Cyber Threat Intelligence Report: December 20, 2025
1. High-Priority Government & Critical Infrastructure Incidents
Attacks in this sector have escalated to include potential zero-day exploits and direct control over physical infrastructure.
- United States – Diplomatic Cables Leak:
- Context: The threat actor RED EYES claims to have leaked confidential communications between the U.S. State Department and its embassies worldwide .
- Status: The authenticity is currently unverified, but screenshots have been provided as proof of access .
- Platform: Telegram (Channel ID: 3470684086) .
- South Africa – Water Infrastructure Compromise:
- Context: The Infrastructure Destruction Squad claims unauthorized access to a water pump control system .
- Operational Impact: The actors allege they can manage pressure and pump operations across the integrated network, posing a physical safety risk .
- Evidence: Screenshots of the control panels were released .
- India – State Tax Authority Breach:
- Context: The Infrastructure Destruction Squad (also targeting South Africa) claims to have leaked a massive database from India’s state tax authorities .
- Data Specifics: The leak reportedly includes tax declarations, biometric/official identity documents, bank account data, salary info, and professional license details .
- Ukraine – Telecommunications Wipe:
- Context: The IT ARMY OF RUSSIA targeted the Ukrainian internet provider Norma-4 .
- Scope: Beyond data leakage, the attack involved widespread defacement of the official website and associated domains, including Lokinet, REtracker, and DI ONE GmbH .
2. Technical Analysis: Malware, Exploits, and “Zero-Days”
The intelligence indicates a marketplace active with sophisticated tools, including alleged zero-day exploits and specialized Remote Access Trojans (RATs).
- Fortiweb Zero-Day Allegation:
- Actor: Anon-WMG .
- Claim: Sale of 500 unauthorized Fortiweb admin access points, purportedly obtained via a zero-day exploit .
- Privileges: Access includes “super administrator” privileges .
- Windows Local Privilege Escalation (LPE):
- Actor: wern .
- Target Systems: A comprehensive LPE exploit is being sold for Windows 10, Windows 11, and Server versions 2012, 2016, 2019, 2022, and 2025 .
- Advanced Malware Sales:
- In-Memory Dropper: Actor roush is selling a dropper that supports fileless execution, anti-VM/anti-debug protections, and DLL side-loading to evade Windows Defender .
- macOS HVNC RAT: Actor curious_george is selling a Hidden VNC (HVNC) RAT for macOS that offers root-level access and hidden remote control, capable of extracting browser cookies and autofill data .
- Android Banking RAT: Actor Hacknull is selling malware specifically designed to target mobile banking applications .
- Exploit Usage (CVE-2025-55182):
- The Cyber Fattah Team claims to have breached the Israeli retailer Dana Ronen using CVE-2025-55182 to deploy BQT ransomware .
3. Expanded Ransomware Landscape
Ransomware actors are operating with high velocity, with Qilin being the most prolific. Most groups are threatening data publication within a 4-5 day window.
- Qilin Campaign Targets:
- Titan Motor Group (USA): Automotive sector .
- Dolan Construction (USA): Building and construction .
- Integrated Technology Group (Jordan): IT services .
- IAPMO (Canada): Non-profit organization, with 361 GB of data allegedly stolen .
- Busbusbus (Canada): Transportation and logistics .
- Victoria Company (Belgium): Luxury goods .
- DragonForce Campaign:
- Target: Unipres Corporation (USA/Automotive) .
- Volume: Claims to have exfiltrated 117.1 GB of data, with a 1-2 day publication deadline .
- Sinobi Ransomware:
- Target: Homestead Electrical Contracting, LLC (USA) .
- Method: Listed on their TOR leak site with proof of access .
4. Corporate & Financial Data Leaks (Specifics)
Details on the scale and nature of compromised records reveal significant privacy risks.
- WIRED (Media):
- Actor: lovelycorp .
- Scale: Allegedly 2.3 million records from the
wired.comdatabase .
- EDF (Energy – France):
- Actor: 8080 .
- Scale: 15 million lines of data .
- Sensitivity: Includes IBANs, physical addresses, names, and dates of birth .
- Vietnam Loan Database:
- Actor: Wildpistol and sheldon .
- Scale: Approximately 3 million records .
- Content: Loan-related info, IDs, and timestamps .
- Kraken (Financial):
- Actor: Shampoo69 .
- Scale: 47,000 lines of user data .
- Content: Names, emails, phone numbers, and addresses .
5. The “Digit_4” Education Campaign
A threat actor named Digit_4 executed a highly focused campaign selling initial access (login credentials) to educational and health portals.
- Method: The actor typically provides screenshots of the admin or user panels to verify access.
- Victims:
- Thailand: Silpakorn University, Yala Rajabhat University, Lopburi Technical College, STOU e-book, Office of the Basic Education Commission, Eastern College of Technology .
- USA: The Truth About Cancer, The CPAP Shop, ZEUS Network .
- Canada: The Natural Health Library .
6. Geopolitical Hacktivism
Regional conflicts are manifesting in cyber defacements and targeted leaks.
- Anti-Israel Operations:
- jrintel claims to have leaked email data from major Israel Defense Forces (IDF) units .
- Cyber Fattah Team (claiming to be “Iranian Islamic Resistance Cyber Unit”) targeted Israeli retail .
- Targeting India:
- SYLHET GANG-SG and DieNet announced a collaborative targeting of India .
- GHOSTNET-X targeted multiple Indian schools (Delhi Public School Dhuri, Kulti College) and the software firm Signefo .
- Targeting Bangladesh:
- Rogue77 and 7 Proxies defaced multiple schools and government sites like Shibpur Paurashava .
Detected Incidents Draft Data
- Alleged data leak of United States diplomatic cables
Category: Data Breach
Content: Group claims to have leaked the data of confidential communications between the U.S. State Department and its embassies worldwide.
NB: Authenticity of the claim is yet to be verified.
Date: 2025-12-20T23:23:36Z
Network: telegram
Published URL: https://t.me/c/3470684086/180
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8602cc6-4bb2-4f4d-8e7e-5eca7aefd6da.png
https://d34iuop8pidsy8.cloudfront.net/420fad2a-8030-42ed-937f-b597ebd9ab5e.png
Threat Actors: RED EYES
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
- Alleged login access to Silpakorn University
Category: Initial Access
Content: The group claims to have gained login access to the Silpakorn University
Date: 2025-12-20T23:02:45Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/310
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3fa058d-f0a9-4511-9ad5-c6e9fe3441df.png
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Education
Victim Organization: silpakorn university
Victim Site: admission.su.ac.th - Alleged data breach of Norma-4 and associated domains
Category: Data Breach
Content: The group claims to have breached the systems of Ukrainian internet provider and television operator Norma‑4, leaking internal data and carrying out widespread defacement across the official website, multiple subdomains, and associated organizational domains including Lokinet, REtracker, and DI ONE GmbH.
Date: 2025-12-20T22:37:12Z
Network: telegram
Published URL: https://t.me/itarmy_ru/249
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76e945a2-fe1c-4e7e-a324-24dda82892b8.png
https://d34iuop8pidsy8.cloudfront.net/8988d02d-af7a-4b89-9e57-5ad4a161050d.png
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Network & Telecommunications
Victim Organization: norma-4
Victim Site: norma4.tv - Alleged Data Breach of WIRED
Category: Data Breach
Content: Threat Actor claims to have breached the database of WIRED in the United States, allegedly exposing approximately 2.3 million records.
Date: 2025-12-20T22:36:21Z
Network: openweb
Published URL: https://leakbase.la/threads/2-3m-wired-wired-com-database-leaked-download.47334/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e95e0fc-cb5b-4be4-90ff-f21976f3c48e.png
Threat Actors: lovelycorp
Victim Country: USA
Victim Industry: Broadcast Media
Victim Organization: wired
Victim Site: wired.com - Alleged sale of unauthorized Fortiweb admin access
Category: Initial Access
Content: The group claims to be selling 500 unauthorized Fortiweb admin access, which includes super administrator privileges and is reportedly obtained via a zero-day exploit.
Date: 2025-12-20T22:20:33Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272449/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5cf8f727-ecd5-463e-be99-56732762098f.png
https://d34iuop8pidsy8.cloudfront.net/42bf4647-9043-487e-8332-7b8ddfaa2bad.png
Threat Actors: Anon-WMG
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged login access to Cambodia’s Education Management Information System
Category: Initial Access
Content: The group claims to have gained unauthorized access to the Education Management Information System in Cambodia.
Date: 2025-12-20T21:29:23Z
Network: telegram
Published URL: https://t.me/h3c4kedzsec_official/230
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e666e21a-b3f2-441a-a145-3e16dece61ca.png
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: department of education management information system
Victim Site: entryemis.moeys.gov.kh - Alleged data leak of Vietnam Loan Data
Category: Data Breach
Content: The threat actor advertising the sale of an alleged Vietnam-based loan database containing approximately 3 million records. The exposed data reportedly includes personal and loan-related information such as names, phone numbers, email addresses, identification details, birthdates, and timestamps.
Date: 2025-12-20T20:44:52Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-VIETNAM-LOAN-DATA-3-millions-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d1c4af10-f326-4b61-b858-35e03531c0c4.png
Threat Actors: Wildpistol
Victim Country: Vietnam
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Oil and energy company
Category: Data Breach
Content: The threat actor claims to have a sale of Oil and energy company . which includes internal infrastructure such as domain controllers, web servers, database servers, and storage systems.
Date: 2025-12-20T20:35:00Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-200B-Oil-and-energy-company
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15940d61-7022-472c-9168-215e6d1ec16b.png
Threat Actors: isellaccess
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login access to Dr. Rumana Mansur and Associates client portal
Category: Initial Access
Content: The group claims to have leaked the login credentials to the therapy portal used by Dr. Rumana Mansur and Associates
Date: 2025-12-20T20:32:11Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/309
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11b1b9d4-d20c-4d4d-8fca-a50eb2e09ccf.jpg
Threat Actors: Digit_4
Victim Country: USA
Victim Industry: Mental Health Care
Victim Organization: rumana mansur and associates
Victim Site: therapyportal.com/p/drmansurandassociates - Alleged Sale of Unauthorized Multiple Access to Rheinland University and University of Columbia
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to compromised university systems, Rheinland University and the University of Columbia. The access reportedly enables control over academic assessment systems, student and staff accounts, and administrative functions, with individual access offerings advertised for sale.
Date: 2025-12-20T20:25:23Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Selling-University-access-Rheiland-University-University-of-columbia-cleverkid
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/faf0c37b-a7ad-455c-a80e-ea6642f80904.png
Threat Actors: txt
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - SYLHET GANG-SG and DieNet claims to target India
Category: Alert
Content: A recent post by the group SYLHET GANG-SG, in collaboration with DieNet, indicates that they’re targeting India.
Date: 2025-12-20T20:24:10Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7222
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f4f7a44-1f2a-41d7-80c2-c5e8bec77bfe.png
Threat Actors: SYLHET GANG-SG
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged login access to student portal of Yala Rajabhat University
Category: Initial Access
Content: The group claims to have leaked login credentials to the student portal of Yala Rajabhat University
Date: 2025-12-20T20:23:19Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/308
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/189c4ca1-6778-4fea-aa85-9fa2ca6f6a17.jpg
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Education
Victim Organization: yala rajabhat university
Victim Site: yru.ac.th - Alleged data leak of Israel Defense Forces
Category: Data Breach
Content: The threat actor claims to have leaked email data allegedly linked to major Israeli military units, suggesting exposure of internal communications and sensitive military-related information.
Date: 2025-12-20T20:09:02Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-ISRAEL-Email-Leaks-for-Major-Military-Corps-Secret-Military-Info-Death-To-Arabs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/60c378e4-961c-4168-82a1-e8c1649370e0.png
Threat Actors: jrintel
Victim Country: Israel
Victim Industry: Defense & Space
Victim Organization: israel defense forces
Victim Site: idf.il - Rogue77 targets the website of Shibpur Paurashava
Category: Defacement
Content: The group claims to have defaced the website of Shibpur Paurashava
Mirror: https://zone-xsec.com/mirror/id/773077
Date: 2025-12-20T20:02:50Z
Network: telegram
Published URL: https://t.me/r0gue77/22
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3b829d89-2dda-4989-a43d-238a7e058c2e.png
Threat Actors: Rogue77
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: shibpur paurashava
Victim Site: shibpurpaurashava.gov.bd
- Security ONE Alarm Systems falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data and plans to publish within 4-5 days.
Date: 2025-12-20T19:43:05Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=FdAYqunolfwKU2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4c7dba9-be62-484b-b134-a9a524f82109.png
Threat Actors: PLAY
Victim Country: Canada
Victim Industry: Information Technology (IT) Services
Victim Organization: security one alarm systems
Victim Site: securityonealarm.com - PhantomSec1337 targets the website of Coaching Fusión
Category: Defacement
Content: The Group claims to have defaced the website of Coaching Fusión.
Date: 2025-12-20T19:35:43Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220019
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd392e31-1617-4142-8053-042e26d48216.png
Threat Actors: PhantomSec1337
Victim Country: Spain
Victim Industry: Professional Training
Victim Organization: coaching fusión
Victim Site: academy.coachingfusion.com - Kucera International Inc. falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data and plans to publish within 4-5 days.
Date: 2025-12-20T19:34:34Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=JJKgbgDA14g4U8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6673ead-16f2-489d-bdf1-7779545c4cd3.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Civil Engineering
Victim Organization: kucera international inc.
Victim Site: kucerainternational.com - PhantomSec1337 targets the website of NearMeSEO
Category: Defacement
Content: The Group claims to have defaced the website of NearMeSEO.
Date: 2025-12-20T19:25:18Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220020
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3155e56a-9d87-410f-b02d-8f22e8274f9b.png
Threat Actors: PhantomSec1337
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: nearmeseo
Victim Site: nearmese0.com - HonkSec targets the website of Department of Education – Schools Division of Misamis Occidental
Category: Defacement
Content: The Group claims to have defaced the website of Department of Education – Schools Division of Misamis Occidental.
Date: 2025-12-20T19:20:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220023
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dde1e530-e68c-4847-9258-5bd0663f0996.png
Threat Actors: HonkSec
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: department of education – schools division of misamis occidental
Victim Site: depedmisocc.info - HonkSec targets the website of Department of Education – Schools Division of Ozamiz City
Category: Defacement
Content: The Group claims to have defaced the website of Department of Education – Schools Division of Ozamiz City.
Date: 2025-12-20T19:14:42Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220022
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cb9204d-0d24-4d2f-9766-09fa45129960.png
Threat Actors: HonkSec
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: department of education – schools division of ozamiz city
Victim Site: ozamiz.deped.gov.ph - 7 Proxies target the website of Dr. Khondkar Abdul Jalil High School
Category: Defacement
Content: The Group claims to have defaced the website of Dr. Khondkar Abdul Jalil High School
Mirror Link: https://ownzyou.com/zone/280223
Date: 2025-12-20T19:13:09Z
Network: telegram
Published URL: https://t.me/c/2366703983/862
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/170dded7-b2a6-4cf5-a4de-533ee3e8bed0.jpg
Threat Actors: 7 Proxies
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: dr. khondkar abdul jalil high school
Victim Site: drkajalilhs.edu.bd
- Alleged Data Leak of 3 Million Vietnam Loan Records
Category: Data Breach
Content: Threat Actor claims to be have leaked the database of approximately 3 million loan-related records allegedly originating from Vietnam. It includes personal information such as first name, last name, phone number, gender, email address, identification number, birthdate, and associated timestamps.
Date: 2025-12-20T19:08:03Z
Network: openweb
Published URL: https://leakbase.la/threads/vietnam-loan-data-3-millions-2025.47325/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27113831-d259-4ce2-b899-f5437683595e.png
Threat Actors: sheldon
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of 6K Epic Games Account
Category: Data Breach
Content: Threat actor claims to have leaked approximately 6,000 Epic Games user accounts.
Date: 2025-12-20T18:59:09Z
Network: openweb
Published URL: https://leakbase.la/threads/6k-epic-games-account.47322/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2002c06-7058-40c9-a19b-9ffbdf0f363f.png
Threat Actors: usr_xss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Honorable City Council of Los Reyes
Category: Data Breach
Content: The threat actor claims to have fully compromised the Los Reyes, Michoacán Municipal Government (H. Ayuntamiento de Los Reyes), allegedly obtaining complete access to internal databases containing municipal, administrative, and citizen-related records.
Date: 2025-12-20T18:47:15Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-MX-GOB-Ayuntamiento-de-Los-Reyes-Michoac%C3%A1n-Full-Database-Dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bfa82834-e12a-424f-99d7-a4760276f0e5.png
Threat Actors: Evorax
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: h. ayuntamiento de los reyes
Victim Site: losreyes.gob.mx - Alleged data breach of All O Soft Company Limited
Category: Data Breach
Content: The group claims to have breached All O Soft Company Limited in Thailand.
Date: 2025-12-20T17:52:28Z
Network: telegram
Published URL: https://t.me/kkg_z/678
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce539a47-1dec-4392-b89a-16610e0bdfdc.png
Threat Actors: KKG-Z
Victim Country: Thailand
Victim Industry: Information Technology (IT) Services
Victim Organization: all o soft company limited
Victim Site: aos.in.th - Alleged access to an unidentified water pump control system in South Africa
Category: Initial Access
Content: The group claims to have gained unauthorized access to a water pump control system in South Africa, allegedly responsible for managing pressure and pump operations across an integrated network.
Date: 2025-12-20T17:20:10Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2962?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cfec9b2-fa83-4b49-9614-1fd870ce9acf.png
https://d34iuop8pidsy8.cloudfront.net/d9ed101b-bf78-45b0-9d17-dbce1d352700.png
https://d34iuop8pidsy8.cloudfront.net/948772e0-3f86-43d6-a55c-2910686811f3.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of admin credentials to SIMS Group of Institutions
Category: Initial Access
Content: The group claims to have leaked the administrator login credentials to the website of SIMS Group of Institutions
Date: 2025-12-20T16:52:57Z
Network: telegram
Published URL: https://t.me/c/2259100562/649
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc6fb2ed-b0c8-422d-af3b-53732145477f.jpg
Threat Actors: NATION OF SAVIORS
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: sims group of institutions
Victim Site: simscollege.ac.in - Victoria Company falls victim to Qilin ransomware
Category: Ransomware
Content: The group claims to have obtained organization data.
Date: 2025-12-20T16:41:01Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1de1c532-b66d-3de2-8dd4-f20a220d9edf
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e6a64c6-c709-474f-a3dd-18b612e09e12.png
Threat Actors: Qilin
Victim Country: Belgium
Victim Industry: Luxury Goods & Jewelry
Victim Organization: victoria company
Victim Site: victoria-benelux.com - EGP Comunicaciones S.A.C. falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-20T16:35:06Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=597514c9-e6ad-3173-863d-1b2fbed60104
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2433ff12-8deb-4ae2-a3cf-0e01e60cb220.png
Threat Actors: Qilin
Victim Country: Peru
Victim Industry: Network & Telecommunications
Victim Organization: egp comunicaciones s.a.c.
Victim Site: egpcomunicaciones.com - Titan Motor Group falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-20T16:30:54Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=04c5d1b7-f3a4-367f-a508-0bff755c9eb5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1b13e9d-5684-40f6-8178-f2915d580f36.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Automotive
Victim Organization: titan motor group
Victim Site: titanmotorgroup.com - Dolan Construction falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-20T16:25:46Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=40897f76-0925-3d94-bbdd-ab935a3d405b
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d328ce6-4dc1-4503-adfb-9be45d25841c.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: dolan construction
Victim Site: dolanconstructioninc.com - Alleged data leak of Kulti College
Category: Data Breach
Content: The group claims to have leaked internal database from Kulti College
Date: 2025-12-20T16:20:31Z
Network: telegram
Published URL: https://t.me/c/3634444524/55
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ba231ddc-41bf-4a1c-a9fa-6a8222917ee9.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Education
Victim Organization: kulti college
Victim Site: kulticollege.ac.in - Rogue77 targets the website of Bijhari Upashi Tara Prasanna High School
Category: Defacement
Content: The group claims to have defaced the website of Bijhari Upashi Tara Prasanna High School in Bangladesh.
Date: 2025-12-20T16:10:28Z
Network: telegram
Published URL: https://t.me/r0gue77/21
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/30d420db-23c3-4d39-8524-2c384fcf1233.png
Threat Actors: Rogue77
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: bijhari upashi tara prasanna high school (butphs)
Victim Site: butphs.edu.bd - Busbusbus falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-20T16:09:27Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=27d51d1b-6088-3d80-b60a-3b1c89db6be8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2e559a4-c2ea-4a39-8b87-b5416af9e498.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Transportation & Logistics
Victim Organization: busbusbus
Victim Site: busbusbus.com - Unipres Corporation falls victim to DragonForce Ransomware
Category: Ransomware
Content: The group claims to have obtained 117.1 GB of organization data and they intend to publish it within 1-2 days.
Date: 2025-12-20T16:05:17Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee91d5ae-1610-4791-a2fb-75fea6c09a20.png
Threat Actors: DragonForce
Victim Country: USA
Victim Industry: Automotive
Victim Organization: unipres corporation
Victim Site: unipres.co.jp - Integrated Technology Group (ITG) falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-20T15:06:54Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0d943180-acb2-377f-ae9a-754d7e896191
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e12dd3d4-2e4c-49dc-8c8f-d86ceac310db.png
Threat Actors: Qilin
Victim Country: Jordan
Victim Industry: Information Technology (IT) Services
Victim Organization: integrated technology group (itg)
Victim Site: itgsolutions.com - IAPMO falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained 361 GB of organization’s data.
Date: 2025-12-20T14:58:35Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=907e1df0-65b8-3810-ac42-33d6a84e2b53
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d5b2060-beb0-4b43-a3a0-4ad4833ab8fe.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Non-profit & Social Organizations
Victim Organization: iapmo
Victim Site: iapmo.org - Alleged Data Leak of Indonesian Personal Records
Category: Data Breach
Content: The group claims to have leaked sensitive personal data from Indonesia, including national ID numbers (NIK), mobile numbers, full names, and addresses.
Date: 2025-12-20T14:21:18Z
Network: telegram
Published URL: https://t.me/MR_PLAX/104
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e77a9652-bca9-4d7f-8246-d2dcb3657535.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of Al Sadd Sports Club
Category: Data Breach
Content: The threat actor claims to be selling data from Al Sadd Sports Club, alleging a data breach that led to the exposure of 108 files containing IDs, passports, player contracts, IBANs, and other sensitive information.
Date: 2025-12-20T14:08:46Z
Network: openweb
Published URL: https://darkforums.hn/Thread-Document-Qatar-Al-Sadd-Sports-Club-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15961f28-0170-4695-9ba8-c80182f453fb.png
https://d34iuop8pidsy8.cloudfront.net/2a252040-3ad4-48ff-b80e-4d23802b54e8.png
Threat Actors: Demetrius
Victim Country: Qatar
Victim Industry: Sports
Victim Organization: al sadd sports club
Victim Site: al-saddclub.com - Alleged data sale of Credit card in USA
Category: Data Breach
Content: Threat actor claims to be selling credit card data from USA. The compromised data reportedly contains name, phone number, zip code, email address, city, etc.
Date: 2025-12-20T14:08:33Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272429/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61afa0ef-66e6-4c86-ab82-5f978c509242.jpg
Threat Actors: chebyrashka777
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of a malicious dropper
Category: Malware
Content: Threat actor claims to be selling a malicious in-memory dropper, which supports fileless execution, generates unique per-build binaries, includes anti-VM and anti-debug protections, leverages DLL side-loading, and claims temporary evasion of Windows Defender detection.
Date: 2025-12-20T14:06:06Z
Network: openweb
Published URL: https://xss.pro/threads/144929/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7cbf839c-9011-4867-9bdb-d05532f589ac.png
Threat Actors: roush
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Cyber Fattah Team claims to target Dana Ronen
Category: Ransomware
Content: Cyber Fattah team claims, The Iranian Islamic Resistance Cyber Unit breached the Dana Ronen using CVE-2025-55182, and they have deployed BQT ransomware.
NB: The authenticity of the claim is yet to be verified.
Date: 2025-12-20T13:55:05Z
Network: telegram
Published URL: https://t.me/fattah_iriii/1085
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cafe4388-ae15-440c-97d3-bd1c8f0501d1.png
Threat Actors: Cyber Fattah Team
Victim Country: Israel
Victim Industry: Retail Industry
Victim Organization: dana ronen
Victim Site: danaribbons.co.il
- Alleged login access to The Natural Health Library
Category: Initial Access
Content: The group claims to have gained login access to The Natural Health Library
Date: 2025-12-20T13:44:10Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/303
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/68037f96-a46f-405f-b76d-e9ae8a5c2082.JPG
Threat Actors: Digit_4
Victim Country: Canada
Victim Industry: Information Services
Victim Organization: the natural health library
Victim Site: thenaturalhealthlibrary.com - Alleged login access to Lopburi Technical College
Category: Initial Access
Content: The group claims to have gained login access to Lopburi Technical College
Date: 2025-12-20T13:30:57Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/302
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/80d122d8-b7c4-4d3f-9ca6-0cc4675fd901.JPG
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Education
Victim Organization: lopburi technical college
Victim Site: rms.lbtech.ac.th - Alleged leak of login credentials to The Truth About Cancer
Category: Initial Access
Content: The group claims to have leaked the login credentials of The Truth About Cancer.
Date: 2025-12-20T13:16:09Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/305
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a839fa5c-542c-4676-8972-af6d7ff41751.png
Threat Actors: Digit_4
Victim Country: USA
Victim Industry: Health & Fitness
Victim Organization: the truth about cancer
Victim Site: secure.thetruthaboutcancer.com - Alleged login access to ZEUS
Category: Initial Access
Content: The group claims to have gained login access to ZEUS
Date: 2025-12-20T13:15:03Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/299
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cbdbeb9-dcde-4e37-b36d-b85baffcb066.JPG
Threat Actors: Digit_4
Victim Country: USA
Victim Industry: Broadcast Media
Victim Organization: zeus
Victim Site: thezeusnetwork - Alleged leak of login credentials to STOU e-book
Category: Initial Access
Content: The group claims to have leaked the login credentials of STOU e-book.
Date: 2025-12-20T13:11:36Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/304
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ca83004-54b4-40c7-95aa-0f66dd553a77.png
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Education
Victim Organization: sukhothai thammathirat open university
Victim Site: ebook.stou.ac.th - NATION OF SAVIORS targets the website of Institute Of Advanced Computer Technology
Category: Defacement
Content: The group claims to have defaced the website of Institute Of Advanced Computer Technology
Date: 2025-12-20T13:00:19Z
Network: telegram
Published URL: https://t.me/c/2259100562/635
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c81c6cea-01c9-4f86-9620-f270bc6fbe69.JPG
Threat Actors: NATION OF SAVIORS
Victim Country: India
Victim Industry: Education
Victim Organization: institute of advanced computer technology
Victim Site: afcttc.co.in - HOMESTEAD ELECTRICAL CONTRACTING, LLC falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-20T12:49:57Z
Network: tor
Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69444a0e88b6823fa2c9eb18
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7fc2b2b-9d2b-4edb-96c5-16aea090b79f.jpg
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: homestead electrical contracting, llc
Victim Site: homesteadelectric.com - Alleged data leak of pigai.org
Category: Data Breach
Content: The threat actor claims to have 1.8 million records from pigai.org, allegedly containing full names, phone numbers, email addresses, school names, and classes. The data was leaked in 2019.
Date: 2025-12-20T12:39:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Chinese-pigai-org-Education-Site-1-8M-Data-breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b68d757f-11f5-4c24-a837-4695cf3f1eae.png
Threat Actors: Tokyo0404
Victim Country: China
Victim Industry: Education
Victim Organization: Unknown
Victim Site: pigai.org - GHOSTNET-X claims to target multiple countries
Category: Alert
Content: A recent post by the group indicates that they are targeting multiple countries including India, Israel and Indonesia.
Date: 2025-12-20T12:32:22Z
Network: telegram
Published URL: https://t.me/c/3634444524/37
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/465bd5a0-16d0-46ee-8a4c-02b79448bf45.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of unidentified multiple organizations
Category: Data Breach
Content: The group claims to have selling data bases from unidentified multiple organizations, like central bank, an airport and an International universities.
Date: 2025-12-20T12:21:13Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/115
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ec2d750-d180-4dc7-9830-ff5d26490ee8.jpg
Threat Actors: LulzSec Hackers
Victim Country: Unknown
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of EDF
Category: Data Breach
Content: The threat actor claims to be selling 15 million records containing IBANs from EDF, allegedly including names, dates of birth, email addresses, physical addresses, IBANs, and more.
Date: 2025-12-20T12:13:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-EDF-France-EDF-FR-15-MILION-LINES-WITH-IBAN
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c5ffc88d-f3b1-4bac-8267-68c4cbaa73a7.png
Threat Actors: 8080
Victim Country: France
Victim Industry: Energy & Utilities
Victim Organization: edf
Victim Site: edf.fr - Alleged sale of login access to Garuda Indonesia
Category: Initial Access
Content: The group claims to have selling admin panel access to Garuda Indonesia
Date: 2025-12-20T11:16:01Z
Network: openweb
Published URL: https://ramp4u.io/threads/%D0%BF%D1%80%D0%BE%D0%B4%D0%B0%D1%8E-%D0%B4%D0%BE%D1%81%D1%82%D1%83%D0%BF-indonesia.3720/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eba5dfc8-27cd-4d98-ad82-1b6e6f41f881.jpg
Threat Actors: PAYDAY
Victim Country: Indonesia
Victim Industry: Airlines & Aviation
Victim Organization: garuda indonesia
Victim Site: garuda-indonesia.com - Alleged sale of Windows Local Privilege Escalation (LPE)
Category: Malware
Content: Threat actor claims to be selling Local Privilege Escalation (LPE) on Windows 10, Windows 11, Server 2012/2016/2019/2022/2025.
Date: 2025-12-20T11:08:54Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272422/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfcd4195-4a71-44ac-9589-1ae38b674066.jpg
Threat Actors: wern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Insight
Category: Data Breach
Content: The group claims to have breached the organization’s data.
Date: 2025-12-20T11:02:53Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/insight
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a115456-cabd-45d3-8237-7251d7212a7f.png
Threat Actors: CoinbaseCartel
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: insight
Victim Site: insight.com - Z-SH4DOWSPEECH targets the website of Allsmart.id
Category: Defacement
Content: The group claims to have defaced the website of Allsmart.id
Date: 2025-12-20T10:30:45Z
Network: telegram
Published URL: https://t.me/c/2552217515/196
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eee52884-b9b9-44bc-b003-493132fcba93.JPG
Threat Actors: Z-SH4DOWSPEECH
Victim Country: Indonesia
Victim Industry: Information Technology (IT) Services
Victim Organization: allsmart.id
Victim Site: admin.allsmart.id - Alleged data breach of Internet Madrasa
Category: Data Breach
Content: The group claims to have gained unauthorized administrative-level access to Internet Madrasa. The compromised access allegedly provides control over academic and administrative functions
Date: 2025-12-20T09:01:25Z
Network: telegram
Published URL: https://t.me/c/2366703983/850
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2770ceda-ff6e-437d-8097-b8f063491695.png
Threat Actors: 7 Proxies
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: internet madrasa
Victim Site: internetmadrasa.com - Z-SH4DOWSPEECH targets the website of Brandex Directory Co., Ltd
Category: Defacement
Content: The group claims to have defaced the website of Brandex Directory Co., Ltd
Date: 2025-12-20T08:56:30Z
Network: telegram
Published URL: https://t.me/c/2552217515/192
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/260a9941-7f15-43c2-83cc-b7d8890c5a95.JPG
Threat Actors: Z-SH4DOWSPEECH
Victim Country: Thailand
Victim Industry: Manufacturing & Industrial Products
Victim Organization: brandex directory co., ltd
Victim Site: bearings-center.com - ENTHER ERROR SYSTEM targets the website of harmeet-singh.rf.gd
Category: Defacement
Content: The group claims to have defaced the website of harmeet-singh.rf.gd
Date: 2025-12-20T08:43:28Z
Network: telegram
Published URL: https://t.me/c/3303112391/241
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0995cd72-3d05-41a6-bee8-c427c826ac00.JPG
Threat Actors: ENTHER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: harmeet-singh.rf.gd - Your Doctor
Category: Data Breach
Content: The threat actor claims to have leaked data from Your Doctor, allegedly containing IDs, doctor IDs, phone numbers, dates of birth, and more.
Date: 2025-12-20T08:25:47Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-FREE-RUSSIAN-DATABASE-k-vashdoctor-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/005bbbe6-6886-4568-9a41-5bf317798e43.png
Threat Actors: trashfunny
Victim Country: Russia
Victim Industry: Hospital & Health Care
Victim Organization: your doctor
Victim Site: k-vashdoctor.ru - ENTHER ERROR SYSTEM targets the website of Dreams Technologies
Category: Defacement
Content: The group claims to have defaced the website of Dreams Technologies.
Date: 2025-12-20T07:36:48Z
Network: telegram
Published URL: https://t.me/c/3303112391/240
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aee04485-ae18-42d7-ad4a-1b7694147e18.png
Threat Actors: ENTHER ERROR SYSTEM
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: dreams technologies
Victim Site: dreamstour-wp.dreamstechnologies.com - Alleged login access to The CPAP Shop
Category: Initial Access
Content: The group claims to have gained login access to The CPAP Shop
Date: 2025-12-20T07:29:31Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/163
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/889e5f11-9eef-42c6-a290-6a5aabadaee0.JPG
Threat Actors: Digit_4
Victim Country: USA
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: the cpap shop
Victim Site: thecpapshop.com - Alleged access to Office of the Basic Education Commission
Category: Initial Access
Content: The group claims to have gained access to Office of the Basic Education Commission.
Date: 2025-12-20T07:25:30Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/162
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/543367ce-5257-4f2a-bec8-155f229e5fc8.jpg
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: office of the basic education commission
Victim Site: cms.contentcenter.obec.go.th - Alleged leak of unauthorized access to Department of Business Development
Category: Initial Access
Content: The threat actor claims to have leaked unauthorized access to Department of Business Development
Date: 2025-12-20T06:20:03Z
Network: telegram
Published URL: https://t.me/zeroblueshadow/467
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/83d7b1e8-83e2-4ea7-b26f-0a3be08edcab.png
Threat Actors: Blue Shadow
Victim Country: Thailand
Victim Industry: Government Relations
Victim Organization: department of business development
Victim Site: efilingfn.dbd.go.th - Alleged data leak of Israel
Category: Data Breach
Content: The Group claims to have leaked Israel data
Date: 2025-12-20T06:05:59Z
Network: telegram
Published URL: https://t.me/c/3634444524/33
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4590d06f-e7eb-4080-803d-79f3ebf32e64.png
Threat Actors: GHOSTNET-X
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Delhi Public School Dhuri
Category: Data Breach
Content: Threat actor claims to have leaked data from Delhi Public School Dhuri.
Date: 2025-12-20T06:03:27Z
Network: telegram
Published URL: https://t.me/c/3634444524/34
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/982db356-42fd-41d5-baf0-a8f9650892b6.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Education
Victim Organization: delhi public school dhuri
Victim Site: dpsdhuri.edu.in - Alleged sale of macOS HVNC
Category: Malware
Content: The threat actor claims to be selling a macOS HVNC-based RAT that targets macOS systems, offering root-level access, hidden remote control capabilities, and the ability to extract browser cookies and autofill data, with additional features including multiple droppers and firewall bypass techniques.
Date: 2025-12-20T05:50:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272414/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8dd22547-9f54-4754-8e9d-3933a0451b34.png
Threat Actors: curious_george
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Kraken
Category: Data Breach
Content: Threat actor claims to have leaked 47K lines data of Kraken. The compromised data includes first name, last name, email, phone and address.
Date: 2025-12-20T05:31:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272413/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ae099e0a-8b8a-4668-9fbe-1c848bf29758.png
Threat Actors: Shampoo69
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: kraken
Victim Site: kraken.com - Alleged data sale of Fate
Category: Data Breach
Content: Threat actor claims to be selling source code of Fate.
Date: 2025-12-20T05:26:55Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272415/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3b154c6-69e2-4604-bfd4-6e84ce76de25.png
Threat Actors: Cyborg
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: fate
Victim Site: fate.bet - GHOSTNET-X targets the website of LaserTOTs
Category: Defacement
Content: The group claims to have defaced the website of LaserTOTs
Date: 2025-12-20T04:56:22Z
Network: telegram
Published URL: https://t.me/c/3634444524/28
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d2078d89-6f8b-4b35-bcea-2efd08432771.png
Threat Actors: GHOSTNET-X
Victim Country: Canada
Victim Industry: Hospital & Health Care
Victim Organization: lasertots
Victim Site: lasertots.ca - Alleged webshell access to multiple websites
Category: Initial Access
Content: The group claims to have gained and leaked unauthorized webshell access to multiple websites.
Date: 2025-12-20T04:51:10Z
Network: telegram
Published URL: https://t.me/c/2552217515/188
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1795bd0-24dc-45ee-9f87-363f82af7d40.png
https://d34iuop8pidsy8.cloudfront.net/471314d6-7aa1-4f3c-94cc-95c2fead64a9.png
https://d34iuop8pidsy8.cloudfront.net/088e2474-3304-4ca7-9493-95b52d568234.png
https://d34iuop8pidsy8.cloudfront.net/75c0dc06-3733-4950-9f6f-3304546300bb.png
https://d34iuop8pidsy8.cloudfront.net/a1285c8f-ec86-419f-883f-c223a9c453ca.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of ColisPack
Category: Data Breach
Content: The threat actor claims to have leaked data from ColisPack. The compromised data reportedly customer names, phone numbers, physical addresses.
Date: 2025-12-20T04:39:53Z
Network: openweb
Published URL: https://darkforums.hn/Thread-ColisPack-Customer-Orders-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a8d8a7b-661c-451f-b60c-fdf5ff4a4fed.png
Threat Actors: xNov
Victim Country: Morocco
Victim Industry: Transportation & Logistics
Victim Organization: colispack
Victim Site: colispack.com - GHOSTNET-X targets the website of Signefo
Category: Defacement
Content: The Group claims to have defaced the website of Signefo
Date: 2025-12-20T04:31:53Z
Network: telegram
Published URL: https://t.me/c/3634444524/28
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4989ef3d-5278-4c1e-9b2e-db2a29e8a0df.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Software Development
Victim Organization: signefo
Victim Site: signefo.co.in - Alleged Leak of Mexican SPF Law Enforcement Data
Category: Data Breach
Content: The threat actor claims to have leaked Mexican SPF Law Enforcement data allegedly containing ID’s, RFC, CURP, Full name, Police/Guardia, State.
Date: 2025-12-20T03:24:00Z
Network: openweb
Published URL: https://darkforums.hn/Thread-DATABASE-Mexico-SPF-DB-leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/babed5b9-9ac9-43e9-8c8e-43c1633375f7.png
Threat Actors: GhostSec
Victim Country: Mexico
Victim Industry: Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Android Banking RAT
Category: Malware
Content: The threat actor claims to be selling a Android RAT targeting mobile banking apps.
Date: 2025-12-20T02:36:20Z
Network: openweb
Published URL: https://breachforums.bf/Thread-MALWARE-The-Best-Android-Banking-RAT
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/979d1090-6167-4615-97db-cd8f2d4269f2.png
https://d34iuop8pidsy8.cloudfront.net/701d392c-350e-4526-9b2d-fe31fc20c4c7.png
https://d34iuop8pidsy8.cloudfront.net/75337c1d-d1e7-4fcd-8afc-57e3c7754180.png
https://d34iuop8pidsy8.cloudfront.net/46b99cfb-b99a-4081-8a72-abc6375851c1.png
Threat Actors: Hacknull
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of India’s state tax authorities
Category: Data Breach
Content: The group claims to be leaked the database of India’s state tax authorities. The compromised data includes Identification records, civil registration data, official identity documents, demographic information, contact information, Financial and banking records, bank account data, income and salary information, tax declarations, financial transactions, Employment records, employee data, employer information, tax deductions, compensations, and Commercial records, registered business activities, income reports, and professional license information
Date: 2025-12-20T02:20:16Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2949?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9160d3ad-8bc4-4763-a89f-9d40ad5f8e8c.png
https://d34iuop8pidsy8.cloudfront.net/683ebb68-e042-482f-8d64-db70aee13186.png
https://d34iuop8pidsy8.cloudfront.net/e30ccb98-33c0-443d-b0e0-63a7fde4182d.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: India
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login access to Eastern College of Technology
Category: Initial Access
Content: The group claims to have gained login access to Eastern College of Technology
Date: 2025-12-20T01:40:38Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/157
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/faaa3e29-34c0-4e2e-8dda-7590746580a3.png
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Education
Victim Organization: eastern college of technology
Victim Site: e-tech.ac.th - Alleged Unauthorized Access to unidentified system in the Italy
Category: Initial Access
Content: The group claims to have Unauthorized Access to unidentified system in the Italy
Date: 2025-12-20T00:54:45Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/2959
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2853175a-a63d-4d55-810d-2b0caae86248.png
https://d34iuop8pidsy8.cloudfront.net/b95e7257-22c1-4e12-9f8e-a7b853cfcd57.png
https://d34iuop8pidsy8.cloudfront.net/f716f025-4d10-4bf6-b01e-db670b771583.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown