This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged sale of access to unidentified company from Chile
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized domain admin access to an unidentified organization from Chile. The compromised domain reportedly contains over 70 personal computers and revenue of 17 million.
- Date: 2025-10-06T22:25:16Z
- Network: openweb
- Published URL: (https://forum.duty-free.cc/threads/1356/)
- Screenshots:
- Threat Actors: random
- Victim Country: Chile
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Clifford Paper Inc falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 34 GB of the organization’s data.
- Date: 2025-10-06T21:54:02Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9e6fc52e-13a2-397e-919b-9d5c76ff7dc9)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Paper & Forest Products
- Victim Organization: clifford paper inc
- Victim Site: cliffordpaper.com
- Alleged sale of N-Day vulnerability for Oracle E-Businesses
- Category: Vulnerability
- Content: The threat actor claims to be selling N-Day vulnerability for Oracle E-Businesses Suite. This vulnerability is remotely exploitable without authentication.
- Date: 2025-10-06T21:38:01Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267682/
- Screenshots:
- Threat Actors: Parallax
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- AES Clean Technology falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information and etc.
- Date: 2025-10-06T21:04:07Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=YN8dDrGDYBCEii)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: aes clean technology
- Victim Site: aesclean.com
- Dataforth Corporation falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish it within 3-4 days.
- Date: 2025-10-06T20:53:56Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=M1NxKDIdX0AhUz)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: dataforth corporation
- Victim Site: dataforth.com
- Markus Schramm, Rechtsanwalt und Steuerberater falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-06T20:34:21Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=cea07cef-9ebd-32c0-8a2b-6c582f20faa9)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/fc4126ad-5259-461a-b4de-344b6c7bf18c.png
- https://d34iuop8pidsy8.cloudfront.net/b23c9259-8465-4acf-bdd5-fc2968ffdc84.png
- https://d34iuop8pidsy8.cloudfront.net/5d490435-e356-4bb4-809e-426ffd7c4cf1.png
- https://d34iuop8pidsy8.cloudfront.net/67cd7aee-5042-4fb2-8ff0-02bda0354891.png
- Threat Actors: Qilin
- Victim Country: Germany
- Victim Industry: Law Practice & Law Firms
- Victim Organization: markus schramm, rechtsanwalt und steuerberater
- Victim Site: kanzlei-schramm.com
- Rogue Valley Door falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 830 GB of organization’s data including Confidential data, Financial data, Contracts. They intend to publish it within 3-4 days.
- Date: 2025-10-06T20:26:01Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e418cb88b6823fa2601bd2)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: rogue valley door
- Victim Site: roguevalleydoor.com
- Law Offices of James Scott Farrin falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 700 Gb of organization’s data including Customer’s data, Confidential files and Contracts. They intend to publish it within 3-4 days.
- Date: 2025-10-06T20:19:16Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e419e588b6823fa2601fc9)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: law offices of james scott farrin
- Victim Site: farrin.com
- BANGLADESH CYBER FORCE targets the website of Darussalam Government Secondary School
- Category: Defacement
- Content: The group claims to have deface the website of Darussalam Government Secondary School.
- Date: 2025-10-06T20:04:44Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: darussalam government secondary school
- Victim Site: dsgss.edu.bd
- BANGLADESH CYBER FORCE targets the website of Aerial Swarnamoyee High School
- Category: Defacement
- Content: The group claims to have deface the website of Aerial Swarnamoyee High School.
- Date: 2025-10-06T20:00:50Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: aerial swarnamoyee high school
- Victim Site: ashighschool.edu.bd
- Alleged Unauthorized Access to IMPIANTO IDRICO SINOPOLI SCADA System
- Category: Initial Access
- Content: The threat actor claims to have accessed and taken control of the SCADA system of Impianto Idrico Sinopoli, a municipal water treatment and distribution facility in Sinopoli, Italy, responsible for managing the collection, purification, and supply of clean water to the local community.
- Date: 2025-10-06T19:58:06Z
- Network: telegram
- Published URL: https://t.me/H3yder_N3ex/455
- Screenshots:
- Threat Actors: Hider_Nex
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- BANGLADESH CYBER FORCE targets the website of United Model High School
- Category: Defacement
- Content: The group claims to have deface the website of United Model High School.
- Date: 2025-10-06T19:57:02Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: united model high school
- Victim Site: unitedmodelhighschool.edu.bd
- NurtureCare falls victim to kairos Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 192 GB of the organization’s data and intends to publish it within 7-8 days.
- Date: 2025-10-06T19:52:26Z
- Network: tor
- Published URL: (http://nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion/detail/?code=www-nurturecare-com-usa-192gb)
- Screenshots:
- Threat Actors: Kairos
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: nurturecare
- Victim Site: nurturecare.com
- BANGLADESH CYBER FORCE targets the website of Rajanagar Syedpur Union High School
- Category: Defacement
- Content: The group claims to have deface the website of Rajanagar Syedpur Union High School.
- Date: 2025-10-06T19:46:31Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: rajanagar syedpur union high school
- Victim Site: rajanagarsyedpurunionhighschool.edu.bd
- BANGLADESH CYBER FORCE targets the website of Mokamia High School
- Category: Defacement
- Content: The group claims to have deface the website of Mokamia High School.
- Date: 2025-10-06T19:43:22Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: mokamia high school
- Victim Site: mkahighschool.edu.bd
- BANGLADESH CYBER FORCE targets the website of Hajee Shariat Ullah Adarshsa High School
- Category: Defacement
- Content: The group claims to have deface the website of Hajee Shariat Ullah Adarshsa High School.
- Date: 2025-10-06T19:38:59Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: hajee shariat ullah adarshsa high school
- Victim Site: hajisamsherahs.edu.bd
- BANGLADESH CYBER FORCE targets the website of BIAM Model School and College
- Category: Defacement
- Content: The group claims to have deface the website of BIAM Model School and College.
- Date: 2025-10-06T19:35:25Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Higher Education/Acadamia
- Victim Organization: biam model school and college
- Victim Site: bmhsdhaka.edu.bd
- BANGLADESH CYBER FORCE targets the website of Rupnagar Government Secondary School
- Category: Defacement
- Content: The group claims to have deface the website of Rupnagar Government Secondary School.
- Date: 2025-10-06T19:31:34Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: rupnagar government secondary school
- Victim Site: rgss.edu.bd
- BANGLADESH CYBER FORCE targets the website of Ahsania Mission College
- Category: Defacement
- Content: The group claims to have deface the website of Ahsania Mission College.
- Date: 2025-10-06T19:24:27Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Higher Education/Acadamia
- Victim Organization: ahsania mission college
- Victim Site: ahs2003.edu.bd
- Alleged sale of personal information of Chinese citizens living in the UK
- Category: Data Breach
- Content: Threat actor claims to be selling leaked personal information of Chinese citizens living in the UK. The compromised data reportedly contains 20,000 records from year 2025, includes firstname, lastname, mobile phone, address, city, state, zipcode, and country.
- Date: 2025-10-06T19:20:07Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-20K-PERSONAL-INFORMATION-DATA-OF-CHINESE-PEOPLE-LIVING-IN-UK)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- BANGLADESH CYBER FORCE targets the website of Syed Kutub Jalal Model High School
- Category: Defacement
- Content: The group claims to have deface the website of Syed Kutub Jalal Model High School.
- Date: 2025-10-06T19:18:54Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: syed kutub jalal model high school
- Victim Site: skmh.edu.bd
- BANGLADESH CYBER FORCE targets the website of Bangladesh University
- Category: Defacement
- Content: The group claims to have deface the website of Bangladesh University.
- Date: 2025-10-06T19:15:03Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Higher Education/Acadamia
- Victim Organization: bangladesh university
- Victim Site: bbuhs.edu.bd
- Alleged sale of 140 million combo list from UK
- Category: Combo List
- Content: Threat actor claims to be selling 140 million email and password combo lists from UK.
- Date: 2025-10-06T19:11:23Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UNITED-KINGDOM-140-MILLION-COMBOLIST-EMAIL-PASS)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- BANGLADESH CYBER FORCE targets the website of Shamsul Hoque Khan School and College
- Category: Defacement
- Content: The group claims to have deface the website of Shamsul Hoque Khan School and College.
- Date: 2025-10-06T19:10:33Z
- Network: telegram
- Published URL: https://t.me/bangladesh_cyber_force_bd/37
- Screenshots:
- Threat Actors: BANGLADESH CYBER FORCE
- Victim Country: Bangladesh
- Victim Industry: Higher Education/Acadamia
- Victim Organization: shamsul hoque khan school and college
- Victim Site: khsac.edu.bd
- Alleged sale of personal data of sports betting players from UK
- Category: Data Breach
- Content: Threat actor claims to be selling leaked personal information of sports betting players from UK. The compromised data reportedly contains 60,000 records from year 2025, including firstname, lastname, email, address, city, state, zipcode, and phone.
- Date: 2025-10-06T19:03:26Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UNITED-KINGDOM-60K-PERSONAL-INFORMATION-DATA-OF-SPORTBETTING-UK-PLAYERS)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of access to unidentified software development company from Vietnam
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized AWS S3, Jira, Bitbucket & MySQL access to an unidentified leading software development company based in Vietnam.
- Date: 2025-10-06T18:53:28Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Access-to-a-Leading-Software-Development-Company)
- Screenshots:
- Threat Actors: 888
- Victim Country: Vietnam
- Victim Industry: Software Development
- Victim Organization: Unknown
- Victim Site: Unknown
- Landmark Management, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-06T18:30:19Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=23840702-71fc-3bf0-8577-084967167c17)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: landmark management, inc.
- Victim Site: landmarkmgtinc.com
- Alleged data breach of Israel Tax Authority
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Israel Tax Authority. The compromised data reportedly contains more than 1500 records that includes name, email, phone number, position and department.
- Date: 2025-10-06T18:29:43Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267670/
- Screenshots:
- Threat Actors: Nigan
- Victim Country: Israel
- Victim Industry: Government Administration
- Victim Organization: israel tax authority
- Victim Site: taxes.gov.il
- Alleged Sale of Chile WordPress Admin Access with Webpay Plus
- Category: Initial Access
- Content: The threat actor claims to be selling WordPress admin access to a Chile-based website using the Webpay Plus credit-card payment method. The listing reports 85 credit-card orders in September (non-subscription).
- Date: 2025-10-06T18:06:46Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267668/
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: Chile
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Development Services Group, Inc.
- Category: Ransomware
- Content: The group claims to have obtained 165 GB of the organization’s data.
- Date: 2025-10-06T18:01:37Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ba70cdd7-5ef8-3f32-9c4c-80c97b51df13)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Research Industry
- Victim Organization: development services group, inc.
- Victim Site: dsgonline.com
- Alleged Sale of WordPress Admin Access to Peru based site with credit card payment frame
- Category: Initial Access
- Content: The threat actor claims to be selling WordPress admin access to a Peru-based website integrated with a credit card frame payment method. The listing indicates that in September, the site processed 99 credit card orders without subscriptions.
- Date: 2025-10-06T17:58:06Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267667/
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: Peru
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of WordPress Admin Access to US Site with Credit Card Payment Form
- Category: Initial Access
- Content: The threat actor claims to be selling WordPress Admin Access to US Site with Credit Card Payment Form.
- Date: 2025-10-06T17:46:44Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267663/
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of forex personal data from France
- Category: Data Breach
- Content: Threat actor claims to be selling leaked forex personal data from France. The compromised data reportedly contains 220,000 records of data from year 2024 to 2025 , including name, phone number, email, etc.
- Date: 2025-10-06T17:30:45Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-FRANCE-200K-FOREX-PERSONAL-DATA-FROM-FRANCE)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Orion Engineers + Constructors falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 32 GB of the organization’s data. The compromised data includes Internal confidential information containing client personal information (SSNs, address, email addresses and so on), employee information (w9 forms), financial and accounting files, contracts, agreements, clients’ engineering specifications and drawings, projects, etc.
- Date: 2025-10-06T17:16:38Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Mechanical or Industrial Engineering
- Victim Organization: orion engineers + constructors
- Victim Site: orion-eng.com
- Alleged sale of premium academic memberships for Shodan
- Category: Data Breach
- Content: Threat actor claims to be selling premium academic membership accounts for Shodan.
- Date: 2025-10-06T17:08:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%9B%B0%EF%B8%8F%F0%9F%8E%93-Shodan-io-Academic-Memberships-%E2%80%93-Unlock-Full-Access-%F0%9F%8C%90%F0%9F%94%8D)
- Screenshots:
- Threat Actors: Exploit4000938832
- Victim Country: USA
- Victim Industry: Computer & Network Security
- Victim Organization: shodan
- Victim Site: shodan.io
- Alleged sale of admin access to unidentified telecom company from UK
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized admin access to an unidentified popular telecom company based in UK.
- Date: 2025-10-06T16:57:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Known-UK-Telecom-Admin-Access)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: UK
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
- Milliman Financial Risk Management falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 260 GB of the organization’s data. The compromised data includes client information, lots of internal operating files, financial and accounting files, contracts, agreements, projects, etc.
- Date: 2025-10-06T16:56:51Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: milliman financial risk management
- Victim Site: frm.milliman.com
- Alleged data sale of Grip Invest
- Category: Data Breach
- Content: Threat actor claims to be selling leaked personal email information of investors at Grip Invest, India. The compromised data reportedly contains 210,000 records, including email and password. NB: Grip Invest was previously breached on Sun Oct 02 2022.
- Date: 2025-10-06T16:49:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-INDIA-200K-PERSONAL-EMAIL-DATA-OF-GRIPINVEST-INVESTORS)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: grip invest
- Victim Site: gripinvest.in
- Alleged Sale of access to Honduras based Building Materials company
- Category: Initial Access
- Content: The threat actor claims to be selling VPN initial access to a Honduras based Building Materials company.
- Date: 2025-10-06T16:46:02Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267660/
- Screenshots:
- Threat Actors: Mark1777
- Victim Country: Honduras
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Daily Printing, Inc. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 32 GB of the organization’s data. The compromised data includes client information, a bit of employee files, lots of internal operating files, financial and accounting files, contracts, agreements, projects, etc.
- Date: 2025-10-06T16:34:19Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Printing
- Victim Organization: daily printing, inc.
- Victim Site: dailyprinting.com
- Alleged Sale of access to UK based Industrial Machinery & Equipment firm
- Category: Initial Access
- Content: The threat actor claims to be selling VPN initial access to a UK-based industrial machinery & equipment firm.
- Date: 2025-10-06T16:32:01Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267658/
- Screenshots:
- Threat Actors: Mark1777
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- saint-claude town hall falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-06T15:56:08Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=284291e2-27b6-30ea-89a4-8fc54ce86bb8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Government Administration
- Victim Organization: saint-claude town hall
- Victim Site: ville-saintclaude.fr
- Mecklenburg County Public Schools falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 305 GB of the organization’s data.
- Date: 2025-10-06T15:43:23Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=561a75e9-c56f-391f-9bb4-7b9c6222d63a)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/2bee3e1b-8713-4971-8995-a4f1f2a6e0c4.png
- https://d34iuop8pidsy8.cloudfront.net/76b66c36-b5cb-4e5e-a64f-b7bc950aa4d9.png
- https://d34iuop8pidsy8.cloudfront.net/efe0a79a-6ae3-4ac5-a211-10892d22ff1b.png
- https://d34iuop8pidsy8.cloudfront.net/f83240b9-3db0-46dc-ab6c-e35ca58f7856.png
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: mecklenburg county public schools
- Victim Site: mcpsweb.org
- 4 EXPLOITATION targets the website davidsonhealth.co.il
- Category: Defacement
- Content: The group claims to have deface the website davidsonhealth.co.il.
- Date: 2025-10-06T15:38:01Z
- Network: telegram
- Published URL: https://t.me/Exploitationn/1578
- Screenshots:
- Threat Actors: 4 EXPLOITATION
- Victim Country: Israel
- Victim Industry: Hospital & Health Care
- Victim Organization: Unknown
- Victim Site: davidsonhealth.co.il
- Alleged Sale of Hotmail Good Mail Access Combolist
- Category: Combo List
- Content: The threat actor claims to be offering a database containing 12,000 hotmail good mail account access combolist. The dataset allegedly includes credentials that could enable unauthorized access to various email services.
- Date: 2025-10-06T15:36:17Z
- Network: openweb
- Published URL: https://leakbase.la/threads/12k-hotmail-good-mail-access-combolist.44158/
- Screenshots:
- Threat Actors: cidiia
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- AnonGhost targets the website of Isranet Computers
- Category: Defacement
- Content: The group claims to have deface the website of Isranet Computers.
- Date: 2025-10-06T15:23:11Z
- Network: telegram
- Published URL: https://t.me/OpSeaIsraHeLL/36
- Screenshots:
- Threat Actors: AnonGhost
- Victim Country: Israel
- Victim Industry: Information Technology (IT) Services
- Victim Organization: isranet computers
- Victim Site: isranet.co.il
- McGeorge Architecture Interiors, LLC falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 145 GB of the organization’s data.
- Date: 2025-10-06T15:19:46Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d4c891b7-fe6d-3607-a215-0085916017d8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Architecture & Planning
- Victim Organization: mcgeorge architecture interiors, llc
- Victim Site: mcgeorgeai.com
- Alleged sale of combolists from multiple countries
- Category: Combo List
- Content: Threat actor claims to be selling fresh and private mail and password data and combo lists from multiple countries, including Canada, Germany, France, the Netherlands, Spain, Austria, and Australia.
- Date: 2025-10-06T14:34:18Z
- Network: openweb
- Published URL: https://leakbase.la/threads/fresh-private-mail-pass-data-combo-lists-available-all-countries-regions.44157/
- Screenshots:
- Threat Actors: Ogsgd
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Kecy Metal Technologies falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-06T14:20:53Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=66fffdac-1740-3223-b460-ed5ea540970e)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing & Industrial Products
- Victim Organization: kecy metal technologies
- Victim Site: kecymetals.com
- Alleged sale of access to UU Slots website
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to the UU Slots website. The claimed access includes finance access, player data, player control, and the ability to send OTP emails.
- Date: 2025-10-06T14:19:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UUSLOT-Gambling-website-for-sale-access-management)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: UK
- Victim Industry: Gambling & Casinos
- Victim Organization: uu slots
- Victim Site: uuslotsofficial.com
- Alleged leak of access to Agenda of the Pacitan Regency Government
- Category: Initial Access
- Content: The group claims to have leaked access to Agenda of the Pacitan Regency Government.
- Date: 2025-10-06T14:07:43Z
- Network: telegram
- Published URL: https://t.me/c/2532663346/117
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: agenda of the pacitan regency government
- Victim Site: agenda.pacitankab.go.id
- Alleged leak of access to Dinas Komunikasi dan Informatika or DISKOMINFO
- Category: Initial Access
- Content: The group claims to have leaked access to Dinas Komunikasi dan Informatika or DISKOMINFO
- Date: 2025-10-06T14:00:06Z
- Network: telegram
- Published URL: https://t.me/c/2532663346/117
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: dinas komunikasi dan informatika or diskominfo
- Victim Site: suratkominfo.hstkab.go.id
- Alleged data leak of Gujarat Bank
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Gujarat Bank. The compromised data reportedly includes a full backup of the bank manager’s account containing 99,000 emails (35 GB with attachments) spanning from 2019 to 2025. The leak allegedly contains emails exchanged with major institutions such as the Reserve Bank of India, NPCI, NEFT, FIU-IND, Equifax, Airtel, HDFC Bank, CIBIL, and M2P Fintech, as well as Indian government entities.
- Date: 2025-10-06T13:53:23Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-The-Gujarat-Bank-Sensitivities)
- Screenshots:
- Threat Actors: ByteToBreach
- Victim Country: India
- Victim Industry: Banking & Mortgage
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Gradoo crm
- Category: Data Breach
- Content: The threat actor claims to have breached the organisation’s data. The leaked data include contacts, Reference number, Main telephone number, Telephone number 2, Fax, Email, Mobile phone, Mobile phone 2, Description, Private telephone number.
- Date: 2025-10-06T13:47:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-gradoo-com-crm-leads)
- Screenshots:
- Threat Actors: Arabic
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: gradoo
- Victim Site: gradoo.com
- Alleged data breach of Bacabal City Hall
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Bacabal City Hall.
- Date: 2025-10-06T13:45:37Z
- Network: openweb
- Published URL: https://leakbase.la/threads/prefecture-municipal-de-bacabal.44151/
- Screenshots:
- Threat Actors: XanHacksThepepo
- Victim Country: Brazil
- Victim Industry: Government Administration
- Victim Organization: bacabal city hall
- Victim Site: bacabal.ma.gov.br
- Alleged sale of healthcare application data
- Category: Data Breach
- Content: The group claims to have selling 47GB healthcare application data from unidentified organisation.
- Date: 2025-10-06T13:41:53Z
- Network: telegram
- Published URL: https://t.me/Rubiconhackers/61
- Screenshots:
- Threat Actors: Rubiconhack
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Ludlow Construction Co Inc falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-10-06T13:37:50Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: ludlow construction co inc
- Victim Site: ludlowconstruction.com
- Alleged data leak of Horizon Lussier
- Category: Data Breach
- Content: The group claims to have leaked the database of Horizon Lussier, exposing over 200MB of sensitive data.
- Date: 2025-10-06T13:29:41Z
- Network: telegram
- Published URL: https://t.me/VFCTeam/236
- Screenshots:
- Threat Actors: V FOR VENDETTA CYBER TEAM
- Victim Country: Canada
- Victim Industry: Automotive
- Victim Organization: horizon lussier
- Victim Site: horizonlussier.com
- Alleged leak of access to Direktorat Jenderal Bina Pemerintahan Desa
- Category: Initial Access
- Content: The group claims to have leaked access to Direktorat Jenderal Bina Pemerintahan Desa.
- Date: 2025-10-06T13:20:38Z
- Network: telegram
- Published URL: https://t.me/c/2702757113/532
- Screenshots:
- Threat Actors: Night Owll
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: direktorat jenderal bina pemerintahan desa
- Victim Site: binapemdes.kemendagri.go.id
- Lipapromet falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-06T12:54:39Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2adb31b7-ee4b-3bd1-a40d-341665c8ded2)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Croatia
- Victim Industry: Wholesale
- Victim Organization: lipapromet
- Victim Site: lipapromet.hr
- Alleged data breach of Israel Police
- Category: Data Breach
- Content: The group claims to have leaked data from Israel Police.
- Date: 2025-10-06T12:51:06Z
- Network: telegram
- Published URL: https://t.me/H3yder_N3ex/449
- Screenshots:
- Threat Actors: Hider_Nex
- Victim Country: Israel
- Victim Industry: Public Safety
- Victim Organization: israel police
- Victim Site: police.gov.il
- Alleged data breach of Safir company
- Category: Data Breach
- Content: The threat actor claims to have leaked over 150,000 records from Safir Company, allegedly containing ID, first name, last name, wallet, birth date, national code, marital status, sex, email, phone number, and more.
- Date: 2025-10-06T12:49:52Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-IRAN-safirstores-com-150K-Leaked-Download)
- Screenshots:
- Threat Actors: Demetrius
- Victim Country: Iran
- Victim Industry: Cosmetics
- Victim Organization: safir company
- Victim Site: safirstores.com
- Natural Milk falls victim to DEVMAN 2.0 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-10-06T12:11:48Z
- Network: tor
- Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: Denmark
- Victim Industry: Dairy
- Victim Organization: natural milk
- Victim Site: naturmaelk.dk
- Alleged unauthorized access to boiler control of ENERGOFOREST s.r.o.
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to boiler control of ENERGOFOREST s.r.o. in Czech Republic. The compromised system allegedly allows control of (manual, automatic, start, stop), fuel supply, ventilation, hydraulic systems, cleaning cycles,control of temperatures in the rooms etc.
- Date: 2025-10-06T12:02:41Z
- Network: telegram
- Published URL: https://t.me/c/2634086323/1822
- Screenshots:
- Threat Actors: NoName057(16)
- Victim Country: Czech Republic
- Victim Industry: Paper & Forest Products
- Victim Organization: energoforest s.r.o.
- Victim Site: energoforest.cz
- Natoli Engineering Company, Inc. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 936 GB of the organization’s data. The compromised data includes financial data (audit, payment details, financial reports, invoices), employees and customers information (passports, driver’s license, Social Security Numbers death/birth certificates, emails, phones) confidential information, NDAs and other documents with detailed personal information.
- Date: 2025-10-06T11:16:17Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing & Industrial Products
- Victim Organization: natoli engineering company, inc.
- Victim Site: natoli.com
- Alleged data breach of Centers Laboratory
- Category: Data Breach
- Content: The threat actor claims to have leaked corporate data from Centers Laboratory. The exposed dataset reportedly includes patient test records, laboratory reports, employee and staff information, diagnostic data, and internal operational files.
- Date: 2025-10-06T11:12:32Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/4716560680/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: centers laboratory
- Victim Site: centerslab.com
- HMEI7 targets the website of Sun Software (Pvt.) Limited
- Category: Defacement
- Content: The group claims to have deface the website of Sun Software (Pvt.) Limited
- Date: 2025-10-06T10:42:56Z
- Network: telegram
- Published URL: https://t.me/c/2412030007/1732
- Screenshots:
- Threat Actors: HMEI7
- Victim Country: Pakistan
- Victim Industry: Information Technology (IT) Services
- Victim Organization: sun software (pvt.) limited
- Victim Site: sunsoftware.co
- Field and Goldberg, LLC falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 232 GB of the organization’s data. The compromised data includes financial data (audit, payment details, financial reports, invoices), employees and customers information (passports, Social Security Numbers, emails, phones) confidential information, NDAs and other documents with detailed personal information.
- Date: 2025-10-06T10:23:46Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: field and goldberg, llc
- Victim Site: fieldandgoldberg.com
- PERENNIAL falls victim to BEAST Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-10-06T10:15:37Z
- Network: tor
- Published URL: http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/perennial
- Screenshots:
- Threat Actors: BEAST
- Victim Country: China
- Victim Industry: Manufacturing
- Victim Organization: perennial
- Victim Site: perennialcable.com
- Saskarc Inc. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained more than 54 GB data which includes financial data such as audit, payment details, financial reports, invoices, Confidential information and other documents with detailed personal information.
- Date: 2025-10-06T10:10:47Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: Canada
- Victim Industry: Building and construction
- Victim Organization: saskarc inc.
- Victim Site: saskarc.com
- Alleged data sale of Microsoft Japan Co., Ltd.
- Category: Data Breach
- Content: The group claims to be selling data from Microsoft Japan Co., Ltd.
- Date: 2025-10-06T09:36:28Z
- Network: telegram
- Published URL: https://t.me/c/3127628636/115
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: Japan
- Victim Industry: Software Development
- Victim Organization: microsoft japan co., ltd.
- Victim Site: microsoft.com
- Alleged data leak of Crescitaly SMM Panel
- Category: Data Breach
- Content: The group claims to have leaked the organization’s data. The leaked data includes login and password in text format.
- Date: 2025-10-06T09:33:39Z
- Network: telegram
- Published URL: https://t.me/NigthCrawlerX/979
- Screenshots:
- Threat Actors: NightCrawlerX
- Victim Country: Unknown
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: crescitaly smm panel
- Victim Site: crescitaly.com
- Alleged sale of unauthorized PrestaShop Admin Access in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified PrestaShop store in Spain with full administrative privileges.
- Date: 2025-10-06T09:32:50Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267629/
- Screenshots:
- Threat Actors: cosmodrome
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of SMM Panel Server (Social Media Marketing panel)
- Category: Data Breach
- Content: The group claims to have leaked the organization’s data. The leaked data includes login and password in text format.
- Date: 2025-10-06T09:18:55Z
- Network: telegram
- Published URL: https://t.me/NigthCrawlerX/978
- Screenshots:
- Threat Actors: NightCrawlerX
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: smm panel server
- Victim Site: smmpanelserver.com
- Pharaoh’s Team targets the website of Smart Menu
- Category: Defacement
- Content: The group claims to have defaced the website of Smart Menu.
- Date: 2025-10-06T09:13:36Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: smart menu
- Victim Site: sm-menu.com
- Alleged data leak of KEX
- Category: Data Breach
- Content: The group claims to have leaked the login credentials for KEX, Thailand.
- Date: 2025-10-06T09:12:59Z
- Network: telegram
- Published URL: https://t.me/NigthCrawlerX/980
- Screenshots:
- Threat Actors: NightCrawlerX
- Victim Country: Thailand
- Victim Industry: Transportation & Logistics
- Victim Organization: kex
- Victim Site: th.kex-express.com
- Pharaoh’s Team targets the website of Smart Clinic
- Category: Defacement
- Content: The group claims to have defaced the website of Smart Clinic.
- Date: 2025-10-06T09:08:39Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Hospital & Health Care
- Victim Organization: smart clinic
- Victim Site: sm-clinic.de
- Pharaoh’s Team targets the website of SoftX ITS
- Category: Defacement
- Content: The group claims to have defaced the website of SoftX ITS.
- Date: 2025-10-06T09:08:22Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: softx its
- Victim Site: softxits.com
- Pharaoh’s Team targets the website of sylwias photography
- Category: Defacement
- Content: The group claims to have deface the website of Sylwias Photography
- Date: 2025-10-06T09:02:28Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Photography
- Victim Organization: sylwias photography
- Victim Site: sylwias-photography.com
- Pharaoh’s Team targets the website of Darwish Sweets
- Category: Defacement
- Content: The group claims to have deface the website of Darwish Sweets
- Date: 2025-10-06T09:00:30Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Food & Beverages
- Victim Organization: darwish sweets
- Victim Site: darwishsweets.de
- Alleged sale of Russian confidential data
- Category: Data Breach
- Content: The threat actor claims to be selling a highly confidential technical document on the Russian Lancet-3 loitering munition. The document reportedly includes detailed analysis of the system’s design, navigation, optics, warheads, and operational capabilities.
- Date: 2025-10-06T08:59:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-HIGHLY-CONFIDENTIAL-RUSSIAN-LOITERING-MUNITION-LANCET-3-TECHNICAL-DOCUMENT)
- Screenshots:
- Threat Actors: A1HM27
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Pharaoh’s Team targets the website of Sigeko-Weiden
- Category: Defacement
- Content: The group claims to have deface the website of Sigeko-Weiden.
- Date: 2025-10-06T08:59:05Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Building and construction
- Victim Organization: sigeko-weiden
- Victim Site: sigeko-weiden.de
- Pharaoh’s Team targets the website of DamasTech General Contracting
- Category: Defacement
- Content: The group claims to have deface the website of DamasTech General Contracting
- Date: 2025-10-06T08:53:37Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: UAE
- Victim Industry: Building and construction
- Victim Organization: damastech general contracting
- Victim Site: damasgc.com
- Pharaoh’s Team targets the website of Ideal Umzüge
- Category: Defacement
- Content: The group claims to have defaced the website of Ideal Umzüge.
- Date: 2025-10-06T08:52:59Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/142
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Transportation & Logistics
- Victim Organization: ideal umzüge
- Victim Site: idealumzuege.de
- Alleged data breach of CHRIST Jewelers and Watchmakers since 1863 GmbH
- Category: Data Breach
- Content: The threat actor claims to have leaked data from CHRIST Jewelers and Watchmakers since 1863 GmbH. The exposed data reportedly includes corporate records, employee information, customer details, store operation files, and other confidential business documents.
- Date: 2025-10-06T08:46:51Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: Germany
- Victim Industry: Luxury Goods & Jewelry
- Victim Organization: christ jewelers and watchmakers since 1863 gmbh
- Victim Site: christ.de
- Alleged sale of unauthorized PrestaShop Admin Access in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified PrestaShop store in Spain with full administrative privileges.
- Date: 2025-10-06T08:43:57Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267628/
- Screenshots:
- Threat Actors: cosmodrome
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized PrestaShop Admin Access in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified PrestaShop store in Spain, with full admin rights.
- Date: 2025-10-06T08:32:10Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267630/
- Screenshots:
- Threat Actors: cosmodrome
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized PrestaShop Admin Access in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified PrestaShop store in Spain.
- Date: 2025-10-06T08:27:10Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267631/
- Screenshots:
- Threat Actors: cosmodrome
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- RipperSec Claims to Target Multiple Countries
- Category: Alert
- Content: A recent post by the group indicates they are resuming activity and continuing development of their MegaMedusa tool. The group claims intentions to conduct cyber operations targeting multiple countries, citing ongoing conflicts related to Palestine.
- Date: 2025-10-06T08:25:39Z
- Network: telegram
- Published URL: https://t.me/c/2875163062/43
- Screenshots:
- Threat Actors: RipperSec
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of admin access to Totalwin College of Economics
- Category: Initial Access
- Content: The group claims to have leaked administrator access for Totalwin College of Economics.
- Date: 2025-10-06T07:40:53Z
- Network: telegram
- Published URL: https://t.me/barzxploitreal/63
- Screenshots:
- Threat Actors: BARZXPLOIT
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: totalwin college of economics
- Victim Site: stietotalwin.ac.id
- Alleged sale of Personally Identifiable Information (PII)
- Category: Data Breach
- Content: The group claims to be selling Personally Identifiable Information (PII). The exposed data reportedly include full name, date of birth, address, phone number, email, facial photograph, NIK, family card details, email, BPJS card data, residence, father’s name, mother’s name, parental permission letter etc.
- Date: 2025-10-06T06:59:28Z
- Network: telegram
- Published URL: https://t.me/fornetcloud/2680
- Screenshots:
- Threat Actors: FORNET ORG
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of company infrastructure data from Kingbright Electronic Co., Ltd.
- Category: Data Breach
- Content: The group claims to have leaked company infrastructure data from Kingbright Electronic Co., Ltd.
- Date: 2025-10-06T06:47:10Z
- Network: telegram
- Published URL: https://t.me/fornetcloud/2681
- Screenshots:
- Threat Actors: FORNET ORG
- Victim Country: Taiwan
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: kingbright electronic co., ltd.
- Victim Site: kingbright.com
- Alleged data breach of Indonesian National Police (POLRI) & Indonesian Air Force (TNI-AU)
- Category: Data Breach
- Content: The threat actor claims to have leaked databases from Indonesian National Police (POLRI) & Indonesian Air Force (TNI-AU). The exposed dataset reportedly include ranks, full names, units, phone numbers and email addresses. NB: The organization was previously breached on 23rd September 2025
- Date: 2025-10-06T06:34:08Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-745K-Indonesian-National-Police-Military-Of-indonesian-database–54903)
- Screenshots:
- Threat Actors: Bjorka
- Victim Country: Indonesia
- Victim Industry: Law Enforcement
- Victim Organization: indonesian national police
- Victim Site: polri.go.id
- Alleged leak of consent.exe
- Category: Vulnerability
- Content: Threat actor claims to have leaked the source code of consent.exe, a core Windows UAC component. The post includes links to both a raw decompiled dump and a reconstructed C version, which could potentially expose vulnerabilities.
- Date: 2025-10-06T06:24:30Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Consent-exe-source-code)
- Screenshots:
- Threat Actors: l33tfg
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Kuwait Ministry of Public Works
- Category: Data Breach
- Content: Threat actor claims to be selling data from the Kuwait Ministry of Public Works (MPW). The compromised data includes 2 TB dump (1,643,432 files in 226,731 folders) dated October 2025.
- Date: 2025-10-06T06:18:52Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%B0%F0%9F%87%BC-KUWAIT-Ministry-of-Public-Works-MPW-Breach-12-TB)
- Screenshots:
- Threat Actors: Kazu
- Victim Country: Kuwait
- Victim Industry: Government Administration
- Victim Organization: kuwait ministry of public works
- Victim Site: mpw.gov.kw
- Alleged access sale of RDP to cloud-mining ASIC manufacturer
- Category: Initial Access
- Content: The threat actor claims to be selling access to an unidentified organization, which includes Remote Desktop access to a local network belonging to a cloud-based Bitcoin mining (ASIC) chip manufacturer based in Northwestern Europe.
- Date: 2025-10-06T06:18:34Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267618
- Screenshots:
- Threat Actors: rs6mtm
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized access to Nodes.Guru
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to Nodes.Guru.
- Date: 2025-10-06T06:02:58Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/267626/
- Screenshots:
- Threat Actors: APT_Hunter
- Victim Country: Argentina
- Victim Industry: Information Technology (IT) Services
- Victim Organization: nodes.guru
- Victim Site: nodes.guru
- Alleged sale of administrative access and Insider Recruitment
- Category: Alert
- Content: Threat actor claims to be selling access to administrative accounts and management consoles (Active Directory, Okta, Azure, AWS IAM). The forum post requests validation (AD/Okta commands, LDAP/log files, SSH key use) and also solicits insiders at telecoms, large software/gaming firms, call centers, and hosting providers.
- Date: 2025-10-06T05:54:28Z
- Network: telegram
- Published URL: https://t.me/andrewfedman/516
- Screenshots:
- Threat Actors: Scattered LAPSUS$ Hunters
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of access to an administrative dashboard in Nepal
- Category: Initial Access
- Content: Threat actor claims to be selling access to a live dashboard that manages over 16,000 WiFi hotspots in Nepal.
- Date: 2025-10-06T05:24:37Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-16k-Wifi-hotspots-in-nepal-dashboard)
- Screenshots:
- Threat Actors: NovaFire
- Victim Country: Nepal
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized access to unidentified shop in Australia * Category: Initial Access * Content: Threat actor claims to be selling unauthorized access to unidentified shop in Australia. * Date: 2025-10-06T04:15:49Z * Network: openweb * Published URL: https://forum.exploit.in/topic/267624/ * Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/1a084165-3bdc-40f2-94e1-2645c8f2937a.png * Threat Actors: corptoday * Victim Country: Australia * Victim Industry: E-commerce & Online Stores * Victim Organization: Unknown * Victim Site: Unknown
- Magna Foodservice victim to Radiant Group Ransomware * Category: Ransomware * Content: The group claims to have obtained organization’s data. * Date: 2025-10-06T03:01:41Z * Network: tor * Published URL: http://trfqksm6peaeyz4q6egxbij5n2ih6zrg65of4kwasrejc7hnw2jtxryd.onion/Magna * Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/b3976712-18f2-41a3-8e14-39f55c5e9e1b.png * Threat Actors: Radiant Group * Victim Country: UK * Victim Industry: Food & Beverages * Victim Organization: magna foodservice * Victim Site: magnafoodservice.co.uk
- Wellslandscaping INC victim to INC RANSOM Ransomware * Category: Ransomware * Content: The group claims to have obtained the organization’s data. * Date: 2025-10-06T02:51:03Z * Network: tor * Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68e2fbfcfa0b6f4bdfef8990) * Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/2acd3c00-acb7-4d01-af3e-6113745bafcd.png * Threat Actors: INC RANSOM * Victim Country: USA * Victim Industry: Architecture & Planning * Victim Organization: wellslandscaping inc * Victim Site: wellslandscaping.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks, notably by Qilin, akira, and PLAY, are prominent, targeting various sectors including law, education, manufacturing, and real estate across the USA, Germany, and France. Data breaches and leaks are widespread, affecting government organizations in Israel, India, Kuwait, and Indonesia, and compromising sensitive information such as personal data, corporate records, and internal technical documents. Furthermore, the market for initial access remains highly active, with threat actors selling unauthorized entry to SCADA systems in Italy and the Czech Republic, administrative dashboards for WiFi hotspots in Nepal, and corporate networks in the UK and Vietnam. The continued activity in malware (Vulnerability) and combo list sales underscores the persistent availability of offensive capabilities in the cyber underground.
The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.