[October-24-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged sale of Apple Email Checker v2

  • Category: Malware
  • Content: Threat actor is offering Apple Email Checker v2 a fast, console-based bulk email-status scanner that processes large address lists with threaded performance, live reporting, and exportable results; classified as credential validation / checker utility, optimized for speed and throughput but potentially usable for large-scale email verification or account-testing operations.
  • Date: 2025-10-24T23:10:38Z
  • Network: openweb
  • Published URL: (https://demonforums.net/Thread-Apple-Email-Checker-v2)
  • Screenshots:
  • Threat Actors: Starip
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

2. Alleged sale of ROBLOX Cracking Tools Pack

  • Category: Malware
  • Content: Threat actor is offering ROBLOX Tools Pack a compact, dual-use toolbox (giftcard generator, list normalizer, mock UI, account manager, FPS unlocker, and a lightweight scraper) for format testing and quick data handling that also contains grabber/scraping and account-management features which can be repurposed for credential harvesting or abuse.
  • Date: 2025-10-24T23:06:42Z
  • Network: openweb
  • Published URL: (https://demonforums.net/Thread-ROBLOX-Cracking-Tools-Pack)
  • Screenshots:
  • Threat Actors: Starip
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

3. Hanson Inc. falls victim to CHAOS Ransomware

4. Construction Donald Provost falls victim to SAFEPAY Ransomware

5. Xortec GmbH falls victim to SAFEPAY Ransomware

6. Mino Industry Co.,Ltd. falls victim to SAFEPAY Ransomware

7. Alleged data sale of Rad TV

8. Bannenberg & Rowell Design falls victim to SAFEPAY Ransomware

9. Alleged data breach of Kiwi Farms

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data and source code of Kiwi Farms, a forum based in USA.

NB: The authenticity of the breach is not confirmed.

10. Greenhouse Apartments falls victim to SAFEPAY Ransomware

11. Alleged data breach of Warm Key Kitchen

13. Alleged sale of admin access to an unidentified online store in France

14. Le Multi Laboratoire LC2A falls victim to TENGU Ransomware

15. Alleged sale of admin access to an unidentified online store in Spain

16. Alleged sale of shell access to an unidentified shop in Europe

17. Alleged sale of admin access to Prestashop Spain

18. Alleged sale of shell access to Big Shop Europe

19. Alleged data breach of Summit Hotel Properties, Inc.

20. Alleged leak of leads from Hungary

21. Alleged sale of access to unidentified organization from USA

22. Alleged data breach of Essilor Group

23. Alleged data leak of Hungary leads.

24. Alleged data sale of of Physics Wallah

25. Alleged data breach of Sportshop.com

26. Alleged data breach of Peruvian Connection

27. Alleged sale of merged credit card database

28. Alleged sale of unauthorized access to a U.S. insurance Salesforce database

29. Alleged data leak of Mexico Water infrastructure

30. Doha British School falls victim to Qilin Ransomware

31. COX ENTERPRISES, INC. falls victim to CL0P Ransomware

32. Pan American Silver Corp. falls victim to CL0P Ransomware

33. CyberBlitz targets the website of Namaa Business Center

34. Alleged unauthorized access to Cerámica Padilla Padilla

35. Alleged leak of login access of Qmix Supply Company Limited

36. Alleged leak of login access of Siam Multi Cons

37. Alleged leak of cPanel access of Curso Auge

38. NCT [NTB CYBER TEAM] targets the website of FMG Connect

39. Alleged data breach of unidentified doctor system dashboard in Yemen

40. Danthi Communication falls victim to BEAST Ransomware

41. Alleged data breach of unidentified hospital dashboard in Yemen

42. Simmers Crane Design & Services falls victim to LYNX Ransomware

43. Alleged leak of login access of Database of the National Committee for Sub-National Democratic Development

  • Category: Initial Access
  • Content: The group claims to have leaked access to Database of the National Committee for Sub-National Democratic Development.
  • Date: 2025-10-24T08:09:59Z
  • Network: telegram
  • Published URL: (https://t.me/nxbbsec/2923)
  • Screenshots:
  • Threat Actors: NXBB.SEC
  • Victim Country: Cambodia
  • Victim Industry: Government & Public Sector
  • Victim Organization: database of the national committee for sub-national democratic development
  • Victim Site: db.ncdd.gov.kh

44. CRYPTO24 Ransomware group adds an unknown victim (Mei ***)

45. Alleged leak of login access of Netforce

46. Alleged leak of login access of Netforce

47. HEZI RASH claims to target Yemen

48. Alleged sale of Sophos Remote Management Tool

  • Category: Malware
  • Content: Threat actor claims to be selling access to a Sophos Remote Management Tool browser view that purportedly grants remote control over managed endpoints. The offering advertises capabilities to bypass antivirus detection, provide full system control, and includes a valid EV certificate to increase trust.
  • Date: 2025-10-24T06:26:58Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/268846/)
  • Screenshots:
  • Threat Actors: SICKOTRUSTED-URL
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

49. Alleged leak of login access of Cambodia Investment Project Management System

50. Cambodia Investment Project Management System

51. Alleged sale of VirusTotal Enterprise account

52. Alleged leak of login access of FaucetPanel

53. ClearCare Periodontal & Implant Centre falls victim to Qilin Ransomware

54. Alleged data breach of MyVidster

55. GHOST’S OF GAZA claims to target Bangladeshi Govt Website’s and servers

56. Alleged Sale of Credit Card Data from a 4-Star Hotel in Colombia

  • Category: Data Breach
  • Content: Threat actor claims to be selling a pack of 562 credit card records allegedly taken from a 4 star hotel in Colombia and other sources records are in CC|MM|YY|CVV|NAME format and are claimed to be around 60 percent valid 346 Colombian cards and 216 mixed international cards
  • Date: 2025-10-24T04:02:20Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/268843/)
  • Screenshots:
  • Threat Actors: s4sori
  • Victim Country: Colombia
  • Victim Industry: Hospitality & Tourism
  • Victim Organization: Unknown
  • Victim Site: Unknown

57. Infrastructure Destruction Squad claims to target USA

58. Alleged leak of login access of LYNK

59. Alleged data breach of Centro de Bachillerato Tecnológico Industrial y de Servicios (CBTIS)

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database of CBTIS (Centro de Bachillerato Tecnológico Industrial y de Servicios) students from Mexico. The leak allegedly affects multiple CBTIS campuses and includes sensitive data such as personal details, contact information, student photos, home addresses, academic, medical, family, and socioeconomic records, as well as household and lifestyle information.
  • Date: 2025-10-24T03:01:44Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATA-OF-STUDENTS-FROM-CBTIS-SEP)
  • Screenshots:
  • Threat Actors: L0stex
  • Victim Country: Mexico
  • Victim Industry: Education
  • Victim Organization: centro de bachillerato tecnológico industrial y de servicios (cbtis)
  • Victim Site: gob.mx

60. Alleged sale of Diamond Service

61. Alleged data breach of Dinas Kependudukan dan Pencatatan Sipil

  • Category: Data Breach
  • Content: Threat actor claims to be leaking a database allegedly belonging to the Department of Population and Civil Registration (Dukcapil) of West Kalimantan Province, Indonesia. The leaked information reportedly contains personal and professional details of Indonesian civil servants, including full names, national identification numbers (NIP), job titles, ranks, years of service, and education details.
  • Date: 2025-10-24T02:35:53Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-Dukcapil-Kalimantan-Barat-Database-Leaked-By-LolForum)
  • Screenshots:
  • Threat Actors: LolForum
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: dinas kependudukan dan pencatatan sipil
  • Victim Site: dukcapil.kalbarprov.go.id

62. Alleged Sale of SSH Server Access to Multiple Organizations

63. Alleged data leak of Personnel of the Russian Federation

64. Mead & Hunt falls victim to Kryptos Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 500 GB of organization data including engineering plans, architectural blueprints, infrastructure schematics, financial records, client contracts, internal audits, and proprietary design models.

NB: Initially on October 08, 2025, they added an unidentified victim (mea*****.com) and later revealed the full domain and disclosed 500 GB of compromised data on their dark web portal.

65. Alleged leak of database of Zionist people

66. Adichunchanagiri Institute of Technology (AIT) falls victim to Kryptos Ransomware

67. Alleged leak of unauthorized access of internal control panel of the National Office for Distance Education (ONEFE)

  • Category: Initial Access
  • Content: Group has claims to have gained full access to the internal control panel of the National Office for Distance Education (ONEFE) in Algeria. The group stated that the operation was conducted in retaliation against fake Algerian accounts accused of inciting against the Moroccan people. They asserted that this act was intended to “defend their country with all available capabilities.” Authorities have not confirmed the authenticity of the claim.
  • Date: 2025-10-24T00:15:45Z
  • Network: telegram
  • Published URL: (https://t.me/MOROCCANSOLDIERS2/461)
  • Screenshots:
  • Threat Actors: Moroccan Soldiers
  • Victim Country: Algeria
  • Victim Industry: Education
  • Victim Organization: national office for distance education
  • Victim Site: onefd.edu.dz

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks were prominent, with groups like SAFEPAY, Qilin, CL0P, Kryptos, TENGU, CHAOS, BEAST, LYNX, and CRYPTO24 impacting various sectors globally, including Manufacturing, Real Estate, Software Development, Marketing, Telecommunications, Education, and Healthcare. Many of these groups claim to have exfiltrated large volumes of data.

Data Breaches and Data Leaks were also widely reported, involving the alleged sale or leak of millions of records, including those from MyVidster (3.9 million), Physics Wallah (2.8 million), Sportshop.com (1.8 million+), a U.S. insurance Salesforce database (250,000 records), and even government-related data from the US government domains, Mexico Water infrastructure (9.8 million lines), and a Department of Population and Civil Registration in Indonesia.

Furthermore, the underground markets saw substantial activity in Initial Access sales, with offers for RDP/SSH access to organizations in the Law Firms, E-commerce, and Manufacturing industries, as well as to government systems in Cambodia and an industrial control system in Spain. The sale of malicious Malware tools, such as the Apple Email Checker v2, ROBLOX Tools Pack, Sophos Remote Management Tool, and a Diamond Service for forging documents, underscores the continued evolution and availability of offensive capabilities. The geographical spread of victims, from the USA and Canada to countries in Europe, Asia, and Africa, demonstrates the non-discriminatory nature of current cyber threats.

The collective nature of these incidents emphasizes the need for organizations across all industries to maintain robust cybersecurity posture, particularly focusing on data protection, access control, and proactive monitoring of threat intelligence.

Related Posts