[December-7-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Pharaoh’s Team Channel targets the website of CampusBuzz

2. Pharaoh’s Team Channe targets the website of Smart School

3. Pharaoh’s Team Channel targets the website of xBuilder Lab Inc.

4. Alleged Sale of CORS Vulnerability in a Medium-Sized Cryptocurrency Platform in Burma

  • Category: Vulnerability
  • Content: A threat actor claims to be selling a CORS vulnerability affecting a medium-sized cryptocurrency platform in Burma. It can be exploited like a standard CORS vulnerability with minor adjustments that allow bypassing the platform’s WAF.
  • Date: 2025-12-07T21:16:48Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/271576/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/0d29ffe4-56ca-4535-ad2a-1fdf050116f5.png
  • Threat Actors: CircuitBreaker
  • Victim Country: Myanmar
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

5. Tucson Independent Physicians and Surgeons falls victim to LOCKBIT Ransomware

6. Alleged data leak of Ukraine Mirotic Air defense suppliers

7. Alleged sale of identity cards from Romania and China

8. Alleged Data Breach of K3G Solutions LTDA in Brazil

  • Category: Data Breach
  • Content: Threat Actor claims to have breached the database of K3G Solutions LTDA in Brazil, leaking 192 GB of data that includes a full Huawei iManager U2000 backup, complete internal databases, major network configuration files Huawei, ZTE, Fiberhome, VSOL, MikroTik, network monitoring data Zabbix, Grafana, Graylog, Netbox, backbone GIS/KML maps, and customer documents and contracts.
  • Date: 2025-12-07T19:43:38Z
  • Network: openweb
  • Published URL: https://forum.exploit.biz/topic/271570/ Screenshots: https://d34iuop8pidsy8.cloudfront.net/d27cc704-8d13-479f-a231-1ed99479cdc6.png
  • Threat Actors: zestix
  • Victim Country: Brazil
  • Victim Industry: Network & Telecommunications
  • Victim Organization: k3g solutions ltda
  • Victim Site: k3gsolutions.com.br

9. Dream Hack targets the website of DocPro

10. Alpha wolf targets the website of Surveybell

11. GHOST SECURITY SOCIETY PH targets the website of Labhmart

12. Alleged Data Breach of TAJMAC-ZPS in Czech Republic

13. Jeffrey W. Krol & Associates, Ltd. falls victim to Sinobi Ransomware

14. Alleged data breach of U.S. Department of Health and Human Services

15. Alleged Data Breach of Air Miles in Spain

16. David M. Schwarz Architects, Inc. falls victim to Qilin Ransomware

17. Gopher Industrial, Inc. falls victim to Sinobi Ransomware

18. Alleged data breach of SNB Capital

19. Alleged access to OnlyPet

20. jokeir 07x targets the website of Tabbaanistore

21. Quality Companies falls victim to Sinobi Ransomware

22. Galesi Group falls victim to Sinobi Ransomware

23. Alleged data breach of U.S. Department of Labor

24. Acoustical Control, LLC falls victim to Qilin Ransomware

25. AMH Philippines, Inc. falls victim to Qilin Ransomware

26. La Costa Dental Excellence falls victim to Qilin Ransomware

27. YAZAKI Corporation falls victim to INC RANSOM Ransomware

28. Alleged sale of Weapon toolkit

29. Alleged data breach of the French Swimming Federation

30. Alleged data breach of the French Karate Federation

31. Alleged data breach of the French Tennis Federation

32. Illustrious Barcelona Bar Association (ICAB) falls victim to Qilin Ransomware

33. Alleged sale of Pemerintahan Kota Pariaman database

34. Sanko Air Conditioning Co., Ltd. falls victim to Qilin Ransomware

35. Alleged unauthorised access to Dispatch center of Ukrainian housing & utilities federation

  • Category: Initial Access
  • Content: The group claims to have gained access to a dispatch-center belonging to the Federation of Housing & Utilities Employers of Ukraine.NB: The authenticity of the claim is yet to be verified
  • Date: 2025-12-07T10:59:03Z
  • Network: telegram
  • Published URL: https://t.me/perunswaroga/832 Screenshots: https://d34iuop8pidsy8.cloudfront.net/32b76335-f2e9-42c6-b49f-e91f6233f238.png
  • Threat Actors: Perun Svaroga
  • Victim Country: Ukraine
  • Victim Industry: Facilities Services
  • Victim Organization: federation of housing and utilities employers of ukraine
  • Victim Site: dispetcher.info-gkh.com.ua

36. NOT-CTBER claims to target Thailand

37. V FOR VENDETTA CYBER TEAM targets the website of Rex TV India

38. Alleged data breach of V-Comp

  • Category: Data Breach
  • Content: The group claims to have obtained access to the data base of V-Comp. The compromised data reportedly includes personal data like email addresses, phone numbers, store orders, encrypted information about customers’ addresses.
  • Date: 2025-12-07T08:45:48Z
  • Network: telegram
  • Published URL: https://t.me/c/1514923101/222 Screenshots: https://d34iuop8pidsy8.cloudfront.net/a0504faa-ffaf-4a9e-a765-4e37ea953282.jpg
  • Threat Actors: ECLIPSE
  • Victim Country: Ukraine
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: v-comp
  • Victim Site: v-comp.com.ua

39. Alleged unauthorized access to NASA LC‑34 HCS system

  • Category: Initial Access
  • Content: A group claims to have accessed an internal interface of the NASA LC‑34 HCS compressor control system. The claim states that the interface displays operational parameters and historical logs, and suggests that alterations could affect equipment behavior.
  • Date: 2025-12-07T08:35:41Z
  • Network: telegram
  • Published URL: https://t.me/zpentestalliance/814 Screenshots: https://d34iuop8pidsy8.cloudfront.net/f76ce96c-ba82-4138-a700-854a4f52c549.png
  • Threat Actors: Z-PENTEST ALLIANCE
  • Victim Country: USA
  • Victim Industry: Aviation & Aerospace
  • Victim Organization: nasa
  • Victim Site: nasa.gov

40. Alleged Sale of Access to Unidentified Industrial Control Systems (ICS)

41. Alleged sale of 130 credit card records in UK

42. Alleged Sale of HFx v3.0 Exploitation Toolkit

43. Alleged Sale of HFx SMTP Domain-Based Cracking Tool

44. PASKOBLACKHAT targets the website of dana.ismec.cl

45. TH3 EL1T3 GHOST targets the website of Mozilla Foundation

46. PASKOBLACKHAT targets the website of Chimney World

47. TH3 EL1T3 GHOST targets the website of Google Bug Hunters

48. Reaper Byte Philippines Kano State Ministry of Solid Minerals Resources

49. Reaper Byte Philippines targets the website of Kano State Ministry of Youth & Sport Development

50. Reaper Byte Philippines targtes the website of Kano State Ministry of Water Resources

51. TH3 EL1T3 GHOST targets the website of YesWeHack

52. PASKOBLACKHAT targets the website of HB Labor-Supply Contractor Ltd

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Defacements, ransomware attacks, and data breaches are prominent, affecting various sectors from government administration and healthcare to education, manufacturing, and social media. The geographic scope is vast, impacting countries including the USA, France, India, Brazil, Japan, Ukraine, and Nigeria.

The compromised data ranges from personal user information and internal government records to sensitive medical files and confidential corporate documentation. Beyond data compromise, the report reveals significant activity in initial access claims, with threat actors targeting critical infrastructure and government entities such as NASA and Ukrainian utilities. The presence of malware toolkits for sale further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts