Daily Cyber Threat Intelligence Report

Date: December 19, 2025 Total Incidents: 81 Data Classification: TLP:CLEAR (Based on provided source material)

1. Executive Summary

On December 19, 2025, the cyber threat landscape was characterized by a high volume of ransomware attacks and significant data breaches targeting government infrastructure. The SAFEPAY and Qilin ransomware groups were the most aggressive threat actors, accounting for a substantial portion of the day’s financial extortion activities. Simultaneously, data brokers on dark web forums listed high-value unauthorized access to government systems in Mexico, France, Brazil, and Cambodia. A notable escalation in sophistication was observed with the sale of a Chromium zero-day exploit and confirmed compromises of Industrial Control Systems (ICS) in Europe.

2. Ransomware Landscape

Ransomware remains the dominant threat vector, with actors focusing on “double extortion” (encryption + data theft).

Major Campaigns

SAFEPAY: Conducted a mass campaign targeting 9 organizations across Germany, the USA, and France. Victims include Reger Zahntechnik , Springer’s Jewelers , DFC-SYSTEMS GmbH , Kenalex , Meyerlift , Colorado Powerline, Rogitz & Associates, Dr. Busso Peus Nachf. , and Capsum.+4
Qilin: Targeted 8 organizations globally, including Club Atlético River Plate (Argentina) , Maison Law (USA) , The Genesis Group (USA) , Melsing Engineering (Denmark) , and others in Canada and Argentina.+4
Akira: Claimed large data thefts, including 180 GB from FloorHeat , 90 GB from MAT 4Site Engineers , and sensitive personal data from Global Miami J.V. and Susquehanna Glass Company.+3
Sinobi: Targeted the financial and staffing sectors, including North Star Asset Management , RM Medics , and Turnamics, Inc..+2

Other Significant Ransomware Events

DragonForce claimed the theft of 541.99 GB of data from Colonial Metals (USA).
INC RANSOM targeted EAG Realty International and Glasser’s T.V. Service Ltd.+1
DEVMAN 2.0 listed Culinary Jet Concierge and an unnamed US financial firm (100GB stolen).+1
ANUBIS claimed Deibel Laboratories.
Nova targeted SPZC (Portugal) and R-Concept (Belgium).
TridentLocker claimed 88GB from Allen Printing, Inc..
The Gentlemen targeted Solumek (Colombia).

3. Data Breaches & Unauthorized Access Sales

Threat actors are actively monetizing stolen data, with a strong focus on government entities and PII (Personally Identifiable Information).

Government & Critical Infrastructure

Mexico: GhostSec leaked a database from the Ministry of Public Administration , and Chronus leaks breached Culiacán City Hall.+1
France: Multiple breaches reported including FranceTravail/Mission Locale (1.55M records) , Chambre de Métiers et de l’Artisanat , and LICRA.+2
UAE: Buscador Profundo leaked credentials from the Crown Prince Court.
Cambodia: H3C4KEDZ sold MariaDB access to the Council for the Development of Cambodia.
Brazil: Midia22 sold unauthorized access to government and corporate systems.
Thailand: xM.Rx breached the Rajabhat Rajanagarindra University student database.

Corporate & Commercial Leaks

Telecommunications: Sacrifice is selling 287 GB of data from French carrier SFR, allegedly affecting 17.4 million users.
Logistics (USA): ChaosIon is selling Root AWS and GitHub admin access to a logistics SaaS company, exposing 80TB of supply chain data.
Education & Science: Breaches reported at UCSF (USA) , Papanin Institute (Russia) , and Horizon-Optics (Russia).+2
Consumer Data: 53,000 USA Driver Licenses , Crypto leads (Coinbase/Ledger/OKX) , and data from the European Vegetarian Union.+2

4. Malware & Technical Exploits

The sale of sophisticated tools indicates a thriving “Access-as-a-Service” market.

Zero-Day Exploit: Threat actor n4pster is selling a Chromium search hijack 0-day that bypasses app-bound encryption.
Mobile Malware: Sale of Mirax, an Android MaaS bot with capabilities for keylogging, overlay injection, and Google Play Protect bypass.
Loaders: A custom PowerShell Loader designed for AV/EDR bypass (supporting C++/Rust) was listed for sale.

5. Industrial Control Systems (ICS) Targeting

A concerning development involving direct access to operational technology (OT).

Poland: Z-PENTEST ALLIANCE claimed access to a bathhouse complex, demonstrating control over ventilation and temperature systems.
Germany: The same group claimed access to a heat distribution and pumping management system.

6. Hacktivism & Defacement

Politically and ideologically motivated attacks defaced public-facing websites globally.

GHOSTNET-X was highly active, defacing sites in Sweden (oljefyndet.se), the USA (Active Internet Marketing), and Indonesia (Tonjoostudio).
Chronus leaks defaced the South Baja California Institute of Culture.
Order403 targeted World WebX.
BontenSec targeted the Department of Airspace Control in Brazil.
Alert: Cyb3r Drag0nz announced targeting of Türkiye İş Bankası.

7. Conclusion

The cyber incidents recorded on December 19, 2025, highlight a volatile and highly aggressive threat landscape. The data indicates three critical trends:

Commoditization of Critical Access: The sale of “root” access to cloud infrastructure (AWS/GitHub) and direct access to government databases (Mexico, Cambodia, UAE) suggests that initial access brokers are operating with high efficiency, lowering the barrier to entry for downstream attacks like ransomware.
Ransomware Volume & Velocity: The synchronized release of victims by SAFEPAY and Qilin demonstrates that these groups are operating at an industrial scale. The targeting is indiscriminate, affecting small businesses (local jewelers) and massive infrastructure (powerlines, medical equipment) alike.
Operational Technology Risk: The compromise of ICS systems in Poland and Germany by Z-PENTEST ALLIANCE is a severe warning. While the current impact appears to be unauthorized control of facility management systems, the ability to manipulate heat and ventilation systems poses a tangible physical safety risk.

Strategic Recommendation: Organizations should prioritize patching Chromium-based browsers immediately due to the 0-day sale, review cloud environment access controls (specifically AWS root accounts), and validate the security of third-party remote access to industrial control systems.

Detected Incidents Draft

Deibel Laboratories falls victim to ANUBIS Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s internal data.
Date: 2025-12-19T23:12:25Z
Network: tor
Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/7QIL0nx4sMcYH6LTLQKHAqhAKD6sNK0tmbvqoX3YRZvkjHmw4iGUpt0B3kQKbTPXaCKOUi7obfLrrmcBjdpIzEtYSG5TZHRW
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3089c219-036f-4005-b8a2-093221f6e73d.png
Threat Actors: ANUBIS
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: deibel laboratories
Victim Site: deibellabs.com
North Star Asset Management,INC falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T22:56:57Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f59f1b8a-5414-4a36-ac4c-5d462a09ffe0.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: north star asset management,inc
Victim Site: northstarinvestments.com
RM Medics falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T22:44:23Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6945c83088b6823fa2d69d8a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92b28da2-4ae1-427d-bda6-ca51a5fe842e.png
Threat Actors: Sinobi
Victim Country: UK
Victim Industry: Staffing/Recruiting
Victim Organization: rm medics
Victim Site: rmmedics.co.uk
Turnamics, Inc. falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T22:29:46Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6945c96b88b6823fa2d6ac81
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ebb4359a-60b9-4f99-8fa8-927725fb578d.png
https://d34iuop8pidsy8.cloudfront.net/ea4700e2-24df-4c33-95e6-3ce257bcf72e.png
https://d34iuop8pidsy8.cloudfront.net/f1a2de9c-b249-4a7b-b58d-9b9bb081890e.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: turnamics, inc.
Victim Site: turnamics.com
Alleged Sale of Unauthorized Multiple Access to Multiple Private and Corporate Companies
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access obtained from compromised private and corporate computers. The data allegedly includes credentials and access to corporate Windows networks, banking and investment accounts, tax and accounting systems, mobile operator platforms, email and FTP services, software license keys, and limited credit card data. The dataset reportedly contains more than 200 files totaling approximately 1.4 GB.
Date: 2025-12-19T21:59:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272404/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d23a3258-e4f7-40f2-bb73-c2a5007a971f.png
https://d34iuop8pidsy8.cloudfront.net/bf77f13b-a3e6-4d57-a996-971d3854f63f.png
Threat Actors: Benneton
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Student Affairs Division, Rajabhat Rajanagarindra University
Category: Data Breach
Content: Threat Actor claims to have breached the database of Student Affairs Division, Rajabhat Rajanagarindra University in Thailand.
Date: 2025-12-19T21:41:24Z
Network: openweb
Published URL: https://leakbase.la/threads/student-affairs-division-dsd-rru-ac-th-university.47300/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfbb0190-adf7-4f67-b9f7-575ac3b6004b.png
Threat Actors: xM.Rx
Victim Country: Thailand
Victim Industry: Education
Victim Organization: student affairs division, rajabhat rajanagarindra university
Victim Site: dsd.rru.ac.th
Alleged data breach of Culiacán City Hall
Category: Data Breach
Content: The threat actor claims to have leaked a data of Culiacán City Hall. The exposed information allegedly originates from internal municipal services and include personal and administrative records related to government employees.
Date: 2025-12-19T21:34:56Z
Network: telegram
Published URL: https://t.me/c/3211040888/312
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/62911ca1-9d33-45b9-a1db-eec3bda8e2b8.png
Threat Actors: Chronus leaks
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: h. ayuntamiento de culiacan
Victim Site: culiacan.gob.mx
Alleged data breach of Šilutė ads
Category: Data Breach
Content: The group claims to have leaked a database allegedly belonging to the Lithuanian classifieds website silutesskelbimai.lt. The exposed data reportedly includes usernames, passwords, email addresses, full names, and phone numbers, with some information stated to be encrypted or hashed.
Date: 2025-12-19T21:04:24Z
Network: telegram
Published URL: https://t.me/perunswaroga/847
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff92abfb-999e-4879-a49c-575c6af4d20e.jpg
Threat Actors: Perun Svaroga
Victim Country: Lithuania
Victim Industry: Marketing, Advertising & Sales
Victim Organization: šilutės skelbimai
Victim Site: silutesskelbimai.lt
Chronus leaks targets the website of South Baja California Institute of Culture
Category: Defacement
Content: The Group claims to have defaced the website of South Baja California Institute of Culture
Date: 2025-12-19T20:59:09Z
Network: telegram
Published URL: https://t.me/c/3211040888/311
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab313491-0b3d-42f6-b59f-f4e4ef2ff160.jpg
Threat Actors: Chronus leaks
Victim Country: Mexico
Victim Industry: Education
Victim Organization: instituto sudcaliforniano de cultura
Victim Site: culturabcs.gob.mx
EAG Realty International falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T20:44:12Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/694227a2be52b3ea15c49711
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cdd2b51b-a5dc-456f-a14c-bfb4f6d1216f.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: eag realty international
Victim Site: eagrealtyinternational.com
Alleged Sale of Mirax – Android MaaS Bot
Category: Malware
Content: A threat actor claims to be selling Mirax, an Android malware as a service bot that allegedly provides full remote control over infected Android devices through a command and control panel. The malware is promoted with key capabilities including keylogging, reading and sending SMS messages, notification abuse, overlay and HTML injection for credential harvesting, capture of PIN and pattern locks, remote screen viewing, camera access, and device lock and unlock. It reportedly abuses Android accessibility services, includes Google Play Protect bypass and removal protection, and supports real time monitoring and control using dual WebSocket communication channels.
Date: 2025-12-19T20:29:48Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272397/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6793ee86-b380-4c96-82a3-53f301a06c1f.png
https://d34iuop8pidsy8.cloudfront.net/b6af725b-a7ee-4fcd-9896-b87589982769.png
https://d34iuop8pidsy8.cloudfront.net/9786e4ed-57e0-4a95-8d66-9fd92f226f52.png
https://d34iuop8pidsy8.cloudfront.net/0fb1912d-934a-46a5-a986-b42f42172233.png
https://d34iuop8pidsy8.cloudfront.net/3cbc62aa-4375-4d58-b628-454a70817581.png
Threat Actors: MiraxBot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
7 Proxies target the website of Onneshon
Category: Defacement
Content: The Group claims to have defaced the website of Onneshon
Mirror Link : https://ownzyou.com/zone/280174
Date: 2025-12-19T20:28:59Z
Network: telegram
Published URL: https://t.me/c/2366703983/843
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c35f2b7b-5898-41d4-a1f0-fd67dfa7e952.jpg
Threat Actors: 7 Proxies
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: onneshan
Victim Site: onneshon.com.bd
Reger Zahntechnik falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T20:23:51Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/reger-zahntechnikde/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c09102b5-d41b-4bd7-b7aa-2995d0ebc86b.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: Medical Equipment Manufacturing
Victim Organization: reger zahntechnik
Victim Site: reger-zahntechnik.de
404 CREW CYBER TEAM targets the website of DosLab Electronics
Category: Defacement
Content: The Group claims to have defaced the website of DosLab Electronics
Date: 2025-12-19T20:14:38Z
Network: telegram
Published URL: https://t.me/crewcyber/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/80f96fd7-d05f-4429-9a70-0b3059a0d8f3.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: doslab electronics
Victim Site: doslabelectronics.com
Springer’s Jewelers falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:57:55Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/springersjewelerscom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b85d97b6-b399-47b1-bfa1-6c5950b43311.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: springer’s jewelers
Victim Site: springersjewelers.com
DFC-SYSTEMS GmbH falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:52:52Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/dfcsystemsde/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd2ac8e3-80fd-475e-9c24-5d21b484ce9a.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: Software Development
Victim Organization: dfc-systems gmbh
Victim Site: dfcsystems.de
Kenalex falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:45:58Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/kenalexca/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1620038-4370-43ac-997a-3f2131a05c54.png
Threat Actors: SAFEPAY
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: kenalex
Victim Site: kenalex.ca
Meyerlift falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:37:09Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/meyer-liftde/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cb596e3-7f6f-41a7-a0f6-0fd06123e545.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: Building and construction
Victim Organization: meyerlift
Victim Site: meyer-lift.de
DEVMAN 2.0 Ransomware Group adds an Unknown Victim (consult*.c)
Category: Ransomware
Content: The Group claims to have obtained 100GB of organization’s data. The compromised data reportedly includes Financial and HR data, which they intend to publish within 4-5 days.
Date: 2025-12-19T19:30:31Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/036be232-e1a8-4242-b66a-3d8beb77b3ac.png
Threat Actors: DEVMAN 2.0
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
COLORADO POWERLINE, INC falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:28:32Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/coloradopowerlinecom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7d4e952-de19-45d7-befb-c19998968e42.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: colorado powerline, inc
Victim Site: coloradopowerline.com
Rogitz & Associates falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and they intend to publish it within 4-5 days
Date: 2025-12-19T19:25:24Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/rogitzcom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35149a1c-6c0c-495a-aaab-707e51afb203.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: rogitz & associates
Victim Site: rogitz.com
Dr. Busso Peus Nachf.
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T19:22:21Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/peus-muenzende/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35ed5e0f-1e41-455b-ab9e-8e95e4dcf9e2.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: dr. busso peus nachf.
Victim Site: peus-muenzen.de
Capsum falls victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 4-5 days.
Date: 2025-12-19T18:59:32Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/capsumcom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5528037c-28c8-4694-a3d3-d1d2a21d5496.png
Threat Actors: SAFEPAY
Victim Country: France
Victim Industry: Manufacturing
Victim Organization: capsum
Victim Site: capsum.com
Glasser’s T.V. Service Ltd falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T18:40:12Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69459149be52b3ea15fc0d20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bb446fe1-e0cc-4774-a5be-8399ce98091d.png
Threat Actors: INC RANSOM
Victim Country: Canada
Victim Industry: Retail Industry
Victim Organization: glasser’s t.v. service ltd
Victim Site: glasserstv.com
Cyb3r Drag0nz targets Türkiye İş Bankası
Category: Alert
Content: Recent post by the group claims that they’re targeting Türkiye İş Bankası
Date: 2025-12-19T17:58:00Z
Network: telegram
Published URL: https://t.me/c/2508606000/185
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a151316-d8bb-424b-887b-c16c57f9d56c.png
https://d34iuop8pidsy8.cloudfront.net/e259c2ac-cfc3-4cd0-a2bd-e8588182d02f.png
Threat Actors: Cyb3r Drag0nz
Victim Country: Turkey
Victim Industry: Banking & Mortgage
Victim Organization: türkiye iş bankası
Victim Site: isbank.com.tr
Alleged data breach of Ministry of Public Administration
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to Mexico’s Ministry of Public Administration.The exposed data reportedly includesfull names, national identification numbers, police and Guardia affiliations, location details, email addresses, phone numbers, physical addresses, and partially hashed administrative credentials.
Date: 2025-12-19T17:41:06Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-Mexico-SPF-DB-leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9944dba-d7df-4267-b869-c3a52ae206db.png
Threat Actors: GhostSec
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: ministry of public administration
Victim Site: gob.mx/sfp
Alleged Sale of Powershell Loader
Category: Malware
Content: Threat actor claims to be selling a custom PowerShell loader designed for AV and EDR bypass. The tool allegedly supports native C/C++ and Rust code, works on both x86 and x64 architectures, can be used with DLL and EXE payloads, and includes full PowerShell source code with support. Compatibility is claimed with default Windows 11 PowerShell and potentially PowerShell 7.
Date: 2025-12-19T17:40:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272389/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0c985f8c-96de-4906-9128-de79c30fa443.png
Threat Actors: sha256sum
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Order403 targets the website of World WebX
Category: Defacement
Content: The Group claims to have defaced the website of World WebX.
Mirror Link : https://zone-xsec.com/mirror/id/773013
Date: 2025-12-19T17:26:26Z
Network: telegram
Published URL: https://t.me/order403/120
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bae09207-e807-4b85-b960-6fdd87365dc0.png
Threat Actors: Order403
Victim Country: USA
Victim Industry: Broadcast Media
Victim Organization: world webx
Victim Site: worldwebx.com
Alleged Sale of Unauthorized AWS Root and GitHub Admin Access to a Logistics SaaS Company in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized AWS root console and GitHub organization admin access to a logistics SaaS company in USA. The access allegedly exposes large-scale cloud infrastructure, including hundreds of S3 buckets containing approximately 80TB of supply chain data, along with source code, trade documents, and sensitive enterprise and government-related datasets.
Date: 2025-12-19T17:17:01Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272386/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1eae6599-d71d-4849-8def-27d6364409e8.png
Threat Actors: ChaosIon
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
Culinary Jet Concierge falls victim to DEVMAN 2.0
Category: Ransomware
Content: The group claims to have obtained 100 GB of organization’s data and intend to publish within 5-6 days.
Date: 2025-12-19T16:52:23Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/532fb09c-60e2-4274-a890-6f47ffb75063.png
Threat Actors: DEVMAN 2.0
Victim Country: UK
Victim Industry: Retail Industry
Victim Organization: culinary jet concierge
Victim Site: culinaryjetconcierge.com
Alleged Sale of Unauthorized MariaDB Database Access to Council for the Development of Cambodia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized MariaDB database access to Cambodian government development agency, allegedly providing privileged backend access that could enable data extraction and further system compromise.
Date: 2025-12-19T16:44:23Z
Network: telegram
Published URL: https://t.me/h3c4kedzsec_official/223
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7503eb33-3056-4dc6-9741-44df6f247d40.png
https://d34iuop8pidsy8.cloudfront.net/30b24b94-2f95-43ca-bf38-7225c498f4c1.png
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Government Administration
Victim Organization: council for the development of cambodia
Victim Site: cdc-crdb.gov.kh
Sarmiento – OSP falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T16:38:37Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2e20bfff-6db8-35ab-8cac-e76f3bed5f24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/beb18650-a472-4ad1-aace-8a34a5bfd742.png
https://d34iuop8pidsy8.cloudfront.net/643f95cc-b3e5-4fca-818b-9aadbfe8da9f.png
Threat Actors: Qilin
Victim Country: Argentina
Victim Industry: Marketing, Advertising & Sales
Victim Organization: sarmiento – osp
Victim Site: sarmiento.net
FloorHeat falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 180 GB of the organization’s data. The compromised data includes Employees personal documents (driver license and other docs), financials, client information, lots of specification and drawings, etc.
Date: 2025-12-19T16:20:06Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/360ea628-aea2-4e9e-bf3e-c3e3d8f8d45b.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: floorheat
Victim Site: floorheat.com
MAT 4Site Engineers Limited falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 90 GB of the organization’s data. The compromised data includes Employees Personal documents (driver licenses and other docs), financials, customer information, confidential files, numerous project files, etc.
Date: 2025-12-19T16:04:05Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7bfa278b-c020-4de3-acfb-b84a85b7357f.png
Threat Actors: akira
Victim Country: Canada
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: mat 4site engineers limited
Victim Site: mat4site.com
Alleged leak of Chromium search hijack 0day
Category: Data Breach
Content: The threat actor claims to have sale a Chromium browser search hijack zero-day exploit.which including Chrome, bypassing modern security protections such as app-bound encryption.
Date: 2025-12-19T15:28:11Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-Chromium-search-hijack-0day
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/05a07136-2066-466c-9078-813ecc1504fd.png
Threat Actors: n4pster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Crown Prince Court
Category: Data Breach
Content: The threat actor claims to have obtained sensitive data allegedly associated with the Crown Prince Court (CPC) of Abu Dhabi.The exposed data reportedly contains email addresses and passwords.
Date: 2025-12-19T15:10:38Z
Network: telegram
Published URL: https://t.me/c/2451084701/389569
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4401142-1d51-43f1-9fe6-b2d9bf4d7bad.png
Threat Actors: Buscador Profundo
Victim Country: UAE
Victim Industry: Government & Public Sector
Victim Organization: crown prince court
Victim Site: cpc.gov.ae
Alleged leak of unauthorized access to the control system of an unidentified bathhouse complex in Poland
Category: Initial Access
Content: The group claims to have gained unauthorized access to the control system of a bathhouse complex in Poland. According to their statement, they are able to remotely control operational systems including lighting, ventilation, temperature, and other environmental parameters across multiple areas such as the salt cave, changing rooms, and relaxation rooms
Date: 2025-12-19T15:09:05Z
Network: telegram
Published URL: https://t.me/zpentestalliance/868
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d5c24c1-7dfd-4611-9c44-ea09a285e26e.png
https://d34iuop8pidsy8.cloudfront.net/0440c8a9-f994-4e2b-b598-b07cd548538e.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Colonial Metals falls victim to Dragonforce Ransomware
Category: Ransomware
Content: The group claims to have obtained 541.99 GB of organization’s data and intend to publish within 4-5 days.
Date: 2025-12-19T14:49:43Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76aa1ceb-7acb-4f1e-8d22-0b99eece39d5.png
Threat Actors: DragonForce
Victim Country: USA
Victim Industry: Chemicals
Victim Organization: colonial metals
Victim Site: colonialmetals.com
GLOBAL MIAMI J.V. falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes employees personal documents such as passports, DLs, detailed financials, numerous projects, etc.
Date: 2025-12-19T14:42:58Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b1ee4e67-22ba-49f4-967b-ca0f04d16e96.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: global miami j.v.
Victim Site: globalmia.com
Susquehanna Glass Company falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 35 GB of organization’s data. The data includes personal information of almost 800 people such as i-9 forms, scans of passports, DLs, SSNs, drug test, detailed financials, customer information, etc.
Date: 2025-12-19T14:36:35Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e211a7bb-732b-46f4-ab86-dda9ccb38786.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: susquehanna glass company
Victim Site: susquehannaglass.com
Alleged leak of SQL injection vulnerability in Iplehouse
Category: Vulnerability
Content: Group claims to leaked a SQL injection vulnerability in the website of Iplehouse.
Date: 2025-12-19T14:26:22Z
Network: telegram
Published URL: https://t.me/crewcyber/408
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2205f729-738c-48b8-945c-ddd3a4a599aa.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: South Korea
Victim Industry: Retail Industry
Victim Organization: iplehouse
Victim Site: iplehouse.com
Melsing Engineering & Consulting ApS falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T14:14:20Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=902a4e13-49c1-34e1-bc1b-d16e11f8e3fd
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3b28471a-30d0-477b-bd0e-0ddb7cd60c4b.jpg
Threat Actors: Qilin
Victim Country: Denmark
Victim Industry: Machinery Manufacturing
Victim Organization: melsing engineering & consulting aps
Victim Site: melsing.dk
SPZC falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s internal data and they intend to publish it within 6-7 days
Date: 2025-12-19T14:01:02Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44158d79-26eb-499c-9626-26ceb1e75150.png
Threat Actors: Nova
Victim Country: Portugal
Victim Industry: Education
Victim Organization: spzc
Victim Site: spzc.pt
R-Concept falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained 1 GB GB of organization’s internal data and they intend to publish it within 6-7 days.
Date: 2025-12-19T13:58:23Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81981f8e-edca-4a7d-ae13-690c7c3caa36.png
Threat Actors: Nova
Victim Country: Belgium
Victim Industry: Manufacturing
Victim Organization: r-concept
Victim Site: rconcept.be
The Genesis Group falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T13:19:14Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2e6af24f-27ff-3d6a-b6c1-1d26661c5083
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f8e7c7c0-e3a9-4993-8d7c-e46e915cce9f.jpg
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Software Development
Victim Organization: the genesis group
Victim Site: genesisworld.com
Maison Law falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T13:10:00Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a7961263-c7a8-30cd-b2eb-9c297be549cc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df49b8e5-97be-42ae-a6e3-2415c4278ef5.jpg
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: maison law
Victim Site: maisonlaw.com
GHOSTNET-X targets the website of oljefyndet.se
Category: Defacement
Content: The group claims to have defaced the website of oljefyndet.se
Date: 2025-12-19T13:06:37Z
Network: telegram
Published URL: https://t.me/c/3634444524/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af8f40fe-58c7-41c2-ae23-9401c90d1d0a.JPG
Threat Actors: GHOSTNET-X
Victim Country: Sweden
Victim Industry: E-commerce & Online Stores
Victim Organization: oljefyndet.se
Victim Site: oljefyndet.se
GHOSTNET-X targets the website of Active Internet Marketing
Category: Defacement
Content: The group claims to have defaced the website of Active Internet Marketing.
Date: 2025-12-19T12:20:03Z
Network: telegram
Published URL: https://t.me/c/3634444524/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc06c992-23c0-4432-8346-ac97820c8876.png
Threat Actors: GHOSTNET-X
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: active internet marketing
Victim Site: active.marketing
GHOSTNET-X targets the website of Tonjoostudio
Category: Defacement
Content: The group claims to have defaced the website of Tonjoostudio.
Date: 2025-12-19T12:09:49Z
Network: telegram
Published URL: https://t.me/c/3634444524/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/821889a7-e8a9-402b-a10a-ffa0c31bd76e.png
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Information Technology (IT) Services
Victim Organization: tonjoostudio
Victim Site: coba.tonjoostudio.com
Solumek falls victim to The Gentlemen Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s internal data and intends to publish it within 9-10 days.
Date: 2025-12-19T11:39:44Z
Network: tor
Published URL: http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b10379a2-86c0-4369-9472-25ec130621bd.png
Threat Actors: The Gentlemen
Victim Country: Colombia
Victim Industry: Environmental Services
Victim Organization: solumek
Victim Site: solumeksa.com
Alleged data sale of SFR
Category: Data Breach
Content: The threat actor claims to be selling 287.6 GB of data from SFR, allegedly containing 17.4 million lines of data. The compromised data reportedly includes default passwords, employee’s hashed passwords, photos, as well as customer and employee signatures.
Date: 2025-12-19T11:36:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-SFR-FR-17-4-M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1da48f7-a552-4fc3-b3fc-092d84b21b81.png
https://d34iuop8pidsy8.cloudfront.net/af7aa569-10a9-49ab-8fa1-5f70a4deee71.png
Threat Actors: Sacrifice
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: sfr
Victim Site: sfr.fr
TEAM EAGLE OF TAWHID targets the website of History In Hindi
Category: Defacement
Content: The group claims to have defaced the website of History In Hindi.
Date: 2025-12-19T11:33:54Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217756
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db86cc5b-47e3-4e16-9602-fc996e9fee7b.png
Threat Actors: TEAM EAGLE OF TAWHID
Victim Country: India
Victim Industry: Education
Victim Organization: history in hindi
Victim Site: historyclasses.in
Monarchy Sec Team targets the website of CBT SMKN STD
Category: Defacement
Content: The group claims to have defaced the website of CBT SMKN STD
Date: 2025-12-19T11:32:37Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217755
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44f5230b-f4d7-425b-9ef8-8b6a21cc5c86.JPG
Threat Actors: Monarchy Sec Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: cbt smkn std
Victim Site: cbtsmknstd.store
Hazardous Cyber Team targets the website of National Computer Saksharta Mission
Category: Defacement
Content: The group claims to have defaced the website of National Computer Saksharta Mission
Date: 2025-12-19T11:17:38Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217754
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4731dea7-e58f-4512-a50e-5bf16f1d2f23.JPG
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: national computer saksharta mission
Victim Site: ncsm.co.in
Allen Printing, Inc. falls victim to TridentLocker Ransomware
Category: Ransomware
Content: Group claims to have obtained 88.28 GB of the organization’s data.
Date: 2025-12-19T10:55:02Z
Network: tor
Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/207a35f0-2fa8-414d-947e-97e09b76cb17
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8561876f-c67d-4a73-ba8f-580000073fb6.png
Threat Actors: TridentLocker
Victim Country: USA
Victim Industry: Printing
Victim Organization: allen printing, inc.
Victim Site: allenprinting.com
Alleged data sale of European Vegetarian Union
Category: Data Breach
Content: The threat actor claims to be selling data from European Vegetarian Union.the compromised data includes user id, address id, email, name and more.
Date: 2025-12-19T10:45:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-European-Vegetarian-Union-EVU
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d0ed2e34-3079-43ff-af36-4015cf268f5a.png
https://d34iuop8pidsy8.cloudfront.net/3481f97b-55a9-47db-8bb9-b82ca1d5b1a3.png
Threat Actors: krekti
Victim Country: Unknown
Victim Industry: Food Production
Victim Organization: european vegetarian union
Victim Site: euroveg.eu
Alleged access to a heat distribution and pumping equipment management system in Germany
Category: Initial Access
Content: The group claims to have gained unauthorised access to a heat distribution and pumping equipment management system in Germany
Date: 2025-12-19T10:38:16Z
Network: telegram
Published URL: https://t.me/zpentestalliance/865
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9be00b4-0acd-4c8e-832b-56942c93501c.JPG
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Germany
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Josh Steel Co falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T10:35:27Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f4b1c62b-289b-374e-8e2c-e935cb70b49e
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/840aab5c-e7ff-4b3e-9d2c-c5b9a559cf59.jpg
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Mining/Metals
Victim Organization: josh steel co
Victim Site: joshsteel.biz
Shah Law Office falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained 54 GB of the organization’s data.
Date: 2025-12-19T10:24:19Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6930147a-9505-3f07-befe-bd6149a6f566
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/16a7c61d-e844-4288-8eff-fa3e398b0d44.jpg
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Law Practice & Law Firms
Victim Organization: shah law office
Victim Site: shahlaw.ca
Club Atlético River Plate falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-19T10:07:01Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8218417e-8d89-38e0-a811-151a6b94abcb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88a8c4e4-7393-4726-aec7-6811615aeb58.png
https://d34iuop8pidsy8.cloudfront.net/d26d0c11-0694-49e2-aad6-4168955d6310.png
Threat Actors: Qilin
Victim Country: Argentina
Victim Industry: Sports
Victim Organization: club atlético river plate
Victim Site: cariverplate.com.ar
MG Chartered Professional Accountant falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-19T10:05:37Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=402edd4d-f10a-372a-b9c0-3d4b3fe0420c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01c4e40b-5cc8-4115-b237-a1f06860a1cf.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Accounting
Victim Organization: mg chartered professional accountant
Victim Site: cpamg.ca
Alleged leak of French administrative databases
Category: Data Breach
Content: The group claims to have leaked data from French administrative.
Date: 2025-12-19T09:59:09Z
Network: telegram
Published URL: https://t.me/HawkSec/45
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64280d32-3828-452f-a83a-8ed0f4e58a5b.png
Threat Actors: HawkSec
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Papanin Institute for Biology of Inland Waters of the Russian Academy of Sciences
Category: Data Breach
Content: The threat actor claims to be selling data from the Papanin Institute for Biology of Inland Waters of the Russian Academy of Sciences. The compromised data includes id, ip, counter active, password, username and more.
Date: 2025-12-19T09:10:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Institute-for-Biology-of-Inland-Waters-IBIW-of-the-Russian-Academy-of-Sciences
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ca99118-c6c5-40a2-972b-8a0914c5d8e3.png
Threat Actors: krekti
Victim Country: Russia
Victim Industry: Education
Victim Organization: papanin institute for biology of inland waters of the russian academy of sciences
Victim Site: ibiw.ru
Alleged data breach of VGen
Category: Data Breach
Content: Threat Actor claims to have breached the database of VGen, which includes 730K of data.
Date: 2025-12-19T08:53:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-VGen-co-scraped-730K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6daffbdb-a7f9-492c-be24-f072094a6b44.png
Threat Actors: unrest
Victim Country: Canada
Victim Industry: E-commerce & Online Stores
Victim Organization: vgen
Victim Site: vgen.co
Alleged data leak of Horizon-Optics
Category: Data Breach
Content: The threat actor claims to have leaked data from Horizon-Optics, allegedly containing IP addresses, email IDs, phone numbers, and more.
Date: 2025-12-19T08:45:02Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-FREE-RUSSIAN-DATABASE-gorizont-optika-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e7ca0fd-7941-463a-a8ff-581a5d5b769b.png
Threat Actors: trashfunny
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: horizon-optics
Victim Site: gorizont-optika.ru
BontenSec targets the website of Department of Airspace Control
Category: Defacement
Content: The group claims to have defaced the website of Department of Airspace Control
Date: 2025-12-19T08:36:20Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217752
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8dce7a4-1739-4e53-9b5c-8b8f0108cc03.JPG
Threat Actors: BontenSec
Victim Country: Brazil
Victim Industry: Aviation & Aerospace
Victim Organization: department of airspace control
Victim Site: servicos.decea.mil.br
BontenSec targets the website of portal.erp123.io.vn
Category: Defacement
Content: The group claims to have defaced the website of portal.erp123.io.vn
Date: 2025-12-19T08:21:15Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217751
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/462f240f-318b-42b4-98b7-68e576bffa34.JPG
Threat Actors: BontenSec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: portal.erp123.io.vn
HellR00Ters Team targets the website of Raisul’s Marketing Lab
Category: Defacement
Content: The group claims to have defaced the website of Raisul’s Marketing Lab , Attributing the attack to its member butzxploit.
Date: 2025-12-19T08:14:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217753
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/396482bd-5e25-46d9-a1a4-92079cb834f6.png
Threat Actors: HellR00ters Team
Victim Country: Bangladesh
Victim Industry: Marketing, Advertising & Sales
Victim Organization: raisul’s marketing lab
Victim Site: raisulsmarketinglab.com
H3C4KEDZ targets the website of Thailand Tourism Directory
Category: Defacement
Content: The Group claims to have defaced the website of Thailand Tourism Directory.
Date: 2025-12-19T07:27:30Z
Network: telegram
Published URL: https://t.me/h3c4kedzsec_official/217
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de14487c-cff4-4316-bc8b-c094df9bc2e1.png
Threat Actors: H3C4KEDZ
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: thailand tourism directory
Victim Site: thailandtourismdirectory.go.th
Alleged Sale of Unauthorized Access to Brazilian Government and Corporate Systems
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to Brazilian Government and Corporate Systems.
Date: 2025-12-19T06:25:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-PREMIUM-PRIVATE-GOVERNMENT-ACCESS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c861ae9c-4a05-4f4e-8fe9-6de51d9c68b9.png
Threat Actors: Midia22
Victim Country: Brazil
Victim Industry: Government Relations
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Crypto Leads Databases From Various Countries
Category: Data Breach
Content: Threat actor has leaked the crypto-related lead databases from various countries. The advertised datasets allegedly include users linked to major cryptocurrency platforms such as Coinbase (CB), Ledger, and OKX. The data fields reportedly contain name, phone number, country, email address, token address, deposit source, and deposit amount.
Date: 2025-12-19T06:13:33Z
Network: openweb
Published URL: https://leakbase.la/threads/crypto-leads-dbs-various-countries-cb-ledger-okx.47270/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca524e0a-3145-4e44-b8bb-4b0ca0398eff.png
Threat Actors: Ogsgd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of FRANCETRAVAIL users linked to MISSION LOCALE
Category: Data Breach
Content: A threat actor claims to be selling FRANCETRAVAIL users linked to MISSION LOCALE. The compromised data reportedly contain 1.55 million records including First name and last name, Date of birth, Email address, Gender, Phone number.
Date: 2025-12-19T05:47:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FRANCETRAVAIL-MISSION-LOCALE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2516aaf6-0d74-4242-b51b-2239f1d66670.png
Threat Actors: Indra
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: francetravail
Victim Site: francetravail.fr
CiaoxD_ targets the website of Amanas Technical Services
Category: Defacement
Content: The group claims to have defaced the website of Amanas Technical Services
Date: 2025-12-19T05:44:44Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217749
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd21b7cd-fc7f-4280-96a6-dfbff58c7f80.png
Threat Actors: CiaoxD_
Victim Country: UAE
Victim Industry: Professional Services
Victim Organization: amanas technical services
Victim Site: amanas.ae
Alleged data breach of Chambre de Métiers et de l’Artisanat
Category: Data Breach
Content: The threat actor claims to have leaked data from Chambre de Métiers et de l’Artisanat. The compromised data reportedly contain 3596 records including Student ID, First name and last name, Date of birth, Email address, Phone number.
Date: 2025-12-19T05:28:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-French-CMA-Student
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ebf0eca0-fccf-4017-ae12-e256fd1e210e.png
Threat Actors: ldopanda2
Victim Country: France
Victim Industry: Education
Victim Organization: chambre de métiers et de l’artisanat
Victim Site: artisanat.fr
Alleged leak of WordPress database credentials from SCIOTO POST LLC
Category: Data Breach
Content: The group claims to have leaked a WordPress configuration file containing MySQL credentials for the website SCIOTO POST LLC.
Date: 2025-12-19T04:39:25Z
Network: telegram
Published URL: https://t.me/crewcyber/404
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f9ee9b0-123d-441a-898e-b23a1e60ad74.png
https://d34iuop8pidsy8.cloudfront.net/bc005fb7-737a-415c-992d-c75b45987c6a.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: USA
Victim Industry: Newspapers & Journalism
Victim Organization: scioto post llc
Victim Site: sciotopost.com
Alpha wolf targets the website of ACME Group of Companies UAE
Category: Defacement
Content: The group claims to have defaced the website of ACME Group of Companies UAE
Date: 2025-12-19T04:28:21Z
Network: openweb
Published URL: https://defacer.id/mirror/id/217564
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/603ecae9-8c25-4a2b-8ca5-37c18fae5c80.png
Threat Actors: Alpha wolf
Victim Country: UAE
Victim Industry: Manufacturing & Industrial Products
Victim Organization: acme group of companies uae
Victim Site: acmegroupsuae.com
Alleged data breach of LICRA
Category: Data Breach
Content: The threat actor claims to have leaked data from LICRA. The compromised data reportedly Subscriber email addresses, Admin usernames and email addresses, Administrative user accounts.
Date: 2025-12-19T04:15:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-LICRA-ORG-French-AntiRacist-and-Sionist-Group
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef38a251-348b-49c9-8edb-1bb7153e302e.png
Threat Actors: Egorgeur2Pedo
Victim Country: France
Victim Industry: Other Industry
Victim Organization: licra
Victim Site: licra.org
Alleged Data leak of multiple Law Enforcement and Correctional System
Category: Data Breach
Content: The threat actor claims to have leak multiple Law Enforcement and Correctional System access.
Date: 2025-12-19T01:24:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-SELLING-LAW-ENFORCEMENT-COUNTY-ARMY-ALL-IN-ONE-CORRECTION-MANAGAEMENT-SYSTEM-LOGINS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93ef61c1-18c7-4d37-9233-517d51bd4d11.png
Threat Actors: Collective
Victim Country: Unknown
Victim Industry: Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of an Automated deposit callback system code
Category: Alert
Content: The threat actor claims to be selling a fully automated BEP20-USDT deposit callback system, complete with an administrative backend and collection functionality. The system allows viewing of customer deposit addresses and detailed transaction records.
Date: 2025-12-19T01:18:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272346/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d717d0df-5440-4e41-81fb-3bc8529b5d44.png
https://d34iuop8pidsy8.cloudfront.net/b9091e5c-56a1-4f3f-b3c6-4a1c211bcb57.png
Threat Actors: eemarki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of University of California, San Francisco (UCSF)
Category: Data Breach
Content: The group claims to be leaked the institutional network of the University of California, San Francisco (UCSF)
Date: 2025-12-19T00:39:29Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2916
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/95ecac40-8328-4903-85e2-a6917d057212.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: USA
Victim Industry: Education
Victim Organization: university of california, san francisco (ucsf)
Victim Site: ucsf.edu
Alleged sale of Driver License data from USA
Category: Data Breach
Content: The threat actor claims to be selling Driver License data from USA. The compromised dataset reportedly contains approximately 53,000 records.
Date: 2025-12-19T00:19:14Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272344/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b1addf5-27e5-44e3-b619-a28c1f952c4d.png
https://d34iuop8pidsy8.cloudfront.net/26d64a83-7d04-4772-b928-eed28fe06588.png
Threat Actors: SinCity
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown