This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged unauthorized access to Ministry of Finance of Thailand
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Tax Single Sign-On of Ministry of Finance of Thailand.
- Date: 2025-09-29T14:23:53Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2777)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: ministry of finance of thailand
- Victim Site: etax.mof.go.th
2. Alleged Sale of E-KTP Data from SMK Taruna Bhakti Depok
- Category: Data Breach
- Content: The group claims to be selling a database containing E-KTP data from SMK Taruna Bhakti Depok in Indonesia. The compromised data reportedly includes personal identification details of students and staff.
- Date: 2025-09-29T14:23:35Z
- Network: telegram
- Published URL: (https://t.me/VFCTeam/188)
- Screenshots:
- Threat Actors: V FOR VENDETTA CYBER TEAM
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: smk taruna bhakti depok
- Victim Site: smktarunabhakti.net
3. Alleged data sale of the National Real Estate and Housing Registration System of Iran
- Category: Data Breach
- Content: The threat actor claims to be selling 9 million housing and related personal data records from the National Real Estate and Housing Registration System of Iran.
- Date: 2025-09-29T14:21:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-IRAN-9-000-000-Rows-of-Data-from-amlak-mrud-ir)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Iran
- Victim Industry: Government Administration
- Victim Organization: national real estate and housing registration system of iran
- Victim Site: amlak.mrud.ir
4. Alleged data leak of all Yemeni military and government seals
- Category: Data Breach
- Content: The threat actor claims to have leaked Yemeni military, government, and private sector seals.
- Date: 2025-09-29T14:17:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Yemen-All-Military-and-Government-Seals-2025)
- Screenshots:
- Threat Actors: Anonymous2090
- Victim Country: Yemen
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
5. J E Stacey & Co Ltd falls victim to J group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 184 Gb of organization’s data.
- Date: 2025-09-29T14:13:17Z
- Network: tor
- Published URL: (http://twniiyed6mydtbe64i5mdl56nihl7atfaqtpww6gqyaiohgc75apzpad.onion/posts/68da8156f0cd632fbb895bf1/68da8156f0cd632fbb895bf1/)
- Screenshots:
- Threat Actors: J group
- Victim Country: UK
- Victim Industry: Building and construction
- Victim Organization: j e stacey & co ltd
- Victim Site: jestacey.com
6. Alleged data breach of PRECCS
- Category: Data Breach
- Content: Threat actor claims to be selling 142K database from PRECCS.The compromised data reportedly includes first name, client id, last name, home phone, loan name, office phone, mobile phone, agency, primary email, country, do not call, date of birth, assigned to, pangea status, insolvency etc.
- Date: 2025-09-29T14:01:40Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267213/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Mexico
- Victim Industry: Financial Services
- Victim Organization: preccs
- Victim Site: preccs.com
7. Lakehaven Water and Sewer District falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-09-29T13:41:09Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=77c23a63-743a-3e6c-9142-f0c85a859120)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: lakehaven water and sewer district
- Victim Site: lakehaven.org
8. Alleged Unauthorized Access to U.S. Water Treatment and Pumping Systems
- Category: Initial Access
- Content: The group claims to have gained access to an unidentified water purification and pumping station system in the United States. The alleged breach reportedly enables oversight of suction and distribution tanks, inlet pumps, dosing units, filtration blocks, and distribution tanks.
- Date: 2025-09-29T13:39:56Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1769)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
9. Virtual Projects falls victim to J group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 486 GB of organization’s data, including employee records (HR letters, offer letters, employment contracts, Certificates, Personal documents (ID copies, passports, photos), social insurance and visa documentation.
- Date: 2025-09-29T13:35:31Z
- Network: tor
- Published URL: (http://twniiyed6mydtbe64i5mdl56nihl7atfaqtpww6gqyaiohgc75apzpad.onion/posts/68da2f7bf0cd632fbb89582f/68da2f7bf0cd632fbb89582f/)
- Screenshots:
- Threat Actors: J group
- Victim Country: UAE
- Victim Industry: Building and construction
- Victim Organization: virtual projects
- Victim Site: virtualprojects.build
10. The General Directorate of Taxes and Estates falls victim to BlackShrantac ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-09-29T13:22:34Z
- Network: tor
- Published URL: (http://b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion/targets/4)
- Screenshots:
- Threat Actors: BlackShrantac
- Victim Country: Senegal
- Victim Industry: Government Administration
- Victim Organization: the general directorate of taxes and estates
- Victim Site: dgid.sn
11. Alleged unauthorized access to unidentified YAESU Antenna Rotor Control System in UK
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to a unidentified YAESU antenna rotor control system in the UK. The compromised system reportedly enables precise adjustment of antenna direction, motor speed, and sensor parameters, allowing control over radio signal alignment and broadcast targeting.
- Date: 2025-09-29T13:16:25Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/792)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
12. manjarrez printers sa de cv falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained data from the organization.
- Date: 2025-09-29T13:15:22Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68da79befa0b6f4bdf753367)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Mexico
- Victim Industry: Printing
- Victim Organization: manjarrez printers sa de cv
- Victim Site: manjarrezimpresores.com.mx
13. Raimore Construction, LLC falls victim to J group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1.5 GB of organization’s data.
- Date: 2025-09-29T13:04:19Z
- Network: tor
- Published URL: (http://twniiyed6mydtbe64i5mdl56nihl7atfaqtpww6gqyaiohgc75apzpad.onion/posts/689238880b175cbc06955c37/689238880b175cbc06955c37/)
- Screenshots:
- Threat Actors: J group
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: raimore construction, llc
- Victim Site: raimore.com
14. InDoM1nu’s targets multiple Nigerian websites
- Category: Defacement
- Content: The group claims to have defaced multiple Nigerian websites
- Date: 2025-09-29T12:51:17Z
- Network: telegram
- Published URL: (https://t.me/InDoM1nusTeam/156?single)
- Screenshots:
- Threat Actors: InDoM1nu’s
- Victim Country: Nigeria
- Victim Industry: Professional Training
- Victim Organization: techs hub
- Victim Site: techshub.org
15. Sono Show Móveis falls victim to Mydata/Alphalocker Ransomware
- Category: Ransomware
- Content: The group claims to have access to 23 GB of organizational data, including data Clients Projects Financial documentation etc.
- Date: 2025-09-29T12:34:08Z
- Network: tor
- Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog)
- Screenshots:
- Threat Actors: Mydata/Alphalocker
- Victim Country: Brazil
- Victim Industry: Furniture
- Victim Organization: sono show móveis
- Victim Site: sonoshowmoveis.com.br
16. DigitalStormSec targets the website of Definitive Business Solutions Limited
- Category: Defacement
- Content: The group claims to have defaced the website of Definitive Business Solutions Limited.
- Date: 2025-09-29T12:28:00Z
- Network: telegram
- Published URL: (https://t.me/c/2527455775/580)
- Screenshots:
- Threat Actors: DigitalStormSec
- Victim Country: UK
- Victim Industry: Education
- Victim Organization: definitive business solutions limited
- Victim Site: dbslltd.co.uk
17. KAL EGY 319 targets multiple Turkish websites
- Category: Defacement
- Content: Group claims to have defaced multiple Turkish websites.Mirror Link : https://zone-xsec.com/mirror/id/740814 https://zone-xsec.com/mirror/id/740815 https://zone-xsec.com/mirror/740817 https://www.zone-h.org/mirror/id/41455191 https://zone-xsec.com/mirror/id/740818 https://zone-xsec.com/mirror/id/740822 https://zone-xsec.com/mirror/id/740827 https://zone-xsec.com/mirror/id/740830 https://zone-xsec.com/mirror/id/740832 https://zone-xsec.com/mirror/740834 https://zone-xsec.com/mirror/740836 https://zone-xsec.com/mirror/740837 https://zone-xsec.com/mirror/740838 https://zone-xsec.com/mirror/740840 https://zone-xsec.com/mirror/740843 https://zone-xsec.com/mirror/740844 https://zone-xsec.com/mirror/740847 https://zone-xsec.com/mirror/740849 https://zone-xsec.com/mirror/740851 https://zone-xsec.com/mirror/740853 https://zone-xsec.com/mirror/740856 https://zone-xsec.com/mirror/740857 https://zone-xsec.com/mirror/740858
- Date: 2025-09-29T11:48:33Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/7)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Turkey
- Victim Industry: Transportation & Logistics
- Victim Organization: yigit tur tourism trade co. ltd.
- Victim Site: yigitturizm.com.tr
18. PHI falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained data from the organization.
- Date: 2025-09-29T11:47:25Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68da5cbffa0b6f4bdf739e7a)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Canada
- Victim Industry: Performing Arts
- Victim Organization: phi
- Victim Site: phi.ca
19. Alleged data breach of VMX
- Category: Data Breach
- Content: The threat actor claims to have leaked nearly 2 million records from VMX, allegedly containing employee IDs, emails, full names, dates of birth, contact numbers, COVID-19 health data, payment records, and more.
- Date: 2025-09-29T10:54:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-vivamax-net-PHILIPPINES-DATA-LEAK–48930)
- Screenshots:
- Threat Actors: Quantum_Security_Group
- Victim Country: Philippines
- Victim Industry: Entertainment & Movie Production
- Victim Organization: vmx
- Victim Site: vivamax.net
20. Hoffman Estates Park District falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-09-29T10:17:23Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9973988c-4be0-3f16-adca-fcf47b1928d1)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Recreational Facilities & Services
- Victim Organization: hoffman estates park district
- Victim Site: heparks.org
21. Alleged data breach of Terminals Parking
- Category: Data Breach
- Content: The group claims to have leaked the data from Terminals Parking.
- Date: 2025-09-29T10:10:08Z
- Network: telegram
- Published URL: (https://t.me/perunswaroga/566)
- Screenshots:
- Threat Actors: Perun Svaroga
- Victim Country: UK
- Victim Industry: Transportation & Logistics
- Victim Organization: terminals parking ltd
- Victim Site: terminalparking.co.uk
22. Alleged Breach of 4 Elements Control Systems in Ukraine
- Category: Data Breach
- Content: The group claims to have gained unauthorized access to the control systems of 4 Elements. The compromised systems reportedly enable the development and implementation of advanced cooling and freezing solutions for warehouses and production facilities, as well as comprehensive monitoring of industrial refrigeration units and ventilation systems.
- Date: 2025-09-29T09:07:23Z
- Network: telegram
- Published URL: (https://t.me/c/2549402132/368)
- Screenshots:
- Threat Actors: Inteid
- Victim Country: Ukraine
- Victim Industry: Industrial Automation
- Victim Organization: 4 elements
- Victim Site: 4stykhii.com.ua
23. Night Owll targets the website of Furbabiesplus.edublogs.org
- Category: Defacement
- Content: The group claims to have defaced the website of Furbabiesplus.edublogs.org.
- Date: 2025-09-29T08:38:43Z
- Network: telegram
- Published URL: (https://t.me/c/2702757113/474)
- Screenshots:
- Threat Actors: Night Owll
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: furbabiesplus.edublogs.org
- Victim Site: furbabiesplus.edublogs.org
24. Alleged leak of Chinese government employees data
- Category: Data Breach
- Content: The threat actor claims to have leaked the data of 41 million Chinese government employees, allegedly including IDs, email addresses, dates of birth, and more.
- Date: 2025-09-29T08:05:08Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Chinese-government-employees-2025–48686)
- Screenshots:
- Threat Actors: Fox_con
- Victim Country: China
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
25. Alleged data breach of Pharmacie.ma
- Category: Data Breach
- Content: The threat actor claims to have leaked the data of 41,772 customers from Pharmacie.ma. The compromised information includes email addresses, passwords, pharmacy names, professional addresses, IDs, mobile numbers, and more.
- Date: 2025-09-29T07:49:25Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Pharmacie-ma-Database-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Morocco
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: pharmacie.ma
- Victim Site: pharmacie.ma
26. Alleged data leak of Switzerland database
- Category: Data Breach
- Content: Threat actor claims to have leaked 9.1 GB of Switzerland database.
- Date: 2025-09-29T06:27:50Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-switzerland-db-fresh-extracted-avilable-2025-9-23-9-7-million-rows-9-1GB–48617)
- Screenshots:
- Threat Actors: ywes982
- Victim Country: Switzerland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
27. DigitalStormSec targets the website of landing.demodekhi.xyz
- Category: Defacement
- Content: The threat actor claims to be defaced the website of landing.demodekhi.xyz.
- Date: 2025-09-29T06:26:32Z
- Network: telegram
- Published URL: (https://t.me/c/2527455775/576)
- Screenshots:
- Threat Actors: DigitalStormSec
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: landing.demodekhi.xyz
28. f4ded b0yz claims breach of X’s Okta Platform
- Category: Alert
- Content: Threat actor is claiming responsibility for a breach of X’s (Twitter’s) Okta identity and access management platform. The screenshots show access to Okta’s admin recovery workflow, including a manual recovery request and new recovery email setup, which would allow them to hijack accounts. Another screenshot shows the Okta agent dashboard with access to internal workflows, suggesting they could impersonate or escalate privileges of internal users. The threat actor claim they leveraged a Google dork (advanced search query) to discover exposed employee information, which helped them pivot into Okta and gain unauthorized access. This implies a potential identity compromise and privilege escalation risk within X’s authentication infrastructure.
- Date: 2025-09-29T06:04:51Z
- Network: openweb
- Published URL: (https://x.com/F4dedB0yz/status/1972426248258523574)
- Screenshots:
- Threat Actors: f4ded b0yz
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: okta, inc.
- Victim Site: okta.com
29. MSB Inc. falls victim to Sarcoma Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 66 GB of organization’s internal data including tax documents, financial ledgers, insurance certificates, construction permits, income statements and operational records. Sample screenshots are available on their dark web portal.
- Date: 2025-09-29T05:54:16Z
- Network: tor
- Published URL: (http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/ed54b75d-3597-4eda-a542-f40ab1238413.png
- https://d34iuop8pidsy8.cloudfront.net/6e835c9e-8703-44fa-9d93-5a30a703252c.png
- https://d34iuop8pidsy8.cloudfront.net/4a5889ca-a549-45f9-88d1-01b447fa8214.png
- https://d34iuop8pidsy8.cloudfront.net/b04170d8-9cd6-4471-8564-11e7b3941e87.png
- https://d34iuop8pidsy8.cloudfront.net/926d5625-b3e7-4173-b580-f725bf033a28.png
- https://d34iuop8pidsy8.cloudfront.net/939767e8-50a5-4136-9f3d-f7422efb737e.png
- https://d34iuop8pidsy8.cloudfront.net/ece9da93-145d-49dd-b823-01fc2d59a46c.png
- https://d34iuop8pidsy8.cloudfront.net/e822375e-2fef-4907-a8f3-6ece9783835c.png
- https://d34iuop8pidsy8.cloudfront.net/be3bb9a6-211c-4d84-bdac-f27198e6c6ed.png
- Threat Actors: Sarcoma
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: msb inc.
- Victim Site: msbuilders.com
30. Alleged data breach of QRIS Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of association of bank of Indonesia with the QRIS gateway, exposing 1.5 million transaction records. The data includes sensitive details like customer names, merchant info, transaction amounts, and payment references. The breach allegedly occurred in September 2024.
- Date: 2025-09-29T05:32:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-1-5-Million-Indonesian-SILOTQRIS-QRIS-Indonesia-Leaked-Download)
- Screenshots:
- Threat Actors: UNIT_PEGASUS
- Victim Country: Indonesia
- Victim Industry: Financial Services
- Victim Organization: qris indonesia
- Victim Site: Unknown
31. Alleged data breach of Colegio Franco Peruano
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Colegio Franco Peruano, a private educational institution in Peru, after breaching multiple internal systems. The exposed data reportedly includes sensitive personal information of 7,882 students, 296 teachers, and 2,551 family members, with records containing names, national IDs, contact details, photos, academic history, and even plain-text passwords.
- Date: 2025-09-29T04:24:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-PERU-COLEGIO-FRANCO-PERUANO-7882-ESTUDIANTES-296-PROFESORES-Y-2551-FAMILIARES)
- Screenshots:
- Threat Actors: milan
- Victim Country: Peru
- Victim Industry: Education
- Victim Organization: colegio franco peruano
- Victim Site: lfrancope.edu.pe
32. Alleged sale of access to an unidentified French PrestaShop admin panel
- Category: Initial Access
- Content: The threat actor claims to be selling access to a French-based PrestaShop admin panel, offering full administrator privileges and the ability to configure redirects.
- Date: 2025-09-29T04:05:18Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267205/)
- Screenshots:
- Threat Actors: shadowwss
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
33. Alleged data sale of Vehicle Emissions Control
- Category: Data Breach
- Content: The threat actor claims to be selling 208 GB of vehicle emissions control data in document form for $3,000, with the price negotiable.
- Date: 2025-09-29T03:43:01Z
- Network: telegram
- Published URL: (https://t.me/rubiconh4ckss/87)
- Screenshots:
- Threat Actors: Rubicon
- Victim Country: Mexico
- Victim Industry: Environmental Services
- Victim Organization: vehicle emissions control
- Victim Site: vec.emissions.mx
34. Alleged data leak of real time online lending records in India
- Category: Data Breach
- Content: Threat actor claims to have leaked real time online lending records in India. The compromised dataset includes detailed transactional and customer information such as record IDs, transaction types and IDs, geographic identifiers (state, region, area, branch, and service center details), group and customer codes, customer names and mobile numbers, loan IDs, product details, as well as billing and user role information.
- Date: 2025-09-29T02:54:19Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Real-time-data-on-online-lending-in-India)
- Screenshots:
- Threat Actors: Dy1223344
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
35. Alleged data breach of Atwar Alkon
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Atwar Alkon, a Saudi-based design and construction firm specializing in architectural and interior design. The alleged leak contains data on 119 employees, including possible names, roles, or contact information.
- Date: 2025-09-29T02:07:59Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-atwaralkon-com-sa-Employees)
- Screenshots:
- Threat Actors: Purple0piOd
- Victim Country: Saudi Arabia
- Victim Industry: Research Industry
- Victim Organization: atwar alkon
- Victim Site: atwaralkon.com.sa
36. Alleged data leak of Taiwan Loan Data
- Category: Data Breach
- Content: The threat actor claims to be leaked database of Taiwan Loan Data.
- Date: 2025-09-29T01:42:16Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/taiwan-loan-data.43768/)
- Screenshots:
- Threat Actors: kodahe4237
- Victim Country: Taiwan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
37. Naftali Group falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 118 GB of organization’s internal data including financial records, legal contracts, and human resources documentation
- Date: 2025-09-29T01:08:06Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68d9a08e88b6823fa2391e9a)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: naftali group
- Victim Site: naftaligroup.com
38. Alleged sale of login access to 150 business shipping accounts in the USA
- Category: Initial Access
- Content: The threat actor claims to be selling 150 business shipping accounts for U.S. carriers 100 FedEx, 20 DHL, and 30 UPS containing login credentials and associated fullz (personally identifying information). Pricing tiers advertised
- Date: 2025-09-29T00:43:38Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267197/)
- Screenshots:
- Threat Actors: CrypterBTC
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
39. Bignault & Carter, LLC falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 250 GB of organization’s data including confidential client records, legal contracts, incident documentation etc.
- Date: 2025-09-29T00:38:19Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68d9a37588b6823fa2392a55)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Georgia
- Victim Industry: Law Practice & Law Firms
- Victim Organization: bignault & carter, llc
- Victim Site: bignaultandcarter.com
40. Alleged data sale of Euronature
- Category: Data Breach
- Content: Threat actor claims to be selling data of Euronature. The compromised data includes Student ID, Full names, Email, Phone, Address, DOB, Nationality, Civil Status, Contract Info, IBANs, ID cards, passports, and IBANs, etc.NB: The organization was previously breached on December 12, 2024.
- Date: 2025-09-29T00:30:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Euronature-fr-Data-Breach)
- Screenshots:
- Threat Actors: ghidra
- Victim Country: France
- Victim Industry: Professional Training
- Victim Organization: euronature
- Victim Site: euronature.fr
41. Alleged data breach of Airports of Thailand Public Company Limited (AOT)
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Airports of Thailand Public Company Limited (AOT). The compromised data includes access to the internal admin dashboard of Airports of Thailand (AOT), exposing real-time flight and passenger information, staff accounts with administrative privileges, terminal operations and incident logs, maintenance schedules, ground crew coordination details, as well as secure network mapping and infrastructure configurations.
- Date: 2025-09-29T00:21:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-2-63GB-DATABASE-AIRPORTS-OF-THILAND-AOT)
- Screenshots:
- Threat Actors: NodeSillent
- Victim Country: Thailand
- Victim Industry: Airlines & Aviation
- Victim Organization: airports of thailand public company limited (aot)
- Victim Site: airportthai.co.th