This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- BROTHERHOOD CAPUNG INDONESIA targets the website of Children of Life
- Category: Defacement
- Content: The group claims to have defaced these domains: weezy.childrenoflife.top, up.childrenoflife.top, test.childrenoflife.top, new.childrenoflife.top, last.childrenoflife.top, inv.childrenoflife.top, badran.childrenoflife.top, 30.childrenoflife.top, 2023.childrenoflife.top.
- Date: 2025-11-14T22:04:22Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209663)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: India
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: children of life
- Victim Site: weezy.childrenoflife.top
- Eakas Corporation falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-14T21:52:28Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690b5747e1a4e4b3ff1a8d96)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: eakas corporation
- Victim Site: eakas.com
- Killingly High School falls victim to SAFEPAY Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data and intends to publish it within 2 to 3 days.
- Date: 2025-11-14T21:42:17Z
- Network: tor
- Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/killinglyschoolsorg/)
- Screenshots:
- Threat Actors: SAFEPAY
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: killingly high school
- Victim Site: killinglyschools.org
- Sol Trading falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-11-14T21:26:11Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b7d76c49-b1c6-3f60-9cc6-95e04c4b4b98)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: sol trading
- Victim Site: soltradingusa.com
- Payouts King Ransomware group adds an unknown victim (a****.com)
- Category: Ransomware
- Content: Group claims to have obtained 1.5 TB of the organization’s data and intends to publish it within 6 to 7 days.
- Date: 2025-11-14T21:18:54Z
- Network: tor
- Published URL: (https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/)
- Screenshots:
- Threat Actors: Payouts King
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: a****.com
- Alleged sale of China ID cards
- Category: Data Breach
- Content: Threat actor claims to be leaked ID cards of the citizens in China .
- Date: 2025-11-14T20:57:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%A8%F0%9F%87%B3-CHINA-ID-CARDS-%F0%9F%87%A8%F0%9F%87%B3)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- dream hack targets the website of Sureman Financial Services Private Limited.
- Category: Defacement
- Content: The group claims to have defaced the website of Sureman Financial Services Private Limited.
- Date: 2025-11-14T20:46:00Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209697)
- Screenshots:
- Threat Actors: dream hack
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: sureman financial services private limited.
- Victim Site: suremanfin.com
- Alleged data breach of Platinum Healthcare Staffing
- Category: Data Breach
- Content: Group claims to have obtained organization’s data and intent to publish it within 1-2 days .
- Date: 2025-11-14T20:25:01Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/3553555941/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Human Resources
- Victim Organization: platinum healthcare staffing
- Victim Site: platinumhealthcarestaffing.com
- dream hack targets the website of Wealth Creators Private Limited
- Category: Defacement
- Content: The group claims to have defaced the website of Wealth Creators Private Limited.
- Date: 2025-11-14T20:10:22Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209695)
- Screenshots:
- Threat Actors: dream hack
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: wealth creators private limited
- Victim Site: wealth-creators.in
- Alleged data breach of Jefferson Enterprises , LLC
- Category: Data Breach
- Content: Group claims to have obtained organization’s data and intent to publish it within 1-2 days .
- Date: 2025-11-14T20:10:18Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/1902827499/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Oil & Gas
- Victim Organization: jefferson enterprises, llc
- Victim Site: jeffersonenterprise.com
- 911Team targets the website of AMPRO BIO
- Category: Defacement
- Content: The group claims to have defaced the website of AMPRO BIO
- Date: 2025-11-14T19:50:56Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209694)
- Screenshots:
- Threat Actors: 911Team
- Victim Country: Taiwan
- Victim Industry: Biotechnology
- Victim Organization: ampro bio
- Victim Site: amprobio.com
- Alleged data breach of UNOde50
- Category: Data Breach
- Content: Group claims to have obtained organization’s data and intent to publish it within in 1-2 days.
- Date: 2025-11-14T19:49:50Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/4625125986/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: Spain
- Victim Industry: Luxury Goods & Jewelry
- Victim Organization: unode50
- Victim Site: unode50.com
- Alleged data breach of Herman & Chamow
- Category: Data Breach
- Content: Group claims to have obtained organization’s data and intent to publish it within 1-2 days.
- Date: 2025-11-14T19:46:18Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/9025613144/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: herman & chamow
- Victim Site: rhccpa.com
- Alleged sale of unauthorized admin access to an unidentified Swedish Magento shop
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized admin-panel access to a Sweden-based Magento online shop.
- Date: 2025-11-14T19:25:43Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270088/)
- Screenshots:
- Threat Actors: Doodlejump Hit
- Victim Country: Sweden
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- 404 crew cyber team targets the website of AIRVISION INFINITY
- Category: Defacement
- Content: The group claims to have defaced the website of AIRVISION INFINITY
- Date: 2025-11-14T19:09:54Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209670#google_vignette)
- Screenshots:
- Threat Actors: 404 crew cyber team
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: airvision infinity
- Victim Site: airvisioninfinity.com
- Alleged data breach of National Council of Municipal Health Secretariats (Brazil)
- Category: Data Breach
- Content: Threat actor claims to have leaked the database of National Council of Municipal Health Secretariats (Brazil) . The compromised data reportedly contains user IDs ,email addresses ,CPF ,courses ,roles and full names .
- Date: 2025-11-14T18:54:13Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Conasems-Database-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: Brazil
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: national council of municipal health secretariats (brazil)
- Victim Site: portal.conasems.org.br
- XmrAnonye.id targets the website of MTs NEGERI 4 BOJONEGORO
- Category: Defacement
- Content: The group claims to have defaced the website of MTs NEGERI 4 BOJONEGORO
- Date: 2025-11-14T18:47:56Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209668)
- Screenshots:
- Threat Actors: XmrAnonye.id
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: mts negeri 4 bojonegoro
- Victim Site: pengumuman.mtsn4bojonegoro.sch.id
- dream hack targets the website of Fintech Wealth
- Category: Defacement
- Content: The group claims to have defaced the website of Fintech Wealth
- Date: 2025-11-14T18:05:53Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209667)
- Screenshots:
- Threat Actors: dream hack
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: fintech wealth
- Victim Site: thefintechwealth.com
- Alleged data breach of BMW India
- Category: Data Breach
- Content: Threat actor claims to have leaked data from BMW India. The compromised data reportedly contains 40,788 records, including IDs, names, phone numbers, addresses, and other personal information.
- Date: 2025-11-14T17:58:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-BMW-India-Data-Breach)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: India
- Victim Industry: Automotive
- Victim Organization: bmw india
- Victim Site: bmw.in
- Alleged data breach of Kaener Personal
- Category: Ransomware
- Content: The group claims to have leaked 139 GB data from Kaener Personal.
- Date: 2025-11-14T17:56:46Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: Switzerland
- Victim Industry: Human Resources
- Victim Organization: kaener personal
- Victim Site: kaenerpersonal.ch
- dream hack targets the website of Triangle Wealth
- Category: Defacement
- Content: The group claims to have defaced the website of Triangle Wealth
- Date: 2025-11-14T17:47:12Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209665)
- Screenshots:
- Threat Actors: dream hack
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: triangle wealth
- Victim Site: trianglewealth.in
- dream hack targets the website of Ramah Finserv Private Limited
- Category: Defacement
- Content: The group claims to have defaced the website of Ramah Finserv Private Limited.
- Date: 2025-11-14T17:14:24Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209666)
- Screenshots:
- Threat Actors: dream hack
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: ramah finserv private limited
- Victim Site: ramahfinserv.com
- Alleged data breach of Millicom
- Category: Data Breach
- Content: The threat actor claims to be breached data from Millicom. The compromised data reportedly contains 380 millions records that includes name, email, account number, etc,
- Date: 2025-11-14T17:08:28Z
- Network: openweb
- Published URL: (https://breachstars.hn/topic/380m-millicomcom-telco-customer-database-13tb-ul72grxxl4ba)
- Screenshots:
- Threat Actors: ShinyHunters
- Victim Country: Luxembourg
- Victim Industry: Network & Telecommunications
- Victim Organization: millicom
- Victim Site: millicom.com
- Barbizon Lighting Company falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 15 GB of organization’s data.
- Date: 2025-11-14T17:06:07Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Entertainment & Movie Production
- Victim Organization: barbizon lighting company
- Victim Site: barbizon.com
- Banyumas cyber team targets the website of Banyumas Regency government
- Category: Defacement
- Content: The group claims to have defaced the website of Banyumas Regency government
- Date: 2025-11-14T16:56:29Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209654)
- Screenshots:
- Threat Actors: Banyumas cyber team
- Victim Country: Indonesia
- Victim Industry: Government & Public Sector
- Victim Organization: banyumas regency government
- Victim Site: newsiappmas.banyumaskab.go.id
- Alleged sale of a 1-day exploit for SAP NetWeaver
- Category: Malware
- Content: The threat actor claims to be selling a 1-day exploit for SAP NetWeaver, referencing CVE-2025-31324.
- Date: 2025-11-14T16:51:46Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270080/)
- Screenshots:
- Threat Actors: 0x1
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of a 1-day exploit for multiple Microsoft Windows Server versions
- Category: Malware
- Content: The threat actor claims to be selling a 1-day exploit (CVE-2025-59287) affecting Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022 (including 23H2), and 2025.
- Date: 2025-11-14T16:44:52Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270079/)
- Screenshots:
- Threat Actors: 0x1
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of 72 Million Japan Citizen’s Data
- Category: Data Breach
- Content: Threat actor claims to be selling 72 million Japan citizen’s data .
- Date: 2025-11-14T16:37:21Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Japan-cizens-72-million-lines)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: Japan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized admin access to an unidentified US Magento shop
- Category: Initial Access
- Content: he threat actor claims to be auctioning unauthorized admin-panel access to a US-based online shop running on the Magento platform.
- Date: 2025-11-14T16:35:27Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270078/)
- Screenshots:
- Threat Actors: Billiona1re
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Trigg Labs falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-14T16:32:11Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3499b0c4-8442-3798-8adf-cd5197b2c88c)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: trigg labs
- Victim Site: trigglaboratories.com
- Alleged sale of unauthorized RDWeb access to an unidentified Canadian organization
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized RDWeb access to an unidentified Canadian organization.
- Date: 2025-11-14T16:31:02Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270076/)
- Screenshots:
- Threat Actors: samy01
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of medical records from USA
- Category: Data Breach
- Content: Threat actor claims to be selling 200 GB of medical records allegedly obtained from multiple clinics and hospitals across the United States.
- Date: 2025-11-14T16:20:59Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-200GB-Medical-Records)
- Screenshots:
- Threat Actors: Coinbase_CartelNew
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- RSVP falls victim to PLAY ransomware
- Category: Ransomware
- Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days. The compromised data reportedly includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc.
- Date: 2025-11-14T16:16:09Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=yaTDxuI6kJD0cd)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: Australia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: rsvp
- Victim Site: rsvp.com
- Alleged sale of F-16 fighter jet documentation
- Category: Data Breach
- Content: The threat actor claims to be selling sensitive documentation related to the F-16 fighter jet.
- Date: 2025-11-14T16:15:45Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/f16-fighter-jet-document-for-sa1e.45951/)
- Screenshots:
- Threat Actors: jdudjbdd
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- B&K Precision Corporation falls victim to PLAY ransomware
- Category: Ransomware
- Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days. The compromised data reportedly includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc.
- Date: 2025-11-14T16:07:19Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=XI9YzfyuaBDKlC)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: b&k precision corporation
- Victim Site: bkprecision.com
- Alleged data breach of Franklin County Engineer’s Office
- Category: Data Breach
- Content: Threat actor claims to have breached the Franklin County Engineer’s Office and obtained 2,500 sensitive documents.
- Date: 2025-11-14T16:04:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Franklin-County-Engineer-Data-Breach-Leaked-Download)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/c639fc72-e0a2-41ec-a098-acc418b279c9.png
- https://d34iuop8pidsy8.cloudfront.net/fe04c691-99cc-4bb4-86f9-cbf42fc6183d.png
- https://d34iuop8pidsy8.cloudfront.net/7d28bf2a-0d05-4b15-8c4e-e3e970d7e720.png
- https://d34iuop8pidsy8.cloudfront.net/0fd5ae9a-3c2e-44c8-bc29-2b5e8b67f080.png
- Threat Actors: KaruHunters
- Victim Country: USA
- Victim Industry: Civil Engineering
- Victim Organization: franklin county engineer’s office
- Victim Site: franklincountyengineer.org
- Valley Plains Equipment falls victim to PLAY ransomware
- Category: Ransomware
- Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days. The compromised data reportedly includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc.
- Date: 2025-11-14T16:02:00Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=9E20WT80OFFhRq)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Farming
- Victim Organization: valley plains equipment
- Victim Site: valleyplainsequipment.com
- J00Nz targets the website of Fountain University Islamic Cooperative Investment and Credit Society
- Category: Defacement
- Content: The group claims to have defaced the website of Fountain University Islamic Cooperative Investment and Credit Society.
- Date: 2025-11-14T15:47:26Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209653)
- Screenshots:
- Threat Actors: J00Nz
- Victim Country: Nigeria
- Victim Industry: Financial Services
- Victim Organization: fountain university islamic cooperative investment and credit society
- Victim Site: fuocics.org.ng
- 404 crew cyber team targets the website of Wesley Stoss
- Category: Defacement
- Content: The group claims to have defaced the website of Wesley Stoss
- Date: 2025-11-14T15:18:02Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209651)
- Screenshots:
- Threat Actors: 404 crew cyber team
- Victim Country: Brazil
- Victim Industry: E-commerce & Online Stores
- Victim Organization: wesley stoss
- Victim Site: loja-modelo.wesleystoss.com.br
- Aero Precision, LLC falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 123 GB of organization’s data. The compromised data includes employee information, project details, contracts and agreements, NDAs, specifications, etc.
- Date: 2025-11-14T14:57:04Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Sporting Goods
- Victim Organization: aero precision, llc
- Victim Site: aeroprecisionusa.com
- Alleged leak of login access of Cambodia Asia Bank
- Category: Initial Access
- Content: Group claims to have leaked login access to Cambodia Asia Bank.
- Date: 2025-11-14T14:55:55Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedzsec_official/70)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Cambodia
- Victim Industry: Financial Services
- Victim Organization: cambodia asia bank
- Victim Site: cab.com.kh
- Valley Bank falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 294 GB of organization’s data. The compromised data includes employee information (scanned passports, driver licenses, HR docs with DOB, phones, addresses, credit card details and so on), contracts and agreements, NDAs, and other client’s files, etc.
- Date: 2025-11-14T14:51:22Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: valley bank
- Victim Site: valley.com
- NULLSEC PHILIPPINES targets the website of DENR Forest Management Bureau
- Category: Defacement
- Content: The group claims to have defaced the website of DENR Forest Management Bureau
- Date: 2025-11-14T14:44:49Z
- Network: telegram
- Published URL: (https://t.me/nullsechackers/484?single)
- Screenshots:
- Threat Actors: Nullsec Philippines
- Victim Country: Philippines
- Victim Industry: Government & Public Sector
- Victim Organization: denr forest management bureau
- Victim Site: fmb.denr.gov.ph
- NULLSEC PHILIPPINES targets the website of Province of Laguna Employment and Information System
- Category: Defacement
- Content: The group claims to have defaced the website of Province of Laguna Employment and Information System
- Date: 2025-11-14T14:39:00Z
- Network: telegram
- Published URL: (https://t.me/nullsechackers/484?single)
- Screenshots:
- Threat Actors: Nullsec Philippines
- Victim Country: Philippines
- Victim Industry: Government & Public Sector
- Victim Organization: province of laguna employment and information system
- Victim Site: pleis.laguna.gov.ph
- Alleged sale of unauthorized access to unidentified oraginsation in multiple countries
- Category: Initial Access
- Content: The threat actor claims to have gained access to unidentified oraginsation in multiple countries like USA, UK, Canada, Australia, Spain.
- Date: 2025-11-14T14:37:55Z
- Network: openweb
- Published URL: (https://xss.pro/threads/144282/)
- Screenshots:
- Threat Actors: RAZOR-X
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: Unknown
- Victim Site: Unknown
- CYBER TEAM INDONESIA targets the website of LATEEFAH MODUPEOLA OKUNNU FOUNDATION
- Category: Defacement
- Content: Group claims to have taken down the website of LATEEFAH MODUPEOLA OKUNNU FOUNDATION.
- Date: 2025-11-14T14:30:32Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209652)
- Screenshots:
- Threat Actors: CYBER TEAM INDONESIA
- Victim Country: Nigeria
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: lateefah modupeola okunnu foundation
- Victim Site: lateefahokunnufoundation.org
- A-B Communications falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained corporate data from A-B Communications, including detailed personal information of employees such as scanned passports, driver’s licenses, Social Security numbers, and birth/death certificates as well as contracts and agreements, NDAs, etc
- Date: 2025-11-14T14:14:06Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: a-b communications
- Victim Site: a-bcommunications.com
- BROTHERHOOD CAPUNG INDONESIA targets the website of AVC Marketing Agency
- Category: Defacement
- Content: The group claims to have defaced these domains: tools.avc.lk, avc.lk.
- Date: 2025-11-14T14:10:23Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209648)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Sri Lanka
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: avc marketing agency
- Victim Site: tools.avc.lk
- Alleged database sale of Eurofiber Cloud Infra
- Category: Data Breach
- Content: The threat actor claims to be selling the full Eurofiber Cloud Infra database, allegedly exposing personal information, system credentials, configuration files, SQL backups, certificates, and other internal documents.
- Date: 2025-11-14T14:07:19Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-NL-Eurofiber-B-V-Full-Database)
- Screenshots:
- Threat Actors: ByteToBreach
- Victim Country: Netherlands
- Victim Industry: Information Technology (IT) Services
- Victim Organization: eurofiber cloud infra
- Victim Site: eurofibercloudinfra.com
- BROTHERHOOD CAPUNG INDONESIA targets the website of Lankava luxe
- Category: Defacement
- Content: Group claims to have defaced the website of Lankava luxe.
- Date: 2025-11-14T13:48:10Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209646)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Sri Lanka
- Victim Industry: Supermarkets
- Victim Organization: lankava luxe
- Victim Site: lankavaluxe.com
- BROTHERHOOD CAPUNG INDONESIA targets the websites of World Cup Betting Entrance (China) Co., Ltd.
- Category: Defacement
- Content: The group claims to have defaced the website of World Cup Betting Entrance (China) Co., Ltd.. Mirror: https://defacer.id/mirror/id/209642
- Date: 2025-11-14T13:41:51Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209642)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Sports
- Victim Organization: world cup betting entrance (china) co., ltd.
- Victim Site: hirusandu.com
- Alleged Sale of Romanian Database
- Category: Data Breach
- Content: The threat actor claims to be selling Romanian Database.
- Date: 2025-11-14T13:38:13Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Romanian-Database)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: Romania
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- BROTHERHOOD CAPUNG INDONESIA targets the website of Pexus Digital
- Category: Defacement
- Content: Group claims to have defaced the website of Pexus Digital.
- Date: 2025-11-14T13:33:22Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209647)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Sri Lanka
- Victum Industry: Social Media & Online Social Networking
- Victim Organization: pexus digital
- Victim Site: pexusdigital.lk
- 7 Proxies targets the website of Certificate/Authentication Management System, Karnaphuli Upazila
- Category: Defacement
- Content: The group claims to have defaced the website of Certificate/Authentication Management System, Karnaphuli Upazila.
- Date: 2025-11-14T13:32:46Z
- Network: telegram
- Published URL: (https://t.me/c/2366703983/772)
- Screenshots:
- Threat Actors: 7 Proxies
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: certificate/authentication management system
- Victim Site: prottoyon-karnafuli.org
- 404 crew cyber team targets the website of University of the Republic
- Category: Defacement
- Content: The group claims to have defaced the website of University of the Republic. Attributing the attack to its member Lost32x.
- Date: 2025-11-14T13:05:53Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209649)
- Screenshots:
- Threat Actors: 404 crew cyber team
- Victim Country: Uruguay
- Victim Industry: Education
- Victim Organization: university of the republic
- Victim Site: estudioshispanicos.edu.uy
- BROTHERHOOD CAPUNG INDONESIA targets the website of gampahaapi.lk
- Category: Defacement
- Content: Group claims to have defaced the website of gampahaapi.lk
- Date: 2025-11-14T13:01:36Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209641)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: gampahaapi.lk
- Victim Site: gampahaapi.lk
- Kaan Cronenberg & Partner Rechtsanwälte GmbH falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-14T12:59:00Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691596aee1a4e4b3ffde00ea)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Law Practice & Law Firms
- Victim Organization: kaan cronenberg & partner rechtsanwälte gmbh
- Victim Site: kcp.at
- BROTHERHOOD CAPUNG INDONESIA targets the websites of hoopoedesign.lk
- Category: Defacement
- Content: The group claims to have defaced the website of hoopoedesign.lk
- Date: 2025-11-14T12:52:10Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209644)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: hoopoe design
- Victim Site: hoopoedesign.lk
- BROTHERHOOD CAPUNG INDONESIA targets the websites of hmjtraders.lk
- Category: Defacement
- Content: The group claims to have defaced the website of hmjtraders.lk
- Date: 2025-11-14T12:51:15Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209643)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: hmjtraders
- Victim Site: hmjtraders.lk
- BROTHERHOOD CAPUNG INDONESIA targets the websites of jworld.lk
- Category: Defacement
- Content: The group claims to have defaced the website of jworld.lk
- Date: 2025-11-14T12:50:12Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209645)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: jworld
- Victim Site: jworld.lk
- TEAM BD CYBER NINJA targets the website of Imprenta Sevilla
- Category: Defacement
- Content: The group claims to have defaced the website of Imprenta Sevilla
- Date: 2025-11-14T12:46:42Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209633)
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: Spain
- Victim Industry: Printing
- Victim Organization: imprenta sevilla
- Victim Site: imprenta-sevilla.es
- TEAM BD CYBER NINJA targets the website of Radius Beauty Clinic Fukuoka
- Category: Defacement
- Content: The group claims to have defaced the website of Radius Beauty Clinic Fukuoka
- Date: 2025-11-14T12:40:39Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209635)
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: Japan
- Victim Industry: Hospital & Health Care
- Victim Organization: radius beauty clinic fukuoka
- Victim Site: radias-cl-fukuoka.clinic
- 404 crew cyber team targets the website of Easy Tour Brazil
- Category: Defacement
- Content: The group claims to have defaced the website of Easy Tour Brazil. Attributing the attack to its member Lost32x.
- Date: 2025-11-14T12:40:02Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209650)
- Screenshots:
- Threat Actors: 404 crew cyber team
- Victim Country: Brazil
- Victim Industry: Hospitality & Tourism
- Victim Organization: easy tour brazil
- Victim Site: easytourbrasil.com.br
- TEAM BD CYBER NINJA targets the website of Hunde-Versandhaus
- Category: Defacement
- Content: The group claims to have defaced the website of Hunde-Versandhaus
- Date: 2025-11-14T12:35:45Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209632)
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: Germany
- Victim Industry: E-commerce & Online Stores
- Victim Organization: hunde-versandhaus
- Victim Site: katzen-versandhaus.de
- 404 crew cyber team targets the website of Easy Tour Brazil
- Category: Defacement
- Content: The group claims to have defaced the website of Easy Tour Brazil. Attributing the attack to its member Lost32x.
- Date: 2025-11-14T12:29:02Z
- Network: openweb
- Published URL: (https://defacer.id/archive/onhold/1)
- Screenshots:
- Threat Actors: 404 crew cyber team
- Victim Country: Brazil
- Victim Industry: Hospitality & Tourism
- Victim Organization: easy tour brazil
- Victim Site: easytourbrasil.com.br
- lxrdk1773n targets the website of Halal India PVT LTD.
- Category: Defacement
- Content: Group claims to have defaced the website of Halal India PVT LTD.
- Date: 2025-11-14T12:23:28Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209664)
- Screenshots:
- Threat Actors: lxrdk1773n
- Victim Country: India
- Victim Industry: Consumer Services
- Victim Organization: halal india pvt ltd
- Victim Site: halalindia.co.in
- Swiss Rose Company falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 50 GB of the organization’s data and intends to publish it within 7–8 days.
- Date: 2025-11-14T12:09:52Z
- Network: tor
- Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
- Screenshots:
- Threat Actors: Nova
- Victim Country: Iraq
- Victim Industry: Manufacturing
- Victim Organization: swiss rose company
- Victim Site: en.swissroseco.com
- Alleged data breach of Excel Educational Institution
- Category: Data Breach
- Content: The group claims to have breached the Excel Educational Institution, alleging that multiple subdomains were defaced during the intrusion. They further claim to have leaked the institution’s server access credentials.
- Date: 2025-11-14T12:07:18Z
- Network: telegram
- Published URL: (https://t.me/neffex_the_blackhat/26?single)
- Screenshots:
- Threat Actors: Neffex THe BlackHat
- Victim Country: India
- Victim Industry: Education
- Victim Organization: excel educational institution
- Victim Site: exceledu.co.in
- Bali Blackhat targets the website of International Union of Radioecology (IUR)
- Category: Defacement
- Content: The group claims to have defaced the website of International Union of Radioecology (IUR)
- Date: 2025-11-14T11:59:36Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209624)
- Screenshots:
- Threat Actors: Bali Blackhat
- Victim Country: Russia
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: international union of radioecology (iur)
- Victim Site: iir.org.ru
- Bali Blackhat targets the website of Institute of Innovative Development and Technology
- Category: Defacement
- Content: The group claims to have defaced the website of Institute of Innovative Development and Technology
- Date: 2025-11-14T11:55:44Z
- Network: openweb
- Published URL: (https://defacer.id/mirror/id/209625)
- Screenshots:
- Threat Actors: Bali Blackhat
- Victim Country: North Macedonia
- Victim Industry: Education
- Victim Organization: institute of innovative development and technology
- Victim Site: iira.online
- Alleged unauthorized access to Elikatni Products checkout system
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the checkout system of Elikatni Products.
- Date: 2025-11-14T11:24:04Z
- Network: telegram
- Published URL: (https://t.me/zpentestalliance/710)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Food Production
- Victim Organization: elikatni products
- Victim Site: Unknown
- Alleged unauthorized access to unidentified control system of a hydroelectric power plant in France
- Category: Initial Access
- Content: The group claims to have gained access to the unidentified control system of a hydroelectric power plant in Centrale Chalmazel (France). They reportedly have the ability to control the generators, turbine, emergency logs, Current readings of generators and parameters, also power and timing regulator settings were changed
- Date: 2025-11-14T11:20:44Z
- Network: telegram
- Published URL: (https://t.me/c/2787466017/413)
- Screenshots:
- Threat Actors: NoName057(16)
- Victim Country: France
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Instagram usernames
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing 39K Instagram verified usernames.
- Date: 2025-11-14T11:08:58Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-39K-Instagram-Legacy-Verified-Accounts-username-list-free)
- Screenshots:
- Threat Actors: tomy
- Victim Country: USA
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: instagram
- Victim Site: instagram.com
- Barnhart Group falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s corporate data. The compromised data includes financial data such as audit, payment details, invoices, detailed employees and customers information, Passports, driver’s license, Social Security Numbers, medical information, emails, phones, confidential information, NDAs and other documents with detailed personal information.
- Date: 2025-11-14T11:05:10Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: barnhart group inc.
- Victim Site: barnhartinc.com
- Alleged leak of login access of ROYAL CAMBODIAN ARMY
- Category: Initial Access
- Content: Group claims to have leaked login access to ROYAL CAMBODIAN ARMY
- Date: 2025-11-14T11:03:34Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedzsec_official/60)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Cambodia
- Victim Industry: Military Industry
- Victim Organization: royal cambodian army
- Victim Site: army.mil.kh
- Waukegan Steel falls victim to Akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 15GB of corporate data from Waukegan Steel, including scanned personal documents such as passports, Social Security numbers, driver’s licenses, W-9 forms, and other identity records, as well as project information, NDAs, contracts and agreements, financial documents, client information, drawings of ongoing projects, and additional sensitive corporate files.
- Date: 2025-11-14T11:03:06Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: waukegan steel
- Victim Site: waukegansteel.com
- Bali Blackhat targets the website of FINMONITOR
- Category: Defacement
- Content: The group claims to have defaced the website of FINMONITOR
- Date: 2025-11-14T11:02:03Z
- Network: openweb
- Published URL: (https://defacer.id/archive/1)
- Screenshots:
- Threat Actors: Bali Blackhat
- Victim Country: Russia
- Victim Industry: Information Services
- Victim Organization: finmonitor
- Victim Site: finmonitor.online
- General Micro Systems falls victim to Akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained corporate data from , including project information, drawings and specifications, customer information, NDA’s, and other internal files.
- Date: 2025-11-14T10:50:52Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: general micro systems, inc.
- Victim Site: gms4sbc.com
- Basin Harbor falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes financial data such as audit, payment details, invoices, detailed employees and customers information, passports, driver’s license, Social Security Numbers, emails, phones, confidential information and other documents with detailed personal information.
- Date: 2025-11-14T10:47:42Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Hospitality & Tourism
- Victim Organization: basin harbor
- Victim Site: basinharbor.com
- Sarcoma ransomware group has added an unidentified victim
- Category: Ransomware
- Content: The group claims to have obtained 526 GB of organization’s data and plans to publish it within the next 6-7 days.
- Date: 2025-11-14T09:56:43Z
- Network: tor
- Published URL: (http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/)
- Screenshots:
- Threat Actors: Sarcoma
- Victim Country: Germany
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Z-BL4CX-H4T targets the website of ARAS GROUP
- Category: Defacement
- Content: Group claims to have defaced the website of ARAS GROUP
- Date: 2025-11-14T08:06:05Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/142)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: aras group
- Victim Site: arasgroupcrm.com
- Alleged data sale of CoinMarketCap
- Category: Data Breach
- Content: The threat actor claims to be selling 1.16 million records from CoinMarketCap. The data reportedly includes names, email addresses, phone numbers, physical addresses, acquired coins, coin types, cities, states, and postal codes
- Date: 2025-11-14T07:41:12Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-coinmarketcap-com-USA-CentraCare-Blockchain-Cryptocurrency-Holders-1-16-million)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: USA
- Victim Industry: Information Services
- Victim Organization: coinmarketcap
- Victim Site: coinmarketcap.com
- Alleged data breach of American Public University System
- Category: Data Breach
- Content: The threat actor claims to be selling a 59,618 records database from the American Public University System (APUS), specifically from its ClearPath Learning Relationship Management platform, allegedly breached in October 2025
- Date: 2025-11-14T06:33:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-American-Public-University-System-Leaked-Download)
- Screenshots:
- Threat Actors: wikkid
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: american public university system
- Victim Site: apus.edu
- Alleged data leak of Airlines from India
- Category: Data Breach
- Content: Threat actor claims to have leaked data related to Airlines from India.
- Date: 2025-11-14T06:28:19Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/india-airlines-fresh-2025-11-db-avilable-on-priva1e-channe1-to-b0y-acces-dm-telgram.45917/)
- Screenshots:
- Threat Actors: jdudjbdd
- Victim Country: India
- Victim Industry: Airlines & Aviation
- Victim Organization: Unknown
- Victim Site: Unknown
- The Foot Doctor, P.C. falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive internal data, including personal information of employees and clients, as well as other documents, which they intend to publish within 6-7 days.
- Date: 2025-11-14T06:16:07Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: the foot doctor, p.c.
- Victim Site: wyofootdoctor.com
- Alleged sale of unauthorized vpn access in Singapore
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized vpn access in Singapore.
- Date: 2025-11-14T06:10:58Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270040/)
- Screenshots:
- Threat Actors: personX
- Victim Country: Singapore
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized access to unidentified shop in Greece
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to unidentified shop in Greece.
- Date: 2025-11-14T06:07:43Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270044/)
- Screenshots:
- Threat Actors: corptoday
- Victim Country: Greece
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of General Department of Immigration (GDI)
- Category: Data Breach
- Content: The group claims to have breached the data of General Department of Immigration (GDI).
- Date: 2025-11-14T04:46:52Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedzsec_official/59)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Cambodia
- Victim Industry: Government Administration
- Victim Organization: general department of immigration (gdi)
- Victim Site: police.immigration.gov.kh
- Alleged leak of Login access of General Department of Immigration (GDI)
- Category: Initial Access
- Content: Group claims to have leaked login access of General Department of Immigration (GDI)
- Date: 2025-11-14T04:42:36Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedzsec_official/58)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Cambodia
- Victim Industry: Government Administration
- Victim Organization: general department of immigration (gdi)
- Victim Site: police.immigration.gov.kh
- Alleged data breach of AIESEC Canada
- Category: Data Breach
- Content: The threat actor claims to be selling over 158k records from the organization.
- Date: 2025-11-14T04:36:52Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270043/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Canada
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: aiesec canada
- Victim Site: aiesec.ca
- Alleged data leak of ALRO Online Land Management System
- Category: Data Breach
- Content: The group claims to have leaked the databases ALRO Online Land Management System and also gained unauthorized access of the website.
- Date: 2025-11-14T04:36:41Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1302)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: alro online land management system
- Victim Site: alrolandonline.alro.go.th
- Alleged leak of Login access of Digital Research Information Center
- Category: Initial Access
- Content: Group claims to have leaked login access of Digital Research Information Center.
- Date: 2025-11-14T03:38:14Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1206)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Research Industry
- Victim Organization: digital research information center
- Victim Site: dric.nrct.go.th
- Metropolitan Adjustment Bureau falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1000 GB of the organization’s data.
- Date: 2025-11-14T03:31:03Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/wwjKZzPZUBGPRodytFUu4QEgLPW5QpdQ/metropolitan-adjustment-bureau)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Insurance
- Victim Organization: metropolitan adjustment bureau
- Victim Site: metroadjusters.com
- Alleged leak of admin access of JBSofts
- Category: Initial Access
- Content: Group claims to have leaked admin access of JBSofts.
- Date: 2025-11-14T03:25:28Z
- Network: telegram
- Published URL: (https://t.me/c/2922666876/989)
- Screenshots:
- Threat Actors: Forums Neon Spectre Team
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: jbsofts
- Victim Site: jaybabani.com
- Rosemont Exposition Services, Inc. falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 39.99 GB of the organization’s data and intends to publish it within 7-8 days
- Date: 2025-11-14T03:05:56Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69165e20e1a4e4b3ffebf45d)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Events Services
- Victim Organization: rosemont exposition services, inc.
- Victim Site: rosemontexpo.com
- Actor LEAKS DATABASE CYBER TEAM INDONESIA targets the website of Lateefah Modupeola Okunnu Foundation (LMOF)
- Category: Defacement
- Content: Group claims to have defaced the website of Lateefah Modupeola Okunnu Foundation (LMOF)
- Date: 2025-11-14T02:56:47Z
- Network: telegram
- Published URL: (https://t.me/c/2326263047/556)
- Screenshots:
- Threat Actors: LEAKS DATABASE CYBER TEAM INDONESIA
- Victim Country: Indonesia
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: lateefah modupeola okunnu foundation
- Victim Site: lateefahokunnufoundation.org
- Grinding and Dicing Services Inc falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 37GB of organization’s data.
- Date: 2025-11-14T02:10:46Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69166788e1a4e4b3ffec9a76)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Semiconductors
- Victim Organization: grinding and dicing services inc
- Victim Site: dieprepservices.com
- Dubois Wood Products, Inc. falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 268.52 GB of the organization’s data which they intend to publish within 7-8 days.
- Date: 2025-11-14T02:07:07Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6916628ee1a4e4b3ffec445c)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: dubois wood products, inc.
- Victim Site: duboiswood.com
- Facade Innovations Pty Ltd falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-14T01:55:05Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69166e50e1a4e4b3ffed14b0)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Australia
- Victim Industry: Building and construction
- Victim Organization: facade innovations
- Victim Site: facadeinnovations.com.au
- Kelly Legal falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 416.70 GB of organization’s data which they intend to publish within 7-8 days
- Date: 2025-11-14T01:43:22Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69166090e1a4e4b3ffec22d3)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Australia
- Victim Industry: Law Practice & Law Firms
- Victim Organization: kelly legal
- Victim Site: kellylegal.com.au
- Northcroft Middle East LLC falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300 GB of the organization’s data.
- Date: 2025-11-14T00:49:47Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69167885e1a4e4b3ffeddd21)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Qatar
- Victim Industry: Building and construction
- Victim Organization: northcroft middle east llc
- Victim Site: northcroftme.com
- ANG BROTHERS (M&E) PTE. LTD. falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 3 TB of organization’s data including millions of internal documents and data, which they intend to publish within 9-10 days
- Date: 2025-11-14T00:48:19Z
- Network: tor
- Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
- Screenshots:
- Threat Actors: Nova
- Victim Country: Singapore
- Victim Industry: Mechanical or Industrial Engineering
- Victim Organization: ang brothers (m&e) pte. ltd.
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats, strictly based on the provided data. Ransomware attacks are frequent, notably involving groups like INC RANSOM, akira, and PLAY, targeting various sectors globally, from Automotive and Education to Manufacturing and Financial Services. There is also significant activity in Data Breach incidents, with claims ranging from the leakage of individual customer and citizen records in countries like China, Japan, and Romania, to the alleged sale of large-scale databases from organizations in Telecommunications (Millicom) and Information Services (CoinMarketCap). Furthermore, the trade in Initial Access remains active, with threat actors claiming to sell network access to organizations in countries like Sweden, Canada, Cambodia, and access to critical systems, including a hydroelectric power plant in France. The prevalence of Defacement against websites in India, Sri Lanka, and Indonesia underscores the widespread nature of hacktivism and less-sophisticated attacks. Finally, the alleged sale of malware, including exploits for major platforms like SAP NetWeaver and Microsoft Windows Server, indicates the continued proliferation of offensive capabilities. The collection of these events demonstrates persistent and varied cyber risks across numerous industries and geographies.