[December-3-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. INDRAMAYU CHAOS SYSTEM targets the website of Casino Crest

• Category: Defacement
• Content: The group claims to have defaced the website of Casino Crest.
• Date: 2025-12-03T23:59:38Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/5fc6f8cb-6835-4f9d-a93d-5b55c53fef1b.png
• Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: casino crest
• Victim Site: casinocrest.id

2. INDRAMAYU CHAOS SYSTEM targets the website of Casino Champ

• Category: Defacement
• Content: The group claims to have defaced the website of Casino Champ
• Date: 2025-12-03T23:56:17Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/52e9eeb9-de0f-4877-8ee5-b36c2511d74b.png
• Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: casino champ
• Victim Site: casinochamp.id

3. Alleged sale of Certum EV code-signing certificate

• Category: Malware
• Content: Threat actor claims to be selling an unused Certum EV code-signing certificate for $2,800, a resource often misused to sign malware and enable trusted distribution.
• Date: 2025-12-03T23:20:00Z
• Network: openweb
• Published URL: https://forum.exploit.in/topic/271298/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/976d4570-7f28-415e-9a84-cca9560a8b4e.png
• Threat Actors: Mr.Carrot
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

4. Alleged Data Leak of Australian Identity Documents

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of Australian Identity Documents which contains passports, Medicare cards, and driver licenses.
• Date: 2025-12-03T22:22:08Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271296/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/e80a62dd-5a81-4d81-8554-6ce03437268b.png
• Threat Actors: JOINT_
• Victim Country: Australia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

5. Alleged Data Leak of BIG SHOP IN USA

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of BIG SHOP IN USA, which contains 261 million records with SSNs, 162 million with phone numbers, and more than 3 million with driver’s license information, exposing highly sensitive personal data such as full names, aliases, dates of birth, multiple DOB fields, SSNs, full addresses, city, state, ZIP code, driver’s license details, phone numbers, and additional metadata.
• Date: 2025-12-03T22:14:25Z
• Network: openweb
• Published URL: https://leakbase.la/threads/leaks-big-shop-usa-date-12-03-2025.46786/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/648ea78c-7138-41e7-9564-02f930f54a71.png
• Threat Actors: shinnp
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

6. Alleged Data Breach of SpeedyPaper

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of SpeedyPaper in USA, allegedly exposing 250,000 unique personal records.
• Date: 2025-12-03T22:08:11Z
• Network: openweb
• Published URL: https://leakbase.la/threads/leaks-speedypaper-com.46785/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/47079adf-33cf-4be4-846b-51e929b0fe84.png
• Threat Actors: shinnp
• Victim Country: USA
• Victim Industry: Writing & Editing
• Victim Organization: speedypaper
• Victim Site: speedypaper.com

7. jokeir 07x targets the website of Capital

• Category: Defacement
• Content: The group claims to have defaced the website of capital.
• Date: 2025-12-03T22:06:54Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/319
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9a6f5ba-5027-4302-8740-84862f674f04.png
• Threat Actors: jokeir 07x
• Victim Country: Israel
• Victim Industry: Real Estate
• Victim Organization: capital
• Victim Site: capi-tal.co.il

8. Alleged Data Breach of Dhaka Water Supply and Sewerage Authority in Bangladesh

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of Dhaka Water Supply and Sewerage Authority in Bangladesh, allegedly exposing 300,000 unique personal records.
• Date: 2025-12-03T22:02:00Z
• Network: openweb
• Published URL: https://leakbase.la/threads/leaks-erecruitmentdwasa-org.46784/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ed134ac2-fea6-4e5e-b349-f2e67223de5e.png
• Threat Actors: shinnp
• Victim Country: Bangladesh
• Victim Industry: Government Administration
• Victim Organization: dhaka water supply and sewerage authority
• Victim Site: erecruitmentdwasa.org

9. Alleged Data Leak of Auto Insurance in US

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of Auto Insurance in US.
• Date: 2025-12-03T21:53:02Z
• Network: openweb
• Published URL: https://leakbase.la/threads/usa-auto-insurance-info.46783/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/727e64e4-e576-4ab9-9dc1-ce27291d7de0.png
• Threat Actors: elcanc
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

10. Alleged Sale of 200GB KYC Data From a Large MLM Company

• Category: Data Breach
• Content: Threat Actor claims to be selling 200GB of KYC Data From a Large MLM Company which contains government IDs, passports, PII, U.S. IDs, SSNs, and additional sensitive identity records.
• Date: 2025-12-03T21:34:11Z
• Network: openweb
• Published URL: https://ramp4u.io/threads/selling-access-to-largest-mlm-company-data-s3-bucket-200gb-kyc-data.3673/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4b479562-1fed-4f94-8036-276a3f346a92.png
• Threat Actors: cha0s
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

11. C.C. Johnson & Malhotra, P.C. (CCJM) falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 300 GB of the organization’s confidential data, including customer records and financial data, and intends to publish it within 13 days.
• Date: 2025-12-03T21:24:44Z
• Network: tor
• Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6930a15088b6823fa23ad1dd
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8cd13f75-49fe-4250-990e-4ebdf5d06881.png https://d34iuop8pidsy8.cloudfront.net/9b83948e-1faf-415c-845e-76a0427ceb3e.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Civil Engineering
• Victim Organization: c.c. johnson & malhotra, p.c. (ccjm)
• Victim Site: ccjm.com

12. Alleged Data Breach of 50 Illinois IDES Unemployment Benefit Accounts in USA

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of 50 Illinois IDES Unemployment Benefit Accounts in USA, which contains full identity documents including driver’s license scans, personal details, job information, wage data, bank status, and all required security-question information.
• Date: 2025-12-03T21:09:44Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271243/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/3975c6aa-e9cc-4b93-bbe9-64aa8110a3cd.png
• Threat Actors: TerminatorSMD786
• Victim Country: USA
• Victim Industry: Government Administration
• Victim Organization: illinois department of employment security
• Victim Site: ides.illinois.gov

13. Alleged Sale of Unauthorized Admin Access to a WordPress Wholesale Store in USA

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized full admin access to a WordPress Wholesale Store in USA.
• Date: 2025-12-03T20:56:54Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271289/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b596e76d-6e9d-40f7-a228-e1c84513ae62.png
• Threat Actors: Shopify
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

14. IES Synergy falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 138 GB of the organization’s internal data.
• Date: 2025-12-03T20:56:16Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1f3161b9-2d80-365f-b327-970cb990e5c0
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/083e7c39-ac68-42ef-90f7-fdfc06e6c7f8.png
• Threat Actors: Qilin
• Victim Country: France
• Victim Industry: Electrical & Electronic Manufacturing
• Victim Organization: ies synergy
• Victim Site: ies-synergy.com

15. Alleged Sale of Unauthorized Admin Access to a WordPress Big Store in USA

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized full admin access to a WordPress Big Store in USA.
• Date: 2025-12-03T20:52:43Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271288/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/1191418d-47dc-467d-b8f3-99c417f0f0a5.png
• Threat Actors: Shopify
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

16. Alleged data breach of Planning & Development Department AJ&K

• Category: Data Breach
• Content: The group claims to have leaked data from Planning & Development Department AJ&K. The compromised data reportedly includes sensitive records from healthcare, finance, and industrial sectors.
• Date: 2025-12-03T20:48:11Z
• Network: telegram
• Published URL: https://t.me/Dex4o4/729
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ecd3fd8f-7812-4f11-9ed6-4d15185e8dcf.png
• Threat Actors: Dex4o4
• Victim Country: Pakistan
• Victim Industry: Government Administration
• Victim Organization: planning & development department aj&k
• Victim Site: pndajk.gov.pk

17. Alleged Sale of Unauthorized Admin Access to a WordPress Shop in USA

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized admin access to a WordPress Shop in USA.
• Date: 2025-12-03T20:47:28Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271287/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b663c431-9768-4b83-bfcb-89275d3fddde.png
• Threat Actors: Shopify
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

18. Alleged Data Leak of 100 Credit Card Records in USA

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of 100 Credit Card Records in USA which includes details such as card number, expiration date, CVV, full name, address, state, ZIP code, country, and phone number.
• Date: 2025-12-03T20:22:10Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271285/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2ae071dc-2cd8-4ffa-a15a-43bc627e4bba.png
• Threat Actors: old_pirat
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

19. DeWalch Technologies, Inc. falls victim to Nitrogen Ransomware

• Category: Ransomware
• Content: The group claims to have exfiltrated the organization’s data, including technical documentation, engineering drawings, and production and operational files.
• Date: 2025-12-03T20:20:11Z
• Network: tor
• Published URL: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/69133f6cf96fa5ed51fe6911
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/0ffdceef-6e5c-4a93-a738-c5c861ec576f.png
• Threat Actors: Nitrogen
• Victim Country: USA
• Victim Industry: Manufacturing
• Victim Organization: dewalch technologies, inc.
• Victim Site: dewalch.com

20. Alleged Data Leak of 400 Credit Card Records in Brazil

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of 400 Credit Card Records in Brazil which includes details such as card number, expiration date, CVV, full name, address, state, ZIP code, country, and phone number.
• Date: 2025-12-03T20:17:57Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271284/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b2c9f168-e63c-4e79-9ea7-4249c7e338e6.png
• Threat Actors: old_pirat
• Victim Country: Brazil
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

21. Alleged Data Leak of 100 Credit Card Records in Argentina

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of 100 Credit Card Records in Argentina which includes details such as card number, expiration date, CVV, full name, address, state, ZIP code, country, and phone number.
• Date: 2025-12-03T20:13:08Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271283/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/ba46d9a7-e921-4ee8-b2ae-ddd503eddb84.png
• Threat Actors: old_pirat
• Victim Country: Argentina
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

22. Alleged leak of Vehicle registry data from Mexico

• Category: Data Breach
• Content: The group claims to have leaked of Vehicle registry data from Mexico. The Compromised data reportedly includes name, address, neighborhood, locality, license plate, status.
• Date: 2025-12-03T20:09:34Z
• Network: telegram
• Published URL: https://t.me/c/3211040888/203
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/b2e9266b-6091-441c-aec8-b6a78493d7c1.png https://d34iuop8pidsy8.cloudfront.net/58e30786-db4a-48df-ac5d-e51644e837c0.png
• Threat Actors: Chronus leaks
• Victim Country: Mexico
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from government and retail to healthcare and engineering, and impacting countries including the USA, Indonesia, Australia, Brazil, France, and Pakistan. The compromised data ranges from personal user information, credit card details, and identity documents to sensitive corporate data and internal files. Beyond data compromise, the report also reveals significant activity in ransomware attacks (involving groups like Qilin, Akira, Sinobi, and Nitrogen), website defacements by groups such as INDRAMAYU CHAOS SYSTEM and jokeir 07x, and the sale of initial access to networks and WordPress sites. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and malicious disruptions. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures to defend against a wide array of sophisticated and opportunistic attacks.