This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged data leak of Xtudia
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from Xtudia, containing approximately 1 million records. The leaked data include crud users with sensitive fields like usernames, hashed passwords, emails, user roles, and access settings, as well as crud histories capturing user activity logs with actions, timestamps, and modified data.
- Date: 2025-08-26T13:25:48Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DO-XTUDIA-SRL-COMPANY-1-MILLION-DATA
- Screenshots:
- Threat Actors: MrAxSiKucingHitam
- Victim Country: Dominican Republic
- Victim Industry: Information Technology (IT) Services
- Victim Organization: xtudia
- Victim Site: xtudia.com
- Alleged Sale of Hong Kong Citizen Phone Number and Email Database
- Category: Data Leak
- Content: The threat actor claims to be selling a database containing phone numbers and email addresses of citizens in Hong Kong.
- Date: 2025-08-26T13:22:25Z
- Network: openweb
- Published URL: https://leakbase.la/threads/hong-kong-citizen-phone-number-database-with-email.41963/
- Screenshots:
- Threat Actors: camos12943
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Germany’s high income data
- Category: Data Leak
- Content: The threat actor claims to have leaked Germany’s high-income database.
- Date: 2025-08-26T13:21:01Z
- Network: openweb
- Published URL: https://leakbase.la/threads/germany-high-income-database.41960/
- Screenshots:
- Threat Actors: heveren335
- Victim Country: Germany
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of High-Income Individuals Database in India
- Category: Data Leak
- Content: The threat actor claims to be selling a database containing details of high-income individuals in India.
- Date: 2025-08-26T13:17:51Z
- Network: openweb
- Published URL: https://leakbase.la/threads/high-income-database-india.41962/
- Screenshots:
- Threat Actors: xewibic518
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Access Sale Chinese Business Services
- Category: Initial Access
- Content: The threat actor claims to be selling FortiVPN access valued at $430 million to a company in China’s business services sector, which also provides custom software and IT services. The actor states that the compromised environment includes 385 hosts.
- Date: 2025-08-26T13:06:27Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264996/
- Screenshots:
- Threat Actors: SantaAd
- Victim Country: China
- Victim Industry: Information Technology (IT) Services
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of U.S. Credit Cards Data from Sniffer Logs
- Category: Data Leak
- Content: The threat actor claims to be selling a set of 570 U.S.-based credit card records obtained from sniffer logs, with a validity rate of over 90%. The dataset reportedly includes sensitive information such as card number, expiration date, CVV, cardholder name, address, city, state, ZIP code, phone, and email.
- Date: 2025-08-26T13:03:16Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264993/
- Screenshots:
- Threat Actors: infamous
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of Indian Dairy Sector Access
- Category: Initial Access
- Content: The threat actor claims to be selling access valued at $35 million belonging to a company in India’s dairy sector, which produces milk and milk-based food products. The actor states that the compromised infrastructure includes 520 hosts.
- Date: 2025-08-26T13:00:24Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264988/
- Screenshots:
- Threat Actors: SantaAd
- Victim Country: India
- Victim Industry: Dairy
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Camilla Borges Courses and Educational Activities Ltd
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Camilla Borges Courses and Educational Activities Ltd in Brazil. The compromised data include contact IDs, phone numbers, names, total messages, first and last messages, sent and received messages, and formatted message data.
- Date: 2025-08-26T12:33:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-%F0%9F%87%A7%F0%9F%87%B7-app-millaborges-breached
- Screenshots:
- Threat Actors: holycat
- Victim Country: Brazil
- Victim Industry: Education
- Victim Organization: camilla borges courses and educational activities ltd
- Victim Site: millaborges.com
- Alleged data leak of Garena Free Fire
- Category: Initial Access
- Content: The threat actor claims to have leaked a collection of Free Fire accounts credentials, email addresses and passwords.
- Date: 2025-08-26T12:05:25Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Source-Code-Free-fire-email-pswd-by-TERRORISM666%F0%9F%98%82%F0%9F%98%82%F0%9F%98%82
- Screenshots:
- Threat Actors: TERRORISM666
- Victim Country: Singapore
- Victim Industry: Gaming
- Victim Organization: garena free fire
- Victim Site: ff.garena.com
- Alleged data breach of Sika Footwear A / S
- Category: Data Breach
- Content: The group claims to have leaked data from Sika Footwear A / S.
- Date: 2025-08-26T12:01:34Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/3722231435/overview
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: Denmark
- Victim Industry: Wholesale
- Victim Organization: sika footwear a / s
- Victim Site: sikafootwear.dk
- Alleged data breach of Motor Controls, Inc.
- Category: Data Breach
- Content: The group claims to have leaked data from Motor Controls, Inc..
- Date: 2025-08-26T11:59:17Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/0385392777/overview
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Machinery Manufacturing
- Victim Organization: motor controls, inc.
- Victim Site: motorcontrols.com
- Alleged data breach of Springs Christian Academy
- Category: Data Breach
- Content: The group claims to have leaked data from Springs Christian Academy.
- Date: 2025-08-26T11:53:51Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/7175890113/overview
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: Canada
- Victim Industry: Education
- Victim Organization: springs christian academy
- Victim Site: springschristianacademy.ca
- Alleged data breach of SNEG Propreté
- Category: Data Breach
- Content: The group claims to have leaked data from SNEG Propreté.
- Date: 2025-08-26T11:53:15Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/0385392777/overview
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: France
- Victim Industry: Facilities Services
- Victim Organization: sneg propreté
- Victim Site: sneg-proprete.com
- Alleged data leak of West Manggarai Regency
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of West Manggarai Regency (BBPKM) aid recipients, including full names, PKH IDs, KCP locations, hamlet/dusun details, RT numbers, and related identifiers, covering thousands of individuals in Labuan Bajo and surrounding areas.
- Date: 2025-08-26T11:50:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATA-PENERIMA-BANTUAN-BBPKM
- Screenshots:
- Threat Actors: ZammSec01
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: west manggarai regency
- Victim Site: manggaraibaratkab.go.id
- Alleged Access to Unidentified Thermal Power Plant in Romania
- Category: Initial Access
- Content: The group claims to have gained initial access to the industrial control systems of a thermal power plant in Romania. The group states it changed user passwords, modified operator notifications, and took control of boilers, pumps, and cooling systems, highlighting potential risks to the country’s critical infrastructure.
- Date: 2025-08-26T11:41:39Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/599
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/8f28bced-e7bd-4cd3-9ccf-4bad4a0e6ff7.png
- https://d34iuop8pidsy8.cloudfront.net/65fc5e3d-0b0b-4b6a-a602-3d2efeb2b03c.png
- https://d34iuop8pidsy8.cloudfront.net/e298099c-3b8c-4ef5-83d8-a11b4c49c6e3.png
- https://d34iuop8pidsy8.cloudfront.net/c648f28c-be69-48a3-970b-6eef097e9350.png
- https://d34iuop8pidsy8.cloudfront.net/5d61a5f4-1438-4a13-a151-9934a1d4aa07.png
- Threat Actors: Z-ALLIANCE
- Victim Country: Romania
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
- Z-ALLIANCE targets the website of ugodaplus.com.ua
- Category: Defacement
- Content: The group claims to have defaced the website of ugodaplus.com.ua.
- Date: 2025-08-26T11:26:44Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/597
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Real Estate
- Victim Organization: ugodaplus.com.ua
- Victim Site: ugodaplus.com.ua
- Alleged data leak of Shiran Tours (Netanya) Ltd
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Shiran Tours (Netanya) Ltd, exposing customer, driver, and financial data, citing retaliation for the disruption of humanitarian transport in Gaza.
- Date: 2025-08-26T11:00:01Z
- Network: telegram
- Published URL: https://t.me/CyberToufan02/322
- Screenshots:
- Threat Actors: CyberToufan
- Victim Country: Israel
- Victim Industry: Transportation & Logistics
- Victim Organization: shiran tours (netanya) ltd
- Victim Site: shiran-tours.co.il
- Alleged data leak of Grupo Hasar
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Grupo Hasar. The leak reportedly includes 2,690 rows of lead data, compromising sensitive information such as full names, last names, dates, message subjects, mobile and work phone numbers, emails, roles, company and industry information, websites, products and services, addresses (street, city, country, ZIP), fax numbers, user agents, IPs, form and audit logs.
- Date: 2025-08-26T10:44:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Grupo-Hasar-Data-Breach-Leaked-Download
- Screenshots:
- Threat Actors: N1KA
- Victim Country: Argentina
- Victim Industry: Information Technology (IT) Services
- Victim Organization: grupo hasar
- Victim Site: grupohasar.com
- Alleged Sale of NATO Network Access
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to NATO-related systems in the European Union.
- Date: 2025-08-26T10:39:11Z
- Network: openweb
- Published URL: https://ramp4u.io/threads/nato-access.3385/
- Screenshots:
- Threat Actors: blackfield
- Victim Country: Belgium
- Victim Industry: Military Industry
- Victim Organization: nato
- Victim Site: nato.int
- Alleged Sale of Access to Mexican Holding Company Systems
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to systems in Mexico belonging to a major holding company. The listing specifies that the targeted organization operates in the energy and food industries. The actor states that access covers 282 hosts.
- Date: 2025-08-26T10:31:05Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264985/
- Screenshots:
- Threat Actors: SantaAd
- Victim Country: Mexico
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of SMA Negeri 5 Surabaya
- Category: Data Breach
- Content: The threat actor claims to be selling a database of SMA Negeri 5 Surabaya, Indonesia, containing student records. The leak reportedly includes full names, usernames, classes, and passwords for multiple students.
- Date: 2025-08-26T09:59:26Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATABASE-MAN-5-SURABAYA-BY-TERRORISM666
- Screenshots:
- Threat Actors: TERRORISM666
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: sma negeri 5 surabaya
- Victim Site: sman5surabaya.sch.id
- Alleged data leak of an Unidentified Turkish Illegal Drugstore
- Category: Data Leak
- Content: The threat actor claims to have leaked an unidentified illegal Turkish drug store database hosted on an Iranian server. The leak reportedly includes the full website source code and a recoverable MySQL database containing user and admin information.
- Date: 2025-08-26T09:43:42Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-%F0%9F%87%B9%F0%9F%87%B7-TURKEY-ILLEGAL-DRUG-STORE-HOSTED-ON-IRAN-SERVER-DATABASE
- Screenshots:
- Threat Actors: elnurdxb
- Victim Country: Turkey
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of People Matters S.L
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from People Matters S.L, a Spain-based organization. The dataset includes usernames, email addresses, registration timestamps, plaintext passwords, and hashed passwords (MD5 and SHA-512) along with time zone settings.
- Date: 2025-08-26T09:01:42Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-com-People-Matters-S-L-%E2%80%93-HR-Consulting-head-office-Madrid-Spain
- Screenshots:
- Threat Actors: MrAxSiKucingHitam
- Victim Country: Spain
- Victim Industry: Human Resources
- Victim Organization: people matters s.l
- Victim Site: peoplematters.com
- Alleged data leak of Indonesian Non-ASN PPPK applicants
- Category: Data Leak
- Content: The threat actor claims to have leaked a list of non-ASN applicants eligible for PPPK recruitment in Indonesia, exposing NIKs, names, education details, assigned agencies, and job roles. The data includes applicants linked to government bodies such as the Regional Human Resources Department and the National Unity and Politics Agency.
- Date: 2025-08-26T08:22:51Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-NAMA-PELAMAR-NON-ASN-DATABASE-YANG-DAPAT-MELAMAR-SELEKSI-PENGADAAN-CALON-PPPK
- Screenshots:
- Threat Actors: ZammSec01
- Victim Country: Indonesia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Aristotle University of Thessaloniki
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of Aristotle University of Thessaloniki. The exposed data includes detailed personal and administrative fields such as full names, AFM (Greek tax identification numbers), tax office IDs, occupations, addresses, contact numbers, email addresses, fax numbers, entry dates, and geographic areas.
- Date: 2025-08-26T08:22:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Greece-WebCore-Universitas-Aristoteles-Thessaloniki
- Screenshots:
- Threat Actors: MrAxSiKucingHitam
- Victim Country: Greece
- Victim Industry: Education
- Victim Organization: aristotle university of thessaloniki
- Victim Site: auth.gr
- Alleged Sale of U.S. Credit Card Records with AVS Data
- Category: Data Leak
- Content: The threat actor claims to be selling 13,500 U.S. credit card records, including card numbers, expiration dates, holder names, and full billing details (address, city, state, ZIP). The actor states that over 60% of the dataset contains AVS (Address Verification System) data, with an advertised valid rate of 30%.
- Date: 2025-08-26T07:33:06Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264976/
- Screenshots:
- Threat Actors: cashmoneycard
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Department of Public Works and Highways (DPWH)
- Category: Data Breach
- Content: The threat actor claims to have leaked data from the Department of Public Works and Highways (DPWH) – Philippines, allegedly exposing 231,761 lines of information across various document and API files, including 32,125 API-related lines. The leak reportedly contains passwords, emails, addresses, and database entries, and is being distributed through multiple public file-sharing platforms.
- Date: 2025-08-26T07:27:12Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-Department-of-Public-Works-and-Highways-dpwh-gov-ph
- Screenshots:
- Threat Actors: KANLAON
- Victim Country: Philippines
- Victim Industry: Government Relations
- Victim Organization: department of public works and highways (dpwh)
- Victim Site: dpwh.gov.ph
- Alleged Sale of Redline Stealer 2025 Malware Kit
- Category: Malware
- Content: The threat actor claims to be selling a cracked version of Redline Stealer 2025, which includes credential theft, cookie and session hijacking, cryptocurrency wallet theft, system information collection, keylogging, anti-detection features, data exfiltration, browser injection, and persistence mechanisms.
- Date: 2025-08-26T07:23:19Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-Download-Redline-Stealer-2025-Malware-Awareness-Kit
- Screenshots:
- Threat Actors: JackLogan24
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Silent ETH Miner malware
- Category: Malware
- Content: Threat actor claims to be selling Silent ETH Miner malware, a covert cryptocurrency mining tool designed to mine Ethereum (ETH) without the victim’s knowledge or consent. The software reportedly operates stealthily in the background, leveraging the computing power of compromised machines while evading detection through lightweight design and anti-analysis techniques.
- Date: 2025-08-26T06:28:17Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-ETH-Tycoon-v1-6-0-%E2%80%93-Build-Your-Mining-Empire
- Screenshots:
- Threat Actors: Obsidan04
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of AdBot Android Spying
- Category: Malware
- Content: Threat actor claims to be selling AdBot Android Spying, a spyware targeting Android devices and designed to monitor user activities while exfiltrating sensitive information. The features reportedly include credential theft, contact and message collection, browsing history monitoring, persistence on infected devices, stealth techniques to evade mobile security solutions.
- Date: 2025-08-26T05:30:20Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-AdBot-2025-Shadows-of-the-Network
- Screenshots:
- Threat Actors: Sebastian85
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Ministry of Public Health of Ecuador
- Category: Data Breach
- Content: The threat actor claims to have leaked the data of Ministry of Public Health of Ecuador. The compromised data includes full names, national identification numbers, gender, marital status, nationality, place of birth, residence details, home addresses, landline and mobile phone numbers, dates of birth or approximate ages, emergency contact names, relationship to emergency contact, emergency contact phone numbers, photographs of individuals, internal ministry documents, clinical and medical records, statistical health reports, and logistics and procurement contracts.
- Date: 2025-08-26T05:07:11Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-ECUADOR-DB-MINISTERIO-DE-SALUD-PUBLICA-2025
- Screenshots:
- Threat Actors: Gatito_FBI_Nz
- Victim Country: Ecuador
- Victim Industry: Government Administration
- Victim Organization: ministry of public health of ecuador
- Victim Site: salud.gob.ec
- Alleged data breach of Ferplast World
- Category: Data Breach
- Content: The threat actor claims to be selling database of Ferplast (ferplast.co.uk), a UK-based company that produces and sells pet products and accessories online. The leaked database includes sensitive customer information such as names, emails, phone numbers, physical addresses, account credentials (hashed/salted passwords), and membership details. The breach exposes data from over 11,000 customers and 13,000 addresses.
- Date: 2025-08-26T04:44:00Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Ferplast-%C2%A0ferplast-co-uk-Breach-Leaked-Download
- Screenshots:
- Threat Actors: N1KA
- Victim Country: UK
- Victim Industry: E-commerce & Online Stores
- Victim Organization: ferplast world
- Victim Site: ferplast.co.uk
- Alleged leak of multiple Chinese databases
- Category: Data Leak
- Content: The threat actor claims to be selling multiple Chinese databases in packages.
- Date: 2025-08-26T04:31:14Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Sell-%E2%80%8B%E2%80%8Bthese-Chinese-databases-in-packages
- Screenshots:
- Threat Actors: lizzyczy
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Arca
- Category: Data Breach
- Content: The threat actor claims to be selling a database of 150 partners from BlockTower, an institutional investment firm. The leaked data allegedly includes names, emails, locations, and IP addresses, primarily from the USA. The seller claims the database consists of millionaires and hedge fund owners.
- Date: 2025-08-26T04:23:05Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-blocktower-com-partners
- Screenshots:
- Threat Actors: antihero1488
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: arca
- Victim Site: blocktower.com
- Alleged sale of compromised government related social media account.
- Category: Data Leak
- Content: The threat actor claims to be selling access to a verified X account belonging to the former president of Honduras.
- Date: 2025-08-26T04:20:16Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Selling-government-account-in-X-%E2%9C%85
- Screenshots:
- Threat Actors: soul
- Victim Country: Honduras
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Alcàsser Employment Portal
- Category: Data Breach
- Content: The threat actor claims to be selling the database of the Alcàsser Employment Portal, an official job portal run by the City Council of Alcàsser, a municipality in Valencia, Spain. The listing claims to include data of citizens registered on the portal, information on companies posting vacancies, and details of city council workers. Exposed fields include full names, ID numbers, email addresses, registration dates, and worker emails from the council.
- Date: 2025-08-26T04:10:12Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-SPAIN-Portal-Empleo-Alcasser
- Screenshots:
- Threat Actors: scripts
- Victim Country: Spain
- Victim Industry: Government Administration
- Victim Organization: alcàsser employment portal
- Victim Site: portalemp.alcasser.es
- Alleged data breach of Town of Vienna, VA Government
- Category: Data Breach
- Content: The group claims to have obtained the organization data.
- Date: 2025-08-26T01:59:25Z
- Network: tor
- Published URL: http://cephalus6oiypuwumqlwurvbmwsfglg424zjdmywfgqm4iehkqivsjyd.onion/
- Screenshots:
- Threat Actors: Cephalus
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: town of vienna, va government
- Victim Site: viennava.gov
- Alleged data breach of Anand Agricultural University
- Category: Data Breach
- Content: The threat actor claims to have leaked a massive dataset allegedly containing the personal and employment records of employees at Anand Agricultural University (AAU), India. The breach reportedly involves 1.245 million records from the institution’s internal system, exposing highly sensitive details such as employee names, family details, birth dates, marital status, designations, salary structures, banking information, PAN numbers, contact information (emails, phone numbers), and employment history.
- Date: 2025-08-26T01:25:02Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Source-Code-DATA-OF-INDIAN-AAU-EMPLOYEES-1245-MILLION
- Screenshots:
- Threat Actors: RXY
- Victim Country: India
- Victim Industry: Education
- Victim Organization: anand agricultural university, anand
- Victim Site: aau.in
- Alleged sale of custom-built malware
- Category: Malware
- Content: The threat actor claims to be selling custom-built malware, including Remote Access Trojans (RATs), keyloggers, and botnet panels. The offerings include different tiers of sophistication, ranging from basic keylogging and remote control functions to advanced capabilities such as military-grade encryption, screenshot capturing, form grabbing, remote shell execution, process and file management, network monitoring, and botnet command-and-control management.
- Date: 2025-08-26T01:15:19Z
- Network: tor
- Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/142837/
- Screenshots:
- Threat Actors: CrypterBTC
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of crypto seed phrases database
- Category: Data Leak
- Content: The threat actor claims to be selling a database containing 113 million cryptocurrency wallet seed phrases along with 1.1 million private keys linked to Ethereum and Binance Smart Chain transactions.
- Date: 2025-08-26T01:08:49Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/264965/
- Screenshots:
- Threat Actors: 0x666
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Floricultura Silva
- Category: Data Breach
- Content: The threat actor claims to have breached data from Floricultura Silva, a flower shop in Ponta Grossa, Paraná, Brazil.
- Date: 2025-08-26T01:05:25Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-floriculturasilva-Data-Breached-Leaked-Download
- Screenshots:
- Threat Actors: GhostCrawl
- Victim Country: Brazil
- Victim Industry: Retail Industry
- Victim Organization: floricultura silva
- Victim Site: floriculturasilva.com.br
- Alleged leak of credentials to Karachi American School teacher’s portal account
- Category: Initial Access
- Content: The threat actor claims to have leaked login credentials belonging to a Karachi American School teacher’s portal account. The post includes the teacher’s email address, password, and a direct link to the school’s online portal.
- Date: 2025-08-26T00:55:47Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Karachi-American-School-Portal-Password
- Screenshots:
- Threat Actors: nikolagorbachev
- Victim Country: Pakistan
- Victim Industry: Education
- Victim Organization: karachi american school
- Victim Site: kas.edu.pk
- Alleged sale of unauthorized access to Özel Halk Otobüsü Bilgi Sistemi
- Category: Initial Access
- Content: Threat actor is selling access to the Özel Halk Otobüsü Bilgi Sistemi (Private Public Bus Information System) in Türkiye through a planted web shell.
- Date: 2025-08-26T00:03:28Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Turkiye-Bus-Company-%C3%96zel-Halk-Otob%C3%BCs%C3%BC-Bilgi-Sistemi-WebShell
- Screenshots:
- Threat Actors: dejavu
- Victim Country: Turkey
- Victim Industry: Government Administration
- Victim Organization: özel halk otobüsü bilgi sistemi
- Victim Site: iett.istanbul
Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education, government, and financial services to manufacturing and retail, and impacting countries including the Dominican Republic, China, Germany, India, USA, Brazil, Denmark, France, Indonesia, Romania, Ukraine, Israel, Argentina, Belgium, Mexico, Philippines, Spain, Turkey, and Pakistan. The compromised data ranges from personal user information, credit card records, and sensitive government documents to large customer databases and intellectual property.
Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to systems in various industries, including government administration, IT services, and energy. The sale of malware, including various Trojans and spyware, further underscores the availability of offensive capabilities in the cyber underground.
The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.