[September-30-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Payouts King Ransomware group adds an unknown victim (L****s)

2. Alleged access sale of PayTrace

  • Category: Initial Access
  • Content: The threat actor claims to be selling access to the PayTrace system, the listing includes screenshots showing a functional Dashboard and forms that allow for the manual input of full card details, including the Credit Card Number, CVV, Expiry Date, and Billing Code for a “Key Entry Card.”
  • Date: 2025-09-30T13:41:56Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/267294/)
  • Screenshots:
  • Threat Actors: che_guevara
  • Victim Country: USA
  • Victim Industry: Financial Services
  • Victim Organization: paytrance
  • Victim Site: paytrace.net

3. Alleged unauthorized access to unidentified air conditioning control system of manufacturing facility in UK

4. Burke Contracting falls victim to akira ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 292GB of corporate data from Burke Contracting, including personal information of employees, founders, and upper management such as W9 forms with full names, dates of birth, addresses, emails, and phone numbers, financial records including credit card details, customer information, NDAs, and other sensitive documents.
  • Date: 2025-09-30T13:21:08Z
  • Network: tor
  • Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
  • Screenshots:
  • Threat Actors: akira
  • Victim Country: USA
  • Victim Industry: Building and construction
  • Victim Organization: burke contracting llc
  • Victim Site: burkecontractingllc.com

5. Priester Aviation falls victim to Akira Ransomware

6. Louisiana Fish Fry Products falls victim to akira ransomware

7. Akira ransomware targets multiple organizations

  • Category: Ransomware
  • Content: The group claims to have targeted multiple organizations that were clients of the victim, including Davis Research, Jamerson & Bauwens, Clawson Honda of Fresno, Advance Retail Technology, Applejack Wine & Spirits, and Jones-McLeod, stating that the compromise occurred through their relationship with the victim.

NB: The authenticity of the post is yet to be verified.

8. Midwest Industries Inc falls victim to akira ransomware

9. Lasse Larsen Huse falls victim to akira ransomware

10. Hibbs ElectroMechanical, Inc. falls victim to Akira Ransomware

11. Kaestle Boos Associates, Inc. falls victim to Akira Ransomware

12. Alleged databreach of SuperEd Pty Ltd

13. Turf Care Products Canada falls victim to akira ransomware

14. Bugnard SA falls victim to akira ransomware

15. Sueba USA Corporation falls victim to akira ransomware

16. Sinco, Inc. falls victim to Akira Ransomware

17. Kabs PolsterWelt falls victim to akira ransomware

18. Von Paris Moving & Storage falls victim to akira ransomware

19. Pawling Corporation falls victim to Akira Ransomware

20. KIP Ingenieure und Planer AG falls victim to akira ransomware

21. Tom Duffy Company falls victim to Akira Ransomware

22. Apex CoVantage falls victim to akira ransomware

23. Alleged unauthorized access to unidentified water treatment and filtration plant in Spain

24. HellR00ters Team targets multiple Indian websites

  • Category: Defacement
  • Content: Group claims to have defaced multiple Indian websites.

Mirror Link :- https://zone-xsec.com/mirror/id/741091 https://zone-xsec.com/mirror/id/741092 https://zone-xsec.com/mirror/id/741093 https://zone-xsec.com/mirror/id/741094 https://zone-xsec.com/mirror/id/741095 https://zone-xsec.com/mirror/id/741096 https://zone-xsec.com/mirror/id/741097 https://zone-xsec.com/mirror/id/741098 https://zone-xsec.com/mirror/id/741099 https://zone-xsec.com/mirror/id/741100 https://zone-xsec.com/mirror/id/741101 https://zone-xsec.com/mirror/id/741102 https://zone-xsec.com/mirror/id/741103 https://zone-xsec.com/mirror/id/741104 https://zone-xsec.com/mirror/id/741105 https://zone-xsec.com/mirror/id/741106 https://zone-xsec.com/mirror/id/741107 https://zone-xsec.com/mirror/id/741108

25. FANATIX LEGION targets the website of Cosmic Soulsound

  • Category: Defacement
  • Content: The threat actor claims to have defaced the website of Cosmic Soulsound.

Mirror Link: https://zone-xsec.com/search/q=Bnzet

26. FANATIX LEGION targets the website of backup.skin-like-cleopatra

  • Category: Defacement
  • Content: The threat actor claims to have defaced the website of backup.skin-like-cleopatra.

Mirror Link: https://zone-xsec.com/search/q=Bnzet

27. Alleged Unauthorized Access to Shimao Agricultural Biotech Co., Ltd.

28. AZPRO falls victim to J group Ransomware

  • Category: Ransomware
  • Content: Group posted an unidentified victim, (a********p.com), on August 13, 2025

Update:

On September 29th, they revealed the full domain name and made available to download.

29. Alleged data sale of Avalara, Inc.

30. Medical Computer Business Services falls victim to PEAR Ransomware

31. USB Memory Direct falls victim to STORMOUS Ransomware

32. Alleged leak of Delhi Police Personally Identifiable Information data

  • Category: Data Breach
  • Content: The threat actor claims to have leaked the Personally Identifiable Information (PII) of 38 Delhi Police personnel. The compromised data reportedly includes personal and sensitive information such as name, father’s name, date of birth, address, residency period, district, police station, nationality, Aadhaar number, email ID, mobile number, organization name, organization address, and additional phone numbers.
  • Date: 2025-09-30T07:36:54Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Document-30x-delhipolice-gov.in-PII)
  • Screenshots:
  • Threat Actors: Purple0piOd
  • Victim Country: India
  • Victim Industry: Law Enforcement
  • Victim Organization: delhi police
  • Victim Site: delhipolice.gov.in

33. Alleged Leak of access to Department of Lands and Surveys

34. Alleged leak of Cambodia database

35. Alleged leak of Indian citizens and companies database

36. Alleged data leak of Dinas Kesehatan Provinsi Sulawesi Tengah

37. Alleged data leak of Google

38. Alleged sale of crypto wallet exploits and malware tools

  • Category: Malware
  • Content: The threat actor has been observed promoting a range of malicious tools on underground forums targeting cryptocurrency platforms and users. The offerings include wallet brute forcers capable of extracting seed phrases from logs, TRC20 and TronLink wallet drainers, and spoofers for Ledger and Trezor applications designed to steal private keys. Additional tools listed are automatic withdrawal bots for ERC20/TRC20 tokens, a Kraken VM for high-speed operations, and an AIO mailer with built-in bypasses for major email providers. The actor is also selling malware such as seed stealers, keyloggers, and loaders for remote command execution. Sales and inquiries are being directed through Telegram.
  • Date: 2025-09-30T06:23:12Z
  • Network: openweb
  • Published URL: (https://forum.duty-free.cc/threads/1310/)
  • Screenshots:
  • Threat Actors: DFGSSDFGSGSAGDFDSG
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

39. Alleged data leak of Salvex

40. Alleged data breach of Akulaku

41. Alleged leak of Volkswagen Group database

42. INDOHAXSEC claims to target Several Israeli Government Agency Companies

43. Alleged data breach of General Motors

44. Allegedly leaked Russian Defense documents

45. Alleged data breach of Zeelab Pharmacy

46. Alleged leak of Audi database

47. Alleged data leak of Samsung database

48. Alleged leak of UK database

49. Alleged data breach of RV Institute of Management (RVIM)

  • Category: Data Breach
  • Content: The threat actor Purple0piOd claims to have leaked databases from the RV Institute of Management in Bangalore, India. The leaked data includes finance-related student application fee approvals, admission test candidate details, and application form analytics, totaling over 570 records with personally identifiable information such as names, emails, phone numbers, and registration data.
  • Date: 2025-09-30T04:25:26Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-Rv-Institute-of-Management-567x)
  • Screenshots:
  • Threat Actors: Purple0piOd
  • Victim Country: India
  • Victim Industry: Higher Education/Acadamia
  • Victim Organization: rv institute of management (rvim)
  • Victim Site: rvim.edu.in

50. Alleged data leak of Australian private channel database

  • Category: Data Breach
  • Content: ChatGPT said:

The threat actor claims to have leaked an Australian private channel database containing 10.2 million rows of data, totaling 4.5 GB.

51. Alleged data leak of Global iPhone database

52. Mobydick Asset Management Co., Ltd. falls victim Qilin Ransomware

53. Alleged data leak of Israeli Phone Numbers

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database containing 15,000 active Israeli phone numbers, along with organization names, countries, industries, and associated websites, in protest against alleged corruption and human-rights violations.
  • Date: 2025-09-30T03:04:20Z
  • Network: telegram
  • Published URL: (https://t.me/VFCTeam/189)
  • Screenshots:
  • Threat Actors: V FOR VENDETTA CYBER TEAM
  • Victim Country: Israel
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

54. Alleged sale of unauthorized access to an unidentified telecommunication company

55. Alleged data breach of Plan Ceibal

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks, predominantly by the Akira group, are highly active, targeting numerous organizations across various industries like Building and Construction, Airlines & Aviation, and Manufacturing in the USA, Denmark, Canada, Germany, and Switzerland, claiming to have exfiltrated large volumes of corporate and personal data, including financial records, employee PII, and client information. Other ransomware groups like Payouts King, PEAR, STORMOUS, J group, and Qilin have also claimed victims, including Medical Computer Business Services and Mobydick Asset Management.

Data Breaches and leaks are also highly prominent, affecting a wide range of sectors and geographies. Notable leaks include:

  • Large citizen/company databases allegedly from India (230M rows) and Cambodia (203M rows) and a UK database (43M rows).
  • Major automotive manufacturers like General Motors, Volkswagen AG, and Audi AG (all by threat actor Yees8733).
  • Tech giants like Google and Samsung.
  • Financial services companies, including Avalara, Inc., SuperEd Pty Ltd, and Southeast Asian fintech Akulaku (32.6M login records).
  • Sensitive PII leaks of Delhi Police personnel and an Israeli Phone Numbers database.
  • Government program data from Plan Ceibal in Uruguay and health biodata from Dinas Kesehatan Provinsi Sulawesi Tengah in Indonesia.

Furthermore, Initial Access sales continue to be advertised, targeting organizations in Financial Services (PayTrace), Government Administration (Department of Lands and Surveys), and other industrial sectors, including alleged breaches of an air conditioning control system in the UK and a water treatment plant in Spain. Lastly, the report also notes the availability and sale of Malware tools, such as crypto wallet exploits and specialized hacking tools, and minor Defacement activity targeting Indian and Austrian websites.

These incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.

Related Posts