[December-29-2025] Daily Cybersecurity Threat Report

Executive Summary

On December 29, 2025, a significant surge in cyber activity was detected across multiple vectors. The intelligence indicates a coordinated or coincidental spike in ransomware extortion (particularly by the group SAFEPAY), critical infrastructure targeting (industrial control systems and energy sectors), and high-profile government data leaks. Threat actors are leveraging Telegram, Tor, and dark web forums to publicize breaches, sell access, and distribute malware.

1. Critical Infrastructure & Industrial Control Systems (ICS)

A concerning trend in this dataset is the direct targeting of operational technology (OT) and industrial systems, posing physical and safety risks.

Energy & Utilities:
- Germany: The group NoName057(16) claimed unauthorized access to the WKW Vorbachmuehle hydroelectric power station. Additionally, the Z-PENTEST ALLIANCE claimed access to a WESATEC pump and process-control system associated with a German road authority facility.+1
- Spain: Qilin ransomware targeted Grupo Hafesa (rebranded as Haxx Energy), an energy trading and hydrocarbons group.
Manufacturing Control Systems:
- Italy: The Infrastructure Destruction Squad claimed access to TK Luxury Footwear Machinery’s industrial control system, allegedly gaining control over molding chamber temperatures and boiler pressures.
- France: The same group claimed access to BRETAGNE HUITRES production control systems, reportedly halting production.

2. Ransomware Campaigns

Ransomware groups were highly active, utilizing “double extortion” tactics (encrypting data and threatening to leak it).

Major Campaigns

SAFEPAY: Executed a massive coordinated release of victims across the US, UK, Germany, Argentina, and Spain. Victims included SETEX Textil , David Rosen Bakery Supplies , Knight Group , Moore Lumber , Medical Research Inc , and several others in construction and manufacturing.+4
LOCKBIT 5.0: Targeted organizations in Spain, Germany, and the USA, including Labayen y Laborde S.L. , Klax Gruppe , Samkee America Inc (Automotive) , and SURFISH TRADE.+3
PLAY: Focused on US and Canadian targets including Esquire Brands , MP Filtri Inc. , and Genoa Lakes Golf Club.+2
Qilin: Aside from the energy sector, they targeted SINTAC Recycling (Spain) and Willowdale Steeplechase (USA).+1

Other Notable Ransomware Activity

DragonForce: Claimed to steal over 800GB of data from NK Technologies and Burnex Corp.+1
INC RANSOM: Targeted Omrania, an architecture firm in Saudi Arabia, claiming 400 GB of data.
Gunra: Claimed 650 GB from Inha University in South Korea.

3. Government & Military Data Leaks

High-value government targets were exposed, with actors claiming possession of sensitive internal records.

United States:
- RED EYES claimed to have leaked data from the NSA, CIA, FBI, and US Supreme Court, though authenticity is unverified. They specifically posted an alleged breach of the FBI internal database.+1
India:
- Threat actor breach3d claimed to leak a sensitive database linked to the Indian Air Force and Indian Army, including aircraft positions.
France:
- LAPSUS$ GROUP claimed a 60.9GB leak from the Ministry of Agriculture.
Brazil:
- A massive breach of Rede Nacional de Dados em Saúde (394 GB) was alleged, exposing COVID-19 vaccination records and patient PII.
Cambodia:
- The group H3C4KEDZ claimed access to the Office of the Council of Ministers and the Accounting and Auditing Regulator.+1
Indonesia:
- Leaks involved the Dukcapil database (5.5GB) and government portal credentials.+1

4. Corporate & Financial Data Breaches

Cybercriminals are actively selling or leaking large consumer and corporate datasets.

Financial & Crypto:
- Binance: An alleged dataset of 28 million US/Canadian users is being sold.
- TransUnion: A database containing Canadian citizen info allegedly sourced directly from TransUnion is up for sale.
Healthcare:
- Mena City Hospital (Ukraine): Data on 5,000 individuals leaked.
- APC Home Health Service (USA): Victimized by Nova Ransomware.
Notable Corporate Sales:
- Hyundai Ukraine: 129,000 records for sale.
- Footlocker France: Customer PII leak.
- Al-Nassr FC: Player and club documents offered for sale.
- GitHub API Keys: Sale of compromised keys for high-profile repositories.

5. Initial Access & Malware Markets

A thriving market for access and tools was observed.

Initial Access Sales:
- Root Access: Sales of root-level access to multiple systems.
- Websites: H3xV0id claimed admin access to 4,118 websites globally.
- Specific Access: Sales included access to IntelX API Backdoors , Hostinger Webmail , and Office Supplies in Singapore.+2
Malware Tools:
- Atlas macOS Stealer: A new info-stealer targeting macOS.
- CARGER: A Windows-based “Light HVNC/Stealer” for crypto fraud.
- AV Killed Loads: “Clean” Windows 11 installs with disabled security for malware deployment.

6. Defacement (Hacktivism)

Several groups engaged in website defacement, primarily targeting smaller organizations and government sub-domains to send political or reputation-damaging messages.

NullSector: Highly active, targeting sites like Cckjsx Club , Josfra Services , TechieSquads , and 2K Threads.+3
BontenSec: Focused heavily on Brazilian government infrastructure, defacing Secretaria de Administração e Previdência , Novacap , and SEDUC/RO.+2
Other Actors: V FOR VENDETTA, Defacer Indonesian Team, and Ghostnet-X also conducted defacement operations.

Conclusion

The intelligence report for December 29, 2025, reveals a volatile cyber threat landscape characterized by three distinct high-risk trends:

Escalation to Kinetic Threats: The successful access to hydroelectric power stations and industrial pump systems in Germany and Italy indicates that threat actors are moving beyond data theft toward the capability to disrupt physical infrastructure.
Sovereign Data Exposure: The alleged simultaneous breaches of US intelligence agencies (FBI/NSA), Indian military databases, and French/Brazilian government ministries suggest a degradation of state-level data sovereignty.
Industrialized Ransomware: The sheer volume of victims posted by SAFEPAY and LOCKBIT 5.0 in a single day demonstrates that ransomware-as-a-service (RaaS) operations are functioning at an industrial scale, targeting everything from local bakeries to multinational energy conglomerates.

Detected Incidents Draft Data

Alleged data leak of multiple US government agencies
Category: Data Breach
Content: Threat actor claims to have leaked data from several U.S. government agencies, including the NSA, CIA, FBI, U.S. Supreme Court, U.S. Department of War and NATO phone numbers.

NB: Authenticity of the claim is yet to be verified.
Date: 2025-12-29T23:21:39Z
Network: telegram
Published URL: https://t.me/c/3470684086/209
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63b55716-360e-421d-bb9a-52c07151b7c3.png
Threat Actors: RED EYES
Victim Country: USA
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of Mena City Hospital
Category: Data Breach
Content: The group claims to have leaked the internal database of Mena City Hospital, allegedly exposing recent data containing names, phone numbers, addresses, email IDs, passwords, a small number of passport details, and information on more than 5,000 individuals.
Date: 2025-12-29T22:58:15Z
Network: telegram
Published URL: https://t.me/perunswaroga/921
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c58c9fb7-0571-4a5a-a605-26530ae3b237.png
https://d34iuop8pidsy8.cloudfront.net/37020390-dedc-48e4-8cdf-ed03b3982fb3.png
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Hospital & Health Care
Victim Organization: mena city hospital
Victim Site: menahospital.org.ua
Alleged data breach of Federal Bureau of Investigation (FBI)
Category: Data Breach
Content: The group claims to have leaked the internal database from Federal Bureau of Investigation (FBI)
Date: 2025-12-29T22:42:47Z
Network: telegram
Published URL: https://t.me/c/3470684086/195
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0cda09be-9d6d-4a8e-80fb-bb29afb0f6c9.png
Threat Actors: RED EYES
Victim Country: USA
Victim Industry: Law Enforcement
Victim Organization: federal bureau of investigation (fbi)
Victim Site: fbi.gov
Alleged data breach of Reduction-Impots.Fr
Category: Data Breach
Content: A threat actor claims to leacked data from Reduction-Impots.Fr. which includes full names, email addresses, phone numbers, home addresses, postal codes, cities, gender, and dates of birth.
Date: 2025-12-29T22:37:13Z
Network: openweb
Published URL: https://leakbase.la/threads/reduction-impots-fr.47743/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9432b42-384b-4eb7-ae6e-975593b2580d.png
Threat Actors: frog
Victim Country: France
Victim Industry: Financial Services
Victim Organization: reduction-impots.fr
Victim Site: reduction-impots.fr
Alleged leak of shell access to Rosy Buds Bal Batika Secondary School
Category: Initial Access
Content: The group claims to have gained unauthorized shell access to the website of Rosy Buds Bal Batika Secondary School
Date: 2025-12-29T22:24:34Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/538
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e2d8c28-148d-40c0-87dc-a94bfda12b0a.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Nepal
Victim Industry: Education
Victim Organization: rosy buds bal batika secondary school
Victim Site: rosybuds.edu.np
Alleged sale of Atlas macOS Stealer
Category: Malware
Content: The threat actor claims to be selling Atlas macOS Stealer, a newly advertised information-stealing malware targeting macOS systems. which including browser credentials, session tokens, and locally stored user information.
Date: 2025-12-29T22:16:00Z
Network: openweb
Published URL: https://bhf.pro/threads/717765/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6092e0a-f4cf-40f3-a48d-423adcee1ea4.png
Threat Actors: Mr.Stuxnot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Disability:IN
Category: Data Breach
Content: A threat actor claims to have leaked data associated with Disability:IN .The exposed dataset reportedly contains 900+ rows of corporate contact and lead information, including names, job titles, company affiliations, and email addresses of professionals from major organizations.
Date: 2025-12-29T22:08:41Z
Network: openweb
Published URL: https://xss.pro/threads/145097/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7216011d-60f2-4528-99d9-23e34d1c0f99.png
Threat Actors: machinegun
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: disability:in
Victim Site: disabilityin.org
SETEX Textil falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T22:01:33Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/setex-textilde/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b1c393a4-38b4-40ca-a5b2-808ab1ff2375.png
Threat Actors: SAFEPAY
Victim Country: Germany
Victim Industry: Manufacturing
Victim Organization: setex textil
Victim Site: setex-textil.de
David Rosen Bakery Supplies falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:56:50Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/davidrosenbakerysupplycom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dbaba0b2-70fe-4fd8-835b-0dddda0624da.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Wholesale
Victim Organization: david rosen bakery supplies
Victim Site: davidrosenbakerysupply.com
Knight Group falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:52:09Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/knightgroupcouk/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6e089f57-ab2a-4629-af75-58f3f541659f.png
Threat Actors: SAFEPAY
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: knight group
Victim Site: knightgroup.co.uk
Moore Lumber and Hardware falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:50:11Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/moorelumbercom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a3af781-fab8-4725-8ee8-21f3640e2d09.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: moore lumber and hardware
Victim Site: moorelumber.com
UsdawLearn falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:43:56Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/usdaworguk/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91948179-cf15-4e91-845e-f41b7a629404.png
Threat Actors: SAFEPAY
Victim Country: UK
Victim Industry: Education
Victim Organization: usdawlearn
Victim Site: usdaw.org.uk
Medical Research Inc falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:36:47Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/investigacionesmedicascom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ad8d76d-cceb-47c6-b130-7ec74b9518eb.png
Threat Actors: SAFEPAY
Victim Country: Argentina
Victim Industry: Hospital & Health Care
Victim Organization: medical research inc
Victim Site: investigacionesmedicas.com
International Specialty Supply falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:28:46Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/sproutnetcom/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/253d7181-a151-4728-a0da-b4b4cd5c9c1f.png
Threat Actors: SAFEPAY
Victim Country: USA
Victim Industry: Farming
Victim Organization: international specialty supply
Victim Site: sproutnet.com
Precision Aluminum falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:28:04Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/precisionaluminumca/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3c9a1d5-b61f-4a60-bc3a-175ee1bb1cdb.png
Threat Actors: SAFEPAY
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: precision aluminum
Victim Site: precisionaluminum.ca
Estrumar Metalworks falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 4-5 days.
Date: 2025-12-29T21:21:59Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/estrumares/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3db1f6e1-0d85-48bc-9f1a-baf7c9d8674b.png
Threat Actors: SAFEPAY
Victim Country: Spain
Victim Industry: Building and construction
Victim Organization: estrumar metalworks
Victim Site: estrumar.es
Alleged admin access to multiple unidentified websites
Category: Initial Access
Content: A recent post by the group indicates that they have gained unauthorized access and leaked administrator credentials to 4,118 websites, including government entities, regime‑affiliated institutions, private companies, and ordinary sites.
Date: 2025-12-29T21:13:49Z
Network: telegram
Published URL: https://t.me/H3xV0id_Official/421
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de20fe3a-2b39-4443-93f3-a09338df8d80.png
Threat Actors: H3xV0id
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Esquire Brands falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and they intend to publish it within 5 days.
Date: 2025-12-29T20:33:15Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=Q23xWAmU4J8d2t
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de029d13-074d-423c-b120-47d858f7c608.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Fashion & Apparel
Victim Organization: esquire brands
Victim Site: esquirebrands.com
MP Filtri Inc. falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and they intend to publish it within 5 days.
Date: 2025-12-29T20:30:53Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=Uv1pnOXLLioIZq
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/68e8ba48-b286-468c-b247-cdf6ffd2d074.png
Threat Actors: PLAY
Victim Country: Canada
Victim Industry: Manufacturing & Industrial Products
Victim Organization: mp filtri inc.
Victim Site: mpfiltricanada.com
STGHO3T claims to target the Middle East region
Category: Alert
Content: A recent post by the group indicates that they’re targeting the Middle East region.
Date: 2025-12-29T20:30:37Z
Network: telegram
Published URL: https://t.me/stgho3tV/97
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4657746-2d78-4857-9ac8-6e244e643644.png
Threat Actors: STGHO3T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Genoa Lakes Golf Club falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data. the data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and they intend to publish it within 5 days.
Date: 2025-12-29T20:22:14Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=24WK1yFdiLV7ZL
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/daea29b1-09ac-4e82-9a23-f96ef1168a7d.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Hospitality & Tourism
Victim Organization: genoa lakes golf club
Victim Site: genoalakes.com
Alleged data breach of Kassy
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly belonging to Kassy. The exposed data reportedly includes user account records and transaction-related informations.
Date: 2025-12-29T20:12:51Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-RUSSIA-kassy-ru-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8868c29-0f6e-4bd3-8381-a646358a5ab3.png
Threat Actors: Demetrius
Victim Country: Russia
Victim Industry: Events Services
Victim Organization: kassy
Victim Site: kassy.ru
Alleged data breach of Net 11
Category: Data Breach
Content: The group claims to have leaked the database of Net 11
Date: 2025-12-29T20:07:01Z
Network: telegram
Published URL: https://t.me/lunarisS3C/100
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1654896b-48b7-4faa-836f-156b3dbd17f4.jpg
Threat Actors: LunarisSec
Victim Country: Brazil
Victim Industry: Broadcast Media
Victim Organization: net 11
Victim Site: net11.com.br
C&R Electric, LLC falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and they intend to publish it within 5 days.
Date: 2025-12-29T19:59:56Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=Q8iXGWzD6MyJ31
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b22a6bd-914f-4ac8-b707-965db1c3d647.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: c&r electric, llc
Victim Site: candrelec.com
Alleged sale of multiple GitHub API keys.
Category: Data Breach
Content: The threat actor claims to be selling two allegedly compromised GitHub API keys. one key purportedly provides extensive administrative permissions to an account associated with a top-15 eCommerce CMS, while the second key allegedly grants access to highly popular LLM-related repositories with over 200,000 combined stars
Date: 2025-12-29T19:50:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272911/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/60a44d2c-d605-4bfc-8f84-5975bfed8c6d.png
Threat Actors: Nouname34672
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Root-Level Access to Multiple Systems
Category: Initial Access
Content: The threat actor claims to be offering a package of Unauthorized Root-Level Access to Multiple Systems.
Date: 2025-12-29T19:40:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272902/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/20f5630d-c939-4748-aa67-af272786b95d.png
Threat Actors: HydraS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to Royal School of Administration’s Learning Management System
Category: Initial Access
Content: The group claims to have gained unauthorized access to the Learning Management System of Royal School of Administration (ERA)
Date: 2025-12-29T19:34:34Z
Network: telegram
Published URL: https://t.me/BlackEyeThai/42
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd3f069e-ba5d-4f93-b0e9-098f24461a76.png
Threat Actors: BlackEye-Thai
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: royal school of administration (era)
Victim Site: lms.era.gov.kh
Alleged Sale of Stealer Logs Marketplace
Category: Logs
Content: A threat actor advertises the sale of fresh stealer logs allegedly collected via information-stealing malware. The dataset reportedly contains compromised account credentials and session data linked to multiple online services.
Date: 2025-12-29T19:18:07Z
Network: openweb
Published URL: https://darkforums.io/Thread-5GB-STEALER-LOGS-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FRESH-%E2%AD%90%EF%B8%8F29-12-2025%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c7d12ab-cca6-48c6-a6f7-d88af7de6dea.png
Threat Actors: apacheee1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Al Orman Association
Category: Data Breach
Content: A threat actor claims to be selling a leaked database allegedly associated with Al Orman Association, containing sensitive donor and transaction-related information such as full names, email addresses, phone numbers, bank details, donation amounts, payment references, receipt numbers, transaction statuses, and campaign identifiers.
Date: 2025-12-29T18:49:32Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-1-3-M-RAW-%E2%80%93-Al-Orman-Association-Egypt
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a133aa2-b437-448b-ae8f-65d7249902ea.png
Threat Actors: swipe899
Victim Country: Egypt
Victim Industry: Non-profit & Social Organizations
Victim Organization: al orman association
Victim Site: dar-alorman.com
Alleged data breach of Myelica
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly belonging to Myelica. The exposed dataset reportedly contains approximately 270,000 records in CSV/SQL format with MD5-hashed passwords.
Date: 2025-12-29T18:42:25Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-myelica-in-Database-India-CVS-SQL-270K-Hash-type-MD5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8253768b-c230-448a-9bfd-825559afb47a.png
Threat Actors: RainbowDF
Victim Country: India
Victim Industry: Consumer Services
Victim Organization: myelica
Victim Site: myelica.in
Alleged data leak of Iranian Center for Virtual and Open Education
Category: Data Breach
Content: The group claims to have leaked the internal database and defaced the website of the Iranian Center for Virtual and Open Educatio
Date: 2025-12-29T18:40:49Z
Network: telegram
Published URL: https://t.me/Legion_Offlcial/695?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81628606-ed50-427d-b1f6-41d6ce68fc62.jpg
Threat Actors: Legion
Victim Country: Iran
Victim Industry: Education
Victim Organization: iranian center for virtual and open education
Victim Site: ecc.kmsu.ac.ir
Alleged data breach of Saudi Icon Company
Category: Data Breach
Content: A threat actor claims to have leaked data from Saudi Icon Company. which including internal documents, project files, financial records, contracts, and employee-related information.
Date: 2025-12-29T18:22:26Z
Network: tor
Published URL: http://6czlbd2jfiy6765fbnbnzuwuqocg57ebvp3tbm35kib425k4qnmiiiqd.onion/ransom.html
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/718070af-88de-49b3-87d1-3ca502d98b21.png
Threat Actors: Kazu
Victim Country: Saudi Arabia
Victim Industry: Building and construction
Victim Organization: saudi icon company
Victim Site: saudi-icon.com
NK Technologies falls victim DragonForce Ransomware
Category: Ransomware
Content: The group claims to have obtained 816.67 GB of the organization’s data and they intend to publish it within 3-4 days.
Date: 2025-12-29T17:59:26Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c4ace889-eada-4f72-bec7-1b1df9844c1e.png
Threat Actors: DragonForce
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: nk technologies
Victim Site: nktechnologies.com
Alleged unauthorized access to Cambodia’s Accounting and Auditing Regulator website
Category: Initial Access
Content: The group claims to have gained unauthorized access to
Date: 2025-12-29T17:42:28Z
Network: telegram
Published URL: https://t.me/H3c4kedzHackerGroup/48
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc89247c-85b9-44a3-9cda-fa470dba05de.jpg
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Financial Services
Victim Organization: accounting and auditing regulator
Victim Site: acar.gov.kh
Burnex Corp. falls victim to DragonForce Ransomware
Category: Ransomware
Content: The group claims to have obtained 685.46 GB of the organization’s data and they intend to publish it within 1-2 days.
Date: 2025-12-29T17:34:01Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ea76bff0-965f-4c7d-af52-41fa7688e9e6.png
Threat Actors: DragonForce
Victim Country: USA
Victim Industry: Manufacturing & Industrial Products
Victim Organization: burnex corp.
Victim Site: burnexcorp.com
Labayen y Laborde S.L. falls victim to LOCKBIT 5.0 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 20-21 days.
Date: 2025-12-29T17:27:15Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/b9e8325963578e3e453e8d6b15ccb495
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1d118b3-7b80-4506-97ce-65d8eb13a5e1.png
Threat Actors: LOCKBIT 5.0
Victim Country: Spain
Victim Industry: Manufacturing & Industrial Products
Victim Organization: labayen y laborde s.l.
Victim Site: labayenylaborde.com
Klax Gruppe falls victim to LOCKBIT 5.0 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 20-21 days.
Date: 2025-12-29T17:24:11Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/959fc01fdcce3393d2556b38631465b7
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a24dc905-17ae-4e6a-b483-59549c2202d7.png
Threat Actors: LOCKBIT 5.0
Victim Country: Germany
Victim Industry: Education
Victim Organization: klax gruppe
Victim Site: klax.de
Alleged login access to Hostinger Webmail
Category: Initial Access
Content: The group claims to have gained unauthorized login access to Hostinger Webmail
Date: 2025-12-29T17:20:27Z
Network: telegram
Published URL: https://t.me/c/2932498194/245
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e4e9786-2451-4f60-adca-1476995535bc.jpg
Threat Actors: V FOR VENDETTA CYBER TEAM
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: hostinger webmail
Victim Site: hostinger.com
Samkee America Inc falls victim to LOCKBIT 5.0 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 20-21 days.
Date: 2025-12-29T17:01:24Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/9720b0bffeadb754d3bcc451fb0e00b7
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee419338-ea9a-4949-b51b-c515ca0f6c93.png
Threat Actors: LOCKBIT 5.0
Victim Country: USA
Victim Industry: Automotive
Victim Organization: samkee america inc
Victim Site: samkee.com
SURFISH TRADE, S.L. falls victim to LOCKBIT 5.0 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and intends to publish it within 16-17 days.
Date: 2025-12-29T16:56:45Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/9b7a5fc1679b154bd866bff68969f5fd
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/82856a7a-5a62-4ef7-b094-b84d7303a612.png
Threat Actors: LOCKBIT 5.0
Victim Country: Spain
Victim Industry: Import & Export
Victim Organization: surfish trade, s.l.
Victim Site: surfishtrade.com
V FOR VENDETTA CYBER TEAM targets the website of giyantie.wordpress.com
Category: Defacement
Content: The group claims to have defaced the website of giyantie.wordpress.com
Date: 2025-12-29T16:51:22Z
Network: telegram
Published URL: https://t.me/c/2932498194/243
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a0909369-7676-4af9-8af2-025376842b6c.png
Threat Actors: V FOR VENDETTA CYBER TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: giyantie.wordpress.com
Alleged login access to University Resource Management portal of ACLEDA University of Business
Category: Initial Access
Content: The group claims to have gained login access to the University Resource Management portal of ACLEDA University of Business
Date: 2025-12-29T16:04:16Z
Network: telegram
Published URL: https://t.me/H3c4kedzHackerGroup/41
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9313ba0-a0c8-440f-86bd-4f65a4441391.jpg
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: acleda university of business
Victim Site: urm.aub.edu.kh
Alleged unauthorized access to the website of Paññāsāstra University of Cambodia
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of Paññāsāstra University of Cambodia
Date: 2025-12-29T15:55:23Z
Network: telegram
Published URL: https://t.me/H3c4kedzHackerGroup/36
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/417771bf-07d5-4b42-b43b-4c23a3b40613.jpg
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: paññāsāstra university of cambodia
Victim Site: puc.edu.kh
Grupo Hafesa victim to Qilin ransomware
Category: Ransomware
Content: The Threat actor claims to have obtained the organisations data.

NB: Grupo Hafesa is an energy trading and logistics group, operating as an integrated organization following the consolidation of its fuel storage, distribution, and hydrocarbons trading activities, and has now rebranded as Haxx Energy.
Date: 2025-12-29T15:37:45Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=dbff4c3e-a9ce-3c72-8f68-8fa02be7cd08
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fbbf7126-14f5-4578-bbf5-85ea1d806620.JPG
Threat Actors: Qilin
Victim Country: Spain
Victim Industry: Oil & Gas
Victim Organization: grupo hafesa
Victim Site: grupohafesa.com

Alleged access to a WESATEC pump and process‑control system
Category: Initial Access
Content: The group claims to have gained unauthorized access to a WESATEC pump and process‑control system associated with the “Straßenmeisterei Niebüll,” a road‑authority facility in Germany.
Date: 2025-12-29T15:27:28Z
Network: telegram
Published URL: https://t.me/zpentestalliance/899
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e443897-0ae3-464b-b5d9-a5dfb979b56e.png
https://d34iuop8pidsy8.cloudfront.net/3289b2aa-8646-418f-b1cc-dcc10b1734a8.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Germany
Victim Industry: Industrial Automation
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Aztec Washer Company
Category: Data Breach
Content: The threat actor claims to have released approximately 5GB of internal and confidential data from Aztec Washer Company.
Date: 2025-12-29T15:22:14Z
Network: openweb
Published URL: https://leakbase.la/threads/aztecwahser-data-breach-leak.47727/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6e22ca79-cbbd-4bf6-b671-e4b3b1b7ab80.png
Threat Actors: CCLand
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: aztec washer company
Victim Site: aztecwasher.com
Alleged Unauthorized Access to TK Luxury Footwear Machinery’s Production Control System
Category: Initial Access
Content: The group claims to have gained unauthorized access to an industrial control system belonging to TK Luxury Footwear Machinery in Italy, providing full control over the production and molding processes for luxury footwear. The exposed system reportedly enables precise regulation and monitoring of molding chamber temperatures, boiler pressure, steam supply, vacuum control, ventilation cycles, and leather-specific programs
Date: 2025-12-29T15:07:02Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3037
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b71dc3b-c053-4b84-8f26-04f82b44e025.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Italy
Victim Industry: Manufacturing
Victim Organization: tk luxury footwear machinery
Victim Site: Unknown
Haxx falls victim to Qilin ransomware
Category: Ransomware
Content: The Threat actor claims to have obtained the organisations data.
Date: 2025-12-29T14:30:18Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=dbff4c3e-a9ce-3c72-8f68-8fa02be7cd08
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fbbf7126-14f5-4578-bbf5-85ea1d806620.JPG
Threat Actors: Qilin
Victim Country: Spain
Victim Industry: Oil & Gas
Victim Organization: haxx
Victim Site: haxx-energy.com
SINTAC Recycling falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-29T14:29:40Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=aaed302b-5da5-312d-af58-22a99f1d3a75
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/173b0f7f-3a22-4fc1-8087-ddc357f1e21f.jpg
Threat Actors: Qilin
Victim Country: Spain
Victim Industry: International Trade & Development
Victim Organization: sintac recycling
Victim Site: sintac.es
Alleged leak of Passports of chinese construction accountants
Category: Data Breach
Content: Threat actor claims to have leaked passports of chinese construction accountants.
Date: 2025-12-29T14:24:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Hot-new-real-chinese-construction-accountants-passport
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/591da929-6e08-4855-b6e9-f97ac53dda0b.png
Threat Actors: kokumo
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of personal data from Germany
Category: Data Breach
Content: Threat actor claims to be selling personal data from Germany, including name, email, data of birth, address, etc.
Date: 2025-12-29T14:19:23Z
Network: openweb
Published URL: https://leakbase.la/threads/new-germany-de-iban-bic-dob-email-fullname-add-tel-database-leak.47721/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a802c70-687d-420b-9252-354ea2aff892.png
Threat Actors: DataBaseClean
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Global panel private bypass android device information
Category: Malware
Content: Threat actor claims to be selling “global panel” offering Android (and iPhone) bypass services, claiming the ability to bypass OTP protections, access WhatsApp accounts, and retrieve device or application data via a private panel.
Date: 2025-12-29T13:59:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Global-panel-private-bypass-android-device-information
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff54c1ff-bb3d-4cf1-8aea-65c5c7f13cc5.png
Threat Actors: Calviora
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to government portals in Indonesia
Category: Initial Access
Content: The group alleges that it has leaked login credentials for Indonesian government portals.
Date: 2025-12-29T13:50:36Z
Network: openweb
Published URL: https://breachforums.bf/Thread-URL-LOGIN-PASS-x2042-logins-go-id-log
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4bcece0e-5446-4836-9a71-e873d64edd61.png
Threat Actors: hannisonntag
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: pastepro.pw
Alleged unauthorized access to IntelX API Backdoor
Category: Initial Access
Content: The threat actor is offering to sell unauthorized access to IntelX API Backdoo
Date: 2025-12-29T13:49:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-%E2%9D%97%EF%B8%8F%E2%9D%97%EF%B8%8F-IntelX-API-Backdoor-Unlimited-Private-Escrow-%E2%9C%85
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f21ba7f4-ff56-4dff-b5f3-9fe2db9a2620.JPG
Threat Actors: reconbug
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Elica India
Category: Data Breach
Content: The threat actor claims to be selling data from Elica India, containing approximately 270,000 records from India, including names, email IDs, passwords, pincodes, cities, and more.
Date: 2025-12-29T13:28:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-myelica-in-Database-India-CVS-SQL-270K-Hash-type-MD5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/614966fc-6c37-4bd1-95db-d2332141bee6.png
https://d34iuop8pidsy8.cloudfront.net/222cb812-ec72-4368-ac97-07a5e63e0293.png
Threat Actors: RainbowBF
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: elica india
Victim Site: myelica.in
Alleged data breach of Rede Nacional de Dados em Saúde
Category: Data Breach
Content: The threat actor claims to have breached 394 GB of data from Rede Nacional de Dados em Saúde, allegedly including sensitive information related to COVID-19 vaccination, such as CPF, CNS, patient name, mother’s name, date of birth, biological sex, phone number and more.
Date: 2025-12-29T13:22:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-BRAZILIAN-COVID-2021-2023-DATABASE–182500
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6874783-0309-473b-b9c3-01530fb1c6ee.JPG
https://d34iuop8pidsy8.cloudfront.net/d486fdb1-695c-4933-a6ba-95a60708013a.JPG
Threat Actors: 0x0day
Victim Country: Brazil
Victim Industry: Information Services
Victim Organization: rede nacional de dados em saúde
Victim Site: Unknown
Alleged data base sale of Dukcapil in Indonesia
Category: Data Breach
Content: The group claims to be selling 5.50GB database of Dukcapil in Indonesia allegedly containing full name, gender, date of birth, telephone number, address, email etc.
Date: 2025-12-29T12:57:55Z
Network: telegram
Published URL: https://t.me/c/3614850505/206
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d94d5bc-2135-4532-bef4-b71fa07ad30c.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
NullSector targets the website of Cckjsx Club
Category: Defacement
Content: The group claims to have defaced the website of Cckjsx Club.
Date: 2025-12-29T12:36:49Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222339
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85dcbd54-240d-45fc-b95d-6a83cc3b5289.png
Threat Actors: NullSector
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: cckjsx club
Victim Site: cckjsx.club
DEFACER INDONESIAN TEAM targets the website of MTs Masalikil Huda
Category: Defacement
Content: The group claims to have defaced the website of MTs Masalikil Huda
Date: 2025-12-29T11:57:42Z
Network: telegram
Published URL: https://t.me/c/2433981896/260
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa6eaac4-2146-4964-8d5f-96a099baa436.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mts masalikil huda
Victim Site: sik.mtsmasalikilhuda.sch.id
Alleged leak of webshell access to physiciansimmigration.com
Category: Initial Access
Content: The group claims to have leaked webshell access to physiciansimmigration.com
Date: 2025-12-29T11:53:00Z
Network: telegram
Published URL: https://t.me/crewcyber/452
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8d856c1-6bed-41f6-98a9-88d58c91722e.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: physiciansimmigration.com
Victim Site: Unknown
Alleged leak of login credentials to Theme Park Tycoon 2 workshop
Category: Initial Access
Content: The group claims to have leaked login credentials to the user registration portal of Theme Park Tycoon 2 workshop.
Date: 2025-12-29T11:38:38Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/455
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/20894076-f37f-4338-84f7-9ba81e902621.png
Threat Actors: Digit_4
Victim Country: USA
Victim Industry: Gaming
Victim Organization: theme park tycoon 2 workshop
Victim Site: themeparktycoon2.com
Alleged unauthorized access to WKW Vorbachmuehle hydroelectric power station in Germany
Category: Initial Access
Content: The group claims to have gained unauthorized access to WKW Vorbachmuehle hydroelectric power station in Germany,
Date: 2025-12-29T11:26:07Z
Network: telegram
Published URL: https://t.me/c/2787466017/1353
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8686bcb1-592a-41f1-89df-297fcb4b4827.jpg
Threat Actors: NoName057(16)
Victim Country: Germany
Victim Industry: Energy & Utilities
Victim Organization: wkw vorbachmuehle
Victim Site: Unknown
Alleged sale of TransUnion database
Category: Data Breach
Content: The threat actor claims to be selling a database containing sensitive personal information belonging to a large number of Canadian citizens. The actor asserts that the data was obtained directly from TransUnion.
Date: 2025-12-29T11:22:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-MULTIPLE-ZIP-ARCHICE-WITH-ALL-COMPLETE-CANADA-CITIZEN-INFO-RIGHT-FROM-TRANSUNION
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7d605cb-43f7-4421-8fdd-1bc5550fc8b2.jpg
Threat Actors: C0D3KXx
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: transunion
Victim Site: transunion.com
404 CREW CYBER TEAM targets the website of Weinstock Immigration Lawyers
Category: Defacement
Content: The group claims to have defaced the website of Weinstock Immigration Lawyers
Date: 2025-12-29T11:16:37Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222332
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ace15e43-ef62-4bb9-8feb-750ea0e8750f.JPG
Threat Actors: 404 CREW CYBER TEAM
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: weinstock immigration lawyers
Victim Site: physiciansimmigration.com
Alleged Sale of Unauthorized Login Access to ThaiCupid
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized login access to Total Access Communication Public Company Limited in Thailand.
Date: 2025-12-29T11:14:35Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/456
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/270815f5-5b74-4003-a364-1db6fedd4183.png
Threat Actors: Digit_4
Victim Country: Australia
Victim Industry: Social Media & Online Social Networking
Victim Organization: thaicupid
Victim Site: thaicupid.com
Nullsec Philippines targets the website of DMITRUC CLUB
Category: Defacement
Content: The group claims to have defaced the website of DMITRUC CLUB
Date: 2025-12-29T11:00:43Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222344
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/429184a3-4900-484e-a16f-96cc001e8f40.jpg
Threat Actors: Nullsec Philippines
Victim Country: Moldova
Victim Industry: Sports
Victim Organization: dmitruc club
Victim Site: dmitruc-club.com
Alleged leak of armurerie slehi
Category: Data Breach
Content: The threat actor leaked data of armurerie slehi.
Date: 2025-12-29T10:58:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-free-leak-armurerie-slehi
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7121c8df-d343-4600-ada5-faf39d6a493b.png
Threat Actors: synko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nullsec Philippines targets the website of Şcoala sportivă specializedă la Taekwondo WTF nr. 6
Category: Defacement
Content: The group claims to have defaced the website of Şcoala sportivă specializedă la Taekwondo WTF nr. 6
Date: 2025-12-29T10:57:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222345
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/19c73d1e-1cb8-4072-a576-2e1b844a1ea3.jpg
Threat Actors: Nullsec Philippines
Victim Country: Moldova
Victim Industry: Education
Victim Organization: şcoala sportivă specializedă la taekwondo wtf nr. 6
Victim Site: sssnr6.md
Nyxentr4 targets the website of Oxygen Sports Club
Category: Defacement
Content: The group claims to have defaced the website of Oxygen Sports Club
Date: 2025-12-29T10:54:13Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222279
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/550204b1-17ed-4b67-9b0f-ecd14405a4c9.JPG
Threat Actors: Nyxentr4
Victim Country: Libya
Victim Industry: Sports
Victim Organization: oxygen sports club
Victim Site: admin.oxygensc.ly
Alleged data breach of Alt DRX
Category: Data Breach
Content: The threat actor claims to have breached data from Alt DRX, compromised data contains email, phone number, name, etc.
Date: 2025-12-29T10:52:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-altdrx-com-32k-users-India
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/096fc402-0ef4-495e-a66f-3bfb680c2488.png
Threat Actors: Epsinos
Victim Country: India
Victim Industry: Real Estate
Victim Organization: alt drx
Victim Site: altdrx.com
Alleged sale of WordPress user accesses
Category: Initial Access
Content: Threat actor claims to be selling access to 275,308 WordPress user accounts.
Date: 2025-12-29T10:43:23Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272891/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f5760d6-7aa1-45f4-ae0d-5fbfa5d0ca6f.png
Threat Actors: Korbian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
INHA UNIVERSITY falls victim to Gunra ransomware
Category: Ransomware
Content: The group claims to have obtained 650 GB of the organization’s data.
Date: 2025-12-29T10:31:20Z
Network: tor
Published URL: http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/789cd665-a5dd-4387-8b7f-78dda2ba8bfb.JPG
Threat Actors: Gunra
Victim Country: South Korea
Victim Industry: Education
Victim Organization: inha university
Victim Site: inha.ac.kr
BontenSec targets the website of Secretaria de Administração e Previdência (SEAD)
Category: Defacement
Content: Group claims to have defaced the website of Secretaria de Administração e Previdência (SEAD).
Date: 2025-12-29T10:28:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222329
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a766875f-0016-4d5a-bb39-37a5b1f4ccbb.png
Threat Actors: BontenSec
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: secretaria de administração e previdência (sead)
Victim Site: imoveis.sead.pi.gov.br
Willowdale Steeplechase falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2025-12-29T10:18:43Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0ef64940-fef4-3369-9b8d-42b88907febd
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/67f5e61c-c1a4-466d-a80f-bb010fadeb7e.jpg
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Events Services
Victim Organization: willowdale steeplechase
Victim Site: willowdalesteeplechase.org
BontenSec targets the website of Novacap – Urban Development Company of the New Capital of Brazil
Category: Defacement
Content: Group claims to have defaced the website of Novacap – Urban Development Company of the New Capital of Brazil.
Date: 2025-12-29T09:39:32Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222331
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1645388-5d5f-48af-ab24-dbbab7d81e86.png
Threat Actors: BontenSec
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: novacap – urban development company of the new capital of brazil
Victim Site: wci.novacap.df.gov.br
BontenSec targets the website of State Department of Education – SEDUC/RO
Category: Defacement
Content: Group claims to have defaced the website of State Department of Education – SEDUC/RO.
Date: 2025-12-29T09:37:48Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222330
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3658ebcf-adc4-48a4-80fa-5da161fe39e4.png
Threat Actors: BontenSec
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: state department of education – seduc/ro
Victim Site: matriculaonline.seduc.ro.gov.br
PAUAT Architekten falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisation’s data and intends to publish them within 2 days.
Date: 2025-12-29T09:30:48Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/pauat/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74308864-620b-43c2-95ac-5c6207b14d61.JPG
Threat Actors: SAFEPAY
Victim Country: Austria
Victim Industry: Architecture & Planning
Victim Organization: pauat architekten
Victim Site: pau.at
Alleged Unauthorized Access to BRETAGNE HUITRES Production Control System in France
Category: Initial Access
Content: The group alleges unauthorized access to BRETAGNE HUITRES Production’s control system, with the deployment of malicious code reportedly resulting in a complete halt of production operations.
Date: 2025-12-29T08:22:21Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3032
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10d84c63-dc84-4192-b106-0214d219052d.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: France
Victim Industry: Food Production
Victim Organization: bretagne huitres
Victim Site: bretagne-huitres.com
NullSector targets the website of Josfra Services LLC
Category: Defacement
Content: The group claims to have defaced the website of Josfra Services LLC
Date: 2025-12-29T08:13:53Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222335
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f062600c-bf02-479b-b9aa-0341e9de3a11.JPG
Threat Actors: NullSector
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: josfra services llc
Victim Site: josfraconstructiongroup.com
m4l1c14 targets the website of University of Cape Town
Category: Defacement
Content: The group claims to have defaced the website of University of Cape Town.
Date: 2025-12-29T08:06:09Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222333
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e551df08-acc6-4cb4-b9be-356beb41baa9.png
Threat Actors: m4l1c14
Victim Country: South Africa
Victim Industry: Education
Victim Organization: university of cape town
Victim Site: ictsapps.uct.ac.za
QATAR911 targets the website of Limitless Fitness
Category: Defacement
Content: The group claims to have defaced the website of Limitless Fitness.
Date: 2025-12-29T08:04:03Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222334
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90f96793-4966-4171-8b79-f821935cce89.png
Threat Actors: QATAR911
Victim Country: USA
Victim Industry: Health & Fitness
Victim Organization: limitless fitness
Victim Site: trainlimitless.fit
NullSector targets the website of TechieSquads
Category: Defacement
Content: The group claims to have defaced the website of TechieSquads
Date: 2025-12-29T07:59:26Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222336
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/49d973f0-3d5d-4472-989f-4d844fd90952.JPG
Threat Actors: NullSector
Victim Country: Canada
Victim Industry: Information Technology (IT) Services
Victim Organization: techiesquads
Victim Site: techiesquads.com
Alleged sale of Albanian mobile phone number
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly containing 16.5 million Albanian mobile phone numbers, HLR-checked in 2025, including operator-identified records from Vodafone and Telekom
Date: 2025-12-29T07:39:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-ALBANIA-16-5-MILLION-MOBILE-NUMBERS-HLR-CHECKED-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/99859348-1678-4992-a8b3-09fe196a0957.png
https://d34iuop8pidsy8.cloudfront.net/09c6e131-5ba7-4080-aa1d-98bc383f20a0.png
Threat Actors: D3f4c3rX
Victim Country: Albania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
GHOSTNET-X targets the website of Siskind Susser
Category: Defacement
Content: The group claims to have defaced the website of Siskind Susser.
Date: 2025-12-29T07:10:24Z
Network: telegram
Published URL: https://t.me/c/3614850505/202
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/20c8a9ad-32c9-4311-a1d5-522259616ead.png
Threat Actors: GHOSTNET-X
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: siskind susser
Victim Site: physiciansimmigration.com
Alleged data breach of Couple
Category: Data Breach
Content: Threat actor claims to have leaked the database of Couple.
Date: 2025-12-29T07:00:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-couple-me-160k-NSFW-Chatbots-AI-Porn-website
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/52215259-a231-4dd5-b9e4-df1ab306eaaf.png
https://d34iuop8pidsy8.cloudfront.net/5725280c-c9df-4e41-9b3b-bda6825551c8.png
Threat Actors: Epsinos
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: couple
Victim Site: couple.me
Alleged data breach of BDSA
Category: Data Breach
Content: Threat actor claims to have leaked the database of BDSA.
Date: 2025-12-29T06:42:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-bdsa-com-620k-US-cannabis-customers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c4ead9d-f0c0-46fd-bc34-9eb3f7777fd6.png
Threat Actors: Epsinos
Victim Country: USA
Victim Industry: Market Research
Victim Organization: bdsa
Victim Site: bdsa.com
Alleged data leak of zagl
Category: Data Breach
Content: Threat actor claims to have leaked the database of zagl. The compromised data reportedly includes email, username, password, phone number, and address.
Date: 2025-12-29T06:28:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-za-gl-1-7M-monetized-short-linking-website
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c58dbeb-2a59-460d-8930-b79f52633df0.png
Threat Actors: Epsinos
Victim Country: India
Victim Industry: Marketing, Advertising & Sales
Victim Organization: zagl
Victim Site: za.gl
Alleged data breach of Motocat.net database
Category: Data Breach
Content: Threat actor claims to have leaked the database of Motocat.net.
Date: 2025-12-29T06:22:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-motocat-net-Database-Spain-120K-CVS-SQL-Format
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2caca19f-9de5-4ced-b147-28a31d988050.png
https://d34iuop8pidsy8.cloudfront.net/08e4f9be-db31-4633-83aa-eda3b01569e0.png
Threat Actors: RainbowBF
Victim Country: Spain
Victim Industry: Automotive
Victim Organization: motocat.net
Victim Site: motocat.net
Alleged data leak of French servers
Category: Data Breach
Content: Threat actor claims to have leaked the database of 5 French organizations.
Date: 2025-12-29T06:07:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-5-french-sql-fiveM-servers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2ed71bab-856f-4ea1-a0bc-5d9ade8f479b.png
Threat Actors: solivann667
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: gta v
Victim Site: Unknown
Alleged sale of database access to Hyundai Ukraine
Category: Data Breach
Content: The threat actor claims to be selling a database containing approximately 129,000 records associated with Hyundai Ukraine (hyundai.com.ua). The dataset appears to include customer, vehicle, and dealership-related information
Date: 2025-12-29T06:03:33Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-hyundai-com-ua-129k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e027d77-79ef-4b7f-85c8-b79744f40013.png
Threat Actors: apt
Victim Country: Ukraine
Victim Industry: Automotive
Victim Organization: hyundai ukraine
Victim Site: hyundai.com.ua
Alleged Sale of Binance User Data
Category: Data Breach
Content: Threat actor claims to be selling a dataset labeled BINANCE 2025 DATA, allegedly containing 28 million records linked to Binance users from the United States and Canada, offered for download in CSV format via a cloud link.
Date: 2025-12-29T05:55:41Z
Network: openweb
Published URL: https://leakbase.la/threads/binance-2025-data.47651/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f22e6e76-63c5-41b4-b616-941de39b2df3.jpeg
Threat Actors: wildplayer
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Italian Ministry of Economy and Finance
Category: Initial Access
Content: Threat actor claims to have gained unauthorized access to the administration panel of Italian Ministry of Economy and Finance.
Date: 2025-12-29T05:49:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Italian-Ministry-of-Economy-and-Finance-PREVIEW
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bb4cb82-c368-4993-9d4b-543b02036775.png
Threat Actors: breach3d
Victim Country: Italy
Victim Industry: Business and Economic Development
Victim Organization: italian ministry of economy and finance
Victim Site: mef.gov.it
NullSector targets the website of Techie Squads
Category: Defacement
Content: Group claims to have defaced the website of Techie Squads
Date: 2025-12-29T05:47:55Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222336
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a756ec2-dbc9-4d93-be23-db91396f3b25.png
Threat Actors: NullSector
Victim Country: Canada
Victim Industry: Consumer Services
Victim Organization: techie squads
Victim Site: techiesquads.com
Alleged sale of Al-Nassr FC & Asian Football Confederation (AFC) databases
Category: Data Breach
Content: The threat actor claims to be selling two exclusive datasets related to Al-Nassr FC and the Asian Football Confederation (AFC). The alleged data includes confidential club documents and large-scale Asian football personnel records spanning multiple countries across Asia.
Date: 2025-12-29T05:42:40Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-ASIA-AL-NASSR-FC-ASIA-Players-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/14489f45-9891-4571-923d-065b2e623629.png
https://d34iuop8pidsy8.cloudfront.net/ff93b6cc-474a-40e0-a3e8-0b83aaf393d9.png
Threat Actors: Demetrius
Victim Country: Saudi Arabia
Victim Industry: Sports
Victim Organization: al-nassr football club
Victim Site: alnassr.sa
Alleged data breach of Thor Airlines
Category: Data Breach
Content: Threat actor claims to have leaked the database of Thor Airlines.
Date: 2025-12-29T05:40:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-THOR-AIRLINES-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc859157-10bf-4548-98e3-bbe8e04784db.png
Threat Actors: breach3d
Victim Country: Spain
Victim Industry: Airlines & Aviation
Victim Organization: thor airlines
Victim Site: thorairlinesva.es
Alleged data breach of Tribunal de Justicia Administrativa de Querétaro
Category: Data Breach
Content: Threat actor claims to have compromised and leaked a full SQL database allegedly belonging to the Tribunal de Justicia Administrativa de Querétaro, with the data reportedly sourced from a WordPress environment.
Date: 2025-12-29T05:34:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-MX-Tribunal-de-Justicia-Administrativa-de-Quer%C3%A9taro
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f63a6e4d-26cf-4940-bb92-a96afa05dca8.png
Threat Actors: breach3d
Victim Country: Mexico
Victim Industry: Judiciary
Victim Organization: tribunal de justicia administrativa de querétaro
Victim Site: tjaqueretaro.gob.mx
Apc home health service Inc falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained 1 TB of the organization’s data and intends to publish them within 9-10 days.
Date: 2025-12-29T05:24:49Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e8c76d5-0f4b-4286-ac37-1571cd066e2b.png
Threat Actors: Nova
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: apc home health service inc
Victim Site: apchh.com
Alleged data breach of Grenoble Ecole de Management
Category: Data Breach
Content: The threat actor claims to be selling a database belonging to Grenoble Ecole de Management, containing subscriber and prospect identifiers, email addresses, phone numbers, IP data, personal and academic details, professional information, event participation records, and internal marketing segmentation data.
Date: 2025-12-29T05:18:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Grenoble-Ecole-De-Management-448k–182547
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/57762029-51e5-44dc-9ab1-2bf0b28edad8.png
https://d34iuop8pidsy8.cloudfront.net/c1568c60-abc2-48c7-82c8-15da4e3716a2.png
Threat Actors: czx
Victim Country: France
Victim Industry: Education
Victim Organization: grenoble ecole de management
Victim Site: grenoble-em.com
Alleged Leak of French Ministry of Agriculture Data
Category: Data Breach
Content: A threat group claims to have leaked ~60.9GB of data belonging to France’s Ministry of Agriculture, including FTP lists, SQL files, application data, and internal logs from multiple departments.
Date: 2025-12-29T05:15:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-60-9GO-DATA-OF-FRENCH-MINISTRY-OF-AGRICULTURE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f0efcdd-59a8-4112-a97e-4e7df2c3b23d.png
Threat Actors: LAPSUS$ GROUP.
Victim Country: France
Victim Industry: Agriculture & Farming
Victim Organization: ministry of agriculture
Victim Site: agriculture.gouv.fr
Alleged access to Office of the Council of Ministers
Category: Initial Access
Content: The group claims to have gained access to Office of the Council of Ministers.
Date: 2025-12-29T04:32:13Z
Network: telegram
Published URL: https://t.me/H3c4kedzHackerGroup/27
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6429a9f9-e20a-422e-a8ff-b6987fe2e664.png
Threat Actors: H3C4KEDZ
Victim Country: Cambodia
Victim Industry: Government Administration
Victim Organization: office of the council of ministers
Victim Site: ocm.gov.kh
NullSector targets the website of 2K Threads
Category: Defacement
Content: The group claims to have defaced the website of 2K Threads
Date: 2025-12-29T04:25:34Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222337
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25eb88d9-bb08-4136-b3a0-e0be55b37f76.png
Threat Actors: NullSector
Victim Country: Australia
Victim Industry: E-commerce & Online Stores
Victim Organization: 2k threads
Victim Site: 2kthreads.com.au
BontenSec targets the website of Companhia Urbanizadora da Nova Capital do Brasil
Category: Defacement
Content: Group claims to have defaced the website of Companhia Urbanizadora da Nova Capital do Brasil.
Date: 2025-12-29T04:25:02Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222331
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40af1060-4e82-4f22-b579-b06e718b476f.png
Threat Actors: BontenSec
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: companhia urbanizadora da nova capital do brasil
Victim Site: wci.novacap.df.gov.br
Alleged data breach of Itemsatis.com
Category: Data Breach
Content: The threat actor claims to have compromised itemsatis.com and gained unauthorized access to its systems.
Date: 2025-12-29T04:24:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-www-itemsatis-com-Hacked-Full-Database-Coming-Soon
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9334cd60-d80d-4179-abbd-49fb3e23ac1a.png
Threat Actors: itemsatis
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: itemsatis
Victim Site: itemsatis.com
NullSector targets the website of mydivineorders.com
Category: Defacement
Content: The group claims to have defaced the website of mydivineorders.com
Date: 2025-12-29T04:16:04Z
Network: openweb
Published URL: https://defacer.id/mirror/id/222338
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/757013a3-72e7-415f-8e14-c6bab7d3f70f.png
Threat Actors: NullSector
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mydivineorders.com
Alleged sale of AV Killed Loads
Category: Malware
Content: Threat actor claims to be selling Windows-based initial access in the form of “clean” Windows 11 installations with administrator privileges and AV/EDR reportedly disabled, priced by geographic region (US, CA, EU, AU). The service explicitly bans ransomware use, suggesting the access is intended for stealers, loaders, and fraud-related malware activity rather than ransomware operations.
Date: 2025-12-29T04:03:06Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272882/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cc1d1b5-e5e3-4a2f-a1b2-193a6b444f28.png
Threat Actors: yayo
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of CARGER (Light HVNC / Stealer)
Category: Malware
Content: Threat actor claims to be selling CARGER (v4.5), a Windows-based information stealer marketed as a Light HVNC / Stealer. The malware focuses on browser session hijacking, credential theft, crypto wallet theft, and developer credential harvesting, enabling account takeover and crypto fraud, including MFA bypass via stolen cookies and tokens.
Claims of advanced features such as HVNC interaction, kernel-level persistence, and real-time web injects are unverified.
Date: 2025-12-29T03:44:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272884/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd52b9ea-18f2-4583-97af-ea24dd5b049e.png
https://d34iuop8pidsy8.cloudfront.net/591d14cc-5da0-4c1b-854c-889e812615a7.png
Threat Actors: ransomcharger
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indian Air Force / Indian Army sensitive database
Category: Data Breach
Content: Threat actor claims to have leaked a database linked to the Indian Air Force and Army, allegedly containing sensitive military information, including aircraft positions and aviation-related operational data.
Date: 2025-12-29T03:27:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-INDIAN-ARMY-AIRFORCE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/825726fd-4849-4efe-96c1-b58a4e27de12.png
Threat Actors: breach3d
Victim Country: India
Victim Industry: Military Industry
Victim Organization: indian air force
Victim Site: indianairforce.nic.in
Alleged sale of unauthorized administrative access to Babylicio
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to the babylicio.us.
Date: 2025-12-29T03:22:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-USA-Website-babylicio-us-admin-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/06744fb4-ab28-45d2-a2e7-3f2cc5548fa3.png
Threat Actors: blackwinter99
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: babylicio
Victim Site: babylicio.us
Omrania falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained 400 GB of organization’s data. The data includes confidential documents, clients information, NDAs, financial information, operational information, corporate data, business agreements, and technology-related data
Date: 2025-12-29T02:44:45Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6951d5bebe52b3ea15c01483
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47a79b5a-9e29-4c9a-adde-1b3644f9fa3f.png
https://d34iuop8pidsy8.cloudfront.net/7e38849e-8667-45c8-b0dd-76b7ef833dc2.png
https://d34iuop8pidsy8.cloudfront.net/551853b6-2c13-4add-b5ce-e4e185b0597e.png
Threat Actors: INC RANSOM
Victim Country: Saudi Arabia
Victim Industry: Architecture & Planning
Victim Organization: omrania
Victim Site: omrania.com
Alleged sale of Europages Belgium database
Category: Data Breach
Content: The threat actor claims to be selling a database of Europages Belgium. The database reportedly contains approximately 53,000 records, including full names, company/society names, phone numbers, physical addresses, and additional business-related information
Date: 2025-12-29T02:27:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Europages-Belgium-DATABASE-53K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22024393-3be0-48c4-b7c9-4eb93b1fcdde.png
Threat Actors: selluk
Victim Country: Belgium
Victim Industry: Business and Economic Development
Victim Organization: europages belgium
Victim Site: europages.com
Alleged sale of FR.KOMPASS.COM database
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly associated with Kompass France (fr.kompass.com).
Date: 2025-12-29T01:42:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FR-KOMPASS-COM-613K-French-site
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88c04ba6-7583-4aa1-9183-39a6f9da84f2.png
Threat Actors: selluk
Victim Country: France
Victim Industry: Business and Economic Development
Victim Organization: kompass france
Victim Site: fr.kompass.com
Alleged leak of Footlocker.fr customer database
Category: Data Breach
Content: Threat actor claims to have leaked a database allegedly belonging to Footlocker France, containing customer PII such as names, emails, phone numbers, order details, and payment methods, with samples publicly shared for verification.
Date: 2025-12-29T00:37:33Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DATABASE-FOOTLOCKER-FR-BREACH-BY-Ryan-17-le-keyser-en-bio-17-27-12-25
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11f78caf-687d-4ea9-8374-015e60228ed7.png
Threat Actors: Ryan
Victim Country: France
Victim Industry: Fashion & Apparel
Victim Organization: foot locker
Victim Site: footlocker.fr
Alleged sale of unauthorized access to an unidentified Office Supplies in Singapore
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to an office supplies business based in Singapore. The listing advertises database and shell access to a system running on a custom CMS, suggesting potential initial access broker (IAB) activity.
Date: 2025-12-29T00:28:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/272881/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7d968d0-75c4-48fc-b6ae-e1bc762df5c6.png
Threat Actors: rassvettt
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown