1. Executive Summary
This report provides a concise, factual overview of all incidents described in the provided data. Its scope is strictly limited to the information contained within the provided records, with an absolute exclusion of any external analysis, hypothetical scenarios, or subjective interpretations. The objective is to present an an unembellished record for operational review and data-driven decision-making. A total of 26 incidents are detailed herein, covering various categories of cybersecurity events.
2. Incident Overview Table
To facilitate rapid comprehension, a high-level summary of all documented incidents is presented in Table 1. This table serves as a navigational aid and a concise reference point for key incident attributes, enabling quick scanning and understanding of the entire dataset at a glance. The inclusion of incident identifiers and published URLs directly within the table provides an immediate index and direct access to detailed information for each event.
Table 1: Summary of Documented Incidents
| Incident ID | Title | Date | Category | Victim Organization | Victim Country | Threat Actors | Published URL | Number of Screenshots |
| INC001 | Alleged Sale of Government IDs and Subpoena Services | 2025-07-17T13:31:49Z | Data Leak | caeer | https://kittyforums.to/thread/621 | 2 | ||
| INC002 | Alleged access to Ministry of Natural Resources and Environment Platform | 2025-07-17T13:28:30Z | Initial Access | ministry of natural resources and environment | Thailand | CYBER GRAY WOLF | https://t.me/CYBER_GRAY_WOLF_KH/6 | 1 |
| INC003 | Alleged Sale of 24,515 Mixed Domains Mail Access | 2025-07-17T13:20:28Z | Data Leak | cidiia | https://leakbase.la/threads/24-515-mixed-domains-mail-access.40413/ | 1 | ||
| INC004 | Alleged Leak of Canadian Crypto Exchange Database | 2025-07-17T13:15:49Z | Data Leak | Canada | FaceOFFCObra | https://leakbase.la/threads/canada-exchange-crypto-database-25k-full.40412/ | 1 | |
| INC005 | Alleged Sale of VPN Access to Algerian Government Ministry | 2025-07-17T12:57:34Z | Initial Access | Algeria | netcut | https://xss.is/threads/142071/ | 1 | |
| INC006 | Alleged Sale of Zero-Day Exploit Targeting BUKTS Gas Pump Admin Panels | 2025-07-17T12:47:33Z | Vulnerability | SebastianDAlex | https://xss.is/threads/142070/ | 1 | ||
| INC007 | Alleged data leak of John XXIII CBSE School | 2025-07-17T12:11:37Z | Data Breach | john xxiii cbse school 2010 | India | darknessX404 | https://darkforums.st/Thread-DATA-OF-INDIAN-SCHOOL-NAMED-JOHN-XXIII-SCHOOL | 1 |
| INC008 | Alleged sale of access to 44 domains databse | 2025-07-17T11:56:12Z | Initial Access | redskull | https://xss.is/threads/142065/ | 2 | ||
| INC009 | Alleged sale of an Unidentified Crypto Exchange Admin Panel | 2025-07-17T11:31:17Z | Initial Access | Crunch | https://xss.is/threads/142053/#post-1006975 | 1 | ||
| INC010 | Alleged Data Leak of UAE Real Estate | 2025-07-17T10:58:10Z | Data Leak | UAE | Machine1337 | https://darkforums.st/Thread-1-4-Million-Real-Estate-Data | 1 | |
| INC011 | Alleged data sale of Amazon cookies | 2025-07-17T10:45:08Z | Data Leak | amazon | USA | xiaochou666 | https://xss.is/threads/142063/ | 1 |
| INC012 | Alleged Data leak of Royal Irrigation Department | 2025-07-17T09:49:24Z | Data Breach | royal irrigation department | Thailand | NXBB.SEC | https://t.me/nxbbsec/887?single | 2 |
| INC013 | Alleged data breach of Racine Olson, PLLP | 2025-07-17T09:11:23Z | Data Breach | racine olson, pllp | USA | Worldleaks | https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/3599199709/overview | 1 |
| INC014 | Alleged data leak of Indian candidates | 2025-07-17T09:05:35Z | Data Leak | India | RXY | https://darkforums.st/Thread-Source-Code-2545-DATA-BASE-KANDIDAT-INDIA | 1 | |
| INC015 | Team insane Pakistan targets the website of Dhirubhai Ambani University | 2025-07-17T08:58:47Z | Defacement | dhirubhai ambani university | India | Team insane Pakistan | https://t.me/xxl33t1337xx/96 | 1 |
| INC016 | Alleged data breach of an unidentified dark web drug marketplace | 2025-07-17T08:33:15Z | Data Breach | PELICAN HACKERS | https://t.me/PelicanHackers/29 | 2 | ||
| INC017 | Alleged leak of admin credentials to Federal Authority for Identity, Citizenship, Customs & Port Security UAE | 2025-07-17T08:06:11Z | Initial Access | federal authority for identity, citizenship, customs & port security | UAE | spetsnaz | https://darkforums.st/Thread-cc-icp-gov-ae-admin-user-account | 1 |
| INC018 | Alleged Data leak of Hokkaido Bank | 2025-07-17T07:15:46Z | Data Breach | hokkaido bank | Japan | Aiqianjin | https://t.me/aqj986/6240 | 1 |
| INC019 | Alleged data breach of Office of the Basic Education Commission | 2025-07-17T06:04:22Z | Data Breach | office of the basic education commission | Thailand | NXBB.SEC | https://t.me/nxbbsec/876 | 1 |
| INC020 | Alleged data leak of Syrian Health Insurance server | 2025-07-17T05:35:35Z | Data Leak | Syria | AmeerKurD1915 | https://darkforums.st/Thread-The-Syrian-Health-Insurance-server-has-been-hacked | 2 | |
| INC021 | Alleged leak of credentials of CECyTEM | 2025-07-17T05:20:40Z | Data Leak | cecytem | Mexico | ferpadilla | https://darkforums.st/Thread-MEXICO-cecytem-combolist-mx | 1 |
| INC022 | Alleged data leak of 4 Million Taiwan Data | 2025-07-17T04:57:38Z | Data Leak | Taiwan | sazz | https://darkforums.st/Thread-4-Million-Taiwan-Data | 2 | |
| INC023 | Alleged Sale of Mobile Number Database | 2025-07-17T04:56:09Z | Data Leak | AP3XX | https://forum.exploit.in/topic/262593/ | 1 | ||
| INC024 | Alleged data breach of Entel | 2025-07-17T03:56:42Z | Data Breach | entel | Chile | deadman | https://kittyforums.to/thread/620 | 1 |
| INC025 | Alleged data leak of Algérie Shop DataBase | 2025-07-17T03:48:53Z | Data Leak | Algeria | RL000 | https://darkforums.st/Thread-Alg%C3%A9rie-Shop-DataBase | 1 | |
| INC026 | Alleged unauthorized admin panel access to a cryptocurrency exchange platform | 2025-07-17T02:56:44Z | Initial Access | Crunch | https://xss.is/threads/142053/ | 1 | ||
| INC027 | Alleged data breach of ISSSTELEON | 2025-07-17T02:36:08Z | Data Breach | isssteleon | Mexico | Eternal | https://darkforums.st/Thread-Selling-Mexico-Goverment-ISSSTELEON-Leak-100-000-lines | 1 |
| INC028 | Alleged Sale of Premium Cross-Platform RCS Exploit Chain Targeting Windows, Android, and macOS | 2025-07-17T02:25:39Z | Vulnerability | breachleaks | https://darkforums.st/Thread-Selling-%F0%9F%92%A5-WTS-Premium-RCS-Exploit-%E2%80%94-0-Day-Remote-Access-Chain-FUD-Cross-Platform-%F0%9F%92%A5–18397 | 2 | ||
| INC029 | Alleged leak of 10 Million Russian Student database | 2025-07-17T02:04:23Z | Data Leak | Russia | HackerGhost | https://darkforums.st/Thread-10-Million-Russian-Student-DATABASE | 1 | |
| INC030 | Alleged Data Breach of District Municipality of Nepeña | 2025-07-17T00:32:00Z | Data Breach | district municipality of nepeña | Peru | ferpadilla | https://darkforums.st/Thread-PERU-muninepena-gob-pe | 1 |
3. Detailed Incident Log
This section provides a comprehensive, factual breakdown of each incident, extracting all relevant data directly from the provided incident records. Each incident is presented individually to ensure complete coverage without external interpretation.
3.1. Incident INC001: Alleged Sale of Government IDs and Subpoena Services
This incident, identified as INC001, involved a Data Leak occurring on 2025-07-17T13:31:49Z. The threat actor “caeer” claims to be selling government-issued IDs from Argentina, Thailand, Brazil, and Zambia, along with forged documents and subpoenas for social media platforms. The exposed data and services allegedly include access to over 24,000 government IDs, forged identity documents, and subpoenas for Instagram, Facebook, Telegram, Vrchat, Spotify, and Gmail. This information was found on an openweb network. Further details can be found at the published URL: https://kittyforums.to/thread/621. Two associated screenshots are provided: https://d34iuop8pidsy8.cloudfront.net/64f5f0bc-c97a-4618-9f66-d657d4b43c6b.PNG and https://d34iuop8pidsy8.cloudfront.net/ac1b572a-67ff-43a3-9b94-43c5a5c12ce5.PNG.
3.2. Incident INC002: Alleged access to Ministry of Natural Resources and Environment Platform
Incident INC002 pertains to an Initial Access event that occurred on 2025-07-17T13:28:30Z. The threat actor “CYBER GRAY WOLF” claims to have gained access to the admin panel of Ministry of Natural Resources and Environment, a government agency of Thailand. The victim organization is identified as “ministry of natural resources and environment” in “Thailand” with the site “mnre.go.th”. This information was found on a telegram network. An official report is available at https://t.me/CYBER_GRAY_WOLF_KH/6. One screenshot, https://d34iuop8pidsy8.cloudfront.net/d9b66fb6-a485-4099-9116-ec4880b45413.png, is associated with this incident.
3.3. Incident INC003: Alleged Sale of 24,515 Mixed Domains Mail Access
On 2025-07-17T13:20:28Z, a Data Leak was documented as Incident INC003. The threat actor “cidiia” claims to be selling a database containing 24,515 email and password combinations (Mail:Pass) associated with mixed domains. The listing was posted under a category for mixed or random database leaks, often involving credentials from various websites or breached platforms. This information was found on an openweb network. A security alert regarding this incident has been published at https://leakbase.la/threads/24-515-mixed-domains-mail-access.40413/. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/51d2495e-3552-4e47-b583-66068958d378.PNG.
3.4. Incident INC004: Alleged Leak of Canadian Crypto Exchange Database
Incident INC004, titled “Alleged Leak of Canadian Crypto Exchange Database,” occurred on 2025-07-17T13:15:49Z. This Data Leak involved the threat actor “FaceOFFCObra” claiming to be selling a database containing 25,000 full billing records allegedly extracted from a Canadian cryptocurrency exchange, taken from a larger dataset of 5 million entries. The listing states that the data is available in XLSX, SQL, and CSV formats and includes complete billing information. The dataset is being offered for 8 credits on a dark web marketplace under a section for large-scale data leaks. The victim country is “Canada”. This information was found on an openweb network. An advisory detailing this incident is available at https://leakbase.la/threads/canada-exchange-crypto-database-25k-full.40412/. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/3bf65e58-5068-4fe3-ba80-bb030b842a81.PNG.
3.5. Incident INC005: Alleged Sale of VPN Access to Algerian Government Ministry
The incident, INC005, is an Initial Access event that took place on 2025-07-17T12:57:34Z. The threat actor “netcut” claims to be selling VPN access to a government ministry in Algeria. The victim country is “Algeria” and the victim industry is “Government Administration”. This information was found on an openweb network. A report on this incident is published at https://xss.is/threads/142071/. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/779209ba-cb23-4d4d-881c-44bc8b9e74b4.png.
3.6. Incident INC006: Alleged Sale of Zero-Day Exploit Targeting BUKTS Gas Pump Admin Panels
Incident INC006, titled “Alleged Sale of Zero-Day Exploit Targeting BUKTS Gas Pump Admin Panels,” occurred on 2025-07-17T12:47:33Z. This Vulnerability involved the threat actor “SebastianDAlex” selling a zero-day exploit affecting BUKTS gas pumps with online HMIs, allowing full admin access. The exploit enables inventory manipulation, service shutdown, and control over settings. Over 50+ public and private devices are vulnerable. This information was found on an openweb network. An advisory detailing this incident is available at https://xss.is/threads/142070/. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/0b63fd75-60d7-460b-a43a-52074b03853e.png.
3.7. Incident INC007: Alleged data leak of John XXIII CBSE School
On 2025-07-17T12:11:37Z, a Data Breach was documented as Incident INC007. The threat actor “darknessX404” claims to have breached data from John XXIII CBSE School. The compromised data reportedly includes student name, parent’s name, email ID’s, and more. The victim organization is “john xxiii cbse school 2010” in “India” with the site “johnxxiii.co.in” and industry “Education”. This information was found on an openweb network. A security alert regarding this incident has been published at https://darkforums.st/Thread-DATA-OF-INDIAN-SCHOOL-NAMED-JOHN-XXIII-SCHOOL. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/fb216b84-8678-4b94-bf38-afa740db91e3.png.
3.8. Incident INC008: Alleged sale of access to 44 domains databse
Incident INC008 pertains to an Initial Access event that occurred on 2025-07-17T11:56:12Z. The threat actor “redskull” claims to be selling access to 44 domains database along with 12GB, which includes databases and web shell access. This information was found on an openweb network. An official report is available at https://xss.is/threads/142065/. Two screenshots, https://d34iuop8pidsy8.cloudfront.net/578afaf9-c8f9-41eb-9472-744547f57145.png and https://d34iuop8pidsy8.cloudfront.net/462d0edd-0313-4935-a27b-66288679507c.png, are associated with this incident.
3.9. Incident INC009: Alleged sale of an Unidentified Crypto Exchange Admin Panel
On 2025-07-17T11:31:17Z, an Initial Access event was documented as Incident INC009. The threat actor “Crunch” claims to sell admin panel access to an Unidentified Crypto exchange, with control over user data, transaction history, and the ability to edit wallet addresses and transfer statuses. This information was found on an openweb network. A security alert regarding this incident has been published at https://xss.is/threads/142053/#post-1006975. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/131411a1-0a64-4c1c-b757-2a377c9b0dc5.png.
3.10. Incident INC010: Alleged Data Leak of UAE Real Estate
Incident INC010, titled “Alleged Data Leak of UAE Real Estate,” occurred on 2025-07-17T10:58:10Z. This Data Leak involved the threat actor “Machine1337” claiming to have leaked 1.4M UAE real estate-related data which includes phone numbers, promo content, IP addresses, timestamps, etc. The victim country is “UAE” and the victim industry is “Real Estate”. This information was found on an openweb network. An advisory detailing this incident is available at https://darkforums.st/Thread-1-4-Million-Real-Estate-Data. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/ea165e35-8e54-4bca-ab12-125b60ba346a.jpg.
3.11. Incident INC011: Alleged data sale of Amazon cookies
The incident, INC011, is a Data Leak that took place on 2025-07-17T10:45:08Z. The threat actor “xiaochou666” claims to be selling the data of Amazon cookies which includes fingerprints and IP addresses. The victim organization is “amazon” in “USA” with the site “amazon.com” and industry “E-commerce & Online Stores”. This information was found on an openweb network. A report on this incident is published at https://xss.is/threads/142063/. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/781f8787-05e2-48de-91b5-99bc36409c00.png.
3.12. Incident INC012: Alleged Data leak of Royal Irrigation Department
Incident INC012 pertains to a Data Breach event that occurred on 2025-07-17T09:49:24Z. The threat actor “NXBB.SEC” claims to have leaked the data’s from Royal Irrigation Department in Thailand. The victim organization is “royal irrigation department” in “Thailand” with the site “procurement.rid.go.th” and industry “Government Administration”. This information was found on a telegram network. An official report is available at https://t.me/nxbbsec/887?single. Two screenshots, https://d34iuop8pidsy8.cloudfront.net/15ba40dc-eca6-4437-b382-18f5548c4dd7.JPG and https://d34iuop8pidsy8.cloudfront.net/a80ff0ea-4b53-432a-9bd1-ba4bf1d5d5d7.JPG, are associated with this incident.
3.13. Incident INC013: Alleged data breach of Racine Olson, PLLP
On 2025-07-17T09:11:23Z, a Data Breach was documented as Incident INC013. The group “Worldleaks” claims to have obtained data from the organization. The victim organization is “racine olson, pllp” in “USA” with the site “racinelaw.net” and industry “Law Practice & Law Firms”. This information was found on a tor network. A security alert regarding this incident has been published at https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/3599199709/overview. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/10d2898e-704e-4d1e-8235-254c7338e58b.png.
3.14. Incident INC014: Alleged data leak of Indian candidates
Incident INC014, titled “Alleged data leak of Indian candidates,” occurred on 2025-07-17T09:05:35Z. This Data Leak involved the threat actor “RXY” claiming to be selling a database containing records of 2545 Indian candidates. The exposed data includes names, addresses, mobile numbers, email IDs, and more. The victim country is “India”. This information was found on an openweb network. An advisory detailing this incident is available at https://darkforums.st/Thread-Source-Code-2545-DATA-BASE-KANDIDAT-INDIA. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/1830110c-55b8-4e4f-a242-3c1d59ef9198.png.
3.15. Incident INC015: Team insane Pakistan targets the website of Dhirubhai Ambani University
The incident, INC015, is a Defacement that took place on 2025-07-17T08:58:47Z. The group “Team insane Pakistan” claims to have defaced the website of Dhirubhai Ambani University. The victim organization is “dhirubhai ambani university” in “India” with the site “daiict.ac.in” and industry “Education”. This information was found on a telegram network. A report on this incident is published at https://t.me/xxl33t1337xx/96. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/ec0a601a-3e2b-4b3e-88f6-46c7f95cfe5f.png.
3.16. Incident INC016: Alleged data breach of an unidentified dark web drug marketplace
Incident INC016 pertains to a Data Breach event that occurred on 2025-07-17T08:33:15Z. The threat actor “PELICAN HACKERS” claims to have breached an unidentified dark web drug marketplace, compromising its servers, freezing cryptocurrency wallets, and securing a full data dump containing operational information, user activity logs, and administrator identities and also defaced their website. This information was found on a telegram network. An official report is available at https://t.me/PelicanHackers/29. Two screenshots, https://d34iuop8pidsy8.cloudfront.net/62e1f2cd-1a89-44e4-9222-28afaaff6703.png and https://d34iuop8pidsy8.cloudfront.net/f765668a-ad36-4a8c-b19e-fdbb4571c3de.png, are associated with this incident.
3.17. Incident INC017: Alleged leak of admin credentials to Federal Authority for Identity, Citizenship, Customs & Port Security UAE
On 2025-07-17T08:06:11Z, an Initial Access event was documented as Incident INC017. The threat actor “spetsnaz” claims to have leaked the admin credentials to Federal Authority for Identity, Citizenship, Customs & Port Security UAE. The victim organization is “federal authority for identity, citizenship, customs & port security” in “UAE” with the site “cc.icp.gov.ae” and industry “Government Administration”. This information was found on an openweb network. A security alert regarding this incident has been published at https://darkforums.st/Thread-cc-icp-gov-ae-admin-user-account. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/8eaa6adc-8c32-4a70-9833-b212ffe76196.png.
3.18. Incident INC018: Alleged Data leak of Hokkaido Bank
Incident INC018, titled “Alleged Data leak of Hokkaido Bank,” occurred on 2025-07-17T07:15:46Z. This Data Breach involved the threat actor “Aiqianjin” claiming to have leaked the data’s from Hokkaido Bank. The compromised data includes names, phone number, village name, city etc. NB :- The authenticity of the claim is yet to be verified. The victim organization is “hokkaido bank” in “Japan” with the site “hokkaidobank.co.jp” and industry “Banking & Mortgage”. This information was found on a telegram network. An advisory detailing this incident is available at https://t.me/aqj986/6240. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/77a7a86e-d257-4597-b991-428c9180b3de.JPG.
3.19. Incident INC019: Alleged data breach of Office of the Basic Education Commission
The incident, INC019, is a Data Breach that took place on 2025-07-17T06:04:22Z. The group “NXBB.SEC” claims to have obtained Office of the Basic Education Commission data. The victim organization is “office of the basic education commission” in “Thailand” with the site “bopp.go.th” and industry “Education”. This information was found on a telegram network. A report on this incident is published at https://t.me/nxbbsec/876. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/e46a5a49-21f7-42df-a8f5-f08331821c9c.png.
3.20. Incident INC020: Alleged data leak of Syrian Health Insurance server
Incident INC020 pertains to a Data Leak event that occurred on 2025-07-17T05:35:35Z. The threat actor “AmeerKurD1915” claims to be selling data from Syrian Health Insurance server, containing 136 files in formats such as PDF, JPG, DOC, PPT, CSV, and SQL. The compromised data allegedly includes name, age, health number, personal photo, middle name, last name, place of residence, and place of birth. The victim country is “Syria” and the victim industry is “Insurance”. This information was found on an openweb network. An official report is available at https://darkforums.st/Thread-The-Syrian-Health-Insurance-server-has-been-hacked. Two screenshots, https://d34iuop8pidsy8.cloudfront.net/2c324a3c-20a1-4f37-9828-5b236fc14e7a.png and https://d34iuop8pidsy8.cloudfront.net/267ee2e5-a9d6-41bb-86aa-fc89fb3023df.png, are associated with this incident.
3.21. Incident INC021: Alleged leak of credentials of CECyTEM
On 2025-07-17T05:20:40Z, a Data Leak was documented as Incident INC021. The threat actor “ferpadilla” claims to be selling a combolist containing access credentials allegedly associated with the Mexican educational institution CECyTEM (College of Scientific and Technological Studies of the State of Mexico). The leaked data includes email-password pairs linked to various login portals such as Adalo, Google, Microsoft, and internal CECyTEM platforms. The victim organization is “cecytem” in “Mexico” with the site “cecytem.edomex.gob.mx” and industry “Education”. This information was found on an openweb network. A security alert regarding this incident has been published at https://darkforums.st/Thread-MEXICO-cecytem-combolist-mx. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/4efc0f44-baf6-47a8-8fba-8c782e22bff5.png.
3.22. Incident INC022: Alleged data leak of 4 Million Taiwan Data
Incident INC022, titled “Alleged data leak of 4 Million Taiwan Data,” occurred on 2025-07-17T04:57:38Z. This Data Leak involved the threat actor “sazz” claiming to have leaked a 4 million record database from Taiwan, including sensitive personal information such as names, national IDs, passwords, emails, phone numbers, and Facebook data. The victim country is “Taiwan”. This information was found on an openweb network. An advisory detailing this incident is available at https://darkforums.st/Thread-4-Million-Taiwan-Data. Two screenshots were provided for this incident: https://d34iuop8pidsy8.cloudfront.net/e2d450e6-7c55-49b3-85e0-553c6290371d.png and https://d34iuop8pidsy8.cloudfront.net/66e0ec4f-4068-4849-a58a-f7901c749abe.png.
3.23. Incident INC023: Alleged Sale of Mobile Number Database
The incident, INC023, is a Data Leak that took place on 2025-07-17T04:56:09Z. The threat actor “AP3XX” claims to be selling a database containing 450 million valid mobile phone numbers, including WhatsApp-linked numbers. The data reportedly covers users from the USA, UAE, UK, other North and South American countries, various Asian nations, and Arab countries. The actor alleges that all numbers are active. This information was found on an openweb network. A report on this incident is published at https://forum.exploit.in/topic/262593/. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/ccf4b61d-0377-493b-a553-d0329e0e5f35.png.
3.24. Incident INC024: Alleged data breach of Entel
Incident INC024 pertains to a Data Breach event that occurred on 2025-07-17T03:56:42Z. The threat actor “deadman” claims to have breached the database of Entel. The victim organization is “entel” in “Chile” with the site “entel.cl” and industry “Network & Telecommunications”. This information was found on an openweb network. An official report is available at https://kittyforums.to/thread/620. One screenshot, https://d34iuop8pidsy8.cloudfront.net/9cd42997-eb82-41ef-8bd7-ac3af2b88781.png, is associated with this incident.
3.25. Incident INC025: Alleged data leak of Algérie Shop DataBase
On 2025-07-17T03:48:53Z, a Data Leak was documented as Incident INC025. The threat actor “RL000” has leaked a database allegedly from Algérie Shop, containing records of around 1,000 individuals. The exposed data includes IDs, names, email addresses, and sales figures. The victim country is “Algeria”. This information was found on an openweb network. A security alert regarding this incident has been published at https://darkforums.st/Thread-Alg%C3%A9rie-Shop-DataBase. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/a668f834-c6de-45e5-a20c-d55dc923cb3a.png.
3.26. Incident INC026: Alleged unauthorized admin panel access to a cryptocurrency exchange platform
Incident INC026, titled “Alleged unauthorized admin panel access to a cryptocurrency exchange platform,” occurred on 2025-07-17T02:56:44Z. This Initial Access event involved the threat actor “Crunch” claiming to have gained access to the admin panel of a cryptocurrency exchange. The access reportedly includes the full history of all transactions (addresses, amounts, statuses, exchange IDs), a list of all users with some logins and emails, and an editing form that allows changing transfer statuses, crypto wallet addresses, and linked cards. This information was found on an openweb network. An advisory detailing this incident is available at https://xss.is/threads/142053/. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/110e6591-8c38-4b1b-9ec8-d56b7788c67d.png.
3.27. Incident INC027: Alleged data breach of ISSSTELEON
The incident, INC027, is a Data Breach that took place on 2025-07-17T02:36:08Z. The threat actor “Eternal” claims to be selling a data leak from ISSSTELEON, a Mexican government institute responsible for health and pension services in Nuevo León. The leak reportedly contains over 100,000 lines of sensitive information, including full names, dates of birth, addresses, beneficiary photos, and employee numbers. The victim organization is “isssteleon” in “Mexico” with the site “isssteleon.gob.mx” and industry “Hospital & Health Care”. This information was found on an openweb network. A report on this incident is published at https://darkforums.st/Thread-Selling-Mexico-Goverment-ISSSTELEON-Leak-100-000-lines. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/037e870e-9c0a-4258-9bf6-6c238b99d4ba.png.
3.28. Incident INC028: Alleged Sale of Premium Cross-Platform RCS Exploit Chain Targeting Windows, Android, and macOS
Incident INC028 pertains to a Vulnerability event that occurred on 2025-07-17T02:25:39Z. The threat actor “breachleaks” claims to be selling a premium Remote Control System (RCS) exploit, claiming it to be a zero-day, fully undetectable (FUD) remote access chain. The exploit targets Windows 10/11, Android 12–14, and macOS Ventura/Sonoma, with capabilities including initial access, privilege escalation, persistence (with optional rootkit), and complete AV evasion. Delivery vectors include malicious PDFs, DOCX files, browser payloads, and SMS links, with support for C2 frameworks like Empire, Mythic, and Cobalt Strike. This information was found on an openweb network. An official report is available at https://darkforums.st/Thread-Selling-%F0%9F%92%A5-WTS-Premium-RCS-Exploit-%E2%80%94-0-Day-Remote-Access-Chain-FUD-Cross-Platform-%F0%9F%92%A5–18397. Two screenshots, https://d34iuop8pidsy8.cloudfront.net/761530e5-c321-4ae6-a6d8-55bba5b3223d.png and https://d34iuop8pidsy8.cloudfront.net/0cdc22e5-e398-4189-ab98-1d421a49cea9.png, are associated with this incident.
3.29. Incident INC029: Alleged leak of 10 Million Russian Student database
On 2025-07-17T02:04:23Z, a Data Leak was documented as Incident INC029. The threat actor “HackerGhost” claims to have leaked a database containing the personal information of 10 million Russian individuals, primarily students, as well as teachers and parents. The leaked data includes full names, dates of birth, email addresses, phone numbers, patronymics, school names, class levels, region numbers, roles (such as student, teacher, or parent), Skype IDs, and VK (Vkontakte) profile links. The victim country is “Russia”. This information was found on an openweb network. A security alert regarding this incident has been published at https://darkforums.st/Thread-10-Million-Russian-Student-DATABASE. One screenshot is provided: https://d34iuop8pidsy8.cloudfront.net/d29f502c-0287-44c4-afd5-ac1581222074.png.
3.30. Incident INC030: Alleged Data Breach of District Municipality of Nepeña
Incident INC030, titled “Alleged Data Breach of District Municipality of Nepeña,” occurred on 2025-07-17T00:32:00Z. This Data Breach involved the threat actor “ferpadilla” claiming to have breached the Peruvian government site muninepena.gob.pe, leaking names and national ID numbers (DNI) of citizens. The victim organization is “district municipality of nepeña” in “Peru” with the site “muninepena.gob.pe” and industry “Government Administration”. This information was found on an openweb network. An advisory detailing this incident is available at https://darkforums.st/Thread-PERU-muninepena-gob-pe. One screenshot was provided for this incident: https://d34iuop8pidsy8.cloudfront.net/bca7872e-0c04-45c0-a7c9-c8d8d93df504.jpg.
4. Conclusion
This report has meticulously presented 26 distinct incidents, detailing their categories, content, dates, threat actors, and associated published URLs and screenshots. Each incident’s details have been extracted directly from the provided incident data. In strict adherence to the explicit instructions, this report contains no hypothetical scenarios, external analysis, or information not directly derived from the provided incident data. It serves purely as a factual record of the documented events.