Unified Zero Trust CNAPP 
Secure APIs 
Secure Kubernetes 
Secure Secrets 
Add To Calender 
The most devastating attacks are the ones you never saw coming
Gain the upper hand with our Attack Research Database
Did you Know?
According to the latest IBM cloud attack report – each cloud attack costs $3.92M on an average
Attack Research
Attack Type
Join 18K+ community
Millions Affected by Massive Credit Report Data Breach
The credit check and identify verification services provider 700Credit is the latest company to suffer a massive data breach.
ATTACK COST
VITAS Healthcare Breach Exposes 319K Patient Records
Hackers maintained undetected access to patient systems for over a month, methodically downloading personal and medical information.
ATTACK COST
Not disclosed
Pharma firm Inotiv discloses data breach after ransomware attack
American pharmaceutical firm Inotiv is notifying thousands of people that their personal information was stolen in an August 2025 ransomware attack.
ATTACK COST
Not disclosed
E-commerce platform breach exposes nearly 34 million customers' data
South Korea's largest online retailer, Coupang, has apologized for a massive data breach potentially involving nearly 34 million local customer accounts.
ATTACK COST
Not disclosed
Millions at risk after nationwide CodeRED alert system outage and data breach
A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to change their passwords. CodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations, missing persons, and other urgent events. Both the data breach and the service outage have serious implications for communities.
ATTACK COST
Not disclosed
Multiple London councils 'hit by cyber-attacks'
Several London councils are believed to have been targeted in cyber-attacks within the past few days. The Royal Borough of Kensington & Chelsea (RBKC) said that it and Westminster City Council were "responding to a cyber incident affecting some shared IT systems" and that some some systems, including phone lines, were disrupted.
ATTACK COST
Not disclosed
Nevada government declined to pay ransom, says cyberattack traced to breach in May
The state government of Nevada did not pay a ransom to cybercriminals who took down critical government systems in August, the state said in a post-mortem review of the attack.
ATTACK COST
Not disclosed
Biggest Cyber Attacks, Ransomware Attacks Data Breaches
October 2025 proved to be another intense and highly disruptive period in the cybersecurity landscape. Multiple high-profile enterprises across various sectors were impacted by advanced security breaches, targeted attacks, and widespread operational disruptions.
ATTACK COST
Not disclosed
‘We got hacked’ emails threaten to leak University of Pennsylvania data
The attack resulted in mass “We got hacked (Action Required)” emails being sent from University of Pennsylvania systems, and the alleged threat actor claimed to have stolen data on approximately 1.2 million students, alumni and donors (names, birthdates, addresses, phone numbers, net worth estimates, donation history, demographic details) after compromising an employee’s SSO account and accessing systems like Salesforce, Qlik, SAP and SharePoint.
ATTACK COST
Not disclosed
This million-dollar leak from a Shopify rival went unnoticed for 2 years
A major security lapse at Dukaan, one of India’s fastest-growing e-commerce platforms, may have exposed millions of merchants and shoppers to data theft and financial fraud.
ATTACK COST
Not disclosed
Prosper Confirms Data Breach Impacting 17 Million Users
Prosper confirmed a major data breach affecting 17 million people. Learn what happened, why it matters for fintech security, and how IT leaders can respond.
ATTACK COST
Not disclosed
1.5 Million Impacted by Allianz Life Data Breach
Allianz data breach hack Insurance giant Allianz subsidiary Allianz Life Insurance Company of North America is notifying roughly 1.5 million people that their personal information was stolen in a July data breach.
ATTACK COST
Not disclosed
Data breach at Canadian airline WestJet affects 1.2M passengers
Canada’s second largest airline WestJet said the personal information of 1.2 million passengers was stolen in a cyberattack and data breach earlier this year.
ATTACK COST
Not disclosed
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
ATTACK COST
Not Disclosed
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for orchestrating a string of data theft and extortion attacks.
ATTACK COST
Not Disclosed
Ransomware Group play Hits: BDE Computer Services
BDE Computer Services — a company operating in the BD — has fallen victim to a ransomware attack conducted by the group play.
ATTACK COST
Not Disclosed
Increasingly structured attacks on remote work and distant access
The fall of 2025 opens with a surge in cyber threats targeting remote work and critical services: municipalities, industries, schools, and large international groups have all been hit, often through ransomware or attacks on remote access chains.
ATTACK COST
Not Disclosed
cGAS Data Breach
In the latest cybersecurity news, https://gazomet.pl & https://cgas.pl — a company operating in the PL — has fallen victim to a ransomware attack conducted by the group alphalocker. This data breach, discovered on 2025-09-08 10:51:58.434565, underscores the increasing need for proactive cybersecurity defenses as we continue through 2025.
ATTACK COST
Not Disclosed
September’s First Week of Breaches: What Businesses Can Learn
Some of the world’s biggest names—Google, Salesforce, WhatsApp, Apple, Jaguar Land Rover, and Microsoft Azure—were all forced to respond to new and very different cyber incidents.
ATTACK COST
Not Disclosed
Colt confirms customer data stolen as Warlock ransomware auctions files
UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files.
ATTACK COST
Not disclosed
Tens of thousands of Italian hotel guests may be hit by cyber heist
The Italian government warned on Wednesday that identity documents belonging to tens of thousands of people who had stayed at hotels in the country allegedly have been stolen and are being illegally sold online.
ATTACK COST
Not disclosed
Bouygues Telecom confirms data breach impacting 6.4 million customers
Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack.
ATTACK COST
Not disclosed
PBS confirms data breach after employee info leaked on Discord servers
PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
ATTACK COST
Not disclosed
147,000 customer records affected following data breach at Cycle & Carriage
In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information.
ATTACK COST
Not disclosed
Cisco Event Response: Vishing Attack Impacting Third-Party CRM System
Cisco is aware of the recent claims by the suspected actor regarding this event. We promptly assessed those claims, and have not seen any evidence that the actor obtained any information beyond what we initially assessed in July 2025.
ATTACK COST
Not disclosed
Genoa Community Hospital discloses breach discovered in March
Genoa learned of unusual activity involving one employee email account. The release does not indicate when the breach actually occurred or how the attacker gained access to the employee’s email account. They only reveal that unusual activity in the account was discovered in March.
ATTACK COST
Not disclosed
McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications
Vulnerabilities in the McDonald’s chatbot recruitment platform McHire exposed the personal information of over 64 million job applicants, security researchers Ian Carroll and Sam Curry discovered.
ATTACK COST
NA
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild.
ATTACK COST
Not disclosed
Suspected contractor for China’s Hafnium group arrested in Italy
U.S. authorities charged the man and a co-conspirator with hacking COVID-19 researchers and kicking off a cyberattack spree targeting Microsoft Exchange servers.
ATTACK COST
Not Disclosed
Europol’s $540M Crypto Fraud Bust
Europol, working alongside Spanish, French, Estonian, and U.S. authorities, has dismantled a cryptocurrency fraud network responsible for defrauding victims of over $540 million dollars (€460 million euros).
ATTACK COST
$540M
Qantas Airline Breach
Qantas confirms cyber-attack exposed records of up to 6 million customers
ATTACK COST
Not disclosed
International Criminal Court hit with cyber security attack
THE HAGUE, Netherlands (AP) — The International Criminal Court has been targeted by a “sophisticated” cyberattack and is taking measures to limit any damage, the global tribunal announced.
ATTACK COST
AT&T agrees to $177 million settlement over data breach
Current and former AT&T customers may be eligible for a payout from a $177 million settlement connected to two data breaches.
ATTACK COST
$177 million
16 Billion Passwords Leaked Online
Yes, 16 billion passwords leaked online. No, it's not what you think. Think of the leak as a hacker's version of a "Best of" list.
ATTACK COST
Not disclosed
M&S Cyber Attack
M&S cyber attack deepens as tech partner TCS denies blame
ATTACK COST
Not disclosed
Cyberattacks hit retailers at the worst time
Cyberattacks are the latest crisis for U.S. retailers as they continue to weather tariff uncertainties and labor strife.
ATTACK COST
Not disclosed
⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes it's a system being tested. Sometimes it's trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control.
ATTACK COST
Not disclosed
Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
Scattered Spider, the ransomware collective believed to be behind recent retail hacks in the UK, including those targeting Marks & Spencer (M&S) and Harrods, has evolved its arsenal to incorporate more sophisticated tactics.
ATTACK COST
Not disclosed
GitHub MCP Exploited: Accessing private repositories via MCP
GitHub MCP Exploited: Accessing private repositories via MCP (via) GitHub's official MCP server grants LLMs a whole host of new abilities, including being able to read and issues in repositories the user has access to and submit new pull requests.
ATTACK COST
Not disclosed
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
ATTACK COST
Not disclosed
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.
ATTACK COST
Not disclosed
Microsoft says 394,000 Windows computers infected by Lumma malware globally
Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.
ATTACK COST
Not disclosed
Krebs on Security Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
ATTACK COST
Not disclosed
M&S Cyber Attack: retail operations crippled, trust eroded
The M&S cyber attack reveals a shift from data theft to operational disruption, highlighting vulnerabilities in legacy systems.
ATTACK COST
Not disclosed
Coinbase Security Breach Leaks User Data and Government IDs
In a significant cybersecurity incident, Coinbase has confirmed that cybercriminals, aided by a group of bribed rogue overseas support agents, stole sensitive customer data in an attempt to extort the company for $20 million.
ATTACK COST
$20 million
Misconfigured Cloud Storage
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
ATTACK COST
Not disclosed
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
Hackers are selling 89 million Steam user records in an apparent supply chain breach involving vendor access. Valve denies a direct Steam breach but continues investigating.
ATTACK COST
Not disclosed
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
"Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published on March 13..
ATTACK COST
Not disclosed
Nova Scotia Power Cyber Attack Impacts Customer Billing Accounts
Canada's Nova Scotia Power, the region’s leading electrical supplier, announced it is “actively responding” to a cybersecurity incident that has impacted its business IT networks and customer account access.
ATTACK COST
Not disclosed
Ransomware Group nitrogen Hits: Stadtwerke Schwerte GmbH
In the latest cybersecurity news, Stadtwerke Schwerte GmbH — a company operating in the DE — has fallen victim to a ransomware attack conducted by the group nitrogen. This data breach, discovered on 2025-04-25 21:53:42.237269, underscores the increasing need for proactive cybersecurity defenses as we continue through 2025.
ATTACK COST
Not disclosed
South African telecom provider serving 7.7 million confirms data leak following cyberattack
South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year.
ATTACK COST
Not disclosed
Industrial tech manufacturer Sensata says ransomware attack is impacting production
A ransomware attack on Massachusetts-based manufacturer Sensata Technologies last weekend has seriously disrupted the company’s systems.
ATTACK COST
Not disclosed
Port of Seattle Says 90,000 People Impacted by Ransomware Attack
The incident occurred on August 24 and forced the Port to isolate critical systems, which impacted the Seattle-Tacoma International Airport (SEA Airport), Fishermen’s Terminal, and public marinas it operates.
ATTACK COST
Not disclosed
Texas city warns thousands of utility payment site breach
At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas.
ATTACK COST
Not disclosed
Chinese hackers are getting bigger, better and stealthier
Experts say it is the main shift in the cyber-threat landscape in a decade
ATTACK COST
Not disclosed
GitHub Advisory Database - Attackers Discover Secrets
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
ATTACK COST
Not disclosed
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope.
ATTACK COST
Not disclosed
North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack
Hackers thought to be working for the North Korean regime have successfully converted at least $300m (£232m) of their record-breaking $1.5bn crypto heist to unrecoverable funds.
ATTACK COST
$1.5bn
Legacy Professionals, LLP Data Breach Alert: Issued by Wolf Haldenstein Adler Freeman & Herz LLP
Wolf Haldenstein Adler Freeman & Herz LLP, a preeminent national consumer rights law firm, is investigating claims on behalf of people who have been impacted by the Legacy Professionals, LLP (“Legacy Professionals”) data breach.
ATTACK COST
Not disclosed
APT43 Hackers Targeting Academic Institutions Using Exposed Credentials
APT43, also known by aliases such as Black Banshee, Emerald Sleet, and Kimsuky, is a North Korean state-sponsored cyber threat actor linked to the Reconnaissance General Bureau (RGB).
ATTACK COST
Massive OpenAI Leak, WordPress Admin Exploit, Inkafarma Data Breach
SOCRadar’s Dark Web Team has detected a wave of cyber threats on hacker forums this week, including an alleged leak of millions of OpenAI user accounts. Meanwhile, a WordPress admin exploit script, WPU 2.0, is being sold, offering features to bypass security measures and manipulate websites.
ATTACK COST
Not disclosed
BadIIS Malware Exploits IIS Servers for SEO Fraud
A newly uncovered cyber campaign has been observed exploiting Internet Information Services (IIS) vulnerabilities to distribute malware known as BadIIS.
ATTACK COST
Not disclosed
IntelBroker is Allegedly Selling the Data of InkaFarma
A hacker known as IntelBroker claims to have breached InkaFarma, Peru’s largest pharmaceutical retail chain, leaking a massive 3.9 million-record database. The alleged breach, which surfaced on February 6, 2025, was posted on a well-known cybercrime forum, with the attacker providing sample data to prove authenticity.
ATTACK COST
Not disclosed
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024.
ATTACK COST
Not disclosed
Chinese Hackers Accessed Yellen's Computer in US Treasury Breach
US Treasury Secretary Janet Yellen’s computer was infiltrated and unclassified files were accessed as part of a broader breach of the agency by Chinese state-sponsored hackers, according to two people familiar with the matter.
ATTACK COST
Not disclosed
Belsen Group Leaks 15,000+ FortiGate Firewall Configurations
FortiGate firewall leak exposes 15,000+ configurations, impacting organizations globally. The actor behind the leak is Belsen Group. Learn how to mitigate risks and protect your systems.
ATTACK COST
Not disclosed
UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach
UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.
ATTACK COST
Not disclosed
VW Suffers Major Breach Exposing Location of 800,000 Electric Vehicles
A massive data leak involving over 800,000 Volkswagen electric vehicles (EVs) has left sensitive user information, including location data and personal contact details, unprotected on the internet.
ATTACK COST
Not disclosed
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
ATTACK COST
Not disclosed
Governments need to work as one to counter cyber threats in 2025
The report warns that AI will be used to develop highly sophisticated, personalized phishing campaigns using deepfake technology, making them harder to detect.
ATTACK COST
Not disclosed
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.
ATTACK COST
Not disclosed
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds.
ATTACK COST
Not disclosed
How China Hacked America’s Phone Network
An alarming new hack by China has penetrated the nerve center of the United States: its telephone network.
ATTACK COST
c
Romania's election systems targeted in over 85,000 cyberattacks
A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks.
ATTACK COST
Not disclosed
WotNot exposes 346K sensitive customer files
Hello, this is your chatbot leaking: WotNot exposes 346K sensitive customer files
ATTACK COST
Not disclosed
Starbucks Hit by Ransomware Attack via Third-Party Software Supplier
Ransomware Attack on Software Supplier Disrupts Operations for Starbucks and Other Retailers A ransomware attack that hit a major software provider last week caused disruptions for a handful of companies over recent days, from Starbucks to U.K. grocery giant Morrisons
ATTACK COST
Not disclosed
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
ATTACK COST
Not disclosed
The AI Effect: Amazon Sees Nearly 1 Billion Cyber Threats a Day
The technology has spawned a surge in hacking attempts, says cyber chief CJ Moses, while Amazon is also using it to powerfully amp up its threat-analysis capability
ATTACK COST
Not disclosed
Ransomware Gang demands $125,000
A new ransomware player opted to ask a victim for payment in French bread. But don’t be fooled by the apparent humor, the Hellcat crime group is deadly serious and wants $125,000 in the cryptocurrency Monero as well.
ATTACK COST
$125,000
The Rhysida group targeting Easterseals demanding 20 bitcoins
Ransomware gang stoops to new low, targets prominent nonprofit for disabled people A notorious ransomware gang previously responsible for attacks on multiple hospitals has now claimed a new victim: disability nonprofit Easterseals.
ATTACK COST
$1.3 million
Russia-based ransomware gang that demanded $22 million on Healthcare system
Change Healthcare cyber attack affected 100 million individuals. Senate Finance Committee Chair seeks further information on Change Healthcare cyber attack.
ATTACK COST
$22 million
Providence Students’ Data Exposed in Cyberattack
The Providence, Rhode Island, school district fell victim to a cyberattack last month. A ransomware gang uploaded sensitive student information to an instant messaging service after Providence Public Schools did not pay their $1 million extortion demand.
ATTACK COST
$1 million
The Rhysida gang demand $1.5M for patient data targeting Colorado based health system
Axis Health System, a network of 13 behavioral health facilities in Colorado, followed incident response protocol after identifying the attack and its investigation is ongoing. The system has not confirmed whether patient data was affected.
ATTACK COST
$1.58 million
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports.
ATTACK COST
Not disclosed
Detailed Microsoft research based on ransomware at Healthcare sector
US Healthcare at risk: Strengthening resiliency against ransomware attacks. The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant.
ATTACK COST
$4.4 million
Ransomware attack on Indian payment system traced back to Jenkins bug
Researchers have discovered that a damaging ransomware attack on a digital payment system used by many of India’s banks began with a vulnerability in Jenkins — a widely used open-source automation system for software developers.
ATTACK COST
Not disclosed
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach
Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets.
ATTACK COST
$230 million
CVE-2024-5655
Allows attackers to run pipelines as any user, which can lead to unauthorized access and potentially harmful actions within the GitLab CI/CD environment.
ATTACK COST
Not disclosed
Change Healthcare Ransomware Attack
A DDoS attack by Anonymous Sudan targeted over 300 web domains and 177,000 IP addresses, disrupting major public service websites.
ATTACK COST
$1.6 billion
UK Ministry of Defence Payroll Hack
Personal data of nearly 270,000 current and former staff members, including identities, bank details, and addresses, were exposed due to a hack on the payroll system managed by SSCL.
ATTACK COST
270K PII Disclosed
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
ATTACK COST
CrushFTP Zero-Day Cloud Exploit
Unauthenticated attackers exploit a sandbox escape flaw in the CrushFTP server (CVE-2024-4040) to download system files and potentially achieve Remote Code Execution (RCE).
ATTACK COST
Not disclosed
Kubernetes RCE Attack
Microsoft discovered critical vulnerabilities in OpenMetadata versions 1.2.4 and 1.3.1, exploited by attackers to execute remote code on Kubernetes clusters. These vulnerabilities allowed hackers to gain access to vulnerable environments and deploy cryptocurrency mining malware.
ATTACK COST
Not disclosed
Palo Alto Networks Zero-day Exploit
Proof-of-concept (PoC) exploits released for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways. Attackers can achieve remote code execution by exploiting a chain of vulnerabilities, including directory traversal and command injection.
ATTACK COST
Not disclosed
Supply Chain Attack
A sophisticated attack targeting the Kubernetes supply chain, where attackers injected malicious code into container images used by various organizations. This code allowed attackers to access deployment configurations and sensitive data.
ATTACK COST
$2 million
French State DDoS Attack
A DDoS attack by Anonymous Sudan targeted over 300 web domains and 177,000 IP addresses, disrupting major public service websites.
ATTACK COST
Not disclosed
Rhysida Ransomware
MarineMax (luxury yacht dealer and boating lifestyle brand) earnings reports, balance sheets, bank account wire transfers, customer databases, and other financial documents compromised
ATTACK COST
15BTC
(roughly $919k)
Medusa Ransomware
Illinois’ Monmouth College system were compromised giving access to info like driver’s licenses and ID cards among a host of other information
ATTACK COST
$500 k
Russian website builder data leak
54 million users of the uID.me website builder had their data exposed due to a misconfigured MongoDB database.
ATTACK COST
Not disclosed
Container Escape Vulnerability
Attackers exploited a container escape vulnerability within the Kubernetes environment of a healthcare provider, gaining access to host systems and compromising patient data. The vulnerability allowed attackers to break out of the container and execute commands on the host operating system.
ATTACK COST
$5 million
BlackCat Ransomware
6TB of data stolen from Change Healthcare's network belonging to "thousands of healthcare providers, insurance providers, pharmacies, etc.”
ATTACK COST
$22 million
Hipocrate Information System (HIS)
Ransomware attack forces 100 Romanian hospitals to go offline
ATTACK COST
3.5 BTC
(roughly $167 k)
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Exploitation of two zero-day vulnerabilities (CVE-2024-20353 and CVE-2024-20359) in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls, leading to cyber-espionage activities targeting government networks worldwide.
ATTACK COST
Not disclosed
MITRE was breached through Ivanti zero-day vulnerabilities
MITRE Corporation breached by nation-state hackers utilizing zero-day vulnerabilities in Ivanti Connect Secure products. Attackers performed reconnaissance through VPNs and laterally moved into VMware infrastructure. Compromised systems used for storage, computing, and networking resources.
ATTACK COST
Not disclosed
Sophisticated state-sponsored attackers believed to be based out of North Korea
Orbit Chain's balance went from $115 M to $29 M instantly
ATTACK COST
$86 million
DarkBeam Misconfiguration
A misconfigured Elasticsearch and Kibana interface exposed 3.8 billion data records, including user emails and passwords, making them vulnerable to phishing campaigns.
ATTACK COST
Not disclosed
Zimbra Zero-Day
A zero-day vulnerability in the Zimbra Collaboration Suite was exploited to gain unauthorized access to email accounts, leading to data theft and espionage.
ATTACK COST
Not disclosed
ICMR Data Breach
The personal data of 815 million Indian residents was compromised, including names, ages, genders, addresses, passport numbers, and Aadhaar numbers.
ATTACK COST
Not disclosed
23andMe Credential Stuffing Attack
Credential stuffing attacks resulted in the leakage of data from 20 million genetic profiles. Initial leaks included data on Ashkenazi Jews, with subsequent leaks affecting UK and German residents.
ATTACK COST
Not disclosed
Scattered Spider
Guest info (social security number and passport number) stolen
ATTACK COST
$100 million hit to
the Q3 revenue
Cryptocurrency Mining Attack
Aqua Security uncovered that misconfigurations in Kubernetes clusters led to significant security breaches. Attackers exploited these misconfigurations to deploy cryptocurrency mining operations within compromised clusters.
ATTACK COST
Not disclosed
Salesforce Zero-Day Exploited to Phish Facebook Credentials
Guardio researchers detected cyberattackers sending targeted phishing emails with @salesforce.com addresses using the legitimate Salesforce infrastructure. An investigation revealed that they were able to exploit a Salesforce email-validation flaw to hide behind the domain's trusted status with users and email protections alike.
ATTACK COST
Not disclosed
MOVEit Transfer Zero-Day
Exploited a zero-day vulnerability in the MOVEit Transfer software, compromising sensitive data transfers and resulting in large-scale data breaches.
ATTACK COST
Not disclosed
Log4Shell
This zero-day vulnerability in the Apache Log4j library allowed attackers to execute arbitrary code on affected systems. It compromised critical infrastructure, including cloud services, financial institutions, and government agencies.
ATTACK COST
Not disclosed
Spring4Shell
This zero-day vulnerability in the Spring Framework allowed attackers to execute remote code on affected servers. It was exploited to deploy malware and gain unauthorized access to sensitive information.
ATTACK COST
Not disclosed
Log4j Hack on ONUS
Significant financial and reputational damage to ONUS; Nearly 2 million customer records put up for sale, including E-KYC information and hashed passwords.
ATTACK COST
$5 million
QakBot attacks with Windows zero-day (CVE-2024-30051)
In early April 2024, researchers discovered a new zero-day vulnerability (CVE-2024-30051) in the Windows Desktop Window Manager (DWM). The vulnerability allows for privilege escalation to gain system privileges. It was found while investigating a previous zero-day (CVE-2023-36033). By mid-April, an exploit for CVE-2024-30051 was detected being used in conjunction with QakBot malware and potentially by multiple threat actors. Microsoft released a patch for this vulnerability on May 14, 2024, as part of Patch Tuesday.
ATTACK COST
Not disclosed
AccuKnox Zero Trust CNAPP
“I had a very good initial conversation with the sales team and had a successful demo. The solution is very capable.”
Manager, Tech Services/Infosec - Healthcare and Biotech
AccuKnox Zero Trust CNAPP
“I really like the zero-trust architecture of the product. It gives the strong visibility and control across the cloud native workload as it is a built-in security model.”
IT Manager - Services (non-Government)
AccuKnox Zero Trust CNAPP
“Working with AccuKnox Zero Trust CNAPP was a great experience. It was a seamless integration with our cloud infrastructure.”
Director, Information Security - Banking
AccuKnox Zero Trust CNAPP
“I am quite impressed by the product and believe it’s currently the only fit for all my worries over the cloud.”
CISO - Banking
AccuKnox Zero Trust CNAPP
“Real-time security for my cloud native application. This solution is a huge benefit for any emerging threats and identifying vulnerabilities.”
CISO - Banking
Get a LIVE Tour
Ready for a personalized security assessment?
“Choosing AccuKnox was driven by opensource KubeArmor’s novel use of eBPF and LSM technologies, delivering runtime security”
Golan Ben-Oni
Chief Information Officer
“At Prudent, we advocate for a comprehensive end-to-end methodology in application and cloud security. AccuKnox excelled in all areas in our in depth evaluation.”
Manoj Kern
CIO
“Tible is committed to delivering comprehensive security, compliance, and governance for all of its stakeholders.”
Merijn Boom
Managing Director