[August-2-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

Alleged Data Leak Involving Trezor Crypto Hardware Wallet
- Category: Data Breach
- Content: The threat actor claims to be selling a database allegedly linked to Trezor crypto hardware wallets. The data is said to be in CSV format and labeled as a full 2025 database.
- Date: 2025-08-02T14:25:54Z
- Network: openweb
- Published URL: https://leakbase.la/threads/trezor-crypto-hardware-wallet.41029
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/ed7e3281-ccf1-4880-9746-b4fb1469b009.PNG
- Threat Actors: Skydreammodz
- Victim Country: Czech Republic
- Victim Industry: Financial Services
- Victim Organization: trezor
- Victim Site: trezor.io
Alleged database sale of Gemini
- Category: Data Breach
- Content: Threat actor claims to be selling full database of Gemini in CSV format.
- Date: 2025-08-02T14:19:33Z
- Network: openweb
- Published URL: https://leakbase.la/threads/gemini-com-full-db-in-csv-format-2025.41028/
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/80a3d769-8a28-441c-9846-eab45a80c01a.png
- Threat Actors: Skydreammodz
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: gemini
- Victim Site: gemini.com
Alleged data sale of Turkish Scholarship
- Category: Data Breach
- Content: The threat actor claims to be selling 4,633 records of data from Turkish Scholarship program. The compromised data include usernames, full names, email addresses, gender, marital status, date of birth, nationality, country and city of birth, ID type and number, disability status, and work experience details.
- Date: 2025-08-02T14:16:32Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-T%C3%BCrkiye-Burslar%C4%B1-GOV
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/7074cac1-942a-494d-a055-f02ac9ef73b0.png
- Threat Actors: fuckoverflow
- Victim Country: Turkey
- Victim Industry: Government & Public Sector
- Victim Organization: turkiye scholarships
- Victim Site: tbbs.turkiyeburslari.gov.tr
Alleged Data Breach of OGUsers Forum
- Category: Data Breach
- Content: The threat actor claims to be sharing data from a 2022 breach of OGUsers, a forum linked to account hijacking and SIM swapping activities. The breach is said to have exposed usernames, email addresses, hashed passwords, and IP addresses. The leaked database allegedly contains 529,000 unique email addresses, and around 515,000 account records
- Date: 2025-08-02T13:56:46Z
- Network: openweb
- Published URL: https://leakbase.la/threads/ogusers-2022-breach.41017
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/7cffe22d-db2a-4ffc-9e50-a407fd9bb1d0.PNG
- Threat Actors: wonder
- Victim Country: Unknown
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: ogusers
- Victim Site: ogusers.com
Kxichixxsec targets the website of Association of Private Colleges of Technology and Vocational Education of Thailand
- Category: Defacement
- Content: The group claims to have defaced the website of Association of Private Colleges of Technology and Vocational Education of Thailand
- Date: 2025-08-02T13:52:02Z
- Network: telegram
- Published URL: https://t.me/mrrrbottt/438
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/d7c07372-1d59-4fac-a6c7-1d026ab355f1.PNG
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: association of private colleges of technology and vocational education of thailand
- Victim Site: pvet.or.th
Alleged admin panel access sale of Guarda Wallet
- Category: Initial Access
- Content: Threat actor claims to be selling admin panel access along with full customer data, wallet activity logs, session management tools, and optional modules like injection scripts and fake recovery pages, all built on a secure Node.js/MongoDB/React stack, intended for high-level actors seeking infrastructure for wallet monitoring, asset tracing, or crypto campaigns, with tiered pricing and secure delivery options including escrow through trusted middlemen.
- Date: 2025-08-02T13:25:19Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/263543/
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/f3f46b63-7387-499f-9e69-fa29276f9aba.png
- Threat Actors: nughtcore
- Victim Country: Portugal
- Victim Industry: Financial Services
- Victim Organization: guarda wallet
- Victim Site: guarda.com
Alleged data leak of Foremost Groups, Ltd.
- Category: Data Breach
- Content: The threat actor claims to have leaked 20GB of data from Foremost Groups, Ltd., which includes extensive legal contracts, confidential agreements, full HR records with salaries and hiring details, financial and banking information such as forecasts, credits, budgets, passport scans, insurance documents, private salary slips, and internal files related to audits, mergers, and company consolidations.
- Date: 2025-08-02T13:12:01Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-ForemostGroups-com-HR-Legal-Bank-Forecasts-Salaries-Audit-1-08-2025
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/56a25d29-c9a5-492a-ad6d-1eead01e57ed.png
  - https://d34iuop8pidsy8.cloudfront.net/564fbe17-12ed-4777-9a50-018a38fd9d7d.png
- Threat Actors: chucky_lucky
- Victim Country: USA
- Victim Industry: Furniture
- Victim Organization: foremost groups, ltd.
- Victim Site: foremostgroups.com
Alleged database sale of Orion Telecom Group
- Category: Data Breach
- Content: The threat actor claims to be selling the full database of Orion Telecom Group, containing approximately 12 million records. The compromised data includes user IDs, names, comments, basic address and passport information, contact details, email addresses, login credentials (including multiple passwords), birthdays, additional comments, address descriptions, and IP-related data.
- Date: 2025-08-02T13:01:03Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-12-Million-Orionet-ru-full-Database
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/1b3e826c-27d0-4fdf-b2ad-335720f6045b.png
- Threat Actors: DigitalGhostt
- Victim Country: Russia
- Victim Industry: Network & Telecommunications
- Victim Organization: orion telecom group
- Victim Site: orionet.ru
Alleged data leak of Ivan Yustiavandana
- Category: Data Leak
- Content: The threat actor claims to have leaked a personal data set of Ivan Yustiavandana. The compromised data contains full name, phone number, date of birth, full home address, national ID number (KTP), gender, and location details from Mekarsari, Cimanggis, Kota Depok, Indonesia.
- Date: 2025-08-02T12:49:15Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DOXING-IVAN-YUSTIAVANDANA
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/b62c7a0e-8eb8-41e2-98ac-8d34fdd551b5.png
- Threat Actors: OHKA21
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged data sale of Turtlemint
- Category: Data Breach
- Content: The threat actor claims to be selling a customer database from Turtlemint. The compromised data includes 1.9 million records from the year 2023, containing sensitive customer information such as policy numbers, proposer names, email addresses, mobile numbers, city names, registration details, and digital partner IDs. NB: It was previously breached by a threat actor named ‘taplonaroda’ on February 29, 2024.
- Date: 2025-08-02T12:06:21Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-India-turtlemint-com-Online-Insurance-Platform-Customers-1-9-Million-2023
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/16504605-9e2a-4372-a27a-570708d7dda2.png
- Threat Actors: fernsby_ethan
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: turtlemint
- Victim Site: turtlemint.com
Alleged Database Leak of Go-Net Systems Ltd
- Category: Data Breach
- Content: The threat actor claims to have leaked data allegedly stolen from Go-Net, an Israeli software company responsible for developing and maintaining the election system for Histadrut, the General Organization of Workers. The breach reportedly occurred in January 2025 and involves an uncompressed 495MB database containing election-related tables and personal data.
- Date: 2025-08-02T11:49:05Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-Isreali-Histadrut-Election-database
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/32f8b13a-2d6a-4ad7-8fd9-ebcbf81353c8.jpg
- Threat Actors: CyberToufan01
- Victim Country: Israel
- Victim Industry: Network & Telecommunications
- Victim Organization: go-net systems ltd
- Victim Site: gonetworks.com
Alleged data sale of Fds Machinery
- Category: Data Breach
- Content: The threat actor claims to be selling a customer database from Fds Machinery, a Greek organization. The compromised data reportedly contains personally identifiable information (PII) such as customer IDs, full names, email addresses, phone numbers, hashed passwords with salts, and newsletter subscription status.
- Date: 2025-08-02T11:33:13Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-Greece-Database-aef-gr
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/a9cea560-5d06-47c6-b053-eeca1b274ac1.png
- Threat Actors: RainbowBF
- Victim Country: Greece
- Victim Industry: Machinery
- Victim Organization: fds machinery
- Victim Site: aef.gr
Alleged data leak of Pacifika Peru
- Category: Data Breach
- Content: The threat actor claims to have leaked a 2.69GB SQL database from Pacifika Peru on 30 June 2023. The alleged dump contains over 20.8 million records, including full names, phone numbers, addresses, and RUC (tax ID) numbers of both customers and suppliers. It also reportedly exposes order history, product SKUs, expiration dates, shipping routes, and internal banking credentials for BCP, BBVA, and Scotiabank accounts.
- Date: 2025-08-02T11:31:55Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-Pacifika-com-pe-Breach-%E2%80%94-Full-LATAM-ERP-Dump
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/26a3b943-fe18-4574-b4dd-1f78c1c92078.png
- Threat Actors: chucky_lucky
- Victim Country: Peru
- Victim Industry: E-commerce & Online Stores
- Victim Organization: pacifika peru
- Victim Site: pacifika.com.pe
Alleged data sale of Fds Machinery Eu
- Category: Data Breach
- Content: The threat actor claims to be selling a customer database from Fds Machinery Eu, a Greek organization. The compromised data reportedly contains personally identifiable information (PII) such as customer IDs, full names, email addresses, phone numbers, hashed passwords with salts, and newsletter subscription status.
- Date: 2025-08-02T11:31:43Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-Greece-Database-aef-gr
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/a9cea560-5d06-47c6-b053-eeca1b274ac1.png
- Threat Actors: RainbowBF
- Victim Country: Greece
- Victim Industry: Machinery
- Victim Organization: fds machinery eu
- Victim Site: aef.gr
Alleged Database Leak of btbet789 Casino
- Category: Data Breach
- Content: The threat actor claims to be in possession of a leaked database from btbet789, a Thai online casino platform. The data originates from the year 2024.
- Date: 2025-08-02T11:31:17Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-btbet789-casino-database-2024
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/186e236f-07ea-4b9f-8a6e-dde5fab4dfcb.jpg
- Threat Actors: StormyDon
- Victim Country: Thailand
- Victim Industry: Gambling & Casinos
- Victim Organization: btbet789 casino
- Victim Site: Unknown
Alleged data leak of Chandigarh Administration – Employment Department
- Category: Data Breach
- Content: The threat actor claims to have leaked a 15.4MB data from the Chandigarh Administration – Employment Department, containing 33,731 records. The compromised data reportedly includes full names, email addresses, phone numbers, residential addresses, along with dates of birth, education history, employment records, salary expectations, and job preferences.
- Date: 2025-08-02T11:06:45Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-chandigarh-gov-in-%E2%80%94-Full-Job-Seeker-DB-Emails-Phones-Salaries-DOBs-33K-Records
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/74e6e74c-27d6-4b18-a35d-a2907b77c02e.png
- Threat Actors: chucky_lucky
- Victim Country: India
- Victim Industry: Government Administration
- Victim Organization: chandigarh administration
- Victim Site: chandigarh.gov.in/employment
Alleged data leak of Government Procurement Administration
- Category: Data Breach
- Content: The threat actor claims to have leaked a 253MB data from Government Procurement Administration, containing over 217,000 records. The dump reportedly includes tender IDs, publication and award dates, contract statuses, and details of government ministries, agencies, contract descriptions, exemption clauses, supplier companies, contract volumes, and execution timelines.
- Date: 2025-08-02T11:06:39Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-https-mr-gov-il-2025-GOV-Tender-Dump-%E2%80%94-Israel-Procurement-DB-Agencies-Contracts
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/0dbc72a6-24fa-4efe-9e04-afc05d79008b.png
- Threat Actors: chucky_lucky
- Victim Country: Israel
- Victim Industry: Government Administration
- Victim Organization: government procurement administration
- Victim Site: mr.gov.il
Alleged data breach of Perspektyva Stock Exchange
- Category: Data Breach
- Content: The group claims to have breached the data of Perspektyva Stock Exchange.
- Date: 2025-08-02T10:56:17Z
- Network: telegram
- Published URL: https://t.me/perunswaroga/392
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/c5a2813a-ea10-48dc-b10d-8fa8a6cf0726.png
- Threat Actors: Perun Svaroga
- Victim Country: Ukraine
- Victim Industry: Financial Services
- Victim Organization: perspektyva stock exchange
- Victim Site: fbp.com.ua
Alleged leak of login access to Altech India
- Category: Initial Access
- Content: The group claims to have gained unauthorized login access belonging to Altech India
- Date: 2025-08-02T10:45:20Z
- Network: telegram
- Published URL: https://t.me/dxp004/10
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/14a69709-0db3-4a84-b8bc-3449ea96b310.PNG
- Threat Actors: DXPLOIT (OFFICIALS)
- Victim Country: India
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: altech india
- Victim Site: altechindia.in
Alleged data sale of Nickelodeon Greece
- Category: Data Breach
- Content: The threat actor claims to be selling a database from Nickelodeon Greece containing over 143,000 records. The exposed data allegedly includes personally identifiable information such as full names, email addresses, phone numbers, locations, and age details.
- Date: 2025-08-02T10:14:57Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-SELLING-Greece-nickelodeon-gr-143-000-Lines-CVS-SQL-Format
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/ad89d636-9109-4c28-b932-bf5c3ebaf6ce.png
  - https://d34iuop8pidsy8.cloudfront.net/b15af539-706b-4106-84a1-24d54e7c98a2.png
- Threat Actors: RainbowBF
- Victim Country: Greece
- Victim Industry: Broadcast Media
- Victim Organization: nickelodeon greece
- Victim Site: nickelodeon.gr
Alleged data leak of Coordinación de Tecnología Educativa
- Category: Data Breach
- Content: The threat actor claims to have leaked a 227MB data from Educational Technology Coordination, part of the Secretariat of Education and Welfare Mexico. The dump reportedly includes over 3.9 million records containing sensitive data such as teacher contact details, student registration information, school inventory logs, and internal communications.
- Date: 2025-08-02T10:12:50Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-cte-seebc-gob-mx-2023-Baja-EDU-Breach-%E2%80%94-Teachers%E2%80%99-Phones-Emails-Student-Reg
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/58f13d55-d0c9-4e9f-8c25-9bf7acf75d1b.png
- Threat Actors: chucky_lucky
- Victim Country: Mexico
- Victim Industry: Government Administration
- Victim Organization: coordinación de tecnología educativa
- Victim Site: cte.seebc.gob.mx
K0LzSec targets the website of Provincial Non-Formal Education Center
- Category: Defacement
- Content: The group claims to have defaced the website of Provincial Non-Formal Education Center.
- Date: 2025-08-02T09:58:14Z
- Network: telegram
- Published URL: https://t.me/KolzStoree/166
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/2238e327-c984-4857-ab6f-25430bcdb764.png
- Threat Actors: K0LzSec
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: provincial non-formal education center
- Victim Site: pet.nfe.go.th
Alleged data sale of Indian Government Issued Documents
- Category: Data Leak
- Content: The threat actor claims to be selling 16,000 Indian Government Issued Documents. The dataset allegedly includes Aadhaar cards, income certificates, domicile certificates, reservation certificates, marksheets, and profile photographs.
- Date: 2025-08-02T09:22:55Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-INDIAN-DOCUMENTS-DUMPED-FOR-SALE-Freshly-Dumped
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/d50dcfe3-96e0-4e20-b432-20d336e01455.png
- Threat Actors: Sebtro
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged data leak of Black Star Wear
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from Black Star Wear, a Russian streetwear brand. The compromised data includes 203,649 user records and 346,331 order entries, containing names, emails, phone numbers, IP addresses, encrypted passwords, and account metadata.
- Date: 2025-08-02T09:22:48Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-BLACK-STAR-WEAR-blackstarwear-ru
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/08e5a552-ec06-4c3d-b95e-9db3e0f49084.png
- Threat Actors: Dr0xKrueger
- Victim Country: Russia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: black star wear
- Victim Site: blackstarwear.ru
Alleged unauthorized access to smart home system GULFSTREAM
- Category: Initial Access
- Content: A threat actor claims to have gained control over the smart home automation system operated by GULFSTREAM in Ukraine. NB: The authenticity of the post is not verified
- Date: 2025-08-02T09:06:41Z
- Network: telegram
- Published URL: https://t.me/c/2600965715/257
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/021bcdd0-7e02-40d3-af7e-70d808995a73.png
- Threat Actors: TwoNet
- Victim Country: Ukraine
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged data breach of KuCoin Exchange
- Category: Data Breach
- Content: A threat actor claims to have breached customer data from KuCoin Exchange, a major South Korean cryptocurrency exchange. The exposed information allegedly includes phone, name, gender, location, email, address and contry
- Date: 2025-08-02T08:59:19Z
- Network: telegram
- Published URL: https://t.me/aqj986/6559
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/018a2080-0c9c-4a3e-96b3-07c09996b15e.png
- Threat Actors: Aiqianjin
- Victim Country: Seychelles
- Victim Industry: Financial Services
- Victim Organization: kucoin exchange
- Victim Site: kucoin.com
Alleged leak of databases from Organizations in the USA, China, India, Spain, Peru, Ghana, and Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked data from multiple organizations operating in the USA, China, India, Spain, Peru, Ghana, and Indonesia. The alleged leak includes domains from sectors such as IT services, education, online platforms, and entertainment, with download links provided for the exposed data.
- Date: 2025-08-02T08:52:49Z
- Network: openweb
- Published URL: https://hydraforums.io/Threads-%F0%9F%92%B0%F0%9F%8E%AFdatabase-free-es-cn-in-usa-etc-community-datavortex-db%F0%9F%8E%AF%F0%9F%92%B0
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/3a09e9a8-4052-4ebb-9e9e-ab79b52c86ab.png
- Threat Actors: DataVortexDB
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: sma negeri 6 malang
- Victim Site: belmed.compumar.website
Alleged Data Leak from Universidad César Vallejo (UCV), Peru
- Category: Data Breach
- Content: The threat actor claims to be leaking internal data from Universidad César Vallejo (UCV), a private educational institution based in Peru. The exposed materials include a document purportedly from the university’s research or administrative office and a personal photograph, allegedly linked to university personnel. The leak suggests unauthorized access to UCV’s internal systems or records.
- Date: 2025-08-02T08:52:30Z
- Network: openweb
- Published URL: https://kittyforums.to/thread/762
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/b987da41-e44b-4b34-af5c-c069715c255d.PNG
  - https://d34iuop8pidsy8.cloudfront.net/4d0dfee1-afbf-4134-b0ad-0d330375462d.PNG
  - https://d34iuop8pidsy8.cloudfront.net/6655e37d-d487-47a4-9732-99f692a1df55.PNG
- Threat Actors: deadman
- Victim Country: Peru
- Victim Industry: Education
- Victim Organization: universidad césar vallejo
- Victim Site: ucv.edu.pe
Alleged Network Access Sale to Dominican Republic-Based Entity
- Category: Initial Access
- Content: The threat actor claims to be selling access to an organization based in the Dominican Republic. The alleged access includes FortiNet VPN and Domain Admin privileges. The entity reportedly has a revenue of $13.65k, indicating it may be a small to mid-sized business or service provider.
- Date: 2025-08-02T08:32:08Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/263537/
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/5e9a312e-3417-4320-9eac-73930bd947a5.PNG
- Threat Actors: p0wershe11
- Victim Country: Dominican Republic
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged Data Leak from EMIAS
- Category: Data Breach
- Content: The threat actor claims to be selling a database allegedly containing approximately 23.7 million lines of data from EMIAS, dated June 10, 2024. The data is shared in text format, with a compressed archive size of 1.6 GB (.7z) and an uncompressed size of around 10 GB.
- Date: 2025-08-02T08:26:34Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/263536/
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/670d13c4-7eca-4757-a0b3-5b7143e7dfcf.PNG
- Threat Actors: Eww
- Victim Country: Russia
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: emias
- Victim Site: emias.info
Alleged Criminal Records Database Leak of U.S. Individuals
- Category: Data Leak
- Content: The threat actor claims to be offering a massive database allegedly containing criminal records of approximately 70 million individuals in the United States. The dataset is said to be from the year 2023 and includes 70,490,161 lines in CSV format. The compressed archive is reportedly 3.6 GB in size (22.6 GB when uncompressed).
- Date: 2025-08-02T08:20:48Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/263533/
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/95aecf44-d2db-4721-ae30-270e5fad6ba0.PNG
- Threat Actors: Eww
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged leak of 102.7 FM Brazilian Radio Station Capital FM data
- Category: Data Breach
- Content: The threat actor claims to have leaked data containing 139,566 records from Rádio Capital 102.7 FM, a Brazilian radio station. The exposed data allegedly includes names, phone numbers, neighborhoods, cities, promotions entered, station details, registration dates, IP addresses, and information on contest winners.
- Date: 2025-08-02T08:12:28Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-CAPTIAL-102-7-FM-BRAZIL-LEAKED-DOWNLOAD
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/092b5a97-5dd4-4e8d-aa50-d51fa760472f.png
- Threat Actors: N1KA
- Victim Country: Brazil
- Victim Industry: Broadcast Media
- Victim Organization: rádio capital 102.7 fm brazil
- Victim Site: radios.com.br
Alleged VNC Access Sale to a US-Based Logistics Firm
- Category: Initial Access
- Content: The threat actor claims to be selling VNC access to a computer used by a logistics company based in the United States. The system is reportedly used for processing, consolidating, and dispatching packages. The access includes visibility into customer data, shipping management tools, and delivery cost information.The compromised machine is said to be running Windows 10 with antivirus programs such as ESET NOD32 or Windows Defender installed
- Date: 2025-08-02T08:08:18Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/263530/?tab=comments#comment-1588117
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/7d1501c7-faf6-4e51-855f-1c5d25454838.PNG
- Threat Actors: powder12
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged database sale of Fersumac
- Category: Data Breach
- Content: The threat actor claims to be selling a database of Fersumac which includes full names, email addresses, hashed passwords, IP registration data, secure keys, and other customer-related fields such as opt-in status, guest status, and newsletter subscription flags.
- Date: 2025-08-02T07:42:24Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-DATABASE-Spain-Database-fersumac-net
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/3ac7367d-3df8-4785-aa15-8744b4cdccf0.png
- Threat Actors: RainbowBF
- Victim Country: Spain
- Victim Industry: Machinery
- Victim Organization: fersumac
- Victim Site: fersumac.net
Alleged data sale of an unidentified USA based Crypto Site
- Category: Data Leak
- Content: The threat actor claims to be selling customers data from an unidentified USA based Crypto Site, allegedly containing 282,000 user records. The leaked dataset reportedly includes names, emails, passwords, geolocation, and cryptocurrency payment-related data, organized separately for targeted buyers.
- Date: 2025-08-02T07:28:45Z
- Network: openweb
- Published URL: https://breachforums.hn/Thread-SELLING-282k-USA-Site-Crypto-customers-as-well
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/5b363144-3410-4372-99ed-499eaf948b86.png
- Threat Actors: Seacoat
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
K0LzSec targets the website of Phonsamran Secondary School
- Category: Defacement
- Content: The group claims to defaced the website of Mathayom Phonsamran School.
- Date: 2025-08-02T07:13:01Z
- Network: telegram
- Published URL: https://t.me/KolzStoree/162
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/19c687b3-a4a-49f8-ae22-fe058fb2e7b0.png
- Threat Actors: K0LzSec
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: phonsamran secondary school
- Victim Site: psr.in.th
Alleged data breach of Thai Airways
- Category: Data Breach
- Content: A threat actor claims to have leaked sensitive Thai Airways passenger data, including first names, dates of birth, mobile numbers, and passport numbers.
- Date: 2025-08-02T06:07:12Z
- Network: telegram
- Published URL: https://t.me/aqj986/6555
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/1f612e64-ba16-4758-bbe9-fc624be5dcd0.jpeg
- Threat Actors: Aiqianjin
- Victim Country: Thailand
- Victim Industry: Airlines & Aviation
- Victim Organization: thai airways
- Victim Site: thaiairways.com
Alleged Data Breach of France Travail Employment Portal
- Category: Data Breach
- Content: The threat actor claims to have breached France Travail’s employment portal, extracting 4.1 million personal records, including names, contact info, and internal system data.
- Date: 2025-08-02T04:19:51Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Portail-Emploi-France-Travail-4-1M
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/8f1f8252-8833-4771-ad1d-2a9cde4af4f4.jpg
- Threat Actors: Viniskem
- Victim Country: France
- Victim Industry: Government Administration
- Victim Organization: france travail
- Victim Site: francetravail.fr
Alleged data breach of Dukcapil Jakarta Timur
- Category: Data Breach
- Content: The threat actor claims to have breached the website of Dukcapil Jakarta Timur, a government platform used to manage population and civil registration data for East Jakarta. The actor alleges access to a total of 539,737 data rows containing personal identity records, household information, and demographic statistics.
- Date: 2025-08-02T04:09:51Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-INDONESIA-539k-DUKCAPIL-Jakarta-Timur
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/c1a04974-59cf-404c-b049-885bbefded76.png
  - https://d34iuop8pidsy8.cloudfront.net/cb4306a8-04dd-41ae-ba88-bcf7b0902cee.png
- Threat Actors: saTaoz
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: dukcapil jakarta timur
- Victim Site: dukcapil.jakarta.go.id
Alleged leak of multiple Indian Cloud Cluster database
- Category: Data Leak
- Content: The threat actor claims to be selling a major data breach of multiple Indian Cloud Cluster. The leak spans 44 active domains tied to Indian cloud infrastructure, including ISPs, government-linked systems, and educational SaaS platforms. It contains 12.3 GB of compressed data, including root access, full website files (/var/www/), MySQL, MongoDB, and Redis database dumps, SSL certificates, private keys, email backups, admin panel and CRM credentials, and internal ISP documentation. Affected subdomains include those of Upcloudglobal, Gotofiber, Vehiscope, Helpingbrother, and others, exposing sensitive systems and potentially compromising a broad section of Indian digital infrastructure.
- Date: 2025-08-02T03:43:14Z
- Network: tor
- Published URL: http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-DATABASE-GIFT-DROP-Indian-Cloud-Cluster-Breach-44-Domains-%E2%80%94-Exfil-Root-Access-ISP-Inf
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/b4c6f70d-9a46-4dd7-9207-7a5094a508e6.png
  - https://d34iuop8pidsy8.cloudfront.net/61d8679e-1e56-4fde-a2a1-4d99e8141ff0.png
  - https://d34iuop8pidsy8.cloudfront.net/f446a9dd-0170-448f-af63-343edf441cb1.png
  - https://d34iuop8pidsy8.cloudfront.net/9640112f-7361-4928-a35a-190c275a1015.png
  - https://d34iuop8pidsy8.cloudfront.net/c3151694-670a-4867-9cf0-46dfdb548545.png
- Threat Actors: ZeroDayX
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged data leak of Moscow’s IT Department
- Category: Data Leak
- Content: Threat actor claims to have breached Moscow’s IT Department database, exposing records of 13 million residents. The compromised data allegedly includes sensitive personal information, with the attacker providing FTP access codes and timestamps as evidence of the breach.
- Date: 2025-08-02T03:32:18Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-13-Million-The-IT-Departement-Of-Moscow-people-s-database-2025
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/4fbbe946-1a03-4f8e-96bb-b90d8ee03b78.png
- Threat Actors: DigitalGhostt
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged unauthorized access to an unidentified organization in USA
- Category: Initial Access
- Content: The threat actor claims to have gained unauthorized access to four critical infrastructure organizations in the United States, including sectors such as oil and gas, water supply and chemical processing, energy and electricity, and various factories and pumping stations
- Date: 2025-08-02T03:16:20Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/770
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/24bcce9e-7bb1-42ef-a4a6-7b1bc8086b8f.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
Liwaa Muhammad defaced the website of Revista
- Category: Defacement
- Content: The threat actor claims to have defaced the website of Revista
- Date: 2025-08-02T02:09:22Z
- Network: telegram
- Published URL: https://t.me/liwaamohammad/645
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/682ff2b5-09eb-48b7-8e54-c9063c274acf.jpg
  - https://d34iuop8pidsy8.cloudfront.net/9289ebb8-e42b-467b-b636-2873c6eacf05.jpg
- Threat Actors: Liwaa Muhammad
- Victim Country: Saudi Arabia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: revista
- Victim Site: revista-sa.com
Alleged data breach of KAN – Israeli Public Broadcasting Corporation
- Category: Data Breach
- Content: The threat actor claims to have leaked 3,244 lines of data allegedly belonging to KAN – the Israeli Public Broadcasting Corporation. According to the actor, the compromised dataset includes personally identifiable information (PII) such as first names, last names, email addresses, street addresses, cities, ZIP codes, and mobile phone numbers.
- Date: 2025-08-02T02:03:16Z
- Network: telegram
- Published URL: https://t.me/ruskinet/175?single
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/16f77ac2-5362-4802-9726-a063dcfc22a4.png
- Threat Actors: RuskiNet
- Victim Country: Israel
- Victim Industry: Broadcast Media
- Victim Organization: kan – israeli public broadcasting corporation
- Victim Site: kan.org.il
Alleged data breach of Centre Régional d’Investissement Marrakech‑Safi
- Category: Data Breach
- Content: The threat actor claims to have allegedly leaked a full 42 GB data archive from the official website of the Regional Investment Center for the Marrakech-Safi region, MarrakechInvest.ma. This Moroccan government-supervised platform is responsible for promoting and facilitating national and foreign investments in the region. The leaked data reportedly includes project and investment information, internal correspondence, and hundreds of documents in various formats such as PDFs (official letters and contracts), Word files (internal reports and memos), and Excel spreadsheets (financial and statistical data).
- Date: 2025-08-02T01:43:43Z
- Network: tor
- Published URL: http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-New-Leak-MarrakechInvest-ma-Regional-Investment-Center-Marrakech-Safi-Complete
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/966799f8-e000-4ef0-851b-e45a4fe597f6.png
- Threat Actors: TNSBlackHydra
- Victim Country: Morocco
- Victim Industry: Government Administration
- Victim Organization: centre régional d’investissement marrakech‑safi
- Victim Site: marrakechinvest.ma
Alleged Data Leak from Multiple Websites in Saudi Arabia
- Category: Data Leak
- Content: The threat actor claims to have obtained data from multiple unidentified websites based in Saudi Arabia.
- Date: 2025-08-02T00:58:09Z
- Network: telegram
- Published URL: https://t.me/c/2492403107/122
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/2e84f8a7-45ef-4232-be58-5cad3727c7f7.png
  - https://d34iuop8pidsy8.cloudfront.net/5ebd278e-88db-4a24-9a0b-87c37f9a73e7.png
- Threat Actors: Yemen Cyber Force
- Victim Country: Saudi Arabia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Alleged data breach of AIRPLHRD
- Category: Data Breach
- Content: The threat actor claims to have breached the website of AiRPLHRD
- Date: 2025-08-02T00:31:57Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-AiRPLHRD-DATA-LEAK
- Screenshots:
  - https://d34iuop8pidsy8.cloudfront.net/d2c77ae5-d739-4b34-a7b7-04c8a1797145.png
- Threat Actors: l33tfg
- Victim Country: India
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: airplhrd
- Victim Site: airplhrd.com

Conclusion

This report compiles verified cybersecurity incidents sourced from openweb and darkweb postings, illustrating a persistent trend in data breaches, unauthorized access sales, and malware/tool distribution. Threat actors continue to target diverse industries globally, with motivations ranging from financial gain to ideological disruption. The documented events emphasize the necessity for organizations to bolster cybersecurity postures, conduct continuous monitoring, and respond swiftly to emerging threats.

Conclusion

Related Posts

[April-22-2025] Daily Cybersecurity Threat Report – Part 1

[June-04-2025] Daily Cybersecurity Threat Report

[July-05-2025] Daily Cybersecurity Threat Report