[July-21-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged data leak of Syed Abul Hossain University College

  • Threat Actors: fkzsecxploit
  • Victim Country: Bangladesh
  • Victim Industry: Education
  • Victim Organization: syed abul hossain university college
  • Victim Site: sahc.edu.bd

2. Alleged data leak Club Penguin Rewritten

  • Threat Actors: TAO
  • Victim Country: Unknown
  • Victim Industry: Gaming
  • Victim Organization: club penguin rewritten
  • Victim Site: community.cprewritten.net

3. Alleged data sale of Bienestar Human Services

  • Threat Actors: DataVortexDB
  • Victim Country: Mexico
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: bienestar human services
  • Victim Site: bienestar.org

4. Alleged dat sale of Bienestar Human Services

  • Threat Actors: DataVortexDB
  • Victim Country: Mexico
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: bienestar human services
  • Victim Site: bienestar.org

5. Alleged sale of credit card data from UK

  • Threat Actors: Stari4ok
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

6. Alleged admin access sale to Commercial Trust Bridge Bank

  • Threat Actors: R0m4nce
  • Victim Country: Algeria
  • Victim Industry: Banking & Mortgage
  • Victim Organization: commercial trust bridge bank
  • Victim Site: commercialtrustbridge.org

7. Alleged Data Leak of Malindo Air

  • Threat Actors: joe_goldberg
  • Victim Country: Malaysia
  • Victim Industry: Aviation & Aerospace
  • Victim Organization: malindo air
  • Victim Site: malindoair.com

8. Alleged RDWeb Access Sale to Canadian Construction Firm

  • Threat Actors: ProfessorKliq
  • Victim Country: Canada
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

9. Alleged RDWeb Access Sale to Canadian ERP Software Company

  • Threat Actors: ProfessorKliq
  • Victim Country: Canada
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

10. Alleged RDWeb Access Sale to UK Energy and Utilities Company

  • Threat Actors: ProfessorKliq
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

11. Alleged RDWeb Access Sale to UK Civil Engineering Firm

  • Threat Actors: ProfessorKliq
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

12. Alleged leak of Telegram Social Engineering Database

  • Threat Actors: flyme
  • Victim Country: Unknown
  • Victum Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

13. Alleged data breach of Dell Technologies

  • Threat Actors: Worldleaks
  • Victim Country: USA
  • Victim Industry: Computer Hardware
  • Victim Organization: dell technologies
  • Victim Site: dell.com

14. Alleged data leak of BMW Kun Exclusive

  • Category: Data Breach
  • Content: The threat actor claims to have leaked 60GB of data from BMW Kun Exclusive, a BMW dealership in Bengaluru, India. which includes login credentials, API keys, tokens, and access to marketing SMS platforms, WhatsApp business accounts, and internal systems for 19 BMW dealerships across India, potentially allowing full unauthorized system takeover.
  • Date: 2025-07-21T10:38:44Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-BMW-INDIA-DATA-BREACH)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4f2aef96-06ff-43ef-942f-d4dca4a8e55b.png
  • Threat Actors: joe_goldberg
  • Victim Country: India
  • Victim Industry: Automotive
  • Victim Organization: bmw kun exclusive
  • Victim Site: bmw-kunexclusive-bengaluru.in

15. Alleged sale of unauthorized access to a Stock Training site in the US

  • Threat Actors: 0x1
  • Victim Country: USA
  • Victim Industry: Financial Services
  • Victim Organization: Unknown
  • Victim Site: Unknown

16. Alleged sale of unauthorized access to a US Stock Training site

  • Threat Actors: 0x1
  • Victim Country: USA
  • Victim Industry: Financial Services
  • Victim Organization: Unknown
  • Victim Site: Unknown

17. Alleged sale of Chinese User Database

  • Threat Actors: DigitalGhostt
  • Victim Country: China
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

18. Alleged sale of an unidentified German Email Database

  • Threat Actors: erszan
  • Victim Country: Germany
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

19. Alleged data leak of Kramat Jati Police Hospital

  • Threat Actors: saTaoz
  • Victim Country: Indonesia
  • Victim Industry: Hospital & Health Care
  • Victim Organization: kramat jati police hospital
  • Victim Site: rumahsakitpolrikramatjati.co.id

20. Alleged data breach of SADNAT factory

  • Threat Actors: Cyber Isnaad Front
  • Victim Country: Israel
  • Victim Industry: Defense & Space
  • Victim Organization: sadnat factory
  • Victim Site: Unknown

21. Alleged data breach of SADNAT factory

  • Threat Actors: Cyber Isnaad Front
  • Victim Country: Israel
  • Victim Industry: Defense & Space
  • Victim Organization: sadnat factory
  • Victim Site: sadatan.com

22. Alleged sale of Gui SQLMap Pro v2.0 Pentesting tool

  • Threat Actors: Mr_king
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

23. Alleged sale of Gui SQLMap Pro v2.0 Pentesting too

  • Category: Malware
  • Content: The threat actor claims to be selling a custom-developed penetration testing tool named Gui SQLMap Pro v2.0, marketed as a powerful and comprehensive security testing solution for Windows. Designed for ethical hackers, bug bounty hunters, and cybersecurity professionals, the tool allegedly supports automatic detection of vulnerabilities like SQL Injection, XSS, and CSRF, smart crawling for admin panels, port/service scanning, and professional reporting features.
  • Date: 2025-07-21T05:31:31Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Source-Code-%F0%9F%9A%80-The-most-powerful-Pentesting-tool-%F0%9F%92%BB)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/643057e7-4479-4abf-a73a-549648ab1a76.png
  • Threat Actors: Mr_king
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

24. Alleged sale of unauthorized access to Royal Thai Air Force

  • Threat Actors: shine
  • Victim Country: Thailand
  • Victim Industry: Aviation & Aerospace
  • Victim Organization: royal thai air force
  • Victim Site: do.rtaf.mi.th

25. Alleged sale of ShadowFlood DDoS tool

  • Category: Malware
  • Content: The threat actor claims to be selling a custom Layer 7 DDoS tool named ShadowFlood, designed to launch HTTP-based attacks via the Tor network. The tool allegedly initiates 30 concurrent Tor instances, each using a different exit node to maximize traffic distribution and resilience. It also rotates exit nodes if blocked and employs 1,000 randomized user-agent strings to mimic legitimate web traffic, enhancing its ability to bypass common DDoS protections.
  • Date: 2025-07-21T04:01:36Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-ShadowFlood-DDoS-tool-Layer-7-only)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/25842f67-f9c7-4859-bf5c-e4dab5b9a33a.png
  • Threat Actors: l33tfg
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

26. Alleged access to SAGUE system in Madrid

  • Category: Initial Access
  • Content: The group claims access to the SAGUE irrigation system in Madrid, deactivating the main switch and causing a full shutdown. This disrupted irrigation, fertilizer control, and scheduling. Recovery attempts are logged.
  • Date: 2025-07-21T03:19:31Z
  • Network: telegram
  • Published URL:(https://t.me/n2LP_wVf79c2YzM0/699)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/208229b0-d580-45bf-aa43-fd25fce47c9c.jpg
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Spain
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

27. Alleged Sale of Rootkit-Based Exploit Targeting Cocoa Paycard and Kapital Bank

  • Threat Actors: HackHawei0
  • Victim Country: Mexico
  • Victim Industry: Financial Services
  • Victim Organization: cacao paycard
  • Victim Site: cacaopaycard.com

28. Alleged Sale of Rootkit-Based Exploit Targeting Cocoa Paycard and Kapital Bank

  • Category: Vulnerability
  • Content: The threat actor claims to have breached Cocoa Paycard and Autofin’s Kapital Bank, gaining access to their core banking system (T24) and exposing complete customer databases. The attacker reports downloading both front-end and back-end components of the companies’ websites, exploiting weak WAF configurations. A rootkit was allegedly installed as a backdoor on Cocoa’s servers, enabling further unauthorized access.
  • Date: 2025-07-21T03:11:55Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Highly-exploitable-customer-database-with-a-rootkit-to-install-viruses-or-ransomware)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/3d7f5602-b895-47b1-ad95-6dec25219fd8.png
  • Threat Actors: HackHawei0
  • Victim Country: Mexico
  • Victim Industry: Financial Services
  • Victim Organization: cacao paycard
  • Victim Site: cacaopaycard.com

29. Alleged data leak of French Minecraft PVP Faction

  • Threat Actors: minebroker
  • Victim Country: France
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

30. Alleged leak of 2.5TB Israel database

  • Category: Data Leak
  • Content: The threat actor claims to have leaked a massive 2.5TB dataset allegedly from Israeli government and military sources. The database reportedly contains highly sensitive information across various sectors, including Iron Dome missile system data, military strategies, war fund details, presidential documents, and strategic national plans. It also includes civilian records such as education, healthcare, job and population data, school and university personnel files, CCTV footage, Israeli bank card information, and police contacts.
  • Date: 2025-07-21T02:28:27Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Document-2-5TB-ISRAEL-STATE-DATABASE)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e008c587-8283-4d0c-9a14-403d9073ac6c.png
  • Threat Actors: DigitalGhostt
  • Victim Country: Israel
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

31. Alleged leak of unauthorized access to Hat Yai City Municipality

  • Threat Actors: NXBB.SEC
  • Victim Country: Thailand
  • Victim Industry: Government Administration
  • Victim Organization: hat yai city municipality
  • Victim Site: hatyaicity.go.th

32. Alleged 60k France database leak

  • Category: Data Leak
  • Content: The threat claims to have leaked a database containing personal information of 60,000 individuals in France. The exposed data includes first and last names, phone numbers, dates of birth, email addresses, full physical addresses, postal codes, cities, and country
  • Date: 2025-07-21T02:00:40Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Data-Base-60k-in-France-Full-info)
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/8d4fa867-4ff5-443d-914f-ba2e2a34a438.png
  • Threat Actors: icikevin
  • Victim Country: France
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

33. Alleged leak of customer records from a Brazilian casino

  • Threat Actors: DigitalGhostt
  • Victim Country: Brazil
  • Victim Industry: Gambling & Casinos
  • Victim Organization: Unknown
  • Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education and gaming to healthcare and automotive, and impacting countries including Bangladesh, Mexico, Malaysia, India, Indonesia, France, Brazil, and Israel. The compromised data ranges from personal user information and credit card details to sensitive patient records, classified military components, and large customer databases.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to banking systems, corporate networks (including RDWeb access to Canadian and UK firms), and even government and military infrastructure like the Royal Thai Air Force and Madrid’s irrigation system. The sale of malware, including penetration testing tools and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts