InfoSecBulletin Cybersecurity for mankind
Crisis24 reported that its OnSolve CodeRED platform experienced a cyberattack, affecting emergency notification systems for governments and emergency services nationwide. The CodeRED platform enables these agencies to send alerts to residents during emergencies.
The cyberattack forced Crisis24 to decommission the legacy CodeRED environment, causing widespread disruption for organizations that use the platform for emergency notifications, weather alerts, and other sensitive warnings.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
In statements and an FAQ shared with impacted customers, Crisis24 says its investigation found that the attack was contained to the CodeRED environment and did not affect any of its other systems.
However, they have confirmed that data was stolen from the platform during the attack. This stolen information includes names, addresses, email addresses, phone numbers, and passwords used for CodeRED user profiles.
Crisis24 tells customers that they have seen no indication that the stolen data has been publicly published.
“CodeRED has informed us that while there are indications that data was taken from the system, at this time, there is no evidence that this information has been posted online,” warned an announcement by the City of University Park, Texas.
Because the attack damaged the platform, Crisis24 is rebuilding its service by restoring backups to a newly launched CodeRED by Crisis24 system. However, the available data is from an earlier backup on March 31, 2025, so accounts will likely be missing from the system.
Numerous counties, cities, and public safety agencies nationwide have reported on the cyberattack and disruption, stating that they are working to restore emergency alert systems for their residents.
INC Ransom gang claims responsibility:
While Crisis24 only attributed the breach to an “organized cybercriminal group,” BleepingComputer reported that the INC Ransomware gang has taken responsibility for the attack.
The group posted an entry for OnSolve on its Tor data leak site, including images that seem to reveal customer data like email addresses and clear-text passwords.
A ransomware group says it hacked OnSolve on November 1, 2025, and encrypted files on November 10. They claim that after not receiving a ransom, they’re now selling the stolen data.
Customers should reset any CodeRED passwords that appear in the screenshots and were used on other sites. INC Ransom is a ransomware-as-a-service (RaaS) that started in July 2023 and has attacked organizations globally.
The victims include various sectors such as education, healthcare, government, Yamaha Motor Philippines, Scotland’s NHS, Ahold Delhaize, and Xerox Business Solutions (XBS) in the U.S.
