[December-14-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged sale of Nashua Botswana internal database

2. Alleged sale of fraudulent or illegal U.S. tax documents (1099 & W-2 Forms)

3. Alleged leak of confidential files related to Jeffrey Epstein

4. Alleged data breach of Australian Real Estate Sector

5. Kier + Wright falls victim to Qilin Ransomware

6. Alleged leak of West Java Civil Servant Database

  • Category: Data Breach
  • Content: The group claims to have leaked a database containing personal and employment records of government employees in West Java, Indonesia. The dataset reportedly includes around 37,350 individual entries, exposing sensitive details such as names, places and dates of birth, employee ID numbers (NIP), work units and departments, ranks and job titles, employment status and tenure, as well as personal identifiers including gender, religion, marital status, education history, national ID, tax ID, insurance numbers, home addresses, phone numbers, and email contacts.
  • Date: 2025-12-14T22:20:54Z
  • Network: telegram
  • Published URL: https://t.me/c/3487552490/96 Screenshots: https://d34iuop8pidsy8.cloudfront.net/cce5e4f5-37bf-40fb-b73a-3aa6f1b085bd.png
  • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: Indonesia
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

7. Alleged data breach of American Century Investments

8. Alleged Sale of Unauthorized Shell and Admin Access to OpenCart Shops Across Multiple Countries

9. Alleged Leak of STEALER LOGS AND U.L.P

10. Alleged leak of of Social Assistance Recipient Data from Indonesia

11. Alleged Sale of Unauthorized Admin Access to Media Conglomerate

12. H3xV0id claims to target Eitaa Messenger

13. Cyb3r Drag0nz claims to target Channel 8

14. Alleged unauthorized access to Iran’s Shad system

15. AySA falls victim to SAFEPAY Ransomware

16. InTTrust S.A. falls victim to SAFEPAY Ransomware

17. R.I. Lampus Company falls victim to SAFEPAY Ransomware

18. Teccart Institute falls victim to SAFEPAY Ransomware

19. Alleged Sale of macOS Safari Password Stealing Exploit

  • Category: Malware
  • Content: Threat Actor claims to be selling a macOS exploit capable of extracting saved Safari browser passwords in cleartext. The exploit is advertised as compatible with macOS 15 through macOS 26 and reportedly outputs credentials, URLs, and login data into a CSV file. The actor states the exploit can be stealthily executed on a victim’s device and integrated into stealer malware, posing a significant risk of credential theft within the Apple ecosystem.
  • Date: 2025-12-14T19:53:48Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/272060/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/f2502c0c-6a3b-447b-bfdc-a283a318696c.png
  • Threat Actors: notzull
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

20. Alleged Leak of Turkey Mini Advanced Phone Database

21. falls victim to SAFEPAY Ransomware

22. Alleged data breach of PlayTicket

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a data from playticket. The dataset reportedly contains 64,114 records with 59,018 unique email addresses which includes personal and account-related information such as names, usernames, email addresses, IP addresses, dates of birth, phone numbers, addresses, login activity, and membership details.
  • Date: 2025-12-14T19:40:46Z
  • Network: openweb
  • Published URL: https://darkforums.hn/Thread-Selling-playticket-co-kr-210k Screenshots: https://d34iuop8pidsy8.cloudfront.net/36083e78-828e-4192-8215-d180b6385d06.png
  • Threat Actors: siege
  • Victim Country: South Korea
  • Victim Industry: Consumer Services
  • Victim Organization: playticket
  • Victim Site: playticket.co.kr.

23. Solo targets the website of Works4U

24. VFM Systems and Services (P) Ltd falls victim to BlackShrantac Ransomware

25. FEST GmbH falls victim to SAFEPAY Ransomware

26. Solo targets the website of R.S. Sunshine Public School

27. Solo targets the website of Neeldeep Academy

28. Solo targets the website of Abhyuday Public School

29. Solo targets the website of Udgam School for Children

30. AXXEL MARKETING falls victim to LOCKBIT 5.0 Ransomware

31. Alleged Sale of Unauthorized Admin Access to Canadian Finance Banking Organization

  • Category: Initial Access
  • Content: Threat actor claims to be selling unauthorized admin-level RDWeb access to a Canada-based finance banking organization with an estimated revenue of $7 million.. The access allegedly includes domain controller privileges and exposure of approximately 3 TB of sensitive data, including backups, billing, and tax-related information.
  • Date: 2025-12-14T18:55:03Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/272059/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/23a30224-fe00-4bf0-9283-713450c7c13d.png
  • Threat Actors: thugstage
  • Victim Country: Canada
  • Victim Industry: Banking & Mortgage
  • Victim Organization: Unknown
  • Victim Site: Unknown

32. Mega Alfalfa Argentina S.A. falls victim to LOCKBIT 5.0

33. Alleged Sale of Unauthorized Linux Server Access

34. Alleged data breach of St. John Lee Korean Catholic Church

35. Hider_Nex claims to target USA

36. SYLHET GANG-SG claims to target Canada

37. Alleged Sale of Unauthorized phpMyAdmin Access to U.S Based Native Form Shops

  • Category: Initial Access
  • Content: Threat Actor claims to be selling unauthorized phpMyAdmin database access to a U.S. based custom CMS hosting multiple online shops, allowing checkout data modification and JavaScript injection that could lead to payment data compromise on sites using Authorize.Net Native Forms.
  • Date: 2025-12-14T17:19:15Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/272054/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/cda2f2ca-2930-4013-ae18-a7b44c2a26dd.png
  • Threat Actors: rassvettt
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

38. Alleged data breach of Bizbook

39. Alleged leak of login access to National Research Council of Thailand (NRCT)

40. Alleged leak of administrator credential to Chai Si Noodle Dumpling Company Limited

41. Pharaoh’s Team Channel targets Abhishek’s E-Commerce Website

42. Alleged leak of web shell access to All Smart

43. Alleged data leak of REVSCENENET

44. Pharaoh’s Team Channel targets the website of Ganpatram Dulichand Soni

45. Pharaoh’s Team Channel targets the website of The legacy silver

46. Alleged data breach of Wavenet

47. Alleged unauthorized access to R. STAHL TRANBERG

48. Alleged sale of china citienz’s data

49. Alleged data sale of SpaceX

50. KKG-Z targets the website of PPD Builder Co., Ltd

51. Alleged leak of login credentials from ssk.in.th

52. Alleged data sale of TipTop Transport Solutions Pty Ltd.

53. Alleged data sale of Center for Advanced Eye Care

54. Alleged data sale of Robinhood

55. Alleged sale of Android 16 0-day exploit

56. XmrAnonye.id targets the website of Smk Ma’arif Kota Magelang

57. Alleged leak of login credentials from PSDD Royal Irrigation Department in Thailand

58. Alleged data sale of Muchacomida

59. JABAR ERROR SYSTEM targets the website of Bahasa Inggris Net

60. Alleged leak of login credentials from Highway Registry Information System (HRIS)

61. 404 CREW CYBER TEAM targets the website of Estilo Plus

62. Alleged data leak of US Department of Defense

63. BontenSec targets the website of Matrix of Rap

  • Category: Defacement
  • Content: The group claims to have defaced the website of Matrix of Rap

matrixofrap.com MIRROR : https://defacer.id/mirror/id/216716

https://www.google.com/search?q=admin.matrixofrap.com MIRROR : https://defacer.id/mirror/id/216717

64. 911Team targets the website of SHIMA

65. Hazardous Cyber Team targets the website of OCA Computer Institute of IT and Management

66. Liteconn Co., Ltd falls victim to Qilin Ransomware

67. Z-BL4CX-H4T targets the website of Shishania coaching center

68. Alleged data breach of EduArena

69. VLP HELLAS S.A. falls victim to Qilin Ransomware

70. Alleged Leak of Voter and National ID Data from Indonesia

71. Alleged Leak of Government Household Registry Data from Vietnam

72. Alleged leak of login credentials from Ubon Ratchathani Rajabhat University

73. Alleged data breach of Vietnam Airlines

74. Alleged leak of login credentials from King Chulalongkorn Memorial Hospital

75. Alleged data breach of JPC Trade Ltd

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches remain a dominant concern, with actors like BreachLaboratory and others leaking massive datasets from government and private sectors in Indonesia, Vietnam, and Japan. Ransomware groups, notably SAFEPAY, Qilin, and LOCKBIT 5.0, continue to target organizations across multiple industries, including healthcare, manufacturing, and finance, in regions such as Greece, the USA, and Singapore. Additionally, there is significant activity in the sale of initial access and defacement campaigns, particularly targeting educational and government institutions in Thailand and India. This persistent threat environment underscores the critical need for robust cybersecurity measures, including enhanced data protection, continuous monitoring, and proactive vulnerability management to mitigate these evolving risks.

Related Posts