This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Ronemus & Vilensky Attorneys At Law falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 200 GB of organization’s internal data. The exposed data includes large volumes of clientsโ personal and medical information, legal documents, confidential internal files, email communications, and data extracted directly from company software systems. Note: Ronemus & Vilensky Attorneys At Law has previously fallen victim to Kraken Ransomware on October 16, 2025.
- Date: 2025-10-21T23:57:15Z
- Network: tor
- Published URL๐http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/a41fca122ecec32a5fcf/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: ronemus & vilensky attorneys at law
- Victim Site: ronvil.com
- Tri City Foods, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data
- Date: 2025-10-21T23:30:16Z
- Network: tor
- Published URL๐http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f4e5ab1a-de9a-33d1-943e-e26c1db815d0)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Food & Beverages
- Victim Organization: tri city foods, inc.
- Victim Site: 3cityfoods.com
- ClaimLinx falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 200 GB of the organizationโs data. The compromised material reportedly includes files from the companyโs server, clientsโ personal data, clientsโ medical data, financial data, and more.
- Date: 2025-10-21T22:25:55Z
- Network: tor
- Published URL๐http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/abf6a73c95f7a2022ca0/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Insurance
- Victim Organization: claimlinx
- Victim Site: claimlinx.com
- Dependable Plastics & Supplies falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 120 GB of the organizationโs data. The compromised data reportedly includes Data from company file server, Network users folders, Personal data, Business data, Financial data. and more.
- Date: 2025-10-21T22:14:26Z
- Network: tor
- Published URL๐http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/3d92606ac6edeed44f5e/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Plastics
- Victim Organization: dependable plastics & supplies
- Victim Site: dependableplastic.com
- I-Tek Medical falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 120 GB of the organizationโs data. The compromised data reportedly includes files from the companyโs server, detailed technical information, contracts and NDAs, SQL backups, and more.
- Date: 2025-10-21T22:02:33Z
- Network: tor
- Published URL๐http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/06ac5172c3dc4aa678e5/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: i-tek medical
- Victim Site: i-tekmedical.com
- Hider_Nex targets the website of PayPal Holdings, Inc
- Category: Defacement
- Content: The group claims to have deface the website of PayPal Holdings, Inc.
- Date: 2025-10-21T21:53:35Z
- Network: telegram
- Published URL๐https://t.me/H3yder_N3ex/610?single)
- Screenshots:
- Threat Actors: Hider_Nex
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: paypal holdings, inc
- Victim Site: paypal.com
- Alleged sale of unauthorized email access to NEXTDOOR.COM
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized email access to NEXTDOOR.COM
- Date: 2025-10-21T21:40:50Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268687/)
- Screenshots:
- Threat Actors: xzaffair
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: nextdoor
- Victim Site: nextdoor.com
- Alleged sale of Taiwan cyber threat analysis document
- Category: Data Breach
- Content: Threat actor claims to be selling leaked top secret cyber threat analysis document from Taiwan.
- Date: 2025-10-21T21:36:47Z
- Network: openweb
- Published URL๐https://darkforums.st/Thread-Document-%F0%9F%8E%81-TOP-SECRET-CYBER-THREAT-ANALYSIS-TAIWAN-DOCUMENT-%F0%9F%8E%81)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Taiwan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Sanhua International USA falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 400 GB of the organization’s data. The compromised data includes Contracts, Financial data, Confidential data. They intends to publish it within 8-9 days.
- Date: 2025-10-21T21:14:53Z
- Network: tor
- Published URL๐http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f7ce3188b6823fa2be78e0)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: sanhua international usa
- Victim Site: sanhuausa.com
- Prime Dental Manufacturing, Inc. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-21T21:01:10Z
- Network: tor
- Published URL๐http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f7cece88b6823fa2be7dc6)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: prime dental manufacturing, inc.
- Victim Site: primedentalmfg.com
- Crave Culinaire falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 120 GB of the organization’s data. The compromised data includes Confidential, Financial data, Customer’s data. They intends to publish it within 8-9 days.
- Date: 2025-10-21T20:40:47Z
- Network: tor
- Published URL๐http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f7d0d288b6823fa2be87c1)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Food Production
- Victim Organization: crave culinaire
- Victim Site: craveculinaire.com
- Alleged gain of access to ICS German Branch
- Category: Initial Access
- Content: The group claims to have gained access to ICS German Branch.
- Date: 2025-10-21T20:38:36Z
- Network: telegram
- Published URL๐https://t.me/ARABIAN_GH0STS/155?single)
- Screenshots:
- Threat Actors: Arabian Ghosts
- Victim Country: Germany
- Victim Industry: Education
- Victim Organization: ics german branch
- Victim Site: ics-germany.de
- Alleged sale of Russian medical and military documents
- Category: Data Breach
- Content: Threat actor claims to be selling leaked medical and military documents data including the ministry of defence, Russia.
- Date: 2025-10-21T20:09:50Z
- Network: openweb
- Published URL๐https://darkforums.st/Thread-Document-%F0%9F%87%B7%F0%9F%87%BA-SENSITIVE-RUSSIAN-MINISTRY-OF-DEFENCE-DOCUMENTS-LEAK-2025-2-5-GB-%F0%9F%87%B7%F0%9F%87%BA)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- National Coatings falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish them within 4 days.
- Date: 2025-10-21T19:57:34Z
- Network: tor
- Published URL๐http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=QSN5XIN8yQwvO6)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: national coatings
- Victim Site: nationalcoatingsinc.com
- Alleged data breach of Luks Artvin
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Luks Artvin, Turkey.
- Date: 2025-10-21T19:57:15Z
- Network: tor
- Published URL๐http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-luksartvin-com-tr-fatihturizm-com-tr-ustundagturizm-com-tr-leaked-databases)
- Screenshots:
- Threat Actors: a_l33t_lamer
- Victim Country: Turkey
- Victim Industry: Leisure & Travel
- Victim Organization: luks artvin
- Victim Site: luksartvin.com.tr
- Nelligan White Architects falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish them within 4 days.
- Date: 2025-10-21T19:49:46Z
- Network: tor
- Published URL๐http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=BO747h0Ees6Ewt)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Architecture & Planning
- Victim Organization: nelligan white architects
- Victim Site: nelliganwhite.com
- Alleged data breach of japprendslabi.fr
- Category: Data Breach
- Content: Threat actor claims to have leaked data from japprendslabi.fr, by TVH Consulting, France. The compromised data reportedly contains 321 employee data including first name, last name, email, phone, gender, department, job title, years of experience, and salary of the company’s employees.
- Date: 2025-10-21T19:45:43Z
- Network: tor
- Published URL๐http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-Access-data-for-321-employees-at-japprendslabi-fr)
- Screenshots:
- Threat Actors: Kazuki
- Victim Country: France
- Victim Industry: E-Learning
- Victim Organization: japprendslabi.fr
- Victim Site: japprendslabi.fr
- Alleged sale of admin access to an OpenCart store in USA
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to an OpenCart store in USA.
- Date: 2025-10-21T19:45:08Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268680/)
- Screenshots:
- Threat Actors: black18
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin FTP access to an unidentified US sportswear e-commerce company
- Category: Initial Access
- Content: Threat actor claims to be selling administrative FTP access to a U.S. sportswear and athleticโfootwear retailer. The listing states the access is located in the USA with admin privileges and exposes 5+ TB of files, including website and server files, machine information, internal documents, and payment records.
- Date: 2025-10-21T19:32:39Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268676/)
- Screenshots:
- Threat Actors: Anon-WMG
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin FTP access to US sportswear e-commerce company
- Category: Initial Access
- Content: Threat actor claims to selling administrative FTP access to a U.S. sportswear and athleticโfootwear retailer. The listing states the access is located in the USA with admin privileges and exposes 5+ TB of files, including website and server files, machine information, internal documents, and payment records.
- Date: 2025-10-21T19:22:51Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268676/)
- Screenshots:
- Threat Actors: Anon-WMG
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin FTP access to major US sportswear e-commerce company
- Category: Initial Access
- Content: A seller claims to offer administrative FTP access to a major U.S. sportswear and athleticโfootwear retailer. The listing states the access is located in the USA with admin privileges and exposes 5+ TB of files, including website and server files, machine information, internal documents, and payment records.
- Date: 2025-10-21T18:40:26Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268676/)
- Screenshots:
- Threat Actors: Anon-WMG
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Figment POS
- Category: Data Breach
- Content: Threat actor claims to have leaked data and source code from Figment POS, based in Jordan.
- Date: 2025-10-21T18:17:16Z
- Network: tor
- Published URL๐http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-Source-Code-Figment-POS-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: Jordan
- Victim Industry: Information Technology (IT) Services
- Victim Organization: figment pos
- Victim Site: figmentpos.com
- Pacific West Systems Supply falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 224 GB of the organization’s data. The compromised information reportedly includes Detailed employee information (Passport, DLS, SSNs, birth certs and so on), financial and accounting information, a bit of client information, projects, NDAs, etc.
- Date: 2025-10-21T17:01:42Z
- Network: tor
- Published URL๐https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: Canada
- Victim Industry: Wholesale
- Victim Organization: pacific west systems supply
- Victim Site: pacwestsystems.com
- Alleged sale of massive malware data dump
- Category: Data Breach
- Content: A threat actor claims to be offering a large malware-derived data dump containing session cookies, payment card details, phone numbers, plaintext and hashed passwords, email addresses, autologin tokens, and other harvested credentials.
- Date: 2025-10-21T16:46:31Z
- Network: openweb
- Published URL๐https://leakbase.la/threads/malware-dumps-with-cookies-card-details-phone-numbers-passwords-emails-autologin-etc-etc-etc-huge-leak.44738/)
- Screenshots:
- Threat Actors: An0nybyte
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Microdevice falls victim to BEAST Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 850 GB of the organization data.
- Date: 2025-10-21T16:19:49Z
- Network: tor
- Published URL๐http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/microdevice)
- Screenshots:
- Threat Actors: BEAST
- Victim Country: Italy
- Victim Industry: Building and construction
- Victim Organization: microdevice
- Victim Site: microdevice.com
- Alleged sale of unauthorized access to Fortinet systems (100 instances)
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to 100 Fortinet systems.
- Date: 2025-10-21T15:43:56Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268666/)
- Screenshots:
- Threat Actors: anna_s
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Marquis Companies falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-21T14:09:54Z
- Network: tor
- Published URL๐http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68f77fa12423bc3ce0bfb555)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: marquis companies
- Victim Site: marquiscompanies.com
- HRSD falls victim to CL0P Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-21T14:06:51Z
- Network: tor
- Published URL๐http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/hrsd-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: hrsd
- Victim Site: hrsd.com
- Mailing.com falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 40 GB of the organization’s data. The compromised information reportedly includes employee personal information such as Full name, date of birth, address, information of their VIP clients, drawing and specifications, etc.
- Date: 2025-10-21T13:54:19Z
- Network: tor
- Published URL๐https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Printing
- Victim Organization: mailing.com
- Victim Site: mailing.com
- Alleged data sale of Vivid infotech Pvt. Ltd.
- Category: Data Breach
- Content: The threat actor claims to be selling 184.5 MB of data from Vivid Infotech Pvt. Ltd., allegedly containing id, first name, last name, email, password, reset question, reset answer, created time, updated time, channel id, and more.
- Date: 2025-10-21T13:49:54Z
- Network: openweb
- Published URL๐https://darkforums.st/Thread-Selling-USA-688k-Name-Email-Password-Hash-MD5-Address-230k-vividinfotech-com)
- Screenshots:
- Threat Actors: AgSlowly
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: vivid infotech pvt. ltd.
- Victim Site: vividinfotech.com
- Copeland LP falls victim to CL0P Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-21T13:49:27Z
- Network: tor
- Published URL๐http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/copeland-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: copeland lp
- Victim Site: copeland.com
- Vertiv Group falls victim to CL0P Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-21T13:44:56Z
- Network: tor
- Published URL๐http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/vertiv-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: vertiv group
- Victim Site: vertiv.com
- Napierski, VanDenburgh, Napierski & O’Connor, L.L.P. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 6 GB of the organization’s data. The compromised information reportedly includes personal documents, full information of at least 150 of their clients such as full name, DOB, address, passport numbers, SSNs, DLs and so no. Employee personal information (DOB, addresses, phones, salaries and other information), a lot of court cases including ransomware and others.
- Date: 2025-10-21T13:42:28Z
- Network: tor
- Published URL๐https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: napierski, vandenburgh, napierski & o’connor, l.l.p.
- Victim Site: nvnolaw.com
- U.S. Vanadium LLC falls victim to CRYPTO24 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300GB of the organization’s data.
- Date: 2025-10-21T13:27:47Z
- Network: tor
- Published URL๐http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/)
- Screenshots:
- Threat Actors: CRYPTO24
- Victim Country: USA
- Victim Industry: Mining/Metals
- Victim Organization: u.s. vanadium llc
- Victim Site: usvanadium.com
- Alleged sale of N-Day exploit for Oracle
- Category: Vulnerability
- Content: The threat actor claims to be selling N-Day exploit for Oracle, CVE-2025-61882.
- Date: 2025-10-21T13:08:29Z
- Network: openweb
- Published URL๐https://darkforums.st/Thread-Selling-CVE-2025-61882-Oracle-EBS-N-day-EXPLOIT)
- Screenshots:
- Threat Actors: xploitleaks
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: oracle
- Victim Site: oracle.com
- Alleged unauthorized access to unidentified control system of a modular treatment plant in Poland
- Category: Initial Access
- Content: The group claims to have gained access to the unidentified control system of a modular treatment plant in Poland. They reportedly have the ability to control the container cleaning chains, pump units, fans, dosing of incoming sewage, container hatches and work cycle settings.
- Date: 2025-10-21T12:44:54Z
- Network: telegram
- Published URL๐https://t.me/Z_ALLIANCE/845)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Canadian Tire Corporation Limited
- Category: Data Breach
- Content: The threat actor claims to have leaked data of over 41 million users from Canadian Tire Corporation Limited, allegedly including email IDs, passwords, and more.
- Date: 2025-10-21T12:39:42Z
- Network: openweb
- Published URL๐https://darkforums.st/Thread-canadiantire-breach-41-994-793-users)
- Screenshots:
- Threat Actors: depression
- Victim Country: Canada
- Victim Industry: Retail Industry
- Victim Organization: canadian tire corporation limited
- Victim Site: canadiantire.ca
- Alleged unauthorized access to German Water Treatment Plant control system
- Category: Initial Access
- Content: The group claims to have gained access to the German water treatment plantโs control system. They reportedly have the ability to monitor and manipulate key operational parameters, including pumps, valves, filters, and dosing systems. Real-time data on water levels, pressure, turbidity, pH, and chlorine content is accessible, along with historical logs and diagnostic data.
- Date: 2025-10-21T12:32:04Z
- Network: telegram
- Published URL๐https://t.me/c/2549402132/409)
- Screenshots:
- Threat Actors: Inteid
- Victim Country: Germany
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- DeKalb County falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-21T09:47:34Z
- Network: tor
- Published URL๐http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68f7444d2423bc3ce0bd40e0)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: dekalb county
- Victim Site: dekalbcountyga.gov
- Alleged unauthorized access to an unidentified control system of a grain storage in canada
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified control system of a grain storage and drying installation in Canada. The compromised system allegedly allows control over the monitoring and control of grain temperature, changing values and settings, control of the drying process, delay settings, logging and diagnostics and alarm History with all records and PLC Diagnostics.
- Date: 2025-10-21T09:32:04Z
- Network: telegram
- Published URL๐https://t.me/c/2634086323/2111)
- Screenshots:
- Threat Actors: NoName057(16)
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- BRDSoft falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 36 GB of the organization’s data and intends to publish them within 10-11 days.
- Date: 2025-10-21T09:25:52Z
- Network: tor
- Published URL๐http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
- Screenshots:
- Threat Actors: Nova
- Victim Country: Brazil
- Victim Industry: Network & Telecommunications
- Victim Organization: brdsoft
- Victim Site: brdsoft.com.br
- Trail Ridge Energy Partners II LLC falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-21T09:01:37Z
- Network: tor
- Published URL๐http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68f742cb2423bc3ce0bd32f2)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: USA
- Victim Industry: Oil & Gas
- Victim Organization: trail ridge energy partners ii llc
- Victim Site: trailridgeenergy.com
- McDonald Building Co. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1,4 TB of the organization’s data. The compromised data includes Confidential, Financial data, Customer’s data, Contracts.
- Date: 2025-10-21T08:19:54Z
- Network: tor
- Published URL๐http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f2a07a88b6823fa2a12670)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: mcdonald building co.
- Victim Site: mcdonaldbc.com
- Alleged unauthorized access to SCG MyAccess
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to SCG MyAccess.
- Date: 2025-10-21T06:28:23Z
- Network: telegram
- Published URL๐https://t.me/fornetcloud/3910)
- Screenshots:
- Threat Actors: FORNET ORG
- Victim Country: Thailand
- Victim Industry: Information Technology (IT) Services
- Victim Organization: scg myaccess
- Victim Site: myaccess.scg.co.th
- Alleged leak of unauthorized admin access to Madrasa
- Category: Initial Access
- Content: The group claims to have gained unauthorized admin access and have leaked admin credentials belonging to Madrasa.
- Date: 2025-10-21T06:15:15Z
- Network: telegram
- Published URL๐https://t.me/fornetcloud/3909)
- Screenshots:
- Threat Actors: FORNET ORG
- Victim Country: UAE
- Victim Industry: Education
- Victim Organization: madrasa
- Victim Site: madrasa.org
- Chester County Library System falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-21T06:07:15Z
- Network: tor
- Published URL๐http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68f721fc2423bc3ce0bbdaa8)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: USA
- Victim Industry: Library
- Victim Organization: chester county library system
- Victim Site: ccls.org
- Alleged unauthorized access to water injection control system in USA
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to water injection control system for oil reservoirs in USA.
- Date: 2025-10-21T05:47:29Z
- Network: telegram
- Published URL๐https://t.me/n2LP_wVf79c2YzM0/2038)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Oil & Gas
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of huge compiled credential dataset
- Category: Data Breach
- Content: The threat actor claims to be selling a huge compiled credential/reseller dataset of 10+ billion unique strings (cleaned, deduplicated) gathered 2022โ2025, offered in formats like mp (mail:pass), lp (login:pass), np (number/id/phone:pass).
- Date: 2025-10-21T03:59:01Z
- Network: tor
- Published URL๐http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-Selling-Request-from-U-L-P-login-phone-mail-pass-Public-Private-databases)
- Screenshots:
- Threat Actors: aisus
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of endpoint detection (EDR) accounts
- Category: Data Breach
- Content: Threat actor claims to be selling enterprise-level security or endpoint detection (EDR) accounts.
- Date: 2025-10-21T03:50:08Z
- Network: tor
- Published URL๐http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-%E2%9C%93-VERIFIED-Kodex-Google-EDR-ACCOUNTS-For-SALE-or-RENT)
- Screenshots:
- Threat Actors: oooo
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of decentralized botnet loader malware
- Category: Malware
- Content: The threat actor claims to be selling a decentralized botnet loader (supports .exe, .dll, .ps1, .cmd) that uses blockchain-based smart contracts to store and distribute encrypted bot commands. The listing advertises features like encrypted on-chain commands, rapid command delivery to bots, HWID-targeting, support for multiple payload types (stealer, RAT, miner, clipper), anti-analysis checks, and a web panel for management.
- Date: 2025-10-21T03:36:38Z
- Network: openweb
- Published URL๐https://xss.pro/threads/143872/)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/b2abc279-fcd8-478a-8c66-a1fc145e1259.png
- https://d34iuop8pidsy8.cloudfront.net/800bfbe5-ca7d-4a06-9c88-2ab39218b343.png
- https://d34iuop8pidsy8.cloudfront.net/00c3378d-f770-4d22-9670-1eb5a9e764c7.png
- https://d34iuop8pidsy8.cloudfront.net/79fdf222-0b68-4927-a309-d4425838c551.png
- Threat Actors: LenAI
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Georgian government IDs and passports
- Category: Data Breach
- Content: The threat actor has claimed to possess and sell a dataset allegedly containing Georgian government identification documents, including both sides of passports, along with corresponding government email addresses. The post indicates that the data includes multiple IDs, names, and email addresses.
- Date: 2025-10-21T03:30:19Z
- Network: openweb
- Published URL๐https://breachsta.rs/topic/leak-georgian-government-ids-and-a-few-passports-front-and-back-plus-correlating-gov-emails-vu2ux0fiyr03)
- Screenshots:
- Threat Actors: ethereum
- Victim Country: Georgia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of AK.GE
- Category: Data Breach
- Content: The threat actor claims to be leaked database of 10,982 internal emails from a very large telecom company in eastern Europe (AK.GE).
- Date: 2025-10-21T03:10:56Z
- Network: openweb
- Published URL๐https://breachsta.rs/topic/10982-internal-emails-from-a-very-large-telecom-company-in-eastern-europe-akge-l26ylxxmt4du)
- Screenshots:
- Threat Actors: bitcoin
- Victim Country: Georgia
- Victim Industry: Network & Telecommunications
- Victim Organization: ak.ge
- Victim Site: ak.ge
- Infrastructure Destruction Squad to Have Found Security Vulnerability in Saudi Hajj and Umrah Company
- Category: Vulnerability
- Content: A group claims to have discovered a security vulnerability in the electronic system of a Hajj and Umrah company in the Kingdom of Saudi Arabia. The alleged flaw reportedly exposes sensitive data, including passports, personal photos, and vaccination certificates. The group stated that the discovery was made to protect the company and its customers, not to cause harm. They urged the organization to fix the issue and strengthen its cybersecurity measures.
- Date: 2025-10-21T02:49:03Z
- Network: telegram
- Published URL๐https://t.me/n2LP_wVf79c2YzM0/2030)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Saudi Arabia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Leak of Oracle Corporation Server Data in Japan
- Category: Data Breach
- Content: The group claims to have gained access to an Oracle Corporation server located in Japan, allegedly extracting sensitive data including the X-UI panel database containing VPN/V2Ray configurations and user credentials, application and proxy configurations, network settings, log and memory files, as well as router firmware.
- Date: 2025-10-21T01:50:58Z
- Network: telegram
- Published URL๐https://t.me/c/3076919011/142)
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: Japan
- Victim Industry: Information Technology (IT) Services
- Victim Organization: oracle corporation
- Victim Site: oracle.com
- Alleged data leak of U.S. driverโs licenses
- Category: Data Breach
- Content: A threat actor claims to have leaked driver’s licenses in the USA.
- Date: 2025-10-21T01:38:38Z
- Network: openweb
- Published URL๐https://forum.exploit.in/topic/268629/)
- Screenshots:
- Threat Actors: rassvettt
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats.
Ransomware attacks are prevalent, with groups like GENESIS, Sinobi, LYNX, akira, CL0P, Qilin, BEAST, PLAY, CRYPTO24, and Nova claiming to have stolen significant volumes of data, including hundreds of gigabytes of confidential files, client personal/medical information, and financial data from numerous US-based organizations in industries like Law, Insurance, Manufacturing, Health Care, and Oil & Gas.
Initial Access sales are also frequently observed, with threat actors offering administrative FTP access and admin privileges to US e-commerce companies, as well as unauthorized access to industrial control systems (ICS) and SCADA systems in the US (Oil & Gas), Germany (Water Treatment), Poland (Modular Treatment Plant), and Canada (Grain Storage). Access to IT-related services like Fortinet systems and platforms like NEXTDOOR.COM is also being sold.
Data Breaches and Leaks encompass a wide variety of compromised information, including:
- Over 41 million user records from Canadian Tire Corporation Limited.
- Government identification documents and passports from Georgia.
- Top secret cyber threat analysis documents from Taiwan and military/medical documents from Russia.
- Source code from Figment POS (Jordan).
- Databases with employee and customer data from French, Indian, and Turkish companies.
- Massive malware data dumps with session cookies, payment card details, and passwords.
- Data from an Oracle Corporation server in Japan.
Finally, the sale of Malware and Vulnerabilities such as a decentralized botnet loader and an N-Day exploit for Oracle (CVE-2025-61882) further demonstrates the active black market for offensive capabilities. The variety of victims and data types underscores the critical need for robust, multi-faceted cybersecurity defenses globally.