[August-5-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged data leak of Kawamoto Pump Mfg. Co. Ltd.
  1. Alleged data sale of Hotel Regina Isabella
  1. Alleged data sale of Portals Hills Boutique Hotel
  1. Alleged data leak of Hemvati Nandan Bahuguna Garhwal University (HNBGU)
  1. Alleged leak of German Personal and Banking Data
  1. Alleged data leak of Zemleteka
  1. Alleged data leak of South Korean Integrated Engine Test Facility
  1. Alleged Sale of 10,333 Mixed Email Access Accounts
  1. Alleged data leak of National Authority for Sanitation and Safety in Fisheries and Aquaculture (SANIPES)
  1. Alleged leak of user credential of KTC
  1. Alleged data sale of BKADEMY Corporation
  1. Alleged data sale of Gopify-HRM+
  1. Alleged data sale of Australian Business leads
  1. Alleged data sale of FPT Corporation
  1. Alleged data leak of an unidentified university in Uzbekistan
  1. Alleged data leak of Rapid Flyer
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database containing 2 million records from Rapid Flyer. The data reportedly includes personal and business information such as first name, last name, company, email, password (likely hashed), date of birth, registration date, total paid, addresses, postal codes, city, phone numbers (fixed and mobile), VAT number, and DNI.
  • Date: 2025-08-05T12:23:56Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-2-Million-Rapid-Flyr-com-database
  • Screenshots:
  • Threat Actors: DigitalGhostt
  • Victim Country: France
  • Victim Industry: Printing
  • Victim Organization: rapid flyer
  • Victim Site: rapid-flyr.com
  1. Alleged Data Leak of Hang Seng Investment Clients
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database allegedly associated with Hang Seng Investment Management, a financial services firm based in Hong Kong. The exposed data appears to include personally identifiable information (PII) such as phone numbers (starting with +852), customer names, investment categories, and product types—many of which are related to funds, bonds, and equity investments.NB: The authenticity of the post is not verified
  • Date: 2025-08-05T12:08:49Z
  • Network: telegram
  • Published URL: https://t.me/aqj986/6631
  • Screenshots:
  • Threat Actors: Aiqianjin
  • Victim Country: China
  • Victim Industry: Financial Services
  • Victim Organization: hang seng investment management
  • Victim Site: hangsenginvestment.com
  1. Alleged Data Leak of FOREX.com
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database allegedly tied to FOREX.com, a major online trading platform. The exposed data appears to contain personally identifiable information (PII) of customers, including names, email addresses, phone numbers, locations, account types, traded instruments (such as crude oil and gold), and transaction dates.NB: The authenticity of the post is not verified
  • Date: 2025-08-05T12:04:51Z
  • Network: telegram
  • Published URL: https://t.me/aqj986/6630
  • Screenshots:
  • Threat Actors: Aiqianjin
  • Victim Country: USA
  • Victim Industry: Financial Services
  • Victim Organization: forex.com
  • Victim Site: forex.com
  1. Alleged data breach of Robinhood
  1. Alleged data leak of Kyungsung University
  1. Alleged data leak of Indonesian Pediatricians Association
  1. Alleged Data Leak of Instagram
  1. Alleged data breach of OriGene
  1. Alleged Data Leak of SF Express
  1. Alleged data leak of Ho Chi Minh City University of Foreign Languages and Information Technology (HUFLIT)
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database from Ho Chi Minh City University of Foreign Languages and Information Technology (HUFLIT). The dataset reportedly contains detailed personal and academic information of students, including student IDs, passwords, full names, images, birth details, ethnicity, religion, addresses, contact information, family details, enrollment data, academic performance, study status, and other related fields.
  • Date: 2025-08-05T11:16:49Z
  • Network: openweb
  • Published URL: https://breachforums.hn/Thread-Website-huflit-edu-vn
  • Screenshots:
  • Threat Actors: Ls1jWohGKtwY0iZ2yU
  • Victim Country: Vietnam
  • Victim Industry: Education
  • Victim Organization: ho chi minh city university of foreign languages and information technology (huflit)
  • Victim Site: huflit.edu.vn
  1. Alleged data sale of Italian leads
  1. Alleged Sale of Ionos SMTP Accounts
  1. Alleged data of Erkent and Okçular village database
  1. Alleged Sale of Full Ohio State Voter ID Database
  1. Alleged Access Sale Involving State Data Agency of Lithuania
  • Category: Initial Access
  • Content: The threat actor claims to be selling unauthorized RDP access allegedly linked to the State Data Agency of Lithuania, a government institution responsible for national statistics.
  • Date: 2025-08-05T10:57:07Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/263710/
  • Screenshots:
  • Threat Actors: Saturned33
  • Victim Country: Lithuania
  • Victim Industry: Government Administration
  • Victim Organization: state data agency of lithuania
  • Victim Site: osp.stat.gov.lt
  1. SERVER KILLERS claims to target Denmark
  1. Alleged data sale of Takbet
  1. Alleged sale of Crypto and Social Media Mobile Number Checker
  • Category: Data Leak
  • Content: The threat actor claims to be selling Mobile number checker having capabilities across multiple platforms, including major cryptocurrency exchanges and social media services. The service allegedly checks if a number is registered on platforms such as Binance, Bybit, OKX, Coinbase, KuCoin, CoinW, Gate.io, HTX, and Bitunix, along with WhatsApp, Telegram, Instagram, Facebook, Twitter, LinkedIn, Skype, Viber, TikTok, Amazon, and more.
  • Date: 2025-08-05T10:15:35Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Selling-Mobile-phone-number-checker–22057
  • Screenshots:
  • Threat Actors: 1688shuju
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data leak of 80 million Telegram users
  1. Alleged leak of vulnerability in Izzi Telecom
  • Category: Vulnerability
  • Content: The threat actor claims to have discovered an SQL Injection vulnerability in the login and password recovery section of Izzi Telecom. The vulnerability can be tested using Burp Suite to intercept the request, which is then passed to SQLMap for exploitation. While the user was unable to extract database tables—potentially due to a SQLMap-related bug—they shared technical steps and a screenshot (via Imgur) for others to replicate or investigate further.
  • Date: 2025-08-05T10:04:00Z
  • Network: openweb
  • Published URL: https://breachforums.hn/Thread-SQL-Injection-Vulnerability-in-Mexican-ISP
  • Screenshots:
  • Threat Actors: v3nuzc0d3r2325
  • Victim Country: Mexico
  • Victim Industry: Network & Telecommunications
  • Victim Organization: izzi telecom
  • Victim Site: izzi.mx
  1. Alleged sale of Indonesian teachers data
  1. Alleged data leak of Actual Design
  1. Alleged data leak of WebFerma
  1. Alleged data leak of Pam65.ru
  1. Alleged data leak of Motorcycle MOTOshop.UA
  1. Alleged Data Breach of River Crypto Exchange
  1. Alleged sale of RD web access to an unidentified USA company
  1. Alleged sale of Unauthorized access to an Unidentified Organization in France
  1. Alleged sale of Critical Vulnerability which affects Türk Telekom
  • Category: Vulnerability
  • Content: The threat actor claims to be selling a critical vulnerability affecting Türk Telekom’s Online Services portal, potentially exposing data of 28 million customers. According to the post, knowing just a target’s phone number allegedly allows an attacker to log in as the user and access or modify personal details. This includes the victim’s full name, national ID number, detailed address, modem details (including password changes), phone numbers under the account, and internet usage records.
  • Date: 2025-08-05T05:45:53Z
  • Network: openweb
  • Published URL: https://breachforums.hn/Thread-T%C3%BCrk-Telekom-Critical-Vulnerability-28M-Customer-at-Risk
  • Screenshots:
  • Threat Actors: masterseller
  • Victim Country: Turkey
  • Victim Industry: Network & Telecommunications
  • Victim Organization: türk telekom
  • Victim Site: turktelekom.com.tr
  1. Alleged data breach of Nova Medical Center
  • Category: Data Breach
  • Content: The threat actor claims to be selling a medical database from Nova Medical Center, a network of diagnostic centers in Kazakhstan. The dataset reportedly contains 311,000 records dated August 2, 2025, and includes sensitive information such as ID numbers, full names, phone numbers, cities, IINs (Individual Identification Numbers), dates of birth, appointment details, doctor names, services provided, comments, prices, and payment statuses. The data is offered in CSV format
  • Date: 2025-08-05T05:02:39Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Selling-nova-med-kz-Kazakhstan-medical-database
  • Screenshots:
  • Threat Actors: scorpion1337
  • Victim Country: Kazakhstan
  • Victim Industry: Hospital & Health Care
  • Victim Organization: nova medical center
  • Victim Site: nova-med.kz
  1. Alleged sale of unauthorized access to an unidentified us bank account
  1. Alleged Unauthorized Access to Multiple Unidentified Organizations in Ukraine
  • Category: Initial Access
  • Content: A threat actor has allegedly gained unauthorized access in a significant breach impacting two major Ukrainian retail chains—one specializing in electronics and the other in footwear—each with 15 to 20 physical store locations. The breach, reportedly facilitated through a shared systems administrator, resulted in the total and irreversible loss of critical network infrastructure. Affected components include core switches, routers, servers, employee VPNs, surveillance systems, and 1C accounting platforms.
  • Date: 2025-08-05T04:41:13Z
  • Network: telegram
  • Published URL: https://t.me/WeAreKillnet_Channel/236?single
  • Screenshots:
  • Threat Actors: WE ARE KILLNET
  • Victim Country: Ukraine
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of Don Bosco Job Placement Network
  • Category: Data Breach
  • Content: The threat actor claims to have leaked the source code and admin panel data from the Don Bosco Job Placement Network. The exposed information appears to be a backend user management system or database, containing records of 23 users including their names, mobile numbers, email addresses, usernames, and plaintext passwords. These users include regional coordinators from locations such as Goa, Pune, Chennai, Hyderabad, and Bengaluru, as well as database and program managers.
  • Date: 2025-08-05T04:26:03Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-Source-Code-DON-BOSCO-JOB-PLACEMENT-NETWORK-BY-OHKA21
  • Screenshots:
  • Threat Actors: OHKA21
  • Victim Country: India
  • Victim Industry: Social Media & Online Social Networking
  • Victim Organization: don bosco jobs
  • Victim Site: donboscojobs.org
  1. Alleged data breach of Kaohsiung Medical University
  1. Alleged leak of Pakistan police data
  1. Alleged unauthorized access to StoriesBuzz
  • Category: Initial Access
  • Content: The threat actor claims to have gained unauthorized access to the control panel and internal email of StoriesBuzz, a British media company supporting the Zionist entity.
  • Date: 2025-08-05T02:08:57Z
  • Network: telegram
  • Published URL: https://t.me/hak993/4011
  • Screenshots:
  • Threat Actors: Fatimion cyber team
  • Victim Country: UK
  • Victim Industry: Media Production
  • Victim Organization: storiesbuzz
  • Victim Site: Unknown
  1. Alleged sale of RD Web access to a French Mechanical Parts Company
  1. Alleged data breach of Krisp
  1. TEAM BD CYBER NINJA targets the website of Amanda Spann
  1. Alleged data breach of Sovcombank
  • Category: Data Breach
  • Content: The threat actor has claimed a massive data breach involving Sovcombank, a major private Russian bank. The actor alleges possession of a 140 million user database spanning from 2019 to 2025, totaling 80GB in CSV format. The leaked data reportedly includes full names, dates and places of birth, phone numbers, emails, passport details (series, numbers, issuing authority, and issue dates), home addresses, marital status, spouse and contact information, and pension data.
  • Date: 2025-08-05T01:31:57Z
  • Network: openweb
  • Published URL: https://darkforums.st/Thread-140-Million-Sovkom-Bank-User-Database-2019-2025
  • Screenshots:
  • Threat Actors: DigitalGhostt
  • Victim Country: Russia
  • Victim Industry: Banking & Mortgage
  • Victim Organization: sovcombank
  • Victim Site: sovcombank.ru
  1. TEAM BD CYBER NINJA targets the website of Amanda Spann
  1. Alleged Unauthorized Access to U.S. Oil & Gas Control System
  • Category: Initial Access
  • Content: A threat actor claiming to have leaked a database states that a critical oil and gas facility in the U.S. has been hacked, with full remote control over operations. They threaten that any state opposing China will face total infrastructure collapse, including power, water, and financial systems.
  • Date: 2025-08-05T00:32:06Z
  • Network: telegram
  • Published URL: https://t.me/n2LP_wVf79c2YzM0/777
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: USA
  • Victim Industry: Oil & Gas
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged Unauthorized Access to U.S. Oil & Gas Control System

The cyber incidents detailed in this report reveal a diverse and active threat landscape. Data breaches and leaks are prominent, affecting various sectors from education, hospitality, and financial services to healthcare and manufacturing across countries including Japan, Italy, Spain, India, Indonesia, Russia, South Korea, Peru, Thailand, Vietnam, Australia, France, China, Uzbekistan, Germany, UK, Kazakhstan, Pakistan, Taiwan, and Ukraine1. The compromised data is wide-ranging, encompassing personal information, financial details (including credit card and IBAN numbers), sensitive identity documents (passports, national IDs), military-related data, and internal company documents2.

Beyond data compromise, the report highlights significant activity in initial access sales3. Threat actors are offering unauthorized access to a variety of systems, including corporate networks (RD Web access), government institutions (State Data Agency of Lithuania, Royal Thai Air Force), and critical infrastructure such as a U.S. oil and gas SCADA system and a Madrid irrigation system4. The availability and sale of vulnerabilities and malicious tools, such as an SQL Injection vulnerability in Izzi Telecom and various DDoS and penetration testing tools, further underscore the proliferation of offensive capabilities in the cyber underground5.

These incidents collectively demonstrate that organizations across all industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the availability of malicious tools6. The nature of these events emphasizes the critical importance of robust cybersecurity measures, including strong access controls, comprehensive data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks7.

Related Posts