This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. GenZRisingNepal targets the website of Civil Aviation Authority of Nepal
- Category: Defacement
- Content: The group claims to have defaced the website of Civil Aviation Authority of Nepal.
- Date: 2025-09-25T14:19:12Z
- Network: telegram
- Published URL: (https://t.me/ctrl_nepal/120)
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Airlines & Aviation
- Victim Organization: civil aviation authority of nepal
- Victim Site: nepalgunj.caanepal.gov.np
2. Alleged leak of unidentified multiple banks data
- Category: Data Breach
- Content: The threat actor claims to be selling leaked banking data from multiple unidentified financial institutions in the U.S. and U.K., including Santander, Bank of America (BOA), Chase, and Citibank. The data allegedly includes sensitive personal and financial information such as credit card numbers (CC), CVC codes, expiration dates, full names, addresses, email addresses, phone numbers, and card types.
- Date: 2025-09-25T13:58:18Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/usa-banks.43549/)
- Screenshots:
- Threat Actors: ehsan8
- Victim Country: Unknown
- Victim Industry: Banking & Mortgage
- Victim Organization: Unknown
- Victim Site: Unknown
3. GenZRisingNepal targets the website of Nepalgunj Airport
- Category: Defacement
- Content: The group claims to have defaced the website of Nepalgunj Airport.
- Date: 2025-09-25T13:52:35Z
- Network: telegram
- Published URL: (https://t.me/ctrl_nepal/120)
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Airlines & Aviation
- Victim Organization: nepalgunj airport
- Victim Site: nepalgunj.caanepal.gov.np
4. Alleged unauthorized access to unidentified pumping station control system in Finland
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified pumping station control system in Finland. The compromised system allegedly allows full control over pump operation, monitor emergency conditions and change critical parameters.
- Date: 2025-09-25T12:54:59Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/787)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Finland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
5. Alleged unauthorized access to KT Corporation
- Category: Initial Access
- Content: The group claims to have obtained access to KT Corporation system via an exposed VNC service
- Date: 2025-09-25T12:19:51Z
- Network: telegram
- Published URL: (https://t.me/BangladeshAnonymous56/525)
- Screenshots:
- Threat Actors: BD Anonymous
- Victim Country: South Korea
- Victim Industry: Network & Telecommunications
- Victim Organization: kt corporation
- Victim Site: kt.com
6. Alleged sale of access to an unidentified PrestaShop platform in Spain
- Category: Initial Access
- Content: The threat actor claims to be selling admin and shell access to a PrestaShop-based e-commerce site in Spain.
- Date: 2025-09-25T10:59:52Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266972/)
- Screenshots:
- Threat Actors: niggaboi
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
7. Alleged sale of Zabbix admin panel access to an unidentified US based company
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to a Zabbix administration panel belonging to an unidentified U.S.-based industrial company. The panel reportedly manages 228 active hosts, many of which are Windows systems with client command execution already enabled.
- Date: 2025-09-25T10:27:12Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-CLIENT-COMMAND-ENABLED-180kk-Zabbix)
- Screenshots:
- Threat Actors: Yrrrr
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
8. Alleged sale of unauthorized CRM access to unidentified real estate organization in Jordan
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to the CRM and database of a Jordan-based real estate company. The access reportedly includes over 64,000 customer records, allowing the attacker to view full names, mobile numbers, customer stages, and source of leads.
- Date: 2025-09-25T10:22:18Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266969/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Jordan
- Victim Industry: Real Estate
- Victim Organization: Unknown
- Victim Site: Unknown
9. Alleged unauthorized access to Dalgakıran Compressor Ukraine LLC
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Dalgakıran Compressor Ukraine LLC. The compromised system allegedly allows full control over IDEAL IM-GO 300 SE oxygen station, monitoring pressure, O2 concentration, temperature, and equipment operation
- Date: 2025-09-25T09:50:58Z
- Network: telegram
- Published URL: (https://t.me/c/2549402132/355)
- Screenshots:
- Threat Actors: Inteid
- Victim Country: Ukraine
- Victim Industry: Machinery Manufacturing
- Victim Organization: dalgakıran compressor ukraine llc
- Victim Site: dalgakiran.ua
10. Alleged data sale of Bandung City Government, Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked personal data of 3.83 million residents of Bandung City, Indonesia, allegedly containing sensitive information such as full name, ID number, date of birth, gender, address, and more.
- Date: 2025-09-25T08:30:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-3-83-MILLION-POPULATION-DATABASE-OF-BANDUNG-CITY-INDONESIA)
- Screenshots:
- Threat Actors: WinZx
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: bandung city government
- Victim Site: bandung.go.id
11. Alleged data breach of Laptop IL
- Category: Data Breach
- Content: Threat actor claims to have breached data from Laptop IL.
- Date: 2025-09-25T07:55:42Z
- Network: telegram
- Published URL: (https://t.me/lunarisS3C/40)
- Screenshots:
- Threat Actors: LunarisSec
- Victim Country: Israel
- Victim Industry: Retail Industry
- Victim Organization: laptop il
- Victim Site: laptopil.co.il
12. Alleged data sale of DKI Jakarta Provincial Government
- Category: Data Breach
- Content: The threat actor claims to be selling the personal data of over 10 million residents of Jakarta, allegedly exposing sensitive information such as full names, national ID numbers (NIK), detailed addresses, phone numbers, and more.
- Date: 2025-09-25T07:43:45Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-leaked-10-million-residents-of-Jakarta-city)
- Screenshots:
- Threat Actors: petrush4x0r
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: dki jakarta provincial government
- Victim Site: jakarta.go.id
13. Alleged leak of Personally Identifiable Information data
- Category: Data Breach
- Content: The threat actor claims to have leaked personal data of an individual named Bahlil Lahadalia. The leaked information allegedly includes sensitive details such as full name, age, date of birth, place of birth, political affiliation, ID number, phone number, and email address.
- Date: 2025-09-25T07:13:50Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-BAHLIL-LAHADALIA-DATA)
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
14. Alleged leak of Chinese citizen and government database
- Category: Data Breach
- Content: Threat actor claims to have leaked Chinese citizen, government, and company databases.
- Date: 2025-09-25T06:20:26Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/china-db-leaks-from-citizens-governament-companies-avilable-all-fresh-extracted.43490/)
- Screenshots:
- Threat Actors: HnsLanda
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
15. Alleged data leak of KYC documents from USA
- Category: Data Breach
- Content: Threat actor claims to have leaked KYC documents from USA.
- Date: 2025-09-25T05:56:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-UnitedStates-Fresh-kyc-documents)
- Screenshots:
- Threat Actors: Vendetta
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
16. Alleged data breach of Big Daddy
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Big Daddy. The compromised data includes name, email, gender, phone.
- Date: 2025-09-25T05:51:40Z
- Network: openweb
- Published URL: (https://hydraforums.io/Threads-%F0%9F%92%B0%F0%9F%8E%AF%D1%81asino-gambling-bigdaddy-in-online-connect-%F0%9F%8E%AF%F0%9F%92%B0)
- Screenshots:
- Threat Actors: DataVortexDB
- Victim Country: India
- Victim Industry: Gambling & Casinos
- Victim Organization: big daddy
- Victim Site: bigdaddy.in
17. Alleged leak of driving license data from USA
- Category: Data Breach
- Content: Threat actor claims to have leaked driving license data from USA.
- Date: 2025-09-25T05:16:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Donald-trump-data)
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
18. Alleged data breach of FAU Erlangen-Nürnberg
- Category: Data Breach
- Content: Threat actor claims to have breached Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) on September 25, 2025, leaking student data and internal source code. The compromised data reportedly includes unique identifiers, timestamps, names, gender, and other personal fields from the university’s systems, exposing structured records such as UID, PID, and full names.
- Date: 2025-09-25T05:01:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Fau-de-Database-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Germany
- Victim Industry: Research Industry
- Victim Organization: fau erlangen-nürnberg
- Victim Site: fau.de
19. Alleged data sale of France Travail
- Category: Data Breach
- Content: Threat actor claims to have leaked 22.3M records from France Travail. The compromised data includes unique identifiers, social security numbers (NIR), full names, first names, agency codes, regional and antenna codes, postal codes, physical addresses, cities, timestamps, email addresses, and phone numbers. NB: The organization was previously breached on August 02, 2025.
- Date: 2025-09-25T04:47:04Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-France-Travail-Citizen-22M-Users-French-Database)
- Screenshots:
- Threat Actors: Shin0bi
- Victim Country: France
- Victim Industry: Government Administration
- Victim Organization: france travail
- Victim Site: francetravail.fr
20. Alleged sale of Discord AIO 2025
- Category: Malware
- Content: Threat actor claims to be offering a tool named “Discord AIO 2025,” an all-in-one cracking and automation suite targeting Discord. The tool reportedly includes features such as proxy scraping, token validation, account automation, server and DM spamming, nickname changers, and simulated user activity. It is designed for mass account control and abuse of Discord’s platform.
- Date: 2025-09-25T04:38:14Z
- Network: openweb
- Published URL: (https://demonforums.net/Thread-Discord-AIO-2025)
- Screenshots:
- Threat Actors: rippors
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
21. Alleged data breach of Singburi Hospital
- Category: Data Breach
- Content: The threat actor claims to have leaked Personally Identifiable Information of about 300K individuals from Singburi Hospital, under Thailand’s Ministry of Public Health. The exposed dataset reportedly contains full names, birthdates, phone number, parental details etc.
- Date: 2025-09-25T04:25:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Thailand-Database-singburihosp-moph-go-th-singburihosp-go-th-Personnel-Information)
- Screenshots:
- Threat Actors: RobotMan
- Victim Country: Thailand
- Victim Industry: Hospital & Health Care
- Victim Organization: singburi hospital
- Victim Site: singburihosp.moph.go.th
22. Alleged sale of Cracked NLBRute manager
- Category: Malware
- Content: Threat actor claims to be selling a cracked version of “NLBrute Manager” with perpetual activation.
- Date: 2025-09-25T04:07:45Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266955/)
- Screenshots:
- Threat Actors: veles777
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
23. HellR00ters Team targets the website of Zeus Marketing Pvt. Ltd.
- Category: Defacement
- Content: The group claims to have defaced the website of Zeus Marketing Pvt. Ltd. Proof: https://zone-xsec.com/archive/team/HellR00ters+Team
- Date: 2025-09-25T03:10:06Z
- Network: telegram
- Published URL: (https://t.me/c/2758066065/26)
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: zeus marketing pvt. ltd.
- Victim Site: zeusmarketingpvt.com
24. HellR00ters Team targets multiple websites in USA
- Category: Defacement
- Content: The group claims to have defaced multiple American organization’s websites, including MNM Digital Agency, Zen Marketing LLC and Seattle Exotic Limousine Services Proof: https://zone-xsec.com/archive/team/HellR00ters+Team
- Date: 2025-09-25T03:09:34Z
- Network: telegram
- Published URL: (https://t.me/c/2758066065/26)
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: mnm digital agency
- Victim Site: mnmdigitalagency.com
25. Alleged data breach of Itnet Infocom
- Category: Data Breach
- Content: A threat actor claims to have leaked sensitive personal and employment data from ITNet Infocom. The exposed dataset reportedly includes full names, dates of birth, email addresses, phone numbers (home, mobile, and work), home and work addresses, job titles, company names, emergency contact details, and other PII. The data is structured in database formats such as CSV and SQL.
- Date: 2025-09-25T02:58:56Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/itnet-breach-by-lazurgroup-gov.43529/)
- Screenshots:
- Threat Actors: breachz
- Victim Country: India
- Victim Industry: Retail Industry
- Victim Organization: itnet infocom
- Victim Site: itnetinfo.com
26. Alleged sale of 20 million USA insurance data
- Category: Data Breach
- Content: The threat actor claims to be selling data on 20 million U.S. insurance records.
- Date: 2025-09-25T00:42:32Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/us-isurance-fresh-extracted-2025-9-14-20-mill-persons-3-4-gb.43524/)
- Screenshots:
- Threat Actors: HnsLanda
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
27. Alleged data breach of AzoresAirlines.com
- Category: Data Breach
- Content: A threat actor claims to have leaked data from the official website of AzoresAirlines.com.
- Date: 2025-09-25T00:31:43Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/azoresairlines-com-db-leak-avilable-2025-9-20.43521/)
- Screenshots:
- Threat Actors: HnsLanda
- Victim Country: Portugal
- Victim Industry: Airlines & Aviation
- Victim Organization: azoresairlines.com.
- Victim Site: azoresairlines.com
28. Alleged Data Leak of Pakistan’s Intelligence Agency ISI
- Category: Data Breach
- Content: The group claims to have leaked the contact data of top officials from Pakistan’s Inter-Services Intelligence (ISI), along with senior personnel from the Army, Navy, and Air Force. The compromised dataset, reportedly sourced from a hacked Pakistani intelligence officer, is said to include details of ISI agents and handlers operating abroad.
- Date: 2025-09-25T00:14:14Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266949/)
- Screenshots:
- Threat Actors: xuii
- Victim Country: Pakistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from banking and government administration to airlines and retail, and impacting countries including Indonesia, USA, Nepal, China, and France. The compromised data ranges from personal user information and credit card details to over 10 million residents’ records and sensitive employment data. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to a pumping station control system in Finland, an industrial company’s Zabbix panel in the US, and a South Korean telecom system. Defacement attacks also targeted organizations in Nepal and India. The sale of malware, including cracking and automation tools, further underscores the availability of offensive capabilities in the cyber underground. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.