High-Profile Cyber Incidents Expose Weak Security and Disrupt Critical Services
A series of high-profile cyber incidents disrupted major online platforms, exposed weak security practices, and highlighted the broad impact of both criminal and activist hacking. A global ransomware outbreak later identified as WannaCry spread rapidly across organizations before a security researcher slowed it by registering a domain used as a kill switch, while a separate attack briefly knocked major websites offline through distributed denial-of-service activity. In another major case, hackers compromised prominent US Twitter accounts and used them to promote a Bitcoin scam, demonstrating how access to trusted platforms can be weaponized at scale.
Other incidents underscored persistent failures in account security and access control. Equifax faced scrutiny after an Argentine employee portal was reportedly protected with the username and password admin, adding to concerns around the company’s security posture. Apple said some user accounts had been compromised while denying a broader breach of its systems, and the celebrity photo leak known as “the fappening” showed how attackers could exploit personal account weaknesses. Separately, US authorities linked Julian Assange to alleged conspiracy with Anonymous-affiliated hackers, activist campaigns targeted recording industry websites, and the Colonial Pipeline ransomware case showed how an intrusion into a critical fuel operator could trigger widespread operational disruption even when attackers later claimed they had not intended such consequences.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
13 events from the most recent confirmed update back to the earliest known activity.
Colonial Pipeline hackers say disruption was unintended
The group behind the US fuel pipeline attack said it had not intended to create widespread societal problems, following the ransomware incident that disrupted fuel distribution.
High-profile Twitter accounts hijacked in Bitcoin scam
Attackers compromised major US Twitter accounts and used them to promote a Bitcoin fraud scheme, affecting prominent politicians, executives, and companies.
US indictment links Julian Assange to Anonymous-related hacking conspiracy
US prosecutors accused Julian Assange of conspiring with hackers associated with Anonymous and LulzSec, expanding the public allegations around WikiLeaks-related hacking activity.
Baltimore hit by ransomware attack prompting NSA scrutiny
Baltimore suffered a ransomware attack that disrupted multiple city government systems and sparked renewed questions about the NSA's role in the spread of EternalBlue-linked cyber risks. The incident became a major example of ransomware affecting municipal services in the United States.
Equifax Argentina exposed portal with weak admin credentials
An Equifax employee portal in Argentina was found accessible using 'admin' as both the username and password, deepening scrutiny of the company's security practices after its broader breach crisis.
Evidence emerges linking WannaCry to North Korean hackers
Researchers reported stronger evidence connecting the WannaCry ransomware campaign to North Korean-linked hackers, advancing public attribution of the global outbreak beyond its initial spread and technical containment. The reporting highlighted code similarities and other indicators tying WannaCry to the Lazarus Group.
Security researcher triggers WannaCry kill switch
A security blogger accidentally slowed the WannaCry outbreak after registering a domain name embedded in the malware, activating a kill switch in the ransomware's code.
WannaCry ransomware outbreak spreads globally
A global ransomware attack hit organizations worldwide, disrupting hospitals, businesses, and government systems in one of the largest cyber incidents of 2017.
Major websites disrupted by large-scale DDoS attacks
A wave of cyber attacks briefly knocked prominent websites offline, reflecting a significant distributed denial-of-service incident affecting major internet services.
Man behind celebrity photo leak case is identified
Reporting on the celebrity nude photo leak identified the individual behind the intrusion campaign that became known as 'the fappening,' adding detail to the earlier account-compromise case.
Apple confirms celebrity account compromises after photo leak
Apple said some iCloud and account holders had been compromised following the leak of celebrity nude photos, while denying that its core systems had suffered a broader security breach.
Anonymous activists hit by retaliatory web attack
A counterattack took websites used by Anonymous activists offline, marking a reversal in the Operation Payback conflict as hacktivists themselves became targets. The disruption was reported as affecting the online infrastructure associated with the group.
Operation Payback targets recording industry websites
Online activists launched attacks against music industry websites as part of Operation Payback, marking an early wave of coordinated hacktivist disruption tied to anti-piracy disputes.
Sources
14 references tracked. Mallory keeps watching after this page renders.
US fuel pipeline hackers 'didn't mean to create problems'
bbc.com
Open sourceMajor US Twitter accounts hacked in Bitcoin scam
bbc.com
Open sourceJulian Assange Accused of Conspiring With Anonymous Hackers
time.com
Open sourceBaltimore ransomware attack: NSA faces questions
bbc.com
Open sourceCyber attacks briefly knock out top sites - BBC News
bbc.com
Open sourceMeet the man behind the leak of celebrity nude photos, called the fappening - BBC News
bbc.com
Open sourceApple confirms accounts compromised but denies security breach - BBC News
bbc.co.uk
Open sourceWeb attack takes Anonymous activists offline - BBC News
bbc.co.uk
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cyber incidents span ransomware, data leaks, hacktivism, and exposed AI systems
A broad set of cyber incidents affected critical infrastructure, consumer platforms, public institutions, and emerging AI services. The most disruptive case cited was a ransomware attack that crippled the largest gas pipeline in the United States, while other breaches exposed user data at firms including **Upstox**, **IIMJobs**, and the **World Anti-Doping Agency**. In another case, an exposed **Moltbook** database reportedly allowed anyone to take control of any AI agent on the site, highlighting how insecure backend systems can turn application flaws into full account or service compromise. The references also describe politically motivated and opportunistic attacks alongside evolving malware activity. Hackers reportedly defaced airport screens in Iran with anti-government messages, and **Anonymous**-linked hacktivists leaked **1TB** of data from a Russian law firm. Separately, a new **Mirai** variant, `Murdoc_Botnet`, was reported exploiting IoT devices to build a botnet for **DDoS** attacks, while Hong Kong moved to revive privacy legislation that would require companies to report data breaches, reflecting regulatory pressure created by the steady drumbeat of intrusions and leaks.
May 25, 2026
Ransomware and data-extortion incidents drive new breach disclosures across healthcare, aviation, and hospitality
Multiple organizations disclosed or were linked to **ransomware/data-extortion** activity with material operational or privacy impact. **Air Côte d’Ivoire** confirmed a cyberattack affecting parts of its information systems after **INC ransomware** claimed theft of **208 GB** and threatened to leak data, while the airline said it engaged the national CERT and external experts to contain impact and maintain flight operations. In the US healthcare sector, **University of Mississippi Medical Center (UMMC)** reported a ransomware incident that forced statewide clinic closures and disrupted access to **Epic** electronic medical records, prompting engagement with the **FBI** and **CISA** and use of downtime procedures to sustain patient care. Separately, **Conduent**’s earlier ransomware-linked breach continued to expand in scope, with breach notifications indicating at least **~25 million** people affected across multiple states and exposure of sensitive PII (including **SSNs** and health/insurance data). **Wynn Resorts** also confirmed an unauthorized party accessed and stole employee data after being listed by the **ShinyHunters** extortion group, with the company stating the actor claimed the data was deleted and that guest operations were not impacted. Other items in the set describe distinct, unrelated security events and broader threat research rather than the same incident: alleged data leaks involving **Burger King France** and **Wendy’s UK**; **Qilin** ransomware claims against a New York City transit union; Russian cyber operations against Ukraine’s power grid focused on intelligence collection; and a New Zealand healthcare application (**MediMap**) taken offline after apparent unauthorized access and **patient record tampering** (e.g., records marked deceased). Additional references cover threat research and trends (airline brand impersonation domains, edge-device exploitation telemetry, MuddyWater’s *Operation Olalampo*, Google Ads cloaking via **1Campaign**, freight/logistics phishing by “Diesel Vortex,” and various governance/AI/5G/quantum commentary), which provide context on the threat environment but do not substantively report on the same specific breach event.
Mar 21, 2026
Multiple High-Profile Data Leaks and Ransomware Attacks Impact Financial and Government Entities
Several significant data leaks and ransomware incidents have surfaced, affecting a range of organizations including Banco Vimenca, WIRED subscribers, Mexico’s Tax Administration Service (SAT), and New Zealand’s Neighbourly platform. Threat actors have claimed responsibility for exposing sensitive data such as government financial records, large-scale subscriber information, and user communications, with some incidents linked to ransomware groups. While the authenticity of these dark web postings remains unverified, the breadth of affected entities highlights ongoing risks to both financial institutions and government agencies from cybercriminal activity. In the United States, two banks—Artisans' Bank and VeraBank—have notified thousands of customers that their personal information was compromised in a ransomware attack on Marquis Software, a vendor providing data analytics and communication services to financial institutions. The attack, traced to a vulnerability in a SonicWall firewall, resulted in the exposure of names and Social Security numbers, though the banks’ own systems were not directly breached. These incidents underscore the persistent threat posed by supply chain vulnerabilities and the importance of robust third-party risk management for organizations handling sensitive data.
Mar 21, 2026