[December-17-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged Data Breach of form-vl

2. Cyb3r Drag0nz claims to target Ministry of Education (Iraq)

3. Cyb3r Drag0nz claims to target Iraqi counter-terrorism

4. Cyb3r Drag0nz claims to target Ministry of Interior (Iraq)

5. Cyb3r Drag0nz claims to target Rafidain Bank

6. ShinyHunters claims to target French Ministry of the Interior

7. jokeir 07x targets the website of KAPA APE

8. Alleged leak of login access to Ubon Ratchathani Technical College

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access and leaked the login credentials to the administrator portal for the admissions system of Ubon Ratchathani Technical College.
  • Date: 2025-12-17T22:44:41Z
  • Network: telegram
  • Published URL: https://t.me/kkg_z/629
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0b863f35-ae98-4c9c-9380-1777c92b5319.png
  • Threat Actors: KKG-Z
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: ubon ratchathani technical college
  • Victim Site: admission.utc.ac.th

9. jokeir 07x targets the website of Printfrica

10. MedHelp falls victim TERMITE Ransomware

11. jokeir 07x targets the website of Incepti Development

12. Alleged Sale of New Generation RDP Brute Force Tool

13. Alleged leak of unauthorized access to Policía Cibernética de Puebla

14. Fatimion cyber team targets Zayed Foundation

15. Alleged leak of unauthorized access to Secretaría de Seguridad Pública del Estado de Guanajuato

16. Alleged leak of unauthorized access to C5 CDMX

17. Fatimion cyber team targets the UAE Ministry of Health and Prevention

18. Alleged leak of unauthorized access to Secretaría de Seguridad Pública del Estado de Hidalgo

19. Alleged Sale of EDR Killer Malware

20. CVK Hotels & Resorts falls victim to INC RANSOM

21. Alleged leak of Netflix

22. Alleged leak of Georgian Companies Database

23. Alleged data breach of Banco Vimenca

  • Category: Data Breach
  • Content: The threat actor claims to be leaking a database belonging to Banco Vimenca, containing sensitive financial and personal information of customers and employees. The exposed data reportedly includes over 190,000 scanned Dominican ID cards of active clients, bank statements, personal data of nearly 700 employees, NDAs, confidentiality agreements, and highly sensitive contracts involving partner banks, clients, and third parties.
  • Date: 2025-12-17T20:54:25Z
  • Network: openweb
  • Published URL: https://darkforums.hn/Thread-DATABASE-Banco-Vimenca-Data-leak
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/a04c0503-9661-4c70-80b4-0651954e5b46.png
  • Threat Actors: Dreamer8000
  • Victim Country: Dominican Republic
  • Victim Industry: Financial Services
  • Victim Organization: banco vimenca
  • Victim Site: vimenca.com

24. Zimeda falls victim to SAFEPAY Ransomware

25. G & L Mechanical Contractor, L.P falls victim to SAFEPAY Ransomware

26. Alleged data breach of Institutional Revolutionary Party (PRI)

27. Art City Dental falls victim to SAFEPAY Ransomware

28. HEINRICH AND BERG – NOTARIES IN GERRESHEIM falls victim to SAFEPAY Ransomware

29. KKG-Z targets the website of Stadium Office portal of the Ubon Ratchathani Rajabhat University (UBRU)

  • Category: Defacement
  • Content: The group claims to have defaced the website of Stadium Office portal of the Ubon Ratchathani Rajabhat University (UBRU).
  • Date: 2025-12-17T20:15:39Z
  • Network: telegram
  • Published URL: https://t.me/kkg_z/628
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/7c79b14b-73df-4cdb-baae-385fa011a8f7.png
  • Threat Actors: KKG-Z
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: ubon ratchathani rajabhat university (ubru)
  • Victim Site: stadiumoffice.ubru.ac.th

30. SilverLine Group Inc. falls victim to SAFEPAY Ransomware

31. Alleged leak of credential database from Thabo School

  • Category: Data Breach
  • Content: The group claims to have defaced the website and leaked 300 sets of usernames and passwords from the admission portal of Thabo School in Thailand.
  • Date: 2025-12-17T19:59:00Z
  • Network: telegram
  • Published URL: https://t.me/kkg_z/622
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/02088cc6-35a7-4fd7-9c51-042f11281a69.png
  • Threat Actors: KKG-Z
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: thabo school
  • Victim Site: admission.thaboschool.ac.th

32. Smile Center of Utah falls victim to SAFEPAY Ransomware

33. Security of the America LTDA falls victim to SAFEPAY Ransomware

34. 7 Proxies targets the website of Kurmitola High School & College

35. INDRAMAYU CHAOS SYSTEM targets the website of Faculty of Architecture and Creative Arts, Rajamangala University of Technology Isan (RMUTI)

  • Category: Defacement
  • Content: The group claims to have defaced the website of Faculty of Architecture and Creative Arts, Rajamangala University of Technology Isan (RMUTI)
  • Date: 2025-12-17T19:38:16Z
  • Network: telegram
  • Published URL: https://t.me/c/3427600175/95
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/eef23d8c-d994-4834-859a-d5c618783b85.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: faculty of architecture and creative arts, rajamangala university of technology isan (rmuti)
  • Victim Site: faca.rmuti.ac.th

36. Alleged leak of Georgian Schools

37. Rogue77 targets the website of Mirpur Mofid-e-Aam School and College

38. Rogue77 targets the website of Bangladesh Ex-Cadets Association (BECA), Rangpur Unit

  • Category: Defacement
  • Content: The group claims to have defaced the website of Bangladesh Ex-Cadets Association (BECA), Rangpur Unit.
  • Date: 2025-12-17T18:31:36Z
  • Network: telegram
  • Published URL: https://t.me/r0gue77/11
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ef8d88f7-8c64-40e8-89d9-7ddce8052d18.png
  • Threat Actors: Rogue77
  • Victim Country: Bangladesh
  • Victim Industry: Non-profit & Social Organizations
  • Victim Organization: bangladesh ex-cadets association (beca), rangpur unit
  • Victim Site: becarangpur.org.bd

39. Alleged data breach of Preimpregnados AR

40. Alleged data breach of SOFIPA

41. 404 CREW CYBER TEAM targets the website of PV Materials

42. Alleged data leak of Naftali Bennett

43. Trojan 1337 targets the website of BDCricTime

44. Alleged Sale of 10,000 Credit Card Records in Turkey

  • Category: Data Breach
  • Content: Threat actor claims to be selling 10,000 credit card details in Turkey. The compromised data reportedly includes credit card number, expiry date, CVV, full name, address, city, state, ZIP code, country, and phone number, with some records also containing additional SOAP-related data.
  • Date: 2025-12-17T17:19:36Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/272254/
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/b52c99f3-1cb7-4e61-a329-bb87cce69411.png
  • Threat Actors: old_pirate
  • Victim Country: Turkey
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

45. Cyb3r Drag0nz claims to target Ministry of Higher Education and Scientific Research

  • Category: Alert
  • Content: A recent post by the group claims that they have successfully disrupted the digital platform of the Ministry of Higher Education’s in Iraq, making it inaccessible.
  • Date: 2025-12-17T17:09:57Z
  • Network: telegram
  • Published URL: https://t.me/c/2508606000/155
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/2b8168c5-e1be-49e0-9a3b-7a41516274a1.png
  • Threat Actors: Cyb3r Drag0nz
  • Victim Country: Iraq
  • Victim Industry: Education
  • Victim Organization: ministry of higher education and scientific research
  • Victim Site: mohesr.gov.iq

46. Alleged Sale of Unauthorized Site and Server Access to Top 20 Companies in Brazil

  • Category: Initial Access
  • Content: Threat actor claims to be selling unauthorized site and server access to top 20 companies in Brazil, which allegedly includes a Node.js entry point, website payment functionality, and database access containing records of approximately 20 million users, reportedly including detailed personal data and information related to relatives and local social networks.
  • Date: 2025-12-17T17:04:52Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/272248/
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/9b90f96d-14bd-4131-938d-0f05d77f2692.png
  • Threat Actors: astrotrain
  • Victim Country: Brazil
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

47. TENGU ransomware group adds an unknown victim (lol)

48. TENGU ransomware group adds an unknown victim (Unknown)

49. 7 Proxies claims to target Bangladesh

50. Trojan 1337 claims to target Bangladesh

51. Ghilan Legion claims to target Myanmar

52. Netstar Australia falls victim to BlackShrantac Ransomware

53. 404 CREW CYBER TEAM targets the website of Sempre Design

54. 404 CREW CYBER TEAM targets the website of Ministry of Development and Social Assistance

  • Category: Defacement
  • Content: The group claims to have defaced the applications and authentication portal of Ministry of Development and Social Assistance.
  • Date: 2025-12-17T15:57:28Z
  • Network: telegram
  • Published URL: https://t.me/crewcyber/389
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/645c162e-f2dd-42b7-8ed8-5fea353bebf1.png
  • Threat Actors: 404 CREW CYBER TEAM
  • Victim Country: Brazil
  • Victim Industry: Government Administration
  • Victim Organization: ministry of development and social assistance
  • Victim Site: aplicacoes.mds.gov.br

55. Latitude 33 Planning & Engineering falls victim to akira Ransomware

56. Alleged data leak targeting Pusdalops, BNPB

  • Category: Data Breach
  • Content: The group claims to have gained unauthorized access to the Operational Control Center (Pusdalops) of BNPB, Indonesia’s national disaster management agency. The compromised dataset reportedly include fields such as position name, NIK, NPWP, NIP, address, ID, and email.
  • Date: 2025-12-17T15:34:08Z
  • Network: telegram
  • Published URL: https://t.me/c/2956021863/102
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/4c668d66-a6e4-48ab-a210-fb180f4e5c64.png
  • Threat Actors: GARUDA BLACKH4T COMUNITY
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: badan nasional penanggulangan bencana (bnpb)
  • Victim Site: pusdalops.bnpb.go.id

57. Acme Industrial Company falls victim to akira Ransomware

58. Alleged Sale of Italy Business Leads

59. Adelman & Gettleman, Ltd. falls victim to akira Ransomware

60. 404 CREW CYBER TEAM targets the website of Municipality of Congonhas

61. The Araneta Group falls victim OSIRIS Ransomware

62. We BoyZ targets the website of Sistema Fiep

63. We BoyZ targets the website of Information Network Security Administration

64. We BoyZ targets the website of ENUGU STATE GEOGRAPHIC INFORMATION SYSTEMS SERVICES (ENGIS)

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches, defacements, and ransomware attacks are prominent, affecting various sectors from government administration and education to healthcare and banking. The attacks impact a wide range of countries including Iraq, Mexico, Thailand, the USA, and European nations.

The compromised data ranges from sensitive government records and citizen health information to corporate internal data and personal user credentials. Beyond data compromise, the report also reveals significant activity in initial access sales and the marketing of offensive tools, such as RDP brute-force software.

The collective incidents underscore the persistent threats organizations face from data exfiltration, unauthorized network access, and malicious actors such as Cyb3r Drag0nz, Chronus leaks, and various ransomware groups like TERMITE.

Related Posts