[July-19-2025] Daily Cybersecurity Threat Report

1. Executive Summary

This report presents a factual account of fourteen distinct operational and security incidents, derived directly from the provided dataset. The objective is to detail each event, including its category, content, date, associated threat actors, and victim information where available. Crucially, each incident includes its published_url for direct reference and all corresponding screenshots for visual documentation. This report strictly adheres to the data provided.

2. Incident Details

This section provides a dedicated entry for each incident, presenting all available data from the source in a clear and structured manner. Each incident is detailed with its title, category, content, date, network, threat actors, victim details (if applicable), the corresponding published_url, and an enumeration of all associated screenshots.

2.1. Alleged data breach of Saint Louis University

• Category: Data Breach
• Content: The threat actor claims to be selling a data from Saint Louis University. The compromised data includes email addresses, full names, usernames, dates, and hashed values that may represent passwords or tokens.
• Date: 2025-07-19T13:44:39Z
• Network: openweb
• Threat Actors: indeep
• Victim Country: USA
• Victim Industry: Education
• Victim Organization: saint louis university
• Victim Site: slu.edu
• Published URL: https://leakbase.la/threads/saint-louis-university-hacked-and-we-leak-data.40481/
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/8397a025-63cf-4ee5-85dd-b15bc17ec59b.png

2.2. CelestialRAT is being promoted

• Category: Malware
• Content: The threat actor claims to be selling CelestialRAT, a revived and enhanced version of the original Celestial project. Features include Hidden VNC, Rootkit-level stealth, persistent access after system resets, plugin support, credential and cookie recovery, Steam token theft, smooth RDP/webcam control, and more.
• Date: 2025-07-19T12:39:51Z
• Network: openweb
• Threat Actors: MORNING STAR
• Published URL: https://xss.is/threads/142177/
• Screenshots:

• https://d34iuop8pidsy8.cloudfront.net/07d60d63-9148-41b2-a878-839018860135.png
• https://d34iuop8pidsy8.cloudfront.net/286c9787-2c69-435c-bee2-1c8143e70be4.png
• https://d34iuop8pidsy8.cloudfront.net/9f7e4a3c-9984-4a36-b623-d7b1c67f3dca.png
• https://d34iuop8pidsy8.cloudfront.net/8e253ac0-f5ee-49eb-a20f-5886065c7fb0.png
• https://d34iuop8pidsy8.cloudfront.net/aa4584f1-caf3-42c2-a9ce-e7034c51ced1.png

2.3. Alleged sale of XWorm V6.3 RAT

• Category: Malware
• Content: The threat actor claims to be selling XWorm V6.3, an upgraded Remote Access Trojan featuring Chromium credential recovery, HVNC bypass, improved obfuscation for evasion, and cleaned plugins. Non-functional components and RCE have been removed.
• Date: 2025-07-19T12:13:05Z
• Network: openweb
• Threat Actors: MORNING STAR
• Published URL: https://xss.is/threads/142175/
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/a6c3e37e-aacb-4f33-bc32-477133020f3a.png

2.4. Allwgwd data leak of The Brink’s Company

• Category: Data Breach
• Content: The threat actor claims to have leaked 40K Brazil’s supplier records of The Brink’s Company, including tax IDs, company names, contact details, economic activity, and full bank account information.
• Date: 2025-07-19T11:04:56Z
• Network: openweb
• Threat Actors: wikkid
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: the brink’s company
• Victim Site: brinksglobal.com
• Published URL: https://darkforums.st/Thread-Selling-BRAZIL-Brinks-supplier-data
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/ed42958c-9850-4279-881c-b7afb885030e.png

2.5. Alleged data sale of Ounass

• Category: Data Breach
• Content: The threat actor claims to be selling 606.404 records of data from Ounass.
• Date: 2025-07-19T10:17:23Z
• Network: openweb
• Threat Actors: NanC
• Victim Country: UAE
• Victim Industry: E-commerce & Online Stores
• Victim Organization: ounass
• Victim Site: ounass.ae
• Published URL: https://darkforums.st/Thread-Selling-ounass-ae-United-Arab-Emirates-Store
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/5799fcd0-318c-46ac-bb4f-87d4f0f29a85.png

2.6. Alleged data leak of Government of Mesuji Regency

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Government of Mesuji Regency.
• Date: 2025-07-19T10:10:38Z
• Network: openweb
• Threat Actors: fkzsecxploit
• Victim Country: Indonesia
• Victim Industry: Government Administration
• Victim Organization: government of mesuji regency
• Victim Site: mesujikab.go.id
• Published URL: https://darkforums.st/Thread-Mesujikab-Web-Subdomain-Database-Gevernment
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/36147eec-89b3-4745-afeb-05e1ec171b17.png

2.7. Alleged data breach of Verizon

• Category: Data Breach
• Content: The threat actor claims to be selling a 5GB data from Verizon. The compromised data includes information such as user id, full names, gender, tax IDs, address, phone numbers, emails, device id, cookie IDs, IP addresses and multiple forms of ID.
• Date: 2025-07-19T10:05:05Z
• Network: openweb
• Threat Actors: PixelPhreak
• Victim Country: USA
• Victim Industry: Network & Telecommunications
• Victim Organization: verizon communications inc.
• Victim Site: verizon.com
• Published URL: https://leakbase.la/threads/verizon-db-2025.40475/
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/9b023c5c-70fd-4ca7-9d76-e53388fd549d.png

2.8. Alleged data breach of Ministerio de Transportes y Comunicaciones del Perú

• Category: Data Breach
• Content: The threat actor claims to have leaked sensitive documents from the Ministerio de Transportes y Comunicaciones del Perú (MTC) of Peru. The leak includes 38,829 Peruvian driver’s licenses, featuring photos, signatures, RENIEC 2025 ID data, and valid electronic signatures. The files are provided in.PDF format, compressed into a 1.6 GB.7z archive, expanding to 7 GB upon extraction.
• Date: 2025-07-19T05:40:14Z
• Network: openweb
• Threat Actors: Gatito_FBI_Nz
• Victim Country: Peru
• Victim Industry: Government Administration
• Victim Organization: ministerio de transportes y comunicaciones del perú
• Victim Site: gob.pe/mtc
• Published URL: https://darkforums.st/Thread-Document-Ministerio-de-Transporte-y-Telecomunicaciones-LEAK
• Screenshots:

• https://d34iuop8pidsy8.cloudfront.net/167f68c0-1e28-462f-91da-25d542fb0958.png
• https://d34iuop8pidsy8.cloudfront.net/a87840bc-5da7-4d91-8306-42a645fdb241.png

2.9. Alleged data breach of Sangeet Natak Akademi

• Category: Data Breach
• Content: Threat actor claims to have breached Sangeet Natak Akademi’s registration portal, exposing personal data including names, birthdates, contact details, and registration records of users.
• Date: 2025-07-19T05:03:50Z
• Network: openweb
• Threat Actors: 0BlixF4ult
• Victim Country: India
• Victim Industry: Performing Arts
• Victim Organization: sangeet natak akademi
• Victim Site: sangeetnatak.panjikaran.in
• Published URL: https://darkforums.st/Thread-Document-sangeetnatak-panjikaran-in
• Screenshots:

• https://d34iuop8pidsy8.cloudfront.net/2fc440a3-94bd-4df9-b1a9-52f6d5080c3b.png
• https://d34iuop8pidsy8.cloudfront.net/4c79c08a-28c3-4c42-942f-5d593bc38a85.png

2.10. Alleged sale of Advanced Data Intelligence Platform tool

• Category: Malware
• Content: The threat actor claims to be selling an Advanced Data Intelligence Platform for Mexico. The tool is capable of extracting, verifying, and analyzing detailed personal and metadata, including full addresses, CURP, RFC, phone numbers, emails, social media profiles, and IP geolocation data. It also features media extraction from Telegram, Instagram, and WhatsApp, as well as phone and IP analysis.
• Date: 2025-07-19T04:44:24Z
• Network: openweb
• Threat Actors: amlo
• Published URL: https://darkforums.st/Thread-Advanced-Data-Intelligence-Platform-for-Mexico–18830
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/1c0c209c-26a8-44f9-a8c6-7f3fddd88844.png

2.11. Alleged data breach of Rheinmetall

• Category: Data Breach
• Content: The threat actor claims to be selling internal technical documents from Rheinmetall Defence, a major German arms manufacturer. The exposed document includes detailed measurement data, engineering specifications, and quality control values (e.g., tolerances, parallelism, rectangularity) for military-grade components, possibly related to armored vehicles or weapons systems. The file appears to be a manufacturing or inspection report containing sensitive information such as serial numbers, part dimensions, and personnel names.
• Date: 2025-07-19T04:29:04Z
• Network: openweb
• Threat Actors: DigitalGhostt
• Victim Country: Germany
• Victim Industry: Defense & Space
• Victim Organization: rheinmetall
• Victim Site: rheinmetall.com
• Published URL: https://darkforums.st/Thread-Document-DOCUMENT-ARMS-MANUFACTURES-COMPANY
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/cc01a5f4-32f0-4908-9040-75373f1ef749.png

2.12. Alleged data breach of North Atlantic Treaty Organization (NATO)

• Category: Data Breach
• Content: The threat actor claims to have leaked 10GB of sensitive NATO documents (2025). The data allegedly includes internal details about NATO’s leadership, structure, and financials.
• Date: 2025-07-19T04:23:47Z
• Network: openweb
• Threat Actors: DigitalGhostt
• Victim Country: Belgium
• Victim Industry: International Affairs
• Victim Organization: north atlantic treaty organization (nato)
• Victim Site: nato.int
• Published URL: https://darkforums.st/Thread-Document-10GB-North-Atlantic-Treaty-Organization-NATO
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/ffa17c9f-596e-4681-9360-1bfd9a1e615c.png

2.13. Alleged Sale of Unauthorized Access to Multiple Servers

• Category: Initial Access
• Content: A threat actor claims to be selling unauthorized access to multiple servers, offering SSH root access to over 70 compromised systems globally. The listing includes a mix of cloud servers, VPS, and dedicated machines. According to the actor, many of the servers are actively running services, with some reportedly using web frameworks such as Django.
• Date: 2025-07-19T02:38:17Z
• Network: openweb
• Threat Actors: litxyz
• Published URL: https://forum.exploit.in/topic/262719/
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/81996008-9a52-4ec7-a262-071a077a4e4e.png

2.14. Alleged sale of SLAYER Leecher v0.3

• Category: Malware
• Content: A threat actor claims to be selling a tool called SLAYER Leecher, which automates advanced keyword searches, data collection, and list generation. The tool reportedly offers features such as customizable search parameters, automated leeching from multiple sources, result filtering, and real-time statistics.
• Date: 2025-07-19T02:26:50Z
• Network: openweb
• Threat Actors: Starip
• Published URL: https://demonforums.net/Thread-SLAYER-Leecher-v0-3
• Screenshots:
• https://d34iuop8pidsy8.cloudfront.net/0dd254dd-b79c-4ccb-b863-bdb5f637e7e6.png

3. Summary of Incidents

This section provides a consolidated tabular overview of all documented incidents, offering a quick reference for key details.

Title	Category	Date	Threat Actors	Victim Organization	Published URL
Alleged data breach of Saint Louis University	Data Breach	2025-07-19T13:44:39Z	indeep	saint louis university	https://leakbase.la/threads/saint-louis-university-hacked-and-we-leak-data.40481/
CelestialRAT is being promoted	Malware	2025-07-19T12:39:51Z	MORNING STAR		https://xss.is/threads/142177/
Alleged sale of XWorm V6.3 RAT	Malware	2025-07-19T12:13:05Z	MORNING STAR		https://xss.is/threads/142175/
Allwgwd data leak of The Brink’s Company	Data Breach	2025-07-19T11:04:56Z	wikkid	the brink’s company	https://darkforums.st/Thread-Selling-BRAZIL-Brinks-supplier-data
Alleged data sale of Ounass	Data Breach	2025-07-19T10:17:23Z	NanC	ounass	https://darkforums.st/Thread-Selling-ounass-ae-United-Arab-Emirates-Store
Alleged data leak of Government of Mesuji Regency	Data Breach	2025-07-19T10:10:38Z	fkzsecxploit	government of mesuji regency	https://darkforums.st/Thread-Mesujikab-Web-Subdomain-Database-Gevernment
Alleged data breach of Verizon	Data Breach	2025-07-19T10:05:05Z	PixelPhreak	verizon communications inc.	https://leakbase.la/threads/verizon-db-2025.40475/
Alleged data breach of Ministerio de Transportes y Comunicaciones del Perú	Data Breach	2025-07-19T05:40:14Z	Gatito_FBI_Nz	ministerio de transportes y comunicaciones del perú	https://darkforums.st/Thread-Document-Ministerio-de-Transporte-y-Telecomunicaciones-LEAK
Alleged data breach of Sangeet Natak Akademi	Data Breach	2025-07-19T05:03:50Z	0BlixF4ult	sangeet natak akademi	https://darkforums.st/Thread-Document-sangeetnatak-panjikaran-in
Alleged sale of Advanced Data Intelligence Platform tool	Malware	2025-07-19T04:44:24Z	amlo		https://darkforums.st/Thread-Advanced-Data-Intelligence-Platform-for-Mexico–18830
Alleged data breach of Rheinmetall	Data Breach	2025-07-19T04:29:04Z	DigitalGhostt	rheinmetall	https://darkforums.st/Thread-Document-DOCUMENT-ARMS-MANUFACTURES-COMPANY
Alleged data breach of North Atlantic Treaty Organization (NATO)	Data Breach	2025-07-19T04:23:47Z	DigitalGhostt	north atlantic treaty organization (nato)	https://darkforums.st/Thread-10GB-North-Atlantic-Treaty-Organization-NATO
Alleged Sale of Unauthorized Access to Multiple Servers	Initial Access	2025-07-19T02:38:17Z	litxyz		https://forum.exploit.in/topic/262719/
Alleged sale of SLAYER Leecher v0.3	Malware	2025-07-19T02:26:50Z	Starip		https://demonforums.net/Thread-SLAYER-Leecher-v0-3

4. Conclusions

This report provides a direct and comprehensive overview of the fourteen incidents documented in the provided JSON data. Each incident has been presented with its specific details, including the category, content, date, involved threat actors, and victim information where available. All published_url links and screenshots have been included as provided in the source data.

The report strictly adheres to the user’s instruction to only use the data from the JSON, avoiding any hypothetical scenarios, interpretations, or external examples. This ensures that the information presented is a precise reflection of the raw data, serving as a factual record of the documented incidents.