• Israel
• Handala
• Kibbutz Almog
• Government
• Middle East
• Asia
• Data Encrypted For Impact

Kibbutz Almog Allegedly Breached by Handala

On June 20, 2025, the pro-Palestinian hacktivist group Handala claimed responsibility for an alleged breach targeting Kibbutz Almog, an Israeli communal settlement. The group alleges to have exfiltrated extensive internal materials, including email communications, financial and personnel records, surveillance footage, and backup archives. As proof of compromise, Handala shared over 60,000 documents proof of compromise and threatened further data exposure.

• Israel
• The Knesset
• Government
• Middle East
• Asia
• Evil_Byte

Evil_Byte Claims Breach of Israeli Government Body System June

On June 17, 2025, hacktivist group Evil_Byte claimed responsibility for a cyberattack allegedly targeting Israeli government infrastructure. The group asserted that they had gained root-level access and exfiltrated sensitive data, including authentication credentials and phone numbers linked to Mossad and police personnel. No independent verification of unauthorized access or data theft has been confirmed.

• Israel
• Government
• Middle East
• Resistancetrench
• Asia
• Israeli Air Force

Israeli Air Force Pilot Data Allegedly Leaked by Pro-Iranian Actor

On June 15, 2025, Sensitive data belonging to 40 Israeli Air Force pilots was allegedly leaked by a pro-Iranian source amid the ongoing Israel-Iran conflict. The breach reportedly targeted classified military data within the Israeli Ministry of Defense, exposing highly confidential details such as pilots' full names, ages, combat units, air bases, and field roles. According to the attackers, the pilots operated aircraft including the F-15I Ra’am, F-16I Sufa, and F-35I Adir. The credibility of the leak is challenged by the fact that the identity of the threat actor behind the disclosure was not revealed, and the unknown source of the data further raises questions about its authenticity.

• Israel
• Israel Defense Forces
• Government
• Middle East
• Asia

Wave of Recycled Data Leaks Targets Israeli Institutions to Simulate Active Breach Campaigns

A possibly coordinated wave of threat activity observed in early June 2025 involves the resurfacing of recycled or publicly available data falsely presented as new breaches targeting Israeli institutions, including the Israel Police, Ministry of Housing, IDF, and National Insurance Institute. Threat actors shared large archives and high-profile claims—such as a 16.9 GB police data leak and an alleged Android zero-day used against IDF personnel—to simulate active cyberattacks, despite forensic analysis confirming that most materials are outdated or previously exposed.

• Critical Infrastructures
• Uat-6382
• Tetraloader
• United States
• Government
• Trimble
• Cve-2025-0944
• North America
• CVE-2025-0944
• Business Services

Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks

A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.