[November-11-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Fulgar S.p.A. falls victim to RansomHouse Ransomware
  1. Alleged access to FTP SERVER from USA
  1. Brenda Richardson Memorial Care Home LLC falls victim to Anubis Ransomware
  1. Alleged data breach of Appsim
  1. Alleged sale of confidential ID/passport images
  1. Olive Branch Family Medical Center falls victim to Anubis Ransomware
  1. Dartmouth College falls victim to CL0P Ransomware
  1. Irwin Car & Equipment falls victim to Payouts King ransomware
  1. Alleged data breach of International Kiteboarding Organization – IKO
  1. Glendale Obstetrics and Gynecology falls victim to SAFEPAY Ransomware
  1. Alleged sale of leads from USA
  1. Manusos General Contracting falls victim to GENESIS Ransomware
  1. Legion targets the website of Twsaa
  1. Lows Orkney falls victim to GENESIS Ransomware
  1. Continental Conveyor falls victim to GENESIS Ransomware
  1. S.B. Conrad, Inc falls victim to GENESIS ransomware
  1. Alleged sale of Renfe Operadora database
  1. Alleged database sale of BTC-e
  • Category: Data Breach
  • Content: The group claims to be selling a database allegedly belonging to BTC-e. The dataset reportedly contains 1,127,416 records, including email addresses, IP addresses, wallet balances, hashed passwords, nicknames, and full names.
  • Date: 2025-11-11T14:21:16Z
  • Network: telegram
  • Published URL: (https://t.me/h3c4kedzsec_official/24)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/50f4b054-e14e-4e47-811c-ea045b2555e5.png
  • Threat Actors: H3C4KEDZ
  • Victim Country: Russia
  • Victim Industry: Financial Services
  • Victim Organization: btc-e
  • Victim Site: btc-e.com
  1. Octomeca Oy falls victim to RansomHouse Ransomware
  1. Public Safety Mutual Benefit Fund falls victim to RansomHouse Ransomware
  1. Alleged data breach of Militant Zone
  • Category: Data Breach
  • Content: The group claims to have obtained the database of Militant Zone, identifying buyers using mail.ru domains. According to their statement, buyer information, card details, and personal data protected under Federal Law 152 were extracted and subsequently reported to the relevant authorities.
  • Date: 2025-11-11T13:54:39Z
  • Network: telegram
  • Published URL: (https://t.me/ru_62IX/156)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/300f0b9d-c96a-424a-b169-a51d1c193ca1.png
  • Threat Actors: 62IX GROUP
  • Victim Country: Ukraine
  • Victim Industry: Retail Industry
  • Victim Organization: militant zone
  • Victim Site: militant.zone
  1. Alleged sale of admin access to Supreme Court of the Republic of Indonesia
  1. Alleged data sale of Kabutan
  1. Alleged data sale of stepping stone AG
  1. Omnium International Ltd., falls victim to DEVMAN 2.0 Ransomware
  1. Alleged unauthorized access to RabbitMQ
  1. Brian-Kyles Construction, Inc. falls victim to Qilin Ransomware
  1. Polidano Group falls victim to RansomHouse Ransomware
  1. NoName targets the website of Proximus Group
  1. Alleged data sale of Commonwealth of Learning
  1. Alleged data breach of Worldskandi VIP
  1. Alleged leak of admin access to Elaph Translation
  1. Alleged sale of unauthorized access to unidentified Interactive Business Management System in Pakistan
  1. Alleged sale of access to LCRST system of the Directorate General of Food, Bangladesh
  1. S. Himmelstein and Company falls victim to SAFEPAY Ransomware
  1. State of Guanajuato falls victim to TEKIR APT Ransomware
  1. Alleged data sale of unidentified clinical laboratory in northern Mexico
  1. Cloak ransomware group adds an unknown victim (Con*******.com)
  1. Alleged data leak of tutorial on unpack and analyze malware
  1. Alleged sale of Israeli email addresses
  1. Alleged data sale of Philippine payment system technical documents
  1. Sarcoma ransomware group has added an unidentified victim
  1. Alleged sale of SearchHub.vip MongoDB Database
  1. Paul Hildebrandt AG falls victim to Sarcoma Ransomware
  1. Alleged data breach of Vix
  1. Alleged unauthorized access to meepShop
  1. Globus & Cosmos falls victim to CL0P Ransomware
  1. Alleged sale of 0xPay
  • Category: Malware
  • Content: The threat actor claims to be selling a cryptocurrency payment processor called 0xPay, designed for handling TON and Jetton (USDT, NOT, and others) transactions. The tool supports memo-based payments to minimize fees, includes webhook notifications, and provides an API for TON Connect integration. Built with TypeScript, PostgreSQL, and Docker
  • Date: 2025-11-11T04:57:14Z
  • Network: openweb
  • Published URL: (https://xss.pro/threads/144216/)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/2019f140-682c-4644-bc91-30bf031caf8b.png
  • Threat Actors: shuriken0x1
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged Unauthorized Access to Protected Agricultural Control System – Japan
  • Category: Initial Access
  • Content: The group claims to have gained access to a system in Japan that manages greenhouses and conservatories. It controls climate, ventilation, and curtains to regulate light, temperature, and humidity. The system also handles intelligent irrigation based on schedules, light intensity, and plant growth. It monitors temperature, humidity, dew point, and CO₂ levels in real time, while optimizing energy consumption. The system is designed to maintain a stable and efficient environment for protected agriculture.
  • Date: 2025-11-11T04:32:58Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/2380)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0063789d-3734-45d4-9667-49637c707b4b.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Japan
  • Victim Industry: Agriculture & Farming
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Vascara falls victim to NightSpire Ransomware
  1. Alleged Unauthorized Access to Iranian Individual’s Computer
  • Category: Initial Access
  • Content: The group claims to have provided access credentials to a compromised computer belonging to an individual in Iran. According to the post, the system contains various data and documents, and a login link along with credentials was shared, suggesting unauthorized remote access to personal files and information.
  • Date: 2025-11-11T04:02:56Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/2379)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/2a621231-2ca6-43a6-af0a-78415f2380d9.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Iran
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged Unauthorized Access to Italian Industrial Furnace Control System
  • Category: Initial Access
  • Content: The group claims to have gained access to an industrial furnace management system in Italy, responsible for controlling the Forno furnace operations. The compromised system reportedly regulates burner temperatures (Bruciatori), monitors heating zones (Cottura 1, 2, 3), compares real-time readings with setpoints, and records operational data (REC ON). It also includes an emergency shutdown feature (ARRESTA FORNO) to prevent malfunctions or safety hazards. The attackers allege that their access provided full visibility and control over the furnace’s temperature regulation and safety mechanisms.
  • Date: 2025-11-11T03:43:40Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/2378)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5e3f9796-922e-45a2-a534-e5266c12f082.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Italy
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Samcrete Holding falls victim to CL0P Ransomware
  1. NHS England falls victim to CL0P Ransomware
  1. Alleged data sale of National Civil Service Commission of Colombia
  1. Agritech Limited falls victim to CL0P Ransomware
  1. Pharaoh’s Team targets the website of Erennur Turizm
  1. Gaea Global Technologies, Inc. falls victim to CL0P Ransomware
  1. Pharaoh’s Team targets multiple websites
  1. P2 Energy Services, LLC falls victim to CL0P Ransomware
  1. ennVee TechnoGroup Inc. falls victim to CL0P Ransomware
  1. Carglass Germany falls victim to CL0P Ransomware
  1. Vitamix falls victim to CL0P Ransomware
  1. Alleged data sale of China Airlines
  1. Garden of Life, LLC falls victim to CL0P Ransomware
  1. Shanghai Hongji Metal falls victim to Sinobi Ransomware
  1. Middlesex Endodontics falls victim to Sinobi Ransomware
  1. MODCO Media falls victim to INC RANSOM Ransomware
  1. Sarulla Operation Ltd. falls victim to INC RANSOM Ransomware

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks are highly prevalent, affecting multiple sectors across various geographies, with groups like CL0P, RansomHouse, GENESIS, ANUBIS, Sarcoma, Sinobi, and INC RANSOM actively listing victims in the USA, UK, Germany, Italy, Finland, Malta, Switzerland, Indonesia, Philippines, and China. These attacks commonly involve the exfiltration of large volumes of sensitive data, including client records, financial documents, confidential contracts, and personal information.

Beyond data compromise, the report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to systems in the UAE, Pakistan, Bangladesh, Japan, Iran, and Italy, targeting judicial, agricultural, and industrial control systems. Data Breach incidents remain numerous, involving the sale of databases from organizations in Vietnam, Brazil, Russia, Japan, Switzerland, Taiwan, Colombia, and the Dominican Republic, and the leaking of government, military, and financial technical documents from countries like the Philippines and Israel. The sale of Malware (specifically a cryptocurrency payment processor) and website Defacement are also noted, further demonstrating the breadth of cyber-underground activity.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.

Related Posts