This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged data breach of KGI Securities
- Category: Data Breach
- Content: The threat actor claims to be selling 2.4 million–record financial investment database allegedly taken from KGI Securities (kgi.com.tw) in Taiwan, containing customer names, phone numbers, addresses, ages, trading codes, ISINs, market types, credit scores, investment amounts, and closing prices.
- Date: 2025-11-28T23:45:47Z
- Network: openweb
- Published URL: http://darkforums.st/Thread-Selling-www-kgi-com-tw-Financial-Investment-Users-2-4M-Records-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: Taiwan
- Victim Industry: Financial Services
- Victim Organization: kgi securities
- Victim Site: kgi.com.tw
2. Valley View Independent School District falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained about 63 GB of the organization’s confidential data, including contracts, HR documents, incident reports, customer data, and financial records. They intend to publish the data within 14 days.
- Date: 2025-11-28T23:43:13Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691df65de1a4e4b3ff666b83
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: valley view independent school district
- Victim Site: vviewisd.net
3. Alleged data breach of BONNY & READ CO. LTD
- Category: Data Breach
- Content: The threat actor claims to be selling 1.68M-record database from the Taiwanese jewelry e-commerce website Bonny & READ International Industrial Co., Ltd, containing customer names, phone numbers, addresses, ages, held funds, credit scores, internal codes, and company affiliation information.
- Date: 2025-11-28T23:39:16Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-www-bonnyread-com-tw-Jewelry-shopping-1-68M-Records-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: Taiwan
- Victim Industry: Luxury Goods & Jewelry
- Victim Organization: bonny & read co. ltd
- Victim Site: bonnyread.com.tw
4. Alleged Data Breach of BilSam Technologies Pvt Ltd in Turkey
- Category: Data Breach
- Content: A threat actor claims to have breached the database of BilSam Technologies Pvt Ltd, a provider for 50+ hospitals and clinics in Turkey, exposing around 44,000 lines of patient records, medical histories, X-ray results, prescriptions, and internal doctor–hospital communications. They also claim to be selling the sensitive data along with MSSQL Server passwords.
- Date: 2025-11-28T23:33:28Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/270993/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/f7858fb1-a7ee-4c34-895c-8073fbd478ea.png
- https://d34iuop8pidsy8.cloudfront.net/857d6831-8254-4339-bf86-05a295401a48.png
- https://d34iuop8pidsy8.cloudfront.net/1d6e27b8-9ba8-46c5-a55e-880381f315f5.png
- https://d34iuop8pidsy8.cloudfront.net/759d1c1d-3b71-498e-96b4-3ce38d65dff2.png
- Threat Actors: ExpoMaster
- Victim Country: Turkey
- Victim Industry: Software Development
- Victim Organization: bilsam technologies pvt ltd
- Victim Site: bilsamtech.org
5. Alleged data breach of UN Tourism
- Category: Data Breach
- Content: A threat actor is selling a 3.4 million–record database allegedly from UNWTO.org, containing Georgia tourism and FDI (Foreign Direct Investment) lead data. The leak includes names, verified Georgian phone numbers, and full physical addresses in a structured text format.
- Date: 2025-11-28T23:29:52Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-3-4M-Records-UNWTO-org-%E2%80%93-Georgia-Tourism-FDI-Leads-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: Georgia
- Victim Industry: International Trade & Development
- Victim Organization: un tourism
- Victim Site: unwto.org
6. Alleged data breach of Stash
- Category: Data Breach
- Content: The threat actor claims to be selling a 2024 data leak from Stash.com, containing 2.5 million U.S. investment platform user records. The data includes full personal details such as name, gender, DOB, address, phone number, email, insurance type, monthly fee, and customer segment.
- Date: 2025-11-28T23:11:23Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-STASH-COM-2-5M-Records-Financial-Investment-App-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: stash
- Victim Site: stash.com
7. Alleged data breach of JM Financial Ltd
- Category: Data Breach
- Content: The threat actor claims to be selling a database of 1.77 million investor records allegedly sourced from JM Financial (jmfl.com), containing sensitive personal and financial details including PAN numbers, government IDs, mobile numbers, emails, and passwords.
- Date: 2025-11-28T23:03:32Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-jmfl-com-1-77M-Records-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: jm financial ltd
- Victim Site: jmfl.com
8. Alleged data breach of Center for Professional Development of Pedagogical Workers of Vinnytsia City Council
- Category: Data Breach
- Content: Group claims to have leaked 15 GB data of Center for Professional Development of Pedagogical Workers of Vinnytsia City Council which contains more than 4000 records including personal information of various categories of Ukrainian citizens connected to educational and municipal services. The group lists several affected resources tied to the breach, including cprvmr.edu.vn.ua, lmscpr.edu.vn.ua, edu.vn.ua, and vmr.gov.ua.
- Date: 2025-11-28T23:03:04Z
- Network: telegram
- Published URL: https://t.me/itarmy_ru/240
- Screenshots:
- Threat Actors: IT ARMY OF RUSSIA
- Victim Country: Ukraine
- Victim Industry: Professional Training
- Victim Organization: center for professional development of pedagogical workers of vinnytsia city council
- Victim Site: cprvmr.edu.vn.ua
9. Alleged data breach of Paddy Power
- Category: Data Breach
- Content: The threat actor claims to be selling a 390,000-record database from PaddyPower, a gambling and casino platform, containing detailed KYC and account information including personal data, security questions, and account balances.
- Date: 2025-11-28T22:55:20Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-PaddyPower-Gambling-Casino-DB-390K-Records-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: Ireland
- Victim Industry: Gambling & Casinos
- Victim Organization: paddy power
- Victim Site: paddypower.com
10. Alleged leak of Shoppy.gg
- Category: Malware
- Content: Threat actor claims to have released the Shoppy.gg Checker by KingDon, a credential-testing console tool designed to automate account validation against Shoppy-linked login endpoints. According to the post, the tool can analyze response behavior, detect mailbox accessibility, and classify results through a color-coded terminal interface.
- Date: 2025-11-28T22:45:47Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-Shoppy-gg-Checker-by-KingDon
- Screenshots:
- Threat Actors: Starip
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
11. Alleged Data Breach of JM Financial
- Category: Data Breach
- Content: The threat actor claims to have leaked data from JM Financial. The compromised data reportedly contain 1.77 million investor records including Password Username Full Name, Gender, Mobile Number, Email Address, Birthday, ID Number, Indian PAN Number, Customer Number.
- Date: 2025-11-28T22:23:47Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-jmfl-com-1-77M-Records-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: jm financial
- Victim Site: jmfi.com
12. Alleged Data Breach of Sakra Cosmetic Plastic Surgery
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Sakra Cosmetic Plastic Surgery. The compromised data reportedly contain 950,000 records including City, Email addresses, Phone numbers, Username.
- Date: 2025-11-28T21:51:07Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-SAKRA-Cosmetic-Plastic-Surgery-bellacare-ksa-com-BreachLabs
- Screenshots:
- Threat Actors: BreachLaboratory
- Victim Country: India
- Victim Industry: Hospital & Health Care
- Victim Organization: sakra cosmetic plastic surgery
- Victim Site: bellacare-ksa.com
13. Alleged Leak of Multiple Login Credentials from Polytechnic College Dharmapuri
- Category: Initial Access
- Content: The group claims to have leaked Login Credentials from Polytechnic College Dharmapuri
- Date: 2025-11-28T21:46:49Z
- Network: telegram
- Published URL: https://t.me/crewcyber/315
- Screenshots:
- Threat Actors: 404 CREW CYBER TEAM
- Victim Country: India
- Victim Industry: Education
- Victim Organization: polytechnic college dharmapuri
- Victim Site: gptcdharmapuri.co.in
14. Alleged Data Breach of Instituto de Previsión Social
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Instituto de Previsión Social. The compromised data reportedly includes personal beneficiary information, identity details, sensitive data.
- Date: 2025-11-28T21:33:59Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-INSTITUTO-DE-PREVISION-SOCIAL-IPS-PARAGUAAY-LEAK-FRESH-2025
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/e671921d-d119-4d30-aa39-f9473fefbace.png
- https://d34iuop8pidsy8.cloudfront.net/dfcc839f-1c4f-4ef3-ae8c-9f94e0c1c919.png
- https://d34iuop8pidsy8.cloudfront.net/ae541714-863d-4996-bdf7-d3f0f73f7bfe.png
- https://d34iuop8pidsy8.cloudfront.net/8d6f4dca-f758-4be4-89ca-187306484440.png
- Threat Actors: Johan_Liebheart
- Victim Country: Paraguay
- Victim Industry: Government Relations
- Victim Organization: instituto de previsión social
- Victim Site: portal.ips.gov.py
15. Alleged Leak of Agency of Intelligence & Federal Investigation from Iraq
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Iraq Agency of Intelligence & Federal Investigation. The compromised data reportedly include 22 million records containing full name, family name, family relatives, physical address, spaws full name, cases, jobs, national ID, salary.
- Date: 2025-11-28T21:07:40Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Iraq-Agency-Of-intelligence-Federal-Investigation
- Screenshots:
- Threat Actors: Resolute
- Victim Country: Iraq
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches are prominent, affecting various sectors from financial services and education to healthcare and luxury goods, and impacting countries including Taiwan, the USA, Turkey, Georgia, India, Ukraine, Ireland, and Paraguay. The compromised data ranges from personal user information and credit card details to sensitive patient records and large financial investment databases.
Beyond data compromise, the report also reveals significant activity in ransomware, as seen with the attack on Valley View Independent School District, and the sale of initial access credentials targeting educational institutions. The presence of malware distribution, such as the Shoppy.gg checker, further underscores the availability of offensive capabilities in the cyber underground. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures to defend against a wide array of sophisticated and opportunistic attacks.