[October-16-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Aussie Fluid Power falls victim to ANUBIS Ransomware

2. Alleged gain of access to DEIF Energy Management and Control System in France

  • Category: Initial Access
  • Content: Group has claimes to have access to an energy management and control system in France developed by Danish company DEIF. The system manages generators, load distribution, and power stability in critical facilities. The group claims the platform’s interface allowed viewing of alarms, logs, settings, and service functions. They also allege access to supervision data, potentially exposing sensitive operational information.
  • Date: 2025-10-16T23:18:57Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/1974)
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: France
  • Victim Industry: Energy & Utilities
  • Victim Organization: deif energy management and control system
  • Victim Site: deif.fr

3. Alleged data breach of Cloudflare

4. Alleged sale of 80k France database

5. DEVMAN 2.0 ransomware group adds an unknown victim (o***mnt.com)

6. Alleged data breach of Kearney Public Schools

7. Alleged gain of access to MPAC Automation & Controls

8. M3 Group falls victim to Nova Ransomware

9. ShareP – Sustainable Parking Management falls victim to Nova Ransomware

10. Alleged data breach of IIT Kharagpur

11. Alleged Sale of access to Japan mail

12. Alleged sale of data from a Japanese forex

13. American Airlines falls victim to CL0P Ransomware

14. University of the Witwatersrand falls victim to CL0P Ransomware

15. Alleged Data leak of Discord Support

16. BMP Europe Ltd falls victim to PLAY Ransomware

17. Alleged data breach of Rubens Artistic

18. Alleged data breach of Candystore

19. Alleged leak of Biology Faculty data from Peru

20. Alleged data breach of Kristall Jewelry

21. José Guma S.A. falls victim to DragonForce Ransomware

22. Alleged data breach of Canale 7

23. Alleged gain of login access to Laemchabang International RO-RO Terminal Limited

24. Alleged leak of School uniform USA database

  • Category: Data Breach
  • Content: Threat actor claims to have leaked the USA school uniform database. The dataset reportedly contains 7 million records of American students, including high school and college data. The leaked information includes personal details such as names, addresses, emails, phone numbers, birthdates, and gender.
  • Date: 2025-10-16T15:10:26Z
  • Network: openweb
  • Published URL: (https://xss.pro/threads/143787/)
  • Screenshots:
  • Threat Actors: Observe
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

25. NTB CYBER TEAM targets the website of Tam An Trading, Service & Management Consulting Co., Ltd

26. Alleged unauthorized access to an unidentified Scada controlled smart home in Poland

27. Alleged data breach of headzshop.co

28. Alleged leak of access to Khaokhaow Subdistrict Administration Organization

29. Montship Inc falls victim to Qilin Ransomware

30. Alleged data breach of co2-extract.ru

31. Dalton Pharma Services falls victim to Qilin Ransomware

32. Regency Specialist Hospital falls victim to Nova Ransomware

33. Alleged data breach of CoilPlus, Inc.

34. Panda Rose Consulting Studios falls victim to Qilin Ransomware

35. BMC Strategic Innovation falls victim to Qilin Ransomware

36. G.S. Long Company falls victim to Qilin Ransomware

37. Arpi’s Industries Ltd falls victim to Qilin Ransomware

38. Specialized Packaging Group falls victim to Qilin Ransomware

39. Devman promoting cybersecurity initiative

40. Arizona Fireplaces falls victim to Qilin Ransomware

41. Coppage Construction Co., Inc falls victim to Qilin Ransomware

42. Alleged unauthorized access to an unidentified control system of a wastewater plant in Poland

43. Alleged leak of access to Party Cruisers Limited

44. Alleged leak of access to OXFORD CENTRE ENGLISH INSTITUTE

45. Alleged leak of access to FORNET ORG

46. Sibbalds Chartered Accountants falls victim to RHYSIDA Ransomware

47. Ronemus & Vilensky LLP falls victim to Kraken Ransomware

48. NXBB.SEC targets the website of Office of the Basic Education Commission

49. Alleged sale of U.S. PII data

50. Alleged data leak of Cambodia Government System

51. Alleged data breach of U.S. Department of Justice (DoJ)

  • Category: Data Breach
  • Content: The threat actor claims to be leaked database of U.S. Department of Justice (DoJ) data dump containing 198 lines of personally identifiable information (PII). A sample includes names, government email addresses, phone numbers, and home addresses of individuals, likely DoJ employees or applicants.
  • Date: 2025-10-16T05:24:19Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DoJ-Apps-USA)
  • Screenshots:
  • Threat Actors: punk
  • Victim Country: USA
  • Victim Industry: Government Administration
  • Victim Organization: u.s. department of justice (doj)
  • Victim Site: justice.gov

52. Alleged leak of login access to Badan Kepegawaian Negara

53. Alleged sale of Driver with access to physical memory

  • Category: Malware
  • Content: The threat actor offering to sell a kernel‑level Windows driver that provides unlimited read/write access to physical memory. The ad claims the driver runs on the latest Windows 11 without detection, includes C++ control code for reading/writing physical addresses.
  • Date: 2025-10-16T04:54:49Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/268308/)
  • Screenshots:
  • Threat Actors: Detools
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

54. Gulf Warranties falls victim to BlackShrantac

55. Alleged data breach of Bogofi.ru

56. NTB CYBER TEAM targets the website of TAMAN Management Consulting Service trading Company Limited

57. Radiant Group ransomware has added an unidentified victim

58. Beta Dyne Inc. falls victim to Qilin Ramsomware

59. DocuRail falls victim to Radiant Group Ransomware

60. Alleged data sale of Federal Bank

61. Alleged sale of Web Infection Panel

62. Alleged data sale of University of Cádiz

63. Tex Tube falls victim to RHYSIDA Ransomware

64. Sprague & Jackson falls victim to Qilin Ransomware

65. Dark Storm Team claims to target YouTube Servers

66. Middlesex Appraisal Associates falls victim to QiIin Ransomware

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats over a single day, predominantly featuring Ransomware, Data Breaches, and Initial Access sales.

Ransomware Dominance and Impact: The most prevalent threat category is Ransomware, with groups like Qilin, Nova, RHYSIDA, CL0P, ANUBIS, PLAY, Kraken, and BlackShrantac actively publishing new victims. Notable ransomware victims include organizations across diverse sectors and geographies, such as:

  • Manufacturing (Aussie Fluid Power in Australia, José Guma S.A. in Argentina, Tex Tube in USA)
  • Healthcare (Regency Specialist Hospital in Malaysia)
  • Aviation (American Airlines in USA)
  • Consulting/Tech (Panda Rose Consulting Studios, DocuRail)
  • Financial (Gulf Warranties in UAE)
  • Construction (Arpi’s Industries Ltd, Coppage Construction Co., Inc)
  • Education (University of the Witwatersrand in South Africa)

The volume of data allegedly compromised ranges from 24 GB to 550 GB, underscoring the severe operational and financial risk posed by these attacks.

Widespread Data Breaches and Leaks: Data breaches remain a critical threat, impacting both private organizations and government bodies globally:

  • Government/Public Sector: The U.S. Department of Justice (DoJ), Badan Kepegawaian Negara (Indonesia), Cambodia Government System, and educational institutions like IIT Kharagpur (India) and Kearney Public Schools (USA) were allegedly breached.
  • Financial/PII: The report noted the sale of a large database from Federal Bank (India), as well as 80k France database containing credit card details, and sensitive U.S. PII data including child Fullz and driver’s licenses.
  • Retail/E-commerce: Victims include Bogofi.ru (Russia), Candystore (Denmark), and Kristall Jewelry (Peru).

Focus on Initial Access and Critical Infrastructure: The sale of initial network access is a significant trend, often targeting critical systems and high-value companies:

  • Threat actors claimed unauthorized access to industrial control systems (ICS/SCADA), specifically an energy management and control system in France and an unidentified wastewater treatment plant in Poland.
  • Physical/Government targets include access to Laemchabang International RO-RO Terminal Limited (Thailand), and a Subdistrict Administration Organization (Thailand).
  • Malware and Offensive Tools were also featured, including a kernel-level Windows driver and a Web Infection Panel, indicating the continuous evolution and availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts