This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- France Travail falls victim to STORMOUS ransomware
- Category: Ransomware
- Content: Group claims to have obtained 30 GB of organization’s data. The compromised data reportedly include username, password, email, phone number, and other sensitive documents. Note: Multiple threat actors previously claimed to have breached France Travail in 2025.
- Date: 2025-10-27T22:04:15Z
- Network: tor
- Published URL: (http://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion/)
- Screenshots:
- Threat Actors: STORMOUS
- Victim Country: France
- Victim Industry: Government & Public Sector
- Victim Organization: france travail
- Victim Site: francetravail.fr
- Alleged sale of unauthorized access to Americana de Colchones
- Category: Initial Access
- Content: Group claims to be selling unauthorized VPN access to the internal network of Americana de Colchones.
- Date: 2025-10-27T21:46:42Z
- Network: tor
- Published URL: (http://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion/)
- Screenshots:
- Threat Actors: STORMOUS
- Victim Country: Colombia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: americana de colchones
- Victim Site: americanadecolchones.com
- Alleged sale of unauthorized admin access to an unidentified e-commerce shop in Italy
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to a Magento-based e-commerce platform in Italy. The access reportedly includes control over dashboard, customers, orders, sales analytics.
- Date: 2025-10-27T21:46:22Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/269076/
- Screenshots:
- Threat Actors: Kazu
- Victim Country: Italy
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Israeli Phone Numbers
- Category: Data Breach
- Content: Threat actor claims to be selling leaked list of more than 26,000 Israeli phone numbers.
- Date: 2025-10-27T21:23:50Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-26-000-Israeli-Phone-Numbers
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: Israel
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Dhaka Water Supply & Sewerage Authority
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Dhaka Water Supply & Sewerage Authority, Bangladesh. The compromised data reportedly contains bank and bank contacts information including bank, branch, phone number, email and bank’s contact person.
- Date: 2025-10-27T21:05:55Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-some-leaks-from-dwasa-gov-bd
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: dhaka water supply & sewerage authority
- Victim Site: dwasa.gov.bd
- Alleged data breach of University of Tlemcen
- Category: Data Breach
- Content: Threat actor claims to have leaked students personal information from University of Tlemcen, Algeria. NB: University of Tlemcen was previously breached on Sun Nov 03 2024.
- Date: 2025-10-27T20:50:54Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-univ-tlemcen-dz-students-PII-leak
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: Algeria
- Victim Industry: Higher Education/Acadamia
- Victim Organization: university of tlemcen
- Victim Site: univ-tlemcen.dz
- Navigator Business Solutions falls victim to LYNX ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-27T20:47:15Z
- Network: tor
- Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68fb89622423bc3ce0ecbe18
- Screenshots:
- Threat Actors: LYNX
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: navigator business solutions
- Victim Site: nbs-us.com
- Trojan General Contracting LLC falls victim to Black Nevas ransomware
- Category: Ransomware
- Content: Group claims to have obtained over 3 TB of organization’s data. Sample screenshots are provided on their dark web portal.
- Date: 2025-10-27T20:03:43Z
- Network: tor
- Published URL: http://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/ba673946-58b1-4203-a132-9d9f5a234490
- Screenshots:
- Threat Actors: Black Nevas
- Victim Country: UAE
- Victim Industry: Building and construction
- Victim Organization: trojan general contracting llc
- Victim Site: trojan.ae
- Alleged sale of VPN access to Canadian automotive service company
- Category: Initial Access
- Content: Threat actor claims to be selling VPN access to a Canadian company in the automotive service / vehicle repair sector.
- Date: 2025-10-27T19:25:50Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/269066/
- Screenshots:
- Threat Actors: setvik
- Victim Country: Canada
- Victim Industry: Automotive
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized RDP access to German IT and Consumer Services companies
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized RDP access to German IT and Consumer Services companies.
- Date: 2025-10-27T19:19:42Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/269064/
- Screenshots:
- Threat Actors: setvik
- Victim Country: Germany
- Victim Industry: Consumer Services
- Victim Organization: Unknown
- Victim Site: Unknown
- MedImpact Healthcare Systems, Inc falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-27T19:09:27Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=97b33d5f-f401-35dc-8094-4eafa0180261
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: medimpact healthcare systems, inc.
- Victim Site: medimpact.com
- Unique Data Center falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 50 GB of the organization’s data. The compromised data includes Financial data, Customer’s data, Contracts.
- Date: 2025-10-27T18:42:43Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68ffa76488b6823fa2f0a102
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Brazil
- Victim Industry: Information Technology (IT) Services
- Victim Organization: unique data center
- Victim Site: uniquedatacenter.com.br
- Luis Garratón, LLC falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 20 GB of the organization’s data. The compromised data includes Confidential, Financial data.
- Date: 2025-10-27T18:23:35Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68ffaf8988b6823fa2f0c79d
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: luis garratón, llc
- Victim Site: linktr.ee/lgipr
- SanDiego Automotive Museum falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 550 GB of the organization’s data. The compromised data includes Contracts, Financial data, Incidents.
- Date: 2025-10-27T18:15:36Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68ffae0188b6823fa2f0bff6
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Museums & Institutions
- Victim Organization: sandiego automotive museum
- Victim Site: sdautomuseum.org
- Alleged data leak of Okaz
- Category: Data Breach
- Content: Group claims to have leaked data from Okaz.
- Date: 2025-10-27T18:11:06Z
- Network: telegram
- Published URL: https://t.me/c/2691463074/86
- Screenshots:
- Threat Actors: Al-Baqir Brigade
- Victim Country: Saudi Arabia
- Victim Industry: Newspapers & Journalism
- Victim Organization: okaz
- Victim Site: okaz.com.sa
- Zulfiqar Electronic Brigade targets the website of The Heritage Portal of Imam Al-Albani
- Category: Defacement
- Content: Group claims to have defaced the website of The Heritage Portal of Imam Al-Albani.
- Date: 2025-10-27T18:05:52Z
- Network: telegram
- Published URL: https://t.me/organization_Shiite_313/2712
- Screenshots:
- Threat Actors: Zulfiqar Electronic Brigade
- Victim Country: Unknown
- Victim Industry: Religious Institutions
- Victim Organization: the heritage portal of imam al-albani
- Victim Site: al-albany.com
- Glawitsch Sutter Rechtsanwälte GmbH. falls victim to Sinobi ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-10-27T18:03:23Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68ffa92988b6823fa2f0a755
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Austria
- Victim Industry: Legal Services
- Victim Organization: glawitsch sutter rechtsanwälte gmbh.
- Victim Site: ra-glawitsch.at
- Alleged sale of life insurance data from USA
- Category: Data Breach
- Content: Threat actor claims to be selling leaked life insurance data from USA. The compromised data reportedly contains ID, first name, last name, email, address, phone, date of birth, gender, etc.
- Date: 2025-10-27T17:59:47Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-%F0%9F%87%BA%F0%9F%87%B8US-life-insurance-DB-avilable-10-19
- Screenshots:
- Threat Actors: Cayenne
- Victim Country: USA
- Victim Industry: Insurance
- Victim Organization: Unknown
- Victim Site: Unknown
- Cavalry Consulting LLC falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 20 GB of the organization’s data. The compromised data includes Contracts, Financial data.
- Date: 2025-10-27T17:52:08Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68ffa7f788b6823fa2f0a247
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: cavalry consulting llc
- Victim Site: cavalryconsulting.com
- Zulfiqar Electronic Brigade targets the website of Aqeedah Association
- Category: Defacement
- Content: Group claims to have defaced the website of Aqeedah Association.
- Date: 2025-10-27T17:48:12Z
- Network: telegram
- Published URL: https://t.me/organization_Shiite_313/2721
- Screenshots:
- Threat Actors: Zulfiqar Electronic Brigade
- Victim Country: Saudi Arabia
- Victim Industry: Education
- Victim Organization: aqeedah association
- Victim Site: aqeeda.sa
- Alleged sale of unauthorized VPN and domain access to unidentified Indonesian aviation and logistics firms
- Category: Initial Access
- Content: Threat actor claims to sell unauthorized VPN and domain access to Indonesian aviation and logistics firms.
- Date: 2025-10-27T17:03:41Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/269057/
- Screenshots:
- Threat Actors: Mark1777
- Victim Country: Indonesia
- Victim Industry: Airlines & Aviation
- Victim Organization: Unknown
- Victim Site: Unknown
- Double Oak Construction, Inc falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-27T16:54:36Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7fec8604-7575-3c7b-9d19-cafae042c410
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: double oak construction, inc
- Victim Site: doubleoakinc.com
- Izaki Group Investments falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-27T16:48:23Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=64c368fa-e422-362f-89f7-42709b627915
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Israel
- Victim Industry: Real Estate
- Victim Organization: izaki group investments
- Victim Site: zaki-group.com
- Henrietta Ezeoke Law Firm falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-27T16:38:05Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1b2ea8d3-e15b-3b1f-b69b-6d9b69cc67d9
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: henrietta ezeoke law firm
- Victim Site: yourhoustoninjurylawyer.com
- Alleged Data Leak of Oz Aviation Ltd
- Category: Data Breach
- Content: Threat actor claims to be leaked data from Oz Aviation Ltd. The compromised data reportedly contains personal ID’s , passports, etc.
- Date: 2025-10-27T16:18:30Z
- Network: openweb
- Published URL: https://leakbase.la/threads/oz-aviation-ltd.44929/
- Screenshots:
- Threat Actors: CyberToufan
- Victim Country: Israel
- Victim Industry: Aviation & Aerospace
- Victim Organization: oz aviation ltd
- Victim Site: Unknown
- Micke Stridh Maskin falls
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-27T16:12:02Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8a2ec566-b7db-3742-bb46-a99876f22d4f
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Sweden
- Victim Industry: Building and construction
- Victim Organization: micke stridh maskin
- Victim Site: mickestridhmaskin.se
- Tim Hortons UK & Ireland Ltd. falls victim to Akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised information reportedly includes clients documents such as passports, social security cards, driver licenses, medical information, address, phones and other information of numerous people.
- Date: 2025-10-27T15:53:25Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: UK
- Victim Industry: Restaurants
- Victim Organization: tim hortons uk & ireland ltd.
- Victim Site: timhortons.co.uk
- Alleged unauthorized access to usa bms system
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to usa bms system.
- Date: 2025-10-27T15:52:07Z
- Network: telegram
- Published URL: https://t.me/c/3186755612/14
- Screenshots:
- Threat Actors: TRUTH LEGION 707
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: usa bms system
- Victim Site: Unknown
- Alleged data breach of SymbolTransport
- Category: Data Breach
- Content: The threat actor claims to have breached data from SymbolTransport, Ukraine. The compromised dataset reportedly contains PostgreSQL databases, source code repositories, and configuration files tied to their national fare collection and cashless payment systems in Ukraine.
- Date: 2025-10-27T15:48:16Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-UKRAINE-SymbolTransport-Source-code-Databases
- Screenshots:
- Threat Actors: ByteToBreach
- Victim Country: Ukraine
- Victim Industry: Transportation & Logistics
- Victim Organization: symboltransport
- Victim Site: symboltransport.com
- Alleged sale of Mexican bank debtors database
- Category: Data Breach
- Content: Threat actor claims to be selling leaked bank debtors database from Mexico. The compromised data reportedly contains 8,029,963 lines of data from 2023 to 2025, including full name, full address, Date of Birth, CURP, telephone number, etc.
- Date: 2025-10-27T15:15:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Mexico-bank-debtors-2023-to-2025-8-029-963-lines
- Screenshots:
- Threat Actors: Eternal
- Victim Country: Mexico
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Domy falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data and plans to publish it within 4-5 days.
- Date: 2025-10-27T15:15:21Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d06d0c11-4a31-3ddf-8d6c-b0d0efbb8b72
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Japan
- Victim Industry: Supermarkets
- Victim Organization: domy
- Victim Site: domy.co.jp
- Engineered Profiles LLC falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-27T15:12:56Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: engineered profiles llc
- Victim Site: engineeredprofiles.com
- Maki Building Centers victim falls victim to INTERLOCK Ransomware
- Category: Ransomware
- Content: The group claims to have obtained over 601 GB of data from the organization.
- Date: 2025-10-27T15:00:58Z
- Network: tor
- Published URL: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php
- Screenshots:
- Threat Actors: INTERLOCK
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: maki building centers
- Victim Site: makicorp.com
- Alleged sale of unauthorized WHMCS access to unidentified organizations
- Category: Initial Access
- Content: The threat actor claims to be selling Whmcs, Control panel, WP access from unidentified organizations.
- Date: 2025-10-27T14:55:40Z
- Network: openweb
- Published URL: https://xss.pro/threads/143973/
- Screenshots:
- Threat Actors: C3FaRiR
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- MotorsportMarkt.de falls victim to Everest Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 106872 user records from the organization database and intends to publish the data within 7 – 8 days.
- Date: 2025-10-27T14:06:36Z
- Network: tor
- Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/MotorsportMarkt.de/
- Screenshots:
- Threat Actors: Everest
- Victim Country: Germany
- Victim Industry: Automotive
- Victim Organization: motorsportmarkt.de
- Victim Site: motorsportmarkt.de
- Ania Kruk falls victim to Everest Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. They intend to publish the data within 7-8 days.
- Date: 2025-10-27T13:58:41Z
- Network: tor
- Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/ANIA_KRUK/
- Screenshots:
- Threat Actors: Everest
- Victim Country: Poland
- Victim Industry: Luxury Goods & Jewelry
- Victim Organization: ania kruk
- Victim Site: aniakruk.pl
- NCT [NTB CYBER TEAM] targets multiple Japanese websites
- Category: Defacement
- Content: The group claims to have defaced multiple Japanese websites.
- Date: 2025-10-27T13:57:53Z
- Network: telegram
- Published URL: https://t.me/Garuda_Tersakiti/73
- Screenshots:
- Threat Actors: NCT [NTB CYBER TEAM]
- Victim Country: Japan
- Victim Industry: Civic & Social Organization
- Victim Organization: shōyukai social welfare corporation
- Victim Site: syo-yu-kai.or.jp
- Alleged unauthorized access to unidentified Hajj and Umrah company management system in Saudi Arabia
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to a Hajj and Umrah company’s management system in Saudi Arabia.
- Date: 2025-10-27T13:30:41Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/2116?single
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Saudi Arabia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- ToxicJ claims to target Israel
- Category: Alert
- Content: The group claims access to sensitive data from the Israeli Cabinet and the Knesset, including ambassadors’ and government officials’ records and other state secrets.
- Date: 2025-10-27T12:59:16Z
- Network: telegram
- Published URL: https://t.me/toxicJ_net/57
- Screenshots:
- Threat Actors: ToxicJ
- Victim Country: Israel
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged unauthorized access to Suphan Buri Provincial Education Office
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Suphan Buri Provincial Education Office.
- Date: 2025-10-27T12:37:32Z
- Network: telegram
- Published URL: https://t.me/nxbbsec/2955
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: suphan buri provincial education office
- Victim Site: moesuphan.co.th
- Miami Management, INC. falls victim to PEAR ransomware
- Category: Ransomware
- Content: The group claims to have obtained 7.4 TB of the organization’s data. The compromised information reportedly includes Company’s and Its Clients Financials, HR, PII & PHI Records, Business Operations, Partner’s and Vendor’s Data, Payment Details, Mailboxes & Email Correspondence, Backups Archived, etc.
- Date: 2025-10-27T10:59:19Z
- Network: tor
- Published URL: http://peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion/Companies/miamimanagement/
- Screenshots:
- Threat Actors: PEAR
- Victim Country: USA
- Victim Industry: Facilities Services
- Victim Organization: miami management, inc.
- Victim Site: miamimanagement.com
- Flegenheimer International falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 16 GB of data from the organization. The compromised information reportedly includes corporate documents Employee information such as address, phones, customer information, accounting and other business files.
- Date: 2025-10-27T10:34:05Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: International Trade & Development
- Victim Organization: flegenheimer international
- Victim Site: flegenheimer.com
- Malgor & Co. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-10-27T10:08:28Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1aa0e145-1929-3c12-9377-609aedd96227
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: malgor & co inc
- Victim Site: malgorpr.com
- GeBePro falls victim to BEAST Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 400 GB of the organization data.
- Date: 2025-10-27T09:43:47Z
- Network: tor
- Published URL: http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/gebepro
- Screenshots:
- Threat Actors: BEAST
- Victim Country: Germany
- Victim Industry: Management Consulting
- Victim Organization: gebepro
- Victim Site: gebepro.de
- Bolt Group falls victim to BEAST Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300 GB of the organization data.
- Date: 2025-10-27T09:29:08Z
- Network: tor
- Published URL: http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/bolt_electricity__oil___gas
- Screenshots:
- Threat Actors: BEAST
- Victim Country: Brazil
- Victim Industry: Energy & Utilities
- Victim Organization: bolt group
- Victim Site: boltenergy.com.br
- Alleged data breach of Fregat
- Category: Data Breach
- Content: The group claims to have leaked the data from Fregat. The compromised data reportedly include users, addresses, phone numbers, and house coordinates and other data.
- Date: 2025-10-27T08:35:19Z
- Network: telegram
- Published URL: https://t.me/perunswaroga/644
- Screenshots:
- Threat Actors: Perun Svaroga
- Victim Country: Ukraine
- Victim Industry: Information Technology (IT) Services
- Victim Organization: fregat
- Victim Site: fregat.com
- Alleged leak of USA, China and Vietnam database
- Category: Data Breach
- Content: A threat actor claiming to leak USA, China, and Vietnam database. the database contain names, contact details, national identifiers, and other sensitive records.
- Date: 2025-10-27T06:28:02Z
- Network: openweb
- Published URL: https://hydraforums.io/Threads-%F0%9F%92%B0%F0%9F%8E%AFdatabase-free-private-data-for-usa-china%C2%A0-and%C2%A0-vietnam-%F0%9F%8E%AF%F0%9F%92%B0
- Screenshots:
- Threat Actors: DataVortexDB
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Pharaoh’s Team targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced multiple websites.
- Date: 2025-10-27T06:25:14Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/227
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: blackframestudio.in
- Alleged unauthorized login access to Illinois Cremation Centers
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to a Illinois Cremation Centers
- Date: 2025-10-27T05:55:17Z
- Network: telegram
- Published URL: https://t.me/CyberSquad313/10
- Screenshots:
- Threat Actors: Cyber Squad 313
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: illinois cremation centers
- Victim Site: illinoiscremationcenters.com
- Alleged unauthorized login access to American Pistachio Growers
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to American Pistachio Growers.
- Date: 2025-10-27T05:48:11Z
- Network: telegram
- Published URL: https://t.me/CyberSquad313/9
- Screenshots:
- Threat Actors: Cyber Squad 313
- Victim Country: USA
- Victim Industry: Agriculture & Farming
- Victim Organization: american pistachio growers
- Victim Site: carboncalculator.americanpistachios.org
- Alleged data breach of Secretaría de Educación Pública (SEP)
- Category: Data Breach
- Content: Threat actor claims to have breached data from Secretaría de Educación Pública (SEP). The compromised data includes highly sensitive personal and academic information of scholarship students. Exposed details include unique identifiers such as UID and CURP, full names, dates of birth, gender, nationality, and contact information including email addresses and phone numbers. NB: The organization was previously breached on October 07, 2025 by the same threat actor.
- Date: 2025-10-27T05:47:18Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-450k-SCHOLARSHIP-STUDENTS-DATA-OF-SEP
- Screenshots:
- Threat Actors: Alz_157s
- Victim Country: Mexico
- Victim Industry: Government Administration
- Victim Organization: secretaría de educación pública (sep)
- Victim Site: gob.mx
- Alleged leak of Casino User database
- Category: Data Breach
- Content: Threat actor is leaking a Casino User Database (2025).
- Date: 2025-10-27T05:32:06Z
- Network: openweb
- Published URL: https://leakbase.la/threads/casino-user-database-2025.44911/
- Screenshots:
- Threat Actors: kodahe4237
- Victim Country: Unknown
- Victim Industry: Gambling & Casinos
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of USA Trezor Database
- Category: Data Breach
- Content: Threat actor is leaking a USA Trezor Database (2025)
- Date: 2025-10-27T05:22:54Z
- Network: openweb
- Published URL: https://leakbase.la/threads/usa-trezor-database-2025.44915/
- Screenshots:
- Threat Actors: jacare9658
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Net54Baseball
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Net54Baseball forum users, containing 575,000 records. The leaked data reportedly includes email addresses, IP addresses, usernames, and salted MD5-hashed passwords.
- Date: 2025-10-27T05:20:49Z
- Network: openweb
- Published URL: https://breached.sh/Thread-TXT-Net54Baseball-575k-2025
- Screenshots:
- Threat Actors: Seacoat
- Victim Country: USA
- Victim Industry: Sports
- Victim Organization: net54baseball
- Victim Site: net54baseball.com
- Alleged Leak of Ledger 2025 DB Orders
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Ledger orders and buyers in the USA for 2025.
- Date: 2025-10-27T05:07:21Z
- Network: openweb
- Published URL: https://leakbase.la/threads/ledger-orders-buyers-usa-2025.44913/
- Screenshots:
- Threat Actors: topopow941
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Coinbase database of USA
- Category: Data Breach
- Content: Threat actor is leaking a Coinbase USA Database (2025).
- Date: 2025-10-27T04:59:09Z
- Network: openweb
- Published URL: https://leakbase.la/threads/coinbase-usa-database-2025.44912/
- Screenshots:
- Threat Actors: dadexi4657
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: coinbase global, inc.
- Victim Site: coinbase.com
- Meinhardt Group falls victim to CRYPTO24 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and they intend to publish it within 4-5 days.
- Date: 2025-10-27T04:44:14Z
- Network: tor
- Published URL: http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
- Screenshots:
- Threat Actors: CRYPTO24
- Victim Country: Singapore
- Victim Industry: Civil Engineering
- Victim Organization: meinhardt group
- Victim Site: meinhardtgroup.com
- Alleged leak of USA Forex Database
- Category: Data Breach
- Content: Threat actor is leaking a high-quality USA Forex Database (2025).
- Date: 2025-10-27T04:32:14Z
- Network: openweb
- Published URL: https://leakbase.la/threads/usa-forex-database-2025.44914/
- Screenshots:
- Threat Actors: matobe6288
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Pharaoh’s Team targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced multiple websites
- Date: 2025-10-27T03:05:40Z
- Network: telegram
- Published URL: https://t.me/Pharaohs_n/225
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Bayu Buana Travel Services falls victim to CRYPTO24 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data and intends to publish it within 7 days
- Date: 2025-10-27T02:48:53Z
- Network: tor
- Published URL: http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
- Screenshots:
- Threat Actors: CRYPTO24
- Victim Country: Indonesia
- Victim Industry: Hospitality & Tourism
- Victim Organization: bayu buana travel services
- Victim Site: bayubuanatravel.com
- Alleged leak of Top Secret RAYETHON LOCKHEED F-15 Document
- Category: Data Breach
- Content: The threat actor claims to be selling a top-secret Raytheon / Lockheed F-15 document
- Date: 2025-10-27T01:59:52Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-%F0%9F%98%BA-TOP-SECRET-RAYETHON-LOCKHEED-F-15-DOCUMENT-%F0%9F%98%BA
- Screenshots:
- Threat Actors: jrintel
- Victim Country: USA
- Victim Industry: Defense & Space
- Victim Organization: raytheon
- Victim Site: rtx.com
- Farebi inteliigence agency targets the website of United High School
- Category: Defacement
- Content: The group claims to have defaced the website of United High School Barlekha, Moulvibazar
- Date: 2025-10-27T01:56:14Z
- Network: telegram
- Published URL: https://t.me/FIAgoverment/2335
- Screenshots:
- Threat Actors: Farebi inteliigence agency
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: united high school
- Victim Site: unitedmodelhighschool.edu.bd
- Alleged sale of VPN access to an unidentified organisaton in Malaysia
- Category: Initial Access
- Content: The threat actor is offering to sell VPN access to a Malaysian engineering company with approximately 300 employees. The access is reportedly through the organization’s corporate domain via Fortinet VPN, potentially exposing internal systems and confidential project data.
- Date: 2025-10-27T01:50:44Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/269012/
- Screenshots:
- Threat Actors: setvik
- Victim Country: Malaysia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged unauthorized access to a unauthorized access to a unidentified system in France
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to a unidentified system in France.
- Date: 2025-10-27T01:46:24Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/859
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- KAL EGY 319 targets the website of Abiya Ceramics
- Category: Defacement
- Content: The group claims to have defaced the website of Abiya Ceramics. Mirror Link: https://zone-xsec.com/mirror/id/760331
- Date: 2025-10-27T01:39:39Z
- Network: telegram
- Published URL: https://t.me/KALOSHA319/30
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: India
- Victim Industry: Glass, Ceramics & Concrete
- Victim Organization: abiya ceramics
- Victim Site: abiyaceramic.com
- Alleged data breach of SpaceX
- Category: Data Breach
- Content: The threat actor claims to be selling a leaked database of restricted SpaceX schematics and other modern military data.
- Date: 2025-10-27T01:08:18Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-%F0%9F%98%BA-RESTRICTED-SPACEX-SCHEMATICS-LEAKED-%F0%9F%98%BA
- Screenshots:
- Threat Actors: jrintel
- Victim Country: USA
- Victim Industry: Aviation & Aerospace
- Victim Organization: spacex
- Victim Site: spacex.com
- D. W. Gould Realty Advisors Inc., Brokerage falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s sensitive data, including fiscal records, internal emails, employee information, and strategic development plans.
- Date: 2025-10-27T00:39:10Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68fe0cbfe1a4e4b3ff53d421
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Canada
- Victim Industry: Real Estate
- Victim Organization: d. w. gould realty advisors inc., brokerage
- Victim Site: dwgra.com
- Partitio falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data.
- Date: 2025-10-27T00:28:11Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68feb914e1a4e4b3ff5ef260
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: France
- Victim Industry: Information Technology (IT) Services
- Victim Organization: partitio
- Victim Site: partitio.com
- Alleged data breach od Irias Informatiemanagement B.V
- Category: Data Breach
- Content: Threat actor claims to have leaked source code from Irias Informatiemanagement B.V.a Netherlands-based company specializing in Geo/GIS software and IT services. The compromised data reportedly contains proprietary source code stolen during a data breach in October 2025.4.
- Date: 2025-10-27T00:03:40Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Source-Code-Irias-nl-Data-Breach-Leaked-Download
- Screenshots:
- Threat Actors: 888
- Victim Country: Netherlands
- Victim Industry: Information Technology (IT) Services
- Victim Organization: irias informatiemanagement b.v.
- Victim Site: irias.nl
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats.
Data breaches and leaks are prominent, affecting various sectors from education and gambling & casinos to healthcare and defense & space, and impacting countries including USA, Mexico, Israel, France, and Bangladesh. The compromised data ranges from personal user information and phone numbers to highly sensitive academic data, classified military documents, and large corporate data volumes.
Beyond data compromise, the report also reveals significant activity in initial access sales and ransomware attacks, with threat actors offering unauthorized access to e-commerce platforms, corporate networks (including VPN and RDP access to Canadian, Italian, German, and Indonesian firms), and government systems like the Suphan Buri Provincial Education Office. The prolific use of ransomware groups like Sinobi, Qilin, Akira, Everest, and BEAST further underscores the persistent threat of data theft and disruption.
The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.