[July-11-2025] Daily Cybersecurity Threat Report

Posted on

1. Executive Summary

This report provides a detailed overview and analysis of 27 distinct cyber incidents, all reported on July 11, 2025, as described in the provided incident data. These incidents span a wide range of categories, with a significant prevalence of data breaches and data leaks, alongside instances of malware sales, initial access brokering, and website defacements. The affected entities and individuals are geographically diverse, impacting countries such as Thailand, Israel, Russia, Chile, USA, Algeria, Indonesia, Spain, Japan, France, Brazil, Saudi Arabia, Mexico, Georgia, and India, and spanning various sectors including government, banking, education, real estate, retail, and telecommunications.

A key feature of this report is the inclusion of direct links to the published sources and evidential screenshots for each incident, providing immediate access to the primary documentation. This consolidation aims to offer a clear, actionable snapshot of recent cyber threat activities, facilitating rapid assessment and informed decision-making for stakeholders. The analysis highlights the persistent and varied nature of cyber threats, emphasizing the critical need for continuous vigilance and robust security measures across all sectors.

2. Incident Overview Table

To provide a rapid, high-level summary of all documented incidents, a consolidated table has been prepared. This overview enables stakeholders to quickly grasp the scope and nature of events at a glance, serving as an efficient navigational aid to the more detailed incident reports that follow.

Table 1: Summary of Recorded Incidents (July 11, 2025)

Incident IDCategoryTitleDate (UTC)Threat ActorsVictim CountryVictim OrganizationPublished URL
INC001MalwareAlleged Sale of Shellcode-Based HTTP/DNS Loader Source Code2025-07-11 13:38:34n3bytehttps://forum.exploit.in/topic/262267/
INC002Data LeakAlleged leak of Israel citizen’s data2025-07-11 12:07:41sazzIsraelhttps://darkforums.st/Thread-3-9M-Israel-Citizens-Data
INC003Data BreachAlleged data breach of National Anti-Corruption Commission (NACC)2025-07-11 11:59:57H3C4KEDZThailandnational anti-corruption commission (nacc)https://t.me/We_H3c4kedz1/153
INC004Data BreachAlleged Data Breach of Sovcom Bank2025-07-11 11:41:33sazzRussiasovcom bankhttps://darkforums.st/Thread-Russian-Sovkcom-Bank-DataBase
INC005Data BreachAlleged data breach of Department of International Trade Promotion (DITP)2025-07-11 09:54:07H3C4KEDZThailanddepartment of international trade promotion (ditp)https://t.me/We_H3c4kedz1/101
INC006Data BreachAlleged data breach of Rajamangala University of Technology Lanna, Chiang Rai2025-07-11 09:53:30H3C4KEDZThailandrajamangala university of technology lanna, chiang raihttps://t.me/We_H3c4kedz1/101
INC007Data BreachAlleged data breach of Department of Climate Change and Environment2025-07-11 09:53:02H3C4KEDZThailanddepartment of climate change and environmenthttps://t.me/We_H3c4kedz1/101
INC008Initial AccessAlleged Sale of 0-Day Auth Bypass Targeting Fortinet, Palo Alto, and Ivanti2025-07-11 09:19:35anongodhttps://ramp4u.io/threads/0-day-auth-bypass-fortinet-palo-alto-ivanti-saml.3271
INC009Data LeakAlleged Leak of Crypto and User Credentials2025-07-11 09:14:35Skydreammodzhttps://leakbase.la/threads/database-leads-2025.40248
INC010Data LeakAlleged Leak of Crypto User Data from Major Platforms2025-07-11 09:09:32Skydreammodzhttps://leakbase.la/threads/database-leads-2025.40247
INC011Initial AccessAlleged unauthorized access to an unidentified organization2025-07-11 09:05:49CyberAv3ngers_suppIsraelhttps://t.me/CyberAv3ngers/14
INC012Data BreachAlleged data sale of Gtd Teleductos2025-07-11 09:03:52DataVortexDBChilegtd grouphttps://xss.is/threads/141713/
INC013DefacementLiwaa Muhammad targets multiple websites2025-07-11 08:40:24Liwaa MuhammadIndiabattlefield gymhttps://t.me/liwaamohammad/500
INC014Data BreachAlleged data breach of The Providence Group2025-07-11 06:50:53_SentapGeorgiathe providence grouphttps://xss.is/threads/141706
INC015Data BreachAlleged data breach of DVD STORE SPAIN S.L.2025-07-11 06:35:52108111118101Spaindvd store spain s.l.https://xss.is/threads/141705/
INC016AlertGolden falcon claims to target Minneapolis-St. Paul International Airport2025-07-11 05:41:24Golden falconUSAminneapolis-st. paul international airporthttps://t.me/Golden_falcon_team/427
INC017DefacementLiwaa Muhammad targets the website of Merva Ads2025-07-11 05:03:36Liwaa MuhammadIndiamerva adshttps://t.me/liwaamohammad/498
INC018Data BreachAlleged data leak of Good Item Lab2025-07-11 04:53:37R0m4nceJapangood item labhttps://darkforums.st/Thread-FREE-www-shoppingpark-jp-Dumped-2025-7-11
INC019Data BreachAlleged data breach of Algérie Poste2025-07-11 04:05:43Jokeir07xAlgeriaalgérie postehttps://darkforums.st/Thread-A-huge-collection-of-13-245-poste-dz-current-accounts-for-Algerian-citizens
INC020Data BreachAlleged data breach of Khidmah LLC2025-07-11 03:54:41RL000UAEkhidmah llchttps://darkforums.st/Thread-khidmah-com-employees-DataBase-Leak
INC021Data LeakAlleged leak of Saudi Arabia Database2025-07-11 03:27:46RL000Saudi Arabiahttps://darkforums.st/Thread-Saudi-Arabia-DataBase
INC022Data BreachAlleged data breach of Rice Department of Thailand2025-07-11 02:52:25H3C4KEDZThailandrice department of thailandhttps://t.me/We_H3c4kedz1/80
INC023Data LeakAlleged Data Leak of ManoMano Site Leads2025-07-11 02:19:54KavinskyFrancemanomanohttps://darkforums.st/Thread-Selling-manomano-Site-Leads
INC024Data BreachAlleged data breach of KREDITPLUS SERVICES2025-07-11 02:14:06DigitalGhostIndonesiakreditplus serviceshttps://darkforums.st/Thread-900K-KREDITPLUS-DATABASE
INC025Data LeakAlleged Data Leak of Government Email Accounts2025-07-11 02:00:38nxeMexicohttps://darkforums.st/Thread-Selling-GOVERNMENTAL-EMAILS
INC026Data LeakAlleged leak of citizen data and various documents from Algeria2025-07-11 01:38:49sanji_shi5Algeriahttps://darkforums.st/Thread-Data-on-Algerian-citizens-and-documents-related-to-one-of-the-states-in-Algeria
INC027Data BreachAlleged data leak of Federal Bureau of Investigation (FBI)2025-07-11 01:31:48DigitalGhostUSAfederal bureau of investigation (fbi)https://darkforums.st/Thread-Document-FBI-DEPARTMENT-OF-JUSTICE-DOCUMENT
INC028Data BreachAlleged access and data leak of Nakhonsawan Industrial and Community Education College2025-07-11 01:13:40NXBB.SECThailandnakhonsawan industrial and community education collegehttps://t.me/nxbbsec/716
INC029Data LeakAlleged leak of JAKARTA BARAT ID card2025-07-11 01:12:45darknessX404Indonesiahttps://darkforums.st/Thread-WEST-JAKARTA-ID-CARD-BY-DARKNESS-X404
INC030Initial AccessAlleged sale of login credentials to two MySQL servers to an unidentified organization in Brazil2025-07-11 00:52:19Rui_DeidadBrazilhttps://darkforums.st/Thread-SALE-OF-CREDENTIALS-TO-TWO-MYSQL-SERVERS-BRAZIL
INC031Data LeakAlleged sale of Databases from all over the world2025-07-11 00:43:06Intel_Datahttps://darkforums.st/Thread-Databases-from-all-over-the-world

3. Detailed Incident Reports

This section provides a dedicated entry for each incident, elaborating on its specifics, including direct links to published URLs and evidential screenshots.

3.1. Incident INC001: Alleged Sale of Shellcode-Based HTTP/DNS Loader Source Code

  • Category: Malware
  • Date: 2025-07-11T13:38:34Z
  • Network: openweb
  • Threat Actors: n3byte
  • Content: The threat actor claims to be selling a custom C-based loader in shellcode format that acts as a resident loader and reverse shell, with support for HTTP or DNS communication and persistent system ID tracking. It gathers system info, runs PowerShell commands, captures screenshots, and supports multiple payload formats (EXE, DLL, MSI, shellcode). A control panel allows bot management, tasking, IP logging, and admin control.
  • Published URL: https://forum.exploit.in/topic/262267/
  • Screenshots:

3.2. Incident INC002: Alleged leak of Israel citizen’s data

  • Category: Data Leak
  • Date: 2025-07-11T12:07:41Z
  • Network: openweb
  • Threat Actors: sazz
  • Victim Country: Israel
  • Content: The threat actor claims to have leaked a database allegedly containing information on 3.9 million Israeli citizens. The compromised data reportedly includes phone numbers, email addresses, full names, gender, dates of birth, registration dates, hometowns, relationship statuses, education histories, employment details, group affiliations, and other personal information.
  • Published URL: https://darkforums.st/Thread-3-9M-Israel-Citizens-Data
  • Screenshots:

3.3. Incident INC003: Alleged data breach of National Anti-Corruption Commission (NACC)

  • Category: Data Breach
  • Date: 2025-07-11T11:59:57Z
  • Network: telegram
  • Threat Actors: H3C4KEDZ
  • Victim Country: Thailand
  • Victim Industry: Government & Public Sector
  • Victim Organization: national anti-corruption commission (nacc)
  • Victim Site: nacc.go.th
  • Content: Threat actor claims to have obtained 3GB of organization’s data. Compromised data allegedly includes administrative documents, classified files, and internal communications.
  • Published URL: https://t.me/We_H3c4kedz1/153
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/11077bbf-0a96-4ac4-b8b5-89915988ad9a.png

3.4. Incident INC004: Alleged Data Breach of Sovcom Bank

  • Category: Data Breach
  • Date: 2025-07-11T11:41:33Z
  • Network: openweb
  • Threat Actors: sazz
  • Victim Country: Russia
  • Victim Industry: Banking & Mortgage
  • Victim Organization: sovcom bank
  • Victim Site: sovcombank.ru
  • Content: The threat actor claims to be selling a database allegedly belonging to Sovcombank. The compromised data reportedly includes 14.5GB of sensitive personal and confidential information, such as addresses, marital status, spouse details, phone numbers, pensions, and more.
  • Published URL: https://darkforums.st/Thread-Russian-Sovkcom-Bank-DataBase
  • Screenshots:

3.5. Incident INC005: Alleged data breach of Department of International Trade Promotion (DITP)

3.6. Incident INC006: Alleged data breach of Rajamangala University of Technology Lanna, Chiang Rai

3.7. Incident INC007: Alleged data breach of Department of Climate Change and Environment

3.8. Incident INC008: Alleged Sale of 0-Day Auth Bypass Targeting Fortinet, Palo Alto, and Ivanti

  • Category: Initial Access
  • Date: 2025-07-11T09:19:35Z
  • Network: openweb
  • Threat Actors: anongod
  • Content: The threat actor claims to be selling exclusive access to a zero-day authentication bypass vulnerability exploiting SAML parser desynchronization. The flaw reportedly enables full administrative access on fully patched installations of Fortinet (FortiOS), Palo Alto Networks (PAN-OS/GlobalProtect), and Ivanti (Connect Secure).
  • Published URL: https://ramp4u.io/threads/0-day-auth-bypass-fortinet-palo-alto-ivanti-saml.3271
  • Screenshots:

3.9. Incident INC009: Alleged Leak of Crypto and User Credentials

  • Category: Data Leak
  • Date: 2025-07-11T09:14:35Z
  • Network: openweb
  • Threat Actors: Skydreammodz
  • Content: The threat actor claims to have leaked a collection named “Database Leads 2025,” which includes personal and financial data such as names, emails, phone numbers, and payment methods from major crypto platforms. The data reportedly includes 432K records from Coinbase, 76K from CoinMarketCap, 121K from Kraken, 20K from Ledger, over 1.4M from Binance, 1.8M from Crypto.com, and 46K from Gatehub. The post also advertises a separate leak of 16 billion records, allegedly containing 1.14 TB of credentials including usernames, emails, and passwords.
  • Published URL: https://leakbase.la/threads/database-leads-2025.40248
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0fae8172-1959-4b33-b38d-0a851b8566f2.PNG

3.10. Incident INC010: Alleged Leak of Crypto User Data from Major Platforms

3.11. Incident INC011: Alleged unauthorized access to an unidentified organization

3.12. Incident INC012: Alleged data sale of Gtd Teleductos

3.13. Incident INC013: Liwaa Muhammad targets multiple websites

3.14. Incident INC014: Alleged data breach of The Providence Group

  • Category: Data Breach
  • Date: 2025-07-11T06:50:53Z
  • Network: openweb
  • Threat Actors: _Sentap
  • Victim Country: Georgia
  • Victim Industry: Real Estate
  • Victim Organization: the providence group
  • Victim Site: theprovidencegroup.com
  • Content: The threat actor claims to have data breach of The Providence Group of Georgia. The compromised data consists of Architectural and Engineering Plans, Geotechnical Reports, Interior Design, etc.
  • Published URL: https://xss.is/threads/141706
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5ac34b9b-8870-4b79-bf6d-c84a9fa5f6e9.png

3.15. Incident INC015: Alleged data breach of DVD STORE SPAIN S.L.

3.16. Incident INC016: Golden falcon claims to target Minneapolis-St. Paul International Airport

3.17. Incident INC017: Liwaa Muhammad targets the website of Merva Ads

3.18. Incident INC018: Alleged data leak of Good Item Lab

3.19. Incident INC019: Alleged data breach of Algérie Poste

3.20. Incident INC020: Alleged data breach of Khidmah LLC

3.21. Incident INC021: Alleged leak of Saudi Arabia Database

3.22. Incident INC022: Alleged data breach of Rice Department of Thailand

  • Category: Data Breach
  • Date: 2025-07-11T02:52:25Z
  • Network: telegram
  • Threat Actors: H3C4KEDZ
  • Victim Country: Thailand
  • Victim Industry: Government Administration
  • Victim Organization: rice department of thailand
  • Victim Site: ricethailand.go.th
  • Content: The threat actor claims to have breached Thailand’s Rice Department, leaking internal network diagrams that expose critical infrastructure details
  • Published URL: https://t.me/We_H3c4kedz1/80
  • Screenshots:

3.23. Incident INC023: Alleged Data Leak of ManoMano Site Leads

3.24. Incident INC024: Alleged data breach of KREDITPLUS SERVICES

  • Category: Data Breach
  • Date: 2025-07-11T02:14:06Z
  • Network: openweb
  • Threat Actors: DigitalGhost
  • Victim Country: Indonesia
  • Victim Industry: Financial Services
  • Victim Organization: kreditplus services
  • Victim Site: kreditplus.com
  • Content: A threat actor claims to have breached KREDITPLUS, leaking a database of 900,000 records. The data reportedly includes names, contact details, gender, birthplace, religion, nationality, and full address information. It also contains company and spouse details.
  • Published URL: https://darkforums.st/Thread-900K-KREDITPLUS-DATABASE
  • Screenshots:

3.25. Incident INC025: Alleged Data Leak of Government Email Accounts

3.26. Incident INC026: Alleged leak of citizen data and various documents from Algeria

3.27. Incident INC027: Alleged data leak of Federal Bureau of Investigation (FBI)

  • Category: Data Breach
  • Date: 2025-07-11T01:31:48Z
  • Network: openweb
  • Threat Actors: DigitalGhost
  • Victim Country: USA
  • Victim Industry: Law Enforcement
  • Victim Organization: federal bureau of investigation (fbi)
  • Victim Site: fbi.gov
  • Content: The threat actor claims to have leaked a collection of FBI U.S. Department of Justice related email addresses, names, birthdates, and documents. The post lists dozens of @fbi.gov and @ic.fbi.gov email addresses along with links to numerous FBI public documents and Excel files, many of which are hosted on official FBI domains. These documents appear to relate to crime statistics, hate crime data, and internal forms, primarily from the early 2000s to 2011
  • Published URL: https://darkforums.st/Thread-Document-FBI-DEPARTMENT-OF-JUSTICE-DOCUMENT
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6bac256f-f301-4149-ae29-b885a6dc5be7.png

3.28. Incident INC028: Alleged access and data leak of Nakhonsawan Industrial and Community Education College

  • Category: Data Breach
  • Date: 2025-07-11T01:13:40Z
  • Network: telegram
  • Threat Actors: NXBB.SEC
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: nakhonsawan industrial and community education college
  • Victim Site: office.nice.ac.th
  • Content: A threat actor claims to have access and leaked data from Nakhonsawan Industrial and Community Education College.
  • Published URL: https://t.me/nxbbsec/716
  • Screenshots:

3.29. Incident INC029: Alleged leak of JAKARTA BARAT ID card

3.30. Incident INC030: Alleged sale of login credentials to two MySQL servers to an unidentified organization in Brazil

3.31. Incident INC031: Alleged sale of Databases from all over the world

4. Key Observations

The analysis of the 27 incidents reported on July 11, 2025, reveals several critical observations about the current cyber threat landscape:

  • Prevalence of Data-Related Incidents: The overwhelming majority of incidents fall under “Data Breach” and “Data Leak” categories. This indicates a strong focus by threat actors on acquiring and monetizing sensitive information, whether through direct breaches of organizational systems or the leakage of previously compromised datasets.
  • Diverse Victimology: Incidents affect a wide array of victims, including government entities (Thailand’s NACC, Rice Department, Department of Climate Change and Environment, FBI, Algerian and Mexican government emails), financial institutions (Sovcombank, KREDITPLUS, Algérie Poste), educational institutions (Rajamangala University, Nakhonsawan Industrial and Community Education College), and various private sector organizations (Real Estate, Retail, E-commerce, Telecommunications, Health & Fitness, Marketing). This broad targeting underscores that no sector is immune to cyber threats.
  • Global Reach: The victim countries span across multiple continents, including Asia (Thailand, Japan, UAE, Saudi Arabia, Indonesia), Europe (Russia, Spain, France), North America (USA, Mexico), South America (Brazil), and Africa (Algeria), as well as Israel and Chile. This highlights the global and borderless nature of cybercrime.
  • Variety of Threat Actors: A multitude of distinct threat actors are identified, such as H3C4KEDZ, sazz, Liwaa Muhammad, RL000, Skydreammodz, DigitalGhost, and others. Some actors, like H3C4KEDZ, appear to be highly active, targeting multiple entities within a single day. This suggests a fragmented yet highly active threat actor ecosystem.
  • Common Attack Vectors and Objectives:
  • Data Exfiltration/Sale: The primary objective for many incidents is the exfiltration and subsequent sale or leakage of databases containing personal, financial, and organizational data.
  • Initial Access Brokering: The sale of access credentials, including zero-day vulnerabilities and MySQL server logins, indicates a market for initial footholds into target networks.
  • Defacement: While less impactful in terms of data loss, website defacements continue to be used by groups like Liwaa Muhammad for reputational damage or ideological messaging.
  • Malware Sales: The offering of custom loaders and reverse shells on underground forums signifies the continuous development and trade of offensive cyber tools.
  • Prominent Networks for Activity: “Openweb” (likely referring to public forums and marketplaces) and “Telegram” channels are frequently cited as the networks where these incidents are announced, data is leaked, or tools are sold. This points to these platforms as key intelligence sources for monitoring cybercriminal activity.
  • Snapshot of Recent Activity: All incidents are dated July 11, 2025, providing a concentrated view of very recent cyber activity. This high volume within a single day underscores the constant and rapid pace of cyber threats.

5. Conclusion

The comprehensive review of the 27 cyber incidents reported on July 11, 2025, paints a clear picture of a dynamic and aggressive threat landscape. The sheer volume and diversity of these events, particularly the overwhelming focus on data breaches and leaks, underscore the persistent value of sensitive information to threat actors. From individual citizen data to critical government infrastructure diagrams and corporate financial records, virtually all types of data are targets.

The global reach of these incidents, affecting numerous countries and a wide array of industries, demonstrates that cyber threats are not confined by geographical or sectoral boundaries. The presence of multiple, active threat actors, some operating with high frequency, further emphasizes the pervasive nature of this challenge. The consistent use of open web forums and Telegram channels as platforms for announcing and trading compromised data and tools highlights key areas for intelligence gathering and monitoring.

This report, by consolidating detailed information including published URLs and evidential screenshots for each incident, serves as a vital resource for understanding the immediate cyber threat environment. It reinforces the critical need for organizations and governments worldwide to maintain robust, multi-layered cybersecurity defenses, engage in continuous threat intelligence monitoring, and prioritize proactive measures to protect their digital assets and the privacy of their constituents. The constant evolution and high volume of these threats necessitate an adaptive and resilient security posture to mitigate risks effectively.

Related Posts