[August-29-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged HTML INJECTION vulnerability on the subdomain Government of Semarang City
  • Category: Vulnerability
  • Content: The threat actor claims to have discovered a vulnerability that occurs when users can control the input point and inject arbitrary HTML code into a vulnerable web page. This vulnerability can lead to many consequences, such as exposure of user session cookies that can be used to impersonate the victim, or, more generally, allowing attackers to alter the content of the page viewed by the victim.
  • Date: 2025-08-29T14:24:24Z
  • Network: telegram
  • Published URL: https://t.me/FanatixLegionFX/380
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5082d68e-46ff-419b-ac78-008ad5f1c657.JPG
  • Threat Actors: FANATIX LEGION
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: government of semarang city
  • Victim Site: semarangkota.go.id
  1. Alleged Breach of OTP Bank Ukraine
  1. H3C4KEDZ targets the website of TAT Intelligence Center
  1. Alleged access to unidentified CCTV cameras in Japan
  1. Alleged sale of Israeli credit cards
  1. Alleged Data Breach of OTP Bank Ukraine
  1. Alleged unauthorized access to unidentified UK thermal well control system
  1. Z-ALLIANCE targets the website of Teplytsia
  1. Alleged data breach of Southern Federal University
  • Category: Data Breach
  • Content: The group claims to have leaked 12 GB of data from the Southern Federal University, allegedly containing CVs of professors and staff, sensitive personal information of faculty members, administrative files, confidential research projects and highly sensitive internal documents.
  • Date: 2025-08-29T13:02:10Z
  • Network: telegram
  • Published URL: https://t.me/FireWireMaroc/37
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/857c9940-09eb-4fed-a1fe-301281f8aa75.png
  • Threat Actors: Fire Wire
  • Victim Country: Russia
  • Victim Industry: Education
  • Victim Organization: southern federal university
  • Victim Site: sfedu.ru
  1. Alleged Sale of VPN Access to U.S. and Canadian Companies
  • Category: Initial Access
  • Content: The threat actor claims to be selling unauthorized VPN access to eleven organizations located in the United States and Canada. According to the listing, the accesses primarily provide domain user-level privileges, with affected companies spanning multiple sectors including manufacturing, logistics, finance, construction, chemicals, automotive services, and architecture.
  • Date: 2025-08-29T12:26:05Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/265178/
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/bd2315e7-f324-4bd8-8f12-05a30862d37c.png
  • Threat Actors: ProfessorKliq
  • Victim Country: USA
  • Victim Industry: Financial Services
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged Sale of Access to Vietnamese Power Company
  • Category: Initial Access
  • Content: The threat actor claims to be selling unauthorized access to a power company in Vietnam. The actor possesses domain administrator privileges with VPN access, enabling control over approximately 320 domain-joined computers.
  • Date: 2025-08-29T12:18:49Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/265174/
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/bf761eb0-aaca-4eeb-8bc5-32ce7f34f53d.png
  • Threat Actors: personX
  • Victim Country: Vietnam
  • Victim Industry: Energy & Utilities
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged leak of access to Fastweb SCADA system
  1. Alleged leak of login access to KT Corporation
  1. Alleged data leak of PT Infrastruktur Bisnis Sejahtera
  1. Alleged leak of Pakistani student database
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a 3,037-line database from Pakistan containing detailed student information. The dataset reportedly includes full names, parent names, gender, dates of birth, CNIC numbers, contact numbers, residential addresses, email addresses, class levels, course categories, registered institutions, and registration timestamps.
  • Date: 2025-08-29T09:39:56Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-3037-LINE-DATABASE-PAKISTAN
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/d66739c9-80f9-4eac-a7a8-c927ff7f5f40.png
  • Threat Actors: APT_GHOSTID
  • Victim Country: Pakistan
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of PERPUSTAKAAN PENGADILAN NEGERI BOYOLALI
  • Category: Data Breach
  • Content: The group claims to have breached the server of PERPUSTAKAAN PENGADILAN NEGERI BOYOLALI and uploaded a text file mentioning the breach
  • Date: 2025-08-29T09:26:03Z
  • Network: telegram
  • Published URL: https://t.me/c/2702757113/215
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/00282379-7c65-406b-a7f7-3fcede9d42d6.png
  • Threat Actors: Night Owll
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: perpustakaan pengadilan negeri boyolali
  • Victim Site: perpustakaan.pn-boyolali.go.id
  1. Alleged data leak of Pakistani pilot personnel
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database containing pilot personnel records from Pakistan, including details such as full names, CNIC/ID numbers, dates of birth, addresses, cities, provinces, blood groups, gender, personal and emergency contact numbers, email addresses, parent/guardian names, employment IDs, joining and leaving dates, and pilot grades
  • Date: 2025-08-29T09:00:32Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-DATABASE-TEST
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/16c6f88b-c9cc-4d9a-b171-ed8d32044fda.png
  • Threat Actors: APT_GHOSTID
  • Victim Country: Pakistan
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. KAL EGY 319 claims to target Egypt
  1. Alleged data sale of SMA Mazraatul Ulum Paciran
  1. Alleged data leak of Indonesian National Police
  1. Alleged sale of U.S. Executive Records
  1. Alleged sale of MMS Parser 0day RCE Exploit
  1. Alleged sale of Verified Mobile Numbers from Crypto Users
  1. Alleged unauthorised access to Thailand’s Department of Fisheries
  1. Alleged data breach of Polda Banten
  1. Alleged DOM based XSS vulnerability in the website of FontIran
  1. Alleged sale of unauthorized access to AgilPay
  1. Alleged data breach of LiteBit Crypto Exchange
  1. Alleged data breach of National Ski Council Federation (NSCF)
  1. Alleged data breach of Summit Bank Limited
  • Category: Data Breach
  • Content: A threat actor claims to be selling a database from a bank in Pakistan, specifically citing sample data from Summit Bank. The database reportedly contains sensitive financial and personal information, including CNIC/passport numbers, full names, addresses, account numbers, account types, deposit details, instrument and cheque information, currency and conversion rates, and provincial data.
  • Date: 2025-08-29T03:52:51Z
  • Network: telegram
  • Published URL: https://t.me/digitalsghost/715
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/6bf5f1e4-979e-43d9-b159-3b6b0976e03e.png
  • Threat Actors: DigitalGhost
  • Victim Country: Pakistan
  • Victim Industry: Banking & Mortgage
  • Victim Organization: summit bank limited
  • Victim Site: summitbank.com.pk
  1. Alleged data breach of AxisPro
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database from AxisPro (axisproerp.com), a UAE-based cloud ERP system used in government service centers including Amer, Tas-heel, Tadbeer, and Typing Centers. The exposed data reportedly contains 230,089 records and includes detailed customer and transaction information such as names, TRNs, mobile numbers, emails, payment methods, invoice totals, transaction references, and employee details associated with the transactions.
  • Date: 2025-08-29T03:45:12Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-DATABASE-AxisPro-axisproerp-com-Database-Breach-Leaked-Download–27373
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/3a3409fd-24a0-42f4-8f23-e607b2ce7af8.png
  • Threat Actors: N1KA
  • Victim Country: UAE
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: axispro
  • Victim Site: axisproerp.com
  1. Alleged data breach of Shelbourne Accountants
  1. Alleged data breach of ACROAMATICS Telemetry Systems
  1. Alleged data breach of Bureau of Justice Statistics (BJS)
  1. Alleged data leak of Russian confidential documents
  • Category: Data Breach
  • Content: The group claims to have leaked 300GB of top-secret data and documents related to the Russia-Ukraine war, including details on the construction of Russian missiles, profiles of diplomats and high-ranking military officials, submarine information, files from the Russian space agency, secret military data, internal internet network structures, wiring and cabling schemes, and data center information.
  • Date: 2025-08-29T02:56:45Z
  • Network: telegram
  • Published URL: https://t.me/digitalsghost/712
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0b5ef6b2-e5e0-46b1-ac9f-d0d0d8d0d906.png
  • Threat Actors: DigitalGhost
  • Victim Country: Russia
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged leak of Indonesia data
  1. Alleged unauthorised access to Queen Sirikit National Institute of Child Health
  1. Alleged leak of Business Database from Finland
  1. Alleged sale of Nexoria Panel Stealer
  1. Alleged sale of unauthorized RDP access to an unidentified retail company in Germany
  • Category: Initial Access
  • Content: A threat actor claims to be selling domain user-level RDP access to a retail company based in Germany. The company reportedly earns less than $5 million annually and uses Panda Endpoint as its antivirus solution. The access includes two servers and two to three local PCs active during working hours.
  • Date: 2025-08-29T01:52:04Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/265156/
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ad3d31fa-c325-4645-9737-79667fa66777.png
  • Threat Actors: MrDarKNesS
  • Victim Country: Germany
  • Victim Industry: Retail Industry
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of Harita Group

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from financial services and education to law enforcement and mining. The compromised data ranges from personal user information and sensitive employee records to confidential government documents and financial details.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to industrial systems, corporate networks, and government infrastructure. The sale of malware, including advanced exploits and tools, further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts