[November-5-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Trojan 1337 targets the website of A.R.B Surgical
  1. Alleged data breach of Universidad de Lima
  1. Oscars Group falls victim to MEDUSA ransomware
  1. LaRosa’s Pizzeria, Inc. falls victim to MEDUSA ransomware
  1. Alleged data sale of Unidentified real estate firm from USA.
  1. Alleged Sale of China Real Estate Listings Data
  1. Alleged data breach of Andreani
  • Category: Data Breach
  • Content: The threat actor claims to have leaked data from Andreani, The compromised dataset allegedly contains user account records, shipment operations, branch event logs, route timings, and branch performance data. It reportedly includes around 893k user records, 3.5M shipment rows, and other operational datasets in JSON and SQLite formats.
  • Date: 2025-11-05T22:18:56Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-Andreani-Logistics—Operational-Dataset) Screenshots: https://d34iuop8pidsy8.cloudfront.net/9edb5fec-8089-458f-9086-79ae2ad4a588.png
  • Threat Actors: delitospenales
  • Victim Country: Argentina
  • Victim Industry: Transportation & Logistics
  • Victim Organization: andreani
  • Victim Site: andreani.com.ar
  1. Alleged sale of access to VoIP PBX system of Elektro Alfons
  1. Alleged breach of deutsche bank database
  1. Alleged leak of UK database
  1. Alleged sale of 1,045 Spanish credit-card records
  • Category: Data Breach
  • Content: The threat actor claims to have offered 1,045 credit-card records from Spain, originally sold through a marketplace referred to as patrick. The dataset was initially reported to have an 87% validity rate, which allegedly declined to 30% after three days due to unknown reasons.
  • Date: 2025-11-05T21:00:49Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/269707/) Screenshots: https://d34iuop8pidsy8.cloudfront.net/fc5a5e9d-b446-48cc-849b-aac6de939481.png
  • Threat Actors: Abrahas
  • Victim Country: Spain
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of RELIV in Ecuador.
  1. Alleged sale of 2,000 US credit-card records
  1. Alleged breach of Louis Vuitton database
  1. Francehopital falls victim to Qilin ransomware
  1. Alleged leak of user credentials of HOSTRY
  1. Alleged sale of EU credit-card records
  • Category: Data Breach
  • Content: The threat actor claims to be selling 1,400 mixed European credit-card records from multiple countries. The compromised dataset reportedly contains card details and billing information including full name, state, city, email, and other personal data.
  • Date: 2025-11-05T20:21:30Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/269703/) Screenshots: https://d34iuop8pidsy8.cloudfront.net/268da1c1-c687-48dd-bc29-f078cd2a2372.png
  • Threat Actors: Vino
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data sale of SUSCO Public Company Limited
  1. Alleged data breach of RELIV in Ecuador.
  1. Hider_Nex claims to target Romania
  1. Alleged data breach of Registro Público Vehicular (REPUVE)
  • Category: Data Breach
  • Content: The threat actor claims to be selling a database allegedly stolen from Registro Público Vehicular (REPUVE) of Mexico. The compromised dataset reportedly contains information on approximately 1.7 million vehicle records, including full names, full addresses, RFC numbers, vehicle plates, vehicle serial numbers, vehicle colors, and phone numbers, among other sensitive data
  • Date: 2025-11-05T18:58:49Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-REPUVE-MEXICO-1-700-000-LINES) Screenshots: https://d34iuop8pidsy8.cloudfront.net/7b3697dd-220c-46b6-a25f-7893214bd743.png
  • Threat Actors: Eternal
  • Victim Country: Mexico
  • Victim Industry: Automotive
  • Victim Organization: registro público vehicular (repuve)
  • Victim Site: repuve.gob.mx
  1. Alleged unauthorized admin access to Yental
  1. Alleged sale of Canadian credit-card records
  1. Oxford University Clinical Research Unit falls victim to DEVMAN 2.0 Ransomware
  1. Alleged access to Bank Hapoalim
  1. Alleged data sale of Rosneft Oil Company
  1. KISS FM falls victim to RHYSIDA ransomware
  1. Alleged sale of China database
  1. Oelbaum & Kagan Dentistry falls victim to INC RANSOM ransomware
  1. Alleged sale of 600 mixed credit-card records
  • Category: Data Breach
  • Content: The threat actor claims to be selling a set of approximately 600 mixed credit-card records obtained via sniffing. The compromised data includes IP address, user-agent, card number, expiry, and CVV; many records also include billing address, ZIP, and city; some include phone, email, and date of birth.
  • Date: 2025-11-05T16:03:39Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/269687/) Screenshots: https://d34iuop8pidsy8.cloudfront.net/d12165d1-b676-42f6-8625-fda4f129790f.png
  • Threat Actors: RichAsHell
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Shelbyville Police Department falls victim to INTERLOCK Ransomware
  1. Alleged sale of Georgia mobile number database
  1. Alleged sale of France mobile number database
  1. Alleged data breach of Next Pharmaceutical
  • Category: Data Breach
  • Content: Group claims to have obtained 24 GB of organization’s data. The compromised data includes company name, bank accounts, private emails, passwords and other sensitive document.
  • Date: 2025-11-05T15:25:07Z
  • Network: telegram
  • Published URL: (https://t.me/IndianCyberForceTG/3) Screenshots: https://d34iuop8pidsy8.cloudfront.net/764359d3-5b13-481c-b386-dcfa065d9b97.png
  • Threat Actors: INDIAN CYBER FORCE
  • Victim Country: Pakistan
  • Victim Industry: Healthcare & Pharmaceuticals
  • Victim Organization: next pharmaceutical
  • Victim Site: nextpharmaceutical.com
  1. Alleged sale of Finland mobile number database
  1. Alleged sale of Fiji mobile number database
  1. Alleged sale of Ethiopia mobile number database
  1. The Fence People falls victim to Akira Ransomware
  1. Alleged sale of 10 TB global document database
  1. Nobu Restaurants falls victim to akira ransomware
  1. Z-BL4CX-H4T targets the website of Software and Apps of Colombia SAS
  1. RipperSec targets the website of Tuv Haaretz
  1. Alleged leak of 700k Hungarian user’s data
  1. Pine Pharmaceuticals falls victim to akira ransomware
  • Category: Ransomware
  • Content: The group claims to have obtained 18 GB of corporate data from Pine Pharmaceuticals, including detailed employee information such as I-9 forms, Social Security numbers, driver’s licenses, passports, birth and death certificates, financial records, internal confidentiality agreements, NDAs, and other sensitive corporate documents.
  • Date: 2025-11-05T13:41:34Z
  • Network: tor
  • Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/) Screenshots: https://d34iuop8pidsy8.cloudfront.net/c2c2a0e7-456c-4ff7-bce3-cb0226e65122.jpg
  • Threat Actors: akira
  • Victim Country: USA
  • Victim Industry: Healthcare & Pharmaceuticals
  • Victim Organization: pine pharmaceuticals
  • Victim Site: pinepharmaceuticals.com
  1. Christina falls victim to akira ransomware
  1. Alleged data breach of Dalma Capital
  1. Alleged leak of UAE citizens’ passport data
  1. Alleged data breach of Doxbin
  1. Alleged data leak of Business Dubai
  1. Saigon Industrial Service J.S.C falls victim to DragonForce Ransomware
  1. BABAYO EROR SYSTEM targets the website of Shanghai Caerulum Pharma Discovery Co., Ltd
  1. CoilPlus falls victim to akira ransomware
  1. Maine Course Hospitality Group falls victim to Qilin Ransomware
  1. McIntosh Laboratory falls victim to SAFEPAY Ransomware
  1. Z-BL4CX-H4T targets the website of flightjab.com
  1. Z-BL4CX-H4T targets the website of Vigorous Software Inc.
  1. Alleged data breach of ING Spain
  1. Alleged data sale of AppServ Limited Partnership
  1. Alleged data leak of Hong Kong Telecommunications Limited
  1. Alleged leak of Saudi Arabian citizen’s passport data
  1. BABAYO EROR SYSTEM targets the website of a542.goodao.net
  1. SERVER KILLERS claims to target UAE
  1. BABAYO EROR SYSTEM targets the website of Healther
  1. BABAYO EROR SYSTEM targets the website of CoinLucid
  1. BABAYO EROR SYSTEM targets the website of Karsaz Pvt. Ltd.
  1. BABAYO EROR SYSTEM targets the website of kexwallet.online
  1. Alleged data leak of U.S. passport
  1. BABAYO EROR SYSTEM targets the website of Go Rute
  1. BABAYO EROR SYSTEM targets the website of valmond.fr
  1. BABAYO EROR SYSTEM targets the website of Qemy
  1. Habib Bank AG Zurich falls victim to Qilin Ransomware
  1. Alleged data breach of PT Data Utama Dinamika
  1. S4uD1Pwnz targets the multiple websites of amirshasti.ir
  1. S4uD1Pwnz targets the website of amirshasti.ir
  1. Alleged data breach of 1 2 3 Finance Group
  1. Durvet, Inc. falls victim to Qilin Ransomware
  1. Enem Nostrum Remedies Pvt. Ltd falls victim to NightSpire Ransomware
  1. Alleged data breach of TechNexion Ltd
  1. Alleged data breach of Internet Initiative Japan (IIJ)
  1. Alleged data breach of AVM-BTP
  1. Alleged Unauthorized Access to Unidentified Indian Organisation
  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to an Indian company’s internal servers, exposing employee and client databases, production plans, financial reports, and confidential operational data. They allege that weak security measures such as plaintext password storage and inadequate monitoring enabled the breach, compromising sensitive information related to manufacturing, supply chains, and international operations.
  • Date: 2025-11-05T01:06:56Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/2290) Screenshots: https://d34iuop8pidsy8.cloudfront.net/1ff371d0-07ba-4410-a8e5-81533a6414e5.png https://d34iuop8pidsy8.cloudfront.net/f3e82917-7887-4394-8856-787df6d8d4dc.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: India
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of Trescal

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education and gaming to healthcare and automotive, and impacting countries including USA, China, France, Mexico, Canada, Spain, and others. The compromised data ranges from personal user information and credit card details to sensitive psychological evaluations, medical records, classified corporate documents, and large customer databases.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to VoIP PBX systems, e-commerce admin panels, and corporate networks. Ransomware remains a major threat, with groups like MEDUSA, Qilin, and akira actively listing victims across multiple industries and geographies. The prevalence of defacement attacks also points to a constant threat to organizational digital presence.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and ransomware attacks. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts