[December-11-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged Unauthorized Access to Industrial Control System in USA

• Category: Initial Access
• Content: The group claims to have Unauthorized Access to Industrial Control System in USA
• Date: 2025-12-11T23:53:29Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2833 Screenshots: https://d34iuop8pidsy8.cloudfront.net/722b5450-3aef-4e65-afbf-5a81af9437d6.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

2. Alleged Data Breach of Klett

• Category: Initial Access
• Content: The group claims to have claims to have breached the database of Klett.The internal databases and servers were accessed allegedly exposing Customer data, orders, and administrative information were extracted.
• Date: 2025-12-11T23:49:52Z
• Network: telegram
• Published URL: https://t.me/MoroccanCyberSentinelsOfficial/1487 Screenshots: https://d34iuop8pidsy8.cloudfront.net/b71f7216-7d8b-4aec-adfc-58dabdffa027.png https://d34iuop8pidsy8.cloudfront.net/d03e76ba-3bfa-4f9c-a763-a998fd307d4b.png
• Threat Actors: Moroccan Cyber Sentinels
• Victim Country: Czech Republic
• Victim Industry: Publishing Industry
• Victim Organization: klett
• Victim Site: klett.cz

3. 404 CREW CYBER TEAM targets the website of demobk2.wpbay.co

• Category: Defacement
• Content: The Group claims to have defaced the website of demobk2.wpbay.co
• Date: 2025-12-11T23:41:02Z
• Network: telegram
• Published URL: https://t.me/crewcyber/363 Screenshots: https://d34iuop8pidsy8.cloudfront.net/b9bcd3de-102e-491b-b894-15a19c956a83.png
• Threat Actors: 404 CREW CYBER TEAM
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: demobk2.wpbay.co

4. Alleged Data Breach of UPC Precision Castings Ltd

• Category: Data Breach
• Content: The group claims to have breached the database of UPC Precision Castings Ltd. allegedly exposing company’s servers, accounts, databases, emails, and personal data. They obtained more than 500 GB from their network.
• Date: 2025-12-11T23:32:27Z
• Network: telegram
• Published URL: https://t.me/CyberToufan08/474 Screenshots: https://d34iuop8pidsy8.cloudfront.net/6317f7f6-52ed-42a1-bf68-fa2e6f4842db.png https://d34iuop8pidsy8.cloudfront.net/2f0cab46-cf4b-4ef5-b503-844aafacbd6e.png https://d34iuop8pidsy8.cloudfront.net/8123ed5f-227d-4425-9ad1-2a99601660d1.png https://d34iuop8pidsy8.cloudfront.net/c9fefab6-068a-465e-8958-6d25f51f301b.png https://d34iuop8pidsy8.cloudfront.net/87da5efa-4d91-497e-9ba1-955643b3f3ee.png
• Threat Actors: CyberToufan
• Victim Country: Israel
• Victim Industry: Mechanical or Industrial Engineering
• Victim Organization: upc precision castings ltd.
• Victim Site: upccastings.com

5. Alleged Data Breach of Coinmerce B.V

• Category: Data Breach
• Content: A threat actor claims to have breached the database of Coinmerce B.V. in Netherlands, allegedly exposing user records containing Email, Name, Address, Postal Code, City, Phone Number, Product details, Member Status, Certificates, and Assets information.
• Date: 2025-12-11T21:58:47Z
• Network: openweb
• Published URL: https://leakbase.la/threads/netherlands-site-coinmerce-io-format-email-name-address-postal-code-city-number-product-member-certificate-assets-total-lines-2-1.47034/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/9879cbc6-5ecd-4228-8a8e-a38b49a02bcf.png
• Threat Actors: wiliafaly
• Victim Country: Netherlands
• Victim Industry: Financial Services
• Victim Organization: coinmerce b.v
• Victim Site: coinmerce.io

6. Iroquois Memorial Hospital falls victim to PEAR Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data.
• Date: 2025-12-11T21:51:19Z
• Network: tor
• Published URL: http://pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion/Companies/iroquoismemorial/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/f980e997-9e1a-4e9c-a685-7b5118d09759.png
• Threat Actors: PEAR
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: iroquois memorial hospital
• Victim Site: iroquoismemorial.com

7. Alleged Sale of Unauthorized Admin Access via RDP in France

• Category: Initial Access
• Content: A threat actor claims to be selling unauthorized admin access via RDP in France, allegedly providing entry to the personal accounts of other companies, with 800–1000 active accounts and more than 100,000 KYC document sets containing IDs, proof of address, and financial or employment documents.
• Date: 2025-12-11T21:44:35Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271885/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/43e286d5-d937-4a46-92e3-dc78e14af1ed.png
• Threat Actors: remote desktop
• Victim Country: France
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

8. CyberVolk claims to have infected 800+ devices

• Category: Ransomware
• Content: A recent post by the group claims that they have infected over 800 devices using a combination of Remote Access Trojan (RAT), keylogger, and ransomware payloads. The post suggests that victim details will be disclosed in future updates.
• Date: 2025-12-11T21:01:55Z
• Network: telegram
• Published URL: https://t.me/CyberVolk_Community/1421 Screenshots: https://d34iuop8pidsy8.cloudfront.net/f6e98179-e5f4-46a1-9341-8ac9e390fb11.png
• Threat Actors: CyberVolk. Group.
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

9. Clarinda Regional Health Center falls victim to LOCKBIT Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data and intends to publish it within 14-15 days.
• Date: 2025-12-11T20:41:01Z
• Network: tor
• Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/1533dfc8f20bf37fd1611563a0ea76da Screenshots: https://d34iuop8pidsy8.cloudfront.net/948da1d8-8168-4ff4-be23-74f78a03817a.png
• Threat Actors: LOCKBIT 5.0
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: clarinda regional health center
• Victim Site: clarindahealth.com

10. Keys to Literacy falls victim to LOCKBIT Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data and intends to publish it within 4-5 days.
• Date: 2025-12-11T20:35:51Z
• Network: tor
• Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/3089788da542fdb016688ab7ce364332 Screenshots: https://d34iuop8pidsy8.cloudfront.net/69da93c1-4b82-4f75-80cf-2e25ac92b579.png
• Threat Actors: LOCKBIT 5.0
• Victim Country: USA
• Victim Industry: Professional Training
• Victim Organization: keys to literacy
• Victim Site: keystoliteracy.com

(Note: The following section summarizes the remaining data entries from the provided file to maintain report brevity while ensuring complete coverage of the provided dataset.)

11. Hilden Packaging Machines falls victim to LOCKBIT Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data and intends to publish it within 13-14 days.
• Date: 2025-12-11T20:28:38Z
• Network: tor
• Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/b06b309497d11b998f527f3f013e8bd7 Screenshots: https://d34iuop8pidsy8.cloudfront.net/7a0b871a-66e7-4682-901b-654ded8f8494.png
• Threat Actors: LOCKBIT 5.0
• Victim Country: India
• Victim Industry: Machinery Manufacturing
• Victim Organization: hilden packaging machines
• Victim Site: hilden.in

12. Alleged Sale of Unauthorized Server Access to an Unidentified Shop in USA

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized server access to an unidentified 7 shops in USA, and the access was obtained via an SQL injection vulnerability with RCE, providing full control of the server.
• Date: 2025-12-11T20:25:17Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271876/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/f7ab5a80-e0f9-4940-9a3a-84d1a5d820fe.png
• Threat Actors: SsackMaster
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

13. Alleged Data Leak of 250 Credit Card Records in Spain

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of 250 Credit Card Records in Spain which includes full payment card details and associated billing information such as name, email, phone, address, postcode, etc.
• Date: 2025-12-11T20:08:45Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271855/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/d3b902b3-3abd-4bee-9222-43e0f69db481.png
• Threat Actors: mr.broo
• Victim Country: Spain
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

14. Alleged Sale of Unauthorized Reverse Shell Access to Multiple Countries

• Category: Initial Access
• Content: A threat actor claims to be selling unauthorized reverse shell access to several high-value companies across the USA, Canada, Norway, and France, all allegedly running on OC Linux systems. The listed victims span major industries—legal and business intelligence, retail, manufacturing, consulting, computing infrastructure, AI development, and real estate investment and the access provides full command execution and potential internal network penetration across these organizations.
• Date: 2025-12-11T19:29:10Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271868/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/7ce42cb6-ec03-4edb-a4c5-d21732073da0.png https://d34iuop8pidsy8.cloudfront.net/394751cd-c139-4218-bd7d-e5406ea1a5ee.png
• Threat Actors: SantaAd
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

15. Alleged leak of Shopee Thailand product database

• Category: Data Breach
• Content: The group claims to have leaked a product database from Shopee Thailand, containing over 19 million records related to affiliate feeds, product listings, seller metadata, and pricing details. The data reportedly includes fields such as product link, shop id, sale price, etc.
• Date: 2025-12-11T17:25:57Z
• Network: telegram
• Published URL: https://t.me/h3c4kedzsec_official/174 Screenshots: https://d34iuop8pidsy8.cloudfront.net/4435aaa3-6ec7-4bbe-a661-6057ca3d9549.png
• Threat Actors: H3C4KEDZ
• Victim Country: Thailand
• Victim Industry: Software Development
• Victim Organization: shopee
• Victim Site: shopee.co.th

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats appearing on December 11, 2025. Data breaches and ransomware attacks are prominent, affecting various sectors from healthcare (Iroquois Memorial Hospital, Clarinda Regional Health Center) and education (Klett, Keys to Literacy) to industrial engineering (UPC Precision Castings Ltd, Hilden Packaging Machines) and financial services (Coinmerce B.V.). The geographical scope is broad, impacting countries including the USA, Czech Republic, Israel, Netherlands, France, Spain, and Thailand.

The compromised data ranges from sensitive patient records and personal user information to industrial secrets and credit card details. Beyond data compromise, the report also reveals significant activity in initial access sales and defacement, with threat actors like the Infrastructure Destruction Squad and LOCKBIT 5.0 demonstrating persistent offensive capabilities. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures to defend against a wide array of sophisticated and opportunistic attacks.