[October-26-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged data breach of Colegio De Abogados

2. Alleged sale of access to CNC Stone

3. Alleged data breach of Transdev Canada

4. Alleged data sale of Il Passaggio by Capanna

5. Alleged Sale of VPN + Local Admin Access to Industrial Equipment in Portugal

6. Metal Pros, LLC falls victim to PLAY Ransomware

7. LaBonne’s Markets falls victim to PLAY Ransomware

8. Alleged unauthorized access to a public transportation management system in Ukraine

9. Alleged sale of customer data from Consumer Services industry in USA

10. Alleged data sale of Department of Agricultural Extension in Thailand

11. Alleged leak of unauthorized access to the public transport management system in Ukraine.

12. Alleged sale of admin access to an unidentified Home Appliance Store in Spain

  • Category: Data Breach
  • Content: Threat actor claims to have leaked sensitive documents from Ministry of Defence, United Kingdom. The leaked data reportedly includes staff and senior official data.Note: The authenticity of the leak has not been verified yet.
  • Date: 2025-10-26T17:33:27Z
  • Network: telegram
  • Published URL: (https://t.me/CyberSquad313/7)
  • Screenshots:
  • Threat Actors: Cyber Squad 313
  • Victim Country: UK
  • Victim Industry: Government Administration
  • Victim Organization: ministry of defence
  • Victim Site: gov.uk/mod

14. InfraCom Group AB falls victim to Qilin Ransomware

15. Alleged Sale of 100K Corporate MailPass Combo List

16. Trojan 1337 targets the website of ASM Abdur Rab Government College

17. Trojan 1337 targets the website of Bangladesh Government Bathshiri High School

18. Trojan 1337 targets the website of Atatürk Bangladesh Government Model High School

19. Trojan 1337 targets the website of Government of Bangladesh, Ministry of Power, Energy and Mineral Resources (MPEMR)

20. Alleged sale of Romanian ID cards

21. Alleged data sale of the Ministry of Health of the Government of Chiapas

22. Dublin Airport falls victim to Everest Ransomware

23. GARUDA ERROR SYSTEM targets multiple Indian websites

24. Alleged leak of login access of Suphan Buri Provincial Education Office

25. Alleged data breach of Christian Leaders Institute

  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Christian Leaders Institute. The compromised database reportedly contains over 1,000,000 user records, including first and last names, email addresses, phone numbers, physical addresses, hashed passwords, last login details with IP addresses, and user profile information.File format: CSV
  • Date: 2025-10-26T13:56:48Z
  • Network: telegram
  • Published URL: (https://t.me/itrussia_ib/210)
  • Screenshots:
  • Threat Actors: IT RUSSIA
  • Victim Country: USA
  • Victim Industry: E-Learning
  • Victim Organization: christian leaders institute
  • Victim Site: christianleadersinstitute.org

26. South Alabama Regional Planning Commission falls victim to Qilin Ransomware

27. Alleged leak of login access of National Research Council of Thailand

28. Alleged Data Leak of Indian ITI Principals’ Database

29. Alleged unauthorized access to unidentified Automation of water fire extinguishing in Ukraine

30. AUGE falls victim to INC RANSOM Ransomware

31. Alleged leak of unidentifeid UK Fullz data

32. Alleged data leak of the Secretariat of Public Education in Mexico

33. Alleged leak of login access of Iklim Travel

34. REX MD falls victim to Qilin Ransomware

35. GHOST’S OF GAZA targets the website of Shimulbari Kadambari Moddhakandi Hazrabari High School

36. Alleged data breach of CNC Magazine Kazakhstan

37. HEZI RASH targets the website of Iklim Travel

38. Alleged leak of RCE vulnerability on the website of Dot Internet

  • Category: Vulnerability
  • Content: Threat actor claims to have discovered a possible Remote Code Execution (RCE) issue on Dot Internet Ltd.’s site (dotinternetbd.com), apparently sending commands via a web parameter and observing command output in the server response. They report using intercepted HTTP requests to probe the endpoint and saw signs consistent with command execution (e.g., shell command output), though they did not report extracting bulk data.
  • Date: 2025-10-26T06:10:26Z
  • Network: telegram
  • Published URL: (https://t.me/Agent2p/39)
  • Screenshots:
  • Threat Actors: Agent 2p
  • Victim Country: Bangladesh
  • Victim Industry: Network & Telecommunications
  • Victim Organization: dot internet
  • Victim Site: dotinternetbd.com

39. Alleged data breach of AirsoftCanada

  • Category: Data Breach
  • Content: The threat actor claims to have leaked the AirsoftCanada.net forum database, containing 413,000 user records. The compromised data reportedly includes email addresses, IP addresses, usernames, and hashed passwords.NB: The organization was previously breached on 05/02/2022.
  • Date: 2025-10-26T06:01:01Z
  • Network: openweb
  • Published URL: (https://breached.sh/Thread-Airsoftcanada-413k-2025)
  • Screenshots:
  • Threat Actors: Seacoat
  • Victim Country: Canada
  • Victim Industry: Sporting Goods
  • Victim Organization: airsoftcanada
  • Victim Site: airsoftcanada.com

40. Latona Trucking Inc falls victim to DragonForce Ransomware

41. Saturn Machine Inc falls victim to DragonForce Ransomware

42. West, Welch, Reed Engineers, Inc. falls victim to DragonForce Ransomware

43. Alleged Sale of Crypto Casino data from multiple countries

44. Alleged data breach of Hello-Online

45. Alleged data breach of Breach Forums

46. Alleged data breach of Instituto del Niño y Adolescente del Uruguay (INAU)

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database of INAU (Instituto del Niño y Adolescente del Uruguay) employees, containing details of around 1.1k workers. The data, shared in an Excel (.xlsx) file, allegedly includes each employee’s role, document number, full name, and department
  • Date: 2025-10-26T04:27:08Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-inau-Uruguay-1-1k)
  • Screenshots:
  • Threat Actors: minter
  • Victim Country: Uruguay
  • Victim Industry: Government & Public Sector
  • Victim Organization: instituto del niño y adolescente del uruguay (inau)
  • Victim Site: inau.edu.uy

47. Alleged sale of unauthorized access to an ISP in USA

48. Alleged data sale of Coinbase & Binance Logs

49. Alleged sale of CyberVault malware

50. Alleged sale of unauthorized admin access to an unidentified e-commerce shop in Saudi Arabia

51. Alleged Data Leak of France Citizens Database

Conclusion

The cyber incident data gathered on October 26, 2025, reveals a highly diverse and geographically widespread threat landscape, with Data Breach incidents being the most prominent category alongside frequent Initial Access offerings and Ransomware attacks. Victims span numerous sectors, including Government Administration (Thailand, Mexico, UK, Uruguay), Education (Bangladesh, USA), Financial Services (Unknown logs), E-commerce, and Industrial Automation (Ukraine). This activity underscores a continuous and multifaceted threat, where actors are persistently seeking to monetize both confidential information and unauthorized network entry across the globe.

The sophistication of the attacks is notable, ranging from large-scale data leaks affecting millions of records, such as the 29.1 million French citizens database leak and 5 million Thai Department of Agricultural Extension records, to targeted operations like the Defacement campaigns against multiple government and educational sites in Bangladesh by “Trojan 1337”. Furthermore, threat actors demonstrated a keen interest in acquiring high-value assets, evidenced by the sale of admin access to systems in sectors like E-commerce (Saudi Arabia), Leisure & Travel (Turkey), and even core systems within Government Administration (Thailand). The listing of a Remote Code Execution (RCE) vulnerability for an Internet Service Provider in Bangladesh also highlights the continued trade in pre-cursor access and exploits.

Collectively, these incidents demonstrate that cyber adversaries are effectively targeting organizations of varying sizes and criticalities for financial gain, espionage, or ideological reasons. The high volume of ransomware attacks (e.g., PLAY, Qilin, DragonForce) indicates that data exfiltration coupled with extortion remains a primary threat. To mitigate this persistent risk, organizations must prioritize robust access controls, timely vulnerability management (especially for web-facing systems), and enhanced network segmentation to limit the lateral movement potential offered by initial access threats.

Related Posts