[September-1-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged Data Leak of CalCOFI
  1. Alleged sale of ATM card cloning tool
  1. Alleged sale of admin level API access to an unidentifed Crypto Exchange
  1. Alleged database leak of Bitstamp
  • Category: Data Breach
  • Content: The group claims to have leaked 6M records from Bitstamp database. The compromised data includes customers’ first names, last names, country, email, phone numbers, brand, payment type, and dates.
  • Date: 2025-09-01T12:52:58Z
  • Network: telegram
  • Published URL: (https://t.me/c/2976044031/1151)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/3cc3bc37-3560-4fa1-b70a-1f51c772ec1a.png
  • Threat Actors: scattered lapsu$ hunters
  • Victim Country: Luxembourg
  • Victim Industry: Financial Services
  • Victim Organization: bitstamp usa, inc.
  • Victim Site: bitstamp.net
  1. Alleged data breach of Cổng thông tin điện tử Tỉnh Sơn La
  1. ResetIDN targets the website of Banyuputih Village
  1. Alleged unauthorized access to unidentified AIMK ventilation control system in Romania
  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to an unidentified AIMK ventilation control system in Romania, which manages large HVAC units (CTA 1, CTA 2, CTA 3). The compromised system allegedly allows full control over heating, ventilation, and air conditioning functions, including air flow monitoring, fan speeds, volumetric parameters, temperature indicators, and valve operations. The attackers also claim they can start or stop AHU and MRV modules, adjust manual and automatic air flow parameters, and manipulate recovery units and filters.
  • Date: 2025-09-01T11:25:44Z
  • Network: telegram
  • Published URL: (https://t.me/Z_ALLIANCE/681)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/1a77c231-bd4a-4e33-ba0d-8309d866f68e.png https://d34iuop8pidsy8.cloudfront.net/a2ffaf48-c5cd-4ced-8aad-0b9a7fa19618.png
  • Threat Actors: Z-ALLIANCE
  • Victim Country: Romania
  • Victim Industry: Industrial Automation
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Meduza Cyber Force claims to target multiple countries
  1. Alleged data leak of JBoss.org
  1. Alleged sale of access to Roche
  1. Alleged sale of access to HMM
  1. Alleged data sale from 100 Vietnamese hospitals
  1. Infinite Cyber Team targets the website of RK DIGITAL – Studio & Colorlab
  1. Infinite Cyber Team targets the website of REN FITNESS CLUB
  1. Infinite Cyber Team targets the website of Yoga Vidhya Pranic Healing Foundation Calicut
  1. Infinite Cyber Team targets the website of Pranavam Infotech
  1. Infinite Cyber Team targets the website of Meridian Diagnostics
  1. Infinite Cyber Team targets the website of Codeaxys
  1. Infinite Cyber Team targets the website of Mahathma Nature Cure Centre
  1. Infinite Cyber Team targets the website of India Legal Solutions
  1. Infinite Cyber Team targets the website of Healhub Rehabilitation Centre
  1. Infinite Cyber Team targets the website of Chiruthacorpgifts
  1. Infinite Cyber Team targets the website of Saipro Steel
  1. Infinite Cyber Team targets the website of greenhomecarekwt.com
  1. Infinite Cyber Team targets the website of Calicut Solar Tech
  1. Infinite Cyber Team targets the website of Bricks & Oaks
  1. Infinite Cyber Team targets the website of techsol-kw
  1. Infinite Cyber Team targets the website of Ayur Wellness & Spa
  1. Infinite Cyber Team targets the website of Agasthiya Herbs
  1. Infinite Cyber Team targets the website of Dr Asish Medical Center
  1. Infinite Cyber Team targets the website of Acero Nutech Structurals Pvt Ltd
  1. Infinite Cyber Team targets the website of Goodwill calicut
  1. Infinite Cyber Team targets the website of DeepSwara
  1. Infinite Cyber Team targets the website of Concorde International
  1. Infinite Cyber Team targets the website of Wayanad Greens
  1. Alleged source code leak of Santa Fe County Lodgers Portal
  1. Infinite Cyber Team targets the website of Willow Cleaning Services LLC
  1. Alleged data leak of IT Hub Solution
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database from IT Hub Solution, allegedly exposing sensitive personal and academic information. The dataset includes candidate names, caste categories, gender, date of birth, father’s name, domicile, mobile numbers, email IDs, academic board details, examination roll numbers, subject streams, class X and XII percentages, registration numbers, rank details (overall, category, and reservation-wise), merit index, course names, departments, subjects, admission years, and system remarks.
  • Date: 2025-09-01T07:28:15Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-IT-HUB-SOLUTION-ithubsolution-org-Data-Breach-Leaked-Download)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/75b4c028-398a-46a8-bc69-7d28a4fd300c.png
  • Threat Actors: N1KA
  • Victim Country: India
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: it hub solution
  • Victim Site: ithubsolution.org
  1. Alleged sale of 23000 credit card records from Mexico
  • Category: Data Breach
  • Content: The threat actor claims to be selling 23,000 credit card records from Mexico, reportedly containing card numbers (CC), expiration dates, CVV codes, full names, phone numbers, email addresses, and billing addresses. The data is allegedly 70% valid and may be used for financial fraud or identity theft.
  • Date: 2025-09-01T06:23:42Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/265350/)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/c5e01cf7-7bf3-4179-86cb-a95e5fe2db1d.png
  • Threat Actors: Mexicnon
  • Victim Country: Mexico
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged leak of Kalimantan
  1. Alleged sale of HTML loader
  1. TengkorakCyberCrew Official targets the website of Hyderabad Darbar
  1. TengkorakCyberCrew Official targets the website of Vertex Solution
  1. TengkorakCyberCrew Official Channel targets the website of Shenko IT
  1. scattered lapsu$ hunters claims to targets Starbucks
  1. TengkorakCyberCrew Official targets the website of Montague Care
  1. Alleged Unauthorized Access to New Ecology System S.p.A
  • Category: Initial Access
  • Content: Threat actor claims to have gained access to New Ecology System S.p.A’s SCADA-based waste processing system in Italy, which uses biotunnels, biofilters, and biocells to optimize waste decomposition, monitoring key parameters and leveraging inverter controls to enhance efficiency and reduce energy consumption.
  • Date: 2025-09-01T05:11:36Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/1303)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/2ddaa6b1-e1b5-4823-9e23-0b134903205c.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Italy
  • Victim Industry: Environmental Services
  • Victim Organization: new ecology system s.p.a
  • Victim Site: newecologysystem.it
  1. TengkorakCyberCrew Official targets the website of Milton Direct
  1. Alleged data breach of Service national universel
  • Category: Data Breach
  • Content: The threat actor claims to be selling a database of the French Service National Universel (SNU), containing 75,718 records. The exposed data includes participants’ full names, emails, unique IDs, French nationality status, application and validation phases, cohesion center assignments, activity domains, parental information, medical files, and other administrative details, potentially compromising both personal and program-related information of French youth participants.
  • Date: 2025-09-01T05:04:37Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-FRENCH-DATABASE-SERVICE-NATIONAL-UNIVERSEL-75K)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0e88328f-9686-44f8-966f-e558678e15d8.png
  • Threat Actors: nopeyourtoolate
  • Victim Country: France
  • Victim Industry: Government Administration
  • Victim Organization: service national universel
  • Victim Site: snu.gouv.fr
  1. TengkorakCyberCrew Official targets the website of Darbar Lounge.
  1. TengkorakCyberCrew targets the website of JV TEC SOFTWARE SOLUTIONS LIMITED
  1. TengkorakCyberCrew targets the website of arkiproperties
  1. Alleged leak of Indonesia Aceh Social Aid Database
  1. TengkorakCyberCrew Official targets the website of chutneys by hyderabad darbar
  1. Alleged data breach of warmerise
  1. Alleged data breach of onetap.com
  1. Alleged data breach of Liverpool Canoe Club
  • Category: Data Breach
  • Content: The threat actor claims to be leaking data from the Liverpool Canoe Club, exposing membership and payment records that include transaction dates, fees, item titles, participant names (including minors), and event details such as junior pool sessions, river trips, and adult memberships. The leaked data also reveals the club’s membership email, compromising both personal and financial information of its members.
  • Date: 2025-09-01T04:28:35Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-DATABASE-LIVERPOOL-CANOE-CLUB-BY-TERRORISM666)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/717c5b94-4b57-42a0-9308-fb9445a4662b.png
  • Threat Actors: TERRORISM666
  • Victim Country: UK
  • Victim Industry: Sports
  • Victim Organization: liverpool canoe club
  • Victim Site: liverpoolcanoeclub.co.uk
  1. Alleged data breach of ESTO Agency
  1. Alleged data breach of YUVA Run Foundation
  1. Alleged sale of Indian real estate leads
  1. Alleged leak of Cuba database
  1. Alleged data leak of emails from KinoKong
  1. Alleged sale of zero-day vulnerability in Microsoft IIS
  • Category: Vulnerability
  • Content: The threat actor claims to be selling a zero-day vulnerability in Microsoft IIS that allegedly allows remote code execution without user interaction. The post highlights the flaw’s wormable nature, meaning it could spread automatically between servers and potentially cause a large-scale outbreak.
  • Date: 2025-09-01T02:10:59Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-Windows-IIS-0Day)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0d72244e-12ad-4f53-bd8b-7c26874b68a1.png
  • Threat Actors: adrmc21
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of unauthorized access to an unidentified Chinese government network firewall
  1. Alleged Data Leak of French Bank Database

Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education and gaming to healthcare and automotive, and impacting countries including Bangladesh, Mexico, Malaysia, India, Indonesia, France, Brazil, and Israel. The compromised data ranges from personal user information and credit card details to sensitive patient records, classified military components, and large customer databases.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to banking systems, corporate networks (including RDWeb access to Canadian and UK firms), and even government and military infrastructure like the Royal Thai Air Force and Madrid’s irrigation system. The sale of malware, including penetration testing tools and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts