[November-24-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. 7 Proxies targets the website of Khulna City Medical College Hospital in Bangladesh

• Category: Defacement
• Content: The Group claims to have defaced the website of Khulna City Medical College Hospital in Bangladesh. Mirror link 1: https://ownzyou.com/zone/279778 Mirror Link 2: https://web.archive.org/web/20251124222639/https://www.kcmch.com.bd/
• Date: 2025-11-24T23:52:57Z
• Network: telegram
• Published URL: https://t.me/c/2366703983/787 Screenshots:
• Threat Actors: 7 Proxies
• Victim Country: Bangladesh
• Victim Industry: Hospital & Health Care
• Victim Organization: khulna city medical college hospital
• Victim Site: kcmch.com.bd

2. Alleged Data Breach of SecureTeen

• Category: Data Breach
• Content: The threat actor claims to have leaked user data from SecureTeen. The compromised data reportedly include email addresses, user UUIDs, names, addresses, ZIP codes, phone numbers, device IDs, organizations, and other account-related data.
• Date: 2025-11-24T22:18:03Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-USA-secureteen-com-1-415-000-users Screenshots:
• Threat Actors: Sorb
• Victim Country: USA
• Victim Industry: Software
• Victim Organization: secureteen
• Victim Site: secureteen.com

3. INDRAMAYU CHAOS SYSTEM targets ITC – Instituto de Transportes e Comunicações

• Category: Defacement
• Content: The group claims to have defaced ITC – Instituto de Transportes e Comunicações.
• Date: 2025-11-24T22:05:25Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/19 Screenshots:
• Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Mozambique
• Victim Industry: Education
• Victim Organization: itc – instituto de transportes e comunicações.
• Victim Site: itc.ac.mz

4. INDRAMAYU CHAOS SYSTEM targets ISUTC — Instituto Superior de Transportes e Comunicações

• Category: Defacement
• Content: The group claims to have defaced ISUTC — Instituto Superior de Transportes e Comunicações.
• Date: 2025-11-24T21:59:27Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/19 Screenshots:
• Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Mozambique
• Victim Industry: Education
• Victim Organization: isutc — instituto superior de transportes e comunicações
• Victim Site: isutc.ac.mz

5. Southern Lion Sdn Bhd falls victim to INC RANSOM Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s internal data.
• Date: 2025-11-24T20:15:15Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6924b8bbe1a4e4b3ffce4c72 Screenshots:
• Threat Actors: INC RANSOM
• Victim Country: Malaysia
• Victim Industry: Manufacturing
• Victim Organization: southern lion sdn bhd
• Victim Site: southernlion.com.my

6. Alleged sale of unauthorized RDWeb access to an unidentified Freight & Logistics transportation organization in UK

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized RDWeb access to an unidentified Freight & Logistics transportation organization in UK.
• Date: 2025-11-24T20:13:05Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270685/ Screenshots:
• Threat Actors: samy01
• Victim Country: UK
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

7. Alleged Data Breach of Fianzas Avanza

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Fianzas Avanza in Mexico. The compromised data reportedly include 90,000 documents and information related to 10,400 users.
• Date: 2025-11-24T20:01:41Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Document-fianzasavanza-mx-90-000-docs Screenshots:
• Threat Actors: Brazzers
• Victim Country: Mexico
• Victim Industry: Financial Services
• Victim Organization: fianzas avanza
• Victim Site: fianzasavanza.mx

8. Alleged sale of unauthorized IMAP access to an unidentified corporation

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized IMAP access to an unidentified corporation.
• Date: 2025-11-24T20:01:25Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270684/ Screenshots:
• Threat Actors: bestsshroot2025
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

9. HYTORC falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data.
• Date: 2025-11-24T19:54:39Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3b297cb6-9fd7-3b56-a71b-40490689b15b Screenshots:
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Machinery Manufacturing
• Victim Organization: hytorc
• Victim Site: hytorc.com

10. Travel Club (Air Miles España, SA) falls victim to Everest Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 131 GB of the organization’s data.
• Date: 2025-11-24T19:33:30Z
• Network: tor
• Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Air%E2%80%AFMiles_Espa%C3%B1a,_S.A/ Screenshots:
• Threat Actors: Everest
• Victim Country: Spain
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: travel club (air miles españa, sa)
• Victim Site: travelclub.es

11. Under Armour falls victim to Everest Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 343 GB of the organization’s data.
• Date: 2025-11-24T19:25:58Z
• Network: tor
• Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/UNDER_ARMOUR/ Screenshots:
• Threat Actors: Everest
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: under armour
• Victim Site: underarmour.com

12. FULLBEAUTY Brands falls victim to Everest Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 161 GB of the organization’s data.
• Date: 2025-11-24T19:19:44Z
• Network: tor
• Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/fbbrands/ Screenshots:
• Threat Actors: Everest
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: fullbeauty brands
• Victim Site: fbbrands.com

13. Alleged Data Breach of NITA Money Transfer

• Category: Data Breach
• Content: The threat actor claims to have leaked customer data from NITA Money Transfer. The compromised data reportedly 83,215 customer records, including names, phone numbers, ID numbers, and account details.
• Date: 2025-11-24T19:01:17Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-83k-Niger-Database-nitatransfert-com Screenshots:
• Threat Actors: dju
• Victim Country: Niger
• Victim Industry: Financial Services
• Victim Organization: nita money transfer
• Victim Site: nitatransfert.com

14. Kulturrådet – Swedish Arts Council falls victim to RansomHouse Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data.
• Date: 2025-11-24T18:55:45Z
• Network: tor
• Published URL: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/1241fcfe2f5432c53031981fecbc7a0d06e3577f Screenshots:
• Threat Actors: RansomHouse
• Victim Country: Sweden
• Victim Industry: Government Relations
• Victim Organization: kulturrådet – swedish arts council
• Victim Site: kulturradet.se

15. Omega Tool Corp falls victim to INC RANSOM Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s internal data.
• Date: 2025-11-24T18:41:38Z
• Network: tor
• Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/692493b0e1a4e4b3ffcc3b80 Screenshots:
• Threat Actors: INC RANSOM
• Victim Country: Canada
• Victim Industry: Manufacturing & Industrial Products
• Victim Organization: omega tool corp
• Victim Site: omegatoolcorp.com

16. Alleged Data Breach of ABEST Mobile Solutions Pvt. Ltd

• Category: Data Breach
• Content: The threat actor claims to have leaked data from ABEST Mobile Solutions. The compromised data reportedly customer email addresses, names, website fields, and comment records.
• Date: 2025-11-24T18:31:25Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-DATABASE-abest-in-free-db-India Screenshots:
• Threat Actors: RainbowDF
• Victim Country: India
• Victim Industry: E-commerce & Online Stores
• Victim Organization: abest mobile solutions pvt. ltd
• Victim Site: abest.in

17. Issaqueena Pediatric Dentistry & Orthodontics falls victim to INTERLOCK Ransomware

• Category: Ransomware
• Content: The group claims to have obtained over 118 GB of the organizations data.
• Date: 2025-11-24T17:43:45Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php Screenshots:
• Threat Actors: INTERLOCK
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: issaqueena pediatric dentistry & orthodontics
• Victim Site: Unknown

18. KLÜBER Elektroanlagenbau GmbH falls victim to Payouts King ransomware

• Category: Ransomware
• Content: The group claims to have obtained 1.2 TB of the organization’s data and intends to publish it within 6 to 7 days.
• Date: 2025-11-24T17:16:43Z
• Network: tor
• Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/ Screenshots:
• Threat Actors: Payouts King
• Victim Country: Germany
• Victim Industry: Electrical & Electronic Manufacturing
• Victim Organization: klüber elektroanlagenbau gmbh
• Victim Site: klueber-elektro.de

19. Lithographix falls victim to Payouts King ransomware

• Category: Ransomware
• Content: The group claims to have obtained 116 GB of the organization’s data and intends to publish it within 6 to 7 days.
• Date: 2025-11-24T17:16:35Z
• Network: tor
• Published URL: https://www.google.com/search?q=https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/ Screenshots:
• Threat Actors: Payouts King
• Victim Country: USA
• Victim Industry: Printing
• Victim Organization: lithographix
• Victim Site: lithographix.com

20. Alleged sale of unauthorized forti vpn access to an unidentified organization based in USA and Puerto Rico

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized forti vpn access to an unidentified organization based in Puerto Rico and USA.
• Date: 2025-11-24T17:00:29Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270672/ Screenshots:
• Threat Actors: Mark1777
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

21. NovAtel falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained 35000 GB of organizations data.
• Date: 2025-11-24T15:39:07Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=430c3f31-a4c6-35cf-88d8-a89ab5c1cdd0 Screenshots:
• Threat Actors: Qilin
• Victim Country: Canada
• Victim Industry: Electrical & Electronic Manufacturing
• Victim Organization: novatel
• Victim Site: novatel.com

22. JR Engineering falls victim to INTERLOCK Ransomware

• Category: Ransomware
• Content: The group claims to have obtained over 740 GB of the organizations data.
• Date: 2025-11-24T15:13:23Z
• Network: tor
• Published URL: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php Screenshots:
• Threat Actors: INTERLOCK
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: jr engineering
• Victim Site: jrengineering.com

23. Rehmann & Söhne GmbH falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data and intent to publish it within 1-2 days.
• Date: 2025-11-24T14:47:37Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/rehmannde/ Screenshots:
• Threat Actors: SAFEPAY
• Victim Country: Germany
• Victim Industry: Furniture
• Victim Organization: rehmann & söhne gmbh
• Victim Site: rehmann.de

24. Dynamic Home Repair falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizations data.
• Date: 2025-11-24T14:40:32Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/dynamichomerepaircom/ Screenshots:
• Threat Actors: SAFEPAY
• Victim Country: USA
• Victim Industry: Real Estate
• Victim Organization: dynamic home repair
• Victim Site: dynamichomerepair.com

25. Alleged leak of login access to Civil Aviation Authority of Nepal

• Category: Initial Access
• Content: The group claims to have leaked login access to Civil Aviation Authority of Nepal.
• Date: 2025-11-24T14:30:31Z
• Network: telegram
• Published URL: https://t.me/youngsternepal/18 Screenshots:
• Threat Actors: Youngster Nepal
• Victim Country: Nepal
• Victim Industry: Airlines & Aviation
• Victim Organization: civil aviation authority of nepal
• Victim Site: caanepal.gov.np

26. Alleged data leak of Tribhuvan International Airport

• Category: Data Breach
• Content: The group claims to have leaked data from Tribhuvan International Airport.
• Date: 2025-11-24T14:26:17Z
• Network: telegram
• Published URL: https://t.me/youngsternepal/16 Screenshots:
• Threat Actors: Youngster Nepal
• Victim Country: Nepal
• Victim Industry: Transportation & Logistics
• Victim Organization: tribhuvan international airport
• Victim Site: tiairport.com.np

27. Alleged leak of login access to ONPASSIVE

• Category: Initial Access
• Content: The group claims to have leaked login access to ONPASSIVE.
• Date: 2025-11-24T14:20:22Z
• Network: telegram
• Published URL: https://t.me/fornetORGG/4764 Screenshots:
• Threat Actors: FORNET ORG
• Victim Country: UAE
• Victim Industry: Information Technology (IT) Services
• Victim Organization: onpassive
• Victim Site: oes.onpassive.com

28. Alleged unauthorized access to unidentified energy station in Israel

• Category: Initial Access
• Content: The group claims to have gained access to the unidentified energy station in Israel. They reportedly have the ability to control the monitoring, including charge level, battery condition, voltage, current, and temperature of each cell, solar energy for electricity generation etc.
• Date: 2025-11-24T14:19:01Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2550 Screenshots:
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Israel
• Victim Industry: Energy & Utilities
• Victim Organization: Unknown
• Victim Site: Unknown

29. Alleged sale of shell access to MyPharmaRex

• Category: Initial Access
• Content: The group claims to be selling shell access to MyPharmaRex.
• Date: 2025-11-24T14:10:44Z
• Network: telegram
• Published URL: https://t.me/Garuda_Tersakiti/100 Screenshots:
• Threat Actors: NCT [NTB CYBER TEAM]
• Victim Country: India
• Victim Industry: Healthcare & Pharmaceuticals
• Victim Organization: mypharmarex
• Victim Site: mypharmarex.com

30. jue vs everybody targets the website of West Kiawa Dua Village

• Category: Defacement
• Content: The group claims to have defaced these domains:kiawaduabarat.id Mirror: https://defacer.id/mirror/id/211610my.kiawaduabarat.id Mirror: https://defacer.id/mirror/id/211609
• Date: 2025-11-24T13:59:33Z
• Network: openweb
• Published URL: https://defacer.id/archive Screenshots:
• Threat Actors: jue vs everybody
• Victim Country: Indonesia
• Victim Industry: Government Administration
• Victim Organization: west kiawa dua village
• Victim Site: kiawaduabarat.id

31. ADEPT falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 500 GB of the organization’s internal data, including confidential information, contracts, financial data, and incident records, which they intend to publish within 6–7 days.
• Date: 2025-11-24T12:17:23Z
• Network: tor
• Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/692311e088b6823fa2dbe220 Screenshots:
• Threat Actors: Sinobi
• Victim Country: Denmark
• Victim Industry: Architecture & Planning
• Victim Organization: adept
• Victim Site: adept.dk

32. Alleged leak of Hyena Stealer

• Category: Malware
• Content: The threat actor claims to have released the full source code of the Hyena Stealer malware, written in Go, which is designed to steal sensitive information from cryptocurrency wallets, web browsers, Discord accounts, and FTP clients such as FileZilla.
• Date: 2025-11-24T11:55:54Z
• Network: openweb
• Published URL: https://xss.pro/threads/144440/ Screenshots:
• Threat Actors: xiao
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

33. Alleged sale to French ID Card and selfie documents

• Category: Data Breach
• Content: The threat actor claims to be selling access to a database allegedly containing 695 French ID Card and selfie documents.
• Date: 2025-11-24T11:49:50Z
• Network: openweb
• Published URL: https://xss.pro/threads/144438/ Screenshots:
• Threat Actors: LogsManager
• Victim Country: France
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

34. Alleged access to City Councils CCTV cameras in Poland

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to CCTV cameras of city councils across Poland.
• Date: 2025-11-24T11:45:39Z
• Network: telegram
• Published URL: https://t.me/c/2787466017/621 Screenshots:
• Threat Actors: NoName057(16)
• Victim Country: Poland
• Victim Industry: Government Administration
• Victim Organization: Unknown
• Victim Site: Unknown

35. Chairmans Foods falls victim to Akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data. The compromised information reportedly includes financial data such as audit, payment details, financial reports, invoices, personal financial details of employees, accounting files.
• Date: 2025-11-24T11:20:06Z
• Network: tor
• Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ Screenshots:
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Food & Beverages
• Victim Organization: chairmans foods
• Victim Site: chairmansfoods.com

36. Alleged database sale of QNB Group

• Category: Data Breach
• Content: The group claims to be selling database of Qatar National Bank, compromised data includes thousands of credit cards, bank account, etc.
• Date: 2025-11-24T11:10:29Z
• Network: telegram
• Published URL: https://t.me/c/2878397916/213 Screenshots:
• Threat Actors: Hider_Nex
• Victim Country: Qatar
• Victim Industry: Banking & Mortgage
• Victim Organization: qnb group
• Victim Site: qnb.com

37. JavaneseTeam targets the websites of STIKes Maharani Malang

• Category: Defacement
• Content: The group claims to have defaced these domains:stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211588imedh.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211587bhp.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211589smmpublisher.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211586emergency.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211591siakad.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211595sign.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211593pustaka.stikesmaharani.web.id Mirror: https://defacer.id/mirror/id/211590pendaftaran.stikesmaharani.web.id Mirror:https://defacer.id/mirror/id/211592klinik.stikesmaharani.web.id Mirror:https://defacer.id/mirror/id/211594
• Date: 2025-11-24T11:06:24Z
• Network: openweb
• Published URL: https://defacer.id/archive Screenshots:
• Threat Actors: JavaneseTeam
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: stikes maharani malang
• Victim Site: pendaftaran.stikesmaharani.web.id

38. Advanced Dental falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 120 GB of the organization’s internal data, including customer data, contracts, and confidential information, which they intend to publish within 6–7 days.
• Date: 2025-11-24T11:05:51Z
• Network: tor
• Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/6923101088b6823fa2dbda5c Screenshots:
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Medical Practice
• Victim Organization: advanced dental
• Victim Site: advanceddentalinc.com

39. QuietSec claims to target Spain

• Category: Alert
• Content: A recent post by the group claims that they are targeting Spain.
• Date: 2025-11-24T10:35:25Z
• Network: telegram
• Published URL: https://t.me/quietSec/10 Screenshots:
• Threat Actors: QuietSec
• Victim Country: Spain
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

40. Vano Ganzzz targets the website of Prosol

• Category: Defacement
• Content: The group claims to have defaced the website of Prosol.
• Date: 2025-11-24T10:13:38Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211605 Screenshots:
• Threat Actors: Vano Ganzzz
• Victim Country: India
• Victim Industry: Professional Services
• Victim Organization: prosol
• Victim Site: prosol.in

41. Vano Ganzzz targets the website of Stampoland

• Category: Defacement
• Content: The group claims to have defaced the website of Stampoland.
• Date: 2025-11-24T10:13:25Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211604 Screenshots:
• Threat Actors: Vano Ganzzz
• Victim Country: Italy
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: stampoland
• Victim Site: stampoland.it

42. Collège Supérieur de Montréal falls victim Rhysida ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data and they intend to publish it within 6-7 days.
• Date: 2025-11-24T10:08:25Z
• Network: tor
• Published URL: http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/ Screenshots:
• Threat Actors: RHYSIDA
• Victim Country: Canada
• Victim Industry: Professional Training
• Victim Organization: collège supérieur de montréa
• Victim Site: collegecsm.com

43. Access Search, Inc. falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 300 GB of the organization’s internal data, including confidential information, financial data, customer data, and incident records, which they intend to publish within 6–7 days.
• Date: 2025-11-24T10:03:19Z
• Network: tor
• Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/6923110d88b6823fa2dbdefe Screenshots:
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Staffing/Recruiting
• Victim Organization: access search, inc.
• Victim Site: asinational.com

44. Vano Ganzzz targets the website of THE CAMPAIGN

• Category: Defacement
• Content: The group claims to have defaced the website of THE CAMPAIGN.
• Date: 2025-11-24T10:02:11Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211606 Screenshots:
• Threat Actors: Vano Ganzzz
• Victim Country: Argentina
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: the campaign
• Victim Site: agencialc.com.ar

45. Alleged data breach of Passioni

• Category: Data Breach
• Content: The threat actor claims to have breached data from Passioni, allegedly containing names, emails, phone numbers, and more.
• Date: 2025-11-24T09:56:06Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-DATABASE-passionmode-de-Germany-user-database-Free-payment-cond-IBAN Screenshots:
• Threat Actors: RainbowDF
• Victim Country: Germany
• Victim Industry: Fashion & Apparel
• Victim Organization: passioni
• Victim Site: passionmode.de

46. Alleged data sale of Doreca S.p.A.

• Category: Data Breach
• Content: The threat actor claims to be selling 500k records from Doreca S.p.A., allegedly containing names, emails, phone numbers, and more.
• Date: 2025-11-24T09:51:55Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-profilo-doreca-it-Italy-500K Screenshots:
• Threat Actors: Richard2002
• Victim Country: Italy
• Victim Industry: Food & Beverages
• Victim Organization: doreca s.p.a.
• Victim Site: doreca.it

47. Vano Ganzzz targets the website of Clara White

• Category: Defacement
• Content: The group claims to have defaced the website of Clara White
• Date: 2025-11-24T09:50:54Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211607 Screenshots:
• Threat Actors: Vano Ganzzz
• Victim Country: Unknown
• Victim Industry: Online Publishing
• Victim Organization: clara white
• Victim Site: clarawhitewriter.com

48. ENTHER ERROR SYSTEM targets the website of MTs Negeri 1 Bandung

• Category: Defacement
• Content: The group claims to have defaced the website of MTs Negeri 1 Bandung.
• Date: 2025-11-24T09:07:03Z
• Network: telegram
• Published URL: https://t.me/c/3303112391/16 Screenshots:
• Threat Actors: ENTHER ERROR SYSTEM
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: mts negeri 1 bandung
• Victim Site: mtsn1bandung.sch.id

49. Liberty Gold Fruit Co., LP. falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 40 GB of the organization’s internal data, including financial data and incident records, which they intend to publish within 6–7 days.
• Date: 2025-11-24T09:03:41Z
• Network: tor
• Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/69230f4e88b6823fa2dbd789 Screenshots:
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Food Production
• Victim Organization: liberty gold fruit co., lp.
• Victim Site: libertygold.com

50. Alleged leak of access to SMK Pembangunan Surabaya

• Category: Initial Access
• Content: The group claims to have leaked access to SMK Pembangunan Surabaya
• Date: 2025-11-24T08:56:48Z
• Network: telegram
• Published URL: https://t.me/c/3303112391/12 Screenshots:
• Threat Actors: ENTHER ERROR SYSTEM
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: smk pembangunan surabaya
• Victim Site: smkpembangunansby.sch.id

51. Alleged leak of login access to Ministry of Higher Education, Science, and Technology

• Category: Initial Access
• Content: The group claims to have leaked login access to Ministry of Higher Education, Science, and Technology.
• Date: 2025-11-24T08:49:47Z
• Network: telegram
• Published URL: https://t.me/c/3303112391/10 Screenshots:
• Threat Actors: ENTHER ERROR SYSTEM
• Victim Country: Indonesia
• Victim Industry: Higher Education/Acadamia
• Victim Organization: ministry of higher education, science, and technology
• Victim Site: kip-kuliah.kemdiktisaintek.go.id

52. skyr0 targets the website of ParakhCodx

• Category: Defacement
• Content: The group claims to have defaced the website of ParakhCodx
• Date: 2025-11-24T08:37:06Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211608 Screenshots:
• Threat Actors: skyr0
• Victim Country: India
• Victim Industry: Information Technology (IT) Services
• Victim Organization: parakhcodx
• Victim Site: file.parakhcodx.in

53. Alleged sale of webShell access to Batanghari University

• Category: Initial Access
• Content: The group claims to be selling web shell access to Batanghari University.
• Date: 2025-11-24T08:36:40Z
• Network: telegram
• Published URL: https://t.me/c/2670088117/399 Screenshots:
• Threat Actors: WOLF CYBER ARMY
• Victim Country: Indonesia
• Victim Industry: Higher Education/Acadamia
• Victim Organization: batanghari university
• Victim Site: wajahhukum.unbari.ac.id

54. Alleged sale of web shell access to Sistem Informasi Desa Mataraman

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to Sistem Informasi Desa Mataraman
• Date: 2025-11-24T08:30:47Z
• Network: telegram
• Published URL: https://t.me/c/2670088117/401 Screenshots:
• Threat Actors: WOLF CYBER ARMY
• Victim Country: Indonesia
• Victim Industry: Government Administration
• Victim Organization: sistem informasi desa mataraman
• Victim Site: mataraman.banjarkab.go.id

55. Alleged sale of web shell access to Fakultas Hukum Universitas Merangin

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to Fakultas Hukum Universitas Merangin
• Date: 2025-11-24T08:26:04Z
• Network: telegram
• Published URL: https://t.me/c/2670088117/399 Screenshots:
• Threat Actors: WOLF CYBER ARMY
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: fakultas hukum universitas merangin
• Victim Site: law.universitasmerangin.ac.id

56. Alleged sale of web shell access to International Journal of Transdisciplinary Knowledge

• Category: Initial Access
• Content: The group claims to have gained unauthorised access to International Journal of Transdisciplinary Knowledge
• Date: 2025-11-24T08:22:51Z
• Network: telegram
• Published URL: https://t.me/c/2670088117/399 Screenshots:
• Threat Actors: WOLF CYBER ARMY
• Victim Country: Indonesia
• Victim Industry: Online Publishing
• Victim Organization: international journal of transdisciplinary knowledge
• Victim Site: ijtk.iainkendari.ac.id

57. Alleged sale of webShell access to Politeknik Kesdam VI Banjarmasin

• Category: Initial Access
• Content: The group claims to be selling web shell access to Politeknik Kesdam VI Banjarmasin.
• Date: 2025-11-24T08:03:26Z
• Network: telegram
• Published URL: https://t.me/c/2670088117/399 Screenshots:
• Threat Actors: WOLF CYBER ARMY
• Victim Country: Indonesia
• Victim Industry: Higher Education/Acadamia
• Victim Organization: politeknik kesdam vi banjarmasin
• Victim Site: poltekkesdam6bjm.ac.id

58. Alleged sale of Trezor mail

• Category: Data Breach
• Content: The threat actor claims to be selling 140k Mails of Trezor from mailchimp.
• Date: 2025-11-24T07:51:56Z
• Network: openweb
• Published URL: https://xss.pro/threads/144430/ Screenshots:
• Threat Actors: doZKey
• Victim Country: Unknown
• Victim Industry: Financial Services
• Victim Organization: trezor
• Victim Site: trezor.io

59. Alleged data breach of Ric Tube

• Category: Data Breach
• Content: The threat actor claims to have breached data from Ric Tube. The compromised data includes usernames, emails, IP addresses, passwords, and more.
• Date: 2025-11-24T07:42:45Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-DATABASE-%E2%AD%90-rictube-com-Database%E2%AD%90 Screenshots:
• Threat Actors: AshleyWood2022
• Victim Country: Unknown
• Victim Industry: Entertainment & Movie Production
• Victim Organization: ric tube
• Victim Site: rictube.com

60. Mizun0 targets the website of Seduc PI

• Category: Defacement
• Content: The group claims to have defaced the website of Seduc PI.
• Date: 2025-11-24T07:13:38Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211559 Screenshots:
• Threat Actors: Mizun0
• Victim Country: Brazil
• Victim Industry: Government Administration
• Victim Organization: seduc pi
• Victim Site: app2.seduc.pi.gov.br

61. Alleged Data Leak of European Banks Database

• Category: Data Breach
• Content: Threat actor claims to have leaked the database of European Banks of 95+ Countries.
• Date: 2025-11-24T06:29:35Z
• Network: openweb
• Published URL: https://leakbase.la/threads/europe-banks-db.46438/ Screenshots:
• Threat Actors: uatafajua
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

62. Alleged leak of European countries database

• Category: Data Breach
• Content: Threat actor claims to have leaked multiple European countries database.
• Date: 2025-11-24T06:23:05Z
• Network: openweb
• Published URL: https://leakbase.la/threads/european-countries-dbs-av1lables.46439/ Screenshots:
• Threat Actors: uatafajua
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

63. Alleged data breach of Nasajon Systems

• Category: Data Breach
• Content: The threat actor claims to have leaked source-code collection allegedly belonging to Nasajon, a company specializing in ERP systems for business management. According to the actor, Nasajon experienced a data breach in November 2025 during which multiple internal source code repositories were exfiltrated. The compromised data reportedly includes proprietary application source code
• Date: 2025-11-24T05:50:05Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Source-Code-Nasajon-Data-Breach-Leaked-Download Screenshots:
• Threat Actors: 888
• Victim Country: Brazil
• Victim Industry: Information Technology (IT) Services
• Victim Organization: nasajon systems
• Victim Site: nasajon.com.br

64. JavaneseTeam targets the website of Maharani Clinic

• Category: Defacement
• Content: The threat actor claims to have defaced the Maharani Clinicattributing the attack to its member L4663R666H05T
• Date: 2025-11-24T05:41:36Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211594 Screenshots:
• Threat Actors: JavaneseTeam
• Victim Country: Indonesia
• Victim Industry: Hospital & Health Care
• Victim Organization: maharani clinic
• Victim Site: klinik.stikesmaharani.web.id

65. CiaoxD_ targets the website of NainEx Logistics

• Category: Defacement
• Content: The threat actor claims to have defaced the organization’s website
• Date: 2025-11-24T04:50:36Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211542 Screenshots:
• Threat Actors: CiaoxD_
• Victim Country: India
• Victim Industry: Transportation & Logistics
• Victim Organization: nainex logistics
• Victim Site: nainexlogistics.com

66. NXBB.SEC claims to target the website of Google

• Category: Alert
• Content: A recent post by the group claims that they are targeting Google
• Date: 2025-11-24T04:50:22Z
• Network: telegram
• Published URL: https://t.me/nxbbsec/3514 Screenshots:
• Threat Actors: NXBB.SEC
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: google
• Victim Site: google.com

67. NullSector targets the website of Hunter4Tech

• Category: Defacement
• Content: The threat actor claims to have defaced the organization’s website
• Date: 2025-11-24T04:38:19Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211458 Screenshots:
• Threat Actors: NullSector
• Victim Country: Brazil
• Victim Industry: Human Resources
• Victim Organization: hunter4tech
• Victim Site: hunter4tech.com.br

68. Alleged Data Breach of TagDeal

• Category: Data Breach
• Content: The threat actor claims to have leaked data from TagDeal, a UK-based online deals platform, reportedly exposing around 1,160 K unique email addresses along with associated first names, last names, gender, company information, and domains.
• Date: 2025-11-24T04:34:06Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-UK-tagdeal-co-uk-1-160-000-email Screenshots:
• Threat Actors: Sorb
• Victim Country: UK
• Victim Industry: E-commerce & Online Stores
• Victim Organization: tagdeal
• Victim Site: tagdeal.co.uk

69. Alleged Data Breach of Pixtura

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Pixtura, an Italy-based Fine Art printing service, including 158k email addresses, MD5-hashed passwords, 40k phone numbers, full names, document numbers, IBAN bank details.
• Date: 2025-11-24T04:20:52Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Italy-pixtura-it-158-000 Screenshots:
• Threat Actors: Sorb
• Victim Country: Italy
• Victim Industry: Photography
• Victim Organization: pixtura
• Victim Site: pixtura.it

70. Alleged data breach of Ujay Data

• Category: Data Breach
• Content: The threat actor claims to be selling a database allegedly belonging to UjayData (ujaydata.com.ng), containing around 65,000 Nigerian user records. The dataset reportedly includes sensitive personal and financial information such as full names, emails, phone numbers, hashed passwords, states, PINs, wallet balances, bank account numbers, bank names, NIN, BVN, dates of birth, account references, verification statuses, usernames, addresses, and various linked mobile banking or fintech account fields.
• Date: 2025-11-24T04:16:14Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-65K-Nigeria-Database-ujaydata-com-ng Screenshots:
• Threat Actors: wizard
• Victim Country: Nigeria
• Victim Industry: Information Technology (IT) Services
• Victim Organization: ujay data
• Victim Site: ujaydata.com.ng

71. Alleged data breach of Cetrix Technologies LLC

• Category: Data Breach
• Content: The threat actor claims to be selling a CRM database allegedly belonging to Cetrix Technologies LLC. The dataset reportedly contains personal and business information of approximately 3.9 million individuals, including names, email addresses, phone numbers, mailing addresses, company details, positions, job functions, industry categories, revenue ranges, staff counts, social media fields, attribution metadata, and additional CRM-related profiling data collected from Cetrix’s customer and lead management systems. NB: The organization was previously breached on November 02 2024
• Date: 2025-11-24T04:05:01Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-DB-USA-Cetrix-Technologies-LLC-3900-000 Screenshots:
• Threat Actors: Sorb
• Victim Country: USA
• Victim Industry: Computer Hardware
• Victim Organization: cetrix technologies llc
• Victim Site: cetrixtablets.com

72. Singapore Construction falls victim to The Gentlemen Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data and intend to publish it within 9-10 days.
• Date: 2025-11-24T03:30:11Z
• Network: tor
• Published URL: http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/ Screenshots:
• Threat Actors: The Gentlemen
• Victim Country: Vietnam
• Victim Industry: Building and construction
• Victim Organization: singapore construction
• Victim Site: singcons.vn

73. Vano Ganzzz targets the website of Advanz Plus Limited

• Category: Defacement
• Content: Group claims to have defaced the website of Advanz Plus Limited.
• Date: 2025-11-24T03:24:11Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211565 Screenshots:
• Threat Actors: Vano Ganzzz
• Victim Country: New Zealand
• Victim Industry: Consumer Services
• Victim Organization: advanz plus limited
• Victim Site: advanzplus.com

74. 5ilverbullet targets the website of Matchking Printing

• Category: Defacement
• Content: Group claims to have defaced the website of Matchking Printing.
• Date: 2025-11-24T03:18:40Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211563 Screenshots:
• Threat Actors: 5ilverbullet
• Victim Country: Canada
• Victim Industry: Printing
• Victim Organization: matchking printing
• Victim Site: markhamonlineprint.com

75. JavaneseTeam targets the website of STIKes Maharani

• Category: Defacement
• Content: Group claims to have defaced the website of STIKes Maharani.
• Date: 2025-11-24T03:00:46Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211586 Screenshots:
• Threat Actors: JavaneseTeam
• Victim Country: Indonesia
• Victim Industry: Higher Education/Acadamia
• Victim Organization: stikes maharani
• Victim Site: stikesmaharani.ac.id

76. Mizun0 targets the website of Secretaria de Estado da Educação do Piauí

• Category: Defacement
• Content: The group claims to have defaced the website of Secretaria de Estado da Educação do Piauí.
• Date: 2025-11-24T02:52:22Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211559 Screenshots:
• Threat Actors: Mizun0
• Victim Country: Brazil
• Victim Industry: Education
• Victim Organization: ecretaria de estado da educação do piauí
• Victim Site: app.seduc.pi.gov.br

77. INDRAMAYU CHAOS SYSTEM targets Multiple Indonesian Websites

• Category: Defacement
• Content: The group claims to have defaced multiple Indonesian websites. Mirror: https://defacer.id/mirror/id/211583
• Date: 2025-11-24T02:40:57Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/16 Screenshots:
• Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: garba.my.id

78. Dream Hack targets the website of National Association of Professional Social Workers in India(NAPSWI)

• Category: Defacement
• Content: The group claims to have defaced the website of National Association of Professional Social Workers in India(NAPSWI).
• Date: 2025-11-24T02:18:00Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211560 Screenshots:
• Threat Actors: Dream Hack
• Victim Country: India
• Victim Industry: Non-profit & Social Organizations
• Victim Organization: national association of professional social workers in india
• Victim Site: napswi.org

79. Alleged sale of unauthorized admin access in Indonesia

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access in Indonesia.
• Date: 2025-11-24T02:17:45Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270629/ Screenshots:
• Threat Actors: personX
• Victim Country: Indonesia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

80. JavaneseTeam targets the website of Universitas Syiah Kuala

• Category: Defacement
• Content: The group claims to have defaced the website of Universitas Syiah Kuala.
• Date: 2025-11-24T02:06:30Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211582 Screenshots:
• Threat Actors: JavaneseTeam
• Victim Country: Indonesia
• Victim Industry: Higher Education/Acadamia
• Victim Organization: universitas syiah kuala
• Victim Site: pustaka.feb.usk.ac.id

81. Pharaoh’s Team targets the website of basvuru.goldenpulseawards.com.tr

• Category: Defacement
• Content: The group claims to have defaced the website of basvuru.goldenpulseawards.com.tr
• Date: 2025-11-24T01:55:51Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/370 Screenshots:
• Threat Actors: Pharaoh’s Team
• Victim Country: Turkey
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: basvuru.goldenpulseawards.com.tr

82. Kim Dental Co., Ltd. falls victim to The Gentlemen Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data and they intend to publish it within 9-10 days
• Date: 2025-11-24T01:43:46Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/ Screenshots:
• Threat Actors: The Gentlemen
• Victim Country: Vietnam
• Victim Industry: Hospital & Health Care
• Victim Organization: kim dental co., ltd.
• Victim Site: kimdental.vn

83. SYLHET GANG-SG targets the website of CLEM.RO

• Category: Defacement
• Content: The group claims that they defaced the website of CLEM.RO.
• Date: 2025-11-24T01:16:51Z
• Network: telegram
• Published URL: https://t.me/SylhetGangSG1/7119 Screenshots:
• Threat Actors: SYLHET GANG-SG
• Victim Country: Romania
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: clem.ro

84. Workman & Temple Family Homestead Museum falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have exfiltrated 240 GB of the organization’s sensitive data including, financial records and internal contracts, and intends to publish it within 7 days.
• Date: 2025-11-24T01:06:18Z
• Network: tor
• Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69231b0388b6823fa2dc22c8 Screenshots:
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Museums & Institutions
• Victim Organization: workman & temple family homestead museum
• Victim Site: homesteadmuseum.org

85. Infrastructure Destruction Squad claims to target Israel

• Category: Alert
• Content: A recent post by the group claims that they are targeting Israel.
• Date: 2025-11-24T01:01:58Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2546 Screenshots:
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Israel
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

86. SYLHET GANG-SG targets the website of WEHANDIT

• Category: Defacement
• Content: The group claims to have defaced the website of WEHANDIT.
• Date: 2025-11-24T00:29:02Z
• Network: telegram
• Published URL: https://t.me/SylhetGangSG1/7117 Screenshots:
• Threat Actors: SYLHET GANG-SG
• Victim Country: Romania
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: wehandit
• Victim Site: wehandit.ro

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware activity is particularly prominent, with groups like Sinobi, Everest, Qilin, and others targeting organizations across the USA, Germany, Canada, Spain, and Vietnam in sectors ranging from healthcare and manufacturing to food production. Defacement campaigns remain widespread, notably affecting educational and government institutions in Indonesia, Brazil, and India. Data breaches continue to expose sensitive personal and financial information from victims in the UK, Italy, Nigeria, and Mexico. Beyond data compromise, the report reveals significant activity in initial access sales and infrastructure targeting, underscoring the persistent and opportunistic nature of these threats across global industries and geographies