| 1 | 10/05/2018 | ? | Nuance | Speech recognition software firm Nuance announces the breach of thousands of patient records after a former employee breached its servers and accessed the personal information of 45,000 individuals from several contracted clients between November 20 and December 9 of 2017. | Account Hijacking | M Professional scientific and technical activities | CC | US |
| 2 | 11/05/2018 | ? | Multiple Users | Researchers from Qihoo 360 discover a miner campaign hidden behind a potentially unwanted program dubbed One System Care. | Malware | Y Multiple Industries | CC | >1 |
| 3 | 11/05/2018 | Satori Botnet | Exposed Ethereum Mining Rigs | The operators of the Satori botnet are mass-scanning the Internet for exposed Ethereum mining rigs, according to three sources in the infosec community who've observed the malicious behavior —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence. | Brute-Force | V Fintech | CC | >1 |
| 4 | 15/05/2018 | ? | Multiple Users | Researchers from Qihoo 360 discover a particular miner dubbed IdleBuddyMiner, which asks nicely for permission to mine via a popup. | Malware | Y Multiple Industries | CC | >1 |
| 5 | 16/05/2018 | ? | Securus | A hacker provides Motherboard with 2,800 login details for Securus, a company that buys phone location data from major telecom companies and then sells it to law enforcement. The company confirms the breach few days later. | Unknown | X Individual | CC | US |
| 6 | 16/05/2018 | ? | Windows Users | Researchers from Qihoo 360 discover a massive malware campaign spreading a new coinminer, which appears to have made roughly 500,000 victims in three days alone. The miner is called WinstarNssmMiner. | Malware | X Individual | CC | >1 |
| 7 | 16/05/2018 | ? | Ethereum Wallets | Researchers from RiskIQ unveil the details of MEWKit, a sophisticated phishing campaign aimed at stealing credentials of Ethereum wallets, and in the same time, perform and automated transfer with the stolen details. | Account Hijacking | X Individual | CC | >1 |
| 8 | 16/05/2018 | ? | ZooPark APT Group | A vigilante hacker claims to have hacked the alleged Iran-linked group behind the ZooPark campaign discovered by Kaspersky earlier this month, and dumps the files purportedly stolen from a server controlled by the attackers. | Unknown | O Public administration and defence, compulsory social security | CC | IR |
| 9 | 16/05/2018 | ? | LifeBridge Health and LifeBridge Potomac Professionals | LifeBridge Health and LifeBridge Potomac Professionals notify patients about a malware incident occurred back in March 18, 2018. The number of affected patients could be 500,000. | Malware | Q Human health and social work activities | CC | US |
| 10 | 16/05/2018 | ? | Wordpress Websites | A report from security firm Wordfence reveals that hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin. | Account Hijacking | Y Multiple Industries | CC | >1 |
| 11 | 16/05/2018 | Racoon Hacker | Russian-speaking Telegram users | Researchers from Cisco Talos reveal the details of TeleGrab, a malware harvesting cache and key files from Telegram. | Malware | X Individual | CC | RU |
| 12 | 16/05/2018 | ? | Android Users | Researchers from security company Avast discover 26 apps on the Google Play Store that include adware forcing ads on compromised systems. | Malware | X Individual | CC | >1 |
| 13 | 17/05/2018 | ? | blackphoenixalchemylab.com | blackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16. | Malware | R Arts entertainment and recreation | CC | US |
| 14 | 17/05/2018 | ? | Corporation Service Company (CSC) | Hackers steal the personally identifiable information of 5,678 customers of the Corporation Service Company (CSC), according to a notice the company sent to the California attorney general's office. | Unknown | N Administrative and support service activities | CC | US |
| 15 | 17/05/2018 | ? | Fortnite Players | Researchers at Zscaler’s ThreatLabZ discover malicious apps on Google Play, in disguise of a mobile version of the popular game Fortnite. | Malware | X Individual | CC | >1 |
| 16 | 17/05/2018 | ? | Vulnerable IoT devices | Researchers from Fortinet discover a new variant of the Mirai botnet dubbed ‘Wicked Mirai’ | Malware | Y Multiple Industries | CC | >1 |
| 17 | 17/05/2018 | ? | Independent Like the North State Group Forum | An online forum designated for California’s First Congressional District debate was hacked by unknown hackers, who take over the live stream to broadcast gay pornography. | Unknown | S Other service activities | CC | US |
| 18 | 18/05/2018 | Sun Team | North Korean defectors and journalists | Researchers from McAfee discover RedDawn, a new campaign on Google Play targeting North Korean defectors and journalists. | Targeted Attack | X Individual | CE | KR |
| 19 | 18/05/2018 | ? | DrayTek routers | DrayTek, a Taiwan-based manufacturer of broadband CPE devices, announces that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers. | DrayTek routers vulnerability | X Individual | CC | >1 |
| 20 | 18/05/2018 | ? | University of Buffalo | University of Buffalo confirms to be investigating and responding to a breach of 2,690 UBITName accounts. | Account Hijacking | P Education | CC | US |
| 21 | 18/05/2018 | ? | Tidal | Jay-Z’s Tidal streaming platform announces to have enlisted an “independent, third party cyber-security firm” to investigate a possible data breach, after reports of inflated subscriber and streaming numbers. | Unknown | R Arts entertainment and recreation | CC | US |
| 22 | 18/05/2018 | ? | Mobile Users | Researchers from Kaspersky reveal a new campaign carried on using the Roaming Mantis mobile trojan, targeting Europe and Middle East, and adding new features, like a phishing option for iOS devices, and crypto-mining capabilities for the PC. | Malware | X Individual | CC | >1 |
| 23 | 18/05/2018 | ? | Shona McGarty | Actress Shona McGarty, who plays Whitney Carter in EastEnders, is the latest celebrity to have intimate pictures leaked on the internet. Apparently her photos were stolen from the iCloud account. | Account Hijacking | X Individual | CC | UK |
| 24 | 18/05/2018 | ? | Bitcoin Gold | An unidentified hacker performs several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and manages to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process. | 51% attack | V Fintech | CC | N/A |
| 25 | 19/05/2018 | Two unidentified students | Bloomfield Hills High School | Two students from Bloomfield Hills High School are the main suspects of a recent hack discovered at the school. The two broke into the school's MISTAR Student Information System portal where they changed grades, attendance records, and attempted to refund lunch purchases. | Unknown vulnerability | P Education | CC | US |
| 26 | 20/05/2018 | ? | 200 million Japanese | A hacker suspected to be operating out of China has put on sale the data of around 200 million Japanese users on an underground cybercrime forum, according to a FireEye iSIGHT Intelligence report. The data appears to have been assembled by hacking up to 50 smaller Japanese sites. | Unknown | Y Multiple Industries | CC | JP |
| 27 | 20/05/2019 | ? | Allied Physicians | Allied Physicians reports it was hit with a SamSam ransomware attack earlier this month (May 17). | Malware | Q Human health and social work activities | CC | US |
| 28 | 20/05/2019 | ? | Manuel Delia's Blog | Manuel Delia's blog (a Maltese journalist and blogger) is the target of a DDoS attack. Apparently the attack comes from Ukraine. | DDoS | J Information and communication | CC | MT |
| 29 | 21/05/2019 | ? | Gigabit Passive Optical Network (GPON) routers | Security researchers from Qihoo 360 Netlab discover that the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers. | Malware | Y Multiple Industries | CC | >1 |
| 30 | 21/05/2019 | ? | Gigabit Passive Optical Network (GPON) routers | Trend Micro researchers detect a new attack mimicking the Mirai botnet modus operandi, originating from Mexico and targeting Gigabit Passive Optical Network (GPON)-based home routers via two vulnerabilities (CVE-2018-10561 and CVE-2018-10562). | Vulnerabilities (CVE-2018-10561 and CVE-2018-10562) | Y Multiple Industries | CC | >1 |
| 31 | 21/05/2019 | ? | Twitter account of Charlie Lee | The Twitter account of Charlie Lee, the creator of Litecoin is hacked. | Account Hijacking | X Individual | CC | US |
| 32 | 21/05/2019 | ? | Bombas | Bombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015. | Malware | G Wholesale and retail trade | CC | US |
| 33 | 22/05/2019 | ? | Verge Cryptocurrency | A hacker finds a way around a previous patch in the Verge cryptocurrency source code and takes advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace. He is able to mine over 35 million XVG coins in just a few hours for a profit of $1.65 million. | 51% attack | V Fintech | CC | N/A |
| 34 | 22/05/2019 | ? | Mac Users | According to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems noticed the presence of a process named “mshelper” had been consuming a lot of CPU power and draining their batteries. | Malware | X Individual | CC | >1 |
| 35 | 23/05/2018 | State sponsored attackers (Russia?) | 500,000 organizations worldwide | Researchers from Cisco Talos unveil the details of VPNFilter, a massive campaign lasting since 2016 and carried on by nation-state hackers, infecting at least 500,000 victims in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP NAS devices. An update of June 6 reveals new capabilities, such as the possibility to perform MITM attacks, and other vulnerable devices (ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE). | Malware | Y Multiple Industries | CE | >1 |
| 36 | 23/05/2018 | ? | University of Vermont | University of Vermont officials say they have no reason to believe the personal information of 37,000 current and former faculty, staff and students fell into the wrong hands following an intrusion of the school’s computer systems. | Unknown | P Education | CC | US |
| 37 | 24/05/2018 | Trisis, AKA Xenotime, AKA HatMan | Multiple Targets | Security researchers from CyberX reveal that the threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 38 | 24/05/2018 | ? | Android Users | Avast reveals a list of 140 Android devices whose firmware is infected with a malware called Cosiloon. | Malware | X Individual | CC | >1 |
| 39 | 24/05/2018 | ? | Screens at the Mashhad airport in Iran | Hackers deface the screens at the Mashhad airport in Iran to protest against the Government and the military’s activities in the Middle East. | Defacement | H Transportation and storage | H | IR |
| 40 | 24/05/2018 | ? | Associates in Psychiatry and Psychology | Associates in Psychiatry and Psychology notifies 6,546 patients and the U.S. Department of Health and Human Services (HHS) of a ransomware incident that occurred in March. | Malware | Q Human health and social work activities | CC | US |
| 41 | 25/05/2018 | ? | Oxnard City | Oxnard city officials are contacted by a bank representative about fraudulent purchases being made with the cards people used to pay their utility bills | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 42 | 25/05/2018 | ? | American Family Life Assurance Company of Columbus (Aflac) | American Family Life Assurance Company of Columbus (Aflac) issues a press release concerning the breach of independent contractor sales agents’ email accounts. The breach occurred between Jan. 17 and April 2 and has reportedly affected some clients’ personal information. | Unknown | K Financial and insurance activities | CC | US |
| 43 | 25/05/2018 | ? | Aultman Health Foundation | About 42,600 patients tied to AultWorks Occupational Medicine, Aultman Hospital, and some Aultman physician offices may have had personal health and identification information stolen in a data breach after unknown and unauthorized individuals gained access to certain email accounts in February and March. | Unknown | Q Human health and social work activities | CC | US |
| 44 | 26/05/2018 | ? | Afghan diplomats in Pakistan | Afghan diplomats in Pakistan are warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AF |
| 45 | 26/05/2018 | ? | Arlo | Arlo advises its customers to change their passwords after credential-stuffing attempts detected. | Brute-Force | C Manufacturing | CC | US |
| 46 | 27/05/2018 | ? | Goliath and Goliath | Comedy and entertainment agency Goliath and Goliath suffered a loss of more than 300,000 ZAR (22,000 USD worth) in what appears to be a phishing scam. | Account Hijacking | R Arts entertainment and recreation | CC | ZA |
| 47 | 28/05/2018 | ? | Bank of Montreal | Bank of Montreal, the country's fourth bank, announces to have been contacted by fraudsters claiming to have stolen personal and financial information of a limited number of the bank's customers. According to the bank, less than 50,000 c customers are affected by the incident. | Unknown | K Financial and insurance activities | CC | CA |
| 48 | 28/05/2018 | ? | Canadian Imperial Bank of Commerce (CIBC) | Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial. | Unknown | K Financial and insurance activities | CC | CA |
| 49 | 28/05/2018 | ? | Taylor Cryptocurrency | The creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets. | Account Hijacking | V Fintech | CC | EE |
| 50 | 28/05/2018 | Cobalt AKA Carbanak | Several Russian Banks | Group-IB reveals that, despite the alleged arrest of its leader, the Cobalt (AKA Carbanak) hacker group that's specialized in stealing money from banks and financial institutions is still active, even launching a new campaign. | Targeted Attack | K Financial and insurance activities | CC | US |
| 51 | 28/05/2018 | ? | Harare Institute of Technology | A database from the Harare Institute of Technology is leaked, containing 3,500 users. | Unknown | P Education | CC | ZW |
| 52 | 29/05/2018 | Hidden Cobra | Multiple Targets | The FBI and Department of Homeland Security jointly release two technical alerts via the US-CERT, warning of two malware families dating back to at least 2009 that they say are tied to the suspected North Korea-sponsored APT group Hidden Cobra. The two malware families are the remote access tool (RAT) Joanap and the Server Message Block-based (SMB) worm Brambul. | Targeted Attack | Y Multiple Industries | CE | US |
| 53 | 29/05/2018 | ? | Brazilian Individuals | Researchers from IBM X-Force uncover a new Brazilian, Delphi-based banking malware, dubbed MnuBot. The malware uses Microsoft SQL Server as ITS command and control server. | Malware | K Financial and insurance activities | CC | BR |
| 54 | 29/05/2018 | ? | EOS Blockchain nodes | Threat Intelligence firm GreyNoise discovers that a mysterious attacker is scanning the Internet for EOS blockchain nodes that are accidentally exposing private keys through an API misconfiguration. | Brute-Force | V Fintech | CC | N/A |
| 55 | 30/05/2018 | IsHaKdZ | Ticketfly | The Ticketfly website is defaced with an image of V from the film V for Vendetta. Unfortunately, after refusing to pay a 1 BTC ransom, Ticketfly reveals that the personal information of 27 million accounts, including ticket buyers and venue operators, was accessed by the attacker. | Undisclosed vulnerability | R Arts entertainment and recreation | CC | US |
| 56 | 30/05/2018 | ? | Purdue University Pharmacy and the Family Health Clinic of Carroll County | Patients of the Purdue University Pharmacy and the Family Health Clinic of Carroll County receive notices that their information might be compromised because of a security breach. A malicious file was installed on some computers on September 1st. | Malware | Q Human health and social work activities | CC | US |
| 57 | 31/05/2018 | North Korean APT actor Group123? | South Koreans | Researchers from Cisco Talos discover NavRAT, a remote access trojan that apparently went undiscovered for at least two years, targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure. The tool leverages the email platform from South Korea-based Naver Corporation to communicate with the attackers. | Targeted Attack | X Individual | CE | KR |
| 58 | 31/05/2018 | Andariel Group | South Koreans | Local media in South Korea reveal that a North Korean cyber-espionage group has exploited at least nine ActiveX zero-day vulnerabilities, including a new 0-day, to infect South Korean targets with malware or steal data from compromised systems. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR |
| 59 | 31/05/2018 | ? | Sooke School District | The Sooke School District warns parents about a privacy invasion after an employee’s email was hacked. | Account Hijacking | P Education | CC | US |
