[July-28-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.1 The incidents documented within this report all occurred on July 28, 2025, reflecting a specific and recent collection window of observed cyber activities.1

Incident Details

This section presents a comprehensive overview of 42 distinct cybersecurity incidents, each meticulously detailed to reflect the information available.1 The uniform structure applied to each entry, encompassing the category, content, date, network, published URL, associated screenshots, identified threat actors, victim country, industry, organization, and site, is a deliberate design choice.1 This standardization significantly enhances the ability of security analysts and decision-makers to rapidly consume, compare, and cross-reference information across diverse events. Such a predictable and easily parsable format aids in quick pattern recognition and efficient triage of threats by presenting data in a consistent manner.

The incidents documented within this report all share the same date, 2025-07-28, with only varying timestamps.1 This indicates that the report represents a specific, narrow collection window, likely functioning as a daily intelligence brief or a snapshot of recently observed activities. This temporal uniformity underscores the high volume and continuous nature of cyber threats, highlighting the urgency and constant need for monitoring in the cybersecurity domain, rather than illustrating long-term trends.

The recurrence of specific threat actors across multiple incidents, often associated with similar types of illicit offerings, suggests a degree of specialization and coordinated activity within the cybercrime ecosystem.1 For instance, “TEAM BD CYBER NINJA” is repeatedly observed defacing educational websites in Bangladesh, while “TCMSecurity” is linked to initial access sales in Bulgaria.1 This pattern allows for the potential identification of distinct threat campaigns and the development of more targeted defensive strategies based on an actor’s known modus operandi. The presence of these recurring actors underscores that the cybercrime landscape is not merely a collection of isolated events but an interconnected ecosystem where vulnerabilities in one area can cascade into more severe incidents.

The consistent inclusion of screenshot URLs and detailed content descriptions for each incident serves as a form of “proof of concept” within the illicit cyber economy.1 Threat actors provide these visual and textual evidences to validate their claims and build trust with potential buyers on dark web forums and Telegram channels. This practice streamlines illicit transactions by allowing buyers to verify the authenticity and value of the compromised data or access being offered, making these underground marketplaces more efficient and functional.

The content field across various incidents reveals a wide spectrum of compromised data, ranging from website defacements and user credentials to sensitive personal identity records, corporate intelligence, and classified military documents.1 This diversity underscores the severe privacy, financial, and national security implications, emphasizing the need for multi-layered data protection strategies tailored to the sensitivity of the information. The type of data compromised directly influences the potential impact and the necessary response.

1. Defacement of Putia High School (Bangladesh)

  • Category: Defacement 1
  • Content: The group “TEAM BD CYBER NINJA” claims to have defaced the website of Putia High School. 1
  • Date: 2025-07-28T14:06:32Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Higher Education/Acadamia 1
  • Victim Organization: putia high school 1
  • Victim Site: putiahighschool.edu.bd 1

2. Defacement of Rasulpur Matain Hazi Asaduzzaman High School (Bangladesh)

  • Category: Defacement 1
  • Content: The group “TEAM BD CYBER NINJA” claims to have defaced the website of Rasulpur Matain Hazi Asaduzzaman High School. 1
  • Date: 2025-07-28T14:01:13Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Higher Education/Acadamia 1
  • Victim Organization: rasulpur matain hazi asaduzzaman high school 1
  • Victim Site: rmhaziasaduzzamanhschool.edu.bd 1

3. Defacement of Jogendra Chandra High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Jogendra Chandra High School. 1
  • Date: 2025-07-28T13:45:41Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: jogendra chandra high school 1
  • Victim Site: jchs.edu.bd 1

4. Defacement of Baligaon Amzad Ali College (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Baligaon Amzad Ali College. 1
  • Date: 2025-07-28T13:45:28Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: baligaon amzad ali college 1
  • Victim Site: baac.edu.bd 1

5. Defacement of JAYNAGAR JULMAT ALI HIGH SCHOOL (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of JAYNAGAR JULMAT ALI HIGH SCHOOL. 1
  • Date: 2025-07-28T13:45:17Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: jaynagar julmat ali high school 1
  • Victim Site: jzahs.edu.bd 1

6. Defacement of Shimulbari Kadambari Madhyakandi Hazrabari High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Shimulbari Kadambari Madhyakandi Hazrabari High School. 1
  • Date: 2025-07-28T13:39:28Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: shimulbari kadambari madhyakandi hazrabari high school 1
  • Victim Site: skmh.edu.bd 1

7. Defacement of Raipur Abdul Khalek Talukder High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Raipur Abdul Khalek Talukder High School. 1
  • Date: 2025-07-28T13:39:24Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: raipur abdul khalek talukder high school 1
  • Victim Site: rajanagarsyedpurunionhighschool.edu.bd 1

8. Defacement of Muktarkandi Ardash High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Muktarkandi Ardash High School. 1
  • Date: 2025-07-28T13:39:21Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: muktarkandi ardash high school 1
  • Victim Site: mkahighschool.edu.bd 1

9. Alleged data sale of MedLife S.A. (Romania)

  • Category: Data Breach 1
  • Content: The threat actor “Wieko” claims to be selling 2099 records of user-password pairs in plain text format from MedLife S.A., Romania’s largest private healthcare provider. 1
  • Date: 2025-07-28T13:34:11Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-SELLING-MedLife-medlife-ro)) 1
  • Screenshots:
  • Threat Actors: Wieko 1
  • Victim Country: Romania 1
  • Victim Industry: Hospital & Health Care 1
  • Victim Organization: medlife s.a. 1
  • Victim Site: medlife.ro 1

10. Defacement of Mohadebpur Girls High School (Bangladesh)

  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: mohadebpur girls high school 1
  • Victim Site: mohadebpurgirlshighschool.edu.bd 1

11. Defacement of Nasirabad Collegiate School (Bangladesh)

  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: nasirabad collegiate school 1
  • Victim Site: ncsaghs.edu.bd 1

12. Defacement of Bangladesh Mukti Joddha High School (Bangladesh)

  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: bangladesh mukti joddha high school 1
  • Victim Site: bmhsdhaka.edu.bd 1

13. Defacement of Hazi Monir Hosain High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Hazi Monir Hosain High School. 1
  • Date: 2025-07-28T13:21:36Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: hazi monir hosain high school 1
  • Victim Site: hazimonirhossainhighschool.edu.bd 1

14. Defacement of Rajanagar Syedpur Union High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Rajanagar Syedpur Union High School. 1
  • Date: 2025-07-28T13:19:24Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: rajanagar syedpur union high school 1
  • Victim Site: rajanagarsyedpurunionhighschool.edu.bd 1

15. Defacement of Kurigram Govt Girls High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Kurigram Govt Girls High School. 1
  • Date: 2025-07-28T13:16:10Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: kurigram govt girls high school 1
  • Victim Site: kurigramgghs.edu.bd 1

16. Defacement of BALU SAIR HIGH SCHOOL (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Balu Sair High School. 1
  • Date: 2025-07-28T13:07:41Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: balu sair high school 1
  • Victim Site: balusairhighschool.edu.bd 1

17. Alleged data sale of Malaysian government websites (Malaysia)

  • Category: Data Breach 1
  • Content: The threat actor “Arikos” claims to be selling over 24 GB of sensitive data allegedly sourced from Malaysian government websites, Public Service Commission of Malaysia and Department of Environment Malaysia. The dataset includes names, dates of birth, emails, phone numbers, and hashed passwords, totaling over 2.2 million user records. 1
  • Date: 2025-07-28T13:02:48Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-SELLING-Malaysia-2kk-Name-Dob-Email-Phone-Password-Hash-spa-gov-my-doe-gov-my)) 1
  • Screenshots:
  • Threat Actors: Arikos 1
  • Victim Country: Malaysia 1
  • Victim Industry: Government Administration 1
  • Victim Organization: public service commission of malaysia 1
  • Victim Site: spa.gov.my 1

18. Cyber attack Hits Aeroflot (Russia)

  • Category: Cyber Attack 1
  • Content: “The Silent Crow”, in collaboration with “Cyber Partisans”, reportedly claim to have executed a year-long cyber operation against Aeroflot, Russia’s national airline. They allege gaining deep access to the airline’s internal IT infrastructure, including control over employee personal computers, even those belonging to top executives. The group reports the exfiltration of 12 TB of flight history data, 8 TB of internal documents, and 2 TB of corporate emails. Key systems said to be compromised include Sabre, CRM, ERP, Exchange, 1C, SharePoint, and internal surveillance and monitoring platforms. Additionally, the operation allegedly resulted in the destruction of approximately 7,000 physical and virtual servers by targeting 122 hypervisors, 43 ZVIRT instances, 4 Proxmox clusters, and nearly 100 iLO interfaces. The damage is described as strategic, with recovery estimated to cost tens of millions of dollars. 1
  • Date: 2025-07-28T13:00:07Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/silentcrow_reborn/18) 1
  • Screenshots:
  • Threat Actors: Silent Crow 1
  • Victim Country: Russia 1
  • Victim Industry: Airlines & Aviation 1
  • Victim Organization: aeroflot 1
  • Victim Site: aeroflot.ru 1

19. Defacement of Kanainagar sobhania school And college (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Kanainagar sobhania school And college. 1
  • Date: 2025-07-28T12:57:10Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: kanainagar sobhania school and college 1
  • Victim Site: kssc.edu.bd 1

20. Defacement of Kurer Par Adarsha High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Kurer Par Adarsha High School. 1
  • Date: 2025-07-28T12:56:45Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: kurerpar adarsha high school 1
  • Victim Site: kurerparadarshahighschool.edu.bd 1

21. Defacement of Aganagar High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Aganagar High School. 1
  • Date: 2025-07-28T12:56:28Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: aganagar high school 1
  • Victim Site: ahs2003.edu.bd 1

22. Defacement of Darussalam Govt. Secondary School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Darussalam Govt. Secondary School. 1
  • Date: 2025-07-28T12:56:15Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: darussalam govt. secondary school 1
  • Victim Site: dsgss.edu.bd 1

23. Defacement of United Model High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of United Model High School. 1
  • Date: 2025-07-28T12:55:38Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: united model high school 1
  • Victim Site: unitedmodelhighschool.edu.bd 1

24. Defacement of Sabuj Pahar High School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Sabuj Pahar High School. 1
  • Date: 2025-07-28T12:54:15Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: sabuj pahar high school 1
  • Victim Site: sabujpaharhighschool.edu.bd 1

25. Defacement of Rupnagar Government Secondary School (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Rupnagar Government Secondary School. 1
  • Date: 2025-07-28T12:41:59Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: rupnagar government secondary school 1
  • Victim Site: rgss.edu.bd 1

26. Defacement of Sher-e-Bangla Girls Secondary School Patuakhali (Bangladesh)

  • Category: Defacement 1
  • Content: The threat actor “TEAM BD CYBER NINJA” claims to have defaced the website of Sher-e-Bangla Girls Secondary School Patuakhali. 1
  • Date: 2025-07-28T12:38:33Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/c/2594876836/76) 1
  • Screenshots:
  • Threat Actors: TEAM BD CYBER NINJA 1
  • Victim Country: Bangladesh 1
  • Victim Industry: Education 1
  • Victim Organization: sher-e-bangla girls secondary school patuakhali 1
  • Victim Site: sghsptk.edu.bd 1

27. Defacement of American Ed (Jordan)

  • Threat Actors: GARUDA ERROR SYSTEM 1
  • Victim Country: Jordan 1
  • Victim Industry: Publishing Industry 1
  • Victim Organization: american ed 1
  • Victim Site: americanedp.com 1

28. Alleged unauthorized access to boiler equipment control system (Lithuania)

  • Category: Initial Access 1
  • Content: The group “Z-ALLIANCE” claims to have gained unauthorized access to the boiler equipment control system in Vilnius, Lithuania. They claim to have control over the technological processes and equipment, including boilers, pumps, fans, temperature and pressure sensors, as well as water supply and blowdown parameters. 1
  • Date: 2025-07-28T11:14:53Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/Z_alliance_ru/606) 1
  • Screenshots:
  • Threat Actors: Z-ALLIANCE 1
  • Victim Country: Lithuania 1
  • Victim Industry: Unknown 1
  • Victim Organization: Unknown 1
  • Victim Site: Unknown 1

29. Defacement of V-Kool India (India)

  • Threat Actors: InDoM1nu’s 1
  • Victim Country: India 1
  • Victim Industry: Automotive 1
  • Victim Organization: v-kool india 1
  • Victim Site: v-koolindia.com 1

30. Alleged access sale to Lukoil Bulgaria (Bulgaria)

  • Threat Actors: TCMSecurity 1
  • Victim Country: Bulgaria 1
  • Victim Industry: Oil & Gas 1
  • Victim Organization: lukoil bulgaria 1
  • Victim Site: lukoil.bg 1

31. Alleged data sale of Airpay Payment Services Pvt Ltd (India)

  • Category: Data Breach 1
  • Content: The threat actor “Airppay” claims to be selling datasets from Airpay Payment Services Pvt Ltd, including verified KYC documents, personal identity records, linked banking information, corporate intelligence, and communications metadata. 1
  • Date: 2025-07-28T10:22:43Z 1
  • Network: openweb 1
  • Published URL: ((https://darkforums.st/Thread-%F0%9F%94%B4AIRPAY-CO-IN-full-database)) 1
  • Screenshots:
  • Threat Actors: Airppay 1
  • Victim Country: India 1
  • Victim Industry: Financial Services 1
  • Victim Organization: airpay payment services pvt ltd 1
  • Victim Site: airpay.co.in 1

32. Alleged sale of U.S. Crypto Leads (USA)

  • Category: Data Leak 1
  • Content: The threat actor “D3f4c3rX” claims to be selling a database of 365,000 U.S.-based leads linked to the crypto industry. The dataset includes phone numbers along with country code (USA), network operator, and number type. 1
  • Date: 2025-07-28T09:58:08Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-COLLECTION-USA-Crypto-Cleaned-HLR-Checked-365k-Leads)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4167873b-538d-40c0-be43-a7ae617f68e5.png 1
  • Threat Actors: D3f4c3rX 1
  • Victim Country: USA 1
  • Victim Industry: Unknown 1
  • Victim Organization: Unknown 1
  • Victim Site: Unknown 1

33. Alleged access sale to Econt Express AD (Bulgaria)

  • Category: Initial Access 1
  • Content: The threat actor “TCMSecurity” claims to offer unauthorized access to Econt Express AD, Bulgaria’s leading courier service. This includes operational data, internal communication, office-specific workflows, and task management. 1
  • Date: 2025-07-28T09:41:20Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-Bulgaria-Courier-System-Econt-Internal-Jira-Office)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6d28e9e4-ff38-4070-a5da-c88de47b6f03.png 1
  • Threat Actors: TCMSecurity 1
  • Victim Country: Bulgaria 1
  • Victim Industry: Package & Freight Delivery 1
  • Victim Organization: econt express ad 1
  • Victim Site: econt.com 1

34. Alleged data leak of OLX Romania (Romania)

  • Category: Data Breach 1
  • Content: The threat actor “Wieko” claims to be selling over 62,000 user credentials from OLX Romania, which contains a total of 62,078 lines. 1
  • Date: 2025-07-28T09:13:32Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-OLX-ro)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d1f38883-000e-4b35-aada-8d95134e488f.png 1
  • Threat Actors: Wieko 1
  • Victim Country: Romania 1
  • Victim Industry: E-commerce & Online Stores 1
  • Victim Organization: olx romania 1
  • Victim Site: olx.ro 1

35. Alleged data breach of ATV Kuwait App (Kuwait)

  • Threat Actors: Fatimion cyber team 1
  • Victim Country: Kuwait 1
  • Victim Industry: Broadcast Media 1
  • Victim Organization: atv kuwait app 1
  • Victim Site: atvkuwait.com 1

36. Alleged Sale of DarkForumCTI platform for tracking Threat Actor data (Unknown)

  • Category: Alert 1
  • Content: The threat actor “pixie404” claims to have created an organized archive called DarkForumCTI, which serves as a comprehensive backup of illegal data sales and leaks from multiple dark web forums. The platform allows users to search by actor name or post title, offering visibility into various cyber criminal activities. 1
  • Date: 2025-07-28T08:13:54Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-DarkForumCTI)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6206c349-d9ab-469e-bdd3-5bfef826b61c.png 1
  • Threat Actors: pixie404 1
  • Victim Country: Unknown 1
  • Victim Industry: Unknown 1
  • Victim Organization: Unknown 1
  • Victim Site: Unknown 1

37. Alleged Data Leak of Mixfame (UAE)

  • Category: Data Breach 1
  • Content: The threat actor “pixie404” claims to have leaked sensitive personal data allegedly associated with Mixfame.com, a UAE-based digital casting platform. The exposed content includes images of passports, UAE residence permits, national ID cards, personal photographs, and professional certificates. 1
  • Date: 2025-07-28T07:31:38Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-mixfame-com-UAE)) 1
  • Screenshots:
  • Threat Actors: pixie404 1
  • Victim Country: UAE 1
  • Victim Industry: Entertainment & Movie Production 1
  • Victim Organization: mixfame 1
  • Victim Site: mixfame.com 1

38. Alleged Data Leak of Royal Saudi Air Force (Saudi Arabia)

  • Threat Actors: PixelPhreak 1
  • Victim Country: Saudi Arabia 1
  • Victim Industry: Military Industry 1
  • Victim Organization: royal saudi air force 1
  • Victim Site: mod.gov.sa 1

39. Alleged data breach of DISDUKCAPIL KOTA BANDUNG (Indonesia)

  • Category: Data Breach 1
  • Content: A threat actor “SukaLebok06” claims to have breached the internal archives of Disdukcapil Kota Bandung, Indonesia’s civil registry agency, and is selling a 119MB archive of secret documents. 1
  • Date: 2025-07-28T05:56:02Z 1
  • Network: tor 1
  • Published URL: ((http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-DATABASE-disdukcapil-bandung-go-id-%E2%80%94-Internal-Archive-Breach)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7be36f8a-ef3f-4772-b0c0-248cf09a6cc4.png 1
  • Threat Actors: SukaLebok06 1
  • Victim Country: Indonesia 1
  • Victim Industry: Government Administration 1
  • Victim Organization: disdukcapil kota bandung 1
  • Victim Site: disdukcapil.bandung.go.id 1

40. Alleged sale of unauthorized access to the infrastructure of Chamber of Veterinarians Management System (Turkey)

  • Category: Initial Access 1
  • Content: The threat actor “T500” claims to be selling unauthorized access to the infrastructure of the “Chamber of Veterinarians Management System,” an organization managing data for multiple veterinary clinics across Turkey. The post advertises access to a webshell that controls 15 active websites associated with the company. The attacker alleges the system contains extensive personal information including full names, parental names, blood types, Turkish citizenship ID numbers, physical attributes, residential addresses, and profile photos. The actor also claims to possess a privilege escalation exploit enabling SYSTEM-level access to the underlying Windows server. 1
  • Date: 2025-07-28T05:01:27Z 1
  • Network: openweb 1
  • Published URL: ((https://darkforums.st/Thread-Selling-Chamber-of-Veterinarians-Management-System)) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f44a1e49-ca5b-42e8-b612-53ab8ac89b75.png 1
  • Threat Actors: T500 1
  • Victim Country: Turkey 1
  • Victim Industry: Medical Practice 1
  • Victim Organization: turkish veterinary medical association 1
  • Victim Site: tvhb.org.tr 1

41. Alleged sale of unauthorized admin access to an unidentified organization (Unknown)

  • Threat Actors: ShadowRipper 1
  • Victim Country: Unknown 1
  • Victim Industry: Unknown 1
  • Victim Organization: Unknown 1
  • Victim Site: Unknown 1

42. Alleged data breach of Government of Israel (Israel)

  • Category: Data Breach 1
  • Content: The threat actor “RuskiNet” claims to be selling data from the Government of Israel. The data reportedly contains 4.2 GB of information including 18 ZIP files. The compromised data reportedly contains 28,449 lines of information including restriction end dates, types of residents, identification/ID/passport numbers, and names. It also includes PDF files related to infrastructure and XLS files. 1
  • Date: 2025-07-28T01:36:09Z 1
  • Network: telegram 1
  • Published URL: (https://t.me/ruskinet/138) 1
  • Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/50de5a32-fd40-457a-b7ba-8ef94a3a4bbe.png 1
  • Threat Actors: RuskiNet 1
  • Victim Country: Israel 1
  • Victim Industry: Government Administration 1
  • Victim Organization: government of israel 1
  • Victim Site: gov.il 1

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats.1 A significant number of defacement incidents targeting educational institutions in Bangladesh are prominent, alongside data breaches and leaks affecting various sectors from healthcare in Romania to government entities in Malaysia and Israel, and financial services in India.1 The compromised data ranges from user credentials and personal identity records to sensitive internal documents and classified information.1 This comprehensive summary of predominant threat categories, affected industries, and geographies reinforces the breadth and depth of the cyber threat landscape observed within the reporting period.

Beyond data compromise and defacements, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to critical infrastructure like boiler equipment control systems in Lithuania and fuel tanks in Bulgaria, as well as internal systems of a major airline in Russia.1 The sale of platforms for tracking threat actor data and crypto leads further underscores the evolving nature of offensive capabilities in the cyber underground.1 The presence of such tools in illicit markets lowers the technical barrier for less skilled threat actors, potentially increasing the overall volume and impact of cyberattacks across various targets. The incidents targeting critical infrastructure and government entities demonstrate that cyber threats extend beyond financial gain to potential disruption and strategic espionage, necessitating heightened vigilance in these sectors.The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from website defacement, data exfiltration, unauthorized network access, and the proliferation of malicious tools.1 The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.1 This assessment moves beyond merely summarizing the threats to highlight strategic imperatives for cybersecurity defense. The report implicitly highlights the interconnectedness of the cybercrime ecosystem, where initial access sales can precede data breaches, and the availability of offensive malware tools facilitates both. This suggests that effective defense requires a holistic approach, recognizing that vulnerabilities in one area can cascade into more severe incidents, necessitating integrated defensive strategies rather than siloed responses.

Related Posts