[November-29-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged sale of unauthorized RDWeb access to an unidentified organization in USA• Category: Initial Access• Content: Threat actor claims to be selling unauthorized RDWeb access to unidentified organization in USA.• Date: 2025-11-29T21:28:29Z• Network: openweb• Published URL: https://forum.exploit.biz/topic/271027/• Screenshots:https://d34iuop8pidsy8.cloudfront.net/151eeb8c-efa0-4e11-8005-85f007ac67e3.png• Threat Actors: samy01• Victim Country: USA• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  2. Alleged sale of AWS Amazon SES accounts and credentials• Category: Phishing• Content: Threat actor claims to be selling multiple compromised AWS SES (Simple Email Service) accounts with daily sending quotas ranging from 1 million to 20 million emails. The listing reportedly includes full console access, IAM administrative permissions, and SMTP credentials, enabling large-scale email campaigns such as phishing, spam, and bulk marketing. Access is allegedly obtained through unauthorized compromise of existing AWS accounts.• Date: 2025-11-29T21:14:23Z• Network: openweb• Published URL: https://demonforums.net/Thread-Selling-Amazon-SES-Stuff• Screenshots:https://d34iuop8pidsy8.cloudfront.net/f4782912-c3ab-42d1-936c-18561e86b98e.png• Threat Actors: office_365shop• Victim Country: Unknown• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  3. Chenango Valley Technologies, Inc. falls victim to Qilin ransomware• Category: Ransomware• Content: Group claims to have obtained organizations data.• Date: 2025-11-29T20:10:13Z• Network: tor• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=5a4cfe13-c4b0-3bf1-9217-7fd1212210c9• Screenshots:https://d34iuop8pidsy8.cloudfront.net/b5604cec-9a29-4ea0-801f-0a6ac592a76f.png• Threat Actors: Qilin• Victim Country: USA• Victim Industry: Plastics• Victim Organization: chenango valley technologies, inc.• Victim Site: chenangovalleytech.com
  4. CJW, Inc. falls victim to Qilin ransomware• Category: Ransomware• Content: Group claims to have obtained organizations data.• Date: 2025-11-29T20:04:41Z• Network: tor• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=60ea8de3-c528-334e-9115-25551e8fcfce• Screenshots:https://d34iuop8pidsy8.cloudfront.net/5bcf0f48-669d-4ae6-83a2-e61c23f24dcc.png• Threat Actors: Qilin• Victim Country: USA• Victim Industry: Food & Beverages• Victim Organization: cjw, inc.• Victim Site: cjwbeer.com
  5. Alleged data Breach of ministry of defense israel• Category: Data Breach• Content: The group claims to have leaked data of ministry of defense israel. The compromised data reportedly includes 48k email from the ministry of defense israel• Date: 2025-11-29T20:04:08Z• Network: telegram• Published URL: https://t.me/c/2878397916/231• Screenshots:https://d34iuop8pidsy8.cloudfront.net/4191d09e-291d-48e9-8c5c-78a585cb3c1c.pnghttps://d34iuop8pidsy8.cloudfront.net/b38ef826-8ae1-4937-a9c0-ca04731b6f92.png• Threat Actors: Hider_Nex• Victim Country: Israel• Victim Industry: Government Administration• Victim Organization: israel ministry of defense• Victim Site: mod.gov.il
  6. TBC Consoles falls victim to Qilin ransomware• Category: Ransomware• Content: Group claims to have obtained organizations data.• Date: 2025-11-29T19:58:49Z• Network: tor• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c9d2ba19-6aa1-3087-8773-f63d023179ed• Screenshots:https://d34iuop8pidsy8.cloudfront.net/24f3191e-1374-4a65-8665-efc50d93b6a3.png• Threat Actors: Qilin• Victim Country: USA• Victim Industry: Furniture• Victim Organization: tbc consoles• Victim Site: tbcconsoles.com
  7. Bomchil falls victim to Qilin ransomware• Category: Ransomware• Content: Group claims to have obtained organizations data.• Date: 2025-11-29T19:52:24Z• Network: tor• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9416311f-7129-38c6-9b3d-55836cb51e4b• Screenshots:https://d34iuop8pidsy8.cloudfront.net/699f517d-e07b-4a43-a4cd-a301c930e672.png• Threat Actors: Qilin• Victim Country: Argentina• Victim Industry: Legal Services• Victim Organization: bomchil• Victim Site: bomchil.com
  8. Asia Condominium Association falls victim to Qilin Ransomware• Category: Ransomware• Content: Group claims to have obtained 32 GB of organizations data.• Date: 2025-11-29T19:46:07Z• Network: tor• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2fffeac9-2164-30b1-b5c8-00b54c94e98a• Screenshots:https://d34iuop8pidsy8.cloudfront.net/3465d33e-c97b-49c0-b77a-9fcef363b3a4.png• Threat Actors: Qilin• Victim Country: USA• Victim Industry: Real Estate• Victim Organization: asia condominium association• Victim Site: asiamiamicondo.com
  9. Alleged Data Breach of Bachillerato del Estado de Hidalgo• Category: Data Breach• Content: The group claims to have leaked data from Bachillerato del Estado de Hidalgo. The compromised data reportedly contain Enrollment number, Name, Gender, Semester, Status, Date of birth, Group, Date of admission, Street Number, Phone, Locality, Postal code, Disability, Email.• Date: 2025-11-29T19:10:46Z• Network: telegram• Published URL: https://t.me/c/3211040888/178• Screenshots:https://d34iuop8pidsy8.cloudfront.net/38e4a2a2-b72f-4e36-b9a2-995356b14677.png• Threat Actors: Chronus leaks• Victim Country: Mexico• Victim Industry: Education• Victim Organization: bachillerato del estado de hidalgo• Victim Site: bachillerato-hgo.edu.mx
  10. Alleged sale of AV & EDR/XDR killer tool and source code• Category: Malware• Content: Threat actor claims to be selling an AV/EDR/XDR killer ,a malicious tool designed to disable antivirus (AV), endpoint detection and response (EDR), and extended detection and response (XDR) solutions along with its source code. The offering reportedly includes an undetected, Microsoft-signed driver capable of disabling multiple security solutions and terminating protected processes.• Date: 2025-11-29T18:53:14Z• Network: openweb• Published URL: https://forum.exploit.in/topic/271021/• Screenshots:https://d34iuop8pidsy8.cloudfront.net/30288317-e1f1-45da-b4d8-dce18e71b11d.png• Threat Actors: NightRaider• Victim Country: Unknown• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  11. GenZRisingNepal targets the website of KIST Medical College• Category: Defacement• Content: The group claims to have defaced the website of KIST Medical College• Date: 2025-11-29T18:13:14Z• Network: telegram• Published URL: https://t.me/ctrl_nepal/262• Screenshots:https://d34iuop8pidsy8.cloudfront.net/1b3d24d4-1946-4705-bb77-b2e2155115a4.png• Threat Actors: GenZRisingNepal• Victim Country: Nepal• Victim Industry: Hospital & Health Care• Victim Organization: kist medical college• Victim Site: kistmcth.edu.np
  12. Alleged data breach of izipay• Category: Data Breach• Content: The threat actor claims to have leaked a data from izipay. The compromised data reportedly contain 364,000 records including User ID, Full Name, Address, Email, Phone Number. Note: izipay was previously breached on July 2025• Date: 2025-11-29T17:56:25Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-IZIPAY-com-364K-Payment-Users-Fullname-Email-Phone-Address-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/313d892f-e11e-4e11-b5b0-a09b6d973ec1.png• Threat Actors: BreachLaboratory• Victim Country: Peru• Victim Industry: Financial Services• Victim Organization: izipay• Victim Site: izipay.pe
  13. Alleged Leak of Russian Citizen Personal Data• Category: Data Breach• Content: The threat actor claims to have leaked Russian Citizen Personal Data. The compromised data reportedly including number, name, address, phone number, Russian social insurance number, email.• Date: 2025-11-29T17:22:54Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-RUSSIAN-CITIZEN-DATABASE-%E2%9A%A1• Screenshots:https://d34iuop8pidsy8.cloudfront.net/96757851-b16b-4533-b7ec-4451c3fcd202.png• Threat Actors: Resolute• Victim Country: Russia• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  14. Alleged Data Breach of InCampus• Category: Data Breach• Content: The Group claims to have leaked data from InCampus. The compromised data reportedly contain students, teachers, and administrators database.• Date: 2025-11-29T17:22:27Z• Network: telegram• Published URL: https://t.me/MoroccanCyberSentinelsOfficial/1461• Screenshots:https://d34iuop8pidsy8.cloudfront.net/cfbb75f0-4ca1-45bd-8dc8-35725feac01d.pnghttps://d34iuop8pidsy8.cloudfront.net/ab2a5bbf-fa5b-44e5-89ed-c00edc7c11da.png• Threat Actors: Moroccan Cyber Sentinels• Victim Country: Singapore• Victim Industry: Information Technology (IT) Services• Victim Organization: incampus• Victim Site: incampus.com.sg
  15. asiawba falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 2.7 GB of the organization’s data.• Date: 2025-11-29T16:53:34Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/f94cf4f3-7164-43a6-8feb-346cb3b6d83a• Screenshots:https://d34iuop8pidsy8.cloudfront.net/fb20d726-da0e-4718-a268-4ca6c4ce68e6.png• Threat Actors: TridentLocker• Victim Country: Unknown• Victim Industry: Unknown• Victim Organization: asiawba• Victim Site: Unknown
  16. Alleged Data Breach of Federal Tax Service of Russia• Category: Data Breach• Content: The threat actor claims to have leaked data from Federal Tax Service of Russia. The compromised data reportedly contain 13,000,000 records including Full Name, Date of birth, Phone Number, SNILS, INN, Email.• Date: 2025-11-29T16:50:26Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-FNS-gov-ru-13M-Russian-Citizens-SNILS-INN-Phone-Email-DOB-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/29e9e704-8073-4099-82d9-4024fa0e480b.png• Threat Actors: BreachLaboratory• Victim Country: Russia• Victim Industry: Government Relations• Victim Organization: federal tax service of russia• Victim Site: nalog.gov.ru
  17. GuestTek Interactive Entertainment Ltd falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 126.98 GB of the organization’s data.• Date: 2025-11-29T16:42:05Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/7861298b-ba53-482e-9c9f-1a8ea73560af• Screenshots:https://d34iuop8pidsy8.cloudfront.net/c94278b1-c657-4c2a-8026-3f5523aa78c0.png• Threat Actors: TridentLocker• Victim Country: Canada• Victim Industry: Information Technology (IT) Services• Victim Organization: guesttek interactive entertainment ltd.• Victim Site: guesttek.com
  18. Advantage 360 falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 73.54 GB of the organization’s data.• Date: 2025-11-29T16:21:01Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/557b56ee-eb32-47c7-82f6-df6bca2a57c8• Screenshots:https://d34iuop8pidsy8.cloudfront.net/bc3e9bc5-3a55-415b-a84a-c5dbfc381638.png• Threat Actors: TridentLocker• Victim Country: USA• Victim Industry: Network & Telecommunications• Victim Organization: advantage 360• Victim Site: advantage360.com
  19. IQS, Inc falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 184.55 GB of the organization’s data.• Date: 2025-11-29T16:16:48Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/cf4c4631-df18-4c55-9dae-ecba8638a992• Screenshots:https://d34iuop8pidsy8.cloudfront.net/58abc9ba-0f0b-40af-8368-006d32708ccf.png• Threat Actors: TridentLocker• Victim Country: USA• Victim Industry: Software Development• Victim Organization: iqs, inc.• Victim Site: iqs.com
  20. LMG Holdings falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 27.28 GB of the organization’s data.• Date: 2025-11-29T16:12:49Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/56f7928c-c522-4499-9292-4ccf5de6a25f• Screenshots:https://d34iuop8pidsy8.cloudfront.net/5f5154ef-d8fc-49d9-9070-edbca105436f.png• Threat Actors: TridentLocker• Victim Country: USA• Victim Industry: Automotive• Victim Organization: lmg holdings• Victim Site: lmgholdings.com
  21. EnQuest falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 177.44 GB of the organization’s data.• Date: 2025-11-29T16:07:57Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/f0d60086-fec6-42af-a4ae-185c1e1d10e6• Screenshots:https://d34iuop8pidsy8.cloudfront.net/7de85131-86bd-4bf0-94ec-7ddd9f5bf516.png• Threat Actors: TridentLocker• Victim Country: UK• Victim Industry: Oil & Gas• Victim Organization: enquest• Victim Site: enquest.com
  22. Calmec falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 73.91 GB of the organization’s data.• Date: 2025-11-29T16:03:48Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/338eae6f-62e4-42df-b38a-28bd54987cb9• Screenshots:https://d34iuop8pidsy8.cloudfront.net/077a3577-1e4a-418a-a5ab-88315cdd4d29.png• Threat Actors: TridentLocker• Victim Country: Canada• Victim Industry: Manufacturing & Industrial Products• Victim Organization: calmec• Victim Site: calmec.com
  23. Typecase Marketing Resource, Inc falls victim to TridentLocker Ransomware• Category: Ransomware• Content: Group claims to have obtained 184.55 GB of the organization’s data.• Date: 2025-11-29T15:59:09Z• Network: tor• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/db746ab1-79d6-4fc6-8e75-07ebe37f26b7• Screenshots:https://d34iuop8pidsy8.cloudfront.net/63545081-bb2e-4306-8ef3-37ee9e21cb99.png• Threat Actors: TridentLocker• Victim Country: USA• Victim Industry: Marketing, Advertising & Sales• Victim Organization: typecase marketing resource, inc.• Victim Site: typecaseinc.com
  24. Alleged Data Breach of Walmart Canada• Category: Data Breach• Content: The threat actor claims to have leaked data from Walmart Canada. The compromised data reportedly contain 6,500,000 records including Name, Address Phone, Number.• Date: 2025-11-29T15:52:22Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-WALMART-CA-6-5M-Records-Canadian-Shopping-Data-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/6b97d8e5-37cd-49f7-aebe-5d4985581163.png• Threat Actors: BreachLaboratory• Victim Country: Canada• Victim Industry: Retail Industry• Victim Organization: walmart canada• Victim Site: walmart.ca
  25. Alleged Data Breach of BahanaTCW Investment Management• Category: Data Breach• Content: The threat actor claims to have leaked data from BahanaTCW Investment Management. The compromised data reportedly contain 700,000 records including Money Market Fund, Monthly Rate, Full name, Email Address, Gender, Phone Number, Residential Address.• Date: 2025-11-29T15:37:46Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-bahanatcw-com-Financial-Trust-Investment-700K-Records-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/cc03e67f-667e-4915-a976-dbf764309e64.png• Threat Actors: BreachLaboratory• Victim Country: Indonesia• Victim Industry: Financial Services• Victim Organization: bahanatcw investment management• Victim Site: bahanatcw.com
  26. Alleged Sale of Banks Data form France• Category: Data Breach• Content: The threat actor claims to have leaked Banks Data form France.• Date: 2025-11-29T15:14:32Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-%F0%9F%87%AB%F0%9F%87%B7French-banks-DB-avilable%F0%9F%87%AB%F0%9F%87%B7• Screenshots:https://d34iuop8pidsy8.cloudfront.net/85cd7c19-9181-4b7b-a8f5-10ff10f45321.png• Threat Actors: wiliafaly• Victim Country: France• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  27. Rasen Insaat Ve Yatirim Ticaret A.S. falls victim to BlackShrantac Ransomware• Category: Ransomware• Content: The group claims to have obtained 400 GB of the organization’s data. The compromised data reportedly includes financial information such as bank account details, transaction history, revenue, profits, and detailed financial performance. It also contains client and partner information, along with employee data, including personal employee details, salaries, bonuses, compensation structures, and visa application forms.• Date: 2025-11-29T14:54:25Z• Network: tor• Published URL: http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/33• Screenshots:https://d34iuop8pidsy8.cloudfront.net/62101ec1-c138-4115-b0e3-fe76d0fb53dc.jpghttps://d34iuop8pidsy8.cloudfront.net/9ce60f56-dc72-420e-99c9-cba4da22c758.jpg• Threat Actors: BlackShrantac• Victim Country: Turkey• Victim Industry: Building and construction• Victim Organization: rasen insaat ve yatirim ticaret a.s.• Victim Site: rasen.com.tr
  28. Badan Pengelola Keuangan Haji (BPKH) falls victim to BlackShrantac Ransomware• Category: Ransomware• Content: The group claims to have obtained 200 GB of the organization’s internal data, including personal and identification details, financial records, authentication and communication data, and administrative logs such as location information and access trails.• Date: 2025-11-29T14:44:22Z• Network: tor• Published URL: http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/32• Screenshots:https://d34iuop8pidsy8.cloudfront.net/08936c20-5187-4c67-99f4-6ec5d3e01997.pnghttps://d34iuop8pidsy8.cloudfront.net/456775c9-0f7d-4ed5-ba4b-4ff4f2f5ff87.png• Threat Actors: BlackShrantac• Victim Country: Indonesia• Victim Industry: Government Administration• Victim Organization: badan pengelola keuangan haji (bpkh)• Victim Site: bpkh.go.id
  29. Fire Wire claims to target Bangladesh• Category: Alert• Content: A recent post by the group indicates that they are targeting Bangladesh.• Date: 2025-11-29T14:31:06Z• Network: telegram• Published URL: https://t.me/firewirBackupChannel/155• Screenshots:https://d34iuop8pidsy8.cloudfront.net/f5987d8c-9485-469a-a9b0-8f09bafe843b.png• Threat Actors: Fire Wire• Victim Country: Bangladesh• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  30. Alleged shell access to Smart KIDS Abacus• Category: Defacement• Content: The group claims to have gained shell access to Smart KIDS Abacus.• Date: 2025-11-29T14:27:17Z• Network: telegram• Published URL: https://t.me/irfacyber/555• Screenshots:https://d34iuop8pidsy8.cloudfront.net/284ece81-8bab-48fd-af09-82c9f5f5f270.png• Threat Actors: SHADOWX• Victim Country: India• Victim Industry: Education• Victim Organization: smart kids abacus• Victim Site: smartkidsabacus.in
  31. D1$RUPT0R targets the website of Cyzric India Services• Category: Defacement• Content: The group claims to have defaced the website of Cyzric India Services.• Date: 2025-11-29T14:23:11Z• Network: openweb• Published URL: [https://defacer.id/mirror/id/212308](https://defacer.id/mirror/id/212308)• Screenshots:[https://d34iuop8pidsy8.cloudfront.net/0885217b-1e91-4b51-8a88-7b156b66d087.png](https://d34iuop8pidsy8.cloudfront.net/0885217b-1e91-4b51-8a88-7b156b66d087.png)• Threat Actors: D1$RUPT0R• Victim Country: India• Victim Industry: Software Development• Victim Organization: cyzric india services• Victim Site: cyzricindia.com
  32. D1$RUPT0R targets the website of puthuppallypally.in• Category: Defacement• Content: The group claims to have defaced the website of puthuppallypally.in.• Date: 2025-11-29T14:18:39Z• Network: openweb• Published URL: [https://defacer.id/mirror/id/212333](https://defacer.id/mirror/id/212333)• Screenshots:[https://d34iuop8pidsy8.cloudfront.net/becb827c-ce78-4a27-b1b3-385e71106f29.png](https://d34iuop8pidsy8.cloudfront.net/becb827c-ce78-4a27-b1b3-385e71106f29.png)• Threat Actors: D1$RUPT0R• Victim Country: India• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: puthuppallypally.in
  33. Alleged sale of backend access to Asteroom, Inc.• Category: Initial Access• Content: The group claims to be selling backend access to Asteroom, Inc.• Date: 2025-11-29T14:12:45Z• Network: telegram• Published URL: https://t.me/twoface_database/22• Screenshots:https://d34iuop8pidsy8.cloudfront.net/fb4154d9-a3d8-473d-b823-f0f8414a3cb3.png• Threat Actors: Two Face Shop• Victim Country: USA• Victim Industry: Real Estate• Victim Organization: asteroom, inc.• Victim Site: asteroom.com
  34. Terror targets the website of subaybayan.dilg.gov.ph• Category: Defacement• Content: The group claims to have defaced the website of subaybayan.dilg.gov.ph.• Date: 2025-11-29T14:12:10Z• Network: openweb• Published URL: https://defacer.id/mirror/id/212317• Screenshots:https://d34iuop8pidsy8.cloudfront.net/786d311f-33f5-4ea4-bd6f-bdad6f46852e.png• Threat Actors: Terror• Victim Country: Philippines• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: subaybayan.dilg.gov.ph
  35. Alleged sale of admin access to JABATAN PERKHIDMATAN VETERINAR SISTEM PENGURUSAN SUBSIDI AYAM DAN TELUR• Category: Initial Access• Content: The group claims to have selling admin access to JABATAN PERKHIDMATAN VETERINAR SISTEM PENGURUSAN SUBSIDI AYAM DAN TELUR in Malaysia.• Date: 2025-11-29T13:51:14Z• Network: telegram• Published URL: https://t.me/twoface_database/20• Screenshots:https://d34iuop8pidsy8.cloudfront.net/405bfcb7-fcb2-45a4-8103-fb650d7eac11.jpg• Threat Actors: Two Face Shop• Victim Country: Malaysia• Victim Industry: Veterinary• Victim Organization: jabatan perkhidmatan veterinar sistem pengurusan subsidi ayam dan telur• Victim Site: mysubsidi.dvs.gov.my
  36. SYLHET GANG-SG claims to target Morocco• Category: Alert• Content: A recent post by the group indicates that they are targeting Morocco.• Date: 2025-11-29T13:48:12Z• Network: telegram• Published URL: https://t.me/SylhetGangSG1/7145• Screenshots:https://d34iuop8pidsy8.cloudfront.net/0db2dfb7-9362-460e-965b-5e34aec1b10a.png• Threat Actors: SYLHET GANG-SG• Victim Country: Morocco• Victim Industry: Unknown• Victim Organization: Unknown• Victim Site: Unknown
  37. Dream Hack targets the website of Royal Public School• Category: Defacement• Content: The group claims to have defaced the website of Royal Public School.• Date: 2025-11-29T13:36:33Z• Network: openweb• Published URL: https://defacer.id/mirror/id/212345• Screenshots:https://d34iuop8pidsy8.cloudfront.net/682b5d59-1e07-479c-b246-0be5061784b5.jpg• Threat Actors: Dream Hack• Victim Country: India• Victim Industry: Education• Victim Organization: royal public school• Victim Site: royalpublic.in
  38. Alleged data sale of military-eligible citizen’s in Russia• Category: Data Breach• Content: The threat actor claims to be selling 30,000 records of military-eligible citizen’s data from Russia, allegedly containing full names, dates of birth, document numbers, full residential addresses, assigned УФМС departments, and regional military-eligibility metadata.• Date: 2025-11-29T13:34:01Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-%D0%A3%D0%A4%D0%9C%D0%A1-Military-Registry-2024-%C2%A0-Military%E2%80%91Eligible-Citizens-Full-Identit-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/da150bad-b5de-4ccd-962f-7b144793c410.png• Threat Actors: BreachLaboratory• Victim Country: Russia• Victim Industry: Military Industry• Victim Organization: Unknown• Victim Site: Unknown
  39. Dream Hack targets the website of Dronacharya School• Category: Defacement• Content: The group claims to have defaced the website of Dronacharya School.• Date: 2025-11-29T13:33:40Z• Network: openweb• Published URL: https://defacer.id/mirror/id/212356• Screenshots:https://d34iuop8pidsy8.cloudfront.net/3347f01c-a5c1-483e-8662-cc7d4f8277aa.png• Threat Actors: Dream Hack• Victim Country: India• Victim Industry: Education• Victim Organization: dronacharya school• Victim Site: dronacharyamubarikpur.com
  40. Alleged data sale of AtlasBus• Category: Data Breach• Content: The threat actor claims to be selling 300,000 records from AtlasBus. The compromised data reportedly includes user id, name, email, user score and more.• Date: 2025-11-29T13:28:36Z• Network: openweb• Published URL: https://darkforums.st/Thread-Selling-ATLASBUS-ru-300K-Russian-Bus-Booking-Users-Login-Full-Names-BreachLabs• Screenshots:https://d34iuop8pidsy8.cloudfront.net/1c5d3d67-476e-4141-8788-0b6570bf4e3c.png• Threat Actors: BreachLaboratory• Victim Country: Russia• Victim Industry: Transportation & Logistics• Victim Organization: atlasbus• Victim Site: atlasbus.ru

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and ransomware are prominent, affecting various sectors from education and government to finance and healthcare, and impacting countries including the USA, Russia, India, Canada, the UK, Indonesia, Israel, and numerous others across Asia and South America. The compromised data ranges from personal user information and credit card details to sensitive government records and corporate internal data.

Beyond data compromise, the report also reveals significant activity in initial access sales and website defacement, with threat actors offering unauthorized access to corporate networks and government portals. The sale of malware and specialized hacking tools further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts