[November-30-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged data breach of MagicSeller Korea

• Category: Data Breach
• Content: The threat actor claims to have leaked a data from MagicSeller Korea. The compromised data reportedly including Full names, Phone numbers, Phone numbers, IP addresses.
• Date: 2025-11-30T23:58:34Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-%E2%AD%90-magicseller-co-kr-Database-Korea-500K-%E2%AD%90)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/5817b6d7-b188-45b5-bb89-716f2bcb466e.png
• Threat Actors: AshleyWood2022
• Victim Country: South Korea
• Victim Industry: E-commerce & Online Stores
• Victim Organization: magicseller korea
• Victim Site: magicseller.co.kr

2. Cyber Mujahideen F16 claims to target UK

• Category: Alert
• Content: A recent post by the group claims that they are targeting UK.
• Date: 2025-11-30T23:54:56Z
• Network: telegram
• Published URL: (https://t.me/Cyber_Mujahideen/467)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/19ebcb53-1be1-4f19-a236-4cfca7a7c62f.png https://d34iuop8pidsy8.cloudfront.net/85e9aa54-6b7e-4639-981e-d36a0d4ebeee.png
• Threat Actors: Cyber Mujahideen F16
• Victim Country: UK
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

3. Alleged data breach of Medsi Group of Companies

• Category: Data Breach
• Content: The threat actor claims to have leaked a data from Medsi Group of Companies. The compromised data reportedly including Email addresses, Password, Phone numbers.
• Date: 2025-11-30T23:31:27Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-medsi-ru-database)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/abe1e3f6-ae05-4987-af65-ae5e34db77fa.png
• Threat Actors: Timaker
• Victim Country: Russia
• Victim Industry: Hospital & Health Care
• Victim Organization: medsi group of companies
• Victim Site: medsi.ru

4. Fun For Less Tours falls vicitm to ANUBIS Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data and they intend to publish it within 10-11 days.
• Date: 2025-11-30T23:09:23Z
• Network: tor
• Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/caM4jgcJ8ENBHxO2lXxJB5e4aPQ10vdCv0E85iD3M8ZgGyREQCrF3qtQR+ywlhdHYroY45UNG7ERgDTQNRobQ2U5MVhWY09t)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/fd367b07-cb86-4dd2-a1cd-67042b917841.png https://d34iuop8pidsy8.cloudfront.net/c3c8c268-d58c-4cba-b9e7-3a6d3b226306.png https://d34iuop8pidsy8.cloudfront.net/7962ba7d-9787-4525-aaa4-f4410060b877.png https://d34iuop8pidsy8.cloudfront.net/61d3d4a5-d2ce-4797-822a-9998118e591c.png
• Threat Actors: ANUBIS
• Victim Country: USA
• Victim Industry: Consumer Services
• Victim Organization: fun for less tours
• Victim Site: funforlesstours.com

5. Alleged Leak of Login Credentials from Master Certifiers

• Category: Initial Access
• Content: The group claims to have leaked Login Credentials from Master Certifiers.
• Date: 2025-11-30T22:32:50Z
• Network: telegram
• Published URL: (https://t.me/neffex_the_blackhat/49)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e1a1e07f-d000-4a73-bec7-f9d02715bf75.png
• Threat Actors: Neffex THe BlackHat
• Victim Country: Unknown
• Victim Industry: Professional Training
• Victim Organization: master certifiers
• Victim Site: mastercertifiers.com

6. Alleged leak of SWEDEN DATABASE

• Category: Data Breach
• Content: The threat actor claims to have leaked SWEDEN DATABASE.
• Date: 2025-11-30T22:25:09Z
• Network: openweb
• Published URL: (http://darkforums.st/Thread-Selling-SWEDEN-DATABASE-269K-rows)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/af5a8eb3-ab6b-4ea5-aa73-da5ebbb06bd0.png
• Threat Actors: socializer
• Victim Country: Sweden
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

7. jokeir 07x targets the website of National Office of Thermalism and Hydrotherapy

• Category: Defacement
• Content: The group claims to have defaced the organization’s website. Mirror: https://zone-xsec.com/mirror/id/768580
• Date: 2025-11-30T21:49:16Z
• Network: telegram
• Published URL: (https://t.me/DarK07xxxxxxx/292)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f786618b-3c0e-4fbf-855f-96ad341fe6c4.png
• Threat Actors: jokeir 07x
• Victim Country: Tunisia
• Victim Industry: Hospitality & Tourism
• Victim Organization: national office of thermalism and hydrotherapy
• Victim Site: hydrotherapie.tn

8. Alleged leak of database in Finland

• Category: Data Breach
• Content: The threat actor claims to have leaked database in Finland.
• Date: 2025-11-30T21:19:29Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Finland-DATABASE-136k-rows)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a0fafb27-0984-4131-9981-59b35f26cfef.png
• Threat Actors: socializer
• Victim Country: Finland
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

9. Alleged data breach of Mohmand Hospital

• Category: Data Breach
• Content: The group claims to have leaked the data from Mohmand Hospital. The compromised data reportedly include media and files related to the site.
• Date: 2025-11-30T20:28:15Z
• Network: telegram
• Published URL: (https://t.me/c/2691463074/151)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d4c12c34-2d41-4cb0-a4d0-ffc3c8c5d244.png https://d34iuop8pidsy8.cloudfront.net/75dc7a8a-2416-42bc-9cf4-561decebad7b.png
• Threat Actors: Zulfiqar Brigade
• Victim Country: Afghanistan
• Victim Industry: Hospital & Health Care
• Victim Organization: mohmand hospital
• Victim Site: mohmandhospital.com

10. Alleged access to Bangladesh Madrasah Education Board

• Category: Initial Access
• Content: The group claims to have access to Bangladesh Madrasah Education Board. Mirror: https://zone-h.org/mirror/id/41503278
• Date: 2025-11-30T19:59:00Z
• Network: telegram
• Published URL: (https://t.me/DarK07xxxxxxx/297)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/702773fd-5c21-43bb-99cb-0d2a4f89067e.png
• Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Government Administration
• Victim Organization: bangladesh madrasah education board
• Victim Site: ebmeb.gov.bd

11. Alleged data breach of Velikano

• Category: Data Breach
• Content: The group claims to have leaked the data from Velikano. The compromised data reportedly include More than 14k delivery addresses , names, phone numbers, emails.
• Date: 2025-11-30T18:46:11Z
• Network: telegram
• Published URL: (https://t.me/perunswaroga/808)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e5c43fda-5f69-4590-b1dc-63237a8e5e9d.png https://d34iuop8pidsy8.cloudfront.net/8b3cef2b-fe33-44a0-8651-9983a551d8d0.png
• Threat Actors: Perun Svaroga
• Victim Country: Ukraine
• Victim Industry: Food & Beverages
• Victim Organization: velikano
• Victim Site: velikano.com.ua

12. Alleged sale of CANADA BUSINESS INFORMATION DATA

• Category: Data Breach
• Content: Threat actor claims to be selling CANADA BUSINESS INFORMATION DATA.
• Date: 2025-11-30T17:44:35Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-CANADA-66K-FAMOUS-BUSINESS-INFORMATION-DATA)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/6199276f-5127-49a7-8406-a21fe8d0de2a.png
• Threat Actors: Shinchan
• Victim Country: Canada
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

13. ILCA Targhe s.r.l falls victim to Qilin ransomware

• Category: Ransomware
• Content: The group claims to have obtained organizations data.
• Date: 2025-11-30T16:28:03Z
• Network: tor
• Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3a47cbf8-d029-3df4-8c24-78acb14e0126)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ef0a7d07-fd19-4393-ae33-7bbb11561c78.png
• Threat Actors: Qilin
• Victim Country: Italy
• Victim Industry: Printing
• Victim Organization: ilca targhe s.r.l
• Victim Site: ilcatarghe.it

14. Alleged access to EIScontrol

• Category: Initial Access
• Content: The group claims to have access to the EIScontrol.
• Date: 2025-11-30T16:26:09Z
• Network: telegram
• Published URL: (https://t.me/c/2878397916/238)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f7a222d7-a43c-4fdb-ab7b-962ce7956904.png https://d34iuop8pidsy8.cloudfront.net/2bcac6f2-420a-4dfd-b868-d6a6963921b5.png
• Threat Actors: Hider_Nex
• Victim Country: Australia
• Victim Industry: Industrial Automation
• Victim Organization: eiscontrol
• Victim Site: eiscontrol.com.au

15. Veton falls victim to Qilin ransomware

• Category: Ransomware
• Content: The group claims to have obtained organizations data.
• Date: 2025-11-30T16:17:43Z
• Network: tor
• Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8ed8e01e-7dec-31c5-b5f0-1ae3532a6c8d)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/76dae380-6745-4087-bb36-4dbbcf7295b2.png
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: veton
• Victim Site: veton.ai

16. Alleged leak of unidentified database in Canada

• Category: Data Breach
• Content: The threat actor claims to have leaked unidentified database in Canada. The compromised data reportedly contain 134684 name, last name, date of birth,phone number, city,province,street,area,postal code,gender and occupation.
• Date: 2025-11-30T14:44:06Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Document-Canada-DATABASE-134k-rows)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/64b14c7f-1bf3-43b4-ad40-20c684889147.jpg
• Threat Actors: socializer
• Victim Country: Canada
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

17. Alleged sale of Coinbase verified database in USA

• Category: Data Breach
• Content: The threat actor is offering to sell Coinbase verified database in USA.
• Date: 2025-11-30T14:38:07Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%BA%F0%9F%87%B8US-Coinbase-verified-DB-avilable-for-sale%F0%9F%87%BA%F0%9F%87%B8)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/27aac4dd-b273-45f0-af07-fccd20bfcb96.jpg
• Threat Actors: wiliafaly
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

18. Alleged sale of 300M USA citizen data

• Category: Data Breach
• Content: The threat actor is offering to sell 300M USA citizen data.
• Date: 2025-11-30T14:34:44Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%BA%F0%9F%87%B8US-full-300-mill-citizen-leads-avilable)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8e340144-4432-4324-bfb5-8335b5d6e3c3.jpg
• Threat Actors: wiliafaly
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

19. Alleged data breach of ExeVision, Inc

• Category: Data Breach
• Content: The threat actor claims to have leaked source code and data bases of ExeVision, Inc.
• Date: 2025-11-30T14:30:11Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Source-Code-ExeVision-Data-Breach-Leaked-Download)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/34efa694-2934-4cca-a44f-54bf9d28e0a9.jpg
• Threat Actors: 888
• Victim Country: Jordan
• Victim Industry: Software Development
• Victim Organization: exevision, inc
• Victim Site: exevision.com

20. BekasiRootSec targets the website of Love Star Humanitarian Foundation

• Category: Defacement
• Content: The group claims to have defaced the website of Love Star Humanitarian Foundation.
• Date: 2025-11-30T14:29:12Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212406)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/41b514fa-5aa9-4b92-b6b3-7151cb1ce423.jpg
• Threat Actors: BekasiRootSec
• Victim Country: Nigeria
• Victim Industry: Non-profit & Social Organizations
• Victim Organization: love star humanitarian foundation
• Victim Site: lovestarhumanitarian.com

21. Alleged Unauthorized Access to an Industrial Emissions Monitoring System in Vietnam

• Category: Initial Access
• Content: The group claims to have gained access to the emissions-monitoring control system of the NHÀ MÁY XI MĂNG PHÚ TÂN cement plant in Vietnam. The accessed system reportedly oversees real-time monitoring of industrial emissions.
• Date: 2025-11-30T14:25:20Z
• Network: telegram
• Published URL: (https://t.me/n2LP_wVf79c2YzM0/2613)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/bd4d8dcd-5d13-410f-933e-e025312c0355.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Vietnam
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

22. Alleged data breach of multiple organizations in Bangladesh

• Category: Data Breach
• Content: The group claims to have breached several government, educational, healthcare, and corporate networks in Bangladesh, allegedly gaining administrative access, internal infrastructure details, and other operational information. NB: The authenticity of the post is not verified.
• Date: 2025-11-30T14:19:02Z
• Network: telegram
• Published URL: (https://t.me/LulzSecHackers/59)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/248f2af7-5209-445e-80f0-9e3850f811b2.png https://d34iuop8pidsy8.cloudfront.net/b4476f0a-c81a-494f-853a-d926dbc4a758.png https://d34iuop8pidsy8.cloudfront.net/44e0cf48-bd22-4999-b2aa-f8d67b4701d5.png https://d34iuop8pidsy8.cloudfront.net/5a67febc-bc5c-4080-9b5b-4ef10e73597a.png https://d34iuop8pidsy8.cloudfront.net/5dcece8e-4a7c-4bf5-a5bb-fb7346e15a71.png https://d34iuop8pidsy8.cloudfront.net/73b19afb-ae25-4040-a8d6-d2d8b304b518.png https://d34iuop8pidsy8.cloudfront.net/49fd6239-467d-4dbe-8f59-b370eff48d25.png https://d34iuop8pidsy8.cloudfront.net/de8fda3c-a20d-4b02-b7f3-83539f8bc56b.png https://d34iuop8pidsy8.cloudfront.net/8aba798f-2084-4eed-bcb2-c16bff700d7d.png
• Threat Actors: LulzSec Hackers
• Victim Country: Bangladesh
• Victim Industry: Education
• Victim Organization: bracnet limited
• Victim Site: bracnet.net

23. Alleged data breach of ROSENHEIM MAKOM ARCHITECTS LTD

• Category: Data Breach
• Content: The group claims to have leaked data of ROSENHEIM MAKOM ARCHITECTS LTD.
• Date: 2025-11-30T14:16:53Z
• Network: telegram
• Published URL: (https://t.me/Gaza_Children_Hackers/417)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/664f1ce5-9590-49e3-8c7a-66c00eea2b70.png https://d34iuop8pidsy8.cloudfront.net/e443d355-5c96-4cea-b477-ebae003b944a.png
• Threat Actors: Gaza Children’s Group
• Victim Country: Israel
• Victim Industry: Architecture & Planning
• Victim Organization: rosenheim makom architects ltd
• Victim Site: makomarc.co.il

24. UNITYFORCETEAM targets the website of SellersBox

• Category: Defacement
• Content: The group claims to have defaced the website of SellersBox, Attributing the attack to its member zyfnar.
• Date: 2025-11-30T13:42:34Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212405)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/63bdada4-66e0-4402-b8b7-5b0e8a5f23a0.png
• Threat Actors: UNITYFORCETEAM
• Victim Country: Canada
• Victim Industry: Real Estate
• Victim Organization: sellersbox
• Victim Site: sellersbox.ca

25. Alleged data sale of Sportsmaster

• Category: Data Breach
• Content: The threat actor claims to be selling 41,000,000 records of data from Sportsmaster. The compromised data reportedly contain information including phone number, email, name, birth day and address.
• Date: 2025-11-30T12:46:56Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Sportmaster-ru-41M-Brand-Sport-Goods-Users-Full-Phone-DOB-Email-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/7a514fd9-95ed-44ee-8fde-73c2443f92b7.jpg https://d34iuop8pidsy8.cloudfront.net/f655a2a0-efd2-4a76-84ef-e81a6a7ca1b4.jpg
• Threat Actors: BreachLaboratory
• Victim Country: Russia
• Victim Industry: Sporting Goods
• Victim Organization: sportsmaster
• Victim Site: sportmaster.ru

26. Alleged data sale of India International Exchange (IFSC) Ltd (India INX)

• Category: Data Breach
• Content: The threat actor claims to be selling 2,300,000 records of data from India International Exchange (IFSC) Ltd (India INX). The compromised data reportedly contain information including full name , phone number , full address , city , approximate age , held funds , bse value , float percentage , credit score , code , company name , isin code , closing value , margin requirement , phone number , email address , floating p/l , fundraising amount , full address , city and additional unknown field.
• Date: 2025-11-30T12:38:40Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-indiainx-com%C2%A0-2-3M-Verified-Investors-Full-ISIN%C2%A0-Credit-Score-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/43d1ac6d-3f74-490c-bf26-732961ad7322.jpg https://d34iuop8pidsy8.cloudfront.net/fe49a00f-d7b0-443e-8d2c-baaf7b5ff7a1.jpg
• Threat Actors: BreachLaboratory
• Victim Country: India
• Victim Industry: Financial Services
• Victim Organization: india international exchange (ifsc) ltd (india inx)
• Victim Site: indiainx.com

27. Alleged data sale of Rakuten Securities

• Category: Data Breach
• Content: The threat actor claims to be selling 1,500,000 records of data from Rakuten Securities. The compromised data reportedly contain information including currency pair , date of birth , full name , gender , address , yield rate , investment term , margin requirement , phone number , email address , floating p/l , fundraising amount , full address , city and additional unknown field.
• Date: 2025-11-30T12:27:56Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-rakuten-sec-co-jp%C2%A0-1-5M-Verified-Online-Investors-Full-Yield-DOB%C2%A0-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/5943a9f6-6e9b-4862-ba6e-1f98a419f77a.jpg https://d34iuop8pidsy8.cloudfront.net/90f12cba-572d-450f-bd29-59978f888559.jpg
• Threat Actors: BreachLaboratory
• Victim Country: Japan
• Victim Industry: Financial Services
• Victim Organization: rakuten securities
• Victim Site: rakuten-sec.co.jp

28. Alleged data sale of Kuwait Investment Company

• Category: Data Breach
• Content: The threat actor claims to be selling 640,000 records of data from Kuwait Investment Company. The compromised data reportedly contain information including full name , investment type , email address , fund subscription , financial status ,full date of birth , phone number , full address , city and additional unknown field.
• Date: 2025-11-30T12:19:40Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-kic-com-kw-640K-Investment-Clients-Phone-DOB-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/6bd55793-40d7-478c-b0dd-f8a116418042.jpg https://d34iuop8pidsy8.cloudfront.net/4888bd0d-f588-4dd7-ba49-4b374570cbc9.jpg
• Threat Actors: BreachLaboratory
• Victim Country: Kuwait
• Victim Industry: Investment Management, Hedge Fund & Private Equity
• Victim Organization: kuwait investment company
• Victim Site: kic.com.kw

29. Alleged data sale of 1Win in multiple countries

• Category: Data Breach
• Content: The threat actor claims to be selling 180,000,000 records of data from 1Win. The compromised data reportedly contain information including email , phone number , user id , password hash , credential string , country , registration timestamp , ip address and additional unknown field.
• Date: 2025-11-30T12:08:27Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-1win-com-180M-Users-Sports-Betting-Gambling-Full-DB-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a584caf0-0f26-48ed-83a4-dd90333878c9.jpg
• Threat Actors: BreachLaboratory
• Victim Country: Unknown
• Victim Industry: Gambling & Casinos
• Victim Organization: 1win
• Victim Site: 1win.com

30. UNITYFORCETEAM targets the website of MTs Negeri 2 Tegal

• Category: Defacement
• Content: The group claims to have defaced the website of MTs Negeri 2 Tegal.
• Date: 2025-11-30T12:05:31Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212402)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d003ffda-d403-4223-9727-7e436747bd6d.jpg
• Threat Actors: UNITYFORCETEAM
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: mts negeri 2 tegal
• Victim Site: info.mtsn2tegal.sch.id

31. Alleged data sale of UBS

• Category: Data Breach
• Content: The threat actor claims to be selling 10,000,000 records of data from UBS. The compromised data reportedly contain information including full name , year of birth , state and city , full address , postal code , phone number and email address.
• Date: 2025-11-30T12:01:17Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-UBS-Group-10M-Financial-Investors-Securities-Clients-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2ce91e57-47a4-4ab0-ac22-a09e3c077300.jpg https://d34iuop8pidsy8.cloudfront.net/dc7658e2-16ef-42bc-a35a-f7401b5d3e6f.jpg
• Threat Actors: BreachLaboratory
• Victim Country: Switzerland
• Victim Industry: Financial Services
• Victim Organization: ubs
• Victim Site: ubs.com

32. Alleged data sale of Tastytrade

• Category: Data Breach
• Content: The threat actor claims to be selling 2,500,000 records of data from Tastytrade. The compromised data reportedly contain information including first name, last name, address, city, phone number, opening commission, commission cap, options product, birthday, rating, email, and ip address.
• Date: 2025-11-30T11:53:52Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Tastytrade-com-2-5M-Investors-Dataset-Self-Directed-Trading-Leads-BreachLabs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/6689f214-455f-418d-99c4-b276ec433648.jpg https://d34iuop8pidsy8.cloudfront.net/603811e1-444b-4ba7-9550-49bfda6bafb9.jpg
• Threat Actors: BreachLaboratory
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: tastytrade
• Victim Site: tastytrade.com

33. UNITYFORCETEAM targets the website of SMK Negeri 64 Jakarta

• Category: Defacement
• Content: The group claims to have defaced the website of SMK Negeri 64 Jakarta.
• Date: 2025-11-30T11:52:02Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212384)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/cbc5041b-b3ef-4d10-b13e-e179776e0dbc.jpg
• Threat Actors: UNITYFORCETEAM
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: smk negeri 64 jakarta
• Victim Site: smkn64-jkt.sch.id

34. UNITYFORCETEAM targets the website of SMP MUHAMMADIYAH 2 PURWOKERTO.

• Category: Defacement
• Content: The group claims to have defaced the website of SMP MUHAMMADIYAH 2 PURWOKERTO.
• Date: 2025-11-30T11:40:37Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212383)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/36838307-a54a-40dd-87d6-9ede64175b41.png
• Threat Actors: UNITYFORCETEAM
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: smp muhammadiyah 2 purwokerto.
• Victim Site: smpmuh2pwt.sch.id

35. Alleged data leak of Palma Seguros

• Category: Data Breach
• Content: The threat actor claims to be leaked 334 customers credit card details from Palma Seguros.
• Date: 2025-11-30T11:02:45Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Document-Palmacompany-com-Customer-Credit-Cards)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2b32fc55-bd61-4b71-952b-75e296ff2a25.jpg https://d34iuop8pidsy8.cloudfront.net/75c3aa17-ccdb-46d5-853a-bc8dbc733b07.jpg
• Threat Actors: Brazzers
• Victim Country: Panama
• Victim Industry: Insurance
• Victim Organization: palma seguros
• Victim Site: palmacompany.com

36. Reaper Byte Philippines targets the website of Consormon Yamaha

• Category: Defacement
• Content: The Group claims to have defaced the website of Consormon Yamaha.
• Date: 2025-11-30T10:35:26Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212385)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/25f2073e-0d62-4eeb-be8f-288e33daffc7.jpg
• Threat Actors: Reaper Byte Philippines
• Victim Country: Brazil
• Victim Industry: Automotive
• Victim Organization: consormon yamaha
• Victim Site: consormonyamaha.com.br

37. BekasiRootSec targets the website of Micromils

• Category: Defacement
• Content: The group claims to have defaced the website of Micromils, Attributing the attack to its member ./SanzzXploit.
• Date: 2025-11-30T10:09:45Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212386)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/97674574-760b-4f10-a32b-8de28d4bd73b.png
• Threat Actors: BekasiRootSec
• Victim Country: Brazil
• Victim Industry: Facilities Services
• Victim Organization: micromils
• Victim Site: micromils.com.br

38. Alleged database leak of Human Resources Development Agency (BKPSDM) of Mojokerto Regency

• Category: Data Breach
• Content: A threat actor claims to have leaked the database of Human Resources Development Agency (BKPSDM) of Mojokerto Regency.
• Date: 2025-11-30T10:06:32Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-LEAKED-%F0%9D%99%81%F0%9D%99%8D%F0%9D%99%80%F0%9D%99%8E%F0%9D%99%83-ASN-MOJOKERTO-INDONESIA-BY-DarkHandshake)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/1241c5e2-95ce-4efd-bec2-2dea3c09ac25.jpg
• Threat Actors: darkHandshake
• Victim Country: Indonesia
• Victim Industry: Government Administration
• Victim Organization: human resources development agency of mojokerto regency
• Victim Site: bkpsdm.mojokertokab.go.id

39. Alleged data sale of Association of Universities for Research in Astronomy

• Category: Data Breach
• Content: The threat actor claims to have selling 296 Corporate Users data from Association of Universities for Research in Astronomy in USA. The compromised data reportedly contain names, emails, pass and registration dates, also in this breach some major astronomy organizations were breached. Other breached astronomy organizations were NOIRLab (noirlab.edu), Vera C. Rubin Observatory(lsst.org), National Solar Observatory(nso.edu) and other AURA-associated astronomy centers.
• Date: 2025-11-30T09:36:01Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-AURA-ASTRONOMY-ORG-976-CORPORATE-USERS-Names-Emails-Pass-Hashed)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b4f60cf9-22a2-4959-b4cc-352deeb89b0f.jpg https://d34iuop8pidsy8.cloudfront.net/ac8def94-72ec-492e-ab04-cdbd96c58676.jpg
• Threat Actors: innocentzero
• Victim Country: USA
• Victim Industry: Research Industry
• Victim Organization: association of universities for research in astronomy
• Victim Site: aura-astronomy.org

40. Alleged data sale of Connector Dubai

• Category: Data Breach
• Content: The threat actor claims to have selling data from Connector Dubai. The compromised data reportedly contain id, email, answer, first name, last name, age group, gender, nationality , mobile, emirate, entry date, competition id and others.
• Date: 2025-11-30T09:17:52Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-UAE-Connector-ae-Database-%C2%A0United-Arab-Emirates-240K)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/56035d18-5ab5-4bb9-84a8-22a80c314e97.jpg https://d34iuop8pidsy8.cloudfront.net/b4011f98-e6d0-443a-a5cd-cbf1f784b7ac.jpg
• Threat Actors: wizard
• Victim Country: UAE
• Victim Industry: Online Publishing
• Victim Organization: connector dubai
• Victim Site: connector.ae

41. Alleged leak of SQL injection vulnerability in Rohini Vivah Sanstha

• Category: Vulnerability
• Content: Group claims to leaked a SQL injection vulnerability in the website of Rohini Vivah Sanstha.
• Date: 2025-11-30T08:30:13Z
• Network: telegram
• Published URL: (https://t.me/crewcyber/330)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/3078e012-9add-4b33-be2e-6b8442f225c4.png
• Threat Actors: 404 CREW CYBER TEAM
• Victim Country: India
• Victim Industry: Social Media & Online Social Networking
• Victim Organization: rohini vivah sanstha
• Victim Site: myrohini.com

42. Alleged leak of admin credentials of JeelFlow

• Category: Initial Access
• Content: The group claims to have leaked admin credentials of JeelFlow.
• Date: 2025-11-30T08:00:55Z
• Network: telegram
• Published URL: (https://t.me/crewcyber/331)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/aae2cf1d-f859-4f7a-b4e7-acda1d5b8f50.png
• Threat Actors: 404 CREW CYBER TEAM
• Victim Country: India
• Victim Industry: Manufacturing
• Victim Organization: jeelflow
• Victim Site: jeelflow.com

43. Alleged Unauthorized Access to Thanh Cong Cement Plant 3 Systems in Vietnam

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to systems at the Thanh Cong Cement Plant 3 in Vietnam.
• Date: 2025-11-30T07:58:02Z
• Network: telegram
• Published URL: (https://t.me/n2LP_wVf79c2YzM0/2611)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/6cab4783-6ac7-47a0-88b3-adcda44d961a.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Vietnam
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

44. Battaglioli falls victim to Qilin ransomware

• Category: Ransomware
• Content: The group claims to have obtained organizations data.
• Date: 2025-11-30T07:52:37Z
• Network: tor
• Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=fa1557cb-0588-3004-890e-6b87b6697283)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/83fb1f06-7163-46f9-adb6-6ff21b710b76.jpg
• Threat Actors: Qilin
• Victim Country: Italy
• Victim Industry: Electrical & Electronic Manufacturing
• Victim Organization: battaglioli
• Victim Site: battaglioli.it

45. Alleged database leak of Slate & Tell

• Category: Data Breach
• Content: The threat actor claims to be leaked 500K database from Slate & Tell. The leaked data reportedly contains Email Password and number password.
• Date: 2025-11-30T07:11:46Z
• Network: openweb
• Published URL: (https://xss.pro/threads/144528/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/71d38b5c-928c-4d34-bf07-f075eac758e2.jpg
• Threat Actors: system45
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: slate & tell
• Victim Site: shopslateandtell.com

46. 404 CREW CYBER TEAM targets the website of Wings of Tatev

• Category: Defacement
• Content: The group claims to have defaced the website of Wings of Tatev, Attributing the attack to its member Lost32x.
• Date: 2025-11-30T07:07:55Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212372)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8a888e20-5bb4-406e-b278-2018dd4bbf8a.png
• Threat Actors: 404 CREW CYBER TEAM
• Victim Country: Armenia
• Victim Industry: Hospitality & Tourism
• Victim Organization: wings of tatev
• Victim Site: tatever.am

47. Division 10, Inc. falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 126.74 GB of organization’s data and they intend to publish it within a day.
• Date: 2025-11-30T06:54:56Z
• Network: tor
• Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/58be7e59-9fb6-4d3b-8ae8-f88d306c542a.png
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: division 10, inc.
• Victim Site: division10inc.com

48. Pharaoh’s Team targets the website of Syria Jobs Network

• Category: Defacement
• Content: The group claims to have targeted the websites of Syria Jobs Network and its subdomain.
• Date: 2025-11-30T06:22:45Z
• Network: telegram
• Published URL: (https://t.me/Pharaohs_n/391)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/7752ab15-b077-45b5-a354-f7f1142f5614.png
• Threat Actors: Pharaoh’s Team
• Victim Country: Syria
• Victim Industry: Human Resources
• Victim Organization: syria jobs network
• Victim Site: jobsyria.org

49. KAL EGY 319 targets the website of Happy crackers

• Category: Defacement
• Content: The group claims to have targeted the website of Happy crackers. Mirror Link : https://zone-xsec.com/mirror/id/768399
• Date: 2025-11-30T06:15:57Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/60)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/00d0db69-9c23-456c-a294-bf09551811e4.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Retail Industry
• Victim Organization: happy crackers
• Victim Site: happycrackerssivakasi.com

50. JavaneseTeam targets the website of East Azerbaijan Science and Technology Park

• Category: Defacement
• Content: The group claims to have defaced the website of East Azerbaijan Science and Technology Park.
• Date: 2025-11-30T06:14:23Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212368)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b5d10598-a6d5-4885-ac5e-f4a394a20dee.png
• Threat Actors: JavaneseTeam
• Victim Country: Iran
• Victim Industry: Information Technology (IT) Services
• Victim Organization: east azerbaijan science and technology park
• Victim Site: fanavaran.eastp.ir

51. KAL EGY 319 targets the website of Gowtham Crackers

• Category: Defacement
• Content: The group claims to have targeted the website of Gowtham Crackers. Mirror Link : https://zone-xsec.com/mirror/id/768398
• Date: 2025-11-30T06:12:23Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/59)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/0dcc5d70-c2e1-4680-8057-207a84b1cb57.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Retail Industry
• Victim Organization: gowtham crackers
• Victim Site: gowthamcrackers.net

52. KAL EGY 319 targets the website Ganapathi Agencies

• Category: Defacement
• Content: The group claims to have targeted the website of Ganapathi Agencies. Mirror Link : https://zone-xsec.com/mirror/id/768395
• Date: 2025-11-30T06:08:06Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/59)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2316e19d-d742-4da3-987c-705d5bfa0126.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Retail Industry
• Victim Organization: ganapathi agencies
• Victim Site: ganapathiagencies.com

53. KAL EGY 319 targets Bairav Balaji Cracker website in India

• Category: Defacement
• Content: The group claims to have defaced Bairav Balaji Cracker website in India. Mirror Link : https://zone-xsec.com/mirror/id/768393
• Date: 2025-11-30T06:03:21Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/57)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/da244f9e-063a-4e8e-bb01-cb9bfbc4acd5.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Retail Industry
• Victim Organization: bairav balaji cracker
• Victim Site: bairavbaalajicracker.com

54. KAL EGY 319 targets the website of Bahavan Agencies

• Category: Defacement
• Content: The group claims to have defaced the website of Bahavan Agencies. Mirror link : https://zone-xsec.com/mirror/id/768394
• Date: 2025-11-30T06:00:54Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/58)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/26508be8-f357-4bbd-9cd1-098720e71a36.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Retail Industry
• Victim Organization: bahavan agencies
• Victim Site: bahavanagencies.in

55. 404 CREW CYBER TEAM targets the website of Greenville Beauty Box

• Category: Defacement
• Content: The group claims to have targeted the website of Greenville Beauty Box.
• Date: 2025-11-30T05:54:36Z
• Network: telegram
• Published URL: (https://t.me/crewcyber/328)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2dc5d12d-b81e-440c-a57b-09e6587a11dd.png
• Threat Actors: 404 CREW CYBER TEAM
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: greenville beauty box
• Victim Site: greenvillebeautybox.com

56. JavaneseTeam targets the website of Arraba Ilqar Company

• Category: Defacement
• Content: Group claims to have defaced the website of Arraba Ilqar Company.
• Date: 2025-11-30T04:55:52Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212376)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4bbc1c88-95b4-4fad-9cb0-eaaed08364a2.png
• Threat Actors: JavaneseTeam
• Victim Country: Iran
• Victim Industry: Manufacturing
• Victim Organization: arraba ilqar company
• Victim Site: ilgarsanat.com

57. Alleged data breach of France Connect

• Category: Data Breach
• Content: The group claims to have leaked data of France Connect Database. NB: The authenticity of the claim is yet to be verified.
• Date: 2025-11-30T04:34:32Z
• Network: openweb
• Published URL: (https://leakbase.la/threads/france-travail-france-connect.46664/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2112764d-bad3-45c6-838d-984a7f6bdaa6.png
• Threat Actors: babacam
• Victim Country: France
• Victim Industry: Information Technology (IT) Services
• Victim Organization: france connect
• Victim Site: franceconnect.gouv.fr

58. KAL EGY 319 targets multiple websites in India

• Category: Defacement
• Content: The group claims to have defaced multiple websites in India. Mirror Link : https://zone-xsec.com/mirror/id/768393
• Date: 2025-11-30T04:14:41Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/55)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4af1a517-6c6a-4605-8b84-eb30e3f419bb.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

59. Alleged Data Leak of Paraguayan Government

• Category: Data Breach
• Content: The threat group claims to have leaked a large cache of sensitive data belonging to the Paraguayan government. The alleged breach includes tariff documents, government planning files, court records, and other confidential state materials.
• Date: 2025-11-30T04:06:49Z
• Network: telegram
• Published URL: (https://t.me/order403/34)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f6d07ed3-d252-4cef-ac17-42688c18afed.png
• Threat Actors: Order403
• Victim Country: Paraguay
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

60. Alleged sale of unauthorized admin access to unidentified Sweets & Bakery Shop in UK

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified Sweets & Bakery Shop.
• Date: 2025-11-30T03:56:33Z
• Network: openweb
• Published URL: (https://forum.exploit.biz/topic/271035/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/209d1bcf-5671-4e85-a57d-37f4dd7f7a73.png
• Threat Actors: Shopify
• Victim Country: UK
• Victim Industry: Retail Industry
• Victim Organization: Unknown
• Victim Site: Unknown

61. Alleged sale of unauthorized admin access to unidentified fruit shop in Singapore

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified fruit shop in Singapore.
• Date: 2025-11-30T03:48:24Z
• Network: openweb
• Published URL: (https://forum.exploit.biz/topic/271038/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4749030e-9369-4bd5-a270-9e835adc0f72.png
• Threat Actors: Shopify
• Victim Country: Singapore
• Victim Industry: Retail Industry
• Victim Organization: Unknown
• Victim Site: Unknown

62. Alleged sale of unauthorized admin access to unidentified Delivery shop in Australia

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified Delivery shop in Australia.
• Date: 2025-11-30T03:43:40Z
• Network: openweb
• Published URL: (https://forum.exploit.biz/topic/271037/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c656d68f-8690-4cfe-990d-462700762de4.png
• Threat Actors: Shopify
• Victim Country: Australia
• Victim Industry: Retail Industry
• Victim Organization: Unknown
• Victim Site: Unknown

63. Alleged sale of unauthorized admin access to unidentified gift shop in Morocco

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified gift shop in Morocco.
• Date: 2025-11-30T03:35:33Z
• Network: openweb
• Published URL: (https://forum.exploit.biz/topic/271034/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4e6f5efc-c945-49d6-9dcf-8df3821d4fb7.png
• Threat Actors: Shopify
• Victim Country: Morocco
• Victim Industry: E-commerce & Online Stores
• Victim Organization: Unknown
• Victim Site: Unknown

64. Dream Hack targets the website of Accevate Technologies

• Category: Defacement
• Content: The group claims to have defaced the website of Accevate Technologies.
• Date: 2025-11-30T03:32:47Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212335)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/3a41587b-ec64-4eea-822f-0e2a62af10ec.png
• Threat Actors: Dream Hack
• Victim Country: India
• Victim Industry: Information Technology (IT) Services
• Victim Organization: accevate technologies
• Victim Site: accevate.in

65. Alleged sale of unauthorized access to a German based Magento e-commerce platform

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized access to a German-based Magento e-commerce platform, including SQL database access and the administrative control panel.
• Date: 2025-11-30T03:30:50Z
• Network: openweb
• Published URL: (https://forum.exploit.biz/topic/271031/)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/18d3a7ef-3dff-4f79-91e0-3b4d90594094.png
• Threat Actors: JustAnon69
• Victim Country: Germany
• Victim Industry: E-commerce & Online Stores
• Victim Organization: Unknown
• Victim Site: Unknown

66. JavaneseTeam targets the website of East Azerbaijan Province Science and Technology Park.

• Category: Defacement
• Content: The group claims to have defaced the organization’s website.
• Date: 2025-11-30T03:25:12Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212370)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d3e14560-f559-4ddc-83f1-84ca325d021d.png
• Threat Actors: JavaneseTeam
• Victim Country: Iran
• Victim Industry: Business and Economic Development
• Victim Organization: east azerbaijan province science and technology park
• Victim Site: old.eastp.ir

67. Alleged data sale of Instituto Nacional de Transporte Terrestre (INTT)

• Category: Data Breach
• Content: Threat actor claims to be selling 8.5M records from Instituto Nacional de Transporte Terrestre (INTT) which includes politicians and key government figures and direct internal server dump vulnerability. NB: The organization was previously breached on March 06, 2025.
• Date: 2025-11-30T03:22:03Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%9A%A8%F0%9F%92%A5%F0%9F%92%AFFOR-SALE-Venezuela-INTT-Driver-s-License-Database-%E2%80%93-8-5M-records%F0%9F%92%AF%F0%9F%92%A5%F0%9F%9A%A8)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/632ff07c-453f-4a89-bd03-f7361eb6e2a7.png https://d34iuop8pidsy8.cloudfront.net/5dc345f4-076a-408f-b8da-dcaab4310176.png https://d34iuop8pidsy8.cloudfront.net/5c2aba2a-6cc1-4420-94ed-39f316575d4b.png
• Threat Actors: HvcKMvsoneria33
• Victim Country: Venezuela
• Victim Industry: Government Administration
• Victim Organization: instituto nacional de transporte terrestre (intt)
• Victim Site: intt.gob.ve

68. Piniy XploitSec target the website of Al Bahja Group

• Category: Defacement
• Content: The group claims to have defaced the website of Al Bahja Group.
• Date: 2025-11-30T03:20:09Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212364)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/94def9ab-d1fb-419a-ba98-afc7fe5e07dd.png
• Threat Actors: Piniy XploitSec
• Victim Country: Oman
• Victim Industry: Retail Industry
• Victim Organization: al bahja group
• Victim Site: albahjagroup.com

69. JavaneseTeam targets the website of the Transparency and Justice Watch NGO

• Category: Defacement
• Content: The group claims to have defaced the organization’s website.
• Date: 2025-11-30T03:12:47Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212375)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/bfe28b0e-d0ec-4fd1-be78-7d5a3c39e797.png
• Threat Actors: JavaneseTeam
• Victim Country: Iran
• Victim Industry: Non-profit & Social Organizations
• Victim Organization: official website of the transparency and justice watch ngo
• Victim Site: daad.ir

70. Pinoy XploitSec targets the website of Xyris Overseas

• Category: Defacement
• Content: The group claims to have defaced the website of Xyris Overseas.
• Date: 2025-11-30T03:01:23Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212373)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c7365a91-fc01-4d84-9e5f-52fb0bafd75b.png
• Threat Actors: Pinoy XploitSec
• Victim Country: India
• Victim Industry: Manufacturing
• Victim Organization: xyris overseas
• Victim Site: xyrisoverseas.com

71. Pinoy XploitSec targets the website of SK Sons Overseas Impex

• Category: Defacement
• Content: The group claims to have defaced the website of SK Sons Overseas Impex.
• Date: 2025-11-30T02:55:25Z
• Network: openweb
• Published URL: (https://defacer.id/mirror/id/212374)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e9f6f00b-4999-4164-b418-6204fe9ac1c7.png
• Threat Actors: Pinoy XploitSec
• Victim Country: India
• Victim Industry: Import & Export
• Victim Organization: sk sons overseas impex
• Victim Site: sksonsoverseasimpex.com

72. Pharaoh’s Team Channel targets the website of ACE College

• Category: Defacement
• Content: The group claims to have defaced the website of ACE College.
• Date: 2025-11-30T02:46:25Z
• Network: telegram
• Published URL: (https://t.me/Pharaohs_n/390)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/342054bb-b60d-4ceb-af85-64acf1be4c1f.png
• Threat Actors: Pharaoh’s Team Channel
• Victim Country: Nigeria
• Victim Industry: Education
• Victim Organization: ace college
• Victim Site: acecollege.ng

73. KAL EGY 319 targets the websites of India

• Category: Defacement
• Content: The group claims to have defaced over 60 Indian website. Mirror link : https://zone-xsec.com/mirror/id/768392
• Date: 2025-11-30T01:23:46Z
• Network: telegram
• Published URL: (https://t.me/KALOSHA319/55)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4af1a517-6c6a-4605-8b84-eb30e3f419bb.png
• Threat Actors: KAL EGY 319
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

74. Alleged data breach of Tradeye International

• Category: Data Breach
• Content: The threat actor claims to be selling a leaked database from tradeye.com containing 22,660 CSV records with full names, phone numbers, emails, addresses, company details, and CRM data.
• Date: 2025-11-30T00:39:11Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-DATABASE-tradeye-com-Leaked-Download)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9818f0a-93c1-4c16-911e-6fd978fc9829.png
• Threat Actors: KaruHunters
• Victim Country: Taiwan
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: tradeye international
• Victim Site: tradeye.com

75. Alleged leak of driver’s licenses

• Category: Data Breach
• Content: The threat actor claims to be selling a package of 25 identity documents, which reportedly include front and back images of driver’s licenses along with matching selfies.
• Date: 2025-11-30T00:20:42Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Document-dl-front-back-selfie-25-pcs)
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/24388e85-391a-4c1b-85fb-8344696b9546.png
• Threat Actors: krasnov
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches, ransomware, and website defacements are prominent, affecting various sectors from e-commerce and education to healthcare and industrial automation. The compromised data ranges from personal user information and credit card details to sensitive government documents.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to various retail shops, industrial control systems, and corporate networks across different geographies.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.