[July-23-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.1

Incident Details

This section presents a chronological overview of recent cyber incidents, detailing the nature of each event, the compromised entities, and the associated threat actors. Each entry is presented with its specific attributes.

1. Alleged data sale of Marktel Global Services

  • Threat Actors: lCap0ne
  • Victim Country: Spain
  • Victim Industry: Consumer Services
  • Victim Organization: marktel global services
  • Victim Site: marktel.es

2. Alleged data sale of Spanish Association of Digital Economy (Adigital)

  • Threat Actors: lCap0ne
  • Victim Country: Spain
  • Victim Industry: Marketing, Advertising & Sales
  • Victim Organization: spanish association of digital economy (adigital)
  • Victim Site: listarobinson.es

3. SYLHET GANG-SG targets the website of News TV

  • Threat Actors: SYLHET GANG-SG
  • Victim Country: India
  • Victim Industry: Newspapers & Journalism
  • Victim Organization: news tv
  • Victim Site: dltimes.in

4. SYLHET GANG-SG targets the website of News TV

  • Threat Actors: SYLHET GANG-SG
  • Victim Country: India
  • Victim Industry: Newspapers & Journalism
  • Victim Organization: news tv
  • Victim Site: dltimes.in

5. Alleged sale of a database from multiple countries

  • Threat Actors: LordA7
  • Victim Country: France
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

6. Alleged data leak of AT&T

  • Threat Actors: sheldon
  • Victim Country: USA
  • Victim Industry: Network & Telecommunications
  • Victim Organization: at&t
  • Victim Site: att.com

7. H3C4KEDZ targets the website of Special Training Division 7, Border Patrol Police

  • Threat Actors: H3C4KEDZ
  • Victim Country: Thailand
  • Victim Industry: Government Administration
  • Victim Organization: special training division 7, border patrol police
  • Victim Site: specialtraining7.bpp.police.go.th

8. Alleged data breach of Simplex infrastructures limited

  • Threat Actors: 0xCAFE
  • Victim Country: India
  • Victim Industry: Real Estate
  • Victim Organization: simplex infrastructures ltd
  • Victim Site: simplexinfra.com

9. Alleged sale of a database from multiple countries

  • Threat Actors: LordA7
  • Victim Country: France
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

10. Alleged unauthorized access to Institute of Space Technology, Islamabad

  • Threat Actors: PELICAN HACKERS
  • Victim Country: Pakistan
  • Victim Industry: Higher Education/Acadamia
  • Victim Organization: institute of space technology, islamabad
  • Victim Site: ist.edu.pk

11. Alleged data leak of U.S. citizens’ personal records

  • Threat Actors: sheldon
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

12. Alleged sale of a database from multiple countries

  • Threat Actors: LordA7
  • Victim Country: France
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

13. Alleged sale of 10,000 UK Email Addresses

  • Threat Actors: Anoswantstobatte1
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

14. T3AM BD HYP3R 71 targets the website of arthur.alexgomez.co.uk

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: arthur.alexgomez.co.uk
  • Victim Site: arthur.alexgomez.co.uk

15. Alleged sale of a U.S. high-income individual database

  • Threat Actors: PixelPhreak
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

16. Alleged data breach of Myśliwcy

  • Threat Actors: Perun Svaroga
  • Victim Country: Poland
  • Victim Industry: Civic & Social Organization
  • Victim Organization: myśliwcy – polskie lotnictwo myśliwskie w ii wojnie światowej
  • Victim Site: mysliwcy.pl

17. T3AM BD HYP3R 71 targets the website of H2OPE WATER

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: UK
  • Victim Industry: Food & Beverages
  • Victim Organization: h2ope water
  • Victim Site: newarthur.alexgomez.co.uk

18. Alleged sale of access to an Unknown Colombian Company

  • Threat Actors: d35p3r4d05
  • Victim Country: Colombia
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

19. Alleged sale of admin access to an Unidentified Italy PrestaShop Store

  • Threat Actors: cosmodrome
  • Victim Country: Italy
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

20. Alleged data sale of Tri Indonesia

  • Threat Actors: b0nd
  • Victim Country: Indonesia
  • Victim Industry: Network & Telecommunications
  • Victim Organization: tri indonesia
  • Victim Site: tri.co.id

21. Alleged sale of admin access to an Unidentified European PrestaShop Store

  • Threat Actors: cosmodrome
  • Victim Country: Unknown
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown

22. Alleged data sale of Tri Indonesia

  • Threat Actors: b0nd
  • Victim Country: Indonesia
  • Victim Industry: Network & Telecommunications
  • Victim Organization: tri indonesia
  • Victim Site: tri.co.id

23. Alleged sale of admin access to an unidentified Spanish PrestaShop Store

  • Threat Actors: cosmodrome
  • Victim Country: Spain
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown

24. T3AM BD HYP3R 71 targets the website of CH Auto

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: Switzerland
  • Victim Industry: Transportation & Logistics
  • Victim Organization: ch auto
  • Victim Site: ch-auto.ch

25. T3AM BD HYP3R 71 targets the website of Dynamic Brokerage

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: Brazil
  • Victim Industry: Insurance
  • Victim Organization: dynamic brokerage
  • Victim Site: api.corretoradinamica.com

26. T3AM BD HYP3R 71 targets the website of Dynamic Brokerage

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: Brazil
  • Victim Industry: Insurance
  • Victim Organization: dynamic brokerage
  • Victum Site: api.corretoradinamica.com

27. T3AM BD HYP3R 71 targets the website of Agility Mentors

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: India
  • Victim Industry: Professional Services
  • Victim Organization: agility mentors
  • Victim Site: agilitymentors.com

28. T3AM BD HYP3R 71 targets the website of PropOps

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: Germany
  • Victim Industry: Real Estate
  • Victim Organization: propops
  • Victim Site: propops.bofer-pr2.ru

29. Alleged sale of data from the Thailand travel company

  • Threat Actors: Croco siffredi
  • Victim Country: Thailand
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

30. T3AM BD HYP3R 71 targets the website of PropOps

  • Threat Actors: T3AM BD HYP3R 71
  • Victim Country: Germany
  • Victim Industry: Real Estate
  • Victim Organization: propops
  • Victim Site: propops.bofer-pr2.ru

31. Alleged data breach of French-Property.com

  • Threat Actors: DigitalGhost
  • Victim Country: France
  • Victim Industry: Real Estate
  • Victim Organization: french-property.com
  • Victim Site: french-property.com

32. Alleged data breach of formosa certified public accountant

  • Category: Data Breach
  • Content: The threat actor claims to be selling data allegedly obtained from the Taiwanese website formosa certified public accountant, which appears to be associated with a CPA (Certified Public Accountant) firm. The post includes a physical address in Taipei, Taiwan, and a phone number. The actor states there are 1,120 files available. NB: previously the organization falls victim to Kairos Ransomware on Nov 13 2024
  • Date: 2025-07-23T06:22:52Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-formosacpa-com-tw
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b6f8cb82-e534-4cd6-b714-4a50ac903718.png
  • Threat Actors: andro_jj
  • Victim Country: Taiwan
  • Victim Industry: Accounting
  • Victim Organization: formosa certified public accountant
  • Victim Site: formosacpa.com.tw

33. Alleged unauthorized access to the central communication monitoring system of Paraguay

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to the central communication monitoring system of Paraguay, specifically in the capital city, Asuncion. The breached system allegedly oversees domestic and international telecommunications traffic, including voice communications, internet connections, and data from national providers. The actor asserts access to sensitive components such as VoIP connections, packet flows, IP addresses, Quality of Service (QoS) reports, and content inspection modules. The infrastructure reportedly includes traffic analysis tools and RFC 2544-based testing systems.
  • Date: 2025-07-23T06:14:13Z
  • Network: telegram
  • Published URL: https://t.me/n2LP_wVf79c2YzM0/713
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Paraguay
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

34. Alleged Sale of CrushFTP Zero-Day Exploit

  • Threat Actors: litxyz
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

35. Alleged leak of 150k US personal records

  • Threat Actors: joe_goldberg
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

36. Alleged data leak of World of Neopia, Inc

  • Threat Actors: aurora
  • Victim Country: USA
  • Victim Industry: Gaming
  • Victim Organization: world of neopia, inc
  • Victim Site: neopets.com

37. Alleged sale of CPanel Hunter 1.0 tool

  • Category: Malware
  • Content: The threat actor claims to be selling an open-source Python tool called “CPanel Hunter 1.0” designed to extract CPanel login credentials from logs, including two-factor authentication (2FA) data. Shared on a cybercrime forum, the tool comes with a PyQt6-based graphical interface and operates using the format URL:2083|User_Login|Pass_Log.
  • Date: 2025-07-23T03:20:29Z
  • Network: openweb
  • Published URL: https://xss.is/threads/142393/
  • Screenshots:
  • Threat Actors: drcrypterdotru
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

38. Alleged Sale of FoxC2 Tool

  • Category: Malware
  • Content: The threat actor claims to be selling a powerful DDoS tool called FoxC2-network, designed to launch high-intensity Layer 7 attacks. According to the actor, the tool can generate 30,000 requests per second in a single attack and is capable of bypassing even cloud-based protections. FoxC2-network is advertised as a solution for large-scale attacks against both secured and unsecured websites.
  • Date: 2025-07-23T03:11:34Z
  • Network: telegram
  • Published URL: https://t.me/bl4ck_cyb3r/1259
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/15c6f74d-267e-4359-9437-efbefbddf55f.png
  • Threat Actors: BL4CK CYB3R
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

39. NATIONAL DEFENSIVE CAMBODIA targets the website of New Life Hair

  • Threat Actors: NATIONAL DEFENSIVE CAMBODIA
  • Victim Country: USA
  • Victim Industry: Cosmetics
  • Victim Organization: new life hair
  • Victim Site: newlifehair.com

40. Alleged data breach of Swedish Olympic Committee

  • Threat Actors: d028372
  • Victim Country: Sweden
  • Victim Industry: Sports
  • Victim Organization: swedish olympic committee
  • Victim Site: sok.se

41. Alleged data leak of 80 Million Chinese School Student

  • Threat Actors: DigitalGhostt
  • Victim Country: China
  • Victim Industry: Education
  • Victim Organization: Unknown
  • Victim Site: Unknown

42. Alleged data breach of Sagnik Books

  • Threat Actors: l33tfg
  • Victim Country: India
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: sagnik books
  • Victim Site: kolkatabooks.com

43. Alleged data breach of NAVAL GROUP

  • Category: Data Breach
  • Content: The threat actor claims to leak approximately 1TB of internal data from Naval Group, a major French defense contractor specializing in submarines and naval vessels. The leaked content includes classified CMS source code and deployment guides for submarines and frigates, network data, technical documents (some marked “Restricted distribution” and “Special France”), developer virtual machines with naval simulators, and intercepted internal communications via HCL Notes. A 13GB sample has been shared
  • Date: 2025-07-23T02:12:48Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Selling-FR-Naval-Group-Internal-Data-1TB
  • Screenshots:
  • Threat Actors: Neferpitou
  • Victim Country: France
  • Victim Industry: Defense & Space
  • Victim Organization: naval group
  • Victim Site: naval-group.com

44. Alleged data breach of RE/MAX Portugal

  • Threat Actors: PsyDanteX
  • Victim Country: Portugal
  • Victim Industry: Real Estate
  • Victim Organization: re/max portugal
  • Victim Site: remax.pt

45. Ghost Dz 313 targets the website of Income Tax Department

  • Threat Actors: Ghost Dz 313
  • Victim Country: India
  • Victim Industry: Government Administration
  • Victim Organization: income tax department
  • Victim Site: tnincometax.gov.in

46. Alleged Data Leak of Unidentified Retail Organization in Peru

  • Threat Actors: PrivilegesGenius
  • Victim Country: Peru
  • Victim Industry: Retail Industry
  • Victim Organization: Unknown
  • Victim Site: Unknown

47. Alleged Data Leak of Unidentified Grocery Retail Organization in Peru

  • Threat Actors: PrivilegesGenius
  • Victim Country: Peru
  • Victim Industry: Retail Industry
  • Victim Organization: Unknown
  • Victim Site: Unknown

48. Alleged data breach of Qualitas Auto

  • Category: Data Breach
  • Content: The threat actor claims to be selling a database of 800,000 customers from Qualitas Auto, a Spanish car insurance company. The leaked data allegedly includes sensitive personal and financial information such as full names, email addresses, national ID numbers, phone numbers, postal addresses, banking entities, and partial bank account numbers.
  • Date: 2025-07-23T00:26:46Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Selling-Qualitas-Auto-customers
  • Screenshots:
  • Threat Actors: koala
  • Victim Country: Spain
  • Victim Industry: Insurance
  • Victim Organization: qualitas auto
  • Victim Site: qualitasauto.com

49. Alleged sale of data from an unidentified non-profit private-law foundation based in Switzerland

  • Threat Actors: PrivilegesGenius
  • Victim Country: Switzerland
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: Unknown
  • Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from consumer services and marketing to telecommunications, real estate, and government administration. These incidents impact countries including Spain, India, France, USA, Thailand, Pakistan, UK, Poland, Colombia, Italy, Indonesia, Switzerland, Brazil, Taiwan, Paraguay, Peru, Portugal, and Sweden. The compromised data ranges from personal user information, financial details, and national ID numbers to classified internal data and administrative access credentials. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to various systems, and the proliferation of malicious tools. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the availability of offensive tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.1

Deeper Analysis

A comprehensive review of the reported incidents reveals several overarching trends and critical implications within the contemporary cyber threat landscape.1

All 49 incidents detailed in this report are timestamped on a single day, 2025-07-23, with varying times throughout that day. This uniformity in reporting dates is highly unusual for a random sample of unrelated incidents. This pattern strongly suggests that the data represents a snapshot or a collection of intelligence gathered on this specific date. It is unlikely to reflect a global surge of 49 new and unrelated breaches all occurring on the same day. Instead, this indicates a focused intelligence collection effort by the source, compiling newly observed or re-posted threats from various dark web and Telegram channels within a concentrated 24-hour window. This distinction is crucial for understanding the report’s scope, as it effectively captures the current state of disclosed or advertised cyber threats on that specific day, rather than the actual breach dates of all incidents.1

The report shows a significant number of “Data Breach” and “Data Leak” incidents, accounting for 25 out of 49 incidents. These incidents involve a wide range of sensitive information, from personal records (DNI numbers, full names, contact info, addresses, DOBs, IBANs, SSNs, driver’s licenses, phone numbers, emails) to financial data (IBANs, banking data, partial bank account numbers, last deposit amounts) and even classified internal documents (Naval Group, Thai travel company). The sheer volume of records involved in some breaches (e.g., 1.13M from Marktel, 614K from Adigital, 73M from AT&T, 261M US SSN records, 14.7M high-income individuals, 80M Chinese students, 800K Qualitas Auto customers, 16M Brazilian casino customers) highlights the scale of data exfiltration operations. The repeated appearance of “Alleged sale of a database from multiple countries” by “LordA7” (Incidents 5, 9, 12) suggests a common source or a large, aggregated dataset being sold in parts.1

“Defacement” incidents are also notably frequent, with 12 occurrences, primarily attributed to “T3AM BD HYP3R 71” (Incidents 14, 17, 24, 25, 26, 27, 28, 30) and “SYLHET GANG-SG” (Incidents 3, 4). These attacks, while often less impactful in terms of data loss, serve as a visible form of cyber vandalism or protest, aiming to disrupt operations and damage reputation. The rapid succession of defacement incidents by the same threat actors suggests automated tools or a coordinated campaign targeting multiple websites within a short timeframe.1

“Initial Access” sales represent a critical component of the cybercrime ecosystem, with 9 incidents reported. These range from admin panel access to e-commerce stores (Incidents 19, 21, 23) to full access to an unknown Colombian company (Incident 18) and unauthorized access to government systems (Institute of Space Technology, Islamabad – Incident 10; central communication monitoring system of Paraguay – Incident 33). The sale of such access provides a crucial foothold for subsequent, more damaging attacks like ransomware deployment or large-scale data exfiltration. The “cosmodrome” threat actor appears to specialize in PrestaShop admin access, indicating a focus on e-commerce platforms.1

The report also includes “Malware” sales (Incidents 37, 38) and a “Vulnerability” sale (Incident 34). The availability of tools like “CPanel Hunter 1.0” for credential extraction and “FoxC2-network” for DDoS attacks, along with a zero-day exploit for CrushFTP, indicates a thriving market for offensive cybersecurity capabilities. These tools lower the technical barrier for entry, enabling a wider range of actors to conduct sophisticated attacks, from data theft to service disruption.1

A significant number of incidents (19 out of 49) list “Unknown” for victim industry, organization, or site. This is particularly common for data leaks (e.g., UK Email Addresses, US personal records, Chinese School Student Database, German Email Database, Peru Retail Organization, Swiss Non-profit) and malware sales. This “unknown” status highlights the challenges in attributing and understanding the full scope of many cyber incidents, especially when data is traded generically on underground forums or when the source of the leak is not explicitly identified by the threat actor. This makes it harder for affected entities to be notified or to implement specific defenses.1The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.1

Related Posts