This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged leak of Russian job seeker records
- Category: Data Leak
- Content: The threat actor claims to have leaked a database of over 4 million Russian job seekers, updated in 2025, containing full names, dates of birth, phone numbers, email addresses, and physical addresses.
- Date: 2025-08-25T13:22:31Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-%F0%9F%94%A5-Russia-Job-Seeker-Database-%E2%80%94-4M-Records-2025-%F0%9F%94%A5)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/62a8e3ed-e9a4-4afd-a440-15c8ea5556de.png
- Threat Actors: VexDB
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Z-ALLIANCE targets the website of Agrohills Nut
- Category: Defacement
- Content: The group claims to have defaced the website of Agrohills Nut.
- Date: 2025-08-25T12:00:51Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/577)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/d283cbce-5a4b-49c0-b9db-db0e834218a4.png
- Threat Actors: Z-ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Food & Beverages
- Victim Organization: agrohills nut
- Victim Site: agrohills-nut.com
- Alleged unauthorized access to municipal wastewater treatment plant in Czech Republic
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the system and equipment of the municipal wastewater treatment plant in Ostrava, Czech Republic. The access allegedly enables control over pumps, valves and filters, management of emergency and system functions, distribution system.
- Date: 2025-08-25T10:28:20Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/573)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/87883715-f4fb-4ae1-a2f2-062f59791167.JPG, https://d34iuop8pidsy8.cloudfront.net/587085e3-4af6-495f-95e6-40da07939d7d.JPG, https://d34iuop8pidsy8.cloudfront.net/1446e84a-8aae-4343-83c5-45917c6985fb.JPG
- Threat Actors: Z-ALLIANCE
- Victim Country: Czech Republic
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of a Cryptocurrency Checker
- Category: Alert
- Content: The threat actor is offering a tool to verify phone numbers and emails across major crypto exchanges (e.g., Binance, KuCoin, Bybit) and social platforms like WhatsApp, Telegram, and Facebook. The tool also claims to detect user age, gender, device type (iOS), and last seen status.
- Date: 2025-08-25T09:56:38Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-Selling-Cryptocurrency-Checker)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/e6ff9f5b-e253-4aa3-83e7-5ccca77f95a5.png
- Threat Actors: 1688shuju
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- TEAM BD CYBER NINJA targets the website of ETS Tech
- Category: Defacement
- Content: The group claims to have defaced the website of ETS Tech.
- Date: 2025-08-25T09:46:15Z
- Network: telegram
- Published URL: (https://t.me/c/2594876836/136)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/c2778778-3b76-4ffa-bc4e-2ff6b398b9b9.png
- Threat Actors: TEAM BD CYBER NINJA
- Victim Country: Vietnam
- Victim Industry: Information Technology (IT) Services
- Victim Organization: ets tech
- Victim Site: etstech.vn
- Alleged sale of Spain databases
- Category: Data Leak
- Content: The threat actor claims to be selling Spain databases of energy companies, banks and online stores.
- Date: 2025-08-25T09:25:50Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-db-spain)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/f90927fe-d526-4c31-8541-da384c2cefdd.png
- Threat Actors: SweetLittleAngel
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Islamic Revolutionary Guard Corps
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of the Islamic Revolutionary Guard Corps (IRGC) of Iran. The dataset reportedly contains monitoring records of Twitter (X) users, including individuals from vulnerable and dissident groups such as LGBTQ+ persons, political activists, West-leaning users, Azerbaijanis, and others.
- Date: 2025-08-25T07:29:03Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-IRAN-SEPAH-SURVEILLANCE-DATABASE-LEAK-%E2%80%93-Monitored-Twitter-Accounts)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/9c4ddb9a-90ae-49b8-ac43-e6abdde5e085.png
- Threat Actors: elnurdxb
- Victim Country: Iran
- Victim Industry: Military Industry
- Victim Organization: islamic revolutionary guard corps
- Victim Site: sepahnews.ir
- Red wolf cyber targets the UK and Indian cyber forces
- Category: Alert
- Content: A recent post by the group indicates that they are targeting UK and Indian cyber forces.
- Date: 2025-08-25T06:28:16Z
- Network: telegram
- Published URL: (https://t.me/c/2609313110/58)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/356df3f9-50a5-42ec-ad49-f8789a29c243.png
- Threat Actors: Red wolf cyber
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Exel Composites
- Category: Data Breach
- Content: The group claims to have leaked data from Exel Composites.
- Date: 2025-08-25T06:14:32Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/8066849564/overview)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/1f713e75-fbf3-4498-95a5-5ff3caa21ce9.png, https://d34iuop8pidsy8.cloudfront.net/7bda5626-56d1-4ec5-8dda-7919b7f73d96.png
- Threat Actors: Worldleaks
- Victim Country: Finland
- Victim Industry: Plastics
- Victim Organization: exel composites
- Victim Site: exelcomposites.com
- Alleged leak of unauthorized access to an unidentified cafe in Ukraine
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the systems of a café in Kyiv, Ukraine. They describe causing a power outage, disabling air conditioners and fans, increasing water temperatures, and flooding the premises with hot drinks portraying a scene of technological and physical disruption.
- Date: 2025-08-25T06:06:05Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1232)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/19fee3c8-183e-4982-9db2-422fc76e5d58.png, https://d34iuop8pidsy8.cloudfront.net/650ed137-6d4b-4291-9048-2a250e161510.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Ukraine
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of unidentified bank in Thailand
- Category: Data Leak
- Content: The group claims to have leaked data from unidentified bank in Thailand. The compromised data includes credit card details.
- Date: 2025-08-25T05:53:36Z
- Network: telegram
- Published URL: (https://t.me/We_H3c4kedz1/837)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/93210510-b1b5-41f8-b6a5-a08326c52540.png
- Threat Actors: H3C4KEDZ
- Victim Country: Thailand
- Victim Industry: Banking & Mortgage
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Horus Eyes RAT
- Category: Malware
- Content: The threat actor claims to be offering Horus Eyes RAT 2025, a powerful cyber-espionage tool designed for covert surveillance, data theft, and system exploitation. According to the description, it features advanced stealth techniques such as process injection, memory residency, rootkit functionality, and anti-sandboxing measures to evade detection. The RAT enables live screen capture, keylogging, access to webcams and microphones, and clipboard monitoring to gather sensitive information like credentials and financial data. It also provides full system control, including remote shell access, file exfiltration, and persistence mechanisms.
- Date: 2025-08-25T05:07:22Z
- Network: openweb
- Published URL: (https://demonforums.net/Thread-Horus-Eyes-2025-Vision-of-the-Net)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/81e7355f-5a78-4a5e-a6ab-c140074cb655.png, https://d34iuop8pidsy8.cloudfront.net/bbcd2ad2-ff94-4735-913b-af553be5a0b5.png
- Threat Actors: Sebastian85
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Zhytomyr Ivan Franko State University
- Category: Data Breach
- Content: The group claims to have leaked the data of Zhytomyr Ivan Franko State University. The compromised data includes institutional details such as 3 institutes, 5 faculties, 17 scientific schools, 20 research centers, 30 laboratories, a total student population of around 8,000, of which 4,887 are full-time students, over 200 postgraduate and doctoral students, approximately 589 academic staff, and 353 full-time teachers.
- Date: 2025-08-25T05:00:40Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1231)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/42186b98-827b-4c61-afcf-c4e9819977ba.png, https://d34iuop8pidsy8.cloudfront.net/e1ee396b-e772-4d52-b8b2-685252f28707.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Ukraine
- Victim Industry: Higher Education/Acadamia
- Victim Organization: zhytomyr ivan franko state university
- Victim Site: zu.edu.ua
- Infrastructure Destruction Squad claims to target Zhytomyr Ivan Franko State University
- Category: Alert
- Content: A recent post by the group indicated that they are targeting Zhytomyr Ivan Franko State University
- Date: 2025-08-25T04:47:32Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1229)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/60958fce-f0ab-45cb-84dc-59ff53394e04.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Ukraine
- Victim Industry: Education
- Victim Organization: zhytomyr ivan franko state university
- Victim Site: zu.edu.ua
- Alleged data leak of unidentified hospital in France
- Category: Data Leak
- Content: The threat actor claims to have leaked data from an unidentified hospital in France. The compromised data includes financial information and patient records. They also state that a coordinated attack using the VoltRuptor virus disabled the hospital’s internal systems within about ten minutes.
- Date: 2025-08-25T04:43:15Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1226)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/12318f1b-a16e-4b2e-8a58-5805b6d9c6cc.png, https://d34iuop8pidsy8.cloudfront.net/44dfea15-f13a-4e66-afdc-19bf6631d039.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: France
- Victim Industry: Hospital & Health Care
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of forex database
- Category: Data Leak
- Content: The threat actor claims to be selling forex database. The database contains name, email, phone, country etc.
- Date: 2025-08-25T04:37:12Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Forex-Big-Data-Dum)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/d2480ae7-2f23-4b42-9a96-c07e7695a039.png
- Threat Actors: Manik123
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Data Breach of SpiffyBin
- Category: Data Breach
- Content: Threat actor claims that the SpiffyBin.com database was leaked in August 2025, exposing 8,841 user records containing personal details such as emails, names, addresses, and phone numbers.
- Date: 2025-08-25T04:10:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-SpiffyBin-com-Database)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/d3dd2a9e-24e4-4dc8-8b7b-cff808bfa69c.png
- Threat Actors: punk
- Victim Country: USA
- Victim Industry: Environmental Services
- Victim Organization: spiffybin
- Victim Site: spiffybin.com
- Alleged leak of login access to RMS platform of Pathum Thani Technical College
- Category: Initial Access
- Content: The group claims to have gained unauthorized login access belonging to RMS platform of Pathum Thani Technical College.
- Date: 2025-08-25T03:36:24Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2500)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/e9eb8815-e82b-4ed3-ae47-93733f940e7b.png
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Higher Education/Acadamia
- Victim Organization: pathum thani technical college
- Victim Site: rms.pttc.ac.th
- Alleged data leak of unidentified hospital in France
- Category: Data Leak
- Content: The group claims to have leaked data from unidentified hospital in France. The compromised data includes financial data and patient data.
- Date: 2025-08-25T02:19:25Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1223)
- Screenshots: https://d34iuop8pidsy8.cloudfront.net/486dac58-6d3c-4aab-83b0-4f4e375277d4.png, https://d34iuop8pidsy8.cloudfront.net/1b0af4c3-8b27-4155-8052-d7e8a94bf7f0.png
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: France
- Victim Industry: Hospital & Health Care
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education, and food & beverages to military and healthcare, and impacting countries including Russia, Ukraine, Czech Republic, Vietnam, Spain, Iran, Finland, Thailand, USA, and France. The compromised data ranges from personal user information, financial details and credit card details to sensitive patient records, classified military components, and large customer databases.
Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to municipal wastewater treatment plants, corporate networks (including a cafe and a college in Ukraine and Thailand), and even military infrastructure like the Islamic Revolutionary Guard Corps. The sale of malware, including penetration testing tools and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground.
The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.