[December-1-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

Alleged Data Breach of Bhuiyan Engineering

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Bhuiyan Engineering
Date: 2025-12-01T22:35:28Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7b1b87ee-1d8f-467a-a154-74fc10aff041.png https://d34iuop8pidsy8.cloudfront.net/bcbacc24-98f0-4b11-8136-17abd8e83827.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: bhuiyan engineering
Victim Site: bhuiyanbd.com

Alleged Data Leak of BTC Owners Database

Category: Data Breach
Content: Threat Actor claims to have leaked the database of BTC Owners.
Date: 2025-12-01T22:16:23Z
Network: openweb
Published URL: https://leakbase.la/threads/btc-owners-db-for-sa1e.46717/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/53378df6-e35b-40ce-a124-9cfbd422f883.png
Threat Actors: wiliafaly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged Data Breach of Lumen Textile Mills Ltd.

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Lumen Textile Mills Ltd.
Date: 2025-12-01T22:13:54Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7d4644b3-7963-410c-bcf6-be173c6af8e4.png https://d34iuop8pidsy8.cloudfront.net/ff22fa1c-6429-43b1-9e98-e49b6b67804e.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Textiles
Victim Organization: lumen textile mills ltd.
Victim Site: lumentextile.com

Alleged Data Breach of Madina Scale & Co

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Madina Scale & Co
Date: 2025-12-01T22:06:31Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f42ef391-04ef-4b6d-85fe-bb175b966146.png https://d34iuop8pidsy8.cloudfront.net/7e9cf10e-c019-4609-aa1a-270c2085ea96.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Manufacturing
Victim Organization: madina scale & co
Victim Site: madinascale.com

Alleged Sale of Unauthorized FortiSSL VPN Access Across Multiple Countries

Category: Initial Access
Content: Threat Actor claims to be selling unauthorized 341 valid FortiSSL VPN accesses across multiple countries including the UK, Austria, Singapore, Japan, South Korea, UAE, Italy, Brazil, Switzerland, and France.
Date: 2025-12-01T21:49:08Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271148/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/55a1a16c-4f18-48b6-bf80-843bd8b0b4ef.png
Threat Actors: personX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged Data Breach of Redsun

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Redsun
Date: 2025-12-01T21:41:36Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0f375776-6c8c-4618-9cd6-50e25f39b53e.png https://d34iuop8pidsy8.cloudfront.net/a670e22e-eed2-4122-8377-689ddc2a8547.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Consumer Electronics
Victim Organization: redsun
Victim Site: redsunbd.com

Alleged Data Breach of The Relief

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of The Relief
Date: 2025-12-01T21:29:20Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fcfa629b-b927-4751-ac85-2cfcb3dde19b.png https://d34iuop8pidsy8.cloudfront.net/42ab06bf-b728-4320-9609-5dd5bd5c3434.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Legal Services
Victim Organization: the relief
Victim Site: thereliefbd.com

Alleged Data Breach of Senior Finance Controller office

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Senior Finance Controller office
Date: 2025-12-01T21:21:28Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b16bb210-9e3b-4464-9cc3-523fdad9685a.png https://d34iuop8pidsy8.cloudfront.net/33ad0728-c8cd-4962-9ce4-0d906dbb97d9.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: senior finance controller office
Victim Site: sfcworks.gov.bd

Alleged Data Breach of Office of the Chief Accounts and Finance Officer, Ministry of Defence

Category: Data Breach
Content: The group claims to have breached the systems and encrypted the data of Office of the Chief Accounts and Finance Officer, Ministry of Defence.
Date: 2025-12-01T21:12:54Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/303
Screenshots: https://d34iuop8pidsy8.cloudfront.net/42a89ae1-c4eb-46d6-9485-86de61973573.png https://d34iuop8pidsy8.cloudfront.net/4873c092-4bac-4bef-b770-60c073e62bc6.png
Threat Actors: jokeir 07x
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: office of the chief accounts and finance officer, ministry of defence.
Victim Site: cafodefence.gov.bd

University Loft Co. falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:43:25Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=Eoe8nhgd71jKE1
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7446bb5b-a592-43bb-9d95-9eb92af99f23.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Furniture
Victim Organization: university loft co.
Victim Site: uloft.com

PHA Co.,LTD falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:38:44Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=S2NpGi6yalxcR
Screenshots: https://d34iuop8pidsy8.cloudfront.net/65bd745e-f194-4108-a11e-d1b7d04d3775.png
Threat Actors: PLAY
Victim Country: South Korea
Victim Industry: Manufacturing
Victim Organization: pha co.,ltd
Victim Site: phakr.com

South Island PSD falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:29:20Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=fkqdmCArZK0F2Q
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c8e3d333-6ee3-4e0c-aff2-9adf02b3dc27.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Energy & Utilities
Victim Organization: south island psd
Victim Site: sipsd.com

Clark/Sullivan Construction falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:24:59Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=TTcEKQcSigWO0b
Screenshots: https://d34iuop8pidsy8.cloudfront.net/81522775-dfe6-43a3-b643-4b3d41cdc555.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: clark/sullivan construction
Victim Site: clarksullivan.com

Hall Aluminum Products falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:08:49Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=ufU6FnhKV2CF57
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7e32912b-2f08-468e-845c-e715668d06e4.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: hall aluminum products
Victim Site: hallaluminum.com

Aspen Distribution Inc falls victim to PLAY ransomware

Category: Ransomware
Content: Group claims to have obtained organizational data and plans to publish it within 3-4 days.
Date: 2025-12-01T20:01:10Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=GZ6k0ZFNoTHiah
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7a4cb5f5-e1be-496a-9ad6-7763487019d4.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: aspen distribution inc
Victim Site: aspendistribution.com

Alleged Data Leak of Credit Card Database in USA

Category: Data Breach
Content: Threat Actor claims to have leaked the database of Credit Cards in USA.
Date: 2025-12-01T20:00:00Z
Network: openweb
Published URL: https://leakbase.la/threads/usa-kards-database.46711/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1d678b3c-5390-47fe-8cf8-f5030d46f886.png
Threat Actors: 932190sdai0o
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged Sale of Unauthorized VPN and DA Access to a Colombian Corporate Company

Category: Initial Access
Content: Threat Actor claims to be selling unauthorized Fortinet VPN access and full Domain Admin access to a corporate banking sector company in Colombia with revenue under $5M and 51–200 employees.
Date: 2025-12-01T19:38:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271142/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/208003b1-dac3-47b3-8b92-a68d9a7dd6de.png
Threat Actors: Mark1777
Victim Country: Colombia
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown

B dynamic Logistics falls victim to Qilin ransomware

Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2025-12-01T18:36:28Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b62430d6-1f48-3ca7-92f8-c3737f147f92
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0cfed523-bb1e-46ac-ba95-69cd16f5e0a0.png
Threat Actors: Qilin
Victim Country: Australia
Victim Industry: Transportation & Logistics
Victim Organization: b dynamic logistics
Victim Site: bdynamiclogistics.com.au

France terre d’asile falls victim to Qilin ransomware

Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2025-12-01T18:30:40Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=676cc81f-c6a4-3e34-bdbe-e86099fe1f3c
Screenshots: https://d34iuop8pidsy8.cloudfront.net/56ff5fcf-631d-4a63-bfbf-1a33ff683608.png
Threat Actors: Qilin
Victim Country: France
Victim Industry: Civic & Social Organization
Victim Organization: france terre d’asile
Victim Site: france-terre-asile.org

San Miguel Global falls victim to Qilin ransomware

Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2025-12-01T18:22:58Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2a1edb69-0a73-3c06-b32a-dcca2d587014
Screenshots: https://d34iuop8pidsy8.cloudfront.net/126c7681-ae4a-4755-9ab3-185985348b11.png
Threat Actors: Qilin
Victim Country: Argentina
Victim Industry: Food Production
Victim Organization: san miguel global
Victim Site: sanmiguelglobal.com

Alleged leak of ARGENTINA PERSONAL DATA

Category: Data Breach
Content: The threat actor claims to have leaked ARGENTINA PERSONAL DATA.
Date: 2025-12-01T18:12:02Z
Network: openweb
Published URL: https://darkforums.st/Thread-Selling-ARGENTINA-43k-PERSONAL-DATA
Screenshots: https://d34iuop8pidsy8.cloudfront.net/580742be-bf4a-4538-a690-5b547140431d.png
Threat Actors: socializer
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged Data Breach of CABoom Leads

Category: Data Breach
Content: Threat actor claims to have breached the database of CABoom Leads, reportedly exposing sensitive insurance lead data.
Date: 2025-12-01T17:44:12Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271124/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7137ccd4-57f4-44be-ac7d-a450a24b1c6f.png
Threat Actors: letchik
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: caboom leads
Victim Site: caboomleads.com

Industrial Steam falls victim to RansomHouse Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-01T17:43:00Z
Network: tor
Published URL: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/113dfe9fb59c2b9b877cf7a7de13f2c604ea44cb
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6dcfb0f7-1987-4fc2-b10e-e8326b3c5e2a.png
Threat Actors: RansomHouse
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: industrial steam
Victim Site: industrialsteam.com

Miller Wood Trade Publications falls victim to INC RANSOM Ransomware

Category: Ransomware
Content: The group claims to have obtained organization data.
Date: 2025-12-01T17:31:57Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/691de288e1a4e4b3ff652fe3
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d5e19524-2294-48b0-97e0-aa5266633ca7.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Publishing Industry
Victim Organization: miller wood trade publications
Victim Site: millerwoodtradepub.com

Wisconsin Knife Works Inc falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 17 GB of the organization’s data.
Date: 2025-12-01T17:05:16Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0744f663-caf6-4cd0-b8b9-a8231f346269.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: wisconsin knife works inc
Victim Site: wkwinc.com

Alleged sale of an exploit for CVE-2025-60709

Category: Vulnerability
Content: Threat Actor claims to be selling an exploit for CVE-2025-60709.
Date: 2025-12-01T16:32:11Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271128/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8105dec0-45c1-4b02-a5c8-bc7b03d5868a.png
Threat Actors: CrypterBTC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged Sale of Canada Database

Category: Data Breach
Content: The threat actor claims to be selling Canada Database.
Date: 2025-12-01T16:29:10Z
Network: openweb
Published URL: https://darkforums.st/Thread-Selling-Canada-Database
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5b64a5a8-cf0b-4a23-99f8-154d16e37acd.png
Threat Actors: fuckoverflow
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

VirtualWare Solutions falls victim to Qilin ransomware

Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2025-12-01T16:20:30Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f91b2135-cff8-3d34-ab06-7dc0e5c6e276
Screenshots: https://d34iuop8pidsy8.cloudfront.net/87fd18e1-41ae-451a-b233-f3bf8987bc07.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: virtualware solutions
Victim Site: virtualwaresolutions.com

HASCO Hasenclever GmbH + Co KG falls victim to Qilin ransomware

Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2025-12-01T16:15:28Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9d9b8acd-ecc1-3d66-b7b1-7c029bca1270
Screenshots: https://d34iuop8pidsy8.cloudfront.net/670e1066-e970-40bd-b01d-ae0fe5859efb.png
Threat Actors: Qilin
Victim Country: Germany
Victim Industry: Machinery Manufacturing
Victim Organization: hasco hasenclever gmbh + co kg
Victim Site: hasco.com

Martin & Company falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 46 GB of the organization’s corporate data. The compromised data reportedly includes employee information (passport, driver licenses and so on), client information, contracts and agreements, confidential files, projects and so on.
Date: 2025-12-01T15:17:50Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a61a757f-a8cd-453a-9c0d-61e5f374498f.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Insurance
Victim Organization: martin & company
Victim Site: martincompanyus.com

Cleveland Construction, Inc. falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 12 GB of the organization’s corporate data. The compromised data reportedly includes employee information (about 1500 SSNs, passports, addresses, phones, emails, driver licenses and so on), contracts and agreements, projects and so on.
Date: 2025-12-01T15:12:04Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/458d04ee-804c-4bbb-ba53-215621891d44.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: cleveland construction, inc.
Victim Site: clevelandconstruction.com

Enea AB falls victim to INC RANSOM Ransomware

Category: Ransomware
Content: The group claims to have obtained organization data.
Date: 2025-12-01T14:54:28Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/692da417e1a4e4b3ff4ef0de
Screenshots: https://d34iuop8pidsy8.cloudfront.net/122b8ad0-8e8d-4835-80bf-645b5867b884.png https://d34iuop8pidsy8.cloudfront.net/3f4211b6-4956-43c9-bf8c-b684e52bb538.png
Threat Actors: INC RANSOM
Victim Country: Sweden
Victim Industry: Network & Telecommunications
Victim Organization: enea ab
Victim Site: enea.com

Alleged data leak of ECS

Category: Data Breach
Content: The threat actor claims to have breached data from ECS, allegedly containing fields such as ID, title, government ID, coordinates, region name, and more.
Date: 2025-12-01T14:08:51Z
Network: openweb
Published URL: https://darkforums.st/Thread-DATABASE-Shipment-tracking-site-The-best-free-information-esh7enly-ecs-com
Screenshots: https://d34iuop8pidsy8.cloudfront.net/760b944b-eeb1-483d-bafa-3219ffbf9acc.png https://d34iuop8pidsy8.cloudfront.net/f4d212c3-536d-46c9-b27a-64d06e2a847c.png
Threat Actors: wizard
Victim Country: Unknown
Victim Industry: Transportation & Logistics
Victim Organization: ecs
Victim Site: esh7enly-ecs.com

ASTROFEIN – Astro- und Feinwerktechnik Adlershof GmbH falls victim to RansomHouse Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-01T14:08:09Z
Network: tor
Published URL: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/3886ede81e320833ef491aad76b9dc007e96c052
Screenshots: https://d34iuop8pidsy8.cloudfront.net/425c9434-de19-4f46-94ba-eaf539d8a810.jpg
Threat Actors: RansomHouse
Victim Country: Germany
Victim Industry: Aviation & Aerospace
Victim Organization: astrofein – astro- und feinwerktechnik adlershof gmbh
Victim Site: astrofein.com

Alleged data sale of multiple Czech organizations

Category: Data Breach
Content: A group claims to be selling 40 GB of data allegedly taken from 10–20 Czech organizations, including HRUŠKA, SEMPRONEMO, MARLENKA International, Apri, and Compass Management Consulting, with additional unnamed European companies. The leaked files reportedly include government forms, certificates, tenders, financial records, employee data, operational documents, and real-estate cadastre extracts, covering 2010–2025 (mainly 2021–2025).
Date: 2025-12-01T13:53:58Z
Network: telegram
Published URL: https://t.me/c/3076265882/51
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fa49850e-ae60-4424-88a5-9fefd543107b.png https://d34iuop8pidsy8.cloudfront.net/cc50059e-8182-4367-ba85-72c359e32306.png
Threat Actors: Dark Warios
Victim Country: Czech Republic
Victim Industry: Retail Industry
Victim Organization: hruska, spol s ro
Victim Site: hruska.info

HMEI7 targets the website of Marvel Logistics Pte Ltd

Category: Defacement
Content: The group claims to have defaced the website of Marvel Logistics Pte Ltd
Date: 2025-12-01T13:42:05Z
Network: telegram
Published URL: https://t.me/c/2412030007/1942
Screenshots: https://d34iuop8pidsy8.cloudfront.net/41e5fb51-8d33-47dd-a8af-524fff47b20d.jpg
Threat Actors: HMEI7
Victim Country: Singapore
Victim Industry: Transportation & Logistics
Victim Organization: marvel logistics pte ltd
Victim Site: marvelogistics.com.sg

S&R Insurance Services falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained more than 30GB of corporate documents from organization, including personal employee information, client data, project files, agreements and contracts, and other internal organizational documents. NB: The authenticity of the claim is yet to be verified.
Date: 2025-12-01T13:37:02Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/57703db7-9aa2-4939-b302-be73a0ebd1ab.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Insurance
Victim Organization: s&r insurance services inc.
Victim Site: srinsuranceservice.com

M.D. Manouel Insurance Agency falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained more than 30GB of corporate documents from organization, including personal employee information, client data, project files, agreements and contracts, and other internal organizational documents. NB: The authenticity of the claims is yet to be verified.
Date: 2025-12-01T13:32:43Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/558e1d6b-b4bd-4326-bcca-7175f8d861c2.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Insurance
Victim Organization: m.d. manouel insurance agency, inc.
Victim Site: mdmig.com

HMEI7 targets the website of Colégio Boni Consilii

Category: Defacement
Content: The group claims to have defaced the website of Colégio Boni Consilii.
Date: 2025-12-01T13:16:33Z
Network: telegram
Published URL: https://t.me/c/2412030007/1941
Screenshots: https://d34iuop8pidsy8.cloudfront.net/930bdf0a-d082-4dfa-9473-ba1b8d241c46.png
Threat Actors: HMEI7
Victim Country: Brazil
Victim Industry: Education
Victim Organization: colégio boni consilii
Victim Site: boniconsilii.com.br

Alleged data breach of e-Retail

Category: Data Breach
Content: The threat actor claims to have leaked data from e-Retail, allegedly containing fields such as customer ID, user ID, username, first name, last name, email, country, postcode, city, state, and more.
Date: 2025-12-01T13:11:51Z
Network: openweb
Published URL: https://darkforums.st/Thread-DATABASE-e-retail-com-online-Shopping-Databases-Saudi-Arabia-Jeddah
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4c21ba65-f927-4792-abf8-1b687c6c3287.png
Threat Actors: wizard
Victim Country: Saudi Arabia
Victim Industry: E-commerce & Online Stores
Victim Organization: e-retail
Victim Site: e-retail.com

Goldenrod Corporation falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 12 GB of the organization’s corporate data. The compromised data reportedly includes financial files, payment details, invoices, etc.
Date: 2025-12-01T13:05:06Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/771bc2cb-03a6-41ca-ad81-13273c3cda44.jpeg
Threat Actors: akira
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: goldenrod corporation
Victim Site: goldenrodcorp.com

Abhe & Svoboda, Inc. falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 82 GB of the organization’s data. The compromised data reportedly includes Detailed personal employee information such as passports, DLs, SSNs, addresses, emails, phones, medical information, credit cards, client information, projects, agreements and contracts, other internal documents.
Date: 2025-12-01T13:01:06Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fcf96a8d-1258-440b-be6a-558b4ccbe50e.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Civil Engineering
Victim Organization: abhe & svoboda, inc.
Victim Site: abheonline.com

TUAN LE CONSTRUCTION COMPANY LIMITED falls victim to RADAR group Ransomware

Category: Ransomware
Content: The group claims to have obtained organization’s data and plans to publish it within 11-12 days.
Date: 2025-12-01T12:44:12Z
Network: tor
Published URL: http://3bnusfu2lgk5at43ceu7cdok5yv4gfbono2jv57ho74ucjvc7czirfid.onion/awaiting-publication
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a17aaeb4-a51e-419f-86db-0079571d342b.jpg
Threat Actors: RADAR group
Victim Country: Vietnam
Victim Industry: Building and construction
Victim Organization: tuan le construction company limited
Victim Site: tuanle.com.vn

Floyd targets the website of Strade.Global.

Category: Defacement
Content: The group claims to have defaced the organization’s website of Strade.Global.
Date: 2025-12-01T12:20:42Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212489
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fe41b290-3e14-4a04-a4e1-c5d2f1501389.png
Threat Actors: Floyd
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: strade.global.
Victim Site: strade.global

Floyd targets the website of Wes Collective LLC

Category: Defacement
Content: The group claims to have defaced the organization’s website of Wes Collective LLC.
Date: 2025-12-01T12:11:11Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212476
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3a44a9d9-9b23-4be1-af08-8e7bb3836620.png
Threat Actors: Floyd
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: wes collective llc
Victim Site: wescollective.com

INNOMOTIVE Solutions Group falls victim to Akira Ransomware

Category: Ransomware
Content: The group claims to have obtained 10 GB of the organization’s data. The compromised data reportedly includes Personal employee information such as passport, phones, emails, financials, client data, projects, agreements and contracts, NDA, etc.
Date: 2025-12-01T12:05:04Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/344f4607-be2d-4023-8290-dc5c8835db29.jpg
Threat Actors: akira
Victim Country: Canada
Victim Industry: Automotive
Victim Organization: innomotive solutions group
Victim Site: innomotivesolutions.com

NullSector targets the website of Paper Moon Printing Co., Inc.

Category: Defacement
Content: The group claims to have defaced the website of Paper Moon Printing Co., Inc.
Date: 2025-12-01T12:02:21Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212512
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4e163a9d-68bc-4e15-acad-519a8fe13f13.jpg
Threat Actors: NullSector
Victim Country: USA
Victim Industry: Printing
Victim Organization: paper moon printing co., inc.
Victim Site: papermoonprintco.com

HAZARDOUS CYBER TEAM targets the website of Department of Mines & Geology (Rajasthan)

Category: Defacement
Content: The group claims to have defaced the website of Department of Mines & Geology (Rajasthan).
Date: 2025-12-01T11:36:16Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212533
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e1a8a434-02ac-44b0-b8fb-fd6955b11ee9.jpg
Threat Actors: HAZARDOUS CYBER TEAM
Victim Country: India
Victim Industry: Government Administration
Victim Organization: department of mines & geology (rajasthan)
Victim Site: mines.rajasthan.gov.in

Alleged unauthorized access to a French industrial distillation control system

Category: Initial Access
Content: A group claims to have obtained unauthorized remote access to an industrial control system in France. The system reportedly manages key distillation parameters, including gas flow, temperature, timing, and recipe selection.
Date: 2025-12-01T10:36:43Z
Network: telegram
Published URL: https://t.me/c/2787466017/775
Screenshots: https://d34iuop8pidsy8.cloudfront.net/352e11f1-d94c-47ce-81e9-c9d34655eefe.png
Threat Actors: NoName057(16)
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of Civil Aviation Authority of Nepal

Category: Data Breach
Content: The group claims to have leaked data from Civil Aviation Authority of Nepal, compromised database contains airports and immigration details.
Date: 2025-12-01T10:34:17Z
Network: telegram
Published URL: https://t.me/ctrl_nepal/266
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a0e33961-e5c1-4f48-84db-db9ab28fa8e1.png
Threat Actors: GenZRisingNepal
Victim Country: Nepal
Victim Industry: Airlines & Aviation
Victim Organization: civil aviation authority of nepal
Victim Site: caanepal.gov.np

Bpost falls victim to TridentLocker Ransomware

Category: Ransomware
Content: Group claims to have obtained 30.46 GB of the organization’s data.
Date: 2025-12-01T10:06:26Z
Network: tor
Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/efbc8b1a-22e9-4a7f-958a-1f37c0ec9cc4
Screenshots: https://d34iuop8pidsy8.cloudfront.net/72a1602d-8cb0-4c03-b508-e76d3d6b42bc.jpg
Threat Actors: TridentLocker
Victim Country: Belgium
Victim Industry: Transportation & Logistics
Victim Organization: bpost
Victim Site: bpost.be

NullSector targets the website of AK Holdings

Category: Defacement
Content: The group claims to have defaced the website of AK Holdings.
Date: 2025-12-01T09:57:47Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212506
Screenshots: https://d34iuop8pidsy8.cloudfront.net/481f777e-c73f-4a56-98de-bba3c0b9aa06.png
Threat Actors: NullSector
Victim Country: Kenya
Victim Industry: Building and construction
Victim Organization: ak holdings
Victim Site: akholdings.co.ke

scattered LAPSUS$ hunters 7.0 claims to target Adarma

Category: Alert
Content: The group claims to target Adarma.
Date: 2025-12-01T09:55:42Z
Network: telegram
Published URL: https://t.me/smokinmandiant/789
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f1445b55-3ccd-4a7a-934a-8557d532ad4a.png
Threat Actors: scattered LAPSUS$ hunters 7.0
Victim Country: UK
Victim Industry: Computer & Network Security
Victim Organization: adarma
Victim Site: adarma.com

Alleged data breach of DeMi Group

Category: Data Breach
Content: The threat actor claims to have breached data on 1,000 employees from DeMi Group, allegedly containing fields such as ID, salutation, name, level, gender, marital status, IC number, date of birth, email, and more.
Date: 2025-12-01T09:34:45Z
Network: openweb
Published URL: https://darkforums.st/Thread-DATABASE-demigroup-com-my-Data-Leaked-Download
Screenshots: https://d34iuop8pidsy8.cloudfront.net/da8da438-e272-416b-9e41-604b908421f2.png
Threat Actors: KaruHunters
Victim Country: Malaysia
Victim Industry: Information Technology (IT) Services
Victim Organization: demi group
Victim Site: demigroup.com.my

Rose Displays falls victim to GENESIS ransomware

Category: Ransomware
Content: The group claims to have obtained approximately 4.9 TB of data from Rose Displays. The compromised data reportedly includes project data, contracts and NDAs with clients, HR data, financial and tax information, technical data, network user folders, management folders, and other data exfiltrated from the company’s file servers.
Date: 2025-12-01T09:17:31Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/cc64116db0631ced457d/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7e016184-5052-40bf-ba75-5c3d4d8e134f.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: rose displays
Victim Site: rosedisplays.com

NullSector targets the website of ICON Shirt Company

Category: Defacement
Content: The Group claims to have defaced the website of ICON Shirt Company.
Date: 2025-12-01T09:12:59Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212508
Screenshots: https://d34iuop8pidsy8.cloudfront.net/32e5e764-57c6-4799-972f-83ecc366e41b.jpg
Threat Actors: NullSector
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: icon shirt company
Victim Site: iconshirtco.com

Alleged leak of login credentials to MAKE Labs

Category: Initial Access
Content: The group claims to have leaked login credentials from MAKE Labs.
Date: 2025-12-01T09:09:28Z
Network: telegram
Published URL: https://t.me/cihuycha/380?single
Screenshots: https://d34iuop8pidsy8.cloudfront.net/73da45b0-6c58-4de3-a42d-63e07a67c809.jpg
Threat Actors: Kacong Channel
Victim Country: India
Victim Industry: Education
Victim Organization: make labs
Victim Site: makeacademy.in

Data Enterprises of the Northwest falls victim to GENESIS ransomware

Category: Ransomware
Content: The group claims to have obtained 2.6 TB of the organization’s data. The compromised data reportedly includes project data, contracts and NDAs, financial and tax information, SQL backups, network users folders, management folders, and other files exfiltrated from company servers.
Date: 2025-12-01T08:55:42Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/5668ed034cdfa9bcbcb7/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ff38f7d4-982d-4994-99c2-f22849270029.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: data enterprises of the northwest
Victim Site: aticts.com

DEVMAN 2.0 ransomware group adds an unknown victim (m*ttcar**.**.it)

Category: Ransomware
Content: The group claims to have obtained 50 GB of the organization’s data and intend to publish with 2-3 days.
Date: 2025-12-01T08:53:00Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1484de4f-5897-4dda-9794-2c61297daf4b.jpg
Threat Actors: DEVMAN 2.0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: m*ttcar**.**.it

Curtis Investment Group, Inc. falls victim to GENESIS Ransomware

Category: Ransomware
Content: The group claims to have obtained 300 GB of the organization’s data. The compromised data reportedly includes project data, contracts and NDAs, financial and tax data, property management data, real estate data, network user folders, management folders, and data exfiltrated from the company’s file servers. NB: The group intends to publish the data within 2–3 days.
Date: 2025-12-01T08:52:15Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/034516db93aa72827fb5/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7f5f2bc0-8629-4ba5-ac3b-527d997abfcd.jpg
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: curtis investment group, inc.
Victim Site: curtisinvestments.com

PETRO Environmental, LLC falls victim to GENESIS Ransomware

Category: Ransomware
Content: The group claims to have obtained 300 GB of the organization’s data and intends to publish it within 2-3 days. The compromised data reportedly includes project data, sales and Proposals, contracts and NDAs, financial and tax data, environmental data, HR data, management folders, data exfiltrated from company file servers.
Date: 2025-12-01T08:50:58Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/744f3dacaef74d940168/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e58fde8a-c424-4af1-bd0c-8e0f238d7afe.jpg
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Environmental Services
Victim Organization: petro environmental, llc
Victim Site: petroenviro.com

DEVMAN 2.0 ransomware group adds an unknown victim ( afo.us)

Category: Ransomware
Content: The group claims to have obtained 200 GB of the organization’s data and intend to publish with 4-5 days.
Date: 2025-12-01T08:48:29Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/dfca73e1-3f2d-4cb8-bbd3-530c4139abed.jpg
Threat Actors: DEVMAN 2.0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: afo.us

PJSI Consultants Sdn Bhd falls victim to GENESIS Ransomware

Category: Ransomware
Content: The group claims to have obtained 3.5 TB of the organization’s data. The compromised data reportedly includes project data such as technical details and blueprints, as well as sales and proposal documents, accounting data, contracts and NDAs, and data exfiltrated from the company’s NAS.
Date: 2025-12-01T08:44:36Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/47b96c94c6b285785eea/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4ac3812c-df52-4985-8fca-019205ced4ff.png https://d34iuop8pidsy8.cloudfront.net/87ee3669-9991-497a-af2f-59b90ce706e3.png
Threat Actors: GENESIS
Victim Country: Malaysia
Victim Industry: Civil Engineering
Victim Organization: pjsi consultants sdn bhd
Victim Site: pjsi.net

New Horizons Medical falls victim to DEVMAN 2.0 Ransomware

Category: Ransomware
Content: The group claims to have obtained 236 GB of the organization’s data intends to publish it within 3–4 days.
Date: 2025-12-01T08:37:02Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f4c27677-507c-4031-8225-daff5d7efabe.jpg
Threat Actors: DEVMAN 2.0
Victim Country: USA
Victim Industry: Mental Health Care
Victim Organization: new horizons medical
Victim Site: newhorizonsmedical.org

Easterseals Arc of Northeast Indiana falls victim to DEVMAN 2.0 Ransomware

Category: Ransomware
Content: The group claims to have obtained 280 GB of organization data and intends to publish it within 3-4 days.
Date: 2025-12-01T08:25:27Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/de8f7c61-fb91-40bb-a44e-2f2f900f82ed.png
Threat Actors: DEVMAN 2.0
Victim Country: USA
Victim Industry: Individual & Family Services
Victim Organization: easterseals arc of northeast indiana
Victim Site: eastersealsnei.org

Abdulhadi Hospital falls victim to DEVMAN 2.0 Ransomware

Category: Ransomware
Content: The group claims to have obtained 246 GB of the organization’s data and intends to publish it within 3–4 days.
Date: 2025-12-01T08:17:43Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e9d84c3a-0d51-4b58-b660-fdb4a6435b5e.jpg
Threat Actors: DEVMAN 2.0
Victim Country: Jordan
Victim Industry: Hospital & Health Care
Victim Organization: abdulhadi hospital
Victim Site: ecaretest.com

NullSector targets the website of tlacma.sk

Category: Defacement
Content: The group claims to have defaced the website of tlacma.sk
Date: 2025-12-01T08:12:20Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212509
Screenshots: https://d34iuop8pidsy8.cloudfront.net/64644c4c-38e9-4c69-9d84-c1dc2b5eeeb4.png
Threat Actors: NullSector
Victim Country: Slovakia
Victim Industry: E-commerce & Online Stores
Victim Organization: tlacma.sk
Victim Site: tlacma.sk

Soderstrom Architects falls victim to RansomHouse Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-01T08:05:21Z
Network: tor
Published URL: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/dfb6a5230521e0e2d6ed507c5a56c691d0b2bec6
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c0953cb0-679e-43fe-be9a-b54e22d80c98.jpg
Threat Actors: RansomHouse
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: soderstrom architects
Victim Site: sdra.com

NullSector targets the website of Reggaly.co

Category: Defacement
Content: The group claims to have defaced the website of Reggaly.co
Date: 2025-12-01T08:05:18Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212521
Screenshots: https://d34iuop8pidsy8.cloudfront.net/aa6dbd7d-fc11-4ebd-bd81-2ec89ee4cb38.png
Threat Actors: NullSector
Victim Country: Colombia
Victim Industry: E-commerce & Online Stores
Victim Organization: reggaly.co
Victim Site: reggaly.co

NullSector targets the website of DESIGN PRINTING LA

Category: Defacement
Content: The group claims to have defaced the website of DESIGN PRINTING LA.
Date: 2025-12-01T07:57:14Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212491
Screenshots: https://d34iuop8pidsy8.cloudfront.net/85591d64-8de1-4b9f-b61e-185cc876fb6d.png
Threat Actors: NullSector
Victim Country: USA
Victim Industry: Graphic & Web Design
Victim Organization: design printing la
Victim Site: dprintla-terranea.com

NullSector targets the website of Memberfyi Agency

Category: Defacement
Content: The group claims to have defaced the website of Memberfyi Agency.
Date: 2025-12-01T07:48:32Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212500
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e0b4d957-e42b-462f-a4c9-f7ff101a362d.png
Threat Actors: NullSector
Victim Country: USA
Victim Industry: Graphic & Web Design
Victim Organization: memberfyi agency
Victim Site: memberfyi.com

NoName targets the website of AXA

Category: Data Breach
Content: Proof of downtime: https://check-host.net/check-report/33898a90kcb1
Date: 2025-12-01T07:42:41Z
Network: telegram
Published URL: https://t.me/c/2787466017/770
Screenshots: https://d34iuop8pidsy8.cloudfront.net/909d6c8f-4adc-49dc-9c4f-f4dc3aefba12.jpg https://d34iuop8pidsy8.cloudfront.net/5ba57798-5963-4975-9c98-2ff8103e0630.jpg
Threat Actors: NoName057(16)
Victim Country: France
Victim Industry: Government Administration
Victim Organization: axa
Victim Site: axa.com

HollySys Automation Technologies falls victim to CRYPTO24 Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and they intend to publish it within 3-4 days.
Date: 2025-12-01T07:24:36Z
Network: tor
Published URL: http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9dddb077-3c3f-42e7-ac6b-560acf9e2456.jpg
Threat Actors: CRYPTO24
Victim Country: Singapore
Victim Industry: Machinery Manufacturing
Victim Organization: hollysys automation technologies
Victim Site: hollysys.com

NullSector targets the website of AMGOK

Category: Defacement
Content: The Group claims to have defaced the website of AMGOK.
Date: 2025-12-01T07:21:57Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212496
Screenshots: https://d34iuop8pidsy8.cloudfront.net/64cfd8e8-869d-4178-95ac-9f214a97c38a.jpg
Threat Actors: NullSector
Victim Country: India
Victim Industry: Fashion & Apparel
Victim Organization: amgok
Victim Site: amgok.in

Alleged data breach of Dutch telecom company KPN N.V

Category: Data Breach
Content: The threat actor claims to have leaked a data from Dutch telecom company KPN N.V.The compromised data reportedly including full names, dates of birth, email addresses, phone numbers, and home addresses.
Date: 2025-12-01T06:25:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271091/?_fromLogin=1
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d90aeeff-6a64-47a1-b373-6826ab358db2.png
Threat Actors: letsgetit
Victim Country: Netherlands
Victim Industry: Network & Telecommunications
Victim Organization: dutch telecom company kpn n.v
Victim Site: kpn.com

./meicookies targets the website of Nurse Researchers Society for Innovations (NRSI)

Category: Defacement
Content: The group claims to have defaced the website of Nurse Researchers Society for Innovations (NRSI)
Date: 2025-12-01T05:44:13Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212350
Screenshots: https://d34iuop8pidsy8.cloudfront.net/627d90f7-8571-410a-a805-db5d0e65f70d.png
Threat Actors: ./meicookies
Victim Country: India
Victim Industry: Research Industry
Victim Organization: nurse researchers society for innovations (nrsi)
Victim Site: nrsi.in

404 crew cyber team targets the website of Nurturing Angels Home Care

Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2025-12-01T05:36:14Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212511
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d98f8bf4-7f32-4b6a-a07c-01351f5633eb.png
Threat Actors: 404 crew cyber team
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: nurturing angels home care
Victim Site: nurturingangels.org

404 crew cyber team targets the website of Rising Stars Academy of Cheer & Dance

Category: Defacement
Content: Group claims to have defaced the website of Rising Stars Academy of Cheer & Dance.Attributing the attack to its member Lost32x.
Date: 2025-12-01T05:33:56Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212526
Screenshots: https://d34iuop8pidsy8.cloudfront.net/56e5772c-ec29-4d3d-8777-c9f851f8e9df.jpeg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: USA
Victim Industry: Performing Arts
Victim Organization: rising stars academy of cheer & dance
Victim Site: rsacheer-dance.com

Alleged sale of unauthorized email sending access to cryptocurrency project domain

Category: Initial Access
Content: Threat actor claims to be selling unauthorized email sending access to a top-20/30 ranked cryptocurrency project’s domain, allowing them to send messages as the official project.
Date: 2025-12-01T05:21:16Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271089/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a7c3f7a8-ea5f-45e9-b89e-3370fca34499.png
Threat Actors: AsukaLangley
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

BekasiRootSec targets the website of South Salmara College

Category: Defacement
Content: Group claims to have defaced th.e website of South Salmara College.Attributing the attack to its member MR.N43TXPLOIT
Date: 2025-12-01T05:21:14Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212529
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d91e012f-3dca-471a-a185-e8e5b5f39c77.jpeg
Threat Actors: BekasiRootSec
Victim Country: India
Victim Industry: Education
Victim Organization: south salmara college
Victim Site: ssalmaracollege.com

./meicookies targets the website of PT. Nusantara Duasatu Telematika

Category: Defacement
Content: The group claims to have defaced the website of PT. Nusantara Duasatu Telematika
Date: 2025-12-01T05:09:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212474
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5865eef3-1b6a-40e3-942f-88264830899e.png
Threat Actors: ./meicookies
Victim Country: Indonesia
Victim Industry: Network & Telecommunications
Victim Organization: pt. nusantara duasatu telematika
Victim Site: nusantara21telematika.com

SHADOWX targets the website of Antva

Category: Defacement
Content: The group claims to have defaced the website of Antva.
Date: 2025-12-01T05:07:23Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/402
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b25a6f77-a278-4874-a30e-1557c0fd3020.png
Threat Actors: SHADOWX
Victim Country: Saudi Arabia
Victim Industry: Market Research
Victim Organization: antva
Victim Site: antva.sa

Alleged data breach of virtualbet online betting platform

Category: Data Breach
Content: The threat actor claims to have leaked a data from virtualbet online betting platform.The compromised data reportedly including phone numbers, full names, mother’s names, and emails of over 1.28 million Brazilian users.
Date: 2025-12-01T05:04:26Z
Network: openweb
Published URL: https://leakbase.la/threads/brazilian-betting-website-virtualbet-bet.46702/#post-257592
Screenshots: https://d34iuop8pidsy8.cloudfront.net/2bf0baf5-dadd-4687-9a54-576af620a935.png
Threat Actors: kgm96
Victim Country: Brazil
Victim Industry: Social Media & Online Social Networking
Victim Organization: virtualbet online betting platform
Victim Site: virtualbet.bet

Alleged Unauthorized Access to Taiwan-Based VNC Environmental Control Server

Category: Initial Access
Content: The group claims to have discovered an unauthenticated VNC server in Taiwan, exposing a critical environmental monitoring and camera control system. According to the group, the server runs an outdated RFB 003.007 version on port 5900 with no authentication, leaving it open to CVE-2006-2450, replay attacks, and MITM risks. They allege that the system controls temperature, humidity, and visual surveillance inside a sensitive facility.
Date: 2025-12-01T04:53:43Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2629
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6120bb2b-a37b-4361-b65a-804b5bf348df.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Terror targets the website of Abra State Institute of Sciences and Technology (ASIST)

Category: Defacement
Content: Group claims to have defaced the website of Abra State Institute of Sciences and Technology (ASIST)
Date: 2025-12-01T04:28:32Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212254
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9c56b08b-33c6-4efb-9450-a19dc1106ae2.png
Threat Actors: Terror
Victim Country: Philippines
Victim Industry: Higher Education/Acadamia
Victim Organization: abra state institute of sciences and technology (asist)
Victim Site: asist.edu.ph

Alleged Leak of corporate data from France

Category: Data Breach
Content: The threat actor claims to have leaked corporate data from France.
Date: 2025-12-01T04:28:18Z
Network: openweb
Published URL: https://darkforums.st/Thread-Selling-French-corporate-data
Screenshots: https://d34iuop8pidsy8.cloudfront.net/cf85e93b-20d7-466d-a73a-d455977a033e.png
Threat Actors: Arnoldsudney123
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Casa McDonald’s targets the website of CAPTA+

Category: Defacement
Content: Group claims to have defaced the website of CAPTA+
Date: 2025-12-01T04:22:35Z
Network: openweb
Published URL: https://defacer.id/mirror/id/212475
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6f5a3d11-5f05-4414-af26-43dec3269876.png
Threat Actors: Casa McDonald’s
Victim Country: Brazil
Victim Industry: Government & Public Sector
Victim Organization: capta+
Victim Site: captamais.seplan.rr.gov.br

KAL EGY 319 targets the website of SPB Crackers

Category: Defacement
Content: The group claims to have defaced the organization’s website. Mirror: https://zone-xsec.com/mirror/id/768432
Date: 2025-12-01T03:28:59Z
Network: telegram
Published URL: https://t.me/KALOSHA319/75
Screenshots: https://d34iuop8pidsy8.cloudfront.net/80c2f2dd-0d46-4f35-9771-ae88cee42797.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: spb crackers
Victim Site: spbcrackers.com

KAL EGY 319 targets the website of Sri Amirtha Crackers

Category: Defacement
Content: The group claims to have defaced the organization’s website. Mirror: https://zone-xsec.com/mirror/id/768433
Date: 2025-12-01T03:24:11Z
Network: telegram
Published URL: https://t.me/KALOSHA319/74
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b3f37040-7980-4058-9d58-a9624c0e4f68.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sri amirtha crackers
Victim Site: sriamirthacrackers.com

KAL EGY 319 targets the website of Sri Ayyanar Crackers

Category: Defacement
Content: The group claims to have defaced the organization’s website. Mirror: https://zone-xsec.com/mirror/id/768434
Date: 2025-12-01T03:17:49Z
Network: telegram
Published URL: https://t.me/KALOSHA319/73
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f6e50d2d-3dc4-4fc4-808f-ef4639844d55.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: sri ayyanar crackers
Victim Site: sriayyanarcrackers.com

Alleged sale of unauthorized access to multiple unidentified online shops in multiple countries

Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to multiple international online shops across the US, Poland, the Netherlands, Italy, Singapore, France, Slovakia, the UK, and the Czech Republic
Date: 2025-12-01T02:39:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271062/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b79deac5-1de4-4c28-93f7-f1c3bb1256c7.png
Threat Actors: sllerdock
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown

KAL EGY 319 targets the website of National Office of Village Murukku

Category: Defacement
Content: The group claims to have defaced the organization’s website of Village Murukku Mirror:https://zone-xsec.com/mirror/id/768445
Date: 2025-12-01T02:05:01Z
Network: telegram
Published URL: https://t.me/KALOSHA319/62
Screenshots: https://d34iuop8pidsy8.cloudfront.net/57237daa-810b-4043-8c7e-4c12a674c9d9.jpeg
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Food Production
Victim Organization: village murukku
Victim Site: villagemuruku.in

KAL EGY 319 targets the website of Sri Ayyappa Crackers

Category: Defacement
Content: The group claims to have defaced the website of Sri Ayyappa Crackers Proof: https://zone-xsec.com/mirror/id/768435
Date: 2025-12-01T02:01:28Z
Network: telegram
Published URL: https://t.me/KALOSHA319/72
Screenshots: https://d34iuop8pidsy8.cloudfront.net/371fbefc-754a-4505-b967-f04670fc8822.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sri ayyappa crackers
Victim Site: sriayyappacrackers.com

KAL EGY 319 targets the website of Sri Rajaguru Traders

Category: Defacement
Content: the group claims to have defaced the website of Sri Rajaguru Traders. Proof: https://zone-xsec.com/mirror/id/768436
Date: 2025-12-01T01:50:59Z
Network: telegram
Published URL: https://t.me/KALOSHA319/71
Screenshots: https://d34iuop8pidsy8.cloudfront.net/52179b2f-bea5-4826-a350-945a33d85200.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sri rajaguru traders
Victim Site: srirajagurutraders.com

KAL EGY 319 target the website of Vel Sivakasi Crackers

Category: Defacement
Content: The group claims to have defaced the website of Vel Sivakasi Crackers. Mirror: https://zone-xsec.com/mirror/id/768439
Date: 2025-12-01T01:47:13Z
Network: telegram
Published URL: https://t.me/KALOSHA319/80
Screenshots: https://d34iuop8pidsy8.cloudfront.net/df04e882-b8ad-46bb-92a3-38a9d2fc5659.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: vel sivakasi crackers
Victim Site: velsivakasicrackers.com

KAL EGY 319 targets the website of Sri Udhaya Anitha Crackers

Category: Defacement
Content: The group claims to have defaced the website of Sri Udhaya Anitha Crackers. Proof: https://zone-xsec.com/mirror/id/768437
Date: 2025-12-01T01:46:28Z
Network: telegram
Published URL: https://t.me/KALOSHA319/70
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1f801ef7-0258-4feb-b28f-583b66118114.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sri udhaya anitha crackers
Victim Site: sriudhayaanithacrackers.com

Alleged data leak of unidentified Italian regional healthcare booking system

Category: Initial Access
Content: Threat actor claims to have leaked data from a regional healthcare booking system in Northern Italy, allegedly exposing personal records of Italian citizens. The compromised information reportedly includes full names, birth dates, birthplaces, gender, email addresses, phone numbers, and national insurance numbers
Date: 2025-12-01T01:45:46Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/271075/
Screenshots: https://d34iuop8pidsy8.cloudfront.net/84060975-8469-4acd-98d4-f4c1ba96e1d4.png
Threat Actors: wizgun
Victim Country: Italy
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown

KAL EGY 319 targets the website of National Office of VS Crackers

Category: Defacement
Content: The group claims to have defaced the organization’s website of VS Crackers Mirror:https://zone-xsec.com/mirror/id/768446
Date: 2025-12-01T01:33:51Z
Network: telegram
Published URL: https://t.me/KALOSHA319/61
Screenshots: https://d34iuop8pidsy8.cloudfront.net/eac3bb93-5a7c-4da8-a3ef-ee9a6b371a41.jpeg
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: vs crackers
Victim Site: vscrackers.com

KAL EGY 319 targets the website of National Office of Sri Lakshmi Priya Traders

Category: Defacement
Content: The group claims to have defaced the organization’s website Sri Lakshmi Priya Traders Mirror:https://zone-xsec.com/mirror/id/768430
Date: 2025-12-01T01:23:06Z
Network: telegram
Published URL: https://t.me/KALOSHA319/77
Screenshots: https://d34iuop8pidsy8.cloudfront.net/31a905f8-a625-4b8c-a3bf-144479ff8012.jpeg
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sri lakshmi priya traders
Victim Site: slptcrackers.com

KAL EGY 319 target the website of Village Murukku

Category: Defacement
Content: The group claims to have defaced the website of Village Murukku. Mirror: https://zone-xsec.com/mirror/id/768444
Date: 2025-12-01T01:21:51Z
Network: telegram
Published URL: https://t.me/KALOSHA319/63
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9a1e9ca9-5237-458b-a1b5-7632e56f2b4d.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Food Production
Victim Organization: village murukku
Victim Site: villagemurukku.com

KAL EGY 319 targets the website of Sivanesh Crackers

Category: Defacement
Content: Group claims to have defaced the website of Sivanesh Crackers. Mirror Link: https://zone-xsec.com/mirror/id/768429
Date: 2025-12-01T01:19:19Z
Network: telegram
Published URL: https://t.me/KALOSHA319/78
Screenshots: https://d34iuop8pidsy8.cloudfront.net/001ed703-ee74-464d-a40e-0531d32b2973.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Retail Industry
Victim Organization: sivanesh crackers
Victim Site: sivaneshcrackers.com

KAL EGY 319 targets the website of Sivakasi Siva Crackers

Category: Defacement
Content: Group claims to have defaced the website of Sivakasi Siva Crackers. mirror: https://zone-xsec.com/mirror/id/768427
Date: 2025-12-01T01:13:11Z
Network: telegram
Published URL: https://t.me/KALOSHA319/80
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5707351f-fcfe-4b0c-89fd-d1a3523e43ce.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sivakasi siva crackers
Victim Site: sivakasisivacrackers.com

KAL EGY 319 targets the website of Sivakasi Vetri Velan Crackers

Category: Defacement
Content: Group claims to have defaced the website of Sivakasi Vetri Velan Crackers. mirror: https://zone-xsec.com/mirror/id/768428
Date: 2025-12-01T01:12:51Z
Network: telegram
Published URL: https://t.me/KALOSHA319/79
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4bb16108-c505-4a52-bc68-8854d45b4bce.png
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: Wholesale
Victim Organization: sivakasi vetri velan crackers
Victim Site: sivakasivetrivelancrackers.com

KAL EGY 319 targets the website of National Office of Sms Pyrotech

Category: Defacement
Content: The group claims to have defaced the organization’s website Sms Pyrotech Mirror https://zone-xsec.com/mirror/id/768431
Date: 2025-12-01T01:08:34Z
Network: telegram
Published URL: https://t.me/KALOSHA319/76
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7d4def20-94fc-4bbe-bb83-52f8572016cd.jpeg
Threat Actors: KAL EGY 319
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: sms pyrotechof
Victim Site: smspyrotech.com

Alleged data breach of Scalextric España

Category: Data Breach
Content: The threat actor claims to have leaked a data from Scalextric España. The compromised data reportedly includes Full name, Gender, Company name, Postcode, Email addresses.
Date: 2025-12-01T00:31:31Z
Network: openweb
Published URL: https://darkforums.st/Thread-Selling-Spain-scalextric-es-Database-100K
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f7c5c8d1-ab69-4962-8d8b-509395f02759.png
Threat Actors: wizard
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: scalextric españa
Victim Site: scalextric.es

KAL EGY 319 target the website of Apache Software Foundation (ASF)

Category: Defacement
Content: The group claims to have defaced the website of Apache Software Foundation (ASF). Mirror: https://zone-xsec.com/mirror/id/768444
Date: 2025-12-01T00:23:17Z
Network: telegram
Published URL: https://t.me/KALOSHA319/63
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3458705a-6f53-45c6-b59f-c47aea948eaf.png
Threat Actors: KAL EGY 319
Victim Country: USA
Victim Industry: Software Development
Victim Organization: apache software foundation (asf)
Victim Site: apache.org

Alleged data breach of CDUPS Korea

Category: Data Breach
Content: The threat actor claims to have leaked a data from CDUPS Korea. The compromised data reportedly including Usernames, Passwords, Full names, Emails, Phone numbers, Addresses, IP addresses.
Date: 2025-12-01T00:22:00Z
Network: openweb
Published URL: https://darkforums.st/Thread-Selling-Korea-cdups-co-kr-Database-100K
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8004ac8a-4a21-4f1c-a05a-3d8390979638.png
Threat Actors: wizard
Victim Country: South Korea
Victim Industry: E-commerce & Online Stores
Victim Organization: cdups korea
Victim Site: cdups.co.kr

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches, Ransomware, and Defacements are prominent, affecting various sectors from Engineering and Textiles to Government, Finance, and Retail, and impacting countries including Bangladesh, USA, South Korea, France, Argentina, India, and Australia. The compromised data ranges from personal user information and credit card details to sensitive patient records and corporate databases. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to corporate networks and even industrial control systems. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.

Related Posts

[July-15-2025] Daily Cybersecurity Threat Report

[May-27-2025] Daily Cybersecurity Threat Report

[August-7-2025] Daily Cybersecurity Threat Report