[December-23-2025] Daily Cybersecurity Threat Report

Daily Cyber Threat Intelligence Report

Date of Activity: December 23, 2025 Total Incidents Recorded: 124

1. Executive Summary

The reporting period indicates a high-velocity threat environment characterized by aggressive ransomware campaigns, massive data dumps affecting major corporations, and critical infrastructure vulnerabilities. The most active threat groups include Qilin, LYNX, and Sinobi in the ransomware space, while Pharaoh’s Team Channel and DimasHxR dominated website defacements. Notable high-profile targets include Spotify, Adecco, JBS, and the Ministry of Foreign Affairs of the Russian Federation.

2. Major Ransomware Campaigns

Ransomware groups were highly active, targeting sectors ranging from education to food production.

Qilin Ransomware Surge

The Qilin group executed a widespread campaign across North America, Europe, and Asia:

Education Sector: Victims include the Eastern Townships School Board in Canada and the Islamic Science University of Malaysia, where 107 GB of data was allegedly stolen. In the US, the SWWC Service Cooperative was also victimized.+2
Corporate Targets: The group targeted the Niradia Group of Companies (Canada), stealing 229 GB of internal data. Other victims include DAI – Automatic Distributors (Italy) , CoreHQ (USA) , and The Sonnenschein Groupe (USA).+3
Healthcare: Shore Gardens Rehabilitation & Nursing Center in the USA was compromised.

LYNX and Sinobi Operations

LYNX: This group focused heavily on infrastructure and logistics. Victims include Florida East Coast Railway , CKM Kondring Montages in Germany , and Rusk County government in the USA.+2
Sinobi: This actor targeted US-based service and industrial companies, threatening to publish data within days. Victims include Total Air Solutions (120 GB stolen) , Center For Life Resources (120 GB stolen) , Geometrics Inc. (40 GB stolen) , and Hanlon Electric Company.+3

Other High-Profile Attacks

Medusa: Claimed an attack on JBS, a major food and beverage corporation, threatening to publish data within 2-3 days.
Everest: Compromised Accela, a software development firm, claiming possession of 1 TB of data. They also targeted Notin in Spain, stealing 145 GB of sensitive legal and financial documents.+1
ANUBIS: Targeted Carbis Loadtec Group (UK) and Laidley Family Doctors (Australia).+1

3. High-Impact Data Breaches and Leaks

Several massive datasets were leaked or offered for sale, impacting millions of users globally.

Spotify: A threat actor named “bananana” claimed to have leaked a massive 6.2 TB dump containing metadata and music files, described as a preservation archive.
Adecco France: A database containing approximately 800,000 records, including 750,000 CVs, was offered for sale by “DumpSec”.
Web3 Rewards Platform: A massive breach of an unidentified Web3 platform allegedly exposed 57 million documents and nearly 468,000 user accounts.
Asian Online Casinos: A leak of over 3 million user records from Asian online casinos was reported, exposing sensitive KYC and deposit information.
Telecommunications: Access to a Vodafone Spain database and FTP was offered for sale.

4. Critical Infrastructure and Government Targeting

Threat actors demonstrated the ability to access sensitive government and industrial control systems.

Industrial Control Systems (ICS)

France: The Z-PENTEST ALLIANCE claimed to have gained access to the SCADA system of the Syndicat du Morel water treatment plant. This access reportedly enabled control over pumps, mixers, and chemical dosing.

Government Compromises

Russia: A group named JRINTEL FREE DATA V3 claimed to have gained login access to the Ministry of Foreign Affairs of the Russian Federation.
USA: A leak was reported regarding the Kansas State Legislature, exposing emails and passwords.
India: TEAM BD CYBER NINJA claimed a breach of an unidentified Indian government system and the Government of Telangana.+1
Thailand: The group CYB3R ANGEL leaked credentials for multiple government education portals, including the Office of the Basic Education Commission and the Equitable Education Fund. Additionally, KKG-Z claimed to have accessed the Royal Thai Navy Medical Department systems.+2

5. Malware and Cybercrime Tools

The underground market for cybercrime tools remains robust, with actors selling sophisticated malware and evasion utilities.

Noobsaibot RAT: A modular remote access trojan was advertised, featuring hidden RDP access, VNC control, and wallet-stealing modules.
NtKiller: A kernel-level tool designed to disable antivirus, EDR, and anti-cheat solutions on Windows 10 and 11 was offered for sale. It allegedly operates with Memory Integrity (HVCI) enabled.+1
AV/EDR Killer: Another tool advertised by actor “deadFrog” claims to terminate endpoint security processes and remove software from the filesystem.

6. Defacement Campaigns

Hacktivist activity was high, with specific groups targeting geographically clustered entities.

Pharaoh’s Team Channel: Conducted a focused campaign against organizations in Nepal (including schools and consultancies like Usha Education House and Smisnepal) and Nigeria. They also targeted Saudi Business Directory and Indian entities.+4
DimasHxR: targeted a diverse range of international websites, including Frisuren-online.com (Germany) , Fusion Project (Denmark) , IPICB (Iran) , and Le Chamois d’Or (France).+3

Conclusion

The intelligence from December 23, 2025, highlights a dual threat: the widespread commodification of high-level cyber weapons (such as kernel-level EDR killers) and the operational success of ransomware groups like Qilin and LYNX against varied industries. The alleged compromise of critical infrastructure (French water treatment) and high-value government targets (Russian MFA) suggests that threat actors are successfully exploiting vulnerabilities in high-security environments. Organizations should prioritize securing RDP/VPN access and monitoring for leaked credentials, as initial access sales remain a primary vector for these breaches.

Detected Incidents Draft Data

Threat actor claims to be selling Noobsaibot RAT
Category: Malware
Content: Threat actor claims to be selling Noobsaibot, a modular remote access trojan (RAT) featuring hidden RDP access, VNC control, credential and wallet stealing modules, and anti-analysis techniques, allegedly designed for persistent unauthorized access and data theft.
Date: 2025-12-23T23:55:10Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272634/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c3213c3-3537-4c03-a947-ef9f199fc8ac.png
https://d34iuop8pidsy8.cloudfront.net/790dc257-63f1-437c-a1ab-8e8019e3c289.png
Threat Actors: c2flow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified shop in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to unidentified shop in USA.
Date: 2025-12-23T23:29:16Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272603/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/165cb72b-cb9f-405e-a5df-b26d5909c84f.png
Threat Actors: SsackMaster
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Carbis Loadtec Group falls victim ANUBIS Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes confidential data and they intend to publish it within 2-3 days.
Date: 2025-12-23T23:19:51Z
Network: tor
Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/SoFFsbuCvwP0YHv2EOxkzMKoSF+En8JW7HuNK5ih1ibLvuXYKrn6vryj2EncTglje2oxs1JjkiObqNeNJGWklyOE54bHFS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/934f6ad6-ab09-495f-accd-e92ed11d1e0c.png
https://d34iuop8pidsy8.cloudfront.net/b0b149f2-d93f-4456-ace8-31b1eb6431c8.png
https://d34iuop8pidsy8.cloudfront.net/83329ad5-dc77-47a7-a1fc-d4433e1b224e.png
https://d34iuop8pidsy8.cloudfront.net/c9d312d4-e4e0-4549-a963-b1100bf1b71c.png
https://d34iuop8pidsy8.cloudfront.net/e4076342-f46b-4fd5-84aa-e8098e20ec32.png
https://d34iuop8pidsy8.cloudfront.net/bdf97a80-e18c-4cdc-bbf5-06991ed1ab81.png
https://d34iuop8pidsy8.cloudfront.net/60c3e1bb-13ca-4631-a799-dc7f72b6ff43.png
https://d34iuop8pidsy8.cloudfront.net/d809442f-594c-4d7a-ba0e-b00eb2cb6517.png
Threat Actors: ANUBIS
Victim Country: UK
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: carbis loadtec group
Victim Site: carbisloadtec.com
Alleged unauthorized shell access to University of Llanos Wellness Portal
Category: Initial Access
Content: The group claims to have leaked unauthorized shell access to University of Llanos Wellness Portal
Date: 2025-12-23T22:19:23Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/49
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa5461d4-cc5b-4aa0-a3b7-815c4c0814d5.jpg
Threat Actors: InDoM1nu’s
Victim Country: Colombia
Victim Industry: Higher Education/Acadamia
Victim Organization: university of the llanos
Victim Site: unillanos.edu.co
Pharaoh’s Team Channel targets the website of smisnepal.com
Category: Defacement
Content: The group claims to have defaced the website of smisnepal.com
Date: 2025-12-23T21:53:22Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d25bd3b-c5ed-4138-80c5-d4903fee1c4b.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: smisnepal.com
Pell City School System fall victim to SAFEPAY Ransomware
Category: Ransomware
Content: The group claims to obtained the organization’s data and they intend to publish it within 2-3 days.
Date: 2025-12-23T21:52:41Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/pellcityschoolsnet/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f73553d-cb27-4424-b594-62a95ad39207.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Education
Victim Organization: pell city school system
Victim Site: pellcityschools.net
Niradia Group of Companies falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained 229.00 GB of the organization’s internal data.
Date: 2025-12-23T21:30:30Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=48c0655a-52ad-32ba-a9fe-f37e05f2a757
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a25c5f0-10c5-4437-9540-dcc6160c9491.png
https://d34iuop8pidsy8.cloudfront.net/b7e4f1d9-cb81-40e4-89ad-1ea455ab226a.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: niradia group of companies
Victim Site: niradia.com
Alleged data breach of Adecco
Category: Data Breach
Content: The threat actor claims to be offering for sale a large leaked database allegedly belonging to ADECCO France, an employment and staffing services company. the data was exposed during a cybersecurity incident between December 20–22, 2025, affecting an estimated 800,000 records, including approximately 750,000 CVs. The dataset is said to contain extensive personal and professional information such as names, contact details, addresses, date of birth, employment sector, job preferences, education, skills, languages, certifications, and availability.
Date: 2025-12-23T21:29:35Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-ADECCO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/887f7519-ee6d-4424-b4dd-269cddb1ba9b.png
https://d34iuop8pidsy8.cloudfront.net/608c546a-3539-463a-b0ec-f385f23ae5cb.png
https://d34iuop8pidsy8.cloudfront.net/fa57aad2-d279-4b24-b0ce-0268c043d4c1.png
Threat Actors: DumpSec
Victim Country: Switzerland
Victim Industry: Staffing/Recruiting
Victim Organization: adecco
Victim Site: adecco.com
DAI – Automatic Distributors falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T21:25:57Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0faf18c9-af8c-3c3c-a0ec-ca3ee0a56c1b
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e7897fc7-c60c-4e5d-ba66-6f0828010938.png
https://d34iuop8pidsy8.cloudfront.net/9bc6ffd3-7477-4d7d-bc83-51fc7d63e627.png
Threat Actors: Qilin
Victim Country: Italy
Victim Industry: Food & Beverages
Victim Organization: dai – automatic distributors
Victim Site: dai.it
SWWC Service Cooperative falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T21:23:55Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c7070432-dbb3-3112-aafa-a85db8cc9b9a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/748ccf20-2061-48fd-a10c-575ae3ef212d.png
https://d34iuop8pidsy8.cloudfront.net/c3efccb8-be09-49e4-8787-719018a36134.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Education
Victim Organization: swwc service cooperative
Victim Site: swwc.org
Alleged data breach of GetCourse
Category: Data Breach
Content: The threat actor claims to have leaked database from getcourse.ru, a Russian online education and payment platform. According to the post, the alleged breach occurred in December 2025 and exposed approximately 70,000 order records. The actor states that the leaked data includes customer order details such as names, email addresses, phone numbers, order status, pricing, and timestamps
Date: 2025-12-23T21:16:48Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Russia-getcourse-ru-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa843143-987c-47cd-abf4-03ee2d08ef80.png
Threat Actors: Demetrius
Victim Country: Russia
Victim Industry: E-Learning
Victim Organization: getcourse
Victim Site: getcourse.ru
Alleged Data Breach of TiszaVilág
Category: Data Breach
Content: Threat Actor claims to have breached the database of TiszaVilág in Hungary.
Date: 2025-12-23T21:15:19Z
Network: openweb
Published URL: https://leakbase.la/threads/tiszavilag-hu.47463/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8eea587-c588-4b2f-80ae-c19ad3dd59d2.png
Threat Actors: herbamatyi
Victim Country: Hungary
Victim Industry: Hospitality & Tourism
Victim Organization: tiszavilág
Victim Site: tiszavilag.hu
Alleged unauthorized access to German outdoor surveillance and remote control system
Category: Initial Access
Content: The threat actor group claims to have gained unauthorized access to a central German surveillance system managing over 1,200 field modules (Lynx-7, Talon-X, and Sentinel M3) used for intelligent scanning and remote control across the federal states of Bavaria, Hesse, and Schleswig-Holstein.
Date: 2025-12-23T21:04:38Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3010
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f01994f9-50b3-4d62-92e9-181a7209bb67.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
CoreHQ falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T20:56:57Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c79fdf4b-aaca-3c87-8456-ceda11433674
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eee79b43-830c-4946-9a52-38e66146b65f.png
https://d34iuop8pidsy8.cloudfront.net/af3a19d5-12fe-4b8d-b02d-2ca1a4583b93.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: corehq
Victim Site: corehq.io
Alleged Data Breach of Wisanka in Indonesia
Category: Data Breach
Content: Threat Actor claims to have breached the database of Wisanka in Indonesia. The dataset is reportedly around 27 GB in size and contains over 88,000 files. The exposed data allegedly includes proprietary furniture design documents, accounting and export records, invoices and packing lists, SVLK legal wood certification reports, raw material purchase details, sawmill and logistics invoices, and internal operational files spanning multiple years. The leaked information may expose sensitive financial, production, and supply chain details related to Wisanka’s operations in Indonesia and its international exports.
Date: 2025-12-23T20:52:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272639/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a62bab91-bede-4e81-a560-2fec17445f22.png
https://d34iuop8pidsy8.cloudfront.net/570ccbad-6be2-4998-b617-c5adb07d77b9.png
https://d34iuop8pidsy8.cloudfront.net/daac2b25-857e-425c-912d-9aeb70d9aa54.png
https://d34iuop8pidsy8.cloudfront.net/e81100a3-dd2d-4e7e-acf1-33ba37a33c70.png
https://d34iuop8pidsy8.cloudfront.net/77d6b33e-d1d3-4db1-bb7c-ce46ebf5dac3.png
https://d34iuop8pidsy8.cloudfront.net/0e744353-8509-488e-98e2-89f3e401f2ca.png
https://d34iuop8pidsy8.cloudfront.net/c79a818a-7655-486c-b97c-b0d5f2c9906e.png
Threat Actors: zestix
Victim Country: Indonesia
Victim Industry: Furniture
Victim Organization: wisanka
Victim Site: wisanka.com
Pharaoh’s Team Channel targets the website of Saudi Business Directory
Category: Defacement
Content: The group claims to have defaced the website of Business Directory in Saudi Arabia.
Date: 2025-12-23T20:50:13Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/494
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3d7ff019-9dcb-49d1-88c0-6c6ce304e39b.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Saudi Arabia
Victim Industry: Information Technology (IT) Services
Victim Organization: saudi business directory
Victim Site: dlil.sa
Shore Gardens Rehabilitation & Nursing Center falls victimt to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T20:43:07Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2e49fb4d-c17c-3333-a4fb-cb2a74da80f6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a595dd03-0fc3-4e4b-98cc-d6adf01e0421.png
https://d34iuop8pidsy8.cloudfront.net/d671f54c-14a9-448b-a8cb-296ee8f59326.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: shore gardens rehabilitation & nursing center
Victim Site: shoregardensrehab.com
Pharaoh’s Team Channel targets the website of Usha Education House
Category: Defacement
Content: The group claims to have defaced both the official website and subdomain of Usha Education House.
Date: 2025-12-23T20:13:13Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f326bcd-3526-40cd-aa81-b3767bbcb8da.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Education
Victim Organization: usha education house
Victim Site: ushaeduhouse.com
Alleged leak of login credentials to Millenium Plásticos
Category: Initial Access
Content: The group claims to have leaked multiple login accesses of Millenium Plásticos
Date: 2025-12-23T20:08:32Z
Network: telegram
Published URL: https://t.me/crewcyber/440
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ebb62eb-bff1-4c41-b4de-37b13d06c886.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Brazil
Victim Industry: Manufacturing
Victim Organization: millenium plásticos
Victim Site: milleniumplasticos.com.br
The Sonnenschein Groupe falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T20:07:15Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=819aea74-5552-349b-b935-d863f0265380
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0966148f-85ef-42cd-b649-797362bc28e7.png
https://d34iuop8pidsy8.cloudfront.net/8821e510-d3d0-4724-ab13-0ca48379e26b.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Executive Office
Victim Organization: the sonnenschein groupe
Victim Site: sonnenscheingroupe.com
Alleged sale of NtKiller tool
Category: Malware
Content: The threat actor claims to be selling an advanced kernel-level tool named NtKiller, advertised as a stealth utility capable of disabling antivirus, EDR, software firewalls, and anti-cheat solutions on Windows systems. According to the post, the tool allegedly supports Windows 10 and 11 security products, includes advanced persistence mechanisms, a silent UAC bypass, and an optional rootkit component. The actor states that NtKiller can terminate security solutions at startup, evade analysis, and operate with HVCI/VBS (Memory Integrity) enabled
Date: 2025-12-23T20:02:54Z
Network: openweb
Published URL: https://xss.pro/threads/144988/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64093f78-5f21-430e-8900-ac18d2040d72.png
https://d34iuop8pidsy8.cloudfront.net/cc32ccb3-72ab-45bd-83d2-3c55755fc91c.png
https://d34iuop8pidsy8.cloudfront.net/c302b58b-2943-42b7-8ccb-a3383cb9e578.png
Threat Actors: NTK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of OLD SQUARE S.R.L.
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to OLD SQUARE S.R.L., which operates the Italian restaurant website oldsquare.it. According to the forum post, the attacker allegedly gained unauthorized access to the administration panel and used an automated script to extract customer data. The leaked dataset reportedly contains approximately 10,009 restaurant customer records, including personal and reservation-related details such as names, email addresses, phone numbers, language preferences, visit history, privacy and marketing flags, blacklist status, reservation tags, timestamps, as well as additional fields like notes, VIP status, and loyalty indicators.
Date: 2025-12-23T20:01:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IT-oldsquare-it-Database-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9ef8945c-0b34-4ded-bcc4-9f967809a6e5.png
Threat Actors: suicid
Victim Country: Italy
Victim Industry: Restaurants
Victim Organization: old square s.r.l.
Victim Site: oldsquare.it
Pharaoh’s Team Channel targets the website of Sabreworks Real Estate Investment Ltd.
Category: Defacement
Content: The group claims to have defaced the website of Sabreworks Real Estate Investment Ltd.
Date: 2025-12-23T19:50:52Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/79fa68ae-d348-4c1b-9e02-00d1a3a19684.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nigeria
Victim Industry: Real Estate
Victim Organization: sabreworks real estate investment ltd.
Victim Site: portal.sabreworksservices.com
Alleged Data Leak of 3M Asian Online Casino Databases
Category: Data Breach
Content: Threat actor claims to have leaked Asian online casino databases containing over 3 million user records, reportedly affecting users primarily from Thailand, Bangladesh, and the Philippines. The exposed data allegedly includes highly sensitive information such as user IDs, usernames, player levels, affiliate and agent details, full names, email addresses, mobile and contact numbers, dates of birth, IP addresses, registration and last login details, deposit information, referral links, and KYC verification status.
Date: 2025-12-23T19:40:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-ASIAN-ONLINE-CASINO-3M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7cd314f5-492b-45a3-9944-5703dcae5378.png
Threat Actors: wildplayer
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Jaf Gifts falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T19:33:33Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b5344d7c-70fc-34af-beae-3bc966b53bf7
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b1168ce9-92d5-454f-a70d-18d8c94e2110.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: jaf gifts
Victim Site: jafgifts.com
Eastern Townships School Board falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T19:18:34Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=23fe7024-cf3c-3535-8e19-a748a855fbb5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55ee035d-b08f-46f7-9073-db92dd7f637e.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Education
Victim Organization: eastern townships school board
Victim Site: etsb.qc.ca
Alleged leak of unidentified database
Category: Data Breach
Content: The threat actor claims to have leaked a large database collection consisting of 136 SQL files totaling approximately 18.5 million lines of data. According to the post, the collection allegedly includes databases from various gaming platforms, stresser/booter services, hosting services, and other online projects, containing user records such as usernames, email addresses, hashed passwords, IP-related data, and timestamps.
Date: 2025-12-23T19:15:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-136-Database-Collection-18-500-180-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92c4975b-42be-4f63-9808-abafe80cd33f.png
Threat Actors: Yafus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaoh’s Team Channel targets the website of Kanchanjunga Japanese Education Consultancy
Category: Defacement
Content: The group claims to have defaced the website of Kanchanjunga Japanese Education Consultancy
Date: 2025-12-23T19:15:07Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/083f99d0-d375-491b-adc7-83f1c2a734d2.jpg
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Education
Victim Organization: kanchanjunga japanese education consultancy
Victim Site: kanchanjungaconsultancy.com.np
Alleged data breach of Lido Mediterraneo
Category: Data Breach
Content: The threat actor claims to have leaked a database from the Italian hospitality website lidomediterraneo.com. According to the post, the attacker allegedly accessed the admin panel and used an automated script in 2024 to extract hotel guest information. The dataset is said to include approximately 7,484 customer records, containing personal and booking-related details such as names, email addresses, phone numbers, language, visit history, marketing preferences, and spending metrics
Date: 2025-12-23T19:07:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IT-lidomediterraneo-com-Database-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd49a8a0-72a4-41cd-91fc-aee43fea3e26.png
Threat Actors: suicid
Victim Country: Italy
Victim Industry: Hospitality & Tourism
Victim Organization: lido mediterraneo
Victim Site: lidomediterraneo.com
Alleged data breach of Pizzeria Cartapaglia
Category: Data Breach
Content: The threat actor claims to have leaked a database from the Italian pizzeria website pizzeriacartapaglia.it. According to the post, the attacker allegedly gained access to the admin panel and used an automated script in 2024 to extract customer information. The dataset is said to contain approximately 10,001 customer records, including names, surnames, email addresses, phone numbers, language preferences, visit details, and account status fields
Date: 2025-12-23T19:03:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IT-pizzeriacartapaglia-it-Database-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f0acae4-6ea2-496d-9e4b-6695e95dd6ef.png
Threat Actors: suicid
Victim Country: Italy
Victim Industry: Restaurants
Victim Organization: pizzeria cartapaglia
Victim Site: pizzeriacartapaglia.it
Alleged leak of login credentials to the Space portal of Chulalongkorn Business School (CBS)
Category: Initial Access
Content: The group claims to have leaked the login credentials to the Space portal of Chulalongkorn Business School in Thailand.
Date: 2025-12-23T18:59:00Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3cbc146-c784-4b3a-a79e-fef7453c449a.png
Threat Actors: CYB3R ANGEL
Victim Country: Thailand
Victim Industry: Education
Victim Organization: chulalongkorn business school (cbs)
Victim Site: space.cbs.chula.ac.th
Alleged data breach of La Baia
Category: Data Breach
Content: The threat actor claims to have leaked a database from the Italian restaurant website La Baia. According to the post, the attacker allegedly gained access to the admin panel and used an automated script to scrape customer data in 2024. The dataset is said to contain approximately 40,430 customer records, including names, email addresses, and phone numbers
Date: 2025-12-23T18:58:12Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IT-ristorantelabaia-it-Database-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d107e74-7842-47f5-8579-c25b30ea5b45.png
Threat Actors: suicid
Victim Country: Italy
Victim Industry: Restaurants
Victim Organization: la baia
Victim Site: ristorantelabaia.it
Pharaoh’s Team Channel Targets the Website of VizaNation Consultancy
Category: Defacement
Content: The group claims to have defaced the website of VizaNation Consultancy
Date: 2025-12-23T18:54:45Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56004b07-d711-4252-bd7f-f88b5ffab3f4.jpg
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Education
Victim Organization: vizanation consultancy
Victim Site: vizanation.com
Alleged data breach of Spotify
Category: Data Breach
Content: The threat actor claims to have leaked a massive Spotify data dump. the release allegedly includes large-scale Spotify metadata and music files, described as a preservation archive containing hundreds of millions of tracks and ISRC records.
Date: 2025-12-23T18:50:39Z
Network: openweb
Published URL: https://darkforums.io/Thread-Spotify-Dump-6-2TB-quote-from-Annas-Archive
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/380143bf-6111-43e5-b48a-67769def27a6.png
Threat Actors: bananana
Victim Country: Sweden
Victim Industry: Music
Victim Organization: spotify
Victim Site: spotify.com
Pharaoh’s Team Channel targets the website of Shree Punarbas Janata Secondary School
Category: Defacement
Content: The group claims to have defaced the website of Shree Punarbas Janata Secondary School.
Date: 2025-12-23T18:38:21Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/654af9a5-83bb-4866-87b0-dbd02f99029a.jpg
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Education
Victim Organization: shree punarbas janata secondary school
Victim Site: pjhss.edu.np
Alleged leak of login credentials to the e‑SAR portal of the Office of the Basic Education Commission
Category: Initial Access
Content: The group claims to have leaked the login credentials to the e‑SAR portal of the Office of the Basic Education Commission under Thailand’s Ministry of Education.
Date: 2025-12-23T18:29:12Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2fed1cb8-31fa-4352-825c-7e78dcea1edb.png
Threat Actors: CYB3R ANGEL
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: office of the basic education commission (obec)
Victim Site: esar.obec.go.th
Alleged Leak of Login Credentials to the CCT Portal of Thailand’s Equitable Education Fund
Category: Initial Access
Content: The group claims to have leaked the login credentials to the Conditional Cash Transfer CCT portal of Thailand’s Equitable Education Fund
Date: 2025-12-23T18:28:39Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b6a35a1-5376-4f58-bfe4-9b98ea9040f8.jpg
Threat Actors: CYB3R ANGEL
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: equitable education fund
Victim Site: eef.or.th
Alleged Sale of Unauthorized Login Access to SE-EDUCATION Public Company Limited
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized login access to SE-EDUCATION Public Company Limited in Thailand.
Date: 2025-12-23T18:24:40Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34009e19-90ae-4b65-8a08-e15e324b0de2.png
https://d34iuop8pidsy8.cloudfront.net/acbb8b8e-bf36-438a-8347-c98716744791.png
Threat Actors: CYB3R ANGEL
Victim Country: Thailand
Victim Industry: Publishing Industry
Victim Organization: se-education public company limited
Victim Site: se-ed.com
Alleged Sale of Unauthorized Login Access to AEON Thana Sinsap Public Company Limited
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized login access to AEON Thana Sinsap Public Company Limited in Thailand.
Date: 2025-12-23T18:22:57Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/46d6af1f-5008-488d-8263-8d9422a0d1bf.png
https://d34iuop8pidsy8.cloudfront.net/284c20f9-3ebd-4018-a1a8-6d6ecadb4e94.png
Threat Actors: CYB3R ANGEL
Victim Country: Thailand
Victim Industry: Financial Services
Victim Organization: aeon thana sinsap public company limited
Victim Site: aeon.co.th
Accela falls victim to Everest Ransomware
Category: Ransomware
Content: The group claims to have obtained 1 TB of the organization internal data and they intend to publish it within 7-8 days.
Date: 2025-12-23T18:19:25Z
Network: tor
Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Accela/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/666ad888-74ab-448e-8057-f2291ebd8a32.png
Threat Actors: Everest
Victim Country: USA
Victim Industry: Software Development
Victim Organization: accela
Victim Site: accela.com
Notin falls victim to to Everest Ransomware
Category: Ransomware
Content: The group claims to have obtained 145 GB of the organization internal data. The data includes Personally Identifiable Information (PII), Highly Sensitive Identification Documents, Financial Information, Legal & Notarial Documents, Tax & Employment-Related Data as well as Internal Business & Operational Data. They intend to publish it within 6-7 days.
Date: 2025-12-23T18:06:16Z
Network: tor
Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Notin/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/911819e5-c616-42ea-84e5-1b89aaf395b4.png
https://d34iuop8pidsy8.cloudfront.net/08619516-0e13-4b49-a6de-f4dac7bf95b3.png
https://d34iuop8pidsy8.cloudfront.net/c98ca7b8-f034-4a2c-90ec-5ad8a6ec64cd.png
Threat Actors: Everest
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: notin
Victim Site: notin.es
Alleged leak of login credentials to Rakuten Insight
Category: Initial Access
Content: The group claims to have leaked the login access of Rakuten Insight
Date: 2025-12-23T18:06:12Z
Network: telegram
Published URL: https://t.me/Cyb3r_Angel/196
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f30810cb-cdb5-43b1-9299-828966f1e434.jpg
Threat Actors: CYB3R ANGEL
Victim Country: Japan
Victim Industry: Market Research
Victim Organization: rakuten insight
Victim Site: insight.rakuten.com
Alleged Data Breach of Magyar Anime
Category: Data Breach
Content: Threat Actor claims to have breached the database of Magyar Anime in Hungary.
Date: 2025-12-23T17:47:21Z
Network: openweb
Published URL: https://leakbase.la/threads/magyaranime-eu-hungary.47457/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/13cde319-5ccd-4987-bf25-094b316747f0.png
https://d34iuop8pidsy8.cloudfront.net/7a394137-2684-4c2a-b93f-d0ad17ef13e8.png
Threat Actors: herbamatyi
Victim Country: Hungary
Victim Industry: Entertainment & Movie Production
Victim Organization: magyar anime
Victim Site: magyaranime.eu
Cerro Prieto Agricultural Company, Inc. falls victim to BlackShrantac Ransomware
Category: Ransomware
Content: The group claims to have obtained 250 GB of organization’s data. The data includes Supply Chain, Customers Data, Employee Data, Financial Data, Legal Information.
Date: 2025-12-23T17:32:51Z
Network: tor
Published URL: http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/38
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/add726c5-30f0-426d-961a-d9765b37140d.png
https://d34iuop8pidsy8.cloudfront.net/41e194b1-de82-49b3-b709-ba8e459fdb87.png
https://d34iuop8pidsy8.cloudfront.net/58f7a159-d1d4-4c54-94a1-5182fa786326.png
Threat Actors: BlackShrantac
Victim Country: Peru
Victim Industry: Farming
Victim Organization: cerro prieto agricultural company, inc.
Victim Site: acpagro.com
Alleged Data Breach of Tiara
Category: Data Breach
Content: Threat Actor claims to have breached the database of Tiara in South Korea.
Date: 2025-12-23T17:28:28Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-tiara-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d1e65cdb-c34c-4efb-ad60-d76e758a1ea5.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Hospital & Health Care
Victim Organization: tiara
Victim Site: tiara.co.kr
Alleged Data Breach of Education and Informatics LLC
Category: Data Breach
Content: Threat Actor claims to have breached the WordPress database of Education and Informatics LLC in Russia, allegedly exposing approximately 20,000 records. The compromised data is reportedly sourced directly from the site’s backend database.
Date: 2025-12-23T17:22:07Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Russian-Database%C2%A0infojournal-ru-WordPress-20K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c3eca2e-00e7-4876-934c-31bb86c29e4d.png
https://d34iuop8pidsy8.cloudfront.net/9d0bf614-3607-4aaf-a083-6084f78e77b5.png
https://d34iuop8pidsy8.cloudfront.net/e4b233e5-eda5-41e9-9eb5-36ca88cb1141.png
https://d34iuop8pidsy8.cloudfront.net/24940f25-3aa3-4d56-bf20-e6b8cc0b5459.png
Threat Actors: wizard
Victim Country: Russia
Victim Industry: Education
Victim Organization: education and informatics llc
Victim Site: infojournal.ru
JBS falls victim to Medusa Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s internal data and intends to publish it within 2-3 days.
Date: 2025-12-23T17:05:03Z
Network: tor
Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=41d10752afc874fc21305afdf3e01b62
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a46c30e-989f-432b-94e1-4dccdc84054d.png
https://d34iuop8pidsy8.cloudfront.net/d961bc7e-3c07-471b-a2fc-10c90dd0d4eb.png
https://d34iuop8pidsy8.cloudfront.net/18627cdb-3562-4ed5-867e-58306dc396c9.png
Threat Actors: MEDUSA
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: jbs
Victim Site: jbsfoodsgroup.com
Laidley Family Doctors falls victim ANUBIS Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes confidential data and they intend to publish it within 1-2 days.
Date: 2025-12-23T16:37:56Z
Network: tor
Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/3ps6PIhLpjVlMpPNBRazLgxRybSdaxdqyD1qinygTczt5IFWxL8AfHfq5FSxb147x5GubJn0iQm2h5u5WOs7gEE4akNtd1Fs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b2b96af2-09e4-440f-999d-e849ca162a25.png
https://d34iuop8pidsy8.cloudfront.net/b31ee8f4-bf8f-467f-a323-6638522f89ce.png
https://d34iuop8pidsy8.cloudfront.net/951f4fc0-2cf1-4fd3-a1cf-6a43585a18a1.png
https://d34iuop8pidsy8.cloudfront.net/2103ca6e-8838-4655-967f-d3238dd99fe4.png
https://d34iuop8pidsy8.cloudfront.net/0d9f2bfe-85c9-4b84-963a-d89648a571ae.png
Threat Actors: ANUBIS
Victim Country: Australia
Victim Industry: Hospital & Health Care
Victim Organization: laidley family doctors
Victim Site: laidleyfamilydoctors.com.au
Alleged data leak of Mahananda College of Education
Category: Data Breach
Content: The group claims to have leaked internal database from Mahananda College of Education
Date: 2025-12-23T16:12:59Z
Network: telegram
Published URL: https://t.me/c/3054021775/58
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39ce1e35-f0b7-4341-9eec-da5783834073.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: India
Victim Industry: Education
Victim Organization: mahananda college of education
Victim Site: mceducation.in
GARUDA BLACKHAT CYBER CRIME claims to target websites of Indonesian International Airports
Category: Alert
Content: A recent post by the group indicates that they are targeting the websites of Indonesian International Airports
Date: 2025-12-23T16:04:06Z
Network: telegram
Published URL: https://t.me/garudablackhat/139
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00638fa7-8c0e-4031-bf30-db58277bf6f4.jpeg
Threat Actors: GARUDA BLACKHAT CYBER CRIME
Victim Country: Indonesia
Victim Industry: Airlines & Aviation
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of BBIZZ Adventure in sports B.V.
Category: Data Breach
Content: The threat actor claims to be selling an allegedly leaked e-commerce customer order database associated with bbizzshop, a Netherlands-based online store. According to the post, the dataset reportedly contains approximately 142,500 customer order records, including names, email addresses, phone numbers, physical addresses, IP addresses, and detailed transaction and shipping information.
Date: 2025-12-23T15:55:43Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-142-500-Netherlands-https-www-bbizzshop-nl-E-commerce-customer-order-databas
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2dc5c297-1da8-4f2f-bef5-7f76dd86a013.png
Threat Actors: Grubder
Victim Country: Netherlands
Victim Industry: E-commerce & Online Stores
Victim Organization: bbizz adventure in sports b.v.
Victim Site: bbizzshop.nl
Alleged data breach of Waltio
Category: Data Breach
Content: The threat actor claims to be selling user leads allegedly linked to Waltio.com, a France-based crypto tax reporting platform. the dataset reportedly contains around 5,000 French user records in CSV format, including names, surnames, email addresses, phone numbers, and confirmation of French tax residency
Date: 2025-12-23T15:48:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-NEW-Waltio-com-Crypto-Tax-Users-Leads-Dec-2025-5000-French-Records
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ab09874-e527-4c15-958c-d0fe67428921.png
Threat Actors: opsivian
Victim Country: France
Victim Industry: Financial Services
Victim Organization: waltio
Victim Site: waltio.com
Alleged data breach of Geumgang University Dormitory
Category: Data Breach
Content: The threat actor claims to be selling a leaked database associated with dorm.ggu.ac.kr, a South Korea–based university dormitory system. the dataset allegedly contains user account records with usernames, hashed passwords, names, phone numbers, email addresses, login activity details, and address-related data
Date: 2025-12-23T15:45:52Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-dorm-ggu-ac-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd9a097a-355e-4411-b46c-773ffa4a0afe.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Education
Victim Organization: geumgang university dormitory
Victim Site: dorm.ggu.ac.kr
CKM Kondring Montages GmbH & Co. KG falls victim to LYNX Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T15:45:22Z
Network: tor
Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/694aa2d72423bc3ce052fca9
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b0ba9f08-66e0-4426-b8df-1556df6fd5b1.png
Threat Actors: LYNX
Victim Country: Germany
Victim Industry: Building and construction
Victim Organization: ckm kondring montages gmbh & co. kg
Victim Site: ckm-montagen.de
Pharaoh’s Team Channel targets the website of SASA Infosys Pvt. Ltd.
Category: Defacement
Content: The group claims to have defaced multiple subdomains and associated domains belonging to SASA Infosys Pvt. Ltd.
Date: 2025-12-23T15:42:53Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/630390b4-558d-43c4-9704-c0abb914b94e.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Information Technology (IT) Services
Victim Organization: sasa infosys pvt. ltd.
Victim Site: sasainfosys.com
Alleged data breach of ADINELSA
Category: Data Breach
Content: The threat actor claims to be offering a leaked WordPress database belonging to adinelsa.com.pe, an electrical infrastructure management company. According to the post, the database allegedly contains WordPress user records, including login usernames, hashed passwords, email addresses, and registration details
Date: 2025-12-23T15:41:49Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-adinelsa-com-pe-Electrical-Infrastructure-Management-Company-WordPress
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a46cf093-b927-408e-bcdb-c369415cb1ba.png
Threat Actors: wizard
Victim Country: Peru
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: adinelsa
Victim Site: adinelsa.com.pe
Rusk County falls victim to LYNX Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T15:32:10Z
Network: tor
Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/694aa03f2423bc3ce052d2c6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d0c0e0be-b826-4f1b-8e24-be4dc6eedd98.png
Threat Actors: LYNX
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: rusk county
Victim Site: ruskcounty.org
Alleged data breach of Vodafone
Category: Data Breach
Content: The threat actor claims to be selling a Vodafone Spain database along with FTP access.
Date: 2025-12-23T15:22:12Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-VODAFONE-ES-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d2d1a5fd-31ba-4052-a25f-190109c2a252.png
Threat Actors: Exploit4000938832
Victim Country: Spain
Victim Industry: Network & Telecommunications
Victim Organization: vodafone
Victim Site: vodafone.es
OMNIBUS JAPAN INC. falls victim to LYNX Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T15:18:27Z
Network: tor
Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/694aa0e42423bc3ce052dc8f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9715b4d2-1932-4828-94a8-b5e927ad0e79.png
Threat Actors: LYNX
Victim Country: Japan
Victim Industry: Entertainment & Movie Production
Victim Organization: omnibus japan inc.
Victim Site: omnibusjp.com
Alleged leak of a Major Web3 Rewards Platform Database
Category: Data Breach
Content: The threat actor claims to be selling a complete database dump from a major Web3 rewards and engagement platform, allegedly breached on December 20, 2025. The dataset reportedly contains 57 million documents across 148 collections, totaling 43 GB of uncompressed JSON, and includes 467,777 verified user accounts.
Date: 2025-12-23T15:05:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FOR-SALE-Major-Web3-Rewards-Platform-Database-57M-Documents-467k-Users-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c808d2e7-e486-4bef-93eb-f7c34004eea2.png
https://d34iuop8pidsy8.cloudfront.net/fb069ddf-27a5-4cb4-8846-5d78c707d5f9.png
Threat Actors: bossvendor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
ExamRoom.AI falls victim to CRYPTO24 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and they intend to publish it within 6-7 days.
Date: 2025-12-23T15:03:58Z
Network: tor
Published URL: http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cac0d71-125e-45ba-a255-433c2f1439b2.png
Threat Actors: CRYPTO24
Victim Country: USA
Victim Industry: Education
Victim Organization: examroom.ai
Victim Site: examroom.ai
Alleged admin access to the official website of Kibbutz Yifat
Category: Initial Access
Content: The group claims to have gained unauthorized access to the administrator panel of the official website of Kibbutz Yifat
Date: 2025-12-23T15:03:25Z
Network: telegram
Published URL: https://t.me/c/3027611821/211
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c1a9f42-a34c-43cb-a99e-52fbcf332060.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: Israel
Victim Industry: Non-profit & Social Organizations
Victim Organization: kibbutz yifat
Victim Site: yifat.org.il
Cedar Valley Services Inc falls victim to LYNX Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T14:45:01Z
Network: tor
Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/694aa1cd2423bc3ce052eb5f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cfa1857c-6dc4-414e-8dbd-b28cec344405.png
Threat Actors: LYNX
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: cedar valley services inc
Victim Site: cedarvalleyservices.org
Florida East Coast Railway falls victim to LYNX Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T14:41:16Z
Network: tor
Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/694aa2802423bc3ce052f43c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/68cecca7-9e41-4e49-93b5-577a725d97ac.jpg
Threat Actors: LYNX
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: florida east coast railway
Victim Site: fecrwy.com
Alleged data sale of Senac Tocantins
Category: Data Breach
Content: The threat actor claims to be selling 100K lines of data from Senac Tocantins, allegedly containing names, IDs, phone numbers, email addresses, and more.
Date: 2025-12-23T14:38:54Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Brazil-Database-to-senac-br100K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6a1a084-8aff-433e-ba19-5b5f67f4f462.png
https://d34iuop8pidsy8.cloudfront.net/6b466965-7d0c-4f2a-9dc2-b1ef07c8cb88.png
Threat Actors: Robert2025
Victim Country: Brazil
Victim Industry: Education
Victim Organization: senac tocantins
Victim Site: to.senac.br
Alleged sale of Thailand real-time military data
Category: Data Breach
Content: The threat actor claims to be selling real-time military data from Thailand.
Date: 2025-12-23T14:32:16Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Thailand-real-time-military-documents
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af6f86a7-74ac-42cf-b713-d1e19436fc93.png
Threat Actors: Moonx00x
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hazardous Cyber Team targets the website of Mindstein Software
Category: Defacement
Content: The group claims to have defaced the website of Mindstein Software
Date: 2025-12-23T14:30:37Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220451
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/873163b7-1223-4c77-94e7-361945f1c0ee.JPG
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Software
Victim Organization: mindstein software
Victim Site: clinic.mindstein.in
Total Air Solutions, LLC falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 120 GB of the organization’s data, reportedly including financial data and customer data, and intends to publish it within 4–5 days.
Date: 2025-12-23T14:29:14Z
Network: tor
Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/6949c62c88b6823fa2f551ed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91d18fcb-f9d2-4b8f-a09a-8d0a3310cd6a.jpg
https://d34iuop8pidsy8.cloudfront.net/dd1b8585-0b85-4b15-a696-c86ce0dd45a4.jpg
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Consumer Services
Victim Organization: total air solutions, llc
Victim Site: totalairfl.com
Alleged unauthorized access to BlueBell International Educational Tours Pvt Ltd
Category: Initial Access
Content: The group claims to have gained unauthorized access to BlueBell International Educational Tours Pvt Ltd.
Date: 2025-12-23T14:26:15Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/364739cb-37ec-4767-8841-a8c9a4e328ed.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: India
Victim Industry: Education
Victim Organization: bluebell international educational tours pvt ltd
Victim Site: bluebell.guru
Sense Eletrônica falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained 120 GB of the organization’s data and intends to publish them within 8-9 days.
Date: 2025-12-23T14:22:05Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca7b9e92-d525-4bc6-8bc1-593c267f7dec.jpg
Threat Actors: Nova
Victim Country: Brazil
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: sense eletrônica
Victim Site: sense.com.br
Team Azrael Angel Of Death targets the website of 7Seas Cinema
Category: Defacement
Content: The group claims to have defaced the website of 7Seas Cinema
Date: 2025-12-23T14:20:12Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220449
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1ac9eb6b-33a8-4964-ab84-45a4b7525b19.JPG
Threat Actors: Team Azrael Angel Of Death
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: 7seas cinema
Victim Site: 7seascinema-api-dev.mantraideas.com.np
Alleged unauthorized access to Beyond Info Solutions Inc
Category: Initial Access
Content: The group claims to have gained unauthorized access to Beyond Info Solutions Inc.
Date: 2025-12-23T14:17:00Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d3a0d946-afce-4861-ad57-170792ec76dd.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: beyond info solutions inc
Victim Site: beyondisinc.com
Center For Life Resources falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 120 GB of the organization’s data, reportedly including financial information, customer data, and contracts, and intends to publish it within 4–5 days.
Date: 2025-12-23T14:06:58Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6949c31488b6823fa2f54850
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35eefdd5-b576-4fe3-beb4-387e412131d1.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: center for life resources
Victim Site: cflr.us
Geometrics Inc. falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 40 GB of the organization’s data. The compromised data reportedly includes confidential and financial information, which they intend to publish within 1–2 days.
Date: 2025-12-23T13:56:29Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6949c3a888b6823fa2f54a3c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/625dafaa-1ad5-4117-93fe-23a048815356.png
https://d34iuop8pidsy8.cloudfront.net/e35378f6-72e4-4b40-bf8e-60068e1e5d32.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: geometrics inc.
Victim Site: geometrics.com
Alleged data breach of Cox’s Bazar District Police
Category: Data Breach
Content: The group claims to have leaked organization’s data.
Date: 2025-12-23T13:44:23Z
Network: telegram
Published URL: https://t.me/c/2730963017/821
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85b4ce63-d842-443a-b9bb-72ae812860a5.png
Threat Actors: TEAM BD CYBER NINJA
Victim Country: Bangladesh
Victim Industry: Law Enforcement
Victim Organization: cox’s bazar district police
Victim Site: coxsbazarpolice.gov.bd
Alleged Data Breach of Royal Thai Navy Medical Department
Category: Data Breach
Content: Group claims to have accessed the organization’s internal systems and leaked login credentials along with other sensitive data.

NB: The authenticity of the claim is yet to be verified.
Date: 2025-12-23T13:33:35Z
Network: telegram
Published URL: https://t.me/kkg_z/768
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe637875-28da-478e-ad7c-4906ee893bac.png
https://d34iuop8pidsy8.cloudfront.net/a73dd530-4dec-47af-a573-be673797ab38.png
https://d34iuop8pidsy8.cloudfront.net/79570657-5874-48d3-9bcd-9169aa351b36.png
https://d34iuop8pidsy8.cloudfront.net/efae6eaf-e0fd-490f-a48e-fe03681d1626.png
Threat Actors: KKG-Z
Victim Country: Thailand
Victim Industry: Military Industry
Victim Organization: royal thai navy medical department
Victim Site: app.nmd.go.th

Alleged data breach of unidentified Indian Government System
Category: Data Breach
Content: The group claims to have breached data from an unidentified Indian Government System, compromised data includes Names, E-mails, Phone numbers, Actions.

NB: This breach was conducted by SUDIAS0X.
Date: 2025-12-23T13:26:45Z
Network: telegram
Published URL: https://t.me/c/2730963017/822
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd3c2fac-e447-4103-9833-9ff4d7160337.png
Threat Actors: TEAM BD CYBER NINJA
Victim Country: India
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown

Alleged login access to The Ministry of Foreign Affairs of the Russian Federation
Category: Initial Access
Content: The group claims to have gained login access to The Ministry of Foreign Affairs of the Russian Federation
Date: 2025-12-23T12:36:49Z
Network: telegram
Published URL: https://t.me/topsecretdocumentsleaked/171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6422710-ab1d-418d-bbd5-8167ca11cc1c.JPG
Threat Actors: JRINTEL FREE DATA V3
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: the ministry of foreign affairs of the russian federation
Victim Site: mid.ru
DimasHxR targets the website of Frisuren-online.com
Category: Defacement
Content: The group claims to have defaced the website of Frisuren-online.com.
Date: 2025-12-23T12:34:14Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220421
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/319c1836-25e6-45d8-b87e-107440c2de4b.png
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Information Technology (IT) Services
Victim Organization: frisuren-online.com
Victim Site: frisuren-online.com
Alleged Unauthorized Access to a Water Treatment SCADA System in France
Category: Initial Access
Content: The group claims to have gained access to the SCADA system of the Syndicat du Morel water treatment plant in France, reportedly enabling control over pumps and mixers, tank level regulation, filtration and reagent dosing, and real-time monitoring of pH, temperature, and other operational parameters.
Date: 2025-12-23T12:21:14Z
Network: telegram
Published URL: https://t.me/zpentestalliance/883
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b484f88b-54a0-40e8-a321-8c48efbe4114.png
https://d34iuop8pidsy8.cloudfront.net/f690c211-10e2-41dd-be18-08db9060f486.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Bangkalan Regency
Category: Data Breach
Content: The group claims to have leaked data from Bangkalan Regency.
Date: 2025-12-23T12:12:42Z
Network: telegram
Published URL: https://t.me/MR_PLAX/120
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b548c3c0-fb35-41b5-8e55-b786fbb862d3.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chatham Asset Management, LLC.
Category: Data Breach
Content: Group claims to have obtained organization’s data and intent to publish it within 1-2 days.
Date: 2025-12-23T11:59:33Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/2396947203/overview
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9539d280-260c-49db-8232-9e4d975d5155.png
https://d34iuop8pidsy8.cloudfront.net/9b2b91de-db7e-4771-819c-bb7f627f0a64.png
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: chatham asset management, llc.
Victim Site: chathamasset.com
DimasHxR targets the website of Fusion Project
Category: Defacement
Content: The group claims to have defaced the website of Fusion Project
Date: 2025-12-23T11:52:36Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220429
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/818474a0-9e4b-41b3-be09-fc22680996e4.JPG
Threat Actors: DimasHxR
Victim Country: Denmark
Victim Industry: Non-profit & Social Organizations
Victim Organization: fusion project
Victim Site: fusion-project.com
DimasHxR targets the website of Pannon University – Freshman Camp
Category: Defacement
Content: The group claims to have defaced the website of Pannon University – Freshman Camp.
Date: 2025-12-23T11:36:51Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220398
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/758dfbe2-ccfa-40c9-9ebb-6cf3dba9dd96.png
Threat Actors: DimasHxR
Victim Country: Hungary
Victim Industry: Education
Victim Organization: pannon university – freshman camp
Victim Site: pannongolyak.hu
Alleged sale of Bright Data accounts
Category: Initial Access
Content: Threat actor claims to be selling KYC accounts from Bright Data
Date: 2025-12-23T11:29:28Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272592/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/12315b85-4dfe-40fc-b9c8-1f563db8ef54.jpg
Threat Actors: bekirgurer
Victim Country: Israel
Victim Industry: Information Services
Victim Organization: bright data
Victim Site: brightdata.com
DimasHxR targets the website of GROUP RFEM
Category: Defacement
Content: The group claims to have defaced the website of GROUP RFEM.
Date: 2025-12-23T11:17:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220413
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/263dc413-82e6-4842-82e4-7382a6303b94.png
Threat Actors: DimasHxR
Victim Country: Gabon
Victim Industry: Automotive
Victim Organization: group rfem
Victim Site: rfem-climauto.com
Alleged Disclosure of Critical Vulnerabilities in Pulse Bangladesh
Category: Vulnerability
Content: The group claims to have disclosed multiple critical vulnerabilities affecting the Pulse Bangladesh website. The issues reportedly stem from vulnerable components in the GiveWP donation plugin and an outdated PHP runtime, potentially exposing the site to severe security risks.
Date: 2025-12-23T11:08:05Z
Network: telegram
Published URL: https://t.me/ZeroCertHackers/908
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/67ab5ad2-31b2-492d-8227-5d4572a00f48.png
Threat Actors: ZeroCertHackers
Victim Country: Bangladesh
Victim Industry: Non-profit & Social Organizations
Victim Organization: pulse bangladesh
Victim Site: pulsebd.org
DimasHxR targets the website of Le Chamois d’Or
Category: Defacement
Content: The group claims to have defaced the website of Le Chamois d’Or
Date: 2025-12-23T11:05:34Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220440
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bef46795-9f5b-41c6-9e12-d31b6f1bacdb.JPG
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Events Services
Victim Organization: le chamois d’or
Victim Site: le-chamoisdor.com
DimasHxR targets the website of IPICB
Category: Defacement
Content: The group claims to have defaced the website of IPICB.
Date: 2025-12-23T10:57:37Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220427
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d06a6c52-ffc4-40d6-846d-7103c6e7cdab.png
Threat Actors: DimasHxR
Victim Country: Iran
Victim Industry: Oil & Gas
Victim Organization: ipicb
Victim Site: ipicb.ir
Alleged data leak of Government of Telangana
Category: Data Breach
Content: The group claims to have leaked data from Government of Telangana.
Date: 2025-12-23T10:55:47Z
Network: telegram
Published URL: https://t.me/c/3614850505/109
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7847546-1ab8-4d3a-b79c-380936896050.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Government Administration
Victim Organization: government of telangana
Victim Site: telangana.gov.in
DimasHxR targets the website of Thrimana Books
Category: Defacement
Content: The group claims to have defaced the website of Thrimana Books
Date: 2025-12-23T10:48:42Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220437
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85727e01-c860-415d-b9bd-ee125a03623e.JPG
Threat Actors: DimasHxR
Victim Country: Sri Lanka
Victim Industry: E-commerce & Online Stores
Victim Organization: thrimana books
Victim Site: thrimana.lk
Alleged data sale of Pin Hwa High School Klang
Category: Data Breach
Content: Threat actor claims to be selling data from Pin Hwa High School Klang. The compromised data reportedly contain students and parents details including name, email, phone number, etc.
Date: 2025-12-23T10:43:49Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Malaysia-200k-Name-Phone-Email-NRIC-NO-BIRTH-CERT-NO-1cube-my-smpinhwa-edu-my
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd834657-5f1a-40f4-8545-78f8423b8616.png
Threat Actors: AgSlowly
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: pin hwa high school klang
Victim Site: smpinhwa.edu.my
Alleged data sale of Mirtylla
Category: Data Breach
Content: “The threat actor claims to be selling 100K lines of data from Mirtylla, allegedly containing names, email addresses, passwords, dates of birth, and more.
Date: 2025-12-23T10:33:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Italy-mirtylla-com-Online-Shopping-Database100K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c2a9d50-691b-40d6-8d88-38ee6b82efda.png
https://d34iuop8pidsy8.cloudfront.net/f59380c2-ab5e-44d8-b364-8d9e7f4a01e4.png
Threat Actors: camillabf
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: mirtylla
Victim Site: mirtylla.com
DimasHxR targets the website of NEODERME DERMATOLOGY AND AESTHETICS
Category: Defacement
Content: The group claims to have defaced the website of NEODERME DERMATOLOGY AND AESTHETICS
Date: 2025-12-23T10:30:30Z
Network: openweb
Published URL: https://defacer.id/mirror/id/220439
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d55429eb-0579-4979-bb9c-60ffe34ef323.JPG
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Hospital & Health Care
Victim Organization: neoderme dermatology and aesthetics
Victim Site: neoderme.com.br
Alleged sale of Indonesian billing data
Category: Data Breach
Content: “The threat actor claims to be selling Indonesian billing data, allegedly containing names, email addresses, physical addresses, and more.
Date: 2025-12-23T10:26:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Indonesia-Billing-Data-Name-Address-Email
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/527ceb43-01d1-466b-9ce6-8a53e6cc07a3.png
Threat Actors: Nerius
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged login access to Thanachart Employees Savings Cooperative Limited
Category: Initial Access
Content: The group claims to have gained login access to Thanachart Employees Savings Cooperative Limited
Date: 2025-12-23T10:07:42Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/344
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43cc8d26-c201-44b5-be4e-c2901be7ff83.JPG
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Financial Services
Victim Organization: thanachart employees savings cooperative limited
Victim Site: thanachartcoop.or.th
Alleged sale of AV/EDR killer
Category: Malware
Content: The threat actor claims to be selling an AV/EDR Killer. The tool is described as malware capable of terminating antivirus and endpoint security processes and completely removing AV/EDR software from the filesystem.
Date: 2025-12-23T09:12:16Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-AV-EDR-Killer
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f525b79-3160-4649-9bfd-492634baf679.png
Threat Actors: deadFrog
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Samsung Neo Information Co., Ltd
Category: Data Breach
Content: The threat actor claims to have breached data from Samsung Neo Information Co., Ltd, allegedly containing IDs, emails, names, phone numbers, and more.
Date: 2025-12-23T09:00:21Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-neob2b-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1ee8a194-abea-4b2e-8be4-77deb10bfe9b.JPG
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Information Technology (IT) Services
Victim Organization: samsung neo information co., ltd
Victim Site: neob2b.co.kr
Alleged data breach of pms.swtown.co.kr
Category: Data Breach
Content: The threat actor claims to have breached data from pms.swtown.co.kr, allegedly containing IDs, emails, mobile number and more.
Date: 2025-12-23T09:00:07Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database%C2%A0pms-swtown-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0bebb47-1690-4b61-a127-574cda8be96f.png
Threat Actors: AshleyWood2022
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pms.swtown.co.kr
Alleged data breach of qwerty.co.kr
Category: Data Breach
Content: The threat actor claims to have breached data from qwerty.co.kr, allegedly containing IDs, emails, names, phone numbers, sex, dates of birth, and more.
Date: 2025-12-23T08:45:28Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-qwerty-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3086f164-3f70-41d3-99dc-f9ef84c95610.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Social Media & Online Social Networking
Victim Organization: Unknown
Victim Site: qwerty.co.kr
Alleged data leak of The Korea Employment Association for Middle-aged and Older Persons (KEA)
Category: Data Breach
Content: Threat actor claims to have leaked data from The Korea Employment Association for Middle-aged and Older Persons (KEA). The compromised data reportedly include name, password, email, phone number, etc.
Date: 2025-12-23T08:39:09Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-kapae-or-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7aa8cd26-bc52-44f0-a1f1-b7059e4af58b.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Non-profit & Social Organizations
Victim Organization: the korea employment association for middle-aged and older persons
Victim Site: kapae.or.kr
Alleged data breach of seise.co.kr
Category: Data Breach
Content: The threat actor claims to have breached data from seise.co.kr, allegedly containing IDs, emails, names, passwords, and more.
Date: 2025-12-23T08:31:49Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-seise-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7aad36c8-7aa6-44a0-898b-6719425c64e9.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: seise.co.kr
Alleged data breach of Waplus
Category: Data Breach
Content: The threat actor claims to have breached data from Waplus, allegedly containing IDs, emails, names, photos, sex, dates of birth, and more.
Date: 2025-12-23T08:26:32Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-waplez-com-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b787da3c-14fc-4300-b21f-35e5238ae432.png
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Software Development
Victim Organization: waplus
Victim Site: waplez.com
Islamic Sciene University of Malaysia falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained 107 GB of the organization’s internal data.
Date: 2025-12-23T08:02:16Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f0a06933-866e-3b99-85e1-0a0c6c4589bc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8120827b-281c-4473-9585-ecb106ab6b09.jpg
Threat Actors: Qilin
Victim Country: Malaysia
Victim Industry: Biotechnology
Victim Organization: islamic sciene university of malaysia
Victim Site: usim.edu.my
Alleged data sale of Unze London
Category: Data Breach
Content: Threat actor claims to be selling data from Unze London. The compromised data reportedly include name, email, phone number, address, etc.
Date: 2025-12-23T07:55:53Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Pakistan-Shopping-Unze-579-000-lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03bdfb5b-9157-4ed7-b52c-2ca75268e791.png
https://d34iuop8pidsy8.cloudfront.net/58f16516-46b9-4c55-b9e5-3139cfcec679.png
Threat Actors: Sorb
Victim Country: Pakistan
Victim Industry: E-commerce & Online Stores
Victim Organization: unze london
Victim Site: unze.com.pk
Alleged data sale of Stovekraft
Category: Data Breach
Content: Threat actor claims to be selling data from Stovekraft. The compromised data reportedly include name, phone number, email, password, etc.
Date: 2025-12-23T07:49:55Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-India-840-000-users-stovekraft-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/95bdd1d3-fb6a-4736-9b14-36e3d52ea67a.png
https://d34iuop8pidsy8.cloudfront.net/896aad92-eae4-4698-ab41-85860376967d.png
Threat Actors: Sorb
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: stovekraft
Victim Site: stovekraft.com
Alleged data sale of EveryPayJoy
Category: Data Breach
Content: Threat actor claims to be selling data from EveryPayJoy. The compromised data reportedly include name, email, password, phone number, etc.
Date: 2025-12-23T07:32:23Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-USA-everypayjoy-com-225-000-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2cf6e860-b61a-4e0c-b851-b33a97e70e79.png
Threat Actors: Sorb
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: everypayjoy
Victim Site: everypayjoy.com
Alleged data sale of DINISSAN
Category: Data Breach
Content: Threat actor claims to be selling data from DINISSAN. The compromised data reportedly include email, name, phone number, etc.
Date: 2025-12-23T07:23:36Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Colombia-680k-Name-Email-NIT-Celular-Direccion-dinissan-com-co
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a632803-7b9b-4875-8be9-962f6f52c4f7.png
Threat Actors: AgSlowly
Victim Country: Colombia
Victim Industry: Automotive
Victim Organization: dinissan
Victim Site: dinissan.com.co
Allegedly purchasing email addresses and passwords from the UAE and other countries
Category: Alert
Content: An Exploit forum user claims to be purchasing email addresses and passwords from the UAE and other countries, including Taiwan, Israel, China, New Zealand.
Date: 2025-12-23T07:16:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272587/ eda ith ne tanne add akkikoda
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d720bb17-6ea3-4013-880e-de4b2f329234.png
Threat Actors: Milaano
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Kansas State Legislature
Category: Data Breach
Content: The threat actor claims to have leaked data from the Kansas State Legislature, allegedly containing names, cities, email addresses, countries, and more.
Date: 2025-12-23T07:15:30Z
Network: openweb
Published URL: https://raidforums.st/Thread-EMAIL-PASS-kansas-legislature-gov-database-leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fdfb9b04-b3a2-45a9-a233-91604206b1be.png
Threat Actors: Krong
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: kansas state legislature
Victim Site: kslegislature.gov
Alleged data breach of Hotjobs.id
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly associated with Hotjobs.id. The leaked data reportedly includes photos of resident identity cards, family registration numbers, and photographs of individuals holding their identity cards.
Date: 2025-12-23T06:32:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Hotjobs-id-database-leak-by-AYYUBI-free-download-%E2%80%BC%EF%B8%8F%E2%80%BC%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b2ff834-da4d-4032-849a-3f213a2fd573.png
Threat Actors: ayyubi
Victim Country: Indonesia
Victim Industry: Staffing/Recruiting
Victim Organization: hotjobs.id
Victim Site: hotjobs.id
Alleged sale of US Retail Transaction Database
Category: Data Breach
Content: Threat actor claims to have leaked 960K+ transaction records allegedly collected from US retail stores’ equipment and software systems. The dataset reportedly contains 277K unique email addresses and 273K unique phone numbers, along with transaction and customer details such as names, IP addresses, billing and shipping addresses, city, state, country, postal codes, email, phone number, and transaction metadata
Date: 2025-12-23T06:09:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272591/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c243e49-3bc0-4f93-9701-cd2e4890d528.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Customer data from stores in USA
Category: Data Breach
Content: Threat actor claims to have leaked 351K+ customer records allegedly collected from retail stores in the United States. The dataset reportedly contains 99K unique email addresses and 96K unique phone numbers, with around 77K records from the US and 26K from other countries.
Date: 2025-12-23T05:58:24Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272589/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5d8eb73-ccee-41c6-bbaa-9c32e992ff07.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Gondwana University
Category: Data Breach
Content: The Group claims to have breached the database of Gondwana University, Gadchiroli

NB: The organization was previously breached on May 30, 2025
Date: 2025-12-23T04:56:27Z
Network: telegram
Published URL: https://t.me/c/3614850505/100
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f7b8ac0-0093-4177-9a25-5ea16db36b7d.png
Threat Actors: GHOSTNET-X
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: gondwana university
Victim Site: unigug.ac.in

Alleged sale of unauthorized Linux server access
Category: Initial Access
Content: Threat actor claims to be selling unauthorized root and user access to Linux servers.
Date: 2025-12-23T04:36:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272550/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22bacf28-e8c2-4f36-89b4-aeec87df1c1b.png
Threat Actors: BuyChara
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Stripe API Keys with $100K+ balance
Category: Initial Access
Content: Threat actor claims to be selling two compromised Stripe API keys with a reported total balance exceeding $100,000, allegedly granting access to payment processing capabilities.
Date: 2025-12-23T04:32:57Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272540/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c5b59574-fb22-4ed3-9ba4-d7edced1943f.png
Threat Actors: XHJACK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Japanese credential dumps
Category: Data Breach
Content: The threat actor claims to be selling Japanese credential dumps in plaintext format. The data includes credentials in both email:password and phone:password formats.
Date: 2025-12-23T02:56:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-UHQ-Japan-Dumps-Plaintext
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a936edc-1dcb-403d-a7e5-381b6a8cb274.png
Threat Actors: Seacoat
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Caisse d’Allocations Familiales
Category: Data Breach
Content: Threat actor claims to have leaked a CAF (Caisse d’Allocations Familiales) database in France, allegedly exposing ~15.3GB of structured personal data.
Date: 2025-12-23T02:37:23Z
Network: openweb
Published URL: https://leakbase.la/threads/caf-fr-22-4m-2025.47415/#post-263395
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9bdd2a9-ef5f-43ea-a45a-a6ebc72ea4a4.png
Threat Actors: USDT
Victim Country: France
Victim Industry: Government Administration
Victim Organization: caisse d’allocations familiales
Victim Site: caf.fr
Hanlon Electric Company falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2025-12-23T01:43:39Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6949bdab88b6823fa2f53e27
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef18a12f-efe8-497c-a36d-e2d46be4be06.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: hanlon electric company
Victim Site: hanlonelectric.com
Alleged Data Leak of Grupo Panama
Category: Data Breach
Content: The threat actor claims to be selling internal corporate data belonging to Grupo Panama, a Mexican restaurant and bakery chain operating mainly in the Sinaloa region. The allegedly leaked dataset is approximately 35 GB in size and includes financial records, tax documents, employee and supplier information, internal operational files, and multimedia content. The data is being offered for sale at a price of USD 3,500.
Date: 2025-12-23T01:42:15Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/272584/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de4b98d1-ed32-40de-a202-3ef5e32907aa.png
https://d34iuop8pidsy8.cloudfront.net/81be7f2e-fde7-4b9e-a16c-008e819c0ef6.png
https://d34iuop8pidsy8.cloudfront.net/bc90b306-09b7-4bd4-93e1-fb37a25c70ea.png
Threat Actors: zestix
Victim Country: Mexico
Victim Industry: Restaurants
Victim Organization: grupo panama
Victim Site: panama.com.mx
DEFACER INDONESIAN TEAM targets the website of SMK Tamansiswa Kudus
Category: Defacement
Content: The group claims to have defaced and deleted the website of SMK Tamansiswa Kudus
Date: 2025-12-23T01:04:34Z
Network: telegram
Published URL: https://t.me/c/2433981896/222
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/94447cb6-ea74-44db-9516-5ec5fdb979a0.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smk tamansiswa kudus
Victim Site: pengumuman.smkts-kudus.sch.id
Alleged data breach of Khamphoempittaya School
Category: Data Breach
Content: The group claims to have breached databases of Khamphoempittaya School

NB: Authenticity of claims is yet to be verified
Date: 2025-12-23T00:37:52Z
Network: telegram
Published URL: https://t.me/kkg_z/742
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d789588-56a6-4d15-9a22-7be1d21c1ff0.png
Threat Actors: KKG-Z
Victim Country: Thailand
Victim Industry: Education
Victim Organization: khamphoempittaya school
Victim Site: khamphoempittaya.ac.th

Alleged sale of government-verified Twitter accounts
Category: Data Breach
Content: Alleged sale of government and multilateral organization checkmarked Twitter accounts.
Date: 2025-12-23T00:20:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Government-Checkmarks-on-Twitter
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dd9b9ff-9385-4890-a08d-b233c5498822.png
Threat Actors: ahah
Victim Country: Unknown
Victim Industry: Government Relations
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Chronopost France customer database
Category: Data Breach
Content: The threat actor claims to be selling the Chronopost France database.
Date: 2025-12-23T00:06:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-CHRONOPOST-FR-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a84f138-b9dc-4f10-8c8a-5bd5bec5a108.png
Threat Actors: breach3d
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: chronopost
Victim Site: chronopost.fr