded meetings and a handshake’: Damning verdict of probe into major Afghan data breach
A shot in the dark: Can malware vaccines stop ransomware's rampage?
AdaptixC2 spread through malicious npm package
Agentic AI security: Building the next generation of access controls
AI ransomware attacks are coming
AI-driven social engineering surpasses ransomware as leading cybersecurity concern
AI-enabled ransomware attacks: CISO’s top security concern - with good reason
AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd
AI-powered ransomware & cybercrime booming across Asia-Pacific and Japan (APJ) region
Amazon Web Services (AWS) Outage May Trigger Surge in Phishing Attacks, Experts Warn
American Airlines Subsidiary Suffers Data Breach
Apple alerts exploit developer that his iPhone was targeted with government spyware
Attackers abusing OAuth to maintain access long after passwords are reset
Barracuda uncovers an emerging, stealthy and persistent phishing-as-a-service kit
Bombay High Court Restrains Hackers After Ransomware Attack On Generali Central Life Insurance
Bombay High Court Restrains restrains 'John Doe' hacker from selling company data
Bovavet Data Breach Exposes 18k User Records
Canada: Fraudsters targeting St. John’s residents with fake parking tickets is just latest scam, warns mayor
China Alleges US Hacked National Time Center
Chinese marketplaces drive e-crime as Australia emerges as a top regional ransomware target
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
CISA Warns of Active Exploitation of Critical Windows SMB Flaw CVE-2025-33073
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
City of Hope Settles Class Action Data Breach Lawsuit
Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution
CrowdStrike Highlights AI Role in Ransomware Surge Across Asia-Pacific and Japan (APJ)
Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
Cyber Attack on Generali Insurance: Bombay High Court Bars ‘Medusa’ Hacker from Data Leak
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Cyberattack on Askul halts e-commerce for Muji, Loft and Sogo & Seibu in Japan
Cybercriminals turn to stealth to bypass malware detection
Desjardins Data Breach: Million Quebecers’ Information Resurfaces on Dark Web
Dodo, iPrimus data breach sees email and SIM cards hacked
Dutch regulator fines Odido €1.5 million for inadequate wiretapping system security
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Envoy Air Confirms Cyberattack Linked to Clop Ransomware Group
Eticex Hosting Data Breach Exposes Customer Databases
Europol Cracks Massive $5.7 Million Crypto Phishing Network
Europol Dismantles Major Crypto Phishing Ring Behind $5.7 Million in Thefts
ExtraHop report finds ransomware payouts hit record highs as attackers adapt
Federal judge reduces fine for spyware company NSO Group from $167 Million to $4 Million
For Ransomware, Payouts Go Up While Attacks Decline
Germany Suffers More Hacker Attacks Than Any Other EU Country
Global Ransomware Attacks Against Critical Industries Surge 34% in 2025
Google finds Russian state hackers replacing burned malware with new tools
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
Google introduces agentic threat intelligence for faster, conversational threat analysis
Hackers actively exploiting Windows SMB flaw, gaining SYSTEM privileges over networks
Hackers are now a serious risk to patients' lives as NHS records the first death due to a cyber crime
Hackers threaten to drop 47GB of top golf brand’s secrets
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
Home Depot Halloween Phishing Scam Uses Fake Giveaway to Steal Personal and Financial Information
How ransomware economics drives the global cybercrime industry
How To Counter Evolving Cybersecurity Threats: The North Korean IT Worker Edition
India: High Court grants protection to Generali Central Life Insurance after ransomware attack
India Faces Highest Ransomware Threat In Asia-Pacific and Japan (APJ) Region
Infrastructure gaps expose South African firms to cyber attacks
Integris Health reaches $30M class action data breach settlement
Ireland: Just half of office workers confident in spotting phishing attacks
Ireland: Office workers most concerned about AI phishing scams but only half say they would spot threat, survey shows
Japan Retailers Halt Online Sales on Supplier Cyber Attack
Japanese retailer Muji halted online sales after a ransomware attack on logistics partner
Kenya: Safaricom Data Breach Case Heads to High Court After Settlement Talks Collapse
Kettering Health Confirms Data breach Exposed Patient and Staff Data
Legal aid lawyers 'entitled to cyber attack compensation'
LOSTKEYS Malware Identified as Product of Russian State Hacker Unit COLDRIVER
Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign
Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams
Ministry of Defence (MoD) investigating another contractor breach
ModMed Data Breach Affects PII & PHI
Monolock Ransomware Allegedly Being Sold by Threat Actors on Dark Web
Muji halts online sales after ransomware attack on supplier
Muji's minimalist calm shattered as ransomware takes down logistics partner
New LOSTKEYS Malware Linked to Russia State-Sponsored Hacker Group COLDRIVER
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins
New Phishing-as-a-Service ‘Whisper 2FA’ Targets Microsoft 365, Barracuda Warns
New York: Attorney general reaches $60K settlement with accounting firm over data breach
NJ Lenders Corp Data Breach Compromises PII
Official Xubuntu website compromised to serve malware
Only half of Irish office workers confident in their ability to identify phishing attacks
Oracle E-Business Suite Vulnerability Exploited In Ransomware Attacks
Over 120,000 Bitcoin Private Keys Compromised Due to Flaw in Libbitcoin Explorer
Pakistani Cyber Actors Impersonating ‘NIC eEmail Services’ to Target Indian Government
Patron Insurance Data Breach Exposes 7GB of Sensitive Info
Phantom Hacker scam targets anyone, experts warn, and some have lost entire life savings
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Ransomware against Indian businesses: Targeted & precise
Ransomware and extortion now drive over half of cyberattacks, Microsoft reveals
Ransomware Payments Get Bigger Even as Fewer Pay
Ransomware payments hit record highs as threats get harder to detect
Ransomware Payouts Surge to $3.6m Amid Evolving Tactics
Ransomware’s business model reshapes costs as cybercrime hits USD $10.5 trillion
Research shows ransomware payments reaching record levels
Russian Coldriver Hackers Deploy New 'NoRobot' Malware
Russian hackers evolve malware pushed in "I am not a robot" captchas
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Safaricom’s Sh115 Trillion Data Breach Scandal: How Kenya’s Telecom Giant Sold Out 11.5 Million Customers
Salt Typhoon APT Targets Global Telecom and Energy Sectors
ShinyHunters Site Message Changes After Arrest Reports
Singapore Officials Impersonated in Sophisticated Investment Scam
South Korea: Former Police Officer Receives Another Prison Term for Voice Phishing
The Dairy Farmers of America Confirms Data Breach Affecting Employees and Members
The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques
The Unkillable Threat: How Attackers Turned Blockchain Into Bulletproof Malware Infrastructure
Third-Party Data Breach at Spanish Global Fashion Retailer MANGO Leaks Customer Information
Third-party ransomware attack disrupts Muji’s online store
This million-dollar leak from a Shopify rival went unnoticed for 2 years
Threat Actors Reportedly Marketing Monolock Ransomware on Dark Web Forums
Three lessons for the crypto industry and users after $3M theft
TP-Link warns of critical command injection flaw in Omada gateways
Two Arrested Following Hacker Attack on Verisure
UK Government Denies China Data Breach Allegations
Verisure investigates data breach affecting alert alarm customers in Sweden
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
Volkswagen confirms security ‘incident’ amid ransomware breach claims
WhatsApp and Messenger add new warnings to help older people avoid online scams
When everything’s connected, everything’s at risk
When ransomware hijacks your active directory: an executive playbook
When the Backbone Breaks: Why the F5 Breach is a Five-Alarm Fire
Why Picture-Based Phishing Is Becoming the Internet’s Latest Security Blind Spot
Why You Need Cyber Resilience and Defence in Depth
Your smart building isn’t so smart without security
20th October
17 million hit in major lending company data breach - how to see if you're affected and what to do next
64 Repatriated South Koreans Suspected in Voice Phishing, Romance Scams
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Abacusdesk Data Breach Exposes 73k User Records
AI girlfriend apps leak millions of private chats
AI-Driven Social Engineering Top Cyber Threat for 2026, ISACA Survey Reveals
Akumin Agrees to Pay $1.5 Million to Settle Class action Data Breach Lawsuit
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
Armenia: Cybercriminals impersonate Central Bank to launch phishing attacks
Armenia's Central Bank warns of phishing emails
Aurora City, the next battlefield for privacy threatened by facial recognition
Aussie Fluid Power confirms security incident following ransomware claims
Aussie Fluid Power hit by cyberattack as ransomware group Anubis claims responsibility
Bangladesh on radar of new Asia-Pacific hacker group ‘Mysterious Elephant’
Be prepared: Amazon Web Services (AWS) outage likely to trigger surge in phishing attacks
Bombay High Court restrains hacker group from leaking data stolen from insurer Generali Central
Bombay High Court restrains hacker group 'Medusa' from leaking Generali Central’s stolen data
Broadband ISP Virgin Media UK Sees 285 Percent Rise in Phishing Threats
China accuses US of digital sabotage: “They are the true hacker empire”
China accuses US of major cyber-attack
China Alleges National Security Agency (NSA) Cyberattack on National Time Service Center
China claims it caught US attempting cyberattack on national time center
China-linked Salt Typhoon hackers attempt to infiltrate European telco
CISA Adds Microsoft, Apple and Oracle Vulnerabilities to KEV Catalog
Collins Aerospace breach claimed by Everest ransomware
Court Decisions of Ukraine Database Breach Hits 44 Million Cases
Credit rating agency Experian fined €2.7M for GDPR violations
Criminal SIM Card Supply Network Busted by Europol
Cyber Attack Australia: Fresh Incidents Test Resilience as Outages and Breaches Hit Multiple Sectors
CyberCoders Data Breach Exposes 32 Million Candidate Records
Cybersecurity in the NHS: Beyond the ransomware headlines
Dakota Dostavka Data Breach Exposes 40k Customer Records
Data breach costs Australian Clinical Labs $5.8m in first civil penalties under Privacy Act
Data breach hits security company Verisure, impact considered “limited”
Deliver2Alaska Data Breach Exposes User Information
Dodo and IPrimus Hacked: Over 1,600 Accounts Exposed in Latest Data Breach
Envoy Air confirms breach tied to Oracle EBS zero-day vulnerability
Envoy Air Reports Oracle System Breach Following Clop Extortion Claims
Europol Busts Latvian Crypto Phishing Ring, Seizing Millions
Experian Fined €2.7m For GDPR Breach in Netherlands
Fatih Turizm Database Leak Exposes Customer Information
Five New Exploited Bugs Land in CISA's Catalog - Oracle and Microsoft Among Targets
From inbox clutter to costly compromise: Why email threats still matter
Google catches North Koreans red-handed
Governments, corporations increasingly concerned about hacker attacks
Grocery delivery platform data leaked, hackers claim
Guernsey: Medical Specialist Group (MSG) fined £100k after hack exposed patient data
Guernsey: Medical Specialist Group LLP fined £100,000 after sensitive patient data stolen in cyber attack
Hackers doxx hundreds of ICE agents, raising risk of targeted attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
High-severity Windows SMB flaw now exploited in attacks
Home security firm Verisure reports data breach at Swedish subsidiary
How AI is driving email phishing and how to beat the threat
Indian Council of Agricultural Research (ICAR) data breach: Head of institute replaced 3 days before end of term
Is The World’s Clock At Risk? China Blames US For Cyber Attack On Time Centre
Japan: Askul impaired by ransomware attack; Ryohin Keikaku affected
Japan’s Muji hit by ransomware attack on delivery partner
Japanese retailer Askul halts online orders, shipments after ransomware attack
Judge bars NSO from targeting WhatsApp users with spyware, reduces damages in landmark case
Major Japanese online retailer Askul suspends services after ransomware infection
Max.ru Data Breach Exposes 46.2 Million User Records
Microsoft Revokes 200+ Fake Certificates Used in Teams Malware Attack
Ministry of Defence (MoD) Data Breach update and 8Base ransomware attack on Volkswagen
Ministry of Defence (MoD) probes claims Russian hackers stole files on bases
Ministry of State Security (MSS) Claims National Security Agency (NSA) Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
Most AI privacy research looks the wrong way
Muji halts online sales in Japan after delivery partner ransomware attack
Muji halts online orders in Japan after ransomware hits delivery partner Askul, Asahi also affected
NasDem Party Data Breach Exposes Indonesian Political Data
Nevada’s Cyber Siege: What the Ransomware Attack Means for Trust in Our Systems
North East Multi-Regional Training (NEMRT) Data Breach Leaked
Nottinghamshire man given access to 50 Ryanair boarding passes in booking site data breach
Odido fined €1.5M for poorly securing its wiretapping system
Over 17 million victims reported in huge Prosper data breach - here’s what we know so far
Over 75,000 WatchGuard security devices vulnerable to critical RCE
OYO Hotel & Casino Cyberattack Revealed Months After Incident
Phishing Remains a Huge Problem in Healthcare
Prosper Confirms Data Breach Impacting 17 Million Users
Prosper Data Breach Exposes 17 Million Users’ Personal Details
Prosper Data Breach Exposes 17.6 Million Records, Says Security Expert Troy Hunt
R3 Government Solutions Data Breach Affects U.S. Employees
Ransomware at UK military contractor leads to dark-web dump
Ransomware attack puts paid to Muji online orders
Ransomware Report Says Manufacturing Hit Hardest by Hidden Attacks in Q3
Ransomware Strikes Volkswagen: 8Base Allegedly Steals Sensitive Data
Retail giant Muji halts online sales after ransomware attack on supplier
River City Eye Care Data Breach Affects PII and PHI
Russia-backed COLDRIVER abandons stealer malware for NOROBOT backdoors
Russia-linked hackers claim responsibility for Collins Aerospace cyber attack
Russian auto, e-commerce sectors subjected to novel malware attack
Russian hackers leak documents linked to eight UK military bases as Ministry of Defence (MoD) launches probe
Russian Lynx group leaks sensitive UK MoD files, including info on eight military bases
Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
Scattered Lapsus$ Hunters (SLSH) Admins Arrested
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
SK Shieldus Misses Breach Despite Hacker Warnings, Dark Web Exposes Delay
Small business, big target: The rising threat of ransomware
South Korea: Prosecutors Request Warrants for 58 of 64 Cambodia Repatriated Suspects
Suspected Chinese Hackers Spent a Year-Plus Inside F5 Systems
Tasmanian aged care Not-For-Profit (NFP) confirms Lynx ransomware breach
The Central Bank of Armenia has warned about viral and fake phishing emails being sent in its name
The Cyber Dangers for Manufacturers and Suppliers
The Philippines: Cops arrest 410 cybercriminals in 3Q 2025; 2 more arrested for SMS phishing
US National Security Agency (NSA) alleged to have launched a cyber attack on a Chinese agency
Users beware: Xubuntu website serving malware instead of OS downloads
Ustundag Turizm Data Breach: Turkish Travel Database for Sale
WatchGuard VPN Flaw Gives Hackers Full Firewall Control
Why identity and resilience must be India’s focus as AI raises the stakes
Worrying WatchGuard VPN bug could let hackers hijack your devices - here's how to stay safe
