[December-21-2025] Daily Cybersecurity Threat Report

Posted on

Daily Cyber Threat Intelligence Report: December 21, 2025

1. Executive Summary

The provided dataset indicates a high volume of global cyber activity. Key trends include a surge in Initial Access Brokerage targeting educational and government institutions in Thailand, impactful Ransomware attacks against healthcare and infrastructure sectors in the Americas and Europe, and widespread Data Breaches affecting government entities in Indonesia and Senegal111111111.+4

2. Ransomware Incidents

Ransomware groups continue to target critical sectors, including healthcare, construction, and logistics. The group INC RANSOM and ANUBIS were particularly active during this period.

Victim OrganizationIndustryCountryThreat ActorStatus/Notes
Cedar Valley ServicesHuman ResourcesUSAQilinData obtained 2
Woodglen Medical GroupHealthcareUSAANUBISData renamed to “Emanate Health”; includes financial/customer records 3333+1
VÁHOSTAVConstructionSlovakiaDragonForce224.87 GB of data stolen; publication threatened in 7-8 days 4
Evercover Helmet CoversSporting GoodsHungaryINC RANSOMInternal data gained 5
Talarico SRLConstructionItalyINC RANSOMPreviously hit by “The Gentlemen” ransomware in Nov 2025 6
University of Planalto CatarinenseEducationBrazilLOCKBIT 5.0Publication threatened in 6-7 days 7
Terport – Terminales Portuarias S.A.LogisticsParaguayLYNXOrganization’s data obtained 8

3. Critical Data Breaches and Leaks

Threat actors have claimed the exfiltration of sensitive Personally Identifiable Information (PII) and government records from multiple regions.

Government & Public Sector

  • Indonesia: A massive breach allegedly exposing Indonesian citizenship records is being sold by actor Brownies281, containing IDs, names, and biographic data9. Additionally, the National Nutrition Agency was compromised by GARUDA BLACKHAT CYBER CRIME10.+1
  • Senegal: The Ministry of the Interior and Public Security suffered a leak of personnel data (rank, signatures, retirement dates) by actor HawkSec11. Another leak targeted a French embassy agent in Senegal12.+1
  • USA (NASA): Actor JRINTEL FREE DATA V3 leaked a 61.6 MB archive from a NASA server related to Spanish teleradiology work13.
  • Mexico: Actor Alz_157s leaked the SIRH (Human Resources System) database for Chiapas, including extensive employee PII14.
  • Bangladesh: Actor 7 Proxies leaked insider employee databases, including police and military personnel records15.

Corporate & Commercial

  • Rolls-Royce Motor Cars (China): A customer database in CSV format is allegedly being sold16.
  • American Health (USA): A database of approximately 116,000 customer records (names, DOB, emails) is being sold by actor zoozkooz17.
  • Fujian Radio, Film and Television Group (China): A breach from 2024 containing 3 million records (names, IDs, addresses) was leaked by Tokyo040418.
  • Paytm (India): Actor Edric is selling 3.2 million user interest leads, including mobile numbers and age groups19.
  • Fastweb (Italy): Actor espandive is selling access to a corporate panel20.

4. Initial Access & Credential Sales

Initial Access Brokers (IABs) are selling unauthorized entry points, which are often precursors to ransomware attacks.

Targeted Educational & Government Campaigns

A significant cluster of activity targeted Thailand, primarily orchestrated by actors Chennel G.H.G.K and Digit_4.

  • Thailand: Admin panel access leaked for New GFMIS Thai (Government Fiscal Management), Ramkhamhaeng University Bookstore, ACC Group, and Prince Royal’s College212121212121212121.+2
  • Turkey: Unauthorized VPN access to an unnamed Turkish university is for sale22.

Corporate & Infrastructure Access

  • China: Unauthorized SSH access to a SOPHON Micro Server (Financial Services) is being sold by ransomcharger23.
  • Guatemala: Internal access to the Ministry of Health is being sold by Juxn-Modz24.
  • Global Infrastructure: A group called Infrastructure Destruction Squad claims to have hacked 265 systems worldwide25.

Credential Dumps (Digit_4 Activity)

The actor Digit_4 released login access for several high-profile platforms on Telegram, including:

  • Google (USA)26.
  • ThriveCart (Spain)27.
  • The Sims Resource (Sweden)28.
  • ThinkCentral (USA)29.

5. Defacement & Hacktivism

Hacktivist groups engaged in website defacements to signal presence or political messaging.

  • 7 Proxies: Targeted Mojomer Hat Fazil Madrasha (Bangladesh)30.
  • NATION OF SAVIORS: Claimed attacks on Government websites of India and ProCert UK Ltd31313131.+1
  • GHOSTNET-X: Targeted multiple sites including an educational portal in Indonesia and a personal website32.
  • DEFACER INDONESIAN TEAM: Targeted multiple Indonesian schools (MTs Al-Jihad Salaman, SMA Negeri 2 Pacitan)33333333.+1
  • BekasiRootSec: Defaced the website of Lifestyle Interiors & Renovation (India)34.

6. Malware & Cybercrime Tools

Sophisticated tools are being marketed to facilitate further attacks.

  • RDP Brut Fast: A tool for brute-forcing RDP on Debian environments is being sold by Mr.Bang35.
  • VOID KILLER: Malware designed to terminate Antivirus and EDR (Endpoint Detection and Response) solutions is being sold by Crypt4You36.
  • Casino Source Code: Source code for a new online casino is being sold by rebel13737.

Strategic Conclusion & Outlook

The intelligence data from this 24-hour period illustrates a highly commoditized and globally distributed cybercrime ecosystem. The sheer volume of incidents indicates that threat actors are operating with high velocity, leveraging specialized marketplaces to trade access, tools, and stolen data with efficiency.

Key strategic takeaways include:

  • The Industrialization of Initial Access: There is a clear separation of labor where “Initial Access Brokers” (IABs) compromise networks and sell the keys rather than exploiting them immediately. The high volume of Admin Panel and VPN/SSH access sales—particularly targeting educational and government institutions in Thailand and Turkey —suggests these sectors are being stockpiled as “soft targets” for future ransomware or espionage campaigns.+3
  • Escalation in Anti-Defense Tools: The sale of the “VOID KILLER” malware, explicitly designed to terminate Antivirus and EDR solutions , alongside specialized RDP brute-force tools, points to a tactical shift. Attackers are actively arming themselves to bypass modern behavioral detection systems, making standard perimeter defenses insufficient.+1
  • Aggressive Double-Extortion in Critical Sectors: Ransomware groups like ANUBIS, INC RANSOM, and Qilin are not just encrypting data but are heavily relying on the threat of leaking sensitive PII (Personally Identifiable Information). The targeting of healthcare providers (Woodglen Medical Group) and infrastructure (VÁHOSTAV, Terport) highlights a ruthless focus on sectors where operational downtime or data privacy violations cause maximum leverage.+3
  • Regional Data Sovereignty Crisis: Southeast Asia, specifically Indonesia, is currently under siege by data leakers. The exposure of massive datasets, including citizenship records and government personnel data, indicates systemic vulnerabilities in the region’s public digital infrastructure that are being exploited at scale.+1

Final Assessment: The threat landscape on this date shows a transition from opportunistic hacks to organized supply-chain style criminality. Organizations are advised to prioritize credential hygiene (to stop IABs) and behavioral monitoring (to detect anti-EDR activity) immediately, as the access sold today effectively becomes the ransomware breach of tomorrow.

Detected Incidents Draft Data

  1. Alleged sale of Australian medical documents
    Category: Data Breach
    Content: Threat actor claims to be selling 300 medical documents in Australia.
    Date: 2025-12-21T23:49:58Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/272472/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e85b1004-5860-4afc-9ea1-cacee8d87bc0.png
    Threat Actors: samy01
    Victim Country: Australia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  2. Cedar Valley Services falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2025-12-21T23:35:48Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7adeac9a-3593-3d19-be7d-217c10e02be4
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0c291c5c-5625-44e1-9372-d7087d7efbc1.png
    https://d34iuop8pidsy8.cloudfront.net/02219eea-9d52-42e2-8e50-abebf1399f43.png
    Threat Actors: Qilin
    Victim Country: USA
    Victim Industry: Human Resources
    Victim Organization: cedar valley services
    Victim Site: cedarvalleyservices.org
  3. Alleged sale of unauthorized SSH access to SOPHON Micro Server
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized SSH access to a SOPHON Micro Server associated with a China-based environment, consistent with initial access broker activity.
    Date: 2025-12-21T23:19:35Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/272515/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/352a28f3-8490-4507-bb9c-82cecc3372e9.png
    Threat Actors: ransomcharger
    Victim Country: China
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
  4. 7 Proxies targets the website of Mojomer Hat Fazil Madrasha
    Category: Defacement
    Content: The group claims to have defaced the website of Mojomer Hat Fazil Madrasha
    Date: 2025-12-21T23:16:40Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/870
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f3bdcf25-4805-4a4b-a29f-d7c0c1c75acc.png
    Threat Actors: 7 Proxies
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: mojomer hat fazil madrasha
    Victim Site: mhfmbor.com
  5. Woodglen Medical Group falls victim to ANUBIS ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data reportedly includes customer information, as well as financial and operational records, and has been renamed to Emanate Health Medical Group OBGYN.
    Date: 2025-12-21T22:46:34Z
    Network: tor
    Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/5r5iXrDcq81ieO1gCAoEV+xeh85NS+tIldTzT3pLyWK1JxFF7IvdItkry8unp46VNERPoj+54TvwbEAmwGWglnRwREltS05T
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bae8ceaf-dde9-4586-95a8-b9274f721cde.png
    https://d34iuop8pidsy8.cloudfront.net/7270673b-4bc1-472c-8c3f-4a1af1693db7.png
    https://d34iuop8pidsy8.cloudfront.net/bea0d526-17ef-438c-9291-4346fbe58843.png
    https://d34iuop8pidsy8.cloudfront.net/d942e63a-2ef2-4f12-a592-c45d9cd5924a.png
    https://d34iuop8pidsy8.cloudfront.net/3f50cee7-d271-476f-942f-572fd70ae946.png
    Threat Actors: ANUBIS
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: woodglen medical group
    Victim Site: woodglenmedical.com
  6. Woodglen Medical Group falls victim to ANUBIS ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data. The data contains customer information, financial and operational information.
    Date: 2025-12-21T22:41:59Z
    Network: tor
    Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/5r5iXrDcq81ieO1gCAoEV+xeh85NS+tIldTzT3pLyWK1JxFF7IvdItkry8unp46VNERPoj+54TvwbEAmwGWglnRwREltS05T
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bae8ceaf-dde9-4586-95a8-b9274f721cde.png
    https://d34iuop8pidsy8.cloudfront.net/7270673b-4bc1-472c-8c3f-4a1af1693db7.png
    https://d34iuop8pidsy8.cloudfront.net/bea0d526-17ef-438c-9291-4346fbe58843.png
    https://d34iuop8pidsy8.cloudfront.net/d942e63a-2ef2-4f12-a592-c45d9cd5924a.png
    https://d34iuop8pidsy8.cloudfront.net/3f50cee7-d271-476f-942f-572fd70ae946.png
    Threat Actors: ANUBIS
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: woodglen medical group
    Victim Site: emanatehealth.org
  7. Alleged data leak of Indonesian citizenship records
    Category: Data Breach
    Content: A threat actor claims to be selling a large dataset allegedly containing Indonesian citizenship records. The advertised data reportedly includes personal and demographic details such as national ID numbers, full names, dates and places of birth, religion, marital status, phone numbers, and email addresses, suggesting a possible compromise
    Date: 2025-12-21T22:14:20Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-Selling-Indonesia-citizenship-data-80-million-records-full-info
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bb4159f2-406d-4d07-9e46-5777680a4dfd.png
    Threat Actors: Brownies281
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: Unknown
    Victim Site: dukcapil.kemendagri.go.id
  8. Alleged leak of NASA teleradiology data
    Category: Data Breach
    Content: The group claims to have leaked a 61.6 MB archive allegedly exfiltrated from an official NASA server, reportedly containing data related to NASA’s collaborative work in Spanish teleradiology.
    Date: 2025-12-21T21:14:27Z
    Network: telegram
    Published URL: https://t.me/topsecretdocumentsleaked/170
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d628b54d-3e5f-4eb8-9ac7-8527c5e3b43c.jpg
    Threat Actors: JRINTEL FREE DATA V3
    Victim Country: USA
    Victim Industry: Aviation & Aerospace
    Victim Organization: nasa
    Victim Site: nasa.gov
  9. GHOSTNET-X targets the SMAN 1 Bandar Lampung Gallery portal
    Category: Defacement
    Content: The group claims to have defaced the Gallery portal of SMAN 1 Bandar Lampung in Indonesia
    Date: 2025-12-21T21:03:43Z
    Network: telegram
    Published URL: https://t.me/c/3614850505/83
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/31f58c9b-3638-44e8-82d0-845ef60a9fa8.png
    Threat Actors: GHOSTNET-X
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: sman 1 bandar lampung
    Victim Site: galeri.smansa-bdl.sch.id
  10. GHOSTNET-X targets the website of Ali Mourtada
    Category: Defacement
    Content: The group claims to have defaced the website of Ali Mourtada
    Date: 2025-12-21T20:36:36Z
    Network: telegram
    Published URL: https://t.me/c/3614850505/83
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c74c2b92-e8d0-42b2-82eb-da0355a453cd.png
    Threat Actors: GHOSTNET-X
    Victim Country: Unknown
    Victim Industry: Gaming
    Victim Organization: ali mourtada website
    Victim Site: thoughtmongery.com
  11. Alleged data leak of Government & Law-Enforcement Agencies from Multiple Countries
    Category: Data Breach
    Content: The threat actor claims to be selling access to and data from multiple government and law-enforcement systems, including alleged Russian FSB documents, government and police email panels from Angola, Thailand, and the UK, ministry accounts, and education administration accounts containing large volumes of student data.
    Date: 2025-12-21T20:22:08Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-Selling-selling-fsb-documents-and-gov-mails-and-ministry
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b1dd54e3-a53e-4702-9a84-4ed6d005e046.png
    Threat Actors: systemreset
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  12. VÁHOSTAV falls victim to DragonForce Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 224.87 GB of organization’s data and they intend to publish it within 7-8 days.
    Date: 2025-12-21T20:13:42Z
    Network: tor
    Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/614072be-44bc-4e74-8d50-d8ac54cbdda3.png
    Threat Actors: DragonForce
    Victim Country: Slovakia
    Victim Industry: Building and construction
    Victim Organization: váhostav
    Victim Site: vahostav-sk.sk
  13. Alleged data leak of Fastweb
    Category: Data Breach
    Content: The threat actor claims to be selling a Fastweb corporate panel.
    Date: 2025-12-21T20:05:40Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-Selling-sell-fastweb-corporate-panel
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fa7a1305-94d6-47a4-b486-026aff4fbec6.png
    Threat Actors: espandive
    Victim Country: Italy
    Victim Industry: Network & Telecommunications
    Victim Organization: fastweb
    Victim Site: fastweb.it
  14. 404 CREW CYBER TEAM targets the website of Dendrita Publicidad
    Category: Defacement
    Content: The group claims to have defaced the admin panel of Dendrita Publicidad
    Date: 2025-12-21T19:42:04Z
    Network: telegram
    Published URL: https://t.me/crewcyber/437
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/481238c8-cad1-48ed-bc5c-f15ec078d1ae.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: Mexico
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: dendrita publicidad
    Victim Site: dendritapublicidad.com.mx
  15. Alleged data breach of Rolls-Royce Motor Cars
    Category: Data Breach
    Content: The threat actor claims to be selling Rolls-Royce China customer database distributed in CSV format
    Date: 2025-12-21T19:28:31Z
    Network: openweb
    Published URL: https://leakbase.la/threads/rolls-royce-china-customer-database.47364/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2ec70f6b-b2a3-40ea-9ee7-7e7243ea5165.png
    Threat Actors: show_more
    Victim Country: China
    Victim Industry: Retail Industry
    Victim Organization: rolls-royce motor cars
    Victim Site: rolls-roycemotorcars.com.cn
  16. Alleged sale of RDP Brut Fast tool
    Category: Malware
    Content: The threat actor claims to be selling an RDP brute-force tool designed for fast and reliable attacks against systems using the NLA protocol on Debian-based environments. The offering includes features such as parallelized brute-forcing, memory-efficient combination generation, progress checkpointing, proxy validation, and filtering of successful or invalid targets.
    Date: 2025-12-21T19:23:57Z
    Network: openweb
    Published URL: https://ramp4u.io/threads/rdp-brut-fast.3731/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b09eb36e-e623-4578-9ff1-9b1af803d0c2.png
    Threat Actors: Mr.Bang
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  17. Z-PENTEST ALLIANCE claims to target Mama Coffee
    Category: Alert
    Content: A recent post by the group claims that they have gained unauthorized access to the CCTV system of Mama Coffee, coffee shop in Ukraine.
    Date: 2025-12-21T19:09:58Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/872
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/433152d7-6a5c-4886-938c-5fd93e340dde.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Ukraine
    Victim Industry: Food & Beverages
    Victim Organization: mama coffee
    Victim Site: Unknown
  18. NATION OF SAVIORS claims to target Government websites of India
    Category: Alert
    Content: A recent post by the group indicates that they are targeting Government websites of India
    Date: 2025-12-21T18:35:38Z
    Network: telegram
    Published URL: https://t.me/c/2259100562/662
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7bbd027d-ec5e-4b81-b1d5-cb3a1dec2428.jpg
    Threat Actors: NATION OF SAVIORS
    Victim Country: India
    Victim Industry: Government Administration
    Victim Organization: Unknown
    Victim Site: Unknown
  19. Netfly targets Dedicated SMTP services
    Category: Alert
    Content: A recent post by the group indicates that they’re targeting Dedicated SMTP services.
    Date: 2025-12-21T18:34:36Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-Selling-Dedicated-SMTP-with-High-Delivery-Performance
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8e468703-f93a-40ff-9d8d-db81a9614822.png
    Threat Actors: Netfly
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  20. Alleged Data Leak of Crypto Bitcoin Funnel
    Category: Data Breach
    Content: The threat actor claims to be selling an allegedly leaked database of Crypto Bitcoin Funnel registration leads. The exposed data appears to include personal information such as first and last names, email addresses, phone numbers, countries, IP addresses, devices, and campaign identifiers linked to multiple Bitcoin-themed marketing funnels.
    Date: 2025-12-21T18:08:55Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-Crypto-Bitcoin-Funnel-Registration-leads
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/126a2581-cccc-4960-b505-c3f68fb72b24.png
    Threat Actors: aisdata
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  21. Alleged data breach of Elementos BUAP
    Category: Data Breach
    Content: The threat actor claims to be selling an allegedly compromised full database with Elementos BUAP, containing author records, artist information, and content relationship data, primarily related to editorial and publication management rather than financial or payment information.
    Date: 2025-12-21T18:04:50Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-Document-MEXICO-BUAP-%E2%80%93-Elementos-Full-Database-Dump
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1f400e8d-9dcc-434d-b770-6884355774b0.png
    Threat Actors: Evorax
    Victim Country: Mexico
    Victim Industry: Education
    Victim Organization: elementos buap
    Victim Site: elementos.buap.mx
  22. Alleged Data Leak of USA Shop
    Category: Data Breach
    Content: The threat actor claims to be selling access to a self-hosted U.S,based shop, including administrative panel access, native checkout forms, and card-based order processing.
    Date: 2025-12-21T17:51:38Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/272492/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/922bbf1b-91e4-4db8-9311-26075ed36922.png
    Threat Actors: CMPunk
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  23. Alleged admin access to the website of sp.yamato.in.th
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the administrator panel of the website sp.yamato.in.th
    Date: 2025-12-21T17:43:13Z
    Network: telegram
    Published URL: https://t.me/black100eyes/112
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7273faac-7f52-4fa7-bb80-243883d1ab9e.png
    Threat Actors: Chennel G.H.G.K
    Victim Country: Thailand
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: sp.yamato.in.th
  24. Alleged data breach of FinShiksha
    Category: Data Breach
    Content: The threat actor claims to be sharing an allegedly compromised WordPress database associated with FinShiksha, exposing backend content such as post records, metadata, and database structure rather than direct customer financial data.
    Date: 2025-12-21T16:47:48Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-%E2%AD%90-WordPress-Database-finshiksha-com-%E2%AD%90
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5f03a121-ccea-4799-aea6-2b86ad158f60.png
    Threat Actors: AshleyWood2022
    Victim Country: India
    Victim Industry: Education
    Victim Organization: finshiksha
    Victim Site: finshiksha.com
  25. Alleged data breach of AGGUN
    Category: Data Breach
    Content: The threat actor claims to be sharing an allegedly compromised database to AGGUN. The exposed data samples suggest customer and order-related information, including user accounts, contact details, addresses, order IDs, payment and delivery information, and other transactional records.
    Date: 2025-12-21T16:35:44Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-%E2%AD%90-South-Korea-Database-www-aggun-kr-%E2%AD%90
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0f021abf-77d6-4df6-b805-52ddf9a99383.png
    Threat Actors: AshleyWood2022
    Victim Country: South Korea
    Victim Industry: E-commerce & Online Stores
    Victim Organization: aggun
    Victim Site: aggun.kr
  26. Alleged data breach of American Health
    Category: Data Breach
    Content: The threat actor claims to be selling an allegedly compromised customer database of American Health, which containing personal information such as names, addresses, contact details, dates of birth, and email addresses, with an alleged dump size of approximately 116,000 records.
    Date: 2025-12-21T16:26:19Z
    Network: openweb
    Published URL: https://leakbase.la/threads/americanhealthus-com-customers-database.47359/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ce993209-56cc-40d6-b4ab-d5fa347446be.png
    Threat Actors: zoozkooz
    Victim Country: USA
    Victim Industry: Health & Fitness
    Victim Organization: american health
    Victim Site: americanhealthus.com
  27. Alleged leak of login access to Ramkhamhaeng University Bookstore
    Category: Initial Access
    Content: The group claims to have leaked the Credentials to the website of Ramkhamhaeng University Bookstore
    Date: 2025-12-21T16:00:35Z
    Network: telegram
    Published URL: https://t.me/black100eyes/113
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e9d5b772-6b48-42c0-88cb-d3c2d948ad0d.jpg
    Threat Actors: Chennel G.H.G.K
    Victim Country: Thailand
    Victim Industry: Education
    Victim Organization: ramkhamhaeng university
    Victim Site: bookstore.ru.ac
  28. Evercover Helmet Covers falls victim to INC RANSOM Ransomware
    Category: Ransomware
    Content: The group claims to have gained the organization’s internal data.
    Date: 2025-12-21T15:06:41Z
    Network: tor
    Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6948023fbe52b3ea15221b9c
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2a85bbf6-dfb5-4937-99b3-9dcfe383c9de.png
    Threat Actors: INC RANSOM
    Victim Country: Hungary
    Victim Industry: Sporting Goods
    Victim Organization: evercover helmet covers
    Victim Site: evercover.com
  29. Alleged data breach of National Nutrition Agency
    Category: Data Breach
    Content: The group claims to have breached the organization’s data
    Date: 2025-12-21T14:56:48Z
    Network: telegram
    Published URL: https://t.me/garudablackhat/114
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/72622aa7-f307-4134-9d58-583b8373e260.png
    Threat Actors: GARUDA BLACKHAT CYBER CRIME
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: national nutrition agency
    Victim Site: bgn.go.id
  30. Talarico SRL falls victim to INC RANSOM Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s internal data.

Note: Talarico SRL has previously fallen victim to The Gentlemen ransomware on November 24, 2025.
Date: 2025-12-21T14:54:21Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6948038dbe52b3ea15222e64
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f6f3b41-d475-4e71-848c-77b4dbb8a013.png
Threat Actors: INC RANSOM
Victim Country: Italy
Victim Industry: Building and construction
Victim Organization: talarico srl
Victim Site: talaricosrl.it

  1. Alleged Data Leak of Bangladesh Government Personnel Information
    Category: Data Breach
    Content: The group claims to have leaked data from insider employee databases of the Bangladesh Government, allegedly including records related to police and military personnel that contain national identification references, passport-related details, permanent addresses, and other sensitive personal information.
    Date: 2025-12-21T14:24:39Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/867
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a0e23bbb-8cad-40c8-aadb-1fb712e6724c.png
    Threat Actors: 7 Proxies
    Victim Country: Bangladesh
    Victim Industry: Government Administration
    Victim Organization: Unknown
    Victim Site: Unknown
  2. Alleged leak of personal data of a French embassy agent in Senegal
    Category: Data Breach
    Content: Threat actor claims to have leaked the personal data of a French embassy agent in Senegal, reportedly including name, address, phone number, email address, and other personal details.
    Date: 2025-12-21T14:13:07Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-A-French-Embassy-agent-in-Senegal-who-is-a-pedophile
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a8496257-ce81-4a04-bfb4-9975774e1f10.png
    Threat Actors: Neyzxxxx
    Victim Country: Senegal
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  3. Alleged leak of admin panel access to PS School
    Category: Initial Access
    Content: The group claims to have leaked the admin panel access of PS School
    Date: 2025-12-21T14:07:11Z
    Network: telegram
    Published URL: https://t.me/black100eyes/103
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e25f1461-ea98-40b5-a862-d9371135f7d7.jpg
    Threat Actors: Chennel G.H.G.K
    Victim Country: Thailand
    Victim Industry: Education
    Victim Organization: ps school
    Victim Site: psschool.in.th
  4. NATION OF SAVIORS targets the website of ProCert UK Ltd
    Category: Defacement
    Content: The group claims to have taken down the website of ProCert UK Ltd
    Date: 2025-12-21T13:51:00Z
    Network: telegram
    Published URL: https://t.me/c/2259100562/659
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8d6998bf-72b5-4abf-8d6e-08756a67b1eb.jpg
    Threat Actors: NATION OF SAVIORS
    Victim Country: UK
    Victim Industry: Professional Training
    Victim Organization: procert uk ltd
    Victim Site: procertuk.org
  5. Alleged sale of user leads from Paytm
    Category: Data Breach
    Content: Threat actor claims to be selling Paytm user interest leads allegedly linked to users in India. The dataset reportedly contains over 3.2 million records, including names, email addresses, mobile numbers, city, gender, and age group information.
    Date: 2025-12-21T13:45:16Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Paytm-User-Interest-Leads-%E2%80%93-India–182000
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5a729964-51af-421f-bc87-b859ed941b3e.png
    Threat Actors: Edric
    Victim Country: India
    Victim Industry: Financial Services
    Victim Organization: paytm
    Victim Site: paytm.com
  6. Alleged leak of data from SIRH system of Chiapas, Mexico
    Category: Data Breach
    Content: Threat actor claims to have leaked database records belonging to the SIRH (Sistema Integral de Recursos Humanos) system of Chiapas, Mexico. The allegedly exposed data pertains to administrative personnel and includes extensive personally identifiable information (PII), such as full names, date and place of birth details, contact information, residential addresses, nationality, education records, language details, employment and payroll-related data, fiscal information, credential details, and profile photos.
    Date: 2025-12-21T13:32:52Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-DATA-OF-SIRH-MEXICO
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4bc724f5-fd6f-4688-8f46-a333eb85ff14.png
    Threat Actors: Alz_157s
    Victim Country: Mexico
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  7. DEFACER INDONESIAN TEAM targets the website of MTs Al-Jihad Salaman
    Category: Defacement
    Content: The group claims to have defaced the website of MTs Al-Jihad Salaman.
    Date: 2025-12-21T13:23:53Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/207
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/03c02208-6d47-4b80-8289-52aacb0b7b8e.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: mts al-jihad salaman
    Victim Site: lulus.mtsaljihadsalaman.sch.id
  8. Alleged unauthorized user account access at BRED Bank Cambodia
    Category: Data Breach
    Content: The group claims to have gained access to a BRED Bank Cambodia customer account.
    Date: 2025-12-21T13:18:55Z
    Network: telegram
    Published URL: https://t.me/h3c4kedzsec_official/240
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/735b9440-b5b9-453e-b55c-062110e82e52.png
    https://d34iuop8pidsy8.cloudfront.net/11b8f283-4dde-4390-ad73-0cb6ef78eb70.png
    Threat Actors: H3C4KEDZ
    Victim Country: Cambodia
    Victim Industry: Banking & Mortgage
    Victim Organization: bred bank cambodia
    Victim Site: bredcambodia.com.kh
  9. GHOST SECURITY SOCIETY PH targets the website of CAMPP
    Category: Defacement
    Content: The group claims to have defaced the website of CAMPP
    Date: 2025-12-21T13:08:29Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/219922
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fc09e342-0955-4c90-a5c3-5a5476f65de1.JPG
    Threat Actors: GHOST SECURITY SOCIETY PH
    Victim Country: Brazil
    Victim Industry: Social Media & Online Social Networking
    Victim Organization: campp
    Victim Site: campp.org.br
  10. BekasiRootSec targets the website of Lifestyle Interiors & Renovation
    Category: Defacement
    Content: The group claims to have defaced the website of Lifestyle Interiors & Renovation
    Date: 2025-12-21T12:48:09Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220036
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ecc8d666-5d88-4be6-83dc-00e4b2964ef4.JPG
    Threat Actors: BekasiRootSec
    Victim Country: India
    Victim Industry: Architecture & Planning
    Victim Organization: lifestyle interiors & renovation
    Victim Site: lifestyleinteriorshub.in
  11. Ministry of the Interior and Public Security of Senegal
    Category: Data Breach
    Content: The threat actor claims to have leaked data from the Ministry of the Interior and Public Security of Senegal. The compromised data reportedly includes name, first name, registration number (CCAP), expected retirement date, document number, signatory’s position/rank, signature, and official stamp.

NB: The threat actor also claims to be responsible for the hack of the French Ministry of the Interior.
Date: 2025-12-21T12:46:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Ministry-of-the-Interior-of-Senegal-HawkSec
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2011b129-acf4-434a-aae0-1dce78eb15c5.png
https://d34iuop8pidsy8.cloudfront.net/7f7ce198-e3e1-42aa-bf33-4a1eb1ba0a6a.png
Threat Actors: HawkSec
Victim Country: Senegal
Victim Industry: Government Administration
Victim Organization: ministry of the interior and public security of senegal
Victim Site: interieur.gouv.sn

  1. DEFACER INDONESIAN TEAM targets the website of SMA Negeri 2 Pacitan
    Category: Defacement
    Content: The group claims to have defaced the website of SMA Negeri 2 Pacitan.
    Date: 2025-12-21T12:33:10Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/209
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/975f3efa-9023-4e0c-b0ef-2f7bfc21071e.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: sma negeri 2 pacitan
    Victim Site: info.sman2pacitan.sch.id
  2. XmrAnonye.id targets the website of Cnej Togo
    Category: Defacement
    Content: The group claims to have defaced the website of Cnej Togo
    Date: 2025-12-21T12:27:43Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220032
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7756ae1b-f650-4f13-b866-3414feb9cfef.JPG
    Threat Actors: XmrAnonye.id
    Victim Country: Togo
    Victim Industry: Government Administration
    Victim Organization: cnej togo
    Victim Site: wp.cnej.tg
  3. No team targets the website of Esmeralma
    Category: Defacement
    Content: The group claims to have defaced the website of Esmeralma
    Date: 2025-12-21T11:37:42Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220033
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ffed0eb0-a7d8-4a94-9278-bfb6d1bab9ef.JPG
    Threat Actors: No team
    Victim Country: France
    Victim Industry: Luxury Goods & Jewelry
    Victim Organization: esmeralma
    Victim Site: esmeralma.fr
  4. X1RTX targets the website of Thirumala Milk Products
    Category: Defacement
    Content: The group claims to have defaced the website of Thirumala Milk Products
    Date: 2025-12-21T11:16:55Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220029
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5e44ad55-6e0e-4168-8968-9bc6ed159da9.JPG
    Threat Actors: X1RTX
    Victim Country: India
    Victim Industry: Food Production
    Victim Organization: thirumala milk products
    Victim Site: teamcloud.co.in
  5. NATION OF SAVIORS targets the website of crm.sahineevesh.com
    Category: Defacement
    Content: The group claims to have taken down the website of crm.sahineevesh.com
    Date: 2025-12-21T10:50:52Z
    Network: telegram
    Published URL: https://t.me/c/2259100562/657
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7d01f942-7658-4c5c-b954-d6f0cf348f0c.png
    Threat Actors: NATION OF SAVIORS
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: crm.sahineevesh.com
  6. lxrdk1773n targets the website of Jakarta
    Category: Defacement
    Content: The group claims to have defaced the website of Jakarta
    Date: 2025-12-21T10:49:54Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220028
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d429f29f-5ef2-464c-bdb4-37100c008040.JPG
    Threat Actors: lxrdk1773n
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: jakarta
    Victim Site: komunikasipublik.jakarta.go.id
  7. Alleged database leak of Medvarsity
    Category: Data Breach
    Content: The threat actor claims to have leaked data of 147,000 users from Medvarsity. The compromised data reportedly includes first names, last names, email addresses, mobile numbers, passwords, IDs, UUIDs, etc.
    Date: 2025-12-21T10:32:27Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-India-medvarsity-com-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9f6899ba-c304-42d5-97ba-61b787bb5b8b.png
    Threat Actors: Demetrius
    Victim Country: India
    Victim Industry: Education
    Victim Organization: medvarsity
    Victim Site: medvarsity.com
  8. University of Planalto Catarinense falls victim to LOCKBIT 5.0 Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data and intends to publish it within 6 – 7 days.
    Date: 2025-12-21T09:55:17Z
    Network: tor
    Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/0f0099fb93e3d840e972f0503498ab3d
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/600dac52-53b3-4ed2-b9be-d7dd58fd989f.png
    Threat Actors: LOCKBIT 5.0
    Victim Country: Brazil
    Victim Industry: Education
    Victim Organization: university of planalto catarinense
    Victim Site: uniplaclages.edu.br
  9. Alleged leak of admin panel access to ACC Group (Thailand) Co., Ltd
    Category: Initial Access
    Content: The group claims to have leaked the admin panel access of ACC Group (Thailand) Co., Ltd.
    Date: 2025-12-21T09:51:34Z
    Network: telegram
    Published URL: https://t.me/black100eyes/85
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eaac2fdc-930f-4a0b-853d-735038934ab9.png
    Threat Actors: Chennel G.H.G.K
    Victim Country: Thailand
    Victim Industry: Transportation & Logistics
    Victim Organization: acc group (thailand) co., ltd
    Victim Site: accgroup.co.th
  10. Alleged leak of admin panel access to New GFMIS Thai
    Category: Initial Access
    Content: The group claims to have leaked the admin panel access of New GFMIS Thai
    Date: 2025-12-21T08:51:20Z
    Network: telegram
    Published URL: https://t.me/black100eyes/83
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/df334789-840f-45dc-b83b-bb95a12e1df9.jpg
    Threat Actors: Chennel G.H.G.K
    Victim Country: Thailand
    Victim Industry: Government Administration
    Victim Organization: new gfmis thai
    Victim Site: vendors.gfmis.go.th
  11. Terport – Terminales Portuarias S.A. falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2025-12-21T08:48:25Z
    Network: tor
    Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/6947a0582423bc3ce01f5c42
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d00633d7-e539-46bd-b922-0ebdd31a93c5.jpg
    Threat Actors: LYNX
    Victim Country: Paraguay
    Victim Industry: Transportation & Logistics
    Victim Organization: terport – terminales portuarias s.a.
    Victim Site: terport.com.py
  12. Alleged Data Breach of Fujian Radio, Film and Television Group
    Category: Data Breach
    Content: The threat actor claims to have leaked 3 million records of data from Fujian Radio, Film and Television Group, which was compromised in 2024. The compromised data allegedly contains full names, ID numbers, physical addresses, and cable TV box codes.
    Date: 2025-12-21T07:51:45Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Chinese-FRTN-Regional-Cable-TV-Provider-3M-Data-Breach
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a2f106d3-7938-4ebd-aa4b-d0caca3bbcba.png
    Threat Actors: Tokyo0404
    Victim Country: China
    Victim Industry: Online Publishing
    Victim Organization: fujian radio, film and television group
    Victim Site: fjtv.net
  13. Alleged Sale of Unauthorized VPN Access to Turkish University
    Category: Initial Access
    Content: The threat actor claims to be selling Unauthorized VPN Access to a Turkish University .
    Date: 2025-12-21T06:25:38Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-VPN-Turkey-University
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9b18a5bf-d9f3-483d-8c27-6b308435938c.png
    Threat Actors: dead
    Victim Country: Turkey
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
  14. Alleged sale of “VOID KILLER” antivirus termination malware
    Category: Malware
    Content: Threat actor claims to be selling ‘VOID KILLER,’ a malware designed to terminate antivirus and EDR solutions.
    Date: 2025-12-21T06:12:22Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/272466/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/df7bb253-34f2-49dc-92d2-270c87052b5d.png
    https://d34iuop8pidsy8.cloudfront.net/3f3fdabe-8065-4274-9110-73907c2d3aee.png
    Threat Actors: Crypt4You
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  15. Alleged leak of login Access to ThriveCart
    Category: Initial Access
    Content: The group claims to have leaked the login of ThriveCart
    Date: 2025-12-21T06:09:03Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/325
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aa1f38d6-9930-4312-8691-4b2800508e78.png
    Threat Actors: Digit_4
    Victim Country: Spain
    Victim Industry: E-commerce & Online Stores
    Victim Organization: thrivecart
    Victim Site: objetivoclientes.thrivecart.com
  16. Alleged leak of login Access to Thuisvester
    Category: Initial Access
    Content: The group claims to have leaked the login Access of Thuisvester
    Date: 2025-12-21T05:59:43Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/326
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a7aea8b0-e6b6-4a2d-9c0d-36ede21ffd44.png
    Threat Actors: Digit_4
    Victim Country: Netherlands
    Victim Industry: Real Estate
    Victim Organization: thuisvester
    Victim Site: thuisvester.nl
  17. Alleged leak of login access to Prince Royal’s College
    Category: Initial Access
    Content: The group claims to have leaked the login credentials of Prince Royal’s College.
    Date: 2025-12-21T05:58:15Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/324
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e83651a4-4eff-4f81-9831-4c96f192f146.png
    Threat Actors: Digit_4
    Victim Country: Thailand
    Victim Industry: Education
    Victim Organization: prince royal’s college
    Victim Site: paymentv2.prc.ac.th
  18. Alleged leak of login access to The Sims Resource
    Category: Initial Access
    Content: The group claims to have leaked the login credentials to The Sims Resource
    Date: 2025-12-21T05:50:17Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/322
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d3390eda-98ea-4d70-93e3-f7672395d89d.png
    Threat Actors: Digit_4
    Victim Country: Sweden
    Victim Industry: Gaming
    Victim Organization: the sims resource
    Victim Site: thesimsresource.com
  19. Alleged leak of login Access to ThinkCentral
    Category: Initial Access
    Content: The group claims to have leaked the login to ThinkCentral
    Date: 2025-12-21T05:49:46Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/327
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/218ef670-06d6-4455-80b8-01786c26d29c.png
    Threat Actors: Digit_4
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: thinkcentral
    Victim Site: -k6.thinkcentral.com
  20. Alleged leak of login access to Google
    Category: Initial Access
    Content: The group claims to have leaked the login credentials of Google.
    Date: 2025-12-21T05:46:24Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/323
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f2b217a0-3915-49a4-b8f1-205c2cd56ef6.png
    Threat Actors: Digit_4
    Victim Country: USA
    Victim Industry: Software
    Victim Organization: google
    Victim Site: account.google.com
  21. Alleged Unauthorized Access to the Ministry of Health of Guatemala
    Category: Initial Access
    Content: The threat actor claims to be selling unauthorized access to the Ministry of Health of Guatemala.
    Date: 2025-12-21T05:31:43Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-COLLECTION-mspas-gob-gt-ACCESO-INTERNO
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c5e3e7bb-fb61-4b5e-989b-821143a6346e.png
    Threat Actors: Juxn-Modz
    Victim Country: Guatemala
    Victim Industry: Hospital & Health Care
    Victim Organization: Unknown
    Victim Site: Unknown
  22. Alleged leak of login access to TheoTown Forum
    Category: Initial Access
    Content: The group claims to have leaked the login credentials to TheoTown Forum
    Date: 2025-12-21T05:09:56Z
    Network: telegram
    Published URL: https://t.me/bl4cyb3r/321
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/62c338bb-ed28-453f-b436-53950146481a.png
    Threat Actors: Digit_4
    Victim Country: Germany
    Victim Industry: Software Development
    Victim Organization: theotown forum
    Victim Site: forum.theotown.com
  23. Alleged data breach of WashXpress
    Category: Data Breach
    Content: Threat actor claims to have leaked the database of WashXpress. The compromised data reportedly includes 90,500+ customer Emails.
    Date: 2025-12-21T03:50:02Z
    Network: openweb
    Published URL: https://leakbase.la/threads/breached-washxpressth-com-database-90500-unique-customer-emails.47340/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5e28df02-95fa-4c24-92f9-f40c44bc05ba.png
    https://d34iuop8pidsy8.cloudfront.net/e0658eb0-c333-4a63-a993-635d4d55e798.png
    Threat Actors: nagumoiz
    Victim Country: Thailand
    Victim Industry: Recreational Facilities & Services
    Victim Organization: washxpress
    Victim Site: washxpressth.com
  24. Alleged Data Breach of ISBN PERU
    Category: Data Breach
    Content: The threat actor claims to have leaked data from ISBN PERU.
    Date: 2025-12-21T03:35:46Z
    Network: openweb
    Published URL: https://darkforums.hn/Thread-DATABASE-LEAK-FRESH-ISBN-PERU-2025
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/53be6e40-12ce-4cca-9b79-41a4b0b8e068.png
    https://d34iuop8pidsy8.cloudfront.net/9cf4d65c-0133-4fdc-a21c-92db10a6fcce.png
    https://d34iuop8pidsy8.cloudfront.net/c27d6bc1-d2bc-44bf-a173-186af93dfe21.png
    Threat Actors: Johan_Liebheart
    Victim Country: Peru
    Victim Industry: Government Relations
    Victim Organization: isbn peru
    Victim Site: gob.pe
  25. Alleged Data Breach of Win Systems
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Win Systems. The compromised data reportedly contain 5,600 records including Name, Primary Email, Emails, Organization, Language, Timezone, PhoneNumber, Position.
    Date: 2025-12-21T03:09:03Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Win-Systems%C2%A0Database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8c7b4b23-307c-4cf7-9458-08d60a735983.png
    Threat Actors: dead
    Victim Country: Spain
    Victim Industry: Gambling & Casinos
    Victim Organization: win systems
    Victim Site: winsysgroup.com
  26. Alleged sale of online casino source code
    Category: Initial Access
    Content: Threat actor claims to be selling source code access to a new online Casino.
    Date: 2025-12-21T01:10:43Z
    Network: openweb
    Published URL: https://ramp4u.io/threads/selling-source-code-for-a-new-online-casino.3727/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6023dd6f-b559-4da4-8efc-b9451e5ccae4.png
    Threat Actors: rebel137
    Victim Country: Unknown
    Victim Industry: Gambling & Casinos
    Victim Organization: fate bet
    Victim Site: fate.bet
  27. Alleged Unauthorized Access to unidentified infrastructure system
    Category: Initial Access
    Content: The group claims to have hacked 265 systems worldwide.
    Date: 2025-12-21T00:25:00Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/2977
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ea1c5570-d907-423b-875a-a12326eb515f.png
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown

Related Posts