[October-10-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

M.S Security Group falls victim to Kairos Ransomware

Category: Ransomware
Content: The group claims to have obtained 1.48 TB of organization’s internal data. The exposed data reportedly include Personally Identifiable Information (PII) and sensitive financial records which they intend to publish within 6-7 days.
Date: 2025-10-10T23:48:17Z
Network: tor
Published URL: (http://nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion/detail/?code=www-ms-security-ltd-com-cyprus-1-48tb)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f1ec73f7-a6d7-4ebc-b41b-2dc0db539cdc.png https://d34iuop8pidsy8.cloudfront.net/f6e8a9f3-5765-454c-9dce-72cec72535f8.png https://d34iuop8pidsy8.cloudfront.net/c737cd98-cfbd-44e7-b727-110965c4b096.png
Threat Actors: Kairos
Victim Country: Cyprus
Victim Industry: Maritime
Victim Organization: m.s security group
Victim Site: ms-security-ltd.com

Forestry Department falls victim to DEVMAN 2.0 Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s internal data and they intend to publish it within 2-3 days
Date: 2025-10-10T23:29:27Z
Network: tor
Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d8df5d53-a1df-4e38-844f-aab05d3986e7.png
Threat Actors: DEVMAN 2.0
Victim Country: Jamaica
Victim Industry: Government & Public Sector
Victim Organization: forestry department
Victim Site: forestry.gov.jm

DEVMAN 2.0 ransomware group adds an unknown victim (r******urology.com)

Category: Ransomware
Content: The group claims to have obtained 300 GB of organization’s internal data which they intend to publish within 4-5 days
Date: 2025-10-10T23:17:41Z
Network: tor
Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/2ded0f44-1343-447a-af25-a7a81d3435e6.png
Threat Actors: DEVMAN 2.0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

HIME666 targets the website of Policy Advisor

Category: Defacement
Content: The group claims to have deface the website of Policy Advisor.
Date: 2025-10-10T22:15:39Z
Network: telegram
Published URL: (https://t.me/c/3088972502/29)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6e39687b-bbb0-4bab-840b-a00a0c99f983.png
Threat Actors: HIME666
Victim Country: India
Victim Industry: Financial Services
Victim Organization: policy advisor
Victim Site: policyadvisor.co.in

Alleged sale of sensitive documents from CIA

Category: Data Breach
Content: Threat actor claims to be selling sensitive intelligence documents on Russia, allegedly obtained from the Central Intelligence Agency (CIA) through an insider.
Date: 2025-10-10T22:04:25Z
Network: openweb
Published URL: (https://breachsta.rs/topic/top-secret-cia-document-intel-on-russia-xccc4r287xoy)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/13b2c4c3-dfa9-444d-840e-729959904194.png
Threat Actors: hubz
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Paleontological Research Institution falls victim to Sinobi Ransomware

Category: Ransomware
Content: Group claims to have exfiltrated approximately 1800 GB of data from Industrial Chemicals Corporation, including Financial data, Contracts. They intend to publish it within 9-10 days.
Date: 2025-10-10T22:04:01Z
Network: tor
Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e96cfe88b6823fa275a2c4)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a8a26795-bf64-430b-84a9-0f098bfeaf9f.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Museums & Institutions
Victim Organization: paleontological research institution
Victim Site: priweb.org

Complete Milling Lab falls victim to Sinobi Ransomware

Category: Ransomware
Content: Group claims to have exfiltrated approximately 680 GB of data from Industrial Chemicals Corporation. They intend to publish it within 9-10 days.
Date: 2025-10-10T22:00:01Z
Network: tor
Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e96c1b88b6823fa2759f32)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7bcdc99b-03e0-4d03-8e48-1e2f4c1293bb.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: complete milling lab
Victim Site: Unknown

krne.com falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T21:57:36Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/krnecom/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/905b5e19-0ecf-4aa6-affe-ae20994cd559.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: krne.com
Victim Site: krne.com

Sunbulah Group falls victim to Sinobi Ransomware

Category: Ransomware
Content: Group claims to have obtained the organization’s data.
Date: 2025-10-10T21:52:06Z
Network: tor
Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e968fc88b6823fa2758d7b)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1c906574-5191-4063-83fe-9ff148ec904c.png
Threat Actors: Sinobi
Victim Country: Saudi Arabia
Victim Industry: Manufacturing
Victim Organization: sunbulah group
Victim Site: sunbulahgroup.com

glatten.de falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T21:49:44Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/glattende/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d4370f6f-3a03-4b28-a321-2c4c9d452fa5.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: Government & Public Sector
Victim Organization: glatten.de
Victim Site: glatten.de

Alleged data breach of Centre for Distance and Online Education

Category: Data Breach
Content: The group claims to have leaked data of Centre for Distance and Online Education, India.
Date: 2025-10-10T21:49:20Z
Network: telegram
Published URL: (https://t.me/lunarisS3C/52)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0ae9a525-3ac1-4b99-a22b-76b28c569935.png
Threat Actors: LunarisSec
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: centre for distance and online education
Victim Site: cdoeamu.ac.in

Central Jersey Medical Center falls victim to Sinobi Ransomware

Category: Ransomware
Content: Group claims to have obtained the organization’s data.
Date: 2025-10-10T21:48:48Z
Network: tor
Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e967d388b6823fa27586fd)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/810c16be-d7ce-4991-b672-6d711345e262.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Health & Fitness
Victim Organization: central jersey medical center
Victim Site: cjmc.us

Porto Funeral Homes falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T21:24:26Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/portofuneralhomesnet/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/45e3a7cf-1e5e-406f-b782-3b3f32085f85.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: porto funeral homes
Victim Site: portofuneralhomes.net

Glenn Graydon Wright LLP falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T21:10:03Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/ggwnet/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/aa531bcc-27aa-411a-ba4d-590791f0109f.png
Threat Actors: SAFEPAY
Victim Country: Canada
Victim Industry: Accounting
Victim Organization: glenn graydon wright llp
Victim Site: ggw.net

Alleged data leak of Venezuelan Military

Category: Data Breach
Content: The threat actor claims to have leaked a Venezuelan military database containing 30,000 records, including 3,000 entries with images, ID numbers, and email addresses of uniformed personnel.
Date: 2025-10-10T21:09:24Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Document-%F0%9F%98%8E%F0%9F%91%BD%E2%9C%A8Free-30k-Venezuelan-Military-Data-3k-with-images-ID-numbers-and-emails%E2%9C%A8%F0%9F%91%BD%F0%9F%98%8E)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/571a02ee-a15d-4511-8a3e-3ef76838be7c.png https://d34iuop8pidsy8.cloudfront.net/b0000c53-effb-405e-b885-8b43f348014f.png
Threat Actors: HvcKMvsoneria33
Victim Country: Venezuela
Victim Industry: Military Industry
Victim Organization: bolivarian army
Victim Site: ejercito.mil.ve

CML Machinery Inc. falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T20:53:26Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/cmlmachinerycom/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8fd2bd47-72fd-43f3-abdb-a2ab2212052d.png
Threat Actors: SAFEPAY
Victim Country: Canada
Victim Industry: Machinery Manufacturing
Victim Organization: cml machinery inc.
Victim Site: cmlmachinery.com

Empirico Research falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T20:37:56Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/empirico-mrcom/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/69e5bdba-d5e7-4299-8328-ec724a1089e4.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Market Research
Victim Organization: empirico research
Victim Site: empirico-mr.com

Tango De Mayo Hotel falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T20:24:05Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/tango-hotelcomar/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d737cc47-4466-4a09-9350-138356662476.png
Threat Actors: SAFEPAY
Victim Country: Argentina
Victim Industry: Hospitality & Tourism
Victim Organization: tango de mayo hotel
Victim Site: tango-hotel.com.ar

BridgeNet Communications, LLC falls victim to SAFEPAY Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 2-3 days.
Date: 2025-10-10T20:14:42Z
Network: tor
Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/bridgenetcommunicationsrgvcom/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/74158380-826b-457b-976b-d33cb3d0ed53.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Network & Telecommunications
Victim Organization: bridgenet communications, llc
Victim Site: bridgenetcommunicationsrgv.com

ClawSec Team targets the website of InfinityFree

Category: Defacement
Content: The group claims to have deface the website of InfinityFree.
Date: 2025-10-10T20:00:09Z
Network: telegram
Published URL: (https://t.me/ClawSecTeam/89)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a2f8598d-cc29-42c3-a58e-71b1f0e74634.png
Threat Actors: ClawSec Team
Victim Country: Grenada
Victim Industry: Software
Victim Organization: infinityfree
Victim Site: overloadx.rf.gd

Brevard Skin and Cancer Center falls victim to PEAR Ransomware

Category: Ransomware
Content: The group claims to have obtained 1.8 TB of the organization’s data. The compromised data includes Financials, HR, Partners’ and Vendors’ Data, Numerous Patients’ PII & PHI Records, Payment Details, Mailboxes & Email Correspondence, Database & Exports, etc.
Date: 2025-10-10T19:43:33Z
Network: tor
Published URL: (http://pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion/Companies/brevardskin/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0dfa7f3f-91c8-4172-956a-60aa6d392573.png
Threat Actors: PEAR
Victim Country: USA
Victim Industry: Medical Practice
Victim Organization: brevard skin and cancer center
Victim Site: brevardskin.com

M A D G H O S T targets the website heshoo.com

Category: Defacement
Content: The group claims to have deface the website heshoo.com.
Date: 2025-10-10T19:09:44Z
Network: telegram
Published URL: (https://t.me/ARABIAN_GH0STS/136)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ea310416-2b7f-4323-86f6-9b7fee021dd3.png
Threat Actors: M A D G H O S T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mail.heshoo.com

M A D G H O S T targets the website saghebi.ir

Category: Defacement
Content: The group claims to have deface the website saghebi.ir.
Date: 2025-10-10T19:00:59Z
Network: telegram
Published URL: (https://t.me/ARABIAN_GH0STS/135)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/507c4b93-5994-4109-95f1-890cb71ee25a.png
Threat Actors: M A D G H O S T
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: saghebi.ir

Arabian Ghosts targets the website of Cilimiao

Category: Defacement
Content: The group claims to have deface the website of Cilimiao.
Date: 2025-10-10T18:55:48Z
Network: telegram
Published URL: (https://t.me/ARABIAN_GH0STS/134)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a5b0c77f-980d-446f-aed9-75fd8dd5f871.png
Threat Actors: Arabian Ghosts
Victim Country: China
Victim Industry: Information Technology (IT) Services
Victim Organization: cilimiao
Victim Site: cilimiao.cn

Alleged sale of unauthorized access to an unidentified manufacturing company in Spain

Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and Forti VPN access to an unidentified manufacturing company in Spain.
Date: 2025-10-10T18:54:35Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267975/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6c9f8344-e027-4e4d-8bd7-e6b47fba20b0.png
Threat Actors: Mark1777
Victim Country: Spain
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown

Arabian Ghosts targets the website of Webempresa Europa

Category: Defacement
Content: The group claims to have deface the website of Webempresa Europa.
Date: 2025-10-10T18:45:51Z
Network: telegram
Published URL: (https://t.me/ARABIAN_GH0STS/133)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9fd2e20-22ff-4641-b26f-0e62be27c7e6.png
Threat Actors: Arabian Ghosts
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: webempresa europa
Victim Site: captcha.webempresa.eu

Arabian Ghosts targets the website of Tutorial.com

Category: Defacement
Content: The group claims to have deface the website of Tutorial.com.
Date: 2025-10-10T18:39:44Z
Network: telegram
Published URL: (https://t.me/ARABIAN_GH0STS/132)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4a769cf3-a97d-4c39-ab25-5771f80b7042.png
Threat Actors: Arabian Ghosts
Victim Country: France
Victim Industry: Education
Victim Organization: tutorial.com
Victim Site: fr.tuto.com

Alleged leak of Vietnamese online shopping data

Category: Data Breach
Content: The threat actor claims to be selling Vietnam online shopping data
Date: 2025-10-10T18:38:08Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Vietnam-online-shopping-data)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fdd42afd-6d34-4dc7-bf77-96c48ba30d2f.png
Threat Actors: LV5332
Victim Country: Vietnam
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown

Alleged leak of random documents from a military base

Category: Data Breach
Content: The threat actor claims to have leaked documents related to a military-area site near Military Trail & Melaleuca Lane (unincorporated Palm Beach County / Greenacres area, Florida).
Date: 2025-10-10T18:27:51Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Document-MILITARY-TRAIL-MELALEUCA-DOCUMENTS)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/54cb59c4-ac68-4ff0-8320-6898aa49efd4.png
Threat Actors: blackberrynet
Victim Country: Unknown
Victim Industry: Military Industry
Victim Organization: Unknown
Victim Site: Unknown

InDoM1nu’s targets the website of emplolio

Category: Defacement
Content: The group claims to have deface the website of emplolio.
Date: 2025-10-10T18:09:08Z
Network: telegram
Published URL: (https://t.me/InDoM1nusTe4m/25?single)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/470bacce-67ab-4429-8d3c-c773196861ee.png
Threat Actors: InDoM1nu’s
Victim Country: Germany
Victim Industry: Human Resources
Victim Organization: emplolio
Victim Site: emplolio.com

Caparrós Nature, SL. falls victim to Qilin Ransomware

Category: Ransomware
Content: The group claims to have obtained 461 GB of the organization’s data.
Date: 2025-10-10T18:07:09Z
Network: tor
Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7c453a39-36e5-37b6-9f26-a98511d7954f)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e84b3805-4c52-4c68-a608-f39f1f435c97.png https://d34iuop8pidsy8.cloudfront.net/4d83f560-7d6f-44a7-9004-aa4721b178c0.png https://d34iuop8pidsy8.cloudfront.net/8fbf56eb-869c-4314-b3a2-f358f3f98d8b.png https://d34iuop8pidsy8.cloudfront.net/1fbeed35-76f9-4d5e-a837-ffbab88aa4cc.png
Threat Actors: Qilin
Victim Country: Spain
Victim Industry: Wholesale
Victim Organization: caparrós nature, sl.
Victim Site: grupocaparros.com

InDoM1nu’s targets the website of teamclue

Category: Defacement
Content: The group claims to have deface the website of teamclue.
Date: 2025-10-10T18:05:53Z
Network: telegram
Published URL: (https://t.me/InDoM1nusTe4m/25?single)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/dca6c4c7-0afe-4149-92bc-79e97afe9ef5.png
Threat Actors: InDoM1nu’s
Victim Country: Austria
Victim Industry: Human Resources
Victim Organization: teamclue
Victim Site: teamclue.co

Alleged data leak of Bank Leumi

Category: Data Breach
Content: The group claims to have leaked data of Bank Leumi, contains credit cards and other confidential information.
Date: 2025-10-10T17:54:12Z
Network: telegram
Published URL: (https://t.me/H3yder_N3ex/506?single)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8b84b5e9-d151-4dc8-aeb9-133d3b9f0ce8.png https://d34iuop8pidsy8.cloudfront.net/6ef3fb21-1472-4362-8043-dedcdcfa22d7.png
Threat Actors: Hider_Nex
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: bank leumi
Victim Site: leumi.co.il

Artan Holding falls victim to Qilin Ransomware

Category: Ransomware
Content: The group claims to have obtained 41 GB of the organization’s data.
Date: 2025-10-10T17:45:05Z
Network: tor
Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=55758ce1-0dce-31b1-ba2e-146262f782be)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/692155e5-aa52-4a21-a342-991e0a6bc392.png https://d34iuop8pidsy8.cloudfront.net/505f6cf9-43ed-4fa9-acbf-b41e943787cc.png https://d34iuop8pidsy8.cloudfront.net/50643b5f-ef5a-4ec7-a638-571aa28e70f3.png
Threat Actors: Qilin
Victim Country: Qatar
Victim Industry: Real Estate
Victim Organization: artan holding
Victim Site: artanholding.com

Alleged sale of unauthorized access to an unidentified hotel in Uruguay

Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified hotel in Uruguay.
Date: 2025-10-10T17:13:24Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267970/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3bbb107c-193b-4360-900c-a1e870bf1998.png
Threat Actors: s4sori
Victim Country: Uruguay
Victim Industry: Hospitality & Tourism
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of Russian Post

Category: Data Breach
Content: The threat actor claims to be selling 94.7 MB of Russian Post database (TXT) containing 61 pages of records with full names, registered and actual addresses, SNILS/TIN, and passport series/numbers
Date: 2025-10-10T17:11:17Z
Network: openweb
Published URL: (https://xss.pro/threads/143702/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c3ebe43a-8ee9-4baa-befa-4b4b607a59d8.png
Threat Actors: SilentRoot
Victim Country: Russia
Victim Industry: Transportation & Logistics
Victim Organization: russian post
Victim Site: ruspost.eu

Royal Den Hartogh Logistics falls victim to ANUBIS Ransomware

Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-10-10T16:10:16Z
Network: tor
Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/Y7OnM4Gx4xWneD7K1P1EM+uQ9tv6DLI3odLi2TRnzbJIoWesbf+w3pVU9SfCOL6RHTVsrHtWs1Um8jYR1HjjjV2Q3hyTXNO)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/69284814-a06e-4dcd-ad25-f33d5036eb06.png https://d34iuop8pidsy8.cloudfront.net/32206594-3bfe-4e15-ac74-3829cece1e07.png https://d34iuop8pidsy8.cloudfront.net/15a38afd-fa93-4a64-a5f7-c487496a6f7f.png https://d34iuop8pidsy8.cloudfront.net/4bbf1477-2761-40be-a008-96527ecb5fc1.png https://d34iuop8pidsy8.cloudfront.net/6f08d19f-f1f2-41fb-9f2c-39162ad8b264.png
Threat Actors: ANUBIS
Victim Country: Netherlands
Victim Industry: Transportation & Logistics
Victim Organization: royal den hartogh logistics
Victim Site: denhartogh.com

Alleged sale of turnkey malware

Category: Malware
Content: The threat actor claims to be selling a turnkey malware-for-hire service, offering custom payloads (single .exe, .exe+.dll, .msi), multi-file packages, and script support with promised antivirus evasion, SmartScreen/MotW bypass, and delayed activation.
Date: 2025-10-10T15:34:24Z
Network: openweb
Published URL: (https://xss.pro/threads/143700/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6cbb5b6b-8c29-41b8-b15f-e570d86f288d.png https://d34iuop8pidsy8.cloudfront.net/ad756044-e9b0-4dfb-ae93-b38e13b2b507.png https://d34iuop8pidsy8.cloudfront.net/6788b86b-7c1d-40ee-80ec-8e47782f043a.png
Threat Actors: LuciferXfiles
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of LEJE – Leilão Judicial Eletrônico

Category: Data Breach
Content: The threat actor claims to be selling a database belonging to Electronic Judicial Auction Brazil (leje.com.br), a platform that facilitates the sale of assets under judicial orders and operates under public law in Brazil. The post includes sample user data, such as names, email addresses, roles (e.g., judicial clerks, lawyers, administrators), and hashed passwords.
Date: 2025-10-10T14:50:01Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Electronic-Judicial-Auction-Brazil-leje-com-br)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9888535c-8d7f-46b6-bbb9-7514f521a43f.png
Threat Actors: krekti
Victim Country: Brazil
Victim Industry: Legal Services
Victim Organization: leje – leilão judicial eletrônico
Victim Site: leje.com.br

Alleged data breach of Searchhub

Category: Data Breach
Content: The threat actor claims to have breached data of 1ok clients from the organization’s database. The compromised data is provided in a downloadable file.
Date: 2025-10-10T14:30:14Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Searchhub-database-client-10k)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9a50d7ba-8a74-4fb2-bc09-ba1a7802f0c7.png
Threat Actors: rbroquard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: searchhub
Victim Site: Unknown

Friendly Gus falls victim to Sinobi Ransomware

Category: Ransomware
Content: The group claims to have obtained 180 GB of organization’s data including Confidential, Financial data, Contracts, etc. They intend to publish it within 3-4 days.
Date: 2025-10-10T14:15:04Z
Network: tor
Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6885c88b6823fa26987e9)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e7372365-c2e1-4bd6-9d9b-1b857e638640.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: friendly gus
Victim Site: friendlygus.com

Alleged data sale of Inland Revenue Department (IRD)

Category: Data Breach
Content: The group claims to be selling web shell (for access) and databases from Inland Revenue Department (IRD) in Nepal.
Date: 2025-10-10T14:10:40Z
Network: telegram
Published URL: (https://t.me/ctrl_nepal/139)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/167fde40-d050-4f06-942d-1c1489b9900a.JPG
Threat Actors: GenZRisingNepal
Victim Country: Nepal
Victim Industry: Government Administration
Victim Organization: inland revenue department (ird)
Victim Site: ird.gov.np

Alleged data breach of Attiva Medical

Category: Data Breach
Content: The group claims to have gained full access to Attiva Medical, taken the site offline, exfiltrated databases containing clients, users, regular subscribers, and payment receipts.
Date: 2025-10-10T14:05:24Z
Network: telegram
Published URL: (https://t.me/c/2958462092/51)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6e0fcb4f-6cfe-48a8-8c7d-357fbde23458.png https://d34iuop8pidsy8.cloudfront.net/e1f356d5-4675-49ff-a9d8-b46ae61770ce.png
Threat Actors: Shit Alliance
Victim Country: France
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: attiva medical
Victim Site: attiva-medical.fr

American Home Furniture and Mattress falls victim to LYNX Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-10-10T13:56:59Z
Network: tor
Published URL: (http://lynxblogco7r37jt7p5wrmfxzqze7ghxw6rihzkqc455qluacwotciyd.onion/leaks/68e5783dcc2d2d4e68407286)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/bc1c4773-f5b9-43e1-b385-1138d2a6d3bb.jpg https://d34iuop8pidsy8.cloudfront.net/61207b26-c899-4412-81a6-7af80fb72704.jpg
Threat Actors: LYNX
Victim Country: USA
Victim Industry: Furniture
Victim Organization: american home furniture and mattress
Victim Site: americanhome.com

Alleged data breach of Brightannica Pty Ltd

Category: Data Breach
Content: The threat actor claims to have leaked data from Brightannica Pty Ltd, allegedly containing IDs, emails, and passwords.
Date: 2025-10-10T13:32:39Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-Education-and-Migration-agency-Australia-brightannica-com-au)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/078b75db-6988-406b-a5c0-2f254a8c67b6.png
Threat Actors: krekti
Victim Country: Australia
Victim Industry: Education
Victim Organization: brightannica pty ltd
Victim Site: brightannica.com.au

Alleged data sale of Job-Kleidung GmbH

Category: Data Breach
Content: The threat actor claims to be selling data from Job-Kleidung GmbH, an e-commerce and online retail company. The compromised data includes names, street numbers, emails, and more.
Date: 2025-10-10T13:25:43Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-German-Webshop-Job-Kleidung-GmbH-job-kleidung-de)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6a45d09d-2e7d-467a-8c0b-8e37fd2db96f.png
Threat Actors: krekti
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: job-kleidung gmbh
Victim Site: job-kleidung.de

HMEI7 targets the website of Gilgal Christian Assembly

Category: Defacement
Content: The group claims to have deface the website of Gilgal Christian Assembly
Date: 2025-10-10T13:24:57Z
Network: telegram
Published URL: (https://t.me/c/2412030007/1762)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3e8d2858-893f-4211-b120-eff31e206aef.png
Threat Actors: HMEI7
Victim Country: India
Victim Industry: Religious Institutions
Victim Organization: gilgal christian assembly
Victim Site: gcabangalore.org

Alleged data leak of Orange

Category: Data Breach
Content: The threat actor claims to have leaked more than 6 GB of data from Orange, the French telecommunications company.
Date: 2025-10-10T13:22:17Z
Network: openweb
Published URL: (https://leakbase.la/threads/orange-employee-project-data-leak-6-46-gb-43m-lines.44279/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5265c7a3-cdde-41d6-9538-5772c6721513.png
Threat Actors: breachz
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: orange
Victim Site: orange.com

Alleged data sale of the Grenoble Academy

Category: Data Breach
Content: The threat actor claims to be selling access to and a database from the Grenoble Academy in France. The compromised data includes IDs, emails, passwords, and more.
Date: 2025-10-10T13:15:00Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Acad%C3%A9mie-de-Grenoble-https-www1-ac-grenoble-fr)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/94396bfa-bf79-4eab-9218-689d6bca7f94.png https://d34iuop8pidsy8.cloudfront.net/152d1ead-dc56-4f72-acbd-f1def621a3c2.png
Threat Actors: krekti
Victim Country: France
Victim Industry: Education
Victim Organization: grenoble academy
Victim Site: ac-grenoble.fr

HMEI7 targets the website of GBCT World

Category: Defacement
Content: The group claims to have deface the website of GBCT World
Date: 2025-10-10T13:05:43Z
Network: telegram
Published URL: (https://t.me/c/2412030007/1760)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/63e15ddc-e7cd-4cd0-aaa8-73a9d5460414.JPG
Threat Actors: HMEI7
Victim Country: Nigeria
Victim Industry: Non-profit & Social Organizations
Victim Organization: gbct world
Victim Site: gbctworld.com

Five Star Mechanical falls victim to akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 30 GB of the organization’s data. The compromised data includes Employee and owners personal information (passports, DLs, SSNs, address, emails and so on), customers files, projects, financials and other operating files.
Date: 2025-10-10T13:00:09Z
Network: tor
Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/bd8e2ce0-c61d-4292-8316-c358f79174f6.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: five star mechanical inc.
Victim Site: fivestarks.com

Carlson Building Maintenance falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 20 GB of the organization’s data. The compromised data includes essential corporate documents such as: financial data (audit, payment details, financial reports, invoices), employees and customers information (passports, driver’s licenses, emails, phones), confidential information and other documents with personal information.
Date: 2025-10-10T12:54:43Z
Network: tor
Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f853e7c5-db33-48d3-9d45-3f13e7abc401.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Facilities Services
Victim Organization: carlson building maintenance
Victim Site: carlsonbuilding.com

Alleged data breach of the Drought Management Centre for Southeastern Europe

Category: Data Breach
Content: The threat actor claims to have leaked data from the Drought Management Centre for Southeastern Europe. The compromised data includes user credentials.
Date: 2025-10-10T12:54:27Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-Drought-Management-Centre-for-Southeastern-Europe-dmcsee-org)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8ff480fa-1180-4d76-b00b-f327c7fa1d17.png
Threat Actors: krekti
Victim Country: Slovenia
Victim Industry: Environmental Services
Victim Organization: drought management centre for southeastern europe
Victim Site: dmcsee.org

Alleged data breach of Ticketmaster

Category: Data Breach
Content: The threat actor claims to be selling a database of customer and eTicket information from Ticketmaster, reportedly containing 11 million records. The data allegedly includes details for events such as Taylor Swift (175k tickets), Jennifer Lopez (143k tickets), and Justin Timberlake (250k tickets), with fields covering sales order IDs, customer IDs, event names, dates, ticket barcodes, and seat numbers.
Date: 2025-10-10T12:45:00Z
Network: openweb
Published URL: (https://leakbase.la/threads/usa-ticketmaster-com-online-ticketing-platform-customers-eticket-11-million-2024.44277/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ec97a0c9-74f3-4e50-b4df-d6f242267e2f.jpg
Threat Actors: wonder
Victim Country: USA
Victim Industry: Events Services
Victim Organization: ticketmaster
Victim Site: ticketmaster.com

Alleged data breach of the Ministry of Welfare and Social Affairs, Israel

Category: Data Breach
Content: The threat actor claims to have leaked 457,000 records from the Ministry of Welfare and Social Affairs in Israel. The compromised data includes personal information such as full names, birth details, identification numbers, and more.
Date: 2025-10-10T12:36:46Z
Network: openweb
Published URL: (https://darkforums.st/Thread-457-000-ISRAELI-MINISTRY-OF-WELFARE-DATABASE)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9b5ddd2-e27d-4f69-925c-ca7ec30c4250.png https://d34iuop8pidsy8.cloudfront.net/855f8b27-a74e-4b85-b183-4d08005ac358.png
Threat Actors: INDOHAXSEC
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: ministry of welfare and social affairs
Victim Site: gov.il

Alleged access sale of Indian software company

Category: Initial Access
Content: The treat actor claims to be selling access to an Indian software development company. The actor mentions RDP and Domain Admin privileges across around 350 hosts, indicating potential full network-level access to the organization’s infrastructure.
Date: 2025-10-10T12:08:43Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267938/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5256e13c-c139-4700-8be0-5c9ab0f1be2e.png
Threat Actors: Big-Bro
Victim Country: India
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: Unknown

Alleged leak of Chinese overseas data in France

Category: Data Breach
Content: The threat actor claims to be sharing a small portion of a database allegedly containing information on Chinese individuals residing in France.
Date: 2025-10-10T11:59:15Z
Network: openweb
Published URL: (https://leakbase.la/threads/chinese-overseas-in-france.44269/#post-246562)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9a600dae-8670-4792-9914-3fab608af9f9.png
Threat Actors: ivandraco
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of MyRepublic Indonesia

Category: Data Breach
Content: The threat actor claims to have leaked the database of MyRepublic Indonesia, an internet service provider based in Indonesia.
Date: 2025-10-10T11:11:03Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-Data-Register-ISP-Myrepublic)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/2aaec66f-3ff3-4340-b88e-fc74be9ca72a.png
Threat Actors: TRexID
Victim Country: Indonesia
Victim Industry: Network & Telecommunications
Victim Organization: myrepublic indonesia
Victim Site: myrepublic.co.id

Alleged leak of admin access to Bangladesh Power Development Board (BPDB)

Category: Initial Access
Content: The group claims to have leaked admin access to the Bangladesh Power Development Board (BPDB)
Date: 2025-10-10T11:09:01Z
Network: telegram
Published URL: (https://t.me/kingsmanindia1/628)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7363c8a8-7338-4cf2-8967-ee6137b073d1.JPG
Threat Actors: KINGSMAN INDIA
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bangladesh power development board (bpdb)
Victim Site: newconnection.bpdb.gov.bd

Alleged leak of access to Bangladesh Nursing and Midwifery Council

Category: Initial Access
Content: The group claims to have leaked admin panel access to the Bangladesh Nursing and Midwifery Council.
Date: 2025-10-10T11:03:39Z
Network: telegram
Published URL: (https://t.me/kingsmanindia1/629)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c34e27f7-f9ea-4930-820a-80300a692b75.JPG
Threat Actors: KINGSMAN INDIA
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bangladesh nursing and midwifery council
Victim Site: bncdb.bnmc.gov.bd

Alleged data breach of Delek Group

Category: Data Breach
Content: The group claims to have breached Delek Group, the Israeli fuel company. The compromised data reportedly includes around 650,000 customer records, military contracts, and intelligence documents.
Date: 2025-10-10T10:10:06Z
Network: openweb
Published URL: (https://handala-hack.to/israel-fuel-system-hacked/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3625c4a2-86b9-47a5-bb7e-a9144062022d.png https://d34iuop8pidsy8.cloudfront.net/afb81273-4d08-4b9d-bac7-fca9adc25780.png https://d34iuop8pidsy8.cloudfront.net/7cba7772-01b7-49ba-a0bb-38647109a05d.png https://d34iuop8pidsy8.cloudfront.net/065d8a17-535d-4b5d-95ef-d9c070008937.png https://d34iuop8pidsy8.cloudfront.net/c914f2bd-e60f-49b4-abcc-acc7d3f22a17.png https://d34iuop8pidsy8.cloudfront.net/dcf82d2e-73ae-49e2-8e11-2209f0346513.png https://d34iuop8pidsy8.cloudfront.net/09b19713-d9eb-49d5-af27-f4ae8eb3b9a8.png https://d34iuop8pidsy8.cloudfront.net/2c45fb06-f1b8-477a-a15f-7213a0244258.png https://d34iuop8pidsy8.cloudfront.net/08448c9c-11a5-4bf2-8e0b-5d5cccca4d3d.png
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Oil & Gas
Victim Organization: delek group
Victim Site: delek-group.com

Alleged data breach of TraxNYC

Category: Data Breach
Content: The threat actor claims to have leaked 182,326 records from TraxNYC, allegedly containing Order ID, full name, email address, phone number, shipping address, order date and time, order status, and product information.
Date: 2025-10-10T09:29:54Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-TraxNYC-Leaked-Download)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/64818b00-3c15-4604-874a-8d00db895032.png
Threat Actors: wikkid
Victim Country: USA
Victim Industry: Luxury Goods & Jewelry
Victim Organization: traxnyc
Victim Site: traxnyc.com

Alleged leak of COLOMBIA Immigration Database

Category: Data Breach
Content: The threat actor claim to have leaked the database of Colombian immigration. The compromised data includes full name, address, phone, dni, email, dob, gender, nationality, occupation, migration status, last entry date, notes.
Date: 2025-10-10T09:12:17Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Colombia-Immigration-Database)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/659fee7a-0c9a-428a-a555-4bee75f16238.png
Threat Actors: kokocorp
Victim Country: Colombia
Victim Industry: Government Administration
Victim Organization: migracion colombia
Victim Site: migracioncolombia.gov.co

Alleged leak of admin access to Romanian Intelligence Service

Category: Initial Access
Content: The group claims to have leaked access to the Romanian Intelligence Service.
Date: 2025-10-10T08:32:39Z
Network: telegram
Published URL: (https://t.me/ClawSecTeam/86)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b2d05c69-1503-4262-836e-b5608bf27b0c.JPG
Threat Actors: ClawSec Team
Victim Country: Romania
Victim Industry: Government Administration
Victim Organization: romanian intelligence service
Victim Site: sri.ro

Alleged leak of admin access to JDIH Legal Department of the West Halmahera Regency Government

Category: Initial Access
Content: The threat actor claims to have leaked admin-level access to the JDIH Legal Department of the West Halmahera Regency Government’s administration system.
Date: 2025-10-10T07:11:58Z
Network: telegram
Published URL: (https://t.me/c/2532663346/224)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/335fd5b9-b59a-4371-9560-6e4b1ecaf2cb.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: west halmahera district
Victim Site: jdih.halbarkab.go.id

Alleged unauthorized access to the Solar System from Italy.

Category: Initial Access
Content: The group claims to have gained unauthorized access to a system in Italy referred to as the Solar System.
Date: 2025-10-10T06:16:22Z
Network: telegram
Published URL: (https://t.me/AnonymousPakistanx909ofcc/80)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/682981c2-86a3-49af-962a-80a2a340ac4c.png
Threat Actors: Team Anonymous Pk X909
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged sale of U.S. Bank Data and Personal Information

Category: Data Breach
Content: The threat actor claims to have leaked and is selling personal and financial information related to U.S bank. The leaked data includes full names, contact details, Social Security Numbers, driver’s license information, employment and income records, and complete bank account credentials including routing and account numbers.
Date: 2025-10-10T05:39:15Z
Network: openweb
Published URL: (https://breachsta.rs/topic/selling-usa-bank-data-leaks-and-personal-information-for-relatively-cheap-lh99nscpltzj)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7d193ab1-9ed0-44e5-8974-fc7402f005c1.png
Threat Actors: An0nybyte
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of Ministry of Defense of Venezuela

Category: Data Breach
Content: The threat actor claims to have leaked a database from the Ministry of Defense of Venezuela. The dataset allegedly contains 2.5 GB of data in SQL format, totaling approximately 350,000 records. The leaked information reportedly includes email addresses, ID card numbers, full names, phone numbers, usernames, salaries, job positions, military ranks, and details about family members of individuals
Date: 2025-10-10T04:35:19Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%94%A5%F0%9F%9A%A8%F0%9F%92%A5Selling-Database-of-the-Ministry-of-Defense-of-Venezuela%F0%9F%92%A5%F0%9F%9A%A8%F0%9F%94%A5)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b9506616-d52b-4f5a-a327-8a3b31a76285.png https://d34iuop8pidsy8.cloudfront.net/33a24850-9bb4-4ee8-8b43-edaf07abb10b.png
Threat Actors: HvcKMvsoneria33
Victim Country: Venezuela
Victim Industry: Government & Public Sector
Victim Organization: ministry of defense of venezuela
Victim Site: mindefensa.gob.ve

Churchill Claims Services falls victim to SECUROTROP Ransomware

Category: Ransomware
Content: The group claims to have obtained 240 GB of organization’s confidential data. Leaked files include insured vehicle lists with client names and contact details, appraisal logs, and profit margin analyses. Additionally, employee phone numbers, compensation records, and various scanned documents from executive and general divisions were exposed.
Date: 2025-10-10T04:14:32Z
Network: tor
Published URL: (http://securo45z554mw7rgrt7wcgv5eenj2xmxyrsdj3fcjsvindu63s4bsid.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ad749d9a-22b9-4d21-b002-2733a7d2b7d1.png https://d34iuop8pidsy8.cloudfront.net/bfaaf579-fee2-4327-bde1-bb4114310655.png https://d34iuop8pidsy8.cloudfront.net/00b543be-534b-4e0a-ad02-14c34bd37ddf.png
Threat Actors: SECUROTROP
Victim Country: USA
Victim Industry: Insurance
Victim Organization: churchill claims services
Victim Site: churchill-claims.com

Alleged sale of admin access to an unidentified wordpress shop from

Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin-panel access to a French-based PrestaShop store.
Date: 2025-10-10T03:55:54Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267919/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8f254f7c-c3b0-4f08-9e16-c916e1464036.png
Threat Actors: kqu
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of PT Tempo Scan Group

Category: Data Breach
Content: The threat actor claims to have leaked a database of PT Tempo Scan Group, the posted sample indicates the dataset contains extensive personal and identifying information—full names, email addresses, genders, national ID numbers (NIK), dates of birth, phone numbers, full postal addresses, postal/city/province codes. NB: The organization was previously breached on Aug 28 2024.
Date: 2025-10-10T03:42:28Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-Data-Officer-PT-Tempo-Scan-Group-Indonesia)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/eca439ee-6549-45f5-a698-280225e1cb59.png https://d34iuop8pidsy8.cloudfront.net/085edb2a-2914-4d74-85da-7792b465f3df.png
Threat Actors: TRexID
Victim Country: Indonesia
Victim Industry: Manufacturing
Victim Organization: pt tempo scan group
Victim Site: temposcangroup.com

Falco Electronics falls victim to BlackShrantac Ransomware

Category: Ransomware
Content: The group claims to have obtained 8 TB of organization’s internal data including complete network information and corporate network credentials, electronics design files, core company systems and documents, and additional customers and competitor information. Note: Falco Electronics has previously fallen victim to Trigona Ransomware on February 14, 2024.
Date: 2025-10-10T03:40:52Z
Network: tor
Published URL: (http://b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion/targets/6)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f97f8a91-e930-44c6-9508-d3c666509637.png https://d34iuop8pidsy8.cloudfront.net/62bab7f0-1769-4baa-9785-fe566fbede89.png https://d34iuop8pidsy8.cloudfront.net/05b74e21-3e8d-4a15-9370-fea12aede0c9.png https://d34iuop8pidsy8.cloudfront.net/79450b0f-e6dc-4413-ac3c-db1caa5d6bc4.png https://d34iuop8pidsy8.cloudfront.net/dfb0fcb1-b7e4-420d-bdf1-0f8a4b674b5f.png
Threat Actors: BlackShrantac
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: falco electronics
Victim Site: falco.com

CyberToufan claims to target MAYA Technologies Ltd.

Category: Alert
Content: A recent post by the group indicates that they are targeting Maya Engineering (maya-il.com).
Date: 2025-10-10T02:04:07Z
Network: telegram
Published URL: (https://t.me/CyberToufan02/429)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/246c6fca-9630-4135-af53-7e5e5c28a672.png
Threat Actors: CyberToufan
Victim Country: Israel
Victim Industry: Machinery Manufacturing
Victim Organization: maya technologies ltd.
Victim Site: maya-il.com

Pharaoh’s Team Channel claims to target India

Category: Alert
Content: A recent post by the group indicates they are targeting India, using data from a compromised Indian database.
Date: 2025-10-10T01:54:54Z
Network: telegram
Published URL: (https://t.me/Pharaohs_n/155)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d3430a31-1bee-49f1-b2a2-6848ca884432.png
Threat Actors: Pharaoh’s Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of San Nicolás municipal government

Category: Data Breach
Content: Threat actor claims to have leaked data from San Nicolás municipal government. The compromised data includes manual information, user information, etc.
Date: 2025-10-10T00:32:57Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Document-Mexico-San-Nicolas-NL)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/333a7693-3216-4778-8a89-f1b168ef8651.png
Threat Actors: icaro
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: san nicolás municipal government
Victim Site: tramites.sanicolas.gob.mx

Benedict Industries falls victim to INC RANSOM Ransomware

Category: Ransomware
Content: The group claims to have obtained 270 GB of organization’s confidential data
Date: 2025-10-10T00:02:25Z
Network: tor
Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68e84577fa0b6f4bdf3a0b82)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/627041e5-4348-4086-9762-b0428edd4500.png https://d34iuop8pidsy8.cloudfront.net/4911f7a8-c8a7-4579-a114-c1b5768cab85.png
Threat Actors: INC RANSOM
Victim Country: Australia
Victim Industry: Environmental Services
Victim Organization: benedict industries
Victim Site: benedict.com.au

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks, notably from groups like SAFEPAY, Sinobi, akira, Qilin, and Kairos, are the most prominent threat category, affecting sectors like Hospital & Health Care, Manufacturing, Government & Public Sector, and Financial Services across the USA, Canada, Germany, and others.

Data breaches remain a significant risk, targeting sensitive data from organizations such as the Ministry of Welfare and Social Affairs (Israel), Ticketmaster (USA), and Orange (France), with data ranging from personal information and customer records to classified military documents.

Activity in Initial Access sales also underscores the availability of network entry points, with threat actors offering access to an Indian software development company, the Romanian Intelligence Service, and the Bangladesh Power Development Board.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools, emphasizing the critical importance of robust cybersecurity measures.

Conclusion

Related Posts

[June-26-2025] Daily Cybersecurity Threat Report

[April-09-2025] Daily Cybersecurity Threat Report

[September-16-2025] Daily Cybersecurity Threat Report