[December-4-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. KAL EGY 319 claims to target Egypt

• Category: Alert
• Content: A recent post by the group indicates that they are targeting Egypt.
• Date: 2025-12-04T23:12:56Z
• Network: telegram
• Published URL: https://t.me/KALOSHA319/116
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b3f94577-9309-4641-aee9-294b8f52833e.png
  • Threat Actors: KAL EGY 319
• Victim Country: Egypt
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

2. Alleged Sale of Data from N26 Bank in Spain

• Category: Initial Access
• Content: Threat Actor claims to be selling access to accounts in N26 Bank, Spain.
• Date: 2025-12-04T22:44:28Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271376/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c4a7ffe3-efbb-4827-a8a3-d96ec54089c7.png
  • Threat Actors: malloy05
• Victim Country: Spain
• Victim Industry: Banking & Mortgage
• Victim Organization: n26 bank
• Victim Site: n26.com

3. Alleged Sale of Data from OpenBank in Spain

• Category: Initial Access
• Content: Threat Actor claims to be selling access to accounts in OpenBank, Spain.
• Date: 2025-12-04T22:44:08Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271376/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0d9cd168-3072-479a-937c-80e976298742.png
  • Threat Actors: malloy05
• Victim Country: Spain
• Victim Industry: Banking & Mortgage
• Victim Organization: openbank
• Victim Site: openbank.es

4. Smith Fire Systems falls victim to ANUBIS Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s sensitive internal data and intends to publish it within 7 days.
• Date: 2025-12-04T22:38:38Z
• Network: tor
• Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/itiMNEaqIzF+TztOO2DcLoFm3nyiKvNtShcERTuMGp9UP7dVuEOqRN4UpOUqZvb0pBslovBGfrPQhZo80mdIMGxWemZh
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9f856100-b995-48df-b55d-6d377adbddd4.png
  • Threat Actors: ANUBIS
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: smith fire systems
• Victim Site: smithfire.com

5. Chronus leaks targets the website of Hermosillo budget transparency Portal

• Category: Defacement
• Content: The group claims to have defaced the website of Hermosillo budget transparency Portal.
• Date: 2025-12-04T22:23:47Z
• Network: telegram
• Published URL: https://t.me/c/3211040888/208
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/78a85cf5-b09e-4ed0-ab24-1db197b1dce1.png
  • Threat Actors: Chronus leaks
• Victim Country: Mexico
• Victim Industry: Government & Public Sector
• Victim Organization: hermosillo budget transparency portal
• Victim Site: transparenciapresupuestaria.hermosillo.gob.mx

6. Alleged Data Breach of OpenBank in Spain

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of OpenBank in Spain.
• Date: 2025-12-04T22:17:05Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271376/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0d9cd168-3072-479a-937c-80e976298742.png
  • Threat Actors: malloy05
• Victim Country: Spain
• Victim Industry: Banking & Mortgage
• Victim Organization: openbank
• Victim Site: openbank.es

7. Alleged Data Breach of N26 Bank in Spain

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of N26 Bank in Spain.
• Date: 2025-12-04T22:12:57Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271376/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c4a7ffe3-efbb-4827-a8a3-d96ec54089c7.png
  • Threat Actors: malloy05
• Victim Country: Spain
• Victim Industry: Banking & Mortgage
• Victim Organization: n26 bank
• Victim Site: n26.com

8. Alleged Data Breach of 6000 Global Mail Exchange Accounts

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of 6000 Global Mail Exchange Accounts.
• Date: 2025-12-04T22:05:58Z
• Network: openweb
• Published URL: https://leakbase.la/threads/6k-gmx-net.46824/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/74153173-9178-452a-ad78-b3ec450e9b57.png
  • Threat Actors: DOYTOS
• Victim Country: Germany
• Victim Industry: Network & Telecommunications
• Victim Organization: global mail exchange
• Victim Site: gmx.net

9. Alleged data leak of Clinisys

• Category: Data Breach
• Content: The group claims to have leaked data from Clinisys. The compromised data reportedly includes doctors’ names with their personal details, birth records, control of medical radio equipment, complete room camera recordings, and all sensitive data.
• Date: 2025-12-04T22:05:05Z
• Network: telegram
• Published URL: https://t.me/firewirBackupChannel/192
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/48f334f4-64be-4cad-9bc5-9df2f4b72dde.png
  • https://d34iuop8pidsy8.cloudfront.net/649ecbd6-4873-45d0-a7e5-7f208e46d546.png
  • Threat Actors: Fire Wire
• Victim Country: Tunisia
• Victim Industry: Information Technology (IT) Services
• Victim Organization: clinisys
• Victim Site: csys.com.tn

10. Alleged Data leak of Statement of Assets and Interests

• Category: Data Breach
• Content: The group claims to have leaked data from Statement of Assets and Interests. The compromised data reportedly includes id, institution, type, interest, general Data, name, email, location, date of taking office, Phone, address, federal Entity, economic Dependent, investments etc.
• Date: 2025-12-04T21:38:46Z
• Network: telegram
• Published URL: https://t.me/c/3211040888/205
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a8fbb55c-9a5e-4946-bfd9-471633ca2940.png
  • Threat Actors: Chronus leaks
• Victim Country: Mexico
• Victim Industry: Government Relations
• Victim Organization: statement of assets and interests
• Victim Site: declaracion.tehuacan.gob.mx

11. Alleged Data Breach of Eatwallet

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of Eatwallet.
• Date: 2025-12-04T20:21:14Z
• Network: tor
• Published URL: http://763olyp74dxnq4wrzukk3dde6ffahxxjzealf3bzvdoyd7tptksxiiad.onion/Thread-SQL-merchant-eatwallet-com-database
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/99907960-f703-42f1-ad27-9e94a5c8d15e.png
  • Threat Actors: 222
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: eatwallet
• Victim Site: merchant.eatwallet.com

12. Alleged admin access to Wage Earners Welfare Board

• Category: Initial Access
• Content: The group claims to have gained admin access to Wage Earners Welfare Board. The compromised data reportedly includes Complete list of users in the admin system, All administrative accounts, including primary admin accounts.
• Date: 2025-12-04T20:17:58Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/332
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9a0751f6-7df9-4fb0-b458-27aca2107eb7.png
  • https://d34iuop8pidsy8.cloudfront.net/108e2310-71e1-4a97-a053-5bfa558f780b.png
  • Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Government Relations
• Victim Organization: wage earners welfare board
• Victim Site: wewb.gov.bd

13. Alleged data leak of Shahid Sani School

• Category: Data Breach
• Content: The group claims to have gained access to Shahid Sani School, defaced its website, and leaked database records containing confidential information.
• Date: 2025-12-04T20:12:58Z
• Network: telegram
• Published URL: https://t.me/Legion_offlcail/659
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a1aec72f-be94-4368-8414-3a0a2bb17d9b.png
  • https://d34iuop8pidsy8.cloudfront.net/8ac8149c-bd11-4850-ae2d-f56c937fea75.png
  • https://d34iuop8pidsy8.cloudfront.net/d688cef5-a62b-454f-82bf-0e8f4dbc29b8.png
  • Threat Actors: Legion
• Victim Country: Iran
• Victim Industry: Education
• Victim Organization: shahid sani school
• Victim Site: sanischool.ir

14. Alleged Sale of Pakistan Database

• Category: Data Breach
• Content: The threat actor claims to be selling a Pakistan database that contains compromised data, including email addresses, cities, fax numbers, billing first and last names, mobile numbers, ZIP codes, states/provinces, addresses, phone numbers, and more.
• Date: 2025-12-04T19:55:24Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Pakistan-Database
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c582a84b-ae86-4f36-86f2-97e648b5169f.png
  • Threat Actors: fuckoverflow
• Victim Country: Pakistan
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

15. Z-PENTEST ALLIANCE claims to targets Netherlands

• Category: Alert
• Content: A recent post by the group indicates that they are accessed to an CCTV camera in Netherlands
• Date: 2025-12-04T19:36:40Z
• Network: telegram
• Published URL: https://t.me/zpentestalliance/802
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d51be350-ea42-4fb9-9537-518de42b5bd6.png
  • Threat Actors: Z-PENTEST ALLIANCE
• Victim Country: Netherlands
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

16. Alleged data breach of Bangladesh Meteorological Department

• Category: Data Breach
• Content: The group claims to have leaked data from the Bangladesh Meteorological Department. The compromised data reportedly includes the complete user database, information on weather station operators, meteorological data from global stations used for weather data verification, and the management data related to climate and agricultural systems.
• Date: 2025-12-04T19:36:00Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/331
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9d7f2522-52bd-4576-98ab-b98d696e2a64.png
  • https://d34iuop8pidsy8.cloudfront.net/1e03cad4-b379-4e50-b000-00c97a59bd38.png
  • Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Government Administration
• Victim Organization: bangladesh meteorological department
• Victim Site: bmd.gov.bd

17. Alleged Sale of Poland Database

• Category: Data Breach
• Content: The threat actor claims to be selling a Poland database that contains compromised data, including customer names, email addresses, passwords, birthdays, security keys, notes, and more.
• Date: 2025-12-04T19:24:50Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Poland-Database
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/df6fa4e3-aa94-4a3f-8d14-3a27dab663c9.png
  • Threat Actors: fuckoverflow
• Victim Country: Poland
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

18. Kana Pipeline, Inc. falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 450 GB of the organization’s sensitive data
• Date: 2025-12-04T19:19:05Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6223be28-e1af-395e-840d-c9116680adc4
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/07a2d310-f94d-45c1-9137-b79a97b99358.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: kana pipeline, inc.
• Victim Site: kanapipeline.com

19. Alleged data breach of Habibullah Bahar College

• Category: Data Breach
• Content: The Group claims to have breached data from Habibullah Bahar College.
• Date: 2025-12-04T19:12:58Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/338
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/995f1077-c3e6-46db-a0a7-11f9f1818f00.png
  • Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Education
• Victim Organization: habibullah bahar college
• Victim Site: hbuc.edu.bd

20. Alleged data sale of Instituto Nacional de Migración (INM)

• Category: Data Breach
• Content: The threat actor claims to be selling 42.5 GB of data, which includes more than 250,000 foreign passports mostly Colombian. The leak reportedly contains passports from countries such as Ecuador, Peru, Honduras, Costa Rica, Venezuela, Spain, Cuba, and Colombia, with approximately 85% of them belonging to Colombian citizens.
• Date: 2025-12-04T18:49:43Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Document-FOR-SALE-250K-foreign-passports-from-Mexico-s-INM-Instituto-Nacional-de-Migraci%C3%B3n
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/94d3864b-501c-43ef-bc9e-684dbbb04bda.png
  • https://d34iuop8pidsy8.cloudfront.net/3b4a97a7-5afc-447b-8202-ac2d13f1052d.png
  • Threat Actors: HvcKMvsoneria33
• Victim Country: Colombia
• Victim Industry: Government Administration
• Victim Organization: instituto nacional de migración (inm)
• Victim Site: gob.mx/inm

21. Alleged Data Leak of 3000 Credit Card Records in USA

• Category: Data Breach
• Content: Threat Actor claims to have leaked the database of 3000 credit card records in USA which includes details such as CC number, expiration month and year, CVV, full name, address, city, state, ZIP code, phone number, email, country, and IP address.
• Date: 2025-12-04T18:40:49Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271364/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/71d8166f-9636-44b2-983e-90940b040b5d.png
  • Threat Actors: XDev
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

22. Alleged Data Leak of Board of Intermediate & Secondary Education

• Category: Data Breach
• Content: The Group claims to have leaked the organization’s data.
• Date: 2025-12-04T18:33:56Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/334
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/73022a84-b83d-4f70-a07b-69b88d1e9580.png
  • Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Education
• Victim Organization: board of intermediate & secondary education
• Victim Site: barisalboard.gov.bd

23. Alleged Sale of Unauthorized Web Shell Access to Government Educational Servers in Pakistan and Greece

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized web shell access to government educational servers in Pakistan and Greece.
• Date: 2025-12-04T18:23:53Z
• Network: openweb
• Published URL: https://leakbase.la/threads/our-gov-edu-pk-gr-shell-sales-have-started.46818/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d03e04d9-b139-46b5-8c41-d8b7d5118259.png
  • Threat Actors: songsterzu
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

24. Alleged Sale of 100 ThePirateBay Torrent Accounts

• Category: Data Breach
• Content: Threat Actor claims to be selling 100 ThePirateBay Torrent Accounts which includes include the ability to upload content.
• Date: 2025-12-04T18:04:34Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271341/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c30fcfc6-40b6-4d0f-9a2d-09b03c3bdd9a.png
  • Threat Actors: Febiven
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

25. Alleged access to Bangladesh Small and Cottage Industries Corporation

• Category: Initial Access
• Content: The group claims to have gained access to Bangladesh Small and Cottage Industries Corporation.
• Date: 2025-12-04T18:01:23Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/333
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d6ee3c42-94f9-46f1-b727-7667eabbc391.png
  • https://d34iuop8pidsy8.cloudfront.net/e251ad68-8ab2-439b-8c99-e4013eba6ee6.png
  • Threat Actors: jokeir 07x
• Victim Country: Bangladesh
• Victim Industry: Government Administration
• Victim Organization: small and cottage industries corporation
• Victim Site: bscic.gov.bd

26. Alleged Sale of Unauthorized Monsta FTP Access

• Category: Initial Access
• Content: Threat Actor claims to be selling unauthorized Monsta FTP Access, providing public access to multiple compromised servers via webshell URLs.
• Date: 2025-12-04T17:40:57Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271357/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/17f9250d-5361-400f-8173-ed07edd6385d.png
  • Threat Actors: Mr.Fresh
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

27. Alleged Sale of Vietnam Database

• Category: Data Breach
• Content: The threat actor claims to be selling Vietnam Database.
• Date: 2025-12-04T17:40:26Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Vietnam-Database
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b5a86471-cd70-4f0e-bbb7-dfed9964ceb5.png
  • Threat Actors: fuckoverflow
• Victim Country: Vietnam
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

28. Medisend College of Biomedical Engineering Technology falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 303 GB of the organization’s internal data.
• Date: 2025-12-04T17:39:35Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=63464cfe-2d0f-332b-b13b-ec61c983e91f
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a5538991-97db-49f8-8d73-1e6f08c29e57.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Education
• Victim Organization: medisend college of biomedical engineering technology
• Victim Site: medisend.org

29. Alleged access to Industrial Automation Plant ELTA

• Category: Initial Access
• Content: The group claims to have gained full access to the equipment developer, Zakład Automatyki Przemysłowej “ELTA,” in an industrial boiler house in Poland. They can manage all parameters: temperature, pressure, fuel supply, auger and pump operation, ventilation, and alarms.
• Date: 2025-12-04T17:01:13Z
• Network: telegram
• Published URL: https://t.me/zpentestalliance/801
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e02b2a50-a9b3-43f9-8213-83aaff739623.png
  • https://d34iuop8pidsy8.cloudfront.net/25b49896-d18e-4052-8bd4-48c98a1d6493.png
  • Threat Actors: Z-PENTEST ALLIANCE
• Victim Country: Poland
• Victim Industry: Industrial Automation
• Victim Organization: elta
• Victim Site: elta.com.pl

30. The Minor Firm falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 63 GB of the organization’s confidential data, including client and employee personal information, court documents, police reports with photos, other legal files, and financial records.
• Date: 2025-12-04T16:56:25Z
• Network: tor
• Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ba9c8d94-0a9e-489d-b7a6-96363cd5f5aa.png
  • Threat Actors: akira
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: the minor firm
• Victim Site: minorfirm.com

31. ABC Home & Commercial Services falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 24 GB of the organization’s confidential data, including employee personal records, financial information, contracts and agreements, etc.
• Date: 2025-12-04T16:40:16Z
• Network: tor
• Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/3ad0ecb1-9bbc-406c-beae-ccd73ae9b8fb.png
  • Threat Actors: akira
• Victim Country: USA
• Victim Industry: Consumer Services
• Victim Organization: abc home & commercial services
• Victim Site: abchomeandcommercial.com

32. scattered LAPSUS$ hunters 7.0 targets IAG

• Category: Alert
• Content: The group threatens to crash planes owned by IAG, directly referencing the POTUS, unless an individual identified as “Connor Moucka” is released within 24 hours from SeaTac.
• Date: 2025-12-04T16:36:37Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/927
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5fb7b67e-2af5-4324-860a-3ed132c30028.png
  • Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

33. scattered LAPSUS$ hunters 7.0 claims to target flight ticketing data from multiple airlines

• Category: Alert
• Content: The group claims that they stolen 800 million european flight ticketing data from multiple airlines.
• Date: 2025-12-04T15:15:58Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/930
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ea1571bd-f02c-4c63-998e-ec89de417d65.png
  • Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: Unknown
• Victim Industry: Airlines & Aviation
• Victim Organization: Unknown
• Victim Site: Unknown

34. Espaço Casa falls victim to Qilin Ransomware

• Category: Ransomware
• Content: Group claims to have obtained the organization’s data and sample screenshots are provided on their dark web portal.
• Date: 2025-12-04T14:24:58Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=919d2440-cefc-30da-b398-06eb05f076ab
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5f6d684e-62c5-467e-8889-3c209d217135.jpg
  • https://d34iuop8pidsy8.cloudfront.net/49021850-1f76-4ac9-b623-0eee19679eed.jpg
  • Threat Actors: Qilin
• Victim Country: Brazil
• Victim Industry: Retail Industry
• Victim Organization: espaço casa
• Victim Site: espacocasa.com

35. Scientology falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data.
• Date: 2025-12-04T14:14:13Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9043bb8a-bdc7-365d-b2d1-f59ab268c2d9
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f13ead46-5f10-4e91-9355-3a99a3e4462d.png
  • https://d34iuop8pidsy8.cloudfront.net/de0703f2-90a1-4fa9-b2ec-9a29831ec4ae.png
  • https://d34iuop8pidsy8.cloudfront.net/e4c88b01-a444-42f6-9bca-86a001a4db6b.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Religious Institutions
• Victim Organization: scientology
• Victim Site: scientology.org

36. scattered LAPSUS$ hunters 7.0 claims to target Marc Benioff

• Category: Alert
• Content: The group claims to target Marc Benioff, he is the Chief Executive Officer of Salesforce.
• Date: 2025-12-04T14:12:21Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/917
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/2949c048-e9fc-43c6-b1b8-19a9d473f7ab.png
  • Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

37. Alleged data sale of ThankQ Camping

• Category: Data Breach
• Content: The threat actor claims to have breached data from ThankQ Camping, allegedly including source codes.
• Date: 2025-12-04T14:05:36Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Source-Code-ThankQCamping-Data-Breach-Leaked-Download
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d41bb7e1-68ee-4e86-af72-59ee0070c5f1.jpeg
  • Threat Actors: 888
• Victim Country: South Korea
• Victim Industry: Leisure & Travel
• Victim Organization: thankq camping
• Victim Site: m.thankqcamping.com

38. jokeir 07x claims to target Tunisia

• Category: Alert
• Content: A recent post by the group indicates that they are targeting Tunisia
• Date: 2025-12-04T13:34:23Z
• Network: telegram
• Published URL: https://t.me/DarK07xxxxxxx/326?single
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/8c456a8b-63fc-4533-98f0-d2674b4d0780.jpg
  • Threat Actors: jokeir 07x
• Victim Country: Tunisia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

39. Institutional & Supermarket Equipment falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data.
• Date: 2025-12-04T13:23:52Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=fc276a77-9abf-3d6e-9f8e-2f14a9d3eaf1
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5b134025-7482-4652-a1d7-1cf46a826016.jpg
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: institutional & supermarket equipment
• Victim Site: iseinc.org

40. Alleged Sale of a 0-day Linux Kernel LPE exploit

• Category: Vulnerability
• Content: The threat actor claims to be selling a local privilege escalation (LPE) 0-day exploit for the Linux kernel.
• Date: 2025-12-04T13:23:12Z
• Network: openweb
• Published URL: https://xss.pro/threads/144615/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/563f776d-b69e-4377-a441-d6443c84bf9a.png
  • Threat Actors: zeroplayer
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

41. Peter Meijer Architect, PC falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data.
• Date: 2025-12-04T13:22:30Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b5a85926-4168-3cf3-a434-f84edc347f6f
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/80643759-342a-4fc5-bd79-03ecee7ce338.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Architecture & Planning
• Victim Organization: peter meijer architect, pc
• Victim Site: pmapdx.com

42. McManes Law falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data.
• Date: 2025-12-04T13:19:46Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4d5e0c8f-4b8a-3e4c-afd0-385f24c739ef
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/19a6d598-56e1-4aff-b0d8-342d270cc0e1.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: mcmanes law
• Victim Site: mcmaneslaw.com

43. Alleged data breach of Sprih

• Category: Data Breach
• Content: The threat actor claims to have breached data from Sprih. The compromised data reportedly includes a collection of stolen source codes.
• Date: 2025-12-04T13:16:22Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Source-Code-Sprih-Data-Breach-Leaked-Download
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/02cd2ea7-0ec8-43db-8bf8-576d5ce8b5fa.png
  • https://d34iuop8pidsy8.cloudfront.net/10a2c15d-1b90-447d-9185-a046f97636c3.png
  • Threat Actors: 888
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: sprih
• Victim Site: sprih.com

44. Maset falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 17 GB data from the organization.
• Date: 2025-12-04T13:14:14Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b14c2305-89a3-3a6f-8e14-6df4a9fc9368
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/25ad81e0-012e-4b96-b7a3-ba9a9c2b9cb4.jpg
  • Threat Actors: Qilin
• Victim Country: Spain
• Victim Industry: Food & Beverages
• Victim Organization: maset
• Victim Site: maset.com

45. Alleged data leak of KhDiaMonD

• Category: Data Breach
• Content: The group claims to have leaked data from KhDiaMonD.
• Date: 2025-12-04T12:51:09Z
• Network: telegram
• Published URL: https://t.me/h3c4kedzsec_official/114
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6cc2601a-b689-4eca-914e-740d1a35ff70.png
  • Threat Actors: H3C4KEDZ
• Victim Country: Cambodia
• Victim Industry: Motion Pictures & Film
• Victim Organization: khdiamond
• Victim Site: khdiamond.net

46. SSP Innovations, LLC falls victim to LYNX Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s internal data.
• Date: 2025-12-04T12:37:30Z
• Network: tor
• Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/692889ce2423bc3ce0ceb5d2
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/8a052bff-7fb8-4ad8-80ac-9536728ef8f4.png
  • Threat Actors: LYNX
• Victim Country: USA
• Victim Industry: Energy & Utilities
• Victim Organization: ssp innovations, llc
• Victim Site: sspinnovations.com

47. Alleged data breach of Poloniex

• Category: Data Breach
• Content: The group claims to have selling the databases of Poloniex. The compromised data includes email, ip, phone number etc.
• Date: 2025-12-04T11:15:11Z
• Network: telegram
• Published URL: https://t.me/c/2785472438/2740
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/86a89f7f-9ee7-4963-b1b2-d2ebb4d0d831.jpg
  • Threat Actors: 0DD1C4
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: poloniex
• Victim Site: poloniex.com

48. Alleged leak of cpanel access to hari.fr.planethoster.net

• Category: Initial Access
• Content: The group claims to have leaked access to hari.fr.planethoster.net
• Date: 2025-12-04T10:56:27Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/77edaba6-ed43-4d6a-bfae-c27516bfc0d7.png
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: hari.fr.planethoster.net

49. Alleged leak of cpanel access to 3 Kumbara

• Category: Initial Access
• Content: The group claims to have leaked access to 3 Kumbara.
• Date: 2025-12-04T10:49:50Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e5e2323e-04a3-4ad7-a659-ef8ca93faa30.png
  • Threat Actors: HellR00ters Team
• Victim Country: Turkey
• Victim Industry: Education
• Victim Organization: 3 kumbara
• Victim Site: 3kumbara.com

50. Pioneer Ocean Freight Co., Ltd. falls victim to NightSpire ransomware

• Category: Ransomware
• Content: The group claims to have obtained 5 GB of the organization’s data.
• Date: 2025-12-04T10:49:06Z
• Network: tor
• Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/details/92.th.pioneergroup
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6f162c71-6d01-4c3d-83d8-a2d6b2b6e0bb.jpg
  • Threat Actors: NightSpire
• Victim Country: Thailand
• Victim Industry: Transportation & Logistics
• Victim Organization: pioneer ocean freight co., ltd.
• Victim Site: pioneergroup.in.th

51. Alleged leak of access to Mr Sem Agency

• Category: Initial Access
• Content: The group claims to have leaked access to Mr Sem Agency
• Date: 2025-12-04T10:48:11Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/398
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/49dd6efd-b88d-4a00-87b2-a1be18f1989f.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: mr sem agency
• Victim Site: mrsemagency.com

52. Alleged leak of cpanel access to Marketing Of America

• Category: Initial Access
• Content: The group claims to have leaked access to Marketing Of America.
• Date: 2025-12-04T10:35:24Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5b71009e-20d3-464f-a985-f4a513c25484.png
  • Threat Actors: HellR00ters Team
• Victim Country: USA
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: marketing of america
• Victim Site: marketingofamerica.com

53. Alleged leak of cpanel access to Gamification Academy

• Category: Initial Access
• Content: The group claims to have leaked access to Gamification Academy.
• Date: 2025-12-04T10:26:35Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9376e654-93c0-4fe0-8c2c-ddb2e287834a.png
  • Threat Actors: HellR00ters Team
• Victim Country: Malaysia
• Victim Industry: Management Consulting
• Victim Organization: gamification academy
• Victim Site: grac.my

54. Alleged leak of cpanel access to plif.o2switch.net

• Category: Initial Access
• Content: The group claims to have leaked access to plif.o2switch.net
• Date: 2025-12-04T10:26:23Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a339ca4c-9a0e-44bf-aabd-76bbbaaed13c.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: plif.o2switch.net

55. Alleged leak of cpanel access to new-server65.integrityserver.net

• Category: Initial Access
• Content: The group claims to have leaked access to new-server65.integrityserver.net
• Date: 2025-12-04T10:20:17Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/08e9c51d-7c54-4675-813b-082a0d75625b.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: new-server65.integrityserver.net

56. Alleged leak of cpanel access to tozetto.ind.br

• Category: Initial Access
• Content: The group claims to have leaked access to tozetto.ind.br
• Date: 2025-12-04T10:15:19Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5821a3c2-61e4-48ca-bde6-b2c999309da3.png
  • Threat Actors: HellR00ters Team
• Victim Country: Brazil
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: tozetto.ind.br

57. DieNet claims to target Saudi Arabia

• Category: Alert
• Content: A recent post by the group indicates that they are targeting Saudi Arabia.
• Date: 2025-12-04T10:02:29Z
• Network: telegram
• Published URL: https://t.me/DIeNlt/729
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ffb0d50c-590b-458b-9177-75d990d08583.png
  • Threat Actors: DieNet
• Victim Country: Saudi Arabia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

58. XYZ targets the website of realimate.ca

• Category: Defacement
• Content: The group claims to have defaced the website of realimate.ca
• Date: 2025-12-04T09:33:00Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/213501
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6becae63-0a56-46dc-bb45-a2ed549ab05b.png
  • Threat Actors: XYZ
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: realimate.ca

59. RECODE TEAM targets the website of Exand

• Category: Defacement
• Content: The group claims to have defaced the website of Exand
• Date: 2025-12-04T09:32:16Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/213500
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/cb59f3b7-9fb4-4f64-be7f-9f53658af4e0.png
  • Threat Actors: RECODE TEAM
• Victim Country: Australia
• Victim Industry: Information Technology (IT) Services
• Victim Organization: exand
• Victim Site: atelier-sc-opale.com

60. Alleged leak of cpanel access to WL TYRES

• Category: Initial Access
• Content: The group claims to have leaked access to WL TYRES.
• Date: 2025-12-04T09:26:56Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e2566077-7923-4b99-9af2-9d0972f31ff4.png
  • Threat Actors: HellR00ters Team
• Victim Country: Australia
• Victim Industry: Automotive
• Victim Organization: wl tyres
• Victim Site: wltyres.com.au

61. Alleged leak of cpanel access to Vasck Technology LTDA

• Category: Initial Access
• Content: The group claims to have leaked access to Vasck Technology LTDA,
• Date: 2025-12-04T09:18:37Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/bc0edf7b-e5e2-43a4-9e0a-0e22f7c10c66.png
  • Threat Actors: HellR00ters Team
• Victim Country: Brazil
• Victim Industry: Wholesale
• Victim Organization: vasck technology ltda
• Victim Site: vasckengenharia.com.br

62. Alleged leak of cpanel access to DS Seguros

• Category: Initial Access
• Content: The group claims to have leaked access to DS Seguros
• Date: 2025-12-04T09:10:13Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/40aa2012-93ea-46a7-85cc-5cd0847f7434.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Brazil
• Victim Industry: Professional Services
• Victim Organization: ds seguros
• Victim Site: dssegurosplus.com.br

63. Alleged Unauthorized Access to Dinas Pertanian Cirebon

• Category: Initial Access
• Content: The group claims to have accessed Dinas Pertanian Cirebon.
• Date: 2025-12-04T09:02:14Z
• Network: telegram
• Published URL: https://t.me/teamRcs/90
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/3a4a8305-8d43-4a59-a9a0-f34020ea1afc.png
  • Threat Actors: RASHTRIYA CYBER SENA
• Victim Country: Indonesia
• Victim Industry: Agriculture & Farming
• Victim Organization: dinas pertanian cirebon
• Victim Site: distan.cirebonkab.go.id

64. Alleged leak of cpanel access to atomicat.pro

• Category: Initial Access
• Content: The group claims to have leaked access to atomicat.pro
• Date: 2025-12-04T08:59:12Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/bb3b1ca4-e9bb-4609-b2a1-09c96f8f90a9.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: atomicat.pro

65. Alleged leak of cpanel access to Atak Domain Hosting

• Category: Initial Access
• Content: The group claims to have leaked access to Atak Domain Hosting
• Date: 2025-12-04T08:41:04Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/49cf2b17-fa7c-4bf1-bcac-4fd6673538d1.jpg
  • Threat Actors: HellR00ters Team
• Victim Country: Turkey
• Victim Industry: Information Technology (IT) Services
• Victim Organization: atak domain hosting
• Victim Site: atakdomain.com

66. Alleged leak of cpanel access to host66.registrar-servers.com

• Category: Initial Access
• Content: The group claims to have leaked access host66.registrar-servers.com.
• Date: 2025-12-04T08:38:19Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/683f935a-b090-4b3a-b0d2-939d1876994c.png
  • Threat Actors: HellR00ters Team
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: host66.registrar-servers
• Victim Site: host66.registrar-servers.com

67. DEFACER INDONESIA targets the website of harmeet-singh.rf.gd

• Category: Defacement
• Content: The group claims to have defaced the website of harmeet-singh.rf.gd NB: The site was defaced by MR-YOS.
• Date: 2025-12-04T08:21:01Z
• Network: telegram
• Published URL: https://t.me/c/2433981896/135
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0caa9773-894e-406e-9c09-8ced1b6da3b3.png
  • https://d34iuop8pidsy8.cloudfront.net/fac08d35-af84-4a45-a73e-25ceb3d316c1.png
  • Threat Actors: DEFACER INDONESIA
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: harmeet-singh.rf.gd

68. Alleged data sale of National Institute of Anthropology and History

• Category: Data Breach
• Content: The threat actor claims to be selling 1.1 GB of user information, allegedly including sensitive documents, system access, active admin panel access and vulnerability to dump all data and more.
• Date: 2025-12-04T08:18:50Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Document-%F0%9F%9A%A8%E2%AD%90FOR-SALE-Sensitive-INAH-Mexico-documents-Internal-access-vulnerability%E2%AD%90%F0%9F%9A%A8–60156
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f8c6944d-8933-4b70-80d0-400a792480bc.JPG
  • https://d34iuop8pidsy8.cloudfront.net/9f86b40a-a0af-455e-9319-38866ceaa8c4.JPG
  • https://d34iuop8pidsy8.cloudfront.net/618e1197-e9cd-43f3-ad54-0c7316631b18.JPG
  • Threat Actors: HvcKMvsoneria33
• Victim Country: Mexico
• Victim Industry: Hospitality & Tourism
• Victim Organization: national institute of anthropology and history
• Victim Site: inah.gob.mx

69. Alleged leak of cpanel access to Dr. Bruna Braga

• Category: Initial Access
• Content: The group claims to have leaked access to Dr. Bruna Braga.
• Date: 2025-12-04T08:15:47Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e20b23ab-e2e5-44a4-b431-2e627ce74adb.png
  • Threat Actors: HellR00ters Team
• Victim Country: Brazil
• Victim Industry: Hospital & Health Care
• Victim Organization: dr. bruna braga
• Victim Site: drabrunabraga.com

70. Alleged leak of cpanel access to Silica Nanocolloid Choju no Sato

• Category: Initial Access
• Content: The group claims to have leaked access to Silica Nanocolloid Choju no Sato.
• Date: 2025-12-04T08:04:14Z
• Network: telegram
• Published URL: https://t.me/c/2758066065/397
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/56baa8c1-d905-4ee0-b801-aa4821774c76.png
  • Threat Actors: HellR00ters Team
• Victim Country: Japan
• Victim Industry: E-commerce & Online Stores
• Victim Organization: silica nanocolloid choju no sato
• Victim Site: elliyeenshop.com

71. Yellow Cab of Columbus falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data.
• Date: 2025-12-04T07:18:26Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=84258547-f737-3e0a-9960-e6835de243af
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9a4be858-f917-4aa0-abd3-c4eccd85d0c2.png
  • https://d34iuop8pidsy8.cloudfront.net/f7aa649d-6dec-4348-ada9-30733b7a83d7.png
  • Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Transportation & Logistics
• Victim Organization: yellow cab of columbus
• Victim Site: yellowcabofcolumbus.com

72. Quasar, Inc falls victim to Space Bears Ransomware

• Category: Ransomware
• Content: The group has obtained the organization’s internal data. The data includes Network projects, drawings, communications designs and various information and they intend to publish it within 6-7 days.
• Date: 2025-12-04T04:34:26Z
• Network: tor
• Published URL: http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/100/quasar-inc
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/01af50b2-de3b-46ca-8b0c-e73131acebb4.png
  • Threat Actors: Space Bears
• Victim Country: USA
• Victim Industry: Network & Telecommunications
• Victim Organization: quasar, inc.
• Victim Site: quasar.us

73. INDRAMAYU CHAOS SYSTEM targets the website of PerfectOnlinecasino

• Category: Defacement
• Content: The group claims to have defaced the website of PerfectOnlinecasino.
• Date: 2025-12-04T03:30:28Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/75e820c9-21d6-42a9-a978-ad80376f433d.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: perfectonlinecasino
• Victim Site: perfectonlinecasino.id

74. INDRAMAYU CHAOS SYSTEM targets the website of Uptowincasino

• Category: Defacement
• Content: The group claims to have defaced the website of Uptowincasino.
• Date: 2025-12-04T03:20:49Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/64acf125-667d-48c8-a235-30d4fe8a40f9.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: uptowincasino
• Victim Site: uptowincasino.id

75. INDRAMAYU CHAOS SYSTEM targets the website SlotSonlinecasino

• Category: Defacement
• Content: The group claims to have defaced the website of SlotSonlinecasino.
• Date: 2025-12-04T03:17:22Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f3777194-358b-42ba-98f8-a045e36ed529.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: slotsonlinecasino
• Victim Site: slotsonlinecasino.id

76. INDRAMAYU CHAOS SYSTEM targets the website of SlotSlivecasino

• Category: Defacement
• Content: The group claims to have defaced the website of SlotSlivecasino
• Date: 2025-12-04T03:13:05Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7ad9d316-7527-4ce5-9229-2c8d2bc9b8d1.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: slotslivecasino
• Victim Site: slotslivecasino.id

77. Alleged Unauthorized Access to PQ-Master 3000 of Netherlands

• Category: Initial Access
• Content: The group claims to have accessed the PQ-Master 3000 system used for real-time monitoring of electrical network parameters across parts of the Netherlands. According to the claim, live dashboards showed current, voltage, phase balance, and oscillation data updating every second. They state that stopping the system would leave the network unmonitored with no alerts or anomaly detection.
• Date: 2025-12-04T03:10:53Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2700
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/1bae19af-4a63-4c30-904f-fd79ab0e897f.png
  • Threat Actors: Infrastructure Destruction Squad
• Victim Country: Netherlands
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

78. INDRAMAYU CHAOS SYSTEM targets the website of PlayOnlineSlots

• Category: Defacement
• Content: The group claims to have defaced the website of PlayOnlineSlots.
• Date: 2025-12-04T03:08:44Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fcc812bb-c554-42e1-95b4-0bdad6c11b3f.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: playonlineslots
• Victim Site: playonlineslots.id

79. Infrastructure Destruction Squad claims to target Netherlands and its infrastructure

• Category: Alert
• Content: The recent post of group claims to target Netherlands and its infrastructure
• Date: 2025-12-04T03:07:42Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2699
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/55487531-e078-4169-85d9-1a5cd28c2030.png
  • Threat Actors: Infrastructure Destruction Squad
• Victim Country: Netherlands
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

80. INDRAMAYU CHAOS SYSTEM targets the website of PlayPokerOnline

• Category: Defacement
• Content: The group claims to have defaced the website of PlayPokerOnline.
• Date: 2025-12-04T03:04:20Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/227a1250-93d9-4f86-acc4-abcbafa0844e.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: playpokeronline
• Victim Site: playpokeronline.id

81. INDRAMAYU CHAOS SYSTEM targets the website of Play888Casino

• Category: Defacement
• Content: The group claims to have defaced the website of Play888Casino.
• Date: 2025-12-04T02:59:00Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/64a0f984-3971-40a0-9aa5-bdf825c7e63c.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: play888casino
• Victim Site: play888casino.id

82. INDRAMAYU CHAOS SYSTEM targets the website of RouletteOnline

• Category: Defacement
• Content: The group claims to have defaced the website of RouletteOnline.
• Date: 2025-12-04T02:52:15Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c76f1765-b34e-4a94-9291-e9c270131126.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: roulette
• Victim Site: rouletteonline.id

83. INDRAMAYU CHAOS SYSTEM targets the website of PokerListings

• Category: Defacement
• Content: The group claims to have defaced the website of PokerListings.
• Date: 2025-12-04T02:13:30Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a12fb26e-6b9d-4569-a477-0950daa2da69.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: pokerlistings
• Victim Site: [suspicious link removed]

84. Fix Tecnologia falls victim to Nova Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 100 GB of organization’s internal data and they intend to publish it within 14-15 days.
• Date: 2025-12-04T02:02:52Z
• Network: tor
• Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/068e4fed-13b7-47b4-aa0a-63fc753950da.png
  • Threat Actors: Nova
• Victim Country: Brazil
• Victim Industry: Information Technology (IT) Services
• Victim Organization: fix tecnologia
• Victim Site: esusbelacruz.fixtecnologia.com.br

85. INDRAMAYU CHAOS SYSTEM targets the website of PERFECT ONLINE CASINO

• Category: Defacement
• Content: The group claims to have defaced the website of PERFECT ONLINE CASINO.
• Date: 2025-12-04T02:01:17Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/45531bce-4215-4b2d-bb23-2b4910625df8.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: perfect online casino
• Victim Site: perfectonlinecasino.com

86. INDRAMAYU CHAOS SYSTEM targets the website of Online Casino Slots

• Category: Defacement
• Content: The group claims to have defaced the website of Online Casino Slots.
• Date: 2025-12-04T01:51:30Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4093ca97-902e-404f-9702-841b0bcf8574.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: online casino slots
• Victim Site: onlinecasinoslots.id

87. scattered LAPSUS$ hunters 7.0 claims to target MOVEit

• Category: Alert
• Content: The group claims to target MOVEit
• Date: 2025-12-04T01:15:37Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/910
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a388fbb6-bbe6-483b-a5b4-7fba9f59a598.png
  • Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Software
• Victim Organization: moveit
• Victim Site: progress.com

88. BABAYO EROR SYSTEM targets the website of bedah kasus

• Category: Defacement
• Content: The group claims to have defaced the website of bedah kasus
• Date: 2025-12-04T00:40:00Z
• Network: telegram
• Published URL: https://t.me/c/3487552490/51
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6f0a11d6-c084-46c0-9748-e1742ee3e840.png
  • Threat Actors: BABAYO EROR SYSTEM
• Victim Country: Indonesia
• Victim Industry: Newspapers & Journalism
• Victim Organization: bedah kasus
• Victim Site: bedahkasus.id

89. BABAYO EROR SYSTEM targets the website of Cakrawala Candradimuka Literasi

• Category: Defacement
• Content: The group claims to have defaced the website of Cakrawala Candradimuka Literasi
• Date: 2025-12-04T00:36:40Z
• Network: telegram
• Published URL: https://t.me/c/3487552490/51
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d89e9dc6-923d-42e3-a41b-e4fa2d97fb40.png
  • Threat Actors: BABAYO EROR SYSTEM
• Victim Country: Indonesia
• Victim Industry: Publishing Industry
• Victim Organization: cakrawala candradimuka literasi
• Victim Site: cakrawalacandradimukaliterasi.web.id

90. INDRAMAYU CHAOS SYSTEM targets the website of Online Casino Games

• Category: Defacement
• Content: The group claims to have defaced the website of Online Casino Games
• Date: 2025-12-04T00:31:13Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c260ee91-1a9a-4c32-adc8-4cf9d66291f4.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: online casino games
• Victim Site: onlinecasinogames.id

91. INDRAMAYU CHAOS SYSTEM targets the website of Jackpots All Slots

• Category: Defacement
• Content: The group claims to have defaced the website of Jackpots All Slots
• Date: 2025-12-04T00:27:48Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f20bc2ee-547d-4ccb-a31b-2ef1d902bb47.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: jackpots all slots
• Victim Site: jackpotsallslots.id

92. Alleged data breach of Jinghang Insurance company in China

• Category: Data Breach
• Content: Threat actor claims to be leaked the data from Jinghang insurance company. The compromised data reportedly includes 2.3million Chinese id, 140000 insurance contracts worth 224 million yuan, and dumps of 70+ MySQL databases.
• Date: 2025-12-04T00:25:58Z
• Network: openweb
• Published URL: https://forum.exploit.in/topic/271301/
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7ff557f2-2b80-47d6-91f8-928f5c5e7dc3.png
  • https://d34iuop8pidsy8.cloudfront.net/6e58e891-e61e-445c-9de1-df573d50f716.png
  • Threat Actors: AsukaLangley
• Victim Country: China
• Victim Industry: Insurance
• Victim Organization: jinghang insurance
• Victim Site: Unknown

93. INDRAMAYU CHAOS SYSTEM targets the website of Gambling Betting

• Category: Defacement
• Content: The group claims to have defaced the website of Gambling Betting
• Date: 2025-12-04T00:24:17Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/13b3b065-3a66-4b13-a36d-18dc738f3160.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: gambling betting
• Victim Site: gamblingbetting.id

94. INDRAMAYU CHAOS SYSTEM targets the website of CasinoMaxi

• Category: Defacement
• Content: The group claims to have defaced the website of CasinoMaxi
• Date: 2025-12-04T00:19:27Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e24e77e2-3468-485a-8cb9-90e6c4f41de2.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: casinomaxi
• Victim Site: casinomaxi.id

95. INDRAMAYU CHAOS SYSTEM targets the website of All Slots Casino

• Category: Defacement
• Content: The group claims to have defaced the website of All Slots Casino
• Date: 2025-12-04T00:16:13Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c4851dd1-adb9-4990-ba71-0612f51104eb.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: all slots casino
• Victim Site: allslotscasino.id

96. INDRAMAYU CHAOS SYSTEM targets the website of Drake Casino

• Category: Defacement
• Content: The group claims to have defaced the website of Drake Casino
• Date: 2025-12-04T00:12:59Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/2acea8ba-533a-4743-a74a-65ce7973e0fd.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: drake casino
• Victim Site: drakecasino.id

97. INDRAMAYU CHAOS SYSTEM targets the website of Club Casino World

• Category: Defacement
• Content: The group claims to have defaced the website of Club Casino World
• Date: 2025-12-04T00:10:02Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b1a86687-94f1-4b4a-ab53-e5139a0a0616.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: club casino world
• Victim Site: clubworldcasinos.id

98. INDRAMAYU CHAOS SYSTEM targets the website of Casino Jackpot

• Category: Defacement
• Content: The group claims to have defaced the website of Casino Jackpot
• Date: 2025-12-04T00:02:18Z
• Network: telegram
• Published URL: https://t.me/c/3427600175/40
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/858e4887-1882-4e6e-974b-5bb4849757db.png
  • Threat Actors: INDRAMAYU CHAOS SYSTEM
• Victim Country: Indonesia
• Victim Industry: Gambling & Casinos
• Victim Organization: casino jackpot
• Victim Site: casinojackpot.id

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and ransomware attacks are prominent, affecting various sectors from banking and education to retail and gambling, and impacting countries including the USA, Indonesia, Spain, and Brazil. The compromised data ranges from personal user information and credit card details to sensitive internal documents. Beyond data compromise, the report reveals significant activity in website defacements, particularly targeting online casinos, and initial access sales. The incidents collectively demonstrate persistent threats from data exfiltration and unauthorized network access.