[November-18-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged Unauthorized Access to Industrial Flow Meter Interface

• Category: Initial Access
• Content: Group claims to have accessed the interface of a Ukrainian industrial flow-meter device, displaying administrative controls and event-log functions. The exposed system appears to be used for monitoring gas or liquid flow in a pipeline
• Date: 2025-11-18T23:34:10Z
• Network: telegram
• Published URL: https://t.me/zpentestalliance/728
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/657676c8-f76a-48ad-b102-52ad63aa61b3.png
• Threat Actors: Z-PENTEST ALLIANCE
• Victim Country: Ukraine
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

2. Alleged sale of unauthorized access to Syrian Journal for Science and Innovation

• Category: Initial Access
• Content: The group claims to have sell unauthorized access of Syrian Journal for Science and Innovation
• Date: 2025-11-18T23:24:29Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/337
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/996d74bb-f9ea-4ab2-abc2-5fac7873947c.png
• Threat Actors: Pharaoh’s Team
• Victim Country: Syria
• Victim Industry: Government Administration
• Victim Organization: syrian journal for science and innovation
• Victim Site: journal.hcsr.gov.sy

3. Alleged sale of unauthorized access to National Energy Research Center

• Category: Initial Access
• Content: The group claims to sell unauthorized access of National Energy Research Center.
• Date: 2025-11-18T23:19:47Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/333?single
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ba813032-9d9d-47b1-bc08-55b1110d09e1.png
• Threat Actors: Pharaoh’s Team
• Victim Country: Syria
• Victim Industry: Government Administration
• Victim Organization: national energy research center
• Victim Site: nerc.gov.sy

4. Alleged sale of unauthorized access to Higher Commission for Scientific Research

• Category: Initial Access
• Content: The group claims to have sell unauthorized access of Higher Commission for Scientific Research.
• Date: 2025-11-18T23:16:48Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/333
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a645065a-472b-4ace-9f0a-c450643f6766.png
• Threat Actors: Pharaoh’s Team
• Victim Country: Syria
• Victim Industry: Government Administration
• Victim Organization: higher commission for scientific research
• Victim Site: hcsr.gov.sy

5. Alleged sale of unauthorized access to multiple Public Universities Based In Indonesia

• Category: Initial Access
• Content: The threat actor claims to be selling Web Application Firewall admin access to three major public universities in Indonesia. The post lists estimated revenues for each institution $52.5M, $16M, and $14M.
• Date: 2025-11-18T23:13:41Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Access-To-3x-Indonesioan-Public-Universities-Web-Application-Firewall-Access
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e48ec5a1-b880-4642-9db7-aa515b600169.png
• Threat Actors: innocentzero
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: Unknown
• Victim Site: Unknown

6. NATION OF SAVIORS targets the website of Blazet It Services Agency

• Category: Defacement
• Content: The group claims to have defaced the website of Blazet It Services Agency. Mirror Link 1 :http://www.zone-h.org/mirror/id/41498710 Mirror Link 2 :https://hax.or.id/archive/mirror/239421
• Date: 2025-11-18T23:09:34Z
• Network: telegram
• Published URL: https://t.me/nation_of_saviors_public/320
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/dc8627a6-9314-43cf-b93e-822971ced0ea.png
• Threat Actors: NATION OF SAVIORS
• Victim Country: Saudi Arabia
• Victim Industry: Software
• Victim Organization: blazet it services agency
• Victim Site: blazetit.com

7. Alleged sale of unauthorized access to National Fire Department of Colombia

• Category: Initial Access
• Content: The threat actor claims to be selling admin/root access to the Web Application Firewall of dnbc.gov.co, the official website of the Dirección Nacional de Bomberos Colombia (National Fire Department of Colombia)
• Date: 2025-11-18T23:04:12Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Access-To-dnbc-gov-co-Web-Application-Firewall-Root-Access
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/5d12f5f8-e91d-40ac-8e94-9923397d508a.png
• Threat Actors: innocentzero
• Victim Country: Colombia
• Victim Industry: Government Administration
• Victim Organization: national fire department of colombia
• Victim Site: dnbc.gov.co

8. Alleged sale of unauthorized access to an unidentified private hospital and medical center based in Mexico

• Category: Initial Access
• Content: The threat actor claims to be selling administrative/root access to the Web Application Firewall of a private hospital and medical center in Mexico
• Date: 2025-11-18T22:51:01Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Access-To-A-Mexican-Private-Hospital-Web-Application-Firewall-Access
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/eb104e40-23d7-4f44-913f-55aa71ac3dc6.png
• Threat Actors: innocentzero
• Victim Country: Mexico
• Victim Industry: Hospital & Health Care
• Victim Organization: Unknown
• Victim Site: Unknown

9. Alleged data breach of Zoominfo

• Category: Data Breach
• Content: Threat actor claims to have leaked data from Zoominfo . The compromised data reportedly includes company emails ,phone numbers and addresses .
• Date: 2025-11-18T22:19:51Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270323/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/df8c88a3-7604-466c-a080-3f28f187d439.png
• Threat Actors: RST4
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: zoominfo
• Victim Site: zoominfo.com

10. Zuber Aussenwelten AG falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data and intent to publish it within 2-3 days.
• Date: 2025-11-18T21:39:59Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/aussenweltench/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/766c89df-3cc4-43ae-a5b7-a743c876bc0f.png
• Threat Actors: SAFEPAY
• Victim Country: Switzerland
• Victim Industry: Architecture & Planning
• Victim Organization: zuber aussenwelten ag
• Victim Site: aussenwelten.ch

11. Simmons Electrical Co. Ltd falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data and intent to publish it within 2-3 days.
• Date: 2025-11-18T21:29:46Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/simmonsbbcom/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/839d07ee-e0cb-4ea0-8c8a-87695f6ed203.png
• Threat Actors: SAFEPAY
• Victim Country: Barbados
• Victim Industry: Electrical & Electronic Manufacturing
• Victim Organization: simmons electrical co. ltd
• Victim Site: simmonsbb.com

12. Alleged data breach of Ryanair

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Ryanair. The Compromised Data includes Email Addresses, Communications, Ticket Bookings, Travel Departures, Travel Destinations, Flight Numbers and Ticket Claimants.
• Date: 2025-11-18T21:23:16Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Ryanair-Internal-Communcations
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c9b157ca-1bfe-43b3-9c3d-8b527da3a605.png
• Threat Actors: 888
• Victim Country: Ireland
• Victim Industry: Airlines & Aviation
• Victim Organization: ryanair
• Victim Site: ryanair.com

13. Spark Innovations falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained 222 GB of organization’s data.
• Date: 2025-11-18T21:15:45Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6e814922-2e7f-3929-9753-8519f971635d
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/77bf31b0-e7f0-48cc-aca1-1b2a8ba46d4a.png
• Threat Actors: Qilin
• Victim Country: Canada
• Victim Industry: Design
• Victim Organization: spark innovations
• Victim Site: sparkinnovations.com

14. Adesur SAS falls victim to SAFEPAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data and plans to publish it within 2-3 days.
• Date: 2025-11-18T21:10:06Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/adesursascom/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/39f1dcbb-d28a-4367-b887-08db38bf220b.png
• Threat Actors: SAFEPAY
• Victim Country: Colombia
• Victim Industry: Wholesale
• Victim Organization: adesur sas
• Victim Site: adesursas.com

15. Puerto Rico Warehousing Management Corp falls victim to SAFEPAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data and plans to publish it within 2-3 days.
• Date: 2025-11-18T21:05:43Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/puertoricowarehousingcom/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d7d2d64c-b78c-40bd-9cff-eace62810cd0.png
• Threat Actors: SAFEPAY
• Victim Country: Unknown
• Victim Industry: Transportation & Logistics
• Victim Organization: puerto rico warehousing management corp
• Victim Site: puertoricowarehousing.com

16. Comprehensive Institute of Cavaglià falls victim to SAFEPAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data and plans to publish it within 2-3 days.
• Date: 2025-11-18T21:00:40Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/istitutocomprensivo-cavagliaeduit/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c1e0be4c-0180-4837-8425-e21d9ca70f3d.png
• Threat Actors: SAFEPAY
• Victim Country: Italy
• Victim Industry: Education
• Victim Organization: comprehensive institute of cavaglià
• Victim Site: istitutocomprensivo-cavaglia.edu.it

17. Grand Prairie Public Library falls victim to INC RANSOM Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data
• Date: 2025-11-18T20:14:14Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cba39e1a4e4b3ff52b272
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/105efff2-30f3-48f6-ade0-ad231bcbf3c5.png
• Threat Actors: INC RANSOM
• Victim Country: USA
• Victim Industry: Library
• Victim Organization: grand prairie public library
• Victim Site: grandeprairie.org

18. CONTINUUM India LLP falls victim to INC RANSOM Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data
• Date: 2025-11-18T20:00:23Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cbfb3e1a4e4b3ff530e17
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/de3ddcdf-5c21-4087-b283-5a15959426db.png
• Threat Actors: INC RANSOM
• Victim Country: India
• Victim Industry: Research Industry
• Victim Organization: continuum india llp
• Victim Site: continuumindia.com

19. Bais Yaakov Elementary School falls victim to INC RANSOM ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data.
• Date: 2025-11-18T19:58:29Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cc9afe1a4e4b3ff53d111
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/7d0c0af7-5f03-462a-8308-d8a4301ba2f0.png
• Threat Actors: INC RANSOM
• Victim Country: Canada
• Victim Industry: Education
• Victim Organization: bais yaakov elementary school
• Victim Site: baisyaakov.ca

20. Alleged Data Breach of lifeweb

• Category: Data Breach
• Content: The threat actor claims to have leaked data from lifeweb.
• Date: 2025-11-18T19:43:57Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-DATABASE-Canada-Database-srasc-dev3-lifeweb-ca
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8436ac23-c6d4-429c-ae6c-d92755417e7a.png
• Threat Actors: AshleyWood2022
• Victim Country: Canada
• Victim Industry: Graphic & Web Design
• Victim Organization: lifeweb
• Victim Site: srasc.dev3.lifeweb.ca

21. The Ripley Academy falls victim to INC RANSOM ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data and plans to publish it within 7-8 days.
• Date: 2025-11-18T19:39:57Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cb92de1a4e4b3ff529c3c
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c5393d0c-d757-42fa-83f1-fc75f113a89a.png
• Threat Actors: INC RANSOM
• Victim Country: UK
• Victim Industry: Education
• Victim Organization: the ripley academy
• Victim Site: ripleyacademy.org

22. BABAYO EROR SYSTEM targets the website of Ushine24

• Category: Defacement
• Content: The group claims to have defaced the website of Ushine24
• Date: 2025-11-18T19:28:40Z
• Network: telegram
• Published URL: https://t.me/babayoerorsysteam3/735
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/dbf13665-b8cc-4c8f-9264-8d7558e3e220.png
• Threat Actors: BABAYO EROR SYSTEM
• Victim Country: UAE
• Victim Industry: Cosmetics
• Victim Organization: ushine24
• Victim Site: ushine24.ae

23. Zadro falls victim to INC RANSOM ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data and plans to publish it within 7-8 days.
• Date: 2025-11-18T19:18:36Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cb6d5e1a4e4b3ff527317
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/3c3fd7d8-fbf2-493a-8ccd-b8cffccff527.png
• Threat Actors: INC RANSOM
• Victim Country: USA
• Victim Industry: Manufacturing
• Victim Organization: zadro
• Victim Site: zadroinc.com

24. Datenlotsen falls victim to INC RANSOM ransomware

• Category: Ransomware
• Content: Group claims to have obtained 900 GB of organizations data and plan to publish it within 6-7 days.
• Date: 2025-11-18T19:14:58Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691cb4d1e1a4e4b3ff525aba
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/bee6df38-ec58-4345-ac39-cdd12f2a6227.png
• Threat Actors: INC RANSOM
• Victim Country: Germany
• Victim Industry: Information Technology (IT) Services
• Victim Organization: datenlotsen
• Victim Site: datenlotsen.de

25. Alleged leak of login access of Siem Reap province

• Category: Initial Access
• Content: Group claims to have leaked login access to Siem Reap Province
• Date: 2025-11-18T18:33:53Z
• Network: telegram
• Published URL: https://t.me/h3c4kedzsec_official/81
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/605df0d0-4d01-4672-b34e-c8258287bb8f.png
• Threat Actors: H3C4KEDZ
• Victim Country: Cambodia
• Victim Industry: Government Administration
• Victim Organization: siem reap province
• Victim Site: siemreap.gov.kh

26. Alleged sale of unauthorized admin access to unidentified business platform in India

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to an unidentified business platform in India .
• Date: 2025-11-18T18:10:50Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270316/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f7ab8a85-8f3e-43df-b2d5-794d461df06b.png
• Threat Actors: remotedesktop
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

27. Alleged Data breach of Ministry of Justice

• Category: Data Breach
• Content: The group claims to have obtained the organization’s data Note: The authenticity of the claim/breach has not been verified
• Date: 2025-11-18T17:53:38Z
• Network: telegram
• Published URL: https://t.me/CyberforceTn/491
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/5fe7a061-6ec9-44f5-9009-94474d10a9fb.png
• Threat Actors: Tunisian Maskers Cyber Force
• Victim Country: Jordan
• Victim Industry: Government Administration
• Victim Organization: ministry of justice
• Victim Site: istd.gov.jo

28. Alleged unauthorized SCADA system access to an unidentified factory in Poland

• Category: Initial Access
• Content: Group claims to have gained unauthorized access to the industrial SCADA system of a Polish factory that produces construction mixtures.
• Date: 2025-11-18T17:34:36Z
• Network: telegram
• Published URL: https://t.me/c/2549402132/421
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/06dbdbd6-9e88-4a2e-b58f-563ffddf9dbc.png https://d34iuop8pidsy8.cloudfront.net/cd2fa7b2-e235-4abb-95fd-52afd907ef63.png
• Threat Actors: Inteid
• Victim Country: Poland
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

29. Alleged Data Breach from Ayuntamiento de Béjar

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Ayuntamiento de Béjar.
• Date: 2025-11-18T17:34:04Z
• Network: tor
• Published URL: http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-Document-AYUNTAMIENTO-DE-BEJAR-LEAKED-INTERNAL-DOCUMENTS
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d090df19-a745-49ea-a070-6102a20fcdd0.png
• Threat Actors: ballistic
• Victim Country: Spain
• Victim Industry: Government Administration
• Victim Organization: ayuntamiento de béjar
• Victim Site: aytobejar.com

30. Appalachian Community Federal Credit Union falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have published 75 GB f organization’s data.
• Date: 2025-11-18T17:04:56Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=312eef9f-72c5-33c2-8856-7fbe0dc69d87
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/6c6ab4e9-83ad-47d9-baf3-226da08d886a.png
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: appalachian community federal credit union
• Victim Site: myacfcu.org

31. Alleged Data Breach from vidpaw

• Category: Data Breach
• Content: The threat actor claims to have leaked data from vidpaw.
• Date: 2025-11-18T16:58:24Z
• Network: tor
• Published URL: http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-vidpaw-com-SQL-Available
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/50f9ee13-6bd2-4746-a72b-83463bf5da23.png
• Threat Actors: wizard
• Victim Country: USA
• Victim Industry: Software
• Victim Organization: vidpaw
• Victim Site: [suspicious link removed]

32. Innovex Holdings falls victim to SKIRA ransomware

• Category: Ransomware
• Content: Group claims to have obtained 30 TB of the organization’s data, as well as data from other companies belonging to Innovex Holdings, including CMC Biotec, Thai GL, Thai Industech, Abex Technologies, and Healthcare Enterprises.
• Date: 2025-11-18T16:50:54Z
• Network: tor
• Published URL: http://mtgc3qvyedjnfu7cen2zsupdppi5ys5g2hm6xwujvoepw25p4dy6huid.onion/news/innovex.co.th.html
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/fad5303f-f5fa-44e5-bbe3-fe464d4ee2d4.png
• Threat Actors: SKIRA TEAM
• Victim Country: Thailand
• Victim Industry: Consumer Services
• Victim Organization: innovex holdings
• Victim Site: innovex.co.th

33. Bleyl Engineering falls victim to Akira ransomware

• Category: Ransomware
• Content: Group claims to have obtained 25 GB of organization’s data.
• Date: 2025-11-18T16:36:46Z
• Network: tor
• Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d5d6fde5-1363-485d-a9d7-613928d08de7.png
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Civil Engineering
• Victim Organization: bleyl engineering
• Victim Site: bleylengineering.com

34. Regional Business Systems Inc falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained 96 GB of organizations data.
• Date: 2025-11-18T16:28:01Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=848b5794-9cf7-3e35-a90d-72d471636b9f
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9793932-d7d9-4270-8f16-1a3c4b328e95.png
• Threat Actors: Qilin
• Victim Country: Barbados
• Victim Industry: Business and Economic Development
• Victim Organization: regional business systems inc
• Victim Site: regionalbusinesssystems.com

35. QuaLex Manufacturing falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained 142 GB of organization’s data.
• Date: 2025-11-18T16:23:45Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=cae77f55-1541-303c-a54e-3ea5a52053db
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/1a7f79fa-d309-482f-bca6-e6fc44cc6ccb.png
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Manufacturing & Industrial Products
• Victim Organization: qualex manufacturing
• Victim Site: qualexmanufacturing.com

36. Gandía Palace Hotel falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data. Sample screenshots are provided on their dark web portal.
• Date: 2025-11-18T16:03:47Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=27376bea-5c4f-37bb-a360-d4fc2c920a90
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f53f2e36-e98d-4205-9010-8562bc1120d7.png
• Threat Actors: Qilin
• Victim Country: Spain
• Victim Industry: Hospitality & Tourism
• Victim Organization: gandía palace hotel
• Victim Site: gandiapalace.com

37. Alleged data leak of india college database

• Category: Data Breach
• Content: The threat actor claims to have leaked india college database. The compromised data includes Name, Student ID, Phone,Email, Gender, Blood Group, Aadhar Card, Date of Birth, Birth Place, Nationality, Religion, Mother Tongue, Student Mobile, Correspondence Address, Permanent Address, Father’s Name, Father’s Mobile, Father’s Email, Annual Income, Occupation, etc.
• Date: 2025-11-18T15:51:42Z
• Network: tor
• Published URL: http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-india-college-database
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e54541b7-5c78-4969-b84d-9b4ea880b1f2.png
• Threat Actors: TwoFace
• Victim Country: India
• Victim Industry: Higher Education/Acadamia
• Victim Organization: Unknown
• Victim Site: Unknown

38. FDC Interiors falls victim to MEDUSA ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data and plans to publish it within 22-23 days.
• Date: 2025-11-18T15:17:32Z
• Network: tor
• Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=22b1fed32aad08de8ab3fd509cf3d295
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/048ab628-4357-412b-a9fb-7ab39d9cbf88.png https://d34iuop8pidsy8.cloudfront.net/6e8d3873-9ad2-4087-9640-2800640e8b55.png
• Threat Actors: MEDUSA
• Victim Country: UAE
• Victim Industry: Architecture & Planning
• Victim Organization: fdc interiors
• Victim Site: fdc-interiors.com

39. General Distributing falls victim to MEDUSA ransomware

• Category: Ransomware
• Content: Group claims to have obtained organization’s data and intent to publish it within in 15-16 days.
• Date: 2025-11-18T15:11:27Z
• Network: tor
• Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=97d7774697e4cee1e7c635017ea4735b
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8f6311d8-5e6c-4aa0-a877-544f17d67a11.png
• Threat Actors: MEDUSA
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: general distributing
• Victim Site: generaldistributingcompany.com

40. Alleged leak of login credentials from E-claim

• Category: Initial Access
• Content: The group claims to have leaked the login credentials from E-Claim
• Date: 2025-11-18T15:06:59Z
• Network: telegram
• Published URL: https://t.me/ahloyanonymous/17
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/96ee2aea-017b-4889-b05d-eba95d170b20.png
• Threat Actors: Ahloy Anonymous
• Victim Country: Thailand
• Victim Industry: Insurance
• Victim Organization: e-claim
• Victim Site: eclaim.nhso.go.th

41. Alleged leak of SQL vulnerability on the website of BAMES EXCELLENT School

• Category: Vulnerability
• Content: The group claims to have leaked an SQL-Injection vulnerability affecting the website of BAMES EXCELLENT School
• Date: 2025-11-18T10:34:33Z
• Network: telegram
• Published URL: https://t.me/c/3292686614/457
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/10186a2d-47da-4182-9d19-0c13df355b8d.png
• Threat Actors: PHANTOMROOT GARUDA INDONESIA
• Victim Country: Nigeria
• Victim Industry: Education
• Victim Organization: bames excellent school
• Victim Site: bamesschool.com.ng

42. Alleged sale of a SQL injection vulnerability in Registro civil Mexico

• Category: Vulnerability
• Content: The threat actor claims to be selling an SQL-Injection vulnerability affecting Mexico’s Registro Civil. The vulnerability allegedly allows the extraction of sensitive civil registry records, including birth, marriage, and death certificate information, as well as data from citizens who have requested related services. The actor also claims that the compromised system contains operational data from a SEGOB campaign.
• Date: 2025-11-18T09:35:38Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Registro-civil-Mexico-SQL-Injection
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/35e097bd-2aec-405c-b8cc-50c6da0e602d.png https://d34iuop8pidsy8.cloudfront.net/d49800da-756c-4b4c-b675-4f2fa04c57f3.png
• Threat Actors: Eternal
• Victim Country: Mexico
• Victim Industry: Government Administration
• Victim Organization: registro civil mexico
• Victim Site: registrocivil.cdmx.gob.mx

43. Alleged data breach of SAS Institute Inc.

• Category: Data Breach
• Content: he threat actor claims to have breached data from SAS Institute Inc.
• Date: 2025-11-18T08:34:52Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Source-Code-SAS-Data-Breach-Leaked-Download
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/024da467-8db9-49cc-9cf8-2030d89d3d6d.png
• Threat Actors: KaruHunters
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: sas institute inc.
• Victim Site: sas.com

44. INDIAN CYBER FORCE targets the website of Technical Education & Vocational Training Authority (TEVTA), Punjab

• Category: Defacement
• Content: The group claims to have defaced the website of Technical Education & Vocational Training Authority (TEVTA), Punjab
• Date: 2025-11-18T07:39:35Z
• Network: telegram
• Published URL: https://t.me/IndianCyberForceTG/10
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/aaa964be-b88e-48de-82a9-d6bfeb05abb6.png
• Threat Actors: INDIAN CYBER FORCE
• Victim Country: Pakistan
• Victim Industry: Education
• Victim Organization: technical education & vocational training authority
• Victim Site: tevta.gop.pk

45. Alleged leak of login access of Cambridge Muslim Academy

• Category: Initial Access
• Content: The group claims to have leaked access to Cambridge Muslim Academy
• Date: 2025-11-18T07:05:54Z
• Network: telegram
• Published URL: https://t.me/fornetORGG/4672
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f91c513d-530e-4d58-9e82-3fdaa8afc7dc.JPG
• Threat Actors: FORNET ORG
• Victim Country: UK
• Victim Industry: Education
• Victim Organization: cambridge muslim academy
• Victim Site: cambridgemuslimacademy.com

46. Alleged sale of unauthorized admin access to unidentified shop in Australia

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified shop in Australia.
• Date: 2025-11-18T06:35:44Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270273/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ad692589-606a-4fe0-b969-be829d2012d9.png
• Threat Actors: corptoday
• Victim Country: Australia
• Victim Industry: E-commerce & Online Stores
• Victim Organization: Unknown
• Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware, Initial Access sales, and Data Breaches are prominent, affecting various sectors from Government Administration and Education to Healthcare, Aviation, and Financial Services. The events impact countries globally, including Ukraine, Syria, Indonesia, the USA, Colombia, India, and Thailand. The compromised data ranges from unauthorized administrative access and Web Application Firewalls (WAF) to large-scale data breaches involving personal and organizational records. Beyond data compromise, the report reveals significant activity in the sale of access and vulnerabilities, with threat actors like Pharaoh’s Team, innocentzero, SAFEPAY, INC RANSOM, and Qilin actively targeting critical infrastructure and public institutions. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures to defend against a wide array of sophisticated and opportunistic attacks.