This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged sale of RDP access to a U.S. corp
- Category: Initial Access
- Content: Threat actor claims to be selling RDP access to a U.S. corporation
- Date: 2025-11-04T23:35:41Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269644/)
- Screenshots:
- Threat Actors: sudo
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
2. Alleged Unauthorized Access to Italian Smart Home Control System
- Category: Initial Access
- Content: The group claims to have accessed an Italian smart home automation system, modifying automation scenarios, lighting zones, and device control settings. They allege the ability to operate window motors and high-power appliances remotely, warning that such control could enable unauthorized entry or increase fire risks due to system manipulation.
- Date: 2025-11-04T23:27:48Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/893)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged sale of unauthorized admin access to Yental
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized admin access Yental
- Date: 2025-11-04T23:19:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-INDIAN-Website-yental-auramatics-com-Admin-Access)
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: India
- Victim Industry: E-commerce & Online Stores
- Victim Organization: yental
- Victim Site: yental.auramatics.com
4. Payouts King Ransomware group adds an unknown victim (I****r)
- Category: Ransomware
- Content: The group claims to have obtained 272 GB of the organization’s data and intends to publish it within 6 to 7 days.
- Date: 2025-11-04T21:30:30Z
- Network: tor
- Published URL: (https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/)
- Screenshots:
- Threat Actors: Payouts King
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
5. Alleged sale of unauthorized admin access to an unidentified online store in France
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized admin access to an unidentified online store in France.
- Date: 2025-11-04T20:41:29Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269635/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: France
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
6. Sellars Absorbent Materials falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish them within 3 days.
- Date: 2025-11-04T20:38:27Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=RcIUH25PoD82p)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: sellars absorbent materials
- Victim Site: sellarscompany.com
7. ConvExx falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish them within 3 days.
- Date: 2025-11-04T20:38:23Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=xdICsTdoJttSrR)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Events Services
- Victim Organization: convexx
- Victim Site: convexx.com
8. American PowerNet falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish them within 3 days.
- Date: 2025-11-04T20:38:11Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=ovfyzuoBhjRHXy)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: american powernet
- Victim Site: americanpowernet.com
9. Alleged sale of unauthorized admin access to an unidentified online stores
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized admin access to an unidentified online stores.
- Date: 2025-11-04T20:36:58Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269634/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: Unknown
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
10. Yibirin Law Group falls victim to INC RANSOM ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-04T20:31:33Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690a4e0fe1a4e4b3ff0959c5)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: yibirin law group
- Victim Site: thevisapro.com
11. Alleged leak of Argentina Corporate User Database
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing personal information of approximately 189,372 Argentine corporate users. The leaked data reportedly includes details such as UUID, ID, hashID, password (clave), email, name, company, username, phone number, website, address, project details, creation and update dates, and category information.
- Date: 2025-11-04T20:16:51Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-189-372-Argentina-Corporate-User-Database-Leak-Extensive-Enterprise-Contact-Reco)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
12. Alleged data sale of University of Sharjah
- Category: Data Breach
- Content: Threat actor claims to be selling leaked faculty and staffs CV data from University of Sharjah, UAE. The compromised data reportedly contains over 320 faculty and staffs full CVs including full names, personal pictures, date of birth, sex, nationality, addresses, email addresses, phone numbers, and passport numbers.
- Date: 2025-11-04T20:14:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-University-of-Sharjah-UAE-320-Faculty-and-Staff-Full-CVs)
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: UAE
- Victim Industry: Education
- Victim Organization: university of sharjah
- Victim Site: sharjah.ac.ae
13. Alleged leak of Algeria Telecom Customer Records
- Category: Data Breach
- Content: The threat actor claims to be selling a database that contains personal information from Algeria Telecom customer records.
- Date: 2025-11-04T20:04:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-132-400-Algeria-Telecom-Customer-Records-2022-Leak-with-Geolocation-Data)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Algeria
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
14. Alleged data breach of Papa Johns
- Category: Data Breach
- Content: A threat actor claims to have leaked 2 GB of sensitive data belonging to Papa John’s.
- Date: 2025-11-04T19:36:15Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Israeli-Papa-John-s-Network-2GB-of-Data-for-Sale)
- Screenshots:
- Threat Actors: MoneyTalks
- Victim Country: USA
- Victim Industry: Restaurants
- Victim Organization: papa johns
- Victim Site: ir.papajohns.com
15. Alleged data breach of Property Finder
- Category: Data Breach
- Content: Group claims to have breached and obtained data from Property Finder. Note: Property Finder was reportedly breached earlier in January 2025.
- Date: 2025-11-04T18:34:32Z
- Network: tor
- Published URL: (http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/property)
- Screenshots:
- Threat Actors: CoinbaseCartel
- Victim Country: UAE
- Victim Industry: Real Estate
- Victim Organization: property finder
- Victim Site: propertyfinder.ae
16. Mango’s Tropical Cafe, Inc falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained 250 GB of organization’s data.
- Date: 2025-11-04T18:34:08Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c14a8557-2d41-3d42-9406-62d968172bd8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Entertainment & Movie Production
- Victim Organization: mango’s tropical cafe, inc
- Victim Site: mangos.com
17. PROVA
- Category: Ransomware
- Content: The group claims to have obtained 150 GB of organization’s data.
- Date: 2025-11-04T18:18:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b70a92ca-8bd9-36a8-8647-b8c75832df51)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Manufacturing
- Victim Organization: prova
- Victim Site: prova.fr
18. Alleged data breach of MGBX EXCHANGE
- Category: Data Breach
- Content: The threat actor claims to have leaked sensitive documents and data from MGBX EXCHANGE
- Date: 2025-11-04T17:41:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-MGBX-Global-exhange-users)
- Screenshots:
- Threat Actors: metadata
- Victim Country: Malaysia
- Victim Industry: Financial Services
- Victim Organization: mgbx exchange
- Victim Site: mgbx.com
19. Alleged data breach of PlaneWave Instruments
- Category: Data Breach
- Content: The threat actor claims to have leaked sensitive documents and data from PlaneWave Instruments.
- Date: 2025-11-04T16:45:17Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-PlaneWave-Instruments-Breached-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: USA
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: planewave instruments
- Victim Site: planewave.com
20. Elliott Tax Service falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 82 GB of the organization’s data. The compromised data includes Client personal documents scans, employee personal information and other HR information. Clients financials and other files, NDA, credit card details, payment details, confidentiality agreements, legal and court documents, police reports, and so on.
- Date: 2025-11-04T15:38:00Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: elliott tax service
- Victim Site: elliotttaxservice.com
21. Alleged Sale of Unauthorised CRM access to an unidentified Electronics retailer in Spain
- Category: Initial Access
- Content: The threat actor claims to be selling Unauthorised CRM access to an unidentified Electronics retailer in Spain
- Date: 2025-11-04T15:12:34Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269613/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
22. Benda Grace Stulz falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 90 GB of organization’s data.
- Date: 2025-11-04T13:38:24Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: benda grace stulz
- Victim Site: bgscpas.com
23. Palacios Marine Industrial falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes employee information such as passports, driver licenses, medical information, social security number and other scans with personal information, NDA, contracts and agreements, client data, drawings, and other operational data.
- Date: 2025-11-04T13:37:14Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: palacios marine industrial
- Victim Site: palaciosmarineindustrial.com
24. GHOST’S OF GAZA targets the website of Associação dos Concessionários do Distrito de Irrigação de Neópolis
- Category: Defacement
- Content: Group claims to have defaced the website of Associação dos Concessionários do Distrito de Irrigação de Neópolis
- Date: 2025-11-04T13:32:17Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/102)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Agriculture & Farming
- Victim Organization: associação dos concessionários do distrito de irrigação de neópolis
- Victim Site: ascondir.com.br
25. GHOST’S OF GAZA targets the website of Mar & Ar Mergulho e Turismo
- Category: Defacement
- Content: Group claims to have defaced the website of Mar & Ar Mergulho e Turismo
- Date: 2025-11-04T13:24:46Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/102)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Hospitality & Tourism
- Victim Organization: mar & ar mergulho e turismo
- Victim Site: marear.com.br
26. Alleged data breach of TOP7
- Category: Data Breach
- Content: The threat actor claims to have leaked data from TOP7, allegedly containing ID, email, password, allowed rights, name, last name, age, city, language, country, gender, checkstr, activated, birthdate, and more.
- Date: 2025-11-04T13:24:15Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Good-database-from-Russia-top7-ru-Free)
- Screenshots:
- Threat Actors: Sophia01
- Victim Country: Russia
- Victim Industry: Legal Services
- Victim Organization: top7
- Victim Site: top7.ru
27. RASHTRIYA CYBER SENA targets the website of Realup
- Category: Defacement
- Content: The group claims to have defaced the website of Realup. Mirror Link: https://ownzyou.com/zone/276221 Mirror Link: https://ownzyou.com/zone/276222
- Date: 2025-11-04T13:23:54Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/55)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Bangladesh
- Victim Industry: E-commerce & Online Stores
- Victim Organization: realup
- Victim Site: realup.com.bd
28. General Micro Systems falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes project information, client information, financials, confidential military information, NDA, confidential files of Intel corporation concerning Thunderbolt.
- Date: 2025-11-04T12:59:12Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: general micro systems, inc.
- Victim Site: gms4sbc.com
29. HEZI RASH targets the website of Cokdron
- Category: Defacement
- Content: Group claims to have defaced the websites of Cockdron
- Date: 2025-11-04T12:36:14Z
- Network: telegram
- Published URL: (https://t.me/c/3058168654/130)
- Screenshots:
- Threat Actors: HEZI RASH
- Victim Country: Spain
- Victim Industry: Aviation & Aerospace
- Victim Organization: cokdron
- Victim Site: cokdron.com
30. NCT [NTB CYBER TEAM] targets the website of Design Internal
- Category: Defacement
- Content: The group claims to have deface the website of Design Internal.
- Date: 2025-11-04T11:46:17Z
- Network: telegram
- Published URL: (https://t.me/Garuda_Tersakiti/90)
- Screenshots:
- Threat Actors: NCT [NTB CYBER TEAM]
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: design internal
- Victim Site: app.designinternal.com
31. LEAKS DATABASE CYBER TEAM INDONESIA targets the website of RegionLogistic
- Category: Defacement
- Content: Group claims to have defaced the website of RegionLogistic.
- Date: 2025-11-04T11:37:11Z
- Network: telegram
- Published URL: (https://t.me/c/2326263047/491)
- Screenshots:
- Threat Actors: LEAKS DATABASE CYBER TEAM INDONESIA
- Victim Country: Russia
- Victim Industry: Import & Export
- Victim Organization: regionlogistic
- Victim Site: region-logist.ru
32. Alleged data breach of New York State
- Category: Data Breach
- Content: The threat actor claims to have leaked sensitive documents and data from New York State.
- Date: 2025-11-04T10:52:08Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-NY-Gov-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: new york state
- Victim Site: ny.gov
33. Alleged data sale of Anka
- Category: Data Breach
- Content: The threat actor claims to be selling 12.1GB of data from Anka, allegedly containing data from 537,877 unique users, including ID, username, full name, email, token, avatar, gender, date of birth, phone number, and more.
- Date: 2025-11-04T10:49:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Anka-africa-Data-Breach)
- Screenshots:
- Threat Actors: Spirigatito
- Victim Country: Ivory Coast
- Victim Industry: Retail Industry
- Victim Organization: anka
- Victim Site: anka.africa
34. LN Dinbolig falls victim to BEAST Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 400 GB of the organization data.
- Date: 2025-11-04T10:43:05Z
- Network: tor
- Published URL: (http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/din_bolig)
- Screenshots:
- Threat Actors: BEAST
- Victim Country: Spain
- Victim Industry: Real Estate
- Victim Organization: ln dinbolig
- Victim Site: dinbolig.com
35. Invacare International Holdings Corp. falls victim to RHYSIDA ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data. The group intends to publish the data within 6 to 7 days.
- Date: 2025-11-04T09:03:15Z
- Network: tor
- Published URL: (http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion/)
- Screenshots:
- Threat Actors: RHYSIDA
- Victim Country: USA
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: invacare international holdings corp.
- Victim Site: invacare.com
36. TwoNet claims to target Belgium
- Category: Alert
- Content: A recent post by the group indicates that they’re targeting Belgium.
- Date: 2025-11-04T08:41:49Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/127)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Belgium
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
37. TwoNet Team claims to target Belgium
- Category: Alert
- Content: A recent post by the group suggests that they plan to target Belgium.
- Date: 2025-11-04T08:36:28Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/127)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Belgium
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
38. Alleged leak of admin credentials of White ICE Cottages
- Category: Initial Access
- Content: The group claims to have leaked admin credentials to White ICE Cottages.
- Date: 2025-11-04T07:52:27Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/53)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Pakistan
- Victim Industry: Real Estate
- Victim Organization: white ice cottages
- Victim Site: whiteice.com.pk
39. Alleged data sale of WorldLink Communications
- Category: Data Breach
- Content: The group claims to have selling databases and admin panel access of WorldLink Communications in Nepal.
- Date: 2025-11-04T07:20:41Z
- Network: telegram
- Published URL: (https://t.me/ctrl_nepal/178)
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Network & Telecommunications
- Victim Organization: worldlink communications
- Victim Site: worldlink.com.np
40. RÍOS ESPINOSA falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive internal data, including personal information of employees and clients, as well as confidential financial documents, which they intend to publish within 7 days.
- Date: 2025-11-04T06:10:43Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/97/rios-espinosa)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Spain
- Victim Industry: Accounting
- Victim Organization: ríos espinosa
- Victim Site: riosespinosa.com
41. Dovern Import falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive internal data, including personal information of employees and clients, as well as financial documents, which they intend to publish within 7 days.
- Date: 2025-11-04T06:10:34Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/98/dovern-import)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Morocco
- Victim Industry: Wine & Spirits
- Victim Organization: dovern import
- Victim Site: dovern-import.com
42. BABAYO EROR SYSTEM targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced the multiple websites
- Date: 2025-11-04T05:10:01Z
- Network: telegram
- Published URL: (https://t.me/c/3159622829/543)
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
43. HellR00ters Team claims to target India and Israel
- Category: Alert
- Content: A recent post by the group suggests that they plan to target India and Israel.
- Date: 2025-11-04T04:32:34Z
- Network: telegram
- Published URL: (https://t.me/c/2758066065/157)
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
44. Alleged leak of Indonesian Telecom Customer Database
- Category: Data Breach
- Content: The threat actor claims to be selling 1.2 million a database containing personal information of 1.2 million Indonesian telecom customers. The exposed data reportedly includes full phone numbers (MSISDN), unique identifiers (UUID, ID, Option ID), registration timestamps, and metadata notes.
- Date: 2025-11-04T04:20:51Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-1-2m-Indonesia-Telco-Customer-Database-Dump-with-Full-Phone-Numbers-and-Registratio)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Indonesia
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
45. LV= falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive data.
- Date: 2025-11-04T03:34:34Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/lv-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: UK
- Victim Industry: Financial Services
- Victim Organization: lv=
- Victim Site: lv.com
46. Alleged data breach of Robinhood
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Robinhood Markets, Inc., a U.S.-based financial services company. The dataset reportedly contains 4.6 million records from the USA, including details such as names, addresses, contact numbers, gender, birth dates, credit scores, assets, investments, and emails The threat actor AlphaLeadsCapital, previously reported as a victim on September 21, 2025.
- Date: 2025-11-04T02:41:21Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/robinhood-markets-us-financial-service-db-avilable.45226/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: robinhood
- Victim Site: robinhood.com
47. RÍOS ESPINOSA falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive internal data, including personal information of employees and clients, as well as confidential financial documents, which they intend to publish within 7 days.
- Date: 2025-11-04T02:38:16Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Spain
- Victim Industry: Accounting
- Victim Organization: ríos espinosa
- Victim Site: riosespinosa.com
48. Alleged Leak of 5,000 Lines of Chinese Data in USA mobile
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of individuals from China and the USA, containing 5,000 records. The dataset reportedly includes first names, last names, emails, phone numbers, and addresses.
- Date: 2025-11-04T02:15:28Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/5000-lines-chinese-usa-mobile.45230/)
- Screenshots:
- Threat Actors: ivandraco
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
49. Alleged unauthorized access to Russian Construction Services Administrative Panel
- Category: Initial Access
- Content: he group claims they accessed an admin panel for a Russian construction and waterproofing company, exposing client names, phone numbers, addresses, revenue and order details, and the system’s communication settings (including a Telegram bot), which could be used to view or manipulate company notifications and internal infrastructure.
- Date: 2025-11-04T02:14:28Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2271)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Russia
- Victim Industry: Building and construction
- Victim Organization: Unknown
- Victim Site: Unknown
50. Alleged Leak of 2,000 Lines of Chinese Data in Australia
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing 2,000 records of individuals from China and Australia. The exposed data reportedly includes phone numbers, first names, last names, gender, and addresses
- Date: 2025-11-04T02:11:57Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/2000-line-chinese-australia.45232/)
- Screenshots:
- Threat Actors: ivandraco
- Victim Country: Australia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
51. Alleged Leak of 2k Lines of Chinese Data in Canada
- Category: Data Breach
- Content: The threat actor claims to have leaked a dataset containing 2,000 entries with personal details of individuals residing in Canada, including first name, middle name, last name, address, city, state, phone number, and email address.
- Date: 2025-11-04T02:08:40Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/2000-lines-chinese-canada.45231/)
- Screenshots:
- Threat Actors: ivandraco
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
52. Alleged Leak of 2k Lines of Chinese Data in France
- Category: Data Breach
- Content: The threat actor claims to have leaked a dataset containing 2,000 entries with personal information of individuals residing in France, including email address, date of birth, first name, last name, address, and mobile number.
- Date: 2025-11-04T02:08:24Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/2000-lines-of-chinese-in-france.45233/)
- Screenshots:
- Threat Actors: ivandraco
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
53. Alleged Leak of 5k Lines of Chinese Data in USA
- Category: Data Breach
- Content: The threat actor claims to have leaked a dataset containing 5,000 entries of Chinese individuals residing in the USA, including first name, last name, address, city, state, ZIP code, home value description, income description, email, and two phone numbers.
- Date: 2025-11-04T02:08:16Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/5000-lines-chinese-usa.45229/)
- Screenshots:
- Threat Actors: ivandraco
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
54. Crown Automotive Sales Co., Inc. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 320 GB of the organization’s internal data, including financial records, contracts and customer’s data, which they intend to publish within a day.
- Date: 2025-11-04T01:31:38Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69013ab188b6823fa2fa3823)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: crown automotive sales co., inc.
- Victim Site: crownautomotive.net
55. Alleged data breach of BlueEast
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from BlueEast, a software and technology company owned by Orient Group includes stolen source code.
- Date: 2025-11-04T00:24:15Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-BlueEast-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: Pakistan
- Victim Industry: Software
- Victim Organization: blueeast
- Victim Site: blueeast.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats in a single 24-hour period. Ransomware attacks, particularly against organizations in the USA (Manufacturing, Accounting, Energy & Utilities, etc.) by groups like Akira, PLAY, Qilin, and Space Bears, remain a prominent threat. The compromised data often includes sensitive personal information of employees and clients, and confidential financial and operational documents.
Data breaches and leaks were reported across various geographies, including major incidents affecting users in Argentina, Indonesia, UAE, and leaks of corporate data from companies like Papa John’s and the New York State government.
Furthermore, the underground market for Initial Access remains robust, with threat actors selling RDP access and admin panel credentials for targets in the USA, India, Spain, and Russia, including access to a smart home automation system in Italy.
The activity shows that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the use of malicious tools like ransomware.
