[July-16-2025] Daily Cybersecurity Threat Report

Posted on

1. Executive Summary

This report provides a factual and comprehensive account of all incidents described in the provided JSON data. Each incident is detailed with its specific attributes, including the published_url and associated screenshots. This report strictly adheres to the provided data, excluding any hypothetical scenarios, interpretations, or speculative content, as explicitly requested. The objective is to present a purely descriptive and data-driven document, ensuring that all information is directly verifiable from the source material.

2. Detailed Incident Log

This section presents a detailed, factual breakdown for each incident, extracting all available data points directly from the provided JSON.

2.1. Alleged data leak of 7.6GB of Indian Government

2.2. Alleged data leak of Iranian Military Personnels

2.3. Alleged data breach of Federal Bank

  • Category: Data Breach
  • Content: The threat actor claims to have breached data from Federal Bank, allegedly leaking 10M records.
  • Date: 2025-07-16T13:40:54Z
  • Network: openweb
  • Published URL:((https://darkforums.st/Thread-FREE-Data-Breach-at-Federal-Bank))
  • Threat Actors: Machine1337
  • Victim Country: India
  • Victim Industry: Banking & Mortgage
  • Victim Organization: the federal bank limited
  • Victim Site: federalbank.co.in
  • Screenshots:

2.4. BABAYO EROR SYSTEM targets the website of Lycaa

  • Category: Defacement
  • Content: The group claims to have defaced the website of Lycaa.
  • Date: 2025-07-16T12:37:04Z
  • Network: telegram
  • Published URL:(https://t.me/CyberBabayoEror/853)
  • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: India
  • Victim Industry: Fashion & Apparel
  • Victim Organization: lycaa
  • Victim Site: lycaa.in
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0435c21d-b1f5-449b-ac93-4fb975608383.png

2.5. BABAYO EROR SYSTEM targets the website of PT SERLINDO PRIMA ENERGI

  • Category: Defacement
  • Content: The group claims to have defaced the website of PT SERLINDO PRIMA ENERGI.
  • Date: 2025-07-16T12:33:42Z
  • Network: telegram
  • Published URL:((https://t.me/CyberBabayoEror/857))
  • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: Indonesia
  • Victim Industry: Professional Services
  • Victim Organization: pt serlindo prima energi
  • Victim Site: serlindo.co.id
  • Screenshots:

2.6. Alleged access to Quantum Systems

2.7. Alleged unauthorized access to Bezeq International

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to Bezeq International.
  • Date: 2025-07-16T11:19:15Z
  • Network: telegram
  • Published URL: https://t.me/unknowns_cyberteam/648
  • Threat Actors: Unknowns cyber team
  • Victim Country: Israel
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: bezeq international
  • Victim Site: bezeqint.net
  • Screenshots:

2.8. Alleged data breach of Educational publications department inc

  • Category: Data Breach
  • Content: The threat actor claims to be selling leaked student data from the Sri Lankan Government’s Education Publications Department website. The breach reportedly exposes sensitive information, including login usernames, school names, and more.
  • Date: 2025-07-16T11:17:15Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Sri-Lankan-Government-Website-Education-Publication-Department-Hacked)
  • Threat Actors: econzero
  • Victim Country: Sri Lanka
  • Victim Industry: Education
  • Victim Organization: educational publications department inc.
  • Victim Site: edupub.gov.lk
  • Screenshots:

2.9. Alleged data leak of UAE-based XM Finance

2.10. HackerGhost claims to target national defense sites

2.11. Alleged data leak of Muhammadiyah University of North Sumatra

  • Category: Data Breach
  • Content: The threat actor claims to have breached the database of Muhammadiyah University of North Sumatra which contains detailed student information, including emails, phone numbers, addresses, academic data, and personal evaluations of the university’s services and faculty.
  • Date: 2025-07-16T09:44:29Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Document-UMSU-DATABASE)
  • Threat Actors: I have it
  • Victim Country: Indonesia
  • Victim Industry: Education
  • Victim Organization: muhammadiyah university of north sumatra
  • Victim Site: umsu.ac.id.
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ac189ff7-06e8-48d1-83fb-a03fc310d2ae.png

2.12. Alleged data breach of Territorial Defense Command (TDC)

2.13. HellR00ters Team targets the website of Glytch

2.14. Alleged Leak of 200K Israel Defense Forces Personnel Data

  • Category: Data Breach
  • Content: The threat actor claims to have leaked the private information of 200,000 individuals associated with the Israel Defense Forces (IDF). The exposed data includes phone numbers, email addresses, family member details, and location information.
  • Date: 2025-07-16T08:56:40Z
  • Network: openweb
  • Published URL: https://ramp4u.io/threads/200k-idf-private-information.3283
  • Threat Actors: blackfield
  • Victim Country: Israel
  • Victim Industry: Defense & Space
  • Victim Organization: israel defense force
  • Victim Site: idf.il
  • Screenshots:

2.15. Alleged data breach of Faculty of Technical Education, KMUTNB

2.16. Alleged data breach of Chiang Mai University

2.17. Alleged access to Federal Agency for Technical Relief

2.18. Alleged data breach of The official Mauritanian government platform

  • Category: Data Breach
  • Content: The threat actor claims to have breached a 12.8 GB dataset allegedly sourced from the official Mauritanian government platform for the Qualification and Certification of Employability (QCE).
  • Date: 2025-07-16T07:12:58Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Selling-Official-Platform-for-Employability-Certification-in-Mauritania-Breach-12-8-GB)
  • Threat Actors: Kazu
  • Victim Country: Mauritania
  • Victim Industry: Government Administration
  • Victim Organization: qualification and certification of employability
  • Victim Site: qce.gov.mr
  • Screenshots:

2.19. Alleged Data leak of Israeli Server

2.20. Alleged data breach of Erga Group

  • Category: Data Breach
  • Content: A threat actor claims to be selling 5 GB of confidential data allegedly extracted from Erga Group (erga.com), a prominent engineering and architecture firm. The data reportedly includes architectural plans, technical analyses, MEP and construction execution methods, comparative tables, and documents tied to high-profile projects.
  • Date: 2025-07-16T05:18:17Z
  • Network: openweb
  • Published URL: https://forum.exploit.in/topic/262536/
  • Threat Actors: Sentap
  • Victim Country: Lebanon
  • Victim Industry: Architecture & Planning
  • Victim Organization: erga group
  • Victim Site: erga.com
  • Screenshots:

2.21. Alleged unauthorized access to SAUTER Italia

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to SAUTER Italia.
  • Date: 2025-07-16T05:03:39Z
  • Network: telegram
  • Published URL: https://t.me/Z_alliance_ru/483
  • Threat Actors: Z-ALLIANCE
  • Victim Country: Italy
  • Victim Industry: Machinery Manufacturing
  • Victim Organization: sauter italia
  • Victim Site: sauteritalia.it
  • Screenshots:

2.22. Alleged data breach of Erga Group

  • Category: Data Breach
  • Content: A threat actor claims to be selling 5 GB of confidential data allegedly extracted from Erga Group (erga.com), a prominent architecture and engineering firm based in Lebanon with regional operations in Saudi Arabia, Qatar, and the UAE. The seller claims the data includes detailed architectural plans, technical analyses, MEP system designs, construction execution methods, and confidential documents from high-profile projects such as a private villa owned by Prince Bandar bin Khalid Al Saud. Technical details reportedly cover software outputs (e.g., ETABS, Revit), BIM models, energy efficiency metrics, LEED standards, and structural calculations.
  • Date: 2025-07-16T04:59:53Z
  • Network: openweb
  • Published URL:((https://darkforums.st/Thread-Selling-Exclusive-Offer-5-GB-Extracted-Data-from-Erga-Group-erga-com))
  • Threat Actors: sentap
  • Victim Country: Lebanon
  • Victim Industry: Design
  • Victim Organization: erga group
  • Victim Site: erga.com
  • Screenshots:

2.23. Alleged leak of data from an unidentified crypto gaming company

  • Category: Data Leak
  • Content: A threat actor claiming to be selling database from a major crypto gaming company. The dataset reportedly contains 349,000 user records with sensitive details including usernames, emails, hashed passwords, and account statuses.
  • Date: 2025-07-16T03:51:57Z
  • Network: openweb
  • Published URL: https://xss.is/threads/142000/
  • Threat Actors: MrDark
  • Screenshots:

2.24. Alleged Sale of Ningali NET tool

  • Category: Malware
  • Content: A threat actor is allegedly selling Ningali NET, a remote access tool (RAT) written in VB.NET. The tool includes features such as keylogging, remote shell, DDoS capabilities, webcam access, file and process management, registry editing, and remote chat.
  • Date: 2025-07-16T02:58:37Z
  • Network: openweb
  • Published URL:(https://demonforums.net/Thread-Ningali-NET-v1-1-Ultimate-Edition)
  • Threat Actors: JordiChin
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/36f3b4a6-7b9e-4dd3-9723-8f3e053baf90.png

2.25. Alleged data breach of Ozone and Radiation Center

2.26. Alleged Data Breach of Krung Thai Bank

2.27. Alleged data breach of IWACLUB app

2.28. Alleged data breach of Instant Connect

  • Category: Data Breach
  • Content: The threat actor claims to be selling a 38GB data leak allegedly from Instant Connect Enterprise (ICE), a tactical communications platform used by the U.S. Army, Canadian Armed Forces, NATO members, South African police, airports, and private security agencies. The leaked package includes 3,800 files containing application versions, source code, connection and bug logs, video conference data, and more. Many files are archived, with the total number of contents reportedly much higher.
  • Date: 2025-07-16T01:24:58Z
  • Network: openweb
  • Published URL:((https://darkforums.st/Thread-Document-data-Instant-Connect-Enterprise-Instant-Connect-s-IP-based-tactical-communications-pl))
  • Threat Actors: Sorb
  • Victim Country: USA
  • Victim Industry: Software Development
  • Victim Organization: instant connect
  • Victim Site: instantconnectnow.com
  • Screenshots:

2.29. Alleged sale of customer and order database from a Finland-based e-commerce platform

  • Category: Data Leak
  • Content: The threat actor claims to be selling a Finland-based e-commerce customer and order database that includes full personal and transactional data, including credit card details. The dataset contains fields such as customer names, emails, telephone numbers, billing/shipping addresses, Klarna IDs, order IDs, credit card type, expiry, order dates, tracking codes, and more indicating extensive PII and payment data exposure.
  • Date: 2025-07-16T01:02:46Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-Selling-Finland-E-commerce-Data-with-Full-Customer-and-Order-Details-CC-Credit-Card-Details)
  • Threat Actors: dumpster
  • Victim Country: Finland
  • Victum Industry: E-commerce & Online Stores
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5684165b-a14d-40d0-af81-30dc4a5e89bd.png

2.30. Alleged data breach of Goran Net 4.5G+

2.31. Alleged admin access leak to OLA Energy Maroc

  • Category: Initial Access
  • Content: The threat actor claims to have gained unauthorized access to the administration panel of OLA Energy Maroc’s station platforms.
  • Date: 2025-07-16T00:36:31Z
  • Network: openweb
  • Published URL:(https://x.com/KeymousTeam/status/1945267176266469699)
  • Threat Actors: Keymous+
  • Victim Country: Morocco
  • Victim Industry: Oil & Gas
  • Victim Organization: ola energy maroc
  • Victim Site: olaenergy.com
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/afcc1301-1ae6-4210-b37d-b58907b07d48.png

2.32. Alleged data breach of DNS Vital

  • Category: Data Breach
  • Content: The threat actor claims to have leaked a data involving DNSVital, a Brazilian company specializing in natural products with over 500 retail points across 15 states. The leak includes 4,900 customer records containing sensitive information such as full names, email addresses, usernames, passwords (likely hashed), registration dates, city, state, postal codes, and last activity timestamps.
  • Date: 2025-07-16T00:14:03Z
  • Network: openweb
  • Published URL:(https://darkforums.st/Thread-DNSVITAL-BRASIL-4-9k-Records-leak)
  • Threat Actors: Rui_Deidad
  • Victim Country: Brazil
  • Victim Industry: Health & Fitness
  • Victim Organization: dns vital
  • Victum Site: dnsvital.com.br
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/53595ed9-4ae6-498c-b579-3b68f1333d25.png

3. Conclusion

This report has provided a direct and comprehensive overview of all incidents as presented in the raw JSON data. Each entry includes the published_url and all available screenshots, adhering strictly to the provided information without any external additions or interpretations. This factual presentation ensures the report’s accuracy and direct relevance to the source data.

Related Posts