This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged sale of access to Inalan systems
- Category: Initial Access
- Content: The threat actor claims to be selling Linux sudoer user access and a webshell backdoor to systems belonging to Inalan.
- Date: 2025-08-21T14:10:05Z
- Network: telegram
- Published URL: https://t.me/c/2675579639/752
- Screenshots:
- Threat Actors: scattered lapsu$ hunters
- Victim Country: Greece
- Victim Industry: Network & Telecommunications
- Victim Organization: inalan
- Victim Site: inalan.gr
- Alleged sale of access to NETGEAR, Inc
- Category: Initial Access
- Content: The group claims to be selling access to three backdoors and four RCE blind vulnerabilities for the websites of NETGEAR, Inc.
- Date: 2025-08-21T13:53:14Z
- Network: telegram
- Published URL: https://t.me/c/2675579639/749
- Screenshots:
- Threat Actors: scattered lapsu$ hunters
- Victim Country: USA
- Victim Industry: Computer Networking
- Victim Organization: netgear, inc
- Victim Site: netgear.com
- TEAM BD CYBER NINJA targets the website of Directorate of Defence Audit (DDA)
- Category: Defacement
- Content: The group claims to have defaced the website of Directorate of Defence Audit (DDA) Bangladesh. Mirror Link: https://defacer.id/mirror/id/180361
- Date: 2025-08-21T13:50:20Z
- Network: telegram
- Published URL: https://t.me/c/2594876836/124
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: directorate of defence audit (dda)
- Victim Site: defenceaudit.org.bd
- Alleged sale of Australian and International IDs
- Category: Data Leak
- Content: The threat actor claims to be selling a dataset of Australian driver’s licenses, passports, and Medicare cards from New South Wales and other states, as well as IDs and documents from multiple countries, along with verifiable flight tickets.
- Date: 2025-08-21T13:09:53Z
- Network: tor
- Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/142771/
- Screenshots:
- Threat Actors: alves40401
- Victim Country: Australia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Kharazmi International Institute
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Kharazmi International Institute, allegedly exposing a dataset containing detailed personal and institutional information. It includes user IDs, usernames, emails, full names, national ID numbers, institutional affiliations, departments, multiple contact numbers, city and country information, URLs, and legacy communication handles such as ICQ, Skype, AIM, Yahoo, and MSN.
- Date: 2025-08-21T12:44:35Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-kla-ir-data-Breached-Leaked-Download
- Screenshots:
- Threat Actors: N1KA
- Victim Country: Iran
- Victim Industry: Education
- Victim Organization: kharazmi international institute
- Victim Site: kla.ir
- Alleged dale of an unidentified e-Commerce Shop
- Category: Data Leak
- Content: The threat actor claims to be selling an unidentified WordPress-based e-commerce store with active orders, specifically targeting the Asia region.
- Date: 2025-08-21T12:30:10Z
- Network: tor
- Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/142768/
- Screenshots:
- Threat Actors: scally_milan1
- Victim Country: Unknown
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of virtual numbers via SMS-Activate
- Category: Alert
- Content: The threat actor claims to be selling virtual numbers via SMS-Activate. The service supports SMS, call, and voice verification for any type of registration.
- Date: 2025-08-21T11:50:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%94%A5%F0%9F%94%A5Virtual-Numbers-on-SMS-Activate-For-any-needs%F0%9F%94%A5%F0%9F%94%A5–25169
- Screenshots:
- Threat Actors: SmsActivate
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Facebook users Italy
- Category: Data Breach
- Content: The threat actor claims to sell a dataset of 35 million Italian Facebook users containing full names and phone numbers (+39 prefix). Data is exposed in CSV format.
- Date: 2025-08-21T11:33:38Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%94%A5-Facebook-Breach-Italy-%E2%80%94-35M-Users%E2%80%99-Phone-Numbers-Names
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Italy
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: facebook
- Victim Site: facebook.com
- Alleged data leak of Raniganj Girls’ College
- Category: Data Breach
- Content: The threat actor claims to have leaked Raniganj Girls’ College. The leaked data reportedly includes administrative access data, user emails, first and last names, personal addresses, alumni records, and other related files.
- Date: 2025-08-21T11:19:37Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Raniganj-Girls%E2%80%99-College-breached
- Screenshots:
- Threat Actors: holycat
- Victim Country: India
- Victim Industry: Education
- Victim Organization: raniganj girls’ college
- Victim Site: raniganjgirlscollege.com
- Alleged data leak of Samaritan Münsingen
- Category: Data Breach
- Content: The threat actor claims to have leaked Samariterverein Münsingen, in Münsingen, Switzerland which includes customer information, contact details, login credentials, registrations/enrollments, photos, and database metadata.
- Date: 2025-08-21T11:19:29Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-samaritermuensingen-breached
- Screenshots:
- Threat Actors: holycat
- Victim Country: Switzerland
- Victim Industry: Hospital & Health Care
- Victim Organization: samaritan münsingen
- Victim Site: samaritermuensingen.ch
- Alleged data sale of Royal Mail Group
- Category: Data Breach
- Content: The threat actor claims to be selling 144 GB of data from Royal Mail Group (UK), comprising 16,549 files in 229 folders. The leak reportedly includes customer PII, internal business documents, SQL databases, Zoom recordings, marketing lists (Mailchimp), and operational metrics with delivery logs.
- Date: 2025-08-21T10:40:11Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Royal-Mail-Group-Spectos-144GB-Postal-Data-Breach-%E2%80%94-Full-Customer-PII-March-2025
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: UK
- Victim Industry: Transportation & Logistics
- Victim Organization: royal mail group
- Victim Site: royalmailgroup.com
- Alleged data sale of Spectos
- Category: Data Breach
- Content: The threat actor claims to be selling 144 GB of data from Spectos, comprising 16,549 files in 229 folders. The leak reportedly includes customer PII, internal business documents, SQL databases, Zoom recordings, marketing lists (Mailchimp), and operational metrics with delivery logs.
- Date: 2025-08-21T10:40:08Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Royal-Mail-Group-Spectos-144GB-Postal-Data-Breach-%E2%80%94-Full-Customer-PII-March-2025
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Germany
- Victim Industry: Market Research
- Victim Organization: spectos
- Victim Site: spectos.com
- Alleged Sale of Credit Card Data
- Category: Data Leak
- Content: The threat actor claims to be selling a batch of credit card data, allegedly from the United States, with 95% authenticity and guaranteed unused. The data is reportedly formatted as follows: Card Number | Expiry Date | CVV | Name | Address | City | State/Province | Country/Region | Zip Code Mobile Number | Email | User Agent | IP.
- Date: 2025-08-21T10:11:22Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264681/
- Screenshots:
- Threat Actors: kele51881
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Jiangsu Province, China
- Category: Data Breach
- Content: The threat actor claims to be selling 12 million citizens data from Jiangsu Province, China, containing full legal names and national ID numbers.
- Date: 2025-08-21T10:10:38Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-China-Jiangsu-Province-Population-Leak-%E2%80%94-12M-Citizens%E2%80%99-Full-Name-ID-Numbers-2025
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of KazanExpress
- Category: Data Breach
- Content: The threat actor claims to be selling 4.98 GB data from KazanExpress (Magnit Group) exposed on December 26, 2024, containing 22.5 million records of orders and customers. It includes order IDs, barcodes, statuses, and timestamps, full customer names, phones, and emails, detailed delivery addresses (apartments, entrances, intercom codes), and payment information (prepayment, installments).
- Date: 2025-08-21T10:10:31Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%9B%92-KazanExpress-Raid-22M-Magnit-Group-E-Commerce-Breach-%E2%80%94-4-98-GB-CSV-Leak
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Russia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: kazanexpress
- Victim Site: kazanexpress.ru
- Alleged data sale of restore:
- Category: Data Breach
- Content: The threat actor claims to be selling 45.6 GB of data from the database of restore:, covering multiple tables: b_sale_order_props_value (310M+ records), b_user (6M+), b_sale_order (4.4M+), usedesk_tickets (307k+). It includes customer names, emails, phones, delivery addresses, account logins and password hashes, detailed order metadata (products, payment info, loyalty card records), and internal support tickets with personal communications.
- Date: 2025-08-21T10:10:12Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%8D%8F-Apple-Raid-Re-Store-ru-Inventive-Retail-Group-%E2%80%94-45-6-GB-SQL-Breach-2025
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Russia
- Victim Industry: Retail Industry
- Victim Organization: restore:
- Victim Site: re-store.ru
- Alleged Sale of Databases from Casa.io, Theya.us, and Nunchuk.io
- Category: Data Breach
- Content: The threat actor claims to be selling hacked databases from cryptocurrency platforms casa.io, theya.us, and nunchuk.io, containing hundreds of thousands of user records, including emails, passwords, wallet addresses, and other sensitive account information.
- Date: 2025-08-21T09:56:24Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264676/
- Screenshots:
- Threat Actors: MrDark
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: casa.io
- Victim Site: casa.io
- Alleged data sale of Likitoriya
- Category: Data Breach
- Content: The threat actor claims to have leaked Likitoriya customer data, targeting Kazakhstan and EU users. The data contains 39,564 records in an 8.42 MB file, which includes full customer names, phone numbers, emails, postal addresses, order amounts (in KZT and other currencies), and customer comments or payment/delivery notes.
- Date: 2025-08-21T09:33:29Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Pharmacy-Raid-Likitoriya-com-39K-Customer-Orders-Contacts-Dumped-8-4MB-Breach
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Russia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: likitoriya
- Victim Site: likitoriya.com
- Alleged data sale of MyHeritage Ltd.
- Category: Data Breach
- Content: The threat actor claims to be selling a 2.4 GB data of MyHeritage Ltd. which includes 81,620,128 records of plaintext email and password.
- Date: 2025-08-21T09:33:23Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-WORLDWIDE-BREACH-MyHeritage-DNA-Platform-%E2%80%94-81M-Emails-Plaintext-Passwords-2-4GB
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Israel
- Victim Industry: Hospital & Health Care
- Victim Organization: myheritage ltd.
- Victim Site: myheritage.com
- Alleged data leak of Indonesian Nuclear Agency
- Category: Data Leak
- Content: The threat actor claims to have leaked internal files from the Indonesian Nuclear Agency.
- Date: 2025-08-21T08:59:20Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-Indonesian-nuclear-agency-internal-files-leak
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Indonesia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged access sale to the FORTI system of Submersible Motor Engineering Pty Ltd
- Category: Initial Access
- Content: The threat actor claims to be selling access to the FORTI system of Submersible Motor Engineering Pty Ltd (Australia). The sale reportedly includes access to 11 PCs on the domain, with AB-blue Sophos protection enabled.
- Date: 2025-08-21T08:59:11Z
- Network: openweb
- Published URL: https://forum.duty-free.cc/threads/982/
- Screenshots:
- Threat Actors: Try
- Victim Country: Australia
- Victim Industry: Machinery Manufacturing
- Victim Organization: submersible motor engineering pty ltd
- Victim Site: smeng.com.au
- Alleged leak of Philippines army manuals
- Category: Data Leak
- Content: The threat actor claims to have leaked the army manuals of Philippines.
- Date: 2025-08-21T08:58:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-Philippines-army-manuals-documents
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Philippines
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Hider_Nex claims to target Saudi arabia
- Category: Alert
- Content: A recent post by the group indicated that they are targeting Saudi Arabia.
- Date: 2025-08-21T08:36:46Z
- Network: telegram
- Published URL: https://t.me/Hider_Nex/27
- Screenshots:
- Threat Actors: Hider_Nex
- Victim Country: Saudi Arabia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Government of Aceh Singkil Regency
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing 512 records of recipients of the PPKS from Government of Aceh Singkil Regency. The dataset reportedly includes sensitive personal and financial information such as child names, NIK, family card numbers, gender, birth details, names of parents and guardians, addresses (KTP and current), guardian NIKs, and disbursement records for each month including bank names, account numbers, and branches.
- Date: 2025-08-21T08:34:56Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATA-ON-RECIPIENTS-OF-PPKS-ASSISTANCE-FOR-ABANDONED-CHILDREN-IN-ACEH-512-DATA
- Screenshots:
- Threat Actors: RXY
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: government of aceh singkil regency
- Victim Site: acehsingkilkab.go.id
- TEAM BD CYBER NINJA targets the website of Jyoti Eye Hospital
- Category: Defacement
- Content: The group claims to have defaced the website of Jyoti Eye Hospital
- Date: 2025-08-21T08:12:37Z
- Network: telegram
- Published URL: https://t.me/c/2594876836/122
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: India
- Victim Industry: Hospital & Health Care
- Victim Organization: jyoti eye hospital
- Victim Site: jyoteyehospital.co.in
- Alleged data leak of Laser Direct
- Category: Data Leak
- Content: The threat actor claims to have leaked the database of Laser Direct, a karaoke and music superstore. The data reportedly includes customer incentive details, such as a reward for every ten karaoke disc purchases (excluding sale items or club packs).
- Date: 2025-08-21T07:51:15Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Dump-DATA-LASER-DIRECT-BY-TERRORISM666
- Screenshots:
- Threat Actors: TERRORISM666
- Victim Country: New Zealand
- Victim Industry: Music
- Victim Organization: laser direct
- Victim Site: laserdirect.co.nz
- Alleged data breach of Tokopedia
- Category: Data Breach
- Content: The group claims to have 33M leaked data from Tokopedia. The compromised data includes name of customers, sales orders, purchases order, expenses, period, and employee details.
- Date: 2025-08-21T07:42:51Z
- Network: telegram
- Published URL: https://t.me/c/2675579639/736
- Screenshots:
- Threat Actors: scattered lapsu$ hunters
- Victim Country: Indonesia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: tokopedia
- Victim Site: tokopedia.com
- Alleged sale of access to an unidentified international company in USA
- Category: Initial Access
- Content: A threat actor is auctioning unauthorized access to PAN-OS firewall panels of a well-known international company and others. The access allows full network control, VPN setup, and policy changes.
- Date: 2025-08-21T06:24:05Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264663/
- Screenshots:
- Threat Actors: kotovskiy888
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of crypto databases
- Category: Data Leak
- Content: The threat actor claims to be selling multiple crypto databases.
- Date: 2025-08-21T06:02:09Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Crypto-Databases-Collection
- Screenshots:
- Threat Actors: david20
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of JAPAY (Junta de Agua Potable y Alcantarillado de Yucatan)
- Category: Data Breach
- Content: The threat actor claims to be selling the data of JAPAY (Junta de Agua Potable y Alcantarillado de Yucatan) in Mexico. The compromised data includes full name or company name, tax information, physical address, cadastral address, meter number, consumption data, billing data.
- Date: 2025-08-21T04:47:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-MEXICO-WATER-SERVICES-JAPAY-YUCATAN-400-000-LINES
- Screenshots:
- Threat Actors: Eternal
- Victim Country: Mexico
- Victim Industry: Energy & Utilities
- Victim Organization: japay (junta de agua potable y alcantarillado de yucatan)
- Victim Site: japay.yucatan.gob.mx
- Alleged data breach of jassume.com
- Category: Data Breach
- Content: The threat actor claims to be selling user data allegedly stolen from Jassume, a French-language webcam and video chat platform. The leaked database reportedly includes sensitive user information such as usernames, email addresses, dates of birth, and plaintext passwords. The breach is believed to have impacted over 790,000 users, and the data was allegedly exposed in May 2020.
- Date: 2025-08-21T04:34:32Z
- Network: openweb
- Published URL: https://leakbase.la/threads/192704_jassume-com-fr-csv.41708/
- Screenshots:
- Threat Actors: Mamadou88
- Victim Country: France
- Victim Industry: Entertainment & Movie Production
- Victim Organization: jassume.com
- Victim Site: jassume.com
- Alleged data breach of multiple cryptocurrency platforms
- Category: Data Breach
- Content: The threat actor claims to be selling databases from three cryptocurrency platforms Casa.io, Theya.us, and Nunchuk.io. The leaked data allegedly includes hundreds of thousands of records containing user IDs, emails, phone numbers, passwords, wallet details, registration dates, and referral codes.
- Date: 2025-08-21T04:30:02Z
- Network: tor
- Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/142762/
- Screenshots:
- Threat Actors: MrDark
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: casa inc.
- Victim Site: casa.io
- Alleged sale of RDWeb access to an unidentified software company in USA
- Category: Initial Access
- Content: The threat actor is offering restricted RDWeb access to a U.S.-based software company with $84 million in annual revenue.
- Date: 2025-08-21T04:14:04Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264657/
- Screenshots:
- Threat Actors: gadji
- Victim Country: USA
- Victim Industry: Software
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Viesgo Distribución
- Category: Data Breach
- Content: The threat actor claims to be selling customer data allegedly stolen from Viesgo, an electricity distribution company based in Spain. The leaked database reportedly includes sensitive personal and financial details such as full names, dates of birth, national ID numbers, phone numbers, physical addresses, cities, provinces, postal codes, IBANs, and associated bank entities.
- Date: 2025-08-21T03:39:15Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-SPAIN-viesgo-Customers
- Screenshots:
- Threat Actors: scripts
- Victim Country: Spain
- Victim Industry: Energy & Utilities
- Victim Organization: viesgo distribuciòn
- Victim Site: viesgo.com
- Alleged data breach of Casa Inc.
- Category: Data Breach
- Content: The threat actor claims to be selling a database from Casa.io.
- Date: 2025-08-21T02:43:02Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Casa-io-Crypto-Database
- Screenshots:
- Threat Actors: david20
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: casa inc.
- Victim Site: casa.io
- Z-ALLIANCE targets the website of Fabio Sweet Creations
- Category: Defacement
- Content: The group claims to have defaced the website of Fabio Sweet Creations.
- Date: 2025-08-21T02:15:39Z
- Network: telegram
- Published URL: https://t.me/Z_alliance_ru/979
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Italy
- Victim Industry: Food & Beverages
- Victim Organization: fabio sweet creations
- Victim Site: fabiosweetcreations.it
- Alleged data leak of 500M Instagram Database
- Category: Data Leak
- Content: A threat actor claims to have collected and is selling a database of over 500 million Instagram accounts obtained via the Graph API. They are offering a free sample of 2 million accounts, which includes data such as usernames, full names, emails, locations, phone numbers, dates of birth, and account creation and scrape dates.
- Date: 2025-08-21T00:48:42Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-500M-Instagram-Database
- Screenshots:
- Threat Actors: tomy
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Deloros-MSK
- Category: Data Breach
- Content: A threat actor claims to have leaked over 10GB of data from Deloros-MSK, a Moscow-based business association. The leak allegedly contains plaintext passwords, emails, and personal details of over 500,000 users, including managers and officials. It also includes database credentials, valid access tokens, and Adminer login details, with files in TXT, SQL, and dump formats.
- Date: 2025-08-21T00:36:35Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Russia-%E2%80%93-Deloros-MSK-Moscow-Business-Association-10GB-Leak-Plaintext-Passwords
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Russia
- Victim Industry: Professional Services
- Victim Organization: deloros-msk
- Victim Site: deloros-msk.ru
- Alleged data breach of Zonatelecom
- Category: Data Breach
- Content: The threat actor claims to be selling a leaked 25GB SQL database from Zonatelecom JSC, the official IT provider for Russian penitentiary communication systems, allegedly exposing orders, payments, subscriptions, and internal CRM data. The dump reportedly contains full names, emails, phone numbers, payment details, transaction records, user identifiers, employee conversations, incident logs, penitentiary locations, financial discussions, and partner communications.
- Date: 2025-08-21T00:27:39Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Russia-%E2%80%93-Zonatelecom-Prison-CRM-Data-Breach-25GB-SQL-Dump-Orders-Payments
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Russia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: zonatelecom
- Victim Site: zt.ru
- Alleged data leak of Brazilian credit card database
- Category: Data Leak
- Content: A threat actor claims to be auctioning a Brazilian credit card (CC) database containing 142 full card records, described as new and obtained via sniffer. The data is in .txt format and includes sensitive fields such as card number, expiration, CVV, holder name, email, CPF (Brazilian SSN), phone, and full address details.
- Date: 2025-08-21T00:26:28Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264656/
- Screenshots:
- Threat Actors: ikki
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Global Email Database
- Category: Data Leak
- Content: A threat actor claims to have leaked a massive 3.3 billion global email database, totaling 69.8GB in raw TXT format. The data, allegedly compiled from multiple sources, includes email addresses from major providers like Gmail, Yahoo, and Hotmail.
- Date: 2025-08-21T00:16:07Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-CRITICAL-Data-Leak-3-3-Bilion-Global-Email-List-2025-%E2%80%94-69-8GB-Exposed
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of an unidentified investment platform in Japan
- Category: Data Leak
- Content: The threat actor claims to be selling a leaked database from an undisclosed Japanese investment platform, allegedly exposing 420,000 user records containing full names, phone numbers, email addresses, gender details, and business/financial information.
- Date: 2025-08-21T00:13:34Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Japanese-Investment-Platform-Data-Breach-2025-%E2%80%94-420-000-Users-Exposed
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Japan
- Victim Industry: Investment Management, Hedge Fund & Private Equity
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of
- Category: Data Leak
- Content: A threat actor claims to have leaked a Brazilian PEP database containing 132,976 records from the Brazil National PEP Registry. The 16MB CSV file allegedly includes sensitive government data such as CPF numbers (Brazilian taxpayer IDs), full names, roles, position descriptions, agency names, and term dates of individuals in politically sensitive positions.
- Date: 2025-08-21T00:00:10Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Brazil-PEP-Database-Leak-2025-%E2%80%94-132-976-High-Value-Records-Exposed
- Screenshots:
- Threat Actors: Chucky_BF
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education and healthcare to e-commerce and social media, and impacting countries including Greece, USA, Bangladesh, Australia, Iran, Italy, India, Switzerland, UK, Germany, China, Russia, Mexico, France, New Zealand, Philippines, Saudi Arabia, Spain, and Japan. The compromised data ranges from personal user information and credit card details to internal business documents, financial records, and large customer and user databases.
Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to systems in sectors like telecommunications, computer networking, and machinery manufacturing. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.