[December-5-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. CyberBlitz targets the website of Thought Cab Design

• Category: Defacement
• Content: Group claims to have deface the website of Thought Cab Design
• Date: 2025-12-05T23:57:44Z
• Network: telegram
• Published URL: https://t.me/Cyb3rBlitz/1162
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4d2a4a84-d198-4045-8a49-aa780d36593d.png
• Threat Actors: CyberBlitz
• Victim Country: USA
• Victim Industry: Information Technology (IT) Services
• Victim Organization: thought cab design
• Victim Site: thoughtcabdesign.com

2. Alleged Data Breach of Government of Kota Madiun

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Government of Kota Madiun. The compromised data reportedly contain 60,000 records including Names, Home addresses, Phone numbers, Local neighborhood IDs.
• Date: 2025-12-05T23:51:50Z
• Network: tor
• Published URL: http://763olyp74dxnq4wrzukk3dde6ffahxxjzealf3bzvdoyd7tptksxiiad.onion/Thread-SELLING-Selling-60-thousand-Madiun-population-databases-by-RETAABI
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/9396b43e-1b51-403b-896d-44857b661d1f.png
• Threat Actors: RETAABI
• Victim Country: Indonesia
• Victim Industry: Government Relations
• Victim Organization: government of kota madiun
• Victim Site: madiunkota.go.id

3. CyberBlitz targets the website of KHBOX MAX

• Category: Defacement
• Content: Group claims to have deface the website of KHBOX MAX
• Date: 2025-12-05T22:43:29Z
• Network: telegram
• Published URL: https://t.me/Cyb3rBlitz/1158
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/070ae826-2ab2-4658-9175-ee72f94fb320.png
• Threat Actors: CyberBlitz
• Victim Country: Cambodia
• Victim Industry: Entertainment & Movie Production
• Victim Organization: khbox max
• Victim Site: khboxmax.com

4. Duhabex Sp. z o.o. falls victim to ANUBIS Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s internal data, including employee personal information, documents, and earnings details, as well as contracts with clients and partners, databases containing their contact information, and internal contacts.
• Date: 2025-12-05T22:41:40Z
• Network: tor
• Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/v9spoNOKSU+FoiWlifJf53PbiQe5bfZ0NAgU8kzAvkvF0hB6PeFpB6bi9Mbo+RmvyVvUGZEcj8AadEuaUj0lWG16M2FXTmpL
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2cfce123-9600-4e7a-a481-ac589ff456af.png https://d34iuop8pidsy8.cloudfront.net/1f6dd8c6-9655-452f-b389-ecc508b266ed.png https://d34iuop8pidsy8.cloudfront.net/e7155325-37fc-40b9-ae82-5c1c38e01c2a.png
• Threat Actors: ANUBIS
• Victim Country: Poland
• Victim Industry: Transportation & Logistics
• Victim Organization: duhabex sp. z o.o.
• Victim Site: duhabex.pl

5. CyberBlitz targets the website of KHBOX PLAY

• Category: Defacement
• Content: Group claims to have deface the website of KHBOX PLAY
• Date: 2025-12-05T22:35:52Z
• Network: telegram
• Published URL: https://t.me/Cyb3rBlitz/1158
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/60b87469-1dba-45a4-b369-7b59a0ca93fa.png
• Threat Actors: CyberBlitz
• Victim Country: Cambodia
• Victim Industry: Entertainment & Movie Production
• Victim Organization: khbox play
• Victim Site: khboxplay.com

6. Alleged Data Breach of Iberia Airlines in Spain

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of Iberia Airlines in Spain which contains 596 GB internal company data.
• Date: 2025-12-05T21:50:22Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271449/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/89fcbc56-a70b-4acf-bda7-ab4d0ab55dd3.png
• Threat Actors: Everestgroup
• Victim Country: Spain
• Victim Industry: Airlines & Aviation
• Victim Organization: iberia airlines
• Victim Site: iberia.com

7. Alleged leak of access to Hostovita.pl

• Category: Initial Access
• Content: The group claims to have leaked access to Hostovita.pl
• Date: 2025-12-05T20:46:57Z
• Network: telegram
• Published URL: https://t.me/c/1514923101/220
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c3db26c7-3695-4166-8691-fea90f391fce.png
• Threat Actors: ECLIPSE
• Victim Country: Poland
• Victim Industry: Information Services
• Victim Organization: hostovita.pl
• Victim Site: hostovita.pl

8. MMC Film and TV Studios Cologne falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s internal data and intends to publish it within 3 days.
• Date: 2025-12-05T20:35:00Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/mmcde/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/a1243f5c-236d-4105-8431-1ff90ccd7e2f.png
• Threat Actors: SAFEPAY
• Victim Country: Germany
• Victim Industry: Media Production
• Victim Organization: mmc film and tv studios cologne
• Victim Site: mmc.de

9. McTavish & Co. falls victim to SAFEPAY Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s internal data and intends to publish it within 3 days.
• Date: 2025-12-05T20:15:29Z
• Network: tor
• Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/mactavishcoca/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/2c6dcc1e-519c-44ba-baad-fac1c0b740a6.png
• Threat Actors: SAFEPAY
• Victim Country: Canada
• Victim Industry: Law Practice & Law Firms
• Victim Organization: mctavish & co.
• Victim Site: mactavishco.ca

10. Alleged Unauthorized Access to an German Industrial Refrigeration Monitoring & Control System

• Category: Initial Access
• Content: The group claims to have gained access to an Industrial Refrigeration Monitoring & Control System in Germany. They can able to Change temperatures, Change alarm limits, Change defrost timing, Change sensor settings, Change energy-saving mode, Change logging settings, Change system configuration
• Date: 2025-12-05T20:02:14Z
• Network: telegram
• Published URL: https://t.me/nullsechackers/620
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/f3a8fb3c-ad8d-4b37-8134-13e4f147b619.png
• Threat Actors: Nullsec Philippines
• Victim Country: Germany
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and Defacement campaigns are prominent, affecting various sectors from Transportation and Entertainment to Government and IT Services, and impacting countries including the USA, Indonesia, Germany, Poland, Spain, and Cambodia. The compromised data ranges from internal employee information and financial records to large customer databases and sensitive government records. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to critical infrastructure such as industrial control systems in Germany and hosting providers in Poland. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.