This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Gazomet falls victim to Mydata/Alphalocker Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data.
- Date: 2025-12-08T23:41:47Z
- Network: tor
- Published URL: http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1-20
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/019c5add-5003-43df-9424-936cec20b8af.png
- https://d34iuop8pidsy8.cloudfront.net/1ad9d640-276e-45d5-b85b-50c945a46dd9.png
- https://d34iuop8pidsy8.cloudfront.net/06130cdf-b02d-4485-b89e-0f587e2f2f6b.png
- https://d34iuop8pidsy8.cloudfront.net/c152390d-5d89-4212-a972-8cad95889738.png
- https://d34iuop8pidsy8.cloudfront.net/9636b766-6b63-4866-91c6-05fe027f6226.png
- Threat Actors: Mydata/Alphalocker
- Victim Country: Poland
- Victim Industry: Manufacturing & Industrial Products
- Victim Organization: gazomet
- Victim Site: gazomet.pl
2. Alleged sale of unauthorized VPN access
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized VPN access.
- Date: 2025-12-08T23:23:45Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271662/
- Screenshots:
- Threat Actors: vicious
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged data leak of Chinese statelitte
- Category: Data Breach
- Content: The group claims to have leaked data of Chinese statelitte.
- Date: 2025-12-08T23:15:48Z
- Network: telegram
- Published URL: https://t.me/topsecretdocumentsleaked/143
- Screenshots:
- Threat Actors: JRINTEL FREE DATA V3
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
4. Alleged data breach of Badr Airlines
- Category: Data Breach
- Content: Threat actor claims to have leaked confidential internal documents belonging to Badr Airlines, a Sudan-based aviation company. The dataset reportedly includes more than 2.2 GB of sensitive material extracted from the airline’s internal servers, covering flight dispatch manuals, operations manuals, safety and security program documents, Boeing 737 procedures, ground handling manuals, minimum equipment lists, and station-specific procedures. The files are described as controlled copies dated June–July 2025, containing operational, technical, and administrative information used across the airline’s domestic and regional flight network.
- Date: 2025-12-08T23:14:19Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271661/
- Screenshots:
- Threat Actors: zestix
- Victim Country: Sudan
- Victim Industry: Airlines & Aviation
- Victim Organization: badr airlines
- Victim Site: badrairlines.com
5. Alleged data leak of Chinese government technology contractor
- Category: Data Breach
- Content: The group claims to have leaked data of Chinese government technology contractor.
- Date: 2025-12-08T23:06:38Z
- Network: telegram
- Published URL: https://t.me/topsecretdocumentsleaked/141
- Screenshots:
- Threat Actors: JRINTEL FREE DATA V3
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
6. Alleged data breach of Ministry of Foreign Affairs of the People’s Republic of China
- Category: Data Breach
- Content: The group claims to have leaked the data of Ministry of Foreign Affairs of the People’s Republic of China.
- Date: 2025-12-08T22:57:08Z
- Network: telegram
- Published URL: https://t.me/topsecretdocumentsleaked/142
- Screenshots:
- Threat Actors: JRINTEL FREE DATA V3
- Victim Country: China
- Victim Industry: Government Administration
- Victim Organization: ministry of foreign affairs of the people’s republic of china
- Victim Site: mfa.gov.cn
7. B2BE falls victim to CHAOS ransomware
- Category: Ransomware
- Content: Group claims to have obtained 300 GB of organization’s data.
- Date: 2025-12-08T22:37:00Z
- Network: tor
- Published URL: http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/Nlnxxj9pYLCbbI7W4B7jLu4OM1Hw22mV/b2be-com
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: UK
- Victim Industry: Information Technology (IT) Services
- Victim Organization: b2be
- Victim Site: b2be.com
8. ThinkMarkets falls victim to CHAOS ransomware
- Category: Ransomware
- Content: Group claims to have obtained 512 GB of organization’s data.
- Date: 2025-12-08T22:34:13Z
- Network: tor
- Published URL: http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/o7lyBRF7S6hv1YzgrUEVri9yAAoVTChg/thinkmarkets-com
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: thinkmarkets
- Victim Site: thinkmarkets.com
9. Alleged Sale of Unauthorized Admin Panel Access to Zion-Global
- Category: Initial Access
- Content: Threat Actor claims to be selling unauthorized admin-panel access to Zion-Global, along with a 9,500+ client database containing last names, first names, emails, and phone numbers.
- Date: 2025-12-08T22:25:13Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271660/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/cfdc3e84-37ec-4e24-97f7-d80f68167c44.png
- https://d34iuop8pidsy8.cloudfront.net/b9c8f332-dcb7-4158-a78e-bb7d95e66965.png
- https://d34iuop8pidsy8.cloudfront.net/04ad63f9-8dd5-4992-9a45-7c9018d2c129.png
- https://d34iuop8pidsy8.cloudfront.net/4355b9b8-c817-4120-912b-3f4ba1ca9375.png
- https://d34iuop8pidsy8.cloudfront.net/f0f9d404-5e8c-47e0-a5ce-88a0074353df.png
- Threat Actors: agnecbogi666
- Victim Country: UK
- Victim Industry: Financial Services
- Victim Organization: zion-global
- Victim Site: zionglobal.online
10. Alleged initial access to the U.S Defense Logistics Agency (DLA)
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the internal system of the U.S. National Logistics Combat Support, operated by the Defense Logistics Agency (DLA), and further suggests attempts to steal email accounts and confidential information.
- Date: 2025-12-08T21:55:03Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/2792
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Military Industry
- Victim Organization: the defense logistics agency (dla)
- Victim Site: dla.mil
11. Alleged Data Breach of Petra Industries
- Category: Data Breach
- Content: Threat Actor claims to have breached the database of Petra Industries in USA, containing more than 800,000 files.
- Date: 2025-12-08T21:45:17Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271659/
- Screenshots:
- Threat Actors: Everestgroup
- Victim Country: USA
- Victim Industry: Consumer Electronics
- Victim Organization: petra industries
- Victim Site: petra.com
12. Alleged Data Breach of Webster Henry
- Category: Data Breach
- Content: Threat Actor claims to have breached the database of Webster Henry, a U.S based law firm, allegedly exposing data belonging to individuals within its lawyer and professional networks.
- Date: 2025-12-08T21:38:49Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271657/
- Screenshots:
- Threat Actors: hense
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: webster henry
- Victim Site: websterhenry.com
13. Sterling Biotech Limited falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data.
- Date: 2025-12-08T20:40:29Z
- Network: tor
- Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6935914588b6823fa25db91d
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: India
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: sterling biotech limited
- Victim Site: sterlingbiotech.in
14. Alleged Sale of Unauthorized Full Access to BlyssBox Castorama Home Control Panel
- Category: Initial Access
- Content: Threat Actor claims to be selling unauthorized full access to BlyssBox Castorama Home Control Panel.
- Date: 2025-12-08T20:37:25Z
- Network: openweb
- Published URL: https://leakbase.la/threads/blyssbox-castorama-panel-house-control-full-acces.46965/
- Screenshots:
- Threat Actors: lskidz
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
15. Alleged unauthorized access to Gualeni automated poultry farm control system in Italy
- Category: Initial Access
- Content: The threat actor claims to has gained full unauthorized access to the Gualeni automated poultry farm control system in Italy. They state that they can control all core functions including feeding cycles, water supply, equipment operations, egg collection, and system settings and have reportedly disabled or altered safety features and warning signals.
- Date: 2025-12-08T20:23:19Z
- Network: telegram
- Published URL: https://t.me/zpentestalliance/816
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Italy
- Victim Industry: Farming
- Victim Organization: Unknown
- Victim Site: Unknown
16. HellR00ters Team targets the website of Government Degree College Telka
- Category: Defacement
- Content: The group claims to have defaced the website of the Government Degree College Telka
- Date: 2025-12-08T20:14:25Z
- Network: telegram
- Published URL: https://t.me/c/2758066065/416
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: India
- Victim Industry: Education
- Victim Organization: government degree college telka
- Victim Site: gdctelka.ac.in
17. The Westin San Diego falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 692 GB of organization data and they intend to publish it within 4-5 days.
- Date: 2025-12-08T20:06:49Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69372264be52b3ea1518a3ff
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Hospitality & Tourism
- Victim Organization: the westin san diego
- Victim Site: sandiegowarroom.com
18. Alleged leak of data from Thailand
- Category: Data Breach
- Content: The group claims to have leaked confidential government emails in Thailand
- Date: 2025-12-08T19:54:10Z
- Network: telegram
- Published URL: https://t.me/h3c4kedzsec_official/153
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
19. Alleged Data Breach of Sarmap SA
- Category: Data Breach
- Content: Threat Actor claims to have breached the database of Sarmap SA, which contains 300GB of data.
- Date: 2025-12-08T19:52:24Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/271654/
- Screenshots:
- Threat Actors: Everestgroup
- Victim Country: Switzerland
- Victim Industry: Aviation & Aerospace
- Victim Organization: sarmap sa
- Victim Site: sarmap.ch
20. jokeir 07x targets the website of PeakWaves Studio
- Category: Defacement
- Content: The group claims to have defaced the website of PeakWaves Studio.
- Date: 2025-12-08T19:48:51Z
- Network: telegram
- Published URL: https://t.me/DarK07xxxxxxx/346
- Screenshots:
- Threat Actors: jokeir 07x
- Victim Country: USA
- Victim Industry: Media Production
- Victim Organization: peakwaves studio
- Victim Site: peakwavestudio.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and ransomware attacks are prominent, affecting various sectors from manufacturing and aviation to healthcare and government, and impacting countries including Poland, China, Sudan, the UK, the USA, and India. The compromised data ranges from personal user information and internal government documents to sensitive medical records and large corporate datasets. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to corporate networks and critical infrastructure. The high volume of website defacements further underscores the widespread nature of these offensive capabilities in the cyber underground.