Global Cyber Threat Landscape Analysis: December 18, 2025

1. Executive Summary

The cybersecurity events recorded on December 18, 2025, represent a chaotic and highly active period in the digital threat landscape. The data indicates a significant surge in both volume and variety of attacks, affecting nearly every major industry vertical and geographical region. The most defining characteristic of this period is the simultaneous execution of high-volume ransomware campaigns alongside targeted, politically motivated attacks on government infrastructure in South Asia and the Middle East.

Key trends identified include the aggressive expansion of the Sinobi ransomware operation, which accounted for a substantial portion of the day’s financial crime incidents. Simultaneously, critical infrastructure—specifically in the energy and water sectors—faced direct threats, signaling a dangerous shift toward Operational Technology (OT) targeting. The compromise of sensitive government systems in India, Bangladesh, and Turkey suggests a heightened level of geopolitical friction manifesting in the cyber domain. Furthermore, the alleged retirement of established threat actors like ShinyHunters, contrasted with the rise of new aggressive groups like jokeir 07x and SYLHET GANG-SG, points to a volatile and shifting criminal ecosystem.

This report categorizes the incidents into five primary vectors: the Ransomware Crisis, Sovereign & Government Targeting, Critical Infrastructure Risks, Large-Scale Data Exfiltration, and Persistent Hacktivism.

---

2. The Ransomware Crisis: The Rise of Sinobi

The most pervasive financial threat observed during this reporting period is the onslaught of the Sinobi ransomware group. Unlike actors that focus on “big game hunting” (targeting only Fortune 500 companies), Sinobi appears to be utilizing a “scattershot” or high-volume approach, compromising organizations across diverse sectors and sizes.

Sector-Agnostic Targeting: Sinobi’s victim list for just this single day is extensive and indiscriminate. In the legal sector, they targeted Ragland Law Firm, LLC in the USA, exploiting the high value of confidential client data to force extortion payments. In real estate, they struck both the Sattva Group in India and RK Centers in the USA, disrupting property management operations. The manufacturing and industrial sectors were heavily hit, with victims including FHIABA in Italy , Behr Enterprises , South Shore Tool & Die , and Heritage Engineering. This suggests Sinobi has developed automated exploits or purchased access for vulnerabilities common in industrial supply chains.+4

Non-Profit and Religious Targeting: Alarmingly, Sinobi showed no ethical boundaries, targeting non-profit and religious organizations such as the Network of Biblical Storytellers Canada and the JCC San Diego. These attacks are particularly damaging as such organizations often operate on thin margins and possess fewer resources for cybersecurity defense or ransom payments. The psychological impact of attacking community pillars often generates significant pressure on victims to resolve the situation quickly.+1

Other Notable Ransomware Activity: While Sinobi dominated the headlines, other groups remained active, indicating a crowded marketplace. INC RANSOM targeted Pacific Rim Mechanical in the USA and CVK Hotels & Resorts in Turkey, focusing on construction and hospitality—industries sensitive to operational downtime. CL0P, a well-known veteran group, claimed an attack on Kirloskar Oil Engines Limited in India, continuing their pattern of targeting large industrial entities. INTERLOCK ransomware breached Clarksville ISD, stealing over 30GB of data, which underscores the persistent vulnerability of the education sector to data theft and extortion.+3

---

3. Geopolitical Flashpoints: Sovereign and Government Targeting

A significant portion of the threat intelligence from December 18 is concentrated on government entities in South Asia and the Middle East. These attacks appear to be a mix of hacktivism and potential espionage, aiming to humiliate state agencies or exfiltrate sensitive citizen data.

The Siege on Indian Infrastructure: India faced a coordinated wave of breaches targeting its federal and municipal infrastructure. The threat actor jokeir 07x was particularly prolific, claiming unauthorized access to the Delhi Police internal systems , the Municipal Corporation of Delhi (MCD) , and the Ministry of Housing and Urban Affairs (MoHUA). Access to these systems could allow threat actors to manipulate records, steal personally identifiable information (PII) of millions of citizens, or disrupt urban planning and law enforcement operations.+2

Furthermore, the DieNet group claimed access to the Advanced Railway Pension Access Network (ARPAN), a critical system for managing retiree benefits. This breach is highly sensitive as it exposes the financial and personal data of former government employees. In West Bengal, the Public Health Engineering Department (PHED) saw its digital infrastructure compromised, potentially endangering water supply management and public health data.+1

Bangladesh: Systemic Disruption: In neighboring Bangladesh, the group SYLHET GANG-SG launched a targeted campaign against high-profile government and media sites. They claimed to have taken down the website of the Ministry of Law, Justice and Parliamentary Affairs and targeted the Ministry of Home Affairs. These ministries are the backbone of the nation’s legal and internal security framework; disrupting them serves as a strong political statement. The group also targeted the leading newspaper Prothom Alo, indicating an intent to suppress or disrupt information flow within the country.+2

Middle East and Europe: In the Middle East, the National Bank of Iraq (NBI) and the Iraq National Data Center were targeted by Cyb3r Drag0nz. Attacks on national data centers and banking institutions are critical threats that destabilize financial confidence. Meanwhile, in Turkey, the RED EYES group claimed to have leaked a massive 17 GB archive from the General Directorate of Security. A leak of this magnitude from a national police force is catastrophic, potentially exposing undercover operations, personnel records, and investigation files.+2

---

4. Operational Technology (OT) and Critical Infrastructure Risks

Perhaps the most concerning development in this reporting period is the direct targeting of physical control systems. Unlike data breaches, which result in privacy loss, attacks on Operational Technology (OT) and Industrial Control Systems (ICS) can result in physical damage, service outages, and threats to human safety.

Water and Energy Sector Threats: The Z-PENTEST ALLIANCE claimed to have gained unauthorized access to an industrial water filtration and purification control system in Portugal. The group asserted control over filtration programs, cleaning cycles, valves, pumps, and chemical parameters like pH. If true, this is a kinetic threat; manipulating chemical levels in a water treatment plant can poison water supplies or cause catastrophic machinery failure.

Similarly, in Turkey, the Infrastructure Destruction Squad claimed access to the AHEG Energy System. Energy grids are high-value targets for nation-states and saboteurs. Unauthorized access here could lead to blackouts or damage to power generation equipment. In Sweden, the threat actor Everestgroup claimed a breach of Svenska kraftnät, the authority responsible for the Swedish national power transmission grid, involving 280GB of data. This breach could reveal blueprints, security protocols, and employee data, providing a roadmap for future physical or cyber-physical attacks on Sweden’s power infrastructure.+1

VPN Access Sales: Compounding these risks is the sale of 690 FortiSSL VPN accesses by an actor named personX. These credentials span organizations in the UK, UAE, Singapore, Japan, and other major economies. VPN access is often the “front door” for ransomware groups and state-sponsored actors to enter critical networks. The widespread availability of such access suggests that we may see a second wave of intrusions in the coming weeks as these credentials are purchased and exploited.

---

5. Mega-Breaches and Corporate Espionage

Data theft remains a lucrative avenue for cybercriminals, with several massive datasets emerging on the dark web during this period. These breaches affect both corporate intellectual property and consumer privacy.

Intellectual Property Theft: A standout incident is the alleged breach of Red Hat, Inc. by threat actor Madoka, who claims to have exfiltrated 570 GB of data. The stolen data reportedly includes Customer Engagement Reports, credentials, and authentication tokens. For a company central to the open-source enterprise ecosystem, a leak of this magnitude could compromise not just Red Hat, but arguably thousands of clients who rely on their software and consulting services.

Consumer Data Exposure: The retail and service sectors suffered immense data losses. A threat actor named betway offered 971,000 transaction records from multiple stores in the USA, including credit card metadata and contact info. In Italy, the New Penta Official (Pentadiet) breach exposed the medical and personal data of 137,409 users, including fiscal codes and doctor identifications.+1

In the gambling sector, PlayUSA allegedly lost 320,000 records, including physical addresses and phone numbers. The exposure of gambling data is particularly sensitive due to the potential for blackmail and social engineering. Similarly, the CarroClick breach in Brazil and the Bioaquakala breach in Iran illustrate that no region is immune to the mass exfiltration of consumer databases.+2

---

6. Hacktivism and Psychological Warfare

While ransomware and data theft are driven by profit, a significant volume of activity on December 18 was driven by ideology and the desire for notoriety.

The 404 CREW CYBER TEAM: This group engaged in a global “defacement tour,” attacking websites across Europe, South America, and Asia. They targeted Université d’Orléans and BonBache in France, the Federación Aragonesa de Judo in Spain , and NewComputers in Argentina. While website defacement is often considered a low-tier attack, the sheer volume demonstrates the group’s capability to scan for and exploit widespread vulnerabilities (likely in CMS platforms like WordPress) to spread their message. Their leak of a WordPress database from an adults with autism support group in the UK reveals a malicious disregard for the nature of their victims.+4

Education Sector Vulnerability: Educational institutions were disproportionately targeted by hacktivists. In addition to the French universities mentioned above, Chakdha High School in Bangladesh , Bethany School Sulantu in India , and SMK Al Hurriyyah Kutawaluya in Indonesia were all defaced. Schools often lack robust IT security budgets, making them “soft targets” for hacktivists seeking easy wins to boost their reputation.+2

---

7. Threat Actor Ecosystem and Evolution

The intelligence reports from this date also offer a glimpse into the changing dynamics of the cybercriminal underworld.

Retirement of a Giant: A notable alert involves the threat group ShinyHunters, a notorious actor responsible for some of the largest data breaches in recent history. They posted a message on their portal stating, “Today is the date ShinyHunters stop operating”. If genuine, this marks the end of a significant chapter in cybercrime. However, such announcements are often treated with skepticism, as groups frequently rebrand or “exit scam” (disappear with money) only to re-emerge under a new banner.

Emergence of New Threats: As old actors fade, new ones rise. The group jokeir 07x displayed significant capability and ambition by breaching multiple Indian government bodies in a single day. The Sylhet Gang-SG also demonstrated a high operational tempo. The rapid proliferation of these newer groups suggests that the barriers to entry for cybercrime and hacktivism remain low, and tools for exploitation are widely available.

---

8. Conclusion and Strategic Outlook

The events of December 18, 2025, paint a picture of a cyber threat landscape that is expanding in both scope and severity. The boundaries between criminal extortion, hacktivism, and state-aligned espionage are becoming increasingly blurred.

Implications for Organizations:

1. Ransomware is Industrializing: The Sinobi campaign proves that ransomware groups are capable of hitting dozens of victims daily across unrelated industries. Organizations can no longer rely on “security through obscurity”; automated scanners and affiliate networks ensure that any vulnerable entity will eventually be targeted.
2. The OT/ICS Red Line: The attacks on water and energy systems in Portugal, Turkey, and Sweden represent a critical escalation. Organizations with industrial control systems must urgently segregate their OT networks from IT networks to prevent digital breaches from becoming physical disasters.
3. Supply Chain Risks: The Red Hat breach and the sale of FortiSSL VPN credentials highlight the fragility of the supply chain. A single compromised vendor or unpatched VPN appliance can serve as a gateway for global compromise.
4. Geopolitical Collateral: Companies operating in volatile regions like South Asia and the Middle East must recognize that their digital assets are potential proxies for geopolitical conflict. The targeting of banks, railways, and municipal bodies in these regions is likely to continue as long as regional tensions persist.

In summary, the sheer velocity of attacks recorded in this single day—spanning from the theft of retiree pensions in India to the manipulation of water valves in Portugal—underscores an urgent need for enhanced global cybersecurity resilience. Reactive measures are no longer sufficient; proactive threat hunting, rigorous patch management, and the hardening of critical infrastructure are essential to navigate this hostile digital environment.

Draft Incidents Detected
Alleged leak of WordPress database credentials from adults with autism
Category: Data Breach
Content: The group claims to have leaked a WordPress configuration file containing MySQL credentials for the website adults with autism
Date: 2025-12-18T23:08:53Z
Network: telegram
Published URL: https://t.me/crewcyber/403
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66854a32-0460-4f8d-b462-21fed65f07ae.png
https://d34iuop8pidsy8.cloudfront.net/d3b709f6-3c44-4552-951c-1842961dd790.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: UK
Victim Industry: Non-profit & Social Organizations
Victim Organization: adults with autism
Victim Site: adultswithautism.org.uk

Ragland Law Firm, LLC falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T23:01:23Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446c0988b6823fa2caebd8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7806ea7-4546-4b4b-924b-09ab3025d124.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: ragland law firm, llc
Victim Site: raglandjones.com

Rogue77 targets the website of Chakdha High School
Category: Defacement
Content: The group claims to have defaced the website of Chakdha High School
Date: 2025-12-18T22:53:16Z
Network: telegram
Published URL: https://t.me/r0gue77/17
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fabed08a-bb46-47bf-b6f1-a2dbd706b7d4.png
Threat Actors: Rogue77
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: chakdha high school
Victim Site: chsn.edu.bd

Sattva Group falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T22:52:43Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446f8188b6823fa2cb0385
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63cfb237-4f7d-443f-aa40-093f86cd0895.png
Threat Actors: Sinobi
Victim Country: India
Victim Industry: Real Estate
Victim Organization: sattva group
Victim Site: sattvagroup.in

Network of Biblical Storytellers Canada falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T22:48:06Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446ffe88b6823fa2cb05c9
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/706b38f0-e539-4b61-abc1-bc05d77a751f.png
Threat Actors: Sinobi
Victim Country: Canada
Victim Industry: Religious Institutions
Victim Organization: network of biblical storytellers canada
Victim Site: nbscanada.org

Alleged leak of WordPress database credentials from Parramatta & District Synagogue
Category: Data Breach
Content: The group claims to have leaked a WordPress configuration file containing MySQL credentials for the Parramatta & District Synagogue.
Date: 2025-12-18T22:41:09Z
Network: telegram
Published URL: https://t.me/crewcyber/402
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/20274e5c-d0bf-461d-a95b-d5490cda6e9d.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Australia
Victim Industry: Religious Institutions
Victim Organization: parramatta & district synagogue
Victim Site: parramattasynagogue.com.au

FHIABA falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T22:27:06Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/694470ee88b6823fa2cb0bb5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbe8cb46-f8e5-4ba4-9054-1d05bc0a1fd3.png
Threat Actors: Sinobi
Victim Country: Italy
Victim Industry: Manufacturing
Victim Organization: fhiaba
Victim Site: fhiaba.com

Cyb3r Drag0nz targets National Bank of Iraq (NBI)
Category: Alert
Content: Recent post by the group claims that they’re targeting the National Bank of Iraq (NBI)
Date: 2025-12-18T22:21:28Z
Network: telegram
Published URL: https://t.me/c/2508606000/179
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ad9b216-671e-457c-8478-c11ee1f8888c.png
https://d34iuop8pidsy8.cloudfront.net/3f19ba81-f249-41c7-8273-23379e497b73.png
Threat Actors: Cyb3r Drag0nz
Victim Country: Iraq
Victim Industry: Banking & Mortgage
Victim Organization: national bank of iraq (nbi)
Victim Site: nbi.iq

L.S. Grim Consulting Engineers, Inc. falls victim to Sinobi Ransomware
Category: Ransomware
Content: The Group claims to have obtained the organization’s data.
Date: 2025-12-18T22:21:18Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446c6388b6823fa2caeed2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d8586b8-1ac5-4d90-bd5e-da0f09f36fc4.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: l.s. grim consulting engineers, inc.
Victim Site: lsgrim.com

404 CREW CYBER TEAM targets the website of Bethany School Sulantu
Category: Defacement
Content: The Group claims to have defaced the website of Bethany School Sulantu.
Date: 2025-12-18T22:18:47Z
Network: telegram
Published URL: https://t.me/crewcyber/400
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8ec7d59c-36d4-4f72-9889-c83d7ffef310.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Education
Victim Organization: bethany school sulantu
Victim Site: bethaneyschoolsulantu.com

Behr Enterprises falls victim Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T22:17:47Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6944716688b6823fa2cb0e50
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/51d14d06-a77f-4d44-8cc6-46366b74866a.png
https://d34iuop8pidsy8.cloudfront.net/0b74eb92-519d-47c5-8eb5-ac070033892a.png
https://d34iuop8pidsy8.cloudfront.net/4cb96ef2-4b65-4c9b-ab13-7682dd68ac3c.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Manufacturing & Industrial Products
Victim Organization: behr enterprises
Victim Site: behr-ent.com

South Shore Tool & Die falls victim to Sinobi Ransomware
Category: Ransomware
Content: The Group claims to have obtained the organization’s data.
Date: 2025-12-18T22:16:53Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446cd588b6823fa2caf50a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a9f1a30b-d33c-4a2d-9939-8654e928c245.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: south shore tool & die
Victim Site: sstd.net

JCC San Diego falls victim to Sinobi Ransomware
Category: Ransomware
Content: The Group claims to have obtained the organization’s data.
Date: 2025-12-18T22:13:58Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446d4188b6823fa2caf711
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0902e44c-095b-41d0-a919-0f82cdc66375.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: jcc san diego
Victim Site: lfjcc.org

Alleged access to Advanced Railway Pension Access Network (ARPAN)
Category: Initial Access
Content: The group claims to have gained unauthorized access to the internal system of the Advanced Railway Pension Access Network (ARPAN) of Indian Railways, alleging access to both administrator and retiree accounts.
Date: 2025-12-18T22:07:35Z
Network: telegram
Published URL: https://t.me/DIeNlt/788
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d0e3d223-b518-41aa-a678-625699c14bb0.png
Threat Actors: DieNet
Victim Country: India
Victim Industry: Government Administration
Victim Organization: advanced railway pension access network (arpan)
Victim Site: arpan.railnet.gov.in

Heritage Engineering falls victim to Sinobi Ransomware
Category: Ransomware
Content: The Group claims to have obtained the organization’s data.
Date: 2025-12-18T22:07:04Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/694471fa88b6823fa2cb12e2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf00676f-05c2-47ce-89c4-7514294b6e13.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Civil Engineering
Victim Organization: heritage engineering
Victim Site: heritageeng.com

Optimum Window Mfg Corp falls victim to Sinobi Ransomware
Category: Ransomware
Content: The Group claims to have obtained the organization’s data.
Date: 2025-12-18T22:06:36Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69446f0b88b6823fa2cb001c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2718c1fb-6e9c-4657-8343-56a3647f0695.png
https://d34iuop8pidsy8.cloudfront.net/fa270d30-1017-47b6-b2f4-fd77c328e245.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: optimum window mfg corp
Victim Site: optimumwindow.com

RK Centers falls victim Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T22:00:11Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6944726f88b6823fa2cb17a0
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c0d76c3-dedc-4cd9-b607-bcbe09c522ec.png
https://d34iuop8pidsy8.cloudfront.net/35943410-bcb3-41a4-be35-fa43e47ecfad.png
https://d34iuop8pidsy8.cloudfront.net/ddd28a89-00a4-44b3-9ef4-3cb0126eceaa.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Commercial Real Estate
Victim Organization: rk centers
Victim Site: rkcenters.com

Alleged data breach of CarroClick
Category: Data Breach
Content: The threat actor claims to have leaked data belonging to CarroClick Brazil, stating that the breach occurred on November 8, 2025.
Date: 2025-12-18T21:59:15Z
Network: openweb
Published URL: https://darkforums.hn/Thread-CARROCLICK-BR-LEAK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c79d442-a23a-42be-bd6f-282e8afae2d0.png
Threat Actors: ExploitBolivia
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: carroclick
Victim Site: carroclick.com.br

Alleged access to the website of Delhi Police
Category: Initial Access
Content: The group claims to have gained unauthorized access to the internal system of the Delhi Police.
Date: 2025-12-18T21:58:45Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/365?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ebf564b5-84e1-4810-ae1b-8ec6ab76a8ca.png
Threat Actors: jokeir 07x
Victim Country: India
Victim Industry: Law Enforcement
Victim Organization: delhi police
Victim Site: delhipolice.gov.in

Alleged Sale of 971K Transaction Records from Multiple Stores in USA
Category: Data Breach
Content: Threat Actor claims to be selling 971,000 transaction records allegedly sourced from multiple retail stores in USA. The data reportedly includes customer contact details such as email addresses and phone numbers, along with payment-related metadata including card type, credit or debit indicator, card BIN, last four digits, and card expiry date. The dataset is said to contain approximately 332K unique phone numbers and 334K unique email addresses.
Date: 2025-12-18T21:56:46Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272339/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04a04845-da38-4460-b2dc-d3ec28dbb226.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged leak of database from General Directorate of Security
Category: Data Breach
Content: The group claims to have leaked a 17 GB archive of sensitive internal documents allegedly belonging to the General Directorate of Security in Turkey.
Date: 2025-12-18T21:52:21Z
Network: telegram
Published URL: https://t.me/c/3470684086/142
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad63cd5f-daf7-4e99-bfcf-eaab65aea39d.png
Threat Actors: RED EYES
Victim Country: Turkey
Victim Industry: Law Enforcement
Victim Organization: general directorate of security
Victim Site: egm.gov.tr

Pacific Rim Mechanical falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of the organization’s data.
Date: 2025-12-18T21:51:57Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69446ea8be52b3ea15e7951c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f82f576c-217b-40dc-983c-ee77bc34d1e6.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: pacific rim mechanical
Victim Site: prmech.com

Alleged Sale of 690 FortiSSL VPN Access to Multiple Countries
Category: Initial Access
Content: Threat Actor claims to be selling 690 valid FortiGate FortiSSL VPN accesses, with some VPN endpoints reportedly having multiple associated accounts. The accesses reportedly span organizations across United Kingdom, Austria, Singapore, Japan, South Korea, United Arab Emirates, Italy, Brazil, Switzerland, France, Spain, Argentina, Australia, Netherlands, Norway, Portugal, Saudi Arabia, and Canada.
Date: 2025-12-18T21:43:07Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272343/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d33ebaf-1c1a-47f9-8c2a-f69d68a4dabe.png
Threat Actors: personX
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

CVK Hotels & Resorts falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-18T21:33:19Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69431c02be52b3ea15d4b3ef
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8523c5dd-ebc3-47ce-97b5-9a2594a5187d.png
Threat Actors: INC RANSOM
Victim Country: Turkey
Victim Industry: Hospitality & Tourism
Victim Organization: cvk hotels & resorts
Victim Site: cvkhotelsandresorts.com

ShinyHunters Posts Teaser Message Claiming End of Operations
Category: Alert
Content: The threat actor shinyhunters has posted this in their portal

“It’s Showtime!

James, aka M.S, prepare yourself.
Today is the date ShinyHunters stop operating.”
Date: 2025-12-18T21:21:03Z
Network: openweb
Published URL: https://shinyhunte.rs/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0aedb5db-98ec-4944-bf8e-cec6dfee10de.jpeg
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

26. 404 CREW CYBER TEAM targets the website of OLA S.A. – Tourism Operator Administrative Portal
    Category: Defacement
    Content: The group claims to have defaced the website of OLA S.A. – Tourism Operator Administrative Portal.
    Date: 2025-12-18T21:08:35Z
    Network: telegram
    Published URL: https://t.me/crewcyber/399
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/53f9794e-251d-4824-a098-59c9c7615a2a.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: Argentina
    Victim Industry: Hospitality & Tourism
    Victim Organization: ola s.a. – tourism operator administrative portal
    Victim Site: admin.ola.com.ar
27. Alleged data breach of Copping Joyce Ltd
    Category: Data Breach
    Content: The threat actor claims to have breached Copping Joyce (coppingjoyce.co.uk), a UK-based consultancy firm, and exfiltrated internal data. According to the post, the compromised dataset allegedly includes approximately 30,000 email addresses, around 1,000 phone numbers, full names, partial physical addresses, employee records, and roughly 4,000 recorded calls from 2024–2025, with email data dating back to 2023.
    Date: 2025-12-18T21:08:12Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-coppingjoyce-co-uk
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/15221ba9-ed08-4d40-9ccd-1b26308a2539.png
    Threat Actors: satT
    Victim Country: UK
    Victim Industry: Real Estate
    Victim Organization: copping joyce ltd
    Victim Site: coppingjoyce.co.uk
28. KIRLOSKAR OIL ENGINES LIMITED falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.

NB: They took internal data from
Date: 2025-12-18T21:04:29Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd31242f-9066-40e9-a68e-c72150c64c2b.png
Threat Actors: CL0P
Victim Country: India
Victim Industry: Manufacturing & Industrial Products
Victim Organization: kirloskar oil engines limited
Victim Site: koel.co.in

Alleged Unauthorized Access to AHEG Energy System
Category: Initial Access
Content: The group claims to have gained unauthorized access to systems at AHEG Energy System
Date: 2025-12-18T00:14:23Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2908
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/12e6f89c-b351-4f21-8f87-9691f584cb8d.png
https://d34iuop8pidsy8.cloudfront.net/765dc887-f177-4d50-9945-a470f5a37740.png
https://d34iuop8pidsy8.cloudfront.net/58d9eeaa-e797-4550-b5e3-ade3a00a13b6.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Turkey
Victim Industry: Energy & Utilities
Victim Organization: aheg energy
Victim Site: Unknown

404 CREW CYBER TEAM targets the website of NewComputers
Category: Defacement
Content: The group claims to have defaced the website of NewComputers
Date: 2025-12-18T20:59:36Z
Network: telegram
Published URL: https://t.me/crewcyber/398
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/660d05cf-47e8-4123-a4db-b9573b93e3fb.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: Computer Hardware
Victim Organization: newcomputers
Victim Site: web.newcomputers.com.ar

Alleged data breach of New Penta Official
Category: Data Breach
Content: The threat actor claims to have leaked the database of Pentadiet.it, an Italian company that provides personalized ketogenic diet programs. the breach contains data of approximately 137,409 unique users. The compromised information reportedly includes full names, email addresses, fiscal codes, phone numbers, city, region, ZIP codes, internal identification codes (such as Codice Arca), and medical-related metadata such as doctor and medical informant identifiers.
Date: 2025-12-18T20:55:01Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-Pentadiet-it-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/179fe74a-66f8-4f05-997e-4b34301c9211.png
https://d34iuop8pidsy8.cloudfront.net/3f479573-359a-4990-817a-3c9c94fc19dc.png
Threat Actors: Spirigatito
Victim Country: Italy
Victim Industry: Retail Industry
Victim Organization: new penta official
Victim Site: pentadiet.it

404 CREW CYBER TEAM targets the website of Federación Aragonesa de Judo y Deportes Asociados (FAJYDA)
Category: Defacement
Content: The group claims to have defaced the website of Federación Aragonesa de Judo y Deportes Asociados (FAJYDA) in Spain.
Date: 2025-12-18T20:54:20Z
Network: telegram
Published URL: https://t.me/crewcyber/397
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/137de209-e6d7-4010-b067-db25610e2f3f.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Spain
Victim Industry: Sports
Victim Organization: federación aragonesa de judo y deportes asociados (fajyda)
Victim Site: fajyda.es

404 CREW CYBER TEAM targets the website of Université d’Orléans
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2025-12-18T20:48:30Z
Network: telegram
Published URL: https://t.me/crewcyber/396
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b6079d2-9f9c-4918-8b80-569fa51d7dfc.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: France
Victim Industry: Education
Victim Organization: université d’orléans
Victim Site: univ-orleans.fr

404 CREW CYBER TEAM targets the website of BonBache
Category: Defacement
Content: The Group claims to have defaced the website of BonBache.
Date: 2025-12-18T20:43:45Z
Network: telegram
Published URL: https://t.me/crewcyber/395
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df2022f6-70ef-4f3f-b53d-7cf069ae05c6.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: France
Victim Industry: Education
Victim Organization: bonbache
Victim Site: bonbache.fr

Clarksville ISD falls victim to INTERLOCK Ransomware
Category: Ransomware
Content: The group claims to have obtained over 30 GB of the organizations data.
Date: 2025-12-18T20:29:36Z
Network: tor
Published URL: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d2c437c-8335-4131-aa7e-f5068f0cf710.png
Threat Actors: INTERLOCK
Victim Country: USA
Victim Industry: Education
Victim Organization: clarksville isd
Victim Site: clarksvilleisd.net

Alleged access to the Public Health Engineering Department (PHED) digital infrastructure
Category: Initial Access
Content: The group claims to have gained unauthorized access to the official website and all subsystems under the Public Health Engineering Department (PHED) of the Government of West Bengal.
Date: 2025-12-18T20:14:34Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/364
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b761d1a-4efa-4a16-a740-8dca0c66e122.png
https://d34iuop8pidsy8.cloudfront.net/f07d6c2c-54d5-4e66-94a3-22471409657e.png
Threat Actors: jokeir 07x
Victim Country: India
Victim Industry: Government Administration
Victim Organization: public health engineering department (phed)
Victim Site: wbphed.gov

Alleged data breach of DIF Guadalajara
Category: Data Breach
Content: The threat actor claims to have leaked the full WordPress source code and internal transparency-related documents belonging to DIF Guadalajara. the exposed data includes a complete WP-content dump (themes, plugins, uploads, and configuration files), transparency PDF documents such as a providers registry dated April 30, 2018, and detailed records of approximately 300 providers and patrons. The compromised information reportedly contains company names, commercial activities, full fiscal addresses, phone numbers, email contacts, tax identification numbers (RFC), and other internal configuration files.
NB: The organization was previously breached on June 22 2025
Date: 2025-12-18T19:59:43Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DIF-Guadalajara-Full-Source-Code%C2%A0-Transparency-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50c05e96-bab5-4cef-808e-620ade79791e.png
Threat Actors: Azazel
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: dif guadalajara
Victim Site: difgdl.gob.mx

Alleged access to Municipal Corporation of Delhi (MCD) digital Infrastructure
Category: Initial Access
Content: The group claims to have gained unauthorized access to the official website and subdomains of the Municipal Corporation of Delhi. The subdomains include csb.mcd.gov.in, deptewb.mcd.gov.in, edis.mcd.gov.in, ehospital.mcd.gov.in, erp.mcd.gov.in, idcard.mcd.gov.in, mail.mcd.gov.in, nexgenobps.mcd.gov.in, and rfid.mcd.gov.in.
Date: 2025-12-18T19:58:14Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/362
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc4aa494-582b-415a-8d30-3057d23358b7.png
https://d34iuop8pidsy8.cloudfront.net/67bba46f-f8e9-4945-b1ca-32920b22dba2.png
Threat Actors: jokeir 07x
Victim Country: India
Victim Industry: Government Administration
Victim Organization: municipal corporation of delhi (mcd)
Victim Site: mcd.gov.in

Alleged access to Ministry of Housing and Urban Affairs (MoHUA)
Category: Initial Access
Content: The group claims to have gained unauthorized access to the internal systems of the Ministry of Housing and Urban Affairs (MoHUA) in India.
Date: 2025-12-18T19:49:58Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/363
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/355f0377-d446-4a1d-abb0-4968a9f945b7.png
Threat Actors: jokeir 07x
Victim Country: India
Victim Industry: Government Administration
Victim Organization: ministry of housing and urban affairs (mohua)
Victim Site: mohua.gov.in

Alleged leak of login credentials to School Information System (SIS)
Category: Initial Access
Content: The group claims to have leaked unauthorized login credentials to Ministry of Education, Youth and Sport (MoEYS) – School Information System (SIS)
Date: 2025-12-18T19:09:23Z
Network: telegram
Published URL: https://t.me/thaiisgodalert/289
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f9b155e2-2c5a-41d9-93ff-f71f36df938b.png
Threat Actors: thai is god
Victim Country: Cambodia
Victim Industry: Government Administration
Victim Organization: school information system (sis)
Victim Site: sis.moeys.gov.kh

SYLHET GANG-SG targets the website of Prothom Alo
Category: Alert
Content: A recent post by the group indicates that they’re targeting the website of Prothom Alo
Date: 2025-12-18T18:48:57Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7201
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dada7280-80e1-4fac-99c5-048b80dad8ea.png
Threat Actors: SYLHET GANG-SG
Victim Country: Bangladesh
Victim Industry: Newspapers & Journalism
Victim Organization: prothom alo
Victim Site: prothomalo.com

SYLHET GANG-SG targets Bangladesh Ministry of Law, Justice and Parliamentary Affairs
Category: Alert
Content: A recent post by the group indicates that they have taken down the website of Ministry of Law, Justice and Parliamentary Affairs of the Government of Bangladesh.
Date: 2025-12-18T18:43:08Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7203
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd807e62-d8cd-443c-a7c0-f48be101e3cf.png
Threat Actors: SYLHET GANG-SG
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: ministry of law, justice and parliamentary affairs
Victim Site: minlaw.gov.bd

Alleged Data Breach of Svenska kraftnät
Category: Data Breach
Content: Threat Actor claims to have breached the database of Svenska kraftnät in Sweden, which includes 280GB of data.
Date: 2025-12-18T18:36:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272317/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b86ee8da-daa2-40e9-a85e-9587ab8e1a8e.png
Threat Actors: Everestgroup
Victim Country: Sweden
Victim Industry: Energy & Utilities
Victim Organization: svenska kraftnät
Victim Site: svk.se

Alleged access to an industrial water filtration and purification control system in Portugal
Category: Initial Access
Content: The group claims to have gained unauthorized access to an industrial water filtration and purification control system in Portugal, with control over filtration programs, cleaning cycles, valves, pumps, and key parameters like pH, pressure, and tank levels.
Date: 2025-12-18T18:33:17Z
Network: telegram
Published URL: https://t.me/zpentestalliance/864
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5420ec2-2256-43cb-95a0-c296b808ad1e.png
https://d34iuop8pidsy8.cloudfront.net/c9ef6532-b898-4ab9-b7af-0039ac546b20.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Portugal
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown

SYLHET GANG-SG targets the website of Niranjan Singh Mahavidyalaya
Category: Defacement
Content: The Group claims to have defaced the website of Niranjan Singh Mahavidyalaya.
Date: 2025-12-18T18:20:53Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7194
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3affa5e1-2e4b-420e-b467-6013a0919c8b.png
Threat Actors: SYLHET GANG-SG
Victim Country: India
Victim Industry: Education
Victim Organization: niranjan singh mahavidyalaya
Victim Site: nsmv.org.in

SYLHET GANG-SG targets the website of Mobazaar
Category: Defacement
Content: The group claims to have defaced the website of Mobazaar.
Date: 2025-12-18T18:00:11Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7190
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f35e22d-5f3b-4720-a24c-a99f72e4a8d1.png
Threat Actors: SYLHET GANG-SG
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: mobazaar
Victim Site: mobazaar.co.in

Cyb3r Drag0nz targets Iraq National Data Center
Category: Alert
Content: A recent post by the group indicates that they’re targeting Iraq National Data Center
Date: 2025-12-18T17:58:22Z
Network: telegram
Published URL: https://t.me/c/2508606000/177
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf81219d-ebb1-470e-b190-b13207dd5ebb.png
https://d34iuop8pidsy8.cloudfront.net/cfb5179e-d937-4136-94b3-5e21ad687270.png
Threat Actors: Cyb3r Drag0nz
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: national data center
Victim Site: iraqdatacenter.iom.int

SYLHET GANG-SG targets the website of Elite College of Pharmacy
Category: Defacement
Content: The group claims to have defaced the website of Elite College of Pharmacy
Date: 2025-12-18T17:54:16Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7189
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44056c05-6918-4e86-9c9b-9da599d8eacb.png
Threat Actors: SYLHET GANG-SG
Victim Country: India
Victim Industry: Education
Victim Organization: elite college of pharmacy
Victim Site: ecp.org.in

SYLHET GANG-SG targets the website of Jan Kalyan Computer Saksharta Mission (JCSM)
Category: Defacement
Content: The group claims to have defaced the website of Jan Kalyan Computer Saksharta Mission (JCSM)
Date: 2025-12-18T17:47:59Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7188
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef8d58a7-fdd5-439a-8a46-1581a65df8bb.png
Threat Actors: SYLHET GANG-SG
Victim Country: India
Victim Industry: Education
Victim Organization: jan kalyan computer saksharta mission (jcsm)
Victim Site: jcsm.in

SYLHET GANG-SG targets the Bangladesh Ministry of Home Affairs
Category: Alert
Content: A recent post by the group indicates that they’re targeting the website of the Bangladesh Ministry of Home Affairs.
Date: 2025-12-18T17:42:52Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7200
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6707dc1b-2464-48f7-9176-1068cc1f43d5.png
Threat Actors: SYLHET GANG-SG
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: ministry of home affairs
Victim Site: moha.gov.bd

Alleged Data Breach of Bioaquakala
Category: Data Breach
Content: The threat actor claims to have leaked data from Bioaquakala. The compromised data reportedly including full names, usernames, phone numbers, dates of birth, email addresses, postal codes, financial codes.
Date: 2025-12-18T04:14:27Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-Bioaquakala-com-Data-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3313bbe-3ca9-4358-b36b-961edad743ad.png
Threat Actors: Spirigatito
Victim Country: Iran
Victim Industry: E-commerce & Online Stores
Victim Organization: bioaquakala
Victim Site: bioaquakala.com

Alleged DataBreach of PlayUSA
Category: Data Breach
Content: The threat actor claims to have leaked data from PlayUSA. The compromised data reportedly contain 320,000 records including names, physical addresses, location details, gender, email addresses, phone numbers.
Date: 2025-12-18T04:05:37Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-PlayUSA-com-Sports-Betting-320K-Records-Exposed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab979d91-d848-4a0d-ab17-6d421903fbe0.png
Threat Actors: Secur3rat
Victim Country: USA
Victim Industry: Gambling & Casinos
Victim Organization: playusa
Victim Site: playusa.com

Alleged Data Breach of Egorkreed Merch
Category: Data Breach
Content: The threat actor claims to have leaked data from Egorkreed Merch. The compromised data reportedly including customer order details, transaction amounts, currency information, delivery charges, address, name, email, phone.
Date: 2025-12-18T03:42:14Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-Database-Russian-clothes-shop-egorkreedmerch-com–61393
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7db40733-8bf7-44b8-aaae-02033f9398fc.png
Threat Actors: Shalini
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: egorkreed merch
Victim Site: egorkreedmerch.com

Alleged Data Breach of Zararu
Category: Data Breach
Content: The threat actor claims to have leaked data from Zararu. The compromised data reportedly including names, email addresses, phone numbers, delivery addresses, order details, payment methods, order timestamps, shipping information.
Date: 2025-12-18T03:28:49Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-Database-Russian-clothes-shop-zararu-ru–61394
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2bf0807c-d22d-44ac-baef-74a9e2aee711.png
Threat Actors: Shalini
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: zararu
Victim Site: zararu.ru

DEFACER INDONESIAN TEAM targets the website of SMK Al Hurriyyah Kutawaluya
Category: Defacement
Content: The group claims to have defaced the website of SMK Al Hurriyyah Kutawaluya
Date: 2025-12-18T02:39:49Z
Network: telegram
Published URL: https://t.me/c/2433981896/191
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dbe1402-e42b-4c5a-bb55-1dd4f0aa30da.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smk al hurriyyah kutawaluya
Victim Site: pengumumankelulusan.smkalhurriyyah.sch.id

Cyb3r Drag0nz claims to target Unidentified Infrastructure of Iraq
Category: Alert
Content: A recent post by the group indicates that they are targeting Unidentified Infrastructure of Iraq.
Date: 2025-12-18T02:01:43Z
Network: telegram
Published URL: https://t.me/c/2508606000/163
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5231deeb-02ac-4019-8664-bd8edf605c22.png
Threat Actors: Cyb3r Drag0nz
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown

jokeir 07x targets the website of Sandy Lane Homes Limited
Category: Defacement
Content: The group claims to have defaced the website of Sandy Lane Homes Limited
Date: 2025-12-18T01:47:29Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/360?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33a3792b-9958-40f1-abec-fd83c871d3b6.png
Threat Actors: jokeir 07x
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: sandy lane homes limited
Victim Site: sandylanehomes.com

jokeir 07x targets the website of Caribbean Collection Ltd
Category: Defacement
Content: The group claims to have defaced the website of Caribbean Collection Ltd
Date: 2025-12-18T01:39:51Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/360?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ef247bf-a9ce-4b7c-9fea-07b91789b2db.png
Threat Actors: jokeir 07x
Victim Country: UK
Victim Industry: Leisure & Travel
Victim Organization: caribbean collection ltd
Victim Site: caribbeancollection.com

Alleged Data Breach of Red Hat, Inc
Category: Data Breach
Content: The threat actor claims to have leaked 570 GB data from Red Hat, Inc. The compromised data reportedly including Customer Engagement Reports (CERs), credentials, authentication tokens,
Date: 2025-12-18T00:47:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-RedHat-Consulting-Repositories-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/416b8728-784d-46ea-b8cc-9b36cb19ddb9.png
Threat Actors: Madoka
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: red hat, inc
Victim Site: redhat.com