[October-1-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Bingeob 2.0 allegedly being promoted

  • Category: Alert
  • Content: A threat actor claims they have launched Bingoeb 2.0, a system that can manipulate Bing search rankings. Screenshots show they have access to the admin panel and worker nodes, letting them run large-scale automated campaigns to boost websites. The system can create positive signals in search engines and web content, meaning it can artificially improve rankings. The actor uses automated workflows to promote sites faster, which could give unfair advantages.
  • Date: 2025-10-01T14:57:50Z
  • Network: openweb
  • Published URL: (https://xss.pro/threads/143550/)
  • Screenshots:
    • Threat Actors: LSE
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

2. CLOBELSECTEAM claims to target Japan

  • Category: Alert
  • Content: A recent post by the group indicates that they are targeting Japan
  • Date: 2025-10-01T14:23:24Z
  • Network: telegram
  • Published URL: (https://t.me/c/2911263260/234)
  • Screenshots:
    • Threat Actors: CLOBELSECTEAM
  • Victim Country: Japan
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

3. Adhunik Power & Natural Resources Limited falls victim to Alpha_Locker Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 86GB of the organizations data and intends to publish it within 6-8 days.
  • Date: 2025-10-01T14:22:55Z
  • Network: tor
  • Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog)
  • Screenshots: * Threat Actors: Alpha_Locker
  • Victim Country: India
  • Victim Industry: Mining/Metals
  • Victim Organization: adhunik power & natural resources limited
  • Victim Site: adhunikpower.com

4. Miraense falls victim to Gunra Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 8 TB internal documents and 2 TB billing database which includes personal and company documents.
  • Date: 2025-10-01T14:09:48Z
  • Network: tor
  • Published URL: (http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion/)
  • Screenshots:
    • Threat Actors: Gunra
  • Victim Country: South Korea
  • Victim Industry: Energy & Utilities
  • Victim Organization: miraense
  • Victim Site: miraense.com

5. Alleged database leak of Kementerian Dalam Negeri Republik Indonesia

  • Category: Data Breach
  • Content: The threat actor claims to have leaked 32.43KB of Kementerian Dalam Negeri Republik Indonesia database. The compromised data reportedly contain no, name, nik, number of family members, occupation, address, village (nagari) and subdistrict (kecamatan).
  • Date: 2025-10-01T14:00:33Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-DATABASE-LEAKED-KEMENDAGRI)
  • Screenshots:
    • Threat Actors: M4UL1337
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: kementerian dalam negeri republik indonesia
  • Victim Site: kemendagri.go.id

6. Keystone solutions group falls victim to Akira Ransomware

  • Category: Ransomware
  • Content: The group claims to have exfiltrated over 65GB of sensitive data from the organization. The stolen information allegedly includes financial data, invoices, employees and customers information (passports, driver’s license, Social Security Numbers, emails, phones) confidential information, NDAs and other documents with detailed personal information.
  • Date: 2025-10-01T13:47:31Z
  • Network: tor
  • Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
  • Screenshots:
    • Threat Actors: akira
  • Victim Country: USA
  • Victim Industry: Medical Equipment Manufacturing
  • Victim Organization: keystone solutions group
  • Victim Site: keystone-pd.com

7. Autohaus Walter Malin GmbH falls victim to Chaos Ransomware

8. Autohaus Walter Malin GmbH falls victim to Chaos Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained corporate data including contracts, confidential documents, financial records, customer information, HR data, and internal service documentation.
  • Date: 2025-10-01T13:39:15Z
  • Network: tor
  • Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/list)
  • Screenshots:
    • Threat Actors: CHAOS
  • Victim Country: Austria
  • Victim Industry: Automotive
  • Victim Organization: autohaus walter malin gmbh
  • Victim Site: autohaus-malin.at

9. DigitalStormSec targets the website of Mazil Pharmacy

  • Category: Defacement
  • Content: The group claims to have defaced the website of Mazil Pharmacy.
  • Date: 2025-10-01T13:38:44Z
  • Network: telegram
  • Published URL: (https://t.me/c/2527455775/588)
  • Screenshots:
    • Threat Actors: DigitalStormSec
  • Victim Country: Tanzania
  • Victim Industry: Healthcare & Pharmaceuticals
  • Victim Organization: mazil pharmacy
  • Victim Site: mazilpharmacy.co.tz

10. Cholakyan Chiropractic falls victim to INC Ransom Ransomware

11. Alleged unauthorized access to unidentified Building Management System Integrated with LINE, Taiwan

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to a unidentified building management system (BMS) in Taiwan, integrated with the LINE messaging app.
  • Date: 2025-10-01T13:23:15Z
  • Network: telegram
  • Published URL: (https://t.me/Z_ALLIANCE/799)
  • Screenshots: * Threat Actors: Z-PENTEST ALLIANCE
  • Victim Country: Taiwan
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

12. ICC Northwest falls victim to INC RANSOM Ransomware

13. Climatron falls victim to INC RANSOM Ransomware

14. KillServer Team targets the website of Abbaye de Villers-la-Ville asbl

  • Category: Defacement
  • Content: The group, in collaboration with LunarisSec, claims to have defaced the website of Abbaye de Villers-la-Ville asbl.
  • Date: 2025-10-01T13:06:28Z
  • Network: telegram
  • Published URL: (https://t.me/KillServerTeam/18)
  • Screenshots:
    • Threat Actors: KillServer Team
  • Victim Country: Belgium
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: abbaye de villers-la-ville asbl
  • Victim Site: centredoc.villers.be

15. Cholakyan Chiropractic falls victim to INC Ransom Ransomware

16. ICC Northwest falls victim to INC RANSOM Ransomware

17. Heritage Communications Inc falls victim to INC RANSOM Ransomware

18. KillServer Team claims to target Moldova and Romania

  • Category: Alert
  • Content: A recent post by the group indicates that they are targeting Moldova and Romania.
  • Date: 2025-10-01T12:03:40Z
  • Network: telegram
  • Published URL: (https://t.me/KillServerTeam/15)
  • Screenshots:
    • Threat Actors: KillServer Team
  • Victim Country: Moldova
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

19. Alleged data breach of DepEd Schools Division Office of Samar

  • Category: Data Breach
  • Content: Threat actor claims to have leaked 37K database from DepEd Schools Division Office of Samar. The breach allegedly includes Employee No, last name,first name,middle name, position title,level taught,birthdate,current age,date of original appointment,date of last promotion, start step date, and years in service.
  • Date: 2025-10-01T11:39:12Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-PHILIPPINES-DEPED-SAMAR-DATA-LEAK)
  • Screenshots: * Threat Actors: Quantum_Security_Group
  • Victim Country: Philippines
  • Victim Industry: Education
  • Victim Organization: deped schools division office of samar
  • Victim Site: depedsamardivision.site

20. Alleged data breach of Hathi jobs

  • Category: Data Breach
  • Content: The threat actor claims to have breached the organization’s database. the breached data includes ID, user login, pass, name, email, url, registered user, activation key and display name.
  • Date: 2025-10-01T11:24:28Z
  • Network: openweb
  • Published URL: (https://xss.pro/threads/143547/)
  • Screenshots:
    • Threat Actors: Yrrrr
  • Victim Country: India
  • Victim Industry: Staffing/Recruiting
  • Victim Organization: hathi jobs
  • Victim Site: hathijobs.com

21. Alleged data breach of Moroccan Auxiliary Forces

  • Category: Data Breach
  • Content: The threat actor claimed to leak a 100K database from Moroccan Auxiliary Forces.
  • Date: 2025-10-01T11:18:49Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-MOROCCO-AUXILIARY-FORCES-FULL-DB-100K-ROWS)
  • Screenshots:
    • Threat Actors: Jabaroot
  • Victim Country: Morocco
  • Victim Industry: Government Administration
  • Victim Organization: moroccan auxiliary forces
  • Victim Site: recrutement.fa.gov.ma

22. Alleged data breach of Quezon City Public Library

  • Category: Data Breach
  • Content: Threat actor claims to have leaked databases of Quezon City Public Library.
  • Date: 2025-10-01T10:51:09Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Quezon-City-Public-Library-Leak)
  • Screenshots:
    • Threat Actors: S3AB4ND1TS
  • Victim Country: Philippines
  • Victim Industry: Library
  • Victim Organization: quezon city public library
  • Victim Site: qcpl.quezoncity.gov.ph

23. Alleged data breach of Industrial and Services Technology High School No. 155 “Ricardo Flores Magón”

  • Category: Data Breach
  • Content: The threat actor claimed to leak a database from CBTIS 155, a Mexican educational institution. age, sex,marital status, home phone,cell phone,email,alternate email,institutional email password,state of birth,state of birth etc.
  • Date: 2025-10-01T10:40:41Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-FULL-DATABASE-ALUMNOS-CBTIS-155)
  • Screenshots:
    • Threat Actors: superioridade
  • Victim Country: Mexico
  • Victim Industry: Education
  • Victim Organization: industrial and services technology high school no. 155 “ricardo flores magón”
  • Victim Site: cbtis155.edu.mx

24. Alleged data breach of Host Expert

  • Category: Data Breach
  • Content: The group claims to have leaked the data from Host Expert. The compromised data reportedly include emails, passwords, and other data.
  • Date: 2025-10-01T10:35:25Z
  • Network: telegram
  • Published URL: (https://t.me/perunswaroga/576)
  • Screenshots:
    • Threat Actors: Perun Svaroga
  • Victim Country: Romania
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: host expert
  • Victim Site: host-expert.ro

25. BABAYO EROR SYSTEM targets the website of Thanh Dat Real Estate

  • Category: Defacement
  • Content: The group claims to have defaced the website of Thanh Dat Real Estate.
  • Date: 2025-10-01T10:17:19Z
  • Network: telegram
  • Published URL: (https://t.me/c/2532663346/42)
  • Screenshots:
    • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: Vietnam
  • Victim Industry: Real Estate
  • Victim Organization: thanh dat real estate
  • Victim Site: thanhdatbds.net

26. Alleged leak of Chinese citizen and government database

27. BABAYO EROR SYSTEM target the website of Messages of Hope International Ministries Inc

  • Category: Defacement
  • Content: The group claims to have defaced the website of Messages of Hope International Ministries Inc.
  • Date: 2025-10-01T09:51:36Z
  • Network: telegram
  • Published URL: (https://t.me/c/2532663346/39)
  • Screenshots:
    • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: USA
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: messages of hope international ministries inc
  • Victim Site: mohiminc.org

28. Alleged Leak of Israel Defense Forces

  • Category: Data Breach
  • Content: Threat actor claims to have leaked 2.25GB document allegedly sourced from the Israel Defense Forces (IDF), containing personal and identity cards.
  • Date: 2025-10-01T09:50:29Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Document-2-25GB-IDF-ISRAEL-DOCUMENT)
  • Screenshots: * Threat Actors: INDOHAXSEC
  • Victim Country: Israel
  • Victim Industry: Defense & Space
  • Victim Organization: israel defense forces
  • Victim Site: idf.il

29. Alleged Leak of Secure Agent Leads Customer Data

  • Category: Data Breach
  • Content: The threat actor claims to be leaked a database that allegedly contains 200,000 US full names, addresses, and phone numbers sourced from Secure Agent Leads .The database includes detailed customer information such as FirstName, LastName, Address, City, State, ZipCode, and CellPhone.
  • Date: 2025-10-01T09:18:05Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/267345/)
  • Screenshots:
    • Threat Actors: CrypterBTC
  • Victim Country: USA
  • Victim Industry: Marketing, Advertising & Sales
  • Victim Organization: secure agent leads
  • Victim Site: secureagentleads.com

30. Alleged data sale of Agence Nationale des Titres Sécurisés (ANTS)

  • Category: Data Breach
  • Content: The threat actor claims to be selling 127 M record data from the Agence Nationale des Titres Sécurisés.The compromised data reportedly contains personal information including names, addresses, dates of birth, email addresses, phone numbers and other contact details. NB: This data was previously breached by Angel_Batista on March 22, 2025 and placenta on june 21 2025.
  • Date: 2025-10-01T09:06:46Z
  • Network: telegram
  • Published URL: (https://t.me/rubiconh4ckss/92)
  • Screenshots:
    • Threat Actors: Rubicon
  • Victim Country: France
  • Victim Industry: Government Administration
  • Victim Organization: agence nationale des titres sécurisés
  • Victim Site: mairie.ants.gouv.fr

31. NOTCTBER404 claims to target Thailand

  • Category: Alert
  • Content: A recent post by the group indicates that they are targeting Thailand.
  • Date: 2025-10-01T08:38:13Z
  • Network: telegram
  • Published URL: (https://t.me/notctber404/1282)
  • Screenshots:
    • Threat Actors: NOTCTBER404
  • Victim Country: Thailand
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

32. Alleged unauthorized access to PharmEvo Private Limited

  • Category: Initial Access
  • Content: The group claims to have gained access to PharmEvo Private Limited.
  • Date: 2025-10-01T08:25:51Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/1799)
  • Screenshots:
    • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Pakistan
  • Victim Industry: Healthcare & Pharmaceuticals
  • Victim Organization: pharmevo private limited
  • Victim Site: pharmevo.biz

33. Alleged data leak of Amazon

34. Alleged unauthorized access to unidentified WebMethods Integration Server in Taiwan

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized administrative access to an unidentified WebMethods Integration Server in Taiwan.
  • Date: 2025-10-01T07:24:01Z
  • Network: telegram
  • Published URL: (https://t.me/c/3019913760/177)
  • Screenshots: * Threat Actors: AL-MUJAHIDEEN FORCE 313
  • Victim Country: Taiwan
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

35. Lafayette Materials Management Co., Inc. falls victim to INC RANSOM Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained approximately 80.44 GB of organization’s data including contracts, confidential documents, financial data, customer information, HR records, and incident reports.
  • Date: 2025-10-01T06:54:28Z
  • Network: tor
  • Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68dc9c2bfa0b6f4bdf956036)
  • Screenshots: * Threat Actors: INC RANSOM
  • Victim Country: USA
  • Victim Industry: Furniture
  • Victim Organization: lafayette materials management co., inc. (lammco)
  • Victim Site: lammco.net

36. Lafayette Materials Management Co., Inc. (LAMMCO) falls victim to INC RANSOM Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained approximately 80.4 GB of organization’s data including contracts, confidential documents, financial data, customer information, HR records, and incident reports.
  • Date: 2025-10-01T06:49:13Z
  • Network: tor
  • Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68dc9c2bfa0b6f4bdf956036)
  • Screenshots: * Threat Actors: INC RANSOM
  • Victim Country: USA
  • Victim Industry: Furniture
  • Victim Organization: lafayette materials management co., inc. (lammco)
  • Victim Site: lammco.net

37. Alleged data breach of Globo.Tech Communications

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Globo.Tech Communications.
  • Date: 2025-10-01T06:23:52Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Source-Code-Globo-Tech-Data-Leaked-Download)
  • Screenshots: * Threat Actors: KaruHunters
  • Victim Country: Canada
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: globo.tech communications
  • Victim Site: globo.tech

38. GARUDA ERROR SYSTEM to target the website of Smart Kids Abacus

  • Category: Defacement
  • Content: The group claims to have deface the website of Smart Kids Abacus.
  • Date: 2025-10-01T06:23:23Z
  • Network: telegram
  • Published URL: (https://t.me/c/2004556114/2052)
  • Screenshots:
    • Threat Actors: GARUDA ERROR SYSTEM
  • Victim Country: India
  • Victim Industry: Education
  • Victim Organization: smart kids abacus
  • Victim Site: smartkidsabacus.in

39. Alleged leak of Chinese citizens database

40. Alleged data breach of Judicial Branch of the Nation, Argentina

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Judicial Branch of the Nation, Argentina. The compromised data includes documents such as passports, id cards, etc.
  • Date: 2025-10-01T06:13:12Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Document-Documents-of-the-Judicial-Branch-of-Argentina)
  • Screenshots: * Threat Actors: HvcKMvsoneria33
  • Victim Country: Argentina
  • Victim Industry: Judiciary
  • Victim Organization: judicial branch of the nation
  • Victim Site: pjn.gov.ar

41. Smiles By Steedman falls victim to Space Bears Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained the organization’s data, which includes: patients personal details, medical histories, internal company network databases, financial records, and other confidential documents. They intend to publish the data within 6–7 days.
  • Date: 2025-10-01T05:46:30Z
  • Network: tor
  • Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/)
  • Screenshots:
    • Threat Actors: Space Bears
  • Victim Country: USA
  • Victim Industry: Hospital & Health Care
  • Victim Organization: smiles by steedman
  • Victim Site: smilesbysteedman.com

42. Alleged data breach of Lorenzo Ruiz de Manila School

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Lorenzo Ruiz de Manila School.
  • Date: 2025-10-01T05:46:25Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-LEAKED-LORENZO-DE-MANILA-SCHOOL)
  • Screenshots:
    • Threat Actors: nostra
  • Victim Country: Philippines
  • Victim Industry: Education
  • Victim Organization: lorenzo ruiz de manila school
  • Victim Site: lorenzoruiz.edu.ph

43. Alleged breach of Nobis Medical

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a SQL database containing sensitive data from Nobis Medical, Argentina. The exposed data reportedly includes credentials, full names, dates of birth, physical addresses, email addresses, phone numbers etc.
  • Date: 2025-10-01T05:46:16Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-417-585k-Argentina-Database-Nobis-Medical)
  • Screenshots:
    • Threat Actors: rufus
  • Victim Country: Argentina
  • Victim Industry: Individual & Family Services
  • Victim Organization: nobis medical
  • Victim Site: nobis.com.ar

44. Alleged data breach of Omint

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Omint. The compromised data includes credentials, ID, emails and phone numbers.
  • Date: 2025-10-01T05:12:24Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-3-066-713M-Argentina-Database-Omint)
  • Screenshots:
    • Threat Actors: rufus
  • Victim Country: Brazil
  • Victim Industry: Hospital & Health Care
  • Victim Organization: omint
  • Victim Site: omint.com.br

45. Alleged data leak of Indonesian Government

  • Category: Data Breach
  • Content: Threat actor claims to have leaked 150,000 rows of sensitive data of Indonesian Government including full names, official emails, internal phone numbers, positions, departments, and password hashes.
  • Date: 2025-10-01T04:50:19Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DUMPMY-Kementerian-A)
  • Screenshots:
    • Threat Actors: millukizoldyck
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: Unknown
  • Victim Site: Unknown

46. Alleged data breach of Gobierno de la Provincia de Buenos Aires

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Gobierno de la Provincia de Buenos Aires, the provincial government of Buenos Aires, Argentina. The leaked dataset is said to originate from a SQL database and reportedly contains personal, operational, and credential information for government-associated individuals and records.
  • Date: 2025-10-01T04:46:53Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-798-872k-Argentina-Database-Defunciones-Provincia-de-Buenos-Aires)
  • Screenshots:
    • Threat Actors: rufus
  • Victim Country: Argentina
  • Victim Industry: Government Administration
  • Victim Organization: defunciones provincia de buenos aires
  • Victim Site: gba.gob.ar

47. Alleged data breach of Leannec

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Leannec. The compromised data includes credentials, ID, emails and phone numbers.
  • Date: 2025-10-01T04:40:21Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-453-651k-Argentina-Database-Leannec)
  • Screenshots:
    • Threat Actors: rufus
  • Victim Country: Argentina
  • Victim Industry: Hospital & Health Care
  • Victim Organization: leannec
  • Victim Site: Unknown

48. Ideal Bathrooms & Tiles falls victim to INC RANSOM Ransomware

49. Alleged data breach of Hospital Italiano de Buenos Aires

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Hospital Italiano de Buenos Aires. The compromised data includes credentials, ID, emails and phone numbers.
  • Date: 2025-10-01T04:34:38Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-613-274k-Argentina-Database-Hospital-Italiano)
  • Screenshots:
    • Threat Actors: rufus
  • Victim Country: Argentina
  • Victim Industry: Hospital & Health Care
  • Victim Organization: hospital italiano de buenos aires
  • Victim Site: hospitalitaliano.org.ar

50. Alleged data leak of Spain ID Cards

51. Alleged data breach of Mudrex

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Mudrex. The compromised data includes email, phone number, first name, last name, username, city, etc.
  • Date: 2025-10-01T03:57:39Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Indian-crypto-exchange)
  • Screenshots:
    • Threat Actors: B51ndi
  • Victim Country: India
  • Victim Industry: Financial Services
  • Victim Organization: mudrex
  • Victim Site: mudrex.com

52. Alleged leak of Logins.zip

  • Category: Malware
  • Content: Threat actor claims to have leaked access to distribution of Logins.zip, a web-based infostealer builder that harvests browser credentials, cookies, Discord/Roblox tokens, and payment data, and advertises rapid decryption, tiny stubs, and EDR evasion.
  • Date: 2025-10-01T03:31:46Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-https-logins-zip-WEB-BASED-BUILDER-CHROMIUM-0DAY-12s-EXECTUTION-TIME–51044)
  • Screenshots: * Threat Actors: int
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

53. Alleged data leak of PAMI login credentials

  • Category: Data Breach
  • Content: Threat actor claims to have leaked login credentials from PAMI.
  • Date: 2025-10-01T03:21:51Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-CUP-PAMI-LOGINS-ARGENTINA)
  • Screenshots:
    • Threat Actors: CataLeyaPRE
  • Victim Country: Argentina
  • Victim Industry: Hospital & Health Care
  • Victim Organization: pami
  • Victim Site: cup.pami.org.ar

54. Alleged leak of ZeroTrace Stealer 13

  • Category: Malware
  • Content: Threat actor claims to have leaked ZeroTrace Stealer 13, a sophisticated infostealer malware that targets browsers such as Chrome, Edge, and Firefox to extract passwords, cookies, session tokens, autofill data, and system information.
  • Date: 2025-10-01T01:49:27Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Source-Code-ZeroTrace-Stealer-13)
  • Screenshots: * Threat Actors: dimexor4381
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

55. North America Construction Ltd. falls victim to INC RANSOM Ransomware

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats.

Data breaches and ransomware attacks are prominent, affecting various sectors from education and government administration to healthcare and financial services, and impacting countries including the USA, India, Philippines, Argentina, China, Indonesia, and Mexico. The compromised data ranges from personal user information, employee records, and identity cards to patient records, financial data, and large internal corporate databases.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to building management systems and corporate networks in Taiwan and a pharmaceutical company in Pakistan.

The sale and distribution of malware, including infostealers (Logins.zip, ZeroTrace Stealer 13) and DDos tools, further underscores the availability of offensive capabilities in the cyber underground. Additionally, multiple defacement incidents were recorded, primarily targeting organizational websites.

The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts