[September-19-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged data breach of Samco

2. Alleged unauthorized access to unidentified SCADA system controlling biomass boiler in Czech Republic

  • Category: Initial Access
  • Content: The group claims to have gained access to an unidentified SCADA system controlling biomass boiler in Czech Republic. The alleged breach control over hot water temperature settings, system’s on and off temperatures, screw cycling parameters, exhaust and auxiliary fans, operation parameters, heating circuit temperature parameters and schedule settings for the heating circuit.
  • Date: 2025-09-19T14:02:47Z
  • Network: telegram
  • Published URL: https://t.me/c/2948243735/53
  • Screenshots:
  • Threat Actors: TwoNet
  • Victim Country: Czech Republic
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

3. Alleged unauthorized access to unidentified TRC Automation production control in Italy

4. Alleged data sale of personally identifiable information (PII) from multiple countries

5. Alleged Unauthorized Access to Optical Network Control System, Ukraine

  • Category: Initial Access
  • Content: The group claims to have gained access to a PON optical network control panel in Ukraine. The alleged breach reportedly enables monitoring of optical ports, signal strength, voltage, and temperature, as well as management of user ONU/ONT devices, switch information, remote port controls and device blocking.
  • Date: 2025-09-19T12:30:29Z
  • Network: telegram
  • Published URL: https://t.me/n2LP_wVf79c2YzM0/1681
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Ukraine
  • Victim Industry: Network & Telecommunications
  • Victim Organization: Unknown
  • Victim Site: Unknown

6. Alleged data sale of Wärtsilä

7. Alleged Breach of Iran International

8. Alleged sale of custom malware

9. Alleged data leak of UAE Ministry of Education

10. Alleged unauthorized access to unidentified heat control system in Poland

11. Hider_Nex claims to target Israel

12. Alleged sale of Intelligence data

13. UnknowSec claims to target educational institutions in Thailand

14. Alleged data leak of information on community owners in Suqian City, China

15. UnknowSec claims to target School of Thailand

16. Alleged sale of 12.28 million data from UAE

17. Alleged data sale of an unidentified Dubai power station

18. Alleged data breach of Pasaman Regency Communication and Information Service West

19. Alleged data breach of Ministry of Finance

20. Alleged sale of unauthorized CRM access to unidentified software company in USA

  • Category: Initial Access
  • Content: A threat actor claims to be selling unauthorized access to the CRM and database of a US-based software company, reportedly containing personal and financial details such as full name, email, date of birth, SSN, phone numbers, addresses (current and previous), employment info, subscription plans, and status, with full admin privileges to view, edit, delete, export data, and access orders, tickets, employee lists, and email functions.
  • Date: 2025-09-19T04:09:53Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/266568/
  • Screenshots:
  • Threat Actors: betway
  • Victim Country: USA
  • Victim Industry: Software
  • Victim Organization: Unknown
  • Victim Site: Unknown

21. Alleged Access to Fully Undetectable Remote Access Tool with Valid EV Certificate

  • Category: Malware
  • Content: A threat actor is offering a fully undetectable (FUD) remote access tool as a ScreenConnect alternative, claiming it includes a valid Extended Validation (EV) certificate to bypass Chrome and SmartScreen protections, along with features such as a remote viewer, cloaked landing pages, antibot mechanisms, and a PowerShell-based executable loader, priced at $700 for a one-year license covering 300 devices.
  • Date: 2025-09-19T03:21:42Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/266565/
  • Screenshots:
  • Threat Actors: anaverageguy
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

22. Alleged sale of 1000 Brazilian credit card data

23. Alleged sale of Aux Logger v3.0.0.0 Monitor

24. Alleged data breach of Transparent BPO

  • Category: Data Breach
  • Content: Threat actor claims to have leaked the data of Transparent BPO. The compromised data includes activation codes, age, appearance, authentication data, account activation status, profile avatars, complete addresses, contact numbers, country, courtesy titles, personal descriptions, email addresses, email notification preferences, external identifiers, first names, completed forms, etc.
  • Date: 2025-09-19T02:33:03Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Transparent-BPO-Leaked-Download
  • Screenshots:
  • Threat Actors: flirt
  • Victim Country: USA
  • Victim Industry: Outsourcing & Offshoring
  • Victim Organization: transparent bpo
  • Victim Site: transparentbpo.com

25. Alleged data breach of Gobierno de San Juan

26. Alleged data breach of Malaysia Space Agency (MYSA)

Based on the provided reports, the incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors, from finance and industrial automation to government administration and education, and impacting countries including India, the Czech Republic, Italy, Ukraine, Finland, the UK, the UAE, Poland, Israel, China, Brazil, Indonesia, Algeria, the USA, Argentina, and Malaysia. The compromised data ranges from personal user information and credit card details to sensitive patient records, classified military components, and large customer databases. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to banking systems, corporate networks, government and military infrastructure, and industrial control systems. The sale of malware, including remote access tools, keyloggers, and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground. These incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts