✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Public Safety
Breach intelligence, attack campaigns, and threat reports targeting the Public Safety sector.
Explore Other Sectors
Public Safety Threat Reports
Navigate360 P3 Global Intel Data Breach: A Wake-Up Call for Educational Cybersecurity
In March 2026, Navigate360's P3 Global Intel platform, an anonymous tip line used by over 30,000 schools and 5,000 public safety agencies, was reportedly breached by a hacker group known as Internet Yiff Machine. The attackers claimed to have exfiltrated approximately 93 gigabytes of data, including over 8 million law enforcement tips containing sensitive personally identifiable information (PII) of students and informants. This incident has raised significant concerns about the platform's security measures and the anonymity it promises to its users. The breach underscores the growing trend of cyberattacks targeting educational institutions, which have become increasingly frequent and sophisticated. The exposure of sensitive student data not only compromises individual privacy but also erodes trust in systems designed to enhance school safety. This incident highlights the urgent need for robust cybersecurity practices and compliance with data protection regulations within the education sector.
1 month ago
Kill Chain
ZionSiphon Malware: A New Threat to Water Treatment Facilities
In April 2026, cybersecurity researchers identified 'ZionSiphon,' a malware specifically designed to target operational technology within water treatment and desalination facilities in Israel. The malware aims to manipulate industrial control systems by increasing chlorine levels and adjusting hydraulic pressures to hazardous levels. Although the current version contains a flawed encryption logic that renders it non-functional, future iterations could rectify this issue, posing significant risks to critical infrastructure. This incident underscores the escalating threat landscape facing critical infrastructure sectors, particularly water treatment facilities. The emergence of specialized malware like ZionSiphon highlights the need for enhanced cybersecurity measures and vigilance to protect essential services from potential sabotage and disruption.
2 months ago
Kill Chain
Israel's Cyber Operation: Hacking Tehran's Traffic Cameras to Assassinate Khamenei
In early 2026, Israeli intelligence agencies executed a sophisticated cyber operation by infiltrating Tehran's traffic camera network and mobile phone systems. This prolonged surveillance enabled them to monitor the daily movements and routines of Iran's Supreme Leader, Ayatollah Ali Khamenei, and his security detail. The gathered intelligence facilitated a precision airstrike on February 28, 2026, resulting in Khamenei's death and the elimination of several high-ranking Iranian officials. ([theweek.in](https://www.theweek.in/news/middle-east/2026/03/03/israel-spent-years-hacking-irans-traffic-cameras-to-monitor-khameneis-movement.html?utm_source=openai)) This incident underscores the escalating use of cyber capabilities in state-sponsored operations, highlighting the vulnerabilities of critical infrastructure to cyber intrusions. The event has intensified geopolitical tensions and prompted nations to reassess their cybersecurity postures and defense mechanisms against similar threats.
3 months ago
Kill Chain
Spain Arrests Anonymous Fénix Hacktivists for DDoS Attacks
In February 2026, Spanish authorities arrested four members of the hacktivist group 'Anonymous Fénix' for orchestrating distributed denial-of-service (DDoS) attacks against government ministries, political parties, and public institutions. The group initiated its activities in April 2023, intensifying efforts after the October 2024 DANA storm in Valencia, which resulted in significant casualties and damage. They utilized social media platforms like X and Telegram to disseminate anti-government messages and recruit participants for their cyber campaigns. The arrests, conducted in May 2025 and February 2026 across various Spanish cities, led to the judicial seizure of the group's online accounts and the closure of their communication channels. ([web.guardiacivil.es](https://web.guardiacivil.es/en/destacados/noticias/Detenidos-los-cuatro-principales-integrantes-del-grupo-hacktivista-Anonymous-Fenix-por-ciberataques-contra-organismos-publicos/?utm_source=openai)) This incident underscores the persistent threat posed by hacktivist groups leveraging socio-political events to justify cyberattacks. The use of DDoS tactics to disrupt critical government services highlights the need for robust cybersecurity measures and proactive monitoring of online platforms for recruitment and coordination activities.
4 months ago
Kill Chain
Flock Cloud Misconfiguration Exposes AI Camera Surveillance Feeds in 2026
In January 2026, Flock, a prominent provider of AI-enabled surveillance technologies, faced a significant cybersecurity incident due to a cloud misconfiguration. Unauthorized online access was discovered, revealing live video streams from Flock’s advanced Condor pan-tilt-zoom cameras deployed in public areas and private properties. These cameras, designed for AI-driven facial and movement tracking, unintentionally exposed high-resolution footage of civilians—including children—across multiple locations, highlighting considerable privacy and operational risks. No evidence suggests the exposure was caused by active exploitation; instead, the open access points were a direct result of insufficient cloud security controls and misapplied access permissions. The incident triggered regulatory and public concern around surveillance, data protection, and compliance obligations, emphasizing the criticality of proper cloud configurations in the era of AI-driven physical security systems. This breach is indicative of a broader rise in cloud infrastructure misconfigurations exposing sensitive, AI-powered surveillance data. Regulatory agencies and industry groups are increasing pressure on technology vendors to enforce robust controls, with cloud and IoT security now considered foundational to protecting physical as well as digital environments.
5 months ago
Kill Chain
Ransomware Attack Hits Romanian Water Authority: A 2024 Critical Infrastructure Wake-Up Call
In June 2024, Romania’s National Water Administration (Administrația Națională Apele Române) suffered a ransomware attack that disrupted key systems and operational processes. The attack, identified over the weekend of June 8–9, targeted core IT infrastructure, encrypting file servers and temporarily interrupting the administrative management of the country’s water resources. While water supply to the public reportedly remained unaffected, the incident led to delays in critical public and environmental services and highlighted gaps in incident response capabilities and network segmentation. Early indications suggest the attackers used a known ransomware variant, gaining access via a vulnerable remote service. This breach comes amid a surge in ransomware attacks on public utilities across Europe, emphasizing the increasing threat to operational technology and critical infrastructure. Heightened regulatory scrutiny and an evolving threat landscape put additional pressure on agencies to improve cyber resilience and visibility.
5 months ago
Kill Chain
CISA Flags Active Exploitation of Digiever Authorization Vulnerability (CVE-2023-52163)
In December 2023, CISA added CVE-2023-52163 to its Known Exploited Vulnerabilities Catalog after identifying active exploitation of a missing authorization vulnerability in Digiever DS-2105 Pro network video recorders. Malicious actors leveraged this flaw to gain unauthorized access to sensitive functions and video data, bypassing authentication controls. The exploitation exposed affected organizations to privacy breaches, potential lateral movement within networks, and possible compromise of video surveillance infrastructure. The vulnerability is particularly concerning for agencies required to comply with Binding Operational Directive 22-01, raising enterprise risks related to data integrity, operational continuity, and regulatory responsibility. This incident underscores a broader trend of attackers exploiting well-known yet unpatched vulnerabilities in internet-connected devices. Recent months have seen an increase in targeting of IoT and NVR platforms, highlighting the urgency for prioritized vulnerability management as threat actors continue to shift focus towards overlooked or legacy systems.
5 months ago
Kill Chain
Ransomware Halts CodeRED Emergency Alert System in 2024
In June 2024, the CodeRED emergency alert platform experienced a major operational disruption after being targeted by the Inc ransomware gang. Attackers infiltrated the organization's systems, encrypted critical servers, and exfiltrated sensitive subscriber data, causing CodeRED to take its emergency alert services offline. Initial entry occurred through a phishing campaign, allowing lateral movement and the deployment of ransomware across east-west traffic. The attack compromised both the confidentiality and availability of data, significantly impacting public safety communication in affected regions. This incident highlights the escalating threat ransomware groups pose to critical infrastructure and public safety technology providers. As attackers target essential services with increasingly sophisticated methods, robust east-west security controls, zero trust segmentation, and real-time threat detection have become urgent priorities for organizations in all sectors.
5 months ago
Kill Chain
Crisis24 Shuts Down CodeRED Emergency System Following Ransomware Breach
In early June 2024, Crisis24 permanently shut down its OnSolve CodeRED emergency notification system after a ransomware attack severely damaged the platform's environment. The incident, attributed to the INC ransomware group, involved unauthorized access to and exfiltration of user data, including names, addresses, email addresses, phone numbers, and passwords. Forensic analysis indicated the attack was contained within the legacy CodeRED environment. The shutdown left dozens of municipalities and law enforcement agencies temporarily without emergency notification services, though the U.S. government's Emergency Alert System was unaffected. Crisis24 accelerated rollout of its new platform, conducted a security audit, and notified law enforcement. This breach underscores the increasing risk posed by ransomware groups targeting public safety infrastructure. With attackers leaking sensitive personal data and causing operational disruptions, organizations face mounting pressure to modernize legacy systems and enhance both incident response and segmentation controls in light of sophisticated, persistent threats.
5 months ago
Kill Chain
Ransomware Attack Disrupts Multiple London Councils’ IT Systems in 2024
In June 2024, the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council experienced operational disruption following a ransomware cyberattack on their shared IT provider, Westminster City Council Integrated IT (WCCIT). Attackers infiltrated municipal digital infrastructure, encrypted data, and impacted critical online services such as resident portals and payment processing. Public-facing platforms were taken offline as a precaution, and council operations shifted to manual workarounds, affecting both internal processes and citizen-facing services. The incident underscores the vulnerabilities within local government supply chains and highlights the ramifications of targeting shared service models in the public sector. This attack is a sobering reminder of the increasing incidence of ransomware campaigns targeting public entities in the UK and globally. With local authorities managing sensitive citizen data and critical services, the urgency for robust cybersecurity controls and incident response processes has never been more acute.
5 months ago
Kill Chain
How the OnSolve CodeRED Cyberattack Disrupted America’s Emergency Alert Infrastructure
In June 2024, Crisis24 confirmed that its OnSolve CodeRED platform—used by state and local governments, police, and firefighting agencies—suffered a cyberattack disrupting emergency notification systems nationwide. Attackers gained unauthorized access to critical infrastructure, resulting in outages that hindered the timely dissemination of emergency alerts and public safety updates. While the investigation is ongoing, the breach demonstrates significant operational risks associated with service provider platforms in the public safety sector, impacting communities’ emergency preparedness and response effectiveness. This incident underscores growing threats targeting third-party vendors in critical sectors, where cyberattacks exploit platform dependencies to cause widespread and immediate disruption. With increasing regulatory scrutiny and a surge in ransomware and extortion campaigns against essential services, organizations must reassess supply chain, segmentation, and incident response controls to maintain operational and compliance resilience.
5 months ago
Kill Chain
SiRcom Vulnerability Exposes Critical Siren Systems to Hijack (2025)
In November 2025, a critical vulnerability (CVE-2025-13483) was disclosed in SiRcom SMART Alert (SiSA), a central emergency alert management system used globally in emergency services, government, and defense sectors. The flaw, due to missing authentication for critical API functions, enabled unauthenticated attackers to access restricted backend operations. Successful exploitation could allow remote manipulation and activation of emergency sirens, posing wide-reaching operational and safety risks to affected communities. The vulnerability, assigned a CVSS v4 score of 8.8, was initially reported by Microsec researcher Souvik Kandar. This incident highlights the persistent risks posed by missing authentication in critical infrastructure applications. With remote exploitation possible and attackers’ interest in manipulating physical environments on the rise, it underscores the urgent need for robust authentication, especially amid compliance and regulatory tightening in the critical infrastructure sector.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports