This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged data breach of ESPORT
- Category: Data Breach
- Content: The threat actor claims to be selling a database dump from esport.gov.kz (Kazakhstan’s e-sports authority) containing 286,000 records. The compromised fields reportedly include 12-digit national ID (IIN), full name, date of birth, ethnicity, region (province/city), role (athlete/coach), sport discipline, phone number, and email.
- Date: 2025-11-12T23:14:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-kz-leak-esport-gov-kz-280k)
- Screenshots:
- Threat Actors: dump5ter
- Victim Country: Kazakhstan
- Victim Industry: Government Administration
- Victim Organization: esport
- Victim Site: esport.gov.kz
- Alleged data breach of GoldenGate Technolabs
- Category: Data Breach
- Content: The threat actor claims to be selling database access and data belonging to GoldenGate Technolabs
- Date: 2025-11-12T23:03:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-goldengatetechnolabs-com-database-access)
- Screenshots:
- Threat Actors: Richard2002
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: goldengate technolabs
- Victim Site: goldengatetechnolabs.com
- Alleged sale of admin access to an unidentified consulting company in Pakistan
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an unidentified consulting company in Pakistan .
- Date: 2025-11-12T22:22:56Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270005/)
- Screenshots:
- Threat Actors: setvik
- Victim Country: Pakistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of admin access of Satun College of Agriculture and Technology
- Category: Initial Access
- Content: The group claims to have leaked admin access to Satun College of Agriculture and Technology
- Date: 2025-11-12T22:19:13Z
- Network: telegram
- Published URL: (https://t.me/notctber/1404)
- Screenshots:
- Threat Actors: NOTCTBER404
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: satun college of agriculture and technology
- Victim Site: satunatc.ac.th
- Alleged data sale of Israeli Air system
- Category: Data Breach
- Content: The threat actor claims to be selling Israeli Air system datas. It includes source code, dwg files, documents, photos, videos, etc.
- Date: 2025-11-12T22:08:48Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Barak-9-Long-Range-Surface-to-Air-Israeli-system)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: Israel
- Victim Industry: Defense & Space
- Victim Organization: israeli air system
- Victim Site: Unknown
- Alleged sale of unauthorized access to an unidentified organization in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized RDP access to an unidentified organization in Spain.
- Date: 2025-11-12T21:53:38Z
- Network: openweb
- Published URL: (https://ramp4u.io/threads/sell-spain-rdp-3-kkk.3616/)
- Screenshots:
- Threat Actors: fokonishi
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin access to an unidentified store in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an unidentified PrestaShop online store in Spain .
- Date: 2025-11-12T21:47:31Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270004/)
- Screenshots:
- Threat Actors: cosmodrome
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of admin access to Tuf pak Sports
- Category: Initial Access
- Content: The group claims to have leaked admin access to Tuf pak Sports
- Date: 2025-11-12T21:32:30Z
- Network: telegram
- Published URL: (https://t.me/Legion_offlcail/625)
- Screenshots:
- Threat Actors: Legion
- Victim Country: Pakistan
- Victim Industry: Sports
- Victim Organization: tuf pak sports
- Victim Site: tufpak.com.pk
- Legion targets the website of Artrans Mass Enthusiasm
- Category: Defacement
- Content: The group claims to have defaced the website of Artrans Mass Enthusiasm
- Date: 2025-11-12T21:03:59Z
- Network: telegram
- Published URL: (https://t.me/Legion_offlcail/623)
- Screenshots:
- Threat Actors: Legion
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: artrans mass enthusiasm
- Victim Site: artransparency.gov
- ICON International, Inc. falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 600 GB of the organization’s internal data.
- Date: 2025-11-12T19:46:02Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/w07qZVHEzNfp0EAuSw86Pld75x4JKPp2/iconinternational-com)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: icon international, inc.
- Victim Site: iconinternational.com
- Alleged sale of admin access to an unidentified telecommunication Company in Germany
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an telecommunication company in Germany.
- Date: 2025-11-12T19:43:04Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/269997/)
- Screenshots:
- Threat Actors: empr3ss
- Victim Country: Germany
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of NOWNodes
- Category: Data Breach
- Content: Threat actor claims to be selling admin panel access and database from NOWNodes, allegedly containing customer data, API keys, chat logs, and more.
- Date: 2025-11-12T19:07:15Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/269998/)
- Screenshots:
- Threat Actors: nughtcore
- Victim Country: Estonia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: nownodes
- Victim Site: nownodes.io
- Dover Area School District falls victim to SAFEPAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-12T18:45:08Z
- Network: tor
- Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/doversdorg/)
- Screenshots:
- Threat Actors: SAFEPAY
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: dover area school district
- Victim Site: doversd.org
- Glendale Obstetrics and Gynecology falls victim to SAFEPAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-12T18:40:36Z
- Network: tor
- Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/glendaleobgyncom/)
- Screenshots:
- Threat Actors: SAFEPAY
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: glendale obstetrics and gynecology
- Victim Site: glendaleobgyn.com
- BABAYO EROR SYSTEM targets the website of Billerica family dental
- Category: Defacement
- Content: The group claims to have defaced the website of Billerica family dental
- Date: 2025-11-12T18:28:07Z
- Network: telegram
- Published URL: (https://t.me/babayoerorsysteam3/667)
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: billerica family dental
- Victim Site: billericafamilydental.com
- Alleged data breach of Leboncoin
- Category: Data Breach
- Content: Threat actor claims to have leaked the database of Leboncoin .
- Date: 2025-11-12T18:06:50Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/leboncoin-fr-databse-35m.45810/)
- Screenshots:
- Threat Actors: batfire
- Victim Country: France
- Victim Industry: Software Development
- Victim Organization: leboncoin
- Victim Site: leboncoin.fr
- Alleged data sale of Local Place Database
- Category: Data Breach
- Content: Threat actor claims to have leaked database of the organization.
- Date: 2025-11-12T17:34:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-localplace-jp-Full-Database-1-839-999-lines)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: Japan
- Victim Industry: Information Services
- Victim Organization: local place
- Victim Site: localplace.jp
- Alleged data sale of Taiwan Cyber security department
- Category: Data Breach
- Content: The threat actor claims to be selling data from Taiwan Cyber security department.
- Date: 2025-11-12T17:16:36Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Cyber-security-department-Taiwan-105-documents)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: Taiwan
- Victim Industry: Unknown
- Victim Organization: taiwan cyber security department
- Victim Site: Unknown
- Alleged sale of access to an unidentified organization in USA
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an unidentified organization in USA .
- Date: 2025-11-12T16:44:01Z
- Network: openweb
- Published URL: (https://ramp4u.io/threads/usa-100kk-rev-user-forti-proof-screen-https-ibb-co-kssv3n80.3615/)
- Screenshots:
- Threat Actors: FASTPRISONER
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of River
- Category: Data Breach
- Content: The threat actor claims to be selling data from River.
- Date: 2025-11-12T16:36:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-https-river-com-Crypto-Exchange-Wallet-River-Full-Database-11KK-Users)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: river
- Victim Site: river.com
- Alleged sale of documents related to cybersecurity department of Taiwan
- Category: Data Breach
- Content: Threat actor claims to be selling 105 documents allegedly related to the Cyber Security Department of Taiwan.
- Date: 2025-11-12T16:26:56Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/cyber-security-department-taiwan-105-documents.45805/)
- Screenshots:
- Threat Actors: jdudjbdd
- Victim Country: Taiwan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin access to an unidentified store in Spain
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an unidentified PrestaShop online store in Spain .
- Date: 2025-11-12T16:09:05Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/269992/)
- Screenshots:
- Threat Actors: …..
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin access to an unidentified store in France
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to an unidentified PrestaShop online store in France
- Date: 2025-11-12T15:13:09Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/269991/)
- Screenshots:
- Threat Actors: …..
- Victim Country: France
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- PARANOIDSQUAD targets the website indianshooting.com
- Category: Defacement
- Content: The group claims to have defaced the organization’s website.Mirror: https://defacer.id/mirror/id/209221
- Date: 2025-11-12T14:28:33Z
- Network: openweb
- Published URL: (https://defacer.id/archive/team=PARANOIDSQUAD/page=1)
- Screenshots:
- Threat Actors: PARANOIDSQUAD
- Victim Country: India
- Victim Industry: Sports
- Victim Organization: indianshooting
- Victim Site: indianshooting.com
- Alleged unauthorized admin panel access to Armed Forces Medical Science Research Institute
- Category: Initial Access
- Content: The group claims to have gained access to the admin panel of Armed Forces Medical Science Research Institute.
- Date: 2025-11-12T14:24:20Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedzsec_official/39)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Thailand
- Victim Industry: Research Industry
- Victim Organization: armed forces medical science research institute
- Victim Site: afrims.go.th
- lxrdk1773n targets the website of Mahasarakham University Thailand
- Category: Defacement
- Content: The group claims to have defaced the organization’s website.Mirror: https://defacer.id/mirror/id/204269
- Date: 2025-11-12T14:19:21Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: mahasarakham university thailand
- Victim Site: std.it.msu.ac.th
- City of Znojmo falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 75 GB of the organization’s data.
- Date: 2025-11-12T14:16:13Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69148665e1a4e4b3ffc9d83a)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Czech Republic
- Victim Industry: Government Administration
- Victim Organization: city of znojmo
- Victim Site: znojmocity.cz
- LatamLex Abogados falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 213 GB of the organization’s data.
- Date: 2025-11-12T13:38:03Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691483a3e1a4e4b3ffc99a87)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Costa Rica
- Victim Industry: Legal Services
- Victim Organization: latamlex abogados
- Victim Site: latamlex.com
- Alleged leak of login access to Nakhon Ratchasima Rajabhat University
- Category: Initial Access
- Content: The group claims to have leaked login access to Nakhon Ratchasima Rajabhat University.
- Date: 2025-11-12T13:33:22Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1173)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Higher Education/Acadamia
- Victim Organization: nakhon ratchasima rajabhat university
- Victim Site: tabien.nrru.ac.th
- BRIDGE Housing Corporation falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data
- Date: 2025-11-12T13:28:06Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691481e5e1a4e4b3ffc9720f)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: bridge housing corporation
- Victim Site: bridgehousing.com
- Alleged leak of login access of Theos Seminary
- Category: Initial Access
- Content: The group claims to have leaked access to Theos Seminary
- Date: 2025-11-12T13:26:32Z
- Network: telegram
- Published URL: (https://t.me/Cyb3r_Angel/70)
- Screenshots:
- Threat Actors: CYB3R ANGEL
- Victim Country: USA
- Victim Industry: Religious Institutions
- Victim Organization: theos seminary
- Victim Site: student.theosseminary.com
- Alleged unauthorized access to Chiang Rai Rajabhat University
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Chiang Rai Rajabhat University
- Date: 2025-11-12T13:25:41Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1169)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: chiang rai rajabhat university
- Victim Site: orasis.crru.ac.th
- Galileo Financial Technologies, LLC falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 286 GB of organization’s data.
- Date: 2025-11-12T13:19:36Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69146fdce1a4e4b3ffc8129a)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: galileo financial technologies, llc
- Victim Site: galileo-ft.com
- Grupo Vía falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 195 GB of organization’s data.
- Date: 2025-11-12T13:19:18Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69147139e1a4e4b3ffc82a69)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Argentina
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: grupo vía
- Victim Site: grupovia.com
- Alleged leak of login access of ThreeNow
- Category: Initial Access
- Content: The group claims to have leaked access to ThreeNow
- Date: 2025-11-12T13:17:28Z
- Network: telegram
- Published URL: (https://t.me/Cyb3r_Angel/70)
- Screenshots:
- Threat Actors: CYB3R ANGEL
- Victim Country: New Zealand
- Victim Industry: Broadcast Media
- Victim Organization: threenow
- Victim Site: threenow.co.nz
- Forensic Medical Management Services PLC falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 160 GB of organization’s data.
- Date: 2025-11-12T13:10:16Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69147139e1a4e4b3ffc82a69)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Medical Practice
- Victim Organization: forensic medical management services plc
- Victim Site: forensicmed.com
- Koha Foods falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 133 GB of the organizations data.
- Date: 2025-11-12T13:06:18Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69147ccbe1a4e4b3ffc90c2e)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Wholesale
- Victim Organization: koha foods
- Victim Site: kohafoods.com
- Kxichixxsec targets the website of Nakhonratchasima Provincial Industrial Office
- Category: Defacement
- Content: The group claims to have defaced the website of Nakhonratchasima Provincial Industrial Office.
- Date: 2025-11-12T13:03:30Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1178)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: nakhonratchasima provincial industrial office
- Victim Site: nakhonratchasima.industry.go.th
- Vennerhus Weine AG falls victim to RansomHouse Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data.
- Date: 2025-11-12T13:01:27Z
- Network: tor
- Published URL: (http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/4ec1a607acb189236b01a8730d7ccc03bbcbba2d)
- Screenshots:
- Threat Actors: RansomHouse
- Victim Country: Switzerland
- Victim Industry: Food & Beverages
- Victim Organization: vennerhus weine ag
- Victim Site: vennerhus.ch
- Alleged unauthorized access to mis.thachanapalmoil.co.th
- Category: Initial Access
- Content: The group claims to have gained access to mis.thachanapalmoil.co.th.
- Date: 2025-11-12T12:57:13Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1172)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Unknown
- Victim Organization: mis.thachanapalmoil
- Victim Site: mis.thachanapalmoil.co.th
- lxrdk1773n targets the websites of Samut Prakan Hospital
- Category: Defacement
- Content: The group claims to have deface the website of Samut Prakan Hospital.Mirror: https://defacer.id/mirror/id/207555
- Date: 2025-11-12T12:51:46Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: Thailand
- Victim Industry: Hospital & Health Care
- Victim Organization: samut prakan hospital
- Victim Site: smpkhos.go.th
- Alleged leak of login access of Thrustmaster
- Category: Initial Access
- Content: The group claims to have leaked access to Thrustmaster.
- Date: 2025-11-12T12:50:52Z
- Network: telegram
- Published URL: (https://t.me/Cyb3r_Angel/70)
- Screenshots:
- Threat Actors: CYB3R ANGEL
- Victim Country: France
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: thrustmaster
- Victim Site: support.thrustmaster.com
- Alleged leak of login access to KidDiary
- Category: Initial Access
- Content: The group claims to have leaked login access to KidDiary.
- Date: 2025-11-12T12:48:13Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1170)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Information Services
- Victim Organization: kiddiary
- Victim Site: parent.kiddiary.in.th
- Alleged Unauthorized Access to Department of Livestock Development
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Department of Livestock Development
- Date: 2025-11-12T12:36:42Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1171)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: department of livestock development
- Victim Site: salary.dld.go.th
- Alleged leak of login access to Chaiyaphum Rajabhat University
- Category: Initial Access
- Content: The group claims to have leaked login access to Chaiyaphum Rajabhat University.
- Date: 2025-11-12T12:29:37Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1168)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Higher Education/Acadamia
- Victim Organization: chaiyaphum rajabhat university
- Victim Site: assess.cpru.ac.th
- Alleged leak of login access of Electronic Document Management System, Royal Thai Army
- Category: Initial Access
- Content: The group claims to have leaked access to Electronic Document Management System, Royal Thai Army
- Date: 2025-11-12T12:29:16Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/3158)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Military Industry
- Victim Organization: electronic document management system, royal thai army
- Victim Site: docasrb.rta.mi.th
- Alleged data sale of COSMOTE
- Category: Data Breach
- Content: The threat actor claims to be selling data from COSMOTE. The breach allegedly exposed internal data, source code, and development tools.
- Date: 2025-11-12T12:21:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-COSMOTE-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Greece
- Victim Industry: Network & Telecommunications
- Victim Organization: cosmote
- Victim Site: cosmote.gr
- Alleged data breach of Taos Leather
- Category: Data Breach
- Content: The group claims to have leaked an internal database from the Taos Leather.
- Date: 2025-11-12T11:52:04Z
- Network: telegram
- Published URL: (https://t.me/c/2326263047/545)
- Screenshots:
- Threat Actors: LEAKS DATABASE CYBER TEAM INDONESIA
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: taos leather
- Victim Site: taosleather.com
- lxrdk1773n targets the websites of ITSMYMART Synergy Private Limited
- Category: Defacement
- Content: The group claims to have defaced the organization’s websites.These domains were defaced:itsmymart.co.in.widecare.in Mirror: https://defacer.id/mirror/id/193305itsmymart.in.widecare.in Mirror: https://defacer.id/mirror/id/193306itsmymart.in/freedom.html Mirror: https://defacer.id/mirror/id/193296
- Date: 2025-11-12T11:50:03Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Business and Economic Development
- Victim Organization: itsmymart synergy private limited
- Victim Site: itsmymart.co.in
- lxrdk1773n targets the websites of WideCare
- Category: Defacement
- Content: The group claims to have defaced these domains:itsmymart.co.in.widecare.in/ Mirror: https://defacer.id/mirror/id/193305alwaysassure.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193304itsmymart.in.widecare.in/ Mirror: https://defacer.id/mirror/id/193306repairstop.in.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193307widecare.biz/freedom.html Mirror: https://defacer.id/mirror/id/193294email.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193298mail.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193303widecare.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193300widecare.net/freedom.html Mirror:https://defacer.id/mirror/id/193293widecare.biz.widecare.in/freedom.html Mirror: https://defacer.id/mirror/id/193302widedotcare.widecare.in/ Mirror:https://defacer.id/mirror/id/193301
- Date: 2025-11-12T11:49:26Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/96f2d4c7-a083-4095-808a-b5426f1354fc.png
- https://d34iuop8pidsy8.cloudfront.net/180914c8-5543-4c48-b38a-2f7524b1d22d.png
- https://d34iuop8pidsy8.cloudfront.net/02eb5301-b953-499a-88be-1a6082bec51e.png
- https://d34iuop8pidsy8.cloudfront.net/a978e786-78d7-4f08-bf62-c55c25c84283.png
- https://d34iuop8pidsy8.cloudfront.net/bc137bd9-ed01-4893-b7d5-da018ab918f9.png
- https://d34iuop8pidsy8.cloudfront.net/3fa735e9-6a89-4fd4-b7df-eca578c40a9b.png
- https://d34iuop8pidsy8.cloudfront.net/cae98dc7-dfbb-4e22-a467-cfff31b8e5e2.png
- https://d34iuop8pidsy8.cloudfront.net/ab233613-7209-47a5-a749-752030f1a2af.png
- https://d34iuop8pidsy8.cloudfront.net/4c84c889-739d-4476-ad2b-e2548beff3ed.png
- https://d34iuop8pidsy8.cloudfront.net/065e4c08-eb8a-4fa9-a0ba-69797767fed3.png
- https://d34iuop8pidsy8.cloudfront.net/fdba5609-a967-4a56-ac42-9c9bd542e8e9.png
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Professional Services
- Victim Organization: widecare
- Victim Site: itsmymart.co.in.widecare.in
- lxrdk1773n targets the websites of Shri Rukmani Dwarkadhish University of Science and Technology
- Category: Defacement
- Content: The group claims to have defaced the organization’s websites.These domains were defaced:srdu.edu.in/storage/0xf.php Mirror: https://defacer.id/mirror/id/208747member.srdu.edu.in/storage/0xf.php Mirror: https://defacer.id/mirror/id/208748
- Date: 2025-11-12T11:40:27Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Education
- Victim Organization: shri rukmani dwarkadhish university of science and technology
- Victim Site: srdu.edu.in
- lxrdk1773n targets the websites of Event Pillow Private Limited
- Category: Defacement
- Content: The group claims to have defaced the organization’s websites.These domains were defaced:account.eventpillow.com/0xf.php Mirror: https://defacer.id/mirror/id/208746plans.eventpillow.com/0xf.php Mirror: https://defacer.id/mirror/id/208738eventpillow.com/storage/0xf.php Mirror: https://defacer.id/mirror/id/208740
- Date: 2025-11-12T11:21:24Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Events Services
- Victim Organization: event pillow private limited
- Victim Site: eventpillow.com
- lxrdk1773n targets the websites of Admissionwala® Education Technologies Private Limited
- Category: Defacement
- Content: The group claims to have defaced these domains:staff.admissionwala.co.in/0xf.php Mirror: https://defacer.id/mirror/id/208745airlinecrm.admissionwala.co.in/storage/0xf.php Mirror: https://defacer.id/mirror/id/208741marketing.admissionwala.co.in/storage/0xf.php Mirror: https://defacer.id/mirror/id/208744ims.admissionwala.co.in/0xf.php Mirror: https://defacer.id/mirror/id/208743admissionwala.co.in/0xf.php Mirror: https://defacer.id/mirror/id/208739front.admissionwala.co.in/0xf.php Mirror: https://defacer.id/mirror/id/208742
- Date: 2025-11-12T11:15:39Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/93339c69-f323-410e-a171-05d426a3af1d.png
- https://d34iuop8pidsy8.cloudfront.net/5f491932-ab59-45ad-9cd3-9c4cb7742fa9.png
- https://d34iuop8pidsy8.cloudfront.net/59c57e5b-5050-427e-a549-7363010b9276.png
- https://d34iuop8pidsy8.cloudfront.net/c5d4ae2e-8081-45a7-b904-60a593024c2f.png
- https://d34iuop8pidsy8.cloudfront.net/93ca1dcc-2680-4600-a429-53d1c8de0f17.png
- https://d34iuop8pidsy8.cloudfront.net/e7df3caf-3504-40ef-aebf-f01c54b6568d.png
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Education
- Victim Organization: admissionwala® education technologies private limited
- Victim Site: admissionwala.co.in
- Alleged unauthorized CCTV Access to multiple Thailand domains
- Category: Initial Access
- Content: The group claims to have gained unauthorized CCTV access to multiple domains.Domains:-http://streaming.udoncity.go.th/ http://183.88.214.137:8000/ http://183.88.214.137:9000/dashboard https://portal.kkmuni.go.th/kk_camera_map/ http://www.bmatraffic.com/index.aspx https://ioc.pattaya.go.th/live-cctv https://egatwater.egat.co.th/RealTimeCCTV
- Date: 2025-11-12T11:01:45Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/3133)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: udon thani municipality office
- Victim Site: streaming.udoncity.go.th
- General Distributing Company falls victim to MEDUSA Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data and intend to publish it within 9-10 days. Sample screenshots are provided on their dark web portal.
- Date: 2025-11-12T10:31:24Z
- Network: tor
- Published URL: (http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=562a8b942ab9544e55be5bd987252ae9)
- Screenshots:
- Threat Actors: MEDUSA
- Victim Country: USA
- Victim Industry: Wholesale
- Victim Organization: general distributing company
- Victim Site: generaldistributingcompany.com
- lxrdk1773n targets the websites of Dadi Institute of Engineering & Technology (DIET)
- Category: Defacement
- Content: The group claims to have defaced these domains:mail.diet.edu.in/lol.php Mirror: https://defacer.id/mirror/id/204344diet.edu.in/lol.php Mirror: https://defacer.id/mirror/id/204339daa.diet.edu.in/ Mirror: https://defacer.id/mirror/id/204341examcell.diet.edu.in/ Mirror: https://defacer.id/mirror/id/204343dvn.diet.edu.in/ Mirror: https://defacer.id/mirror/id/204340ach.diet.edu.in/ Mirror: https://defacer.id/mirror/id/204342
- Date: 2025-11-12T10:17:00Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/8f67677b-290a-4312-81c1-7d5e23b2c170.png
- https://d34iuop8pidsy8.cloudfront.net/3122069e-6ffa-4eb2-a639-c7874623d449.png
- https://d34iuop8pidsy8.cloudfront.net/6b069aad-c9cd-48e8-9629-521107997fc6.png
- https://d34iuop8pidsy8.cloudfront.net/78f0f659-2073-429c-b85c-62a9f4475523.png
- https://d34iuop8pidsy8.cloudfront.net/d3c32d3a-8859-46ef-9b83-a6bbcbc8b88d.png
- https://d34iuop8pidsy8.cloudfront.net/469984a2-07b5-4c3a-b7a7-1f649d63118e.png
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Education
- Victim Organization: dadi institute of engineering & technology (diet)
- Victim Site: diet.edu.in
- lxrdk1773n targets the websites of Al-Falah University
- Category: Defacement
- Content: The group claims to have defaced the organization’s websites.These domains were defaced:mail.alfalahuniversity.edu.in/0xf.php Mirror: https://defacer.id/mirror/id/208727alfalahuniversity.edu.in/0xf.php Mirror: https://defacer.id/mirror/id/208726
- Date: 2025-11-12T09:47:00Z
- Network: openweb
- Published URL: (https://defacer.id/archive/notifier=lxrdk1773n/page=1)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Education
- Victim Organization: al-falah university
- Victim Site: alfalahuniversity.edu.in
- Treetop Companies falls victim to Akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of the organization’s data. The compromised data includes confidential files, clients personal documents such as passports, drivers licenses, financials and other internal client information, NDA etc.
- Date: 2025-11-12T09:08:41Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: treetop companies
- Victim Site: treetopcompanies.com
- Forest Science and Technology Center of Catalonia falls victim to DEVMAN 2.0 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 30 GB of the organization’s data and intends to publish them within 3 – 4 days.
- Date: 2025-11-12T08:51:46Z
- Network: tor
- Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: Spain
- Victim Industry: Research Industry
- Victim Organization: forest science and technology center of catalonia
- Victim Site: ctfc.cat
- Asahi Kasei Microdevices Corporation falls victim to CRYPTO24 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. They intend to publish it within 7 to 8 days.
- Date: 2025-11-12T08:27:56Z
- Network: tor
- Published URL: (http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/)
- Screenshots:
- Threat Actors: CRYPTO24
- Victim Country: Japan
- Victim Industry: Semiconductors
- Victim Organization: asahi kasei microdevices corporation
- Victim Site: akm.com
- Alleged data sale of CCWBET
- Category: Data Breach
- Content: The group claims to have selling customer database from CCWBET.
- Date: 2025-11-12T07:37:54Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/3112)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Unknown
- Victim Industry: Gambling & Casinos
- Victim Organization: ccwbet
- Victim Site: ccwheng.com
- Alleged sale of admin access to Rata.id
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to the Rata.id ticketing portal, allegedly including patient data, an employee database, and more.
- Date: 2025-11-12T07:20:43Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Rata-Clear-Aligners-Indonesia-Ticketing-Portal-Access)
- Screenshots:
- Threat Actors: nikolagorbachev
- Victim Country: Indonesia
- Victim Industry: Hospital & Health Care
- Victim Organization: rata.id
- Victim Site: rata.id
- Alleged data sale of the Ministry of Parliamentary Affairs and Governance, Guyana
- Category: Data Breach
- Content: The threat actor claims to be selling sensitive documents from Guyana’s Ministry of Parliamentary Affairs and Governance.
- Date: 2025-11-12T07:03:05Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Ministry-of-Parliamentary-Guyana-Data-Breach)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/d48e5f84-2fea-438c-be3e-bcfca86e00a7.png
- https://d34iuop8pidsy8.cloudfront.net/5520ae9d-6caa-45e8-b9ac-5a81b49b48d3.png
- https://d34iuop8pidsy8.cloudfront.net/88010650-a55a-45fa-a146-2b95f22918d8.png
- https://d34iuop8pidsy8.cloudfront.net/c99b0035-23ca-4a0a-862b-444f6aa18b26.png
- https://d34iuop8pidsy8.cloudfront.net/0e000f35-d070-40a2-8ba9-d630f96ef69f.png
- https://d34iuop8pidsy8.cloudfront.net/0151338e-a87f-4a74-abe1-c2760bb72b5e.png
- Threat Actors: KaruHunters
- Victim Country: Guyana
- Victim Industry: Government Administration
- Victim Organization: ministry of parliamentary affairs and governance
- Victim Site: mpag.gov.gy
- Alleged leak of unauthorized access to RabbitMQ
- Category: Initial Access
- Content: Threat actor claims to have leaked unauthorized access to RabbitMQ.
- Date: 2025-11-12T06:40:10Z
- Network: telegram
- Published URL: (https://t.me/c/3186755612/22)
- Screenshots:
- Threat Actors: TRUTH LEGION 707
- Victim Country: Brazil
- Victim Industry: Software Development
- Victim Organization: rabbitmq
- Victim Site: rabbitmq.com
- Alleged leak of Russian Ministry of Defense C-70 UCAV Documents
- Category: Data Breach
- Content: The threat actor claims to have leaked classified documents from the Russian Ministry of Defense, allegedly tied to the C-70 stealth UCAV program.
- Date: 2025-11-12T04:22:14Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%8C%8A-TOP-SECRET-RUSSIAN-MINISTRY-OF-DEFENSE-C-70-STEALTH-UCAV-DOCUMENTS-LEAKED-%F0%9F%8C%8A)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Russia
- Victim Industry: Government Administration
- Victim Organization: ministry of defense of the russian federation
- Victim Site: mil.ru
- Alleged Data sale of Mediterranean Shipping Company
- Category: Data Breach
- Content: The threat actor claims to have selling credentials of Mediterranean Shipping Company.NB: Authenticity of the claim is yet to be verified
- Date: 2025-11-12T04:16:00Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/msc-ships-db-2025-11-db-avilable-on-priva1e-channe1-to-b0y-acces-dm-telgram.45781/)
- Screenshots:
- Threat Actors: jdudjbdd
- Victim Country: Switzerland
- Victim Industry: Business and Economic Development
- Victim Organization: mediterranean shipping company
- Victim Site: msc.com
- title Alleged data breach of Tuxum Secure Systems
- Category: Data Breach
- Content: A threat actor claims to have leaked source code belonging to Tuxum Secure Systems content
- Date: 2025-11-12T03:21:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-Tuxum-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Spain
- Victim Industry: Information Technology (IT) Services
- Victim Organization: tuxum secure systems
- Victim Site: tuxum.com
- Alleged Unauthorized Access to Cox Communications Operational Systems
- Category: Initial Access
- Content: A group claims to have gained unauthorized access to an advanced communication system linked to Cox Communications Inc., reportedly using tools associated with VIAVI Solutions. The claim includes control over optical network monitoring, VoIP testing, and Ethernet/IP management, along with access to historical performance data.
- Date: 2025-11-12T02:49:38Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2410)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Network & Telecommunications
- Victim Organization: cox communications inc.
- Victim Site: cox.com
- Alleged data breach of Computer Society of India
- Category: Data Breach
- Content: The group claims to have leaked an internal database from the Computer Society of India (CSI).Note: Computer Society of India was previously breached on May 06, 2025.
- Date: 2025-11-12T02:45:11Z
- Network: telegram
- Published URL: (https://t.me/c/2326263047/543)
- Screenshots:
- Threat Actors: LEAKS DATABASE CYBER TEAM INDONESIA
- Victim Country: India
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: computer society of india
- Victim Site: csi-india.org
- PT Wiraswasta Gemilang Indonesia falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data
- Date: 2025-11-12T01:39:48Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690c1659e1a4e4b3ff27a95e)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Indonesia
- Victim Industry: Oil & Gas
- Victim Organization: pt wiraswasta gemilang indonesia
- Victim Site: ptwgi.com
- Alleged sale of Multi-X Cracked v1.5
- Category: Malware
- Content: A threat actor is allegedly distributing Multi-X Cracked v1.5, a multi-tool launcher that consolidates various checkers, parsers, and quick-run utilities into a single interface. The tool provides one-click access to modules targeting platforms such as Netflix, Fortnite, Steam, Spotify, eBay, Instagram, and PSN.Its centralized UI allows users to launch, log, and compare results from different modules quickly, offering exportable summaries and consistent workflows. While marketed for convenience, the toolkit’s structure and included modules suggest potential use in credential validation, automation, and data-parsing activities across multiple platforms.
- Date: 2025-11-12T00:07:42Z
- Network: openweb
- Published URL: (https://demonforums.net/Thread-Multi-X-Cracked-v1-5)
- Screenshots:
- Threat Actors: Starip
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data Breaches and Initial Access sales are prominent, impacting sectors from Government Administration and Information Technology (IT) Services to Education, Financial Services, and Hospital & Health Care across numerous countries, with a notable concentration in the USA, Thailand, and India.
The nature of the compromised data is extensive, including national IDs, personal information, customer databases, source code, classified military documents, and unauthorized administrative access to critical systems like ticketing portals and telecommunication infrastructure.
The recurring themes of ransomware attacks (e.g., CHAOS, SAFEPAY, INC RANSOM, MEDUSA, CRYPTO24, akira, DEVMAN 2.0, RansomHouse), defacements (often by lxrdk1773n and Kxichixxsec), and the trade of initial access point to persistent threats. Organizations across various industries and geographies face continuous risks from data exfiltration, unauthorized network access, and the availability of malicious tools like Multi-X Cracked v1.5, underscoring the critical need for robust cybersecurity measures.