[July-31-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged Data Leak of Saudi Arabian citizen
    • Category: Data Leak
    • Content: The threat actor claims to have leaked sensitive data of citizens in Saudi Arabia. The compromised data reportedly includes name, passport, gmail, mobile number etc.
    • Date: 2025-07-31T13:27:27Z
    • Network: telegram
    • Published URL: https://t.me/c/2492403107/94
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/861db6ed-b1e6-44cc-8de2-05bf5891b4f3.JPG
      • https://d34iuop8pidsy8.cloudfront.net/0ddba131-b7c9-4a4e-bb4a-80f06e1329b7.JPG
    • Threat Actors: Yemen Cyber Force
    • Victim Country: Saudi Arabia
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  2. Alleged data sale of an unidentified French Online Leisure Booking Platform
    • Category: Data Breach
    • Content: The threat actor is reportedly selling a database from an Unidentified first French online leisure booking center, claiming it contains 488,025 rows of user information. The exposed data includes fields such as client ID, type, title (civilité), full name, date of birth, mobile number, email address, and postal code.
    • Date: 2025-07-31T13:21:21Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-FR-First-French-Online-Leisure-Booking-Center
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/03125173-9f7e-44fa-8632-513c409fb749.png
      • https://d34iuop8pidsy8.cloudfront.net/389418b2-98fc-4ece-9870-4b7dd875813b.png
    • Threat Actors: Cena1010
    • Victim Country: France
    • Victim Industry: Leisure & Travel
    • Victim Organization: Unknown
    • Victim Site: Unknown
  3. Alleged data leak of SnapTec
    • Category: Data Breach
    • Content: The threat actor has allegedly leaked a 19.5MB CSV database from Saudi e-commerce platform SnapTec, exposing around 78,939 customer records as of 18 March 2024. The compromised data includes sensitive details such as full names, emails, phone numbers, addresses, gender, birth dates, country, ZIP, city, VAT/tax information, company names, account creation and email confirmation status, reward points, account lock status, and complete billing/shipping addresses.
    • Date: 2025-07-31T13:20:37Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-SnapTec-co-Full-Client-Dump-%E2%80%94-19-5MB-Saudi-Customer-Database-Exposed-78K-Records
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/f11eb0a6-de07-4c0b-b234-ac560852edff.png
    • Threat Actors: chucky_lucky
    • Victim Country: Saudi Arabia
    • Victim Industry: Information Technology (IT) Services
    • Victim Organization: snaptec
    • Victim Site: snaptec.co
  4. Alleged data sale of North Departmental Council
    • Category: Data Breach
    • Content: The threat actor claims to be selling two databases from North Departmental Council with one containing 155,737 records and the other comprising 121,144 records.
    • Date: 2025-07-31T13:20:30Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-FR-NordEmploi-fr-Emploi-lenord-fr
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/d068954b-6dd7-4cf2-b3d5-9f8d7b9797c2.png
      • https://d34iuop8pidsy8.cloudfront.net/34eecb15-afcc-41c2-b449-362c726e508b.png
    • Threat Actors: Cena1010
    • Victim Country: France
    • Victim Industry: Government & Public Sector
    • Victim Organization: north departmental council
    • Victim Site: nordemploi.fr
  5. Alleged data sale of Haim Law – Traffic & Criminal Law Attorneys
    • Category: Data Breach
    • Content: The threat actor claims to be selling 157 MB of data from HAIMLAW, an Israeli law firm, which includes the data of 100,000 clients exposing names, emails, bcrypt-hashed passwords, phone numbers, internal roles, and detailed project/task management data. The leak further contains over 47,000 WhatsApp logs, invoices, legal contracts, internal comments, and metadata.
    • Date: 2025-07-31T13:20:24Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-HAIMLAW-CRM-FULL-CLIENT-DATABASE-LOGS-ISRAEL-LAW-FIRM-BREACH-FULL-ACCESS-AVAILAB
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/2bf596b8-0869-4bdd-b6c7-91751d17d558.png
      • https://d34iuop8pidsy8.cloudfront.net/8096405d-e472-4a15-aac4-587edd9bed76.png
    • Threat Actors: chucky_lucky
    • Victim Country: Israel
    • Victim Industry: Law Practice & Law Firms
    • Victim Organization: haim law – traffic & criminal law attorneys
    • Victim Site: box.haimlaw.com
  6. TwoNet claims to target France
    • Category: Alert
    • Content: A recent post by the group indicates that they are targeting France.
    • Date: 2025-07-31T13:04:17Z
    • Network: telegram
    • Published URL: https://t.me/c/2600965715/250
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/cbec8d58-97b4-4c45-aa6e-89462bfd2141.png
    • Threat Actors: TwoNet
    • Victim Country: France
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  7. Alleged Data Leak of Taiwanese Hospital Database
    • Category: Data Leak
    • Content: The threat actor claims to be selling a database allegedly stolen from a Taiwanese hospital, containing records of 1.5 million individuals. The exposed data reportedly includes sensitive medical and personal information such as chart numbers, full names, birth dates, blood types, home addresses, phone numbers, medical history, language, occupation, emergency contacts, and more.
    • Date: 2025-07-31T12:53:13Z
    • Network: openweb
    • Published URL: https://leakbase.la/threads/1-5m-taiwaneses-hospital-database.40957/
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/eda632dc-7842-415d-8188-41e2f6db12e2.PNG
    • Threat Actors: ethan_fernsby
    • Victim Country: Taiwan
    • Victim Industry: Hospital & Health Care
    • Victim Organization: Unknown
    • Victim Site: Unknown
  8. Alleged data breach of Government Polytechnic College, Dharmapuri
    • Category: Data Breach
    • Content: The group claims to have leaked CSV files containing sensitive information of Government Polytechnic College, Dharmapuri.
    • Date: 2025-07-31T12:41:47Z
    • Network: telegram
    • Published URL: https://t.me/c/2438113342/679
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/d5ab8659-bca0-4c07-b868-9d9568f1746a.png
      • https://d34iuop8pidsy8.cloudfront.net/bf0489a3-da10-412e-b3a5-59e069636d24.png
      • https://d34iuop8pidsy8.cloudfront.net/49b72c72-e11c-4d84-ad8a-04ccfd9ca89c.png
    • Threat Actors: LulzSec Resitance
    • Victim Country: India
    • Victim Industry: Government & Public Sector
    • Victim Organization: government polytechnic college, dharmapuri
    • Victim Site: gptcdharmapuri.co.in
  9. Alleged data leak of iSolutions.pt
    • Category: Data Breach
    • Content: The threat actor claims to have leaked a database from isolutions.pt, a Portuguese phone sales and repair service, following a data breach in November 2023. The compromised data contains 5,971 customer records including first names, last names, and email addresses, with passwords secured using bcrypt hashes.
    • Date: 2025-07-31T12:08:21Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-isolutions-pt-Database-REPOST
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/0e3418b3-98fa-4822-8eaa-25862b30d475.png
    • Threat Actors: northwolf
    • Victim Country: Portugal
    • Victim Industry: E-commerce & Online Stores
    • Victim Organization: isolutions.pt
    • Victim Site: isolutions.pt
  10. Alleged data leak of Dainik Bhaskar Corporation Limited
    • Category: Data Breach
    • Content: The threat actor claims to have leaked an internal employee dataset from Dainik Bhaskar Corporation Limited (DB Corp Ltd), allegedly exposing 6,961 records of both active and former employees. The data includes employee codes, full names, dates of birth, joining, resignation or retirement, official and personal email addresses, mobile numbers, and OnESS (HRMS portal) status.
    • Date: 2025-07-31T12:08:13Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-DATABASE-LEAK-Dainik-Bhaskar-CORP-LIMITED-%E2%80%94-Full-Employee-Data
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/c3efdd35-2a62-41a2-8eb3-2661a52f2871.png
      • https://d34iuop8pidsy8.cloudfront.net/44dc6a71-bdee-4ff4-881b-11e40c3b48f4.png
    • Threat Actors: LionDataMarket
    • Victim Country: India
    • Victim Industry: Newspapers & Journalism
    • Victim Organization: dainik bhaskar corporation limited (db corp ltd)
    • Victim Site: dainikbhaskargroup.com
  11. Alleged data leak of K Strategies Group LLC
    • Category: Data Breach
    • Content: The threat actor claims to have leaked more than 900 GB of data from K Strategies Group LLC.
    • Date: 2025-07-31T12:08:06Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Document-K-Strategies-Marketing-and-Public-Relations-LEAK-Trailer-900-GB
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/f6f5129e-c0a5-4ceb-ad7e-4cf0a26977f5.png
    • Threat Actors: Cephalus
    • Victim Country: USA
    • Victim Industry: Market Research
    • Victim Organization: k strategies group llc
    • Victim Site: kstrategies.com
  12. Alleged data sale of Bangladesh Road Transport Authority
    • Category: Data Breach
    • Content: The threat actor claims to be selling 1,008,506 records of data from Bangladesh Road Transport Authority, which includes highly sensitive personal information such as username, NID number, date of birth, passport number, contact details, email, and detailed address data including village, road, district, police station, and post code, along with father’s and mother’s names.
    • Date: 2025-07-31T11:32:05Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Selling-brta-gov-bd-DB
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/18fcdd6d-106e-4897-9f53-25030d54f828.png
    • Threat Actors: fuckoverflow
    • Victim Country: Bangladesh
    • Victim Industry: Transportation & Logistics
    • Victim Organization: bangladesh road transport authority
    • Victim Site: brta.gov.bd
  13. Alleged data sale of LenDenClub
    • Category: Data Breach
    • Content: The threat actor claims to be selling 11 million data from LenDenClub, which includes ID, password, user ID, full name, gender, mobile number, email, date of birth, Aadhaar, PAN, occupation, account creation date, source, preferred language, and device ID.
    • Date: 2025-07-31T10:58:00Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-DATABASE-India-lendenclub-com-Platform-Lenders-and-Investors-Customers-KYC-11-Million
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/27943067-6543-4ff5-b5e1-183bef275126.png
    • Threat Actors: ethan_fernsby
    • Victim Country: India
    • Victim Industry: Financial Services
    • Victim Organization: lendenclub
    • Victim Site: lendenclub.com
  14. Alleged sale of 2025 Crypto User Data and Leads
    • Category: Data Leak
    • Content: The threat actor is allegedly selling crypto-related user databases and marketing leads from 2025, containing sensitive information such as names, phone numbers, email addresses, dates of birth, and payment methods. The leaked data reportedly spans multiple major platforms, including over 1.4 million records from Binance, 1.8 million from Crypto.com, 432K from Coinbase, 121K from Kraken, 76K from CoinMarketCap, 40K from Gatehub.net, and 20K from Ledger.
    • Date: 2025-07-31T10:57:46Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Leads-DB-for-2025-marketing-and-scam
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/2de13638-a8cb-4708-8ab4-d84709f0fe3d.png
    • Threat Actors: exxokernel
    • Victim Country: Unknown
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  15. Alleged data leak of bicsearch.com
    • Category: Data Breach
    • Content: A threat actor claims to be leaking API data from bicsearch.com, a penetration service platform. The dump reportedly contains backend data with a limited number of users, raising concerns about unauthorized access and potential misuse of sensitive operational information.
    • Date: 2025-07-31T10:26:53Z
    • Network: openweb
    • Published URL: https://forum.exploit.in/topic/263388/
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/ae4e4baf-6044-4235-9fe4-cc79e78fdeb8.png
    • Threat Actors: rassvettt
    • Victim Country: USA
    • Victim Industry: Information Technology (IT) Services
    • Victim Organization: bicsearch
    • Victim Site: bicsearch.com
  16. Alleged sale of database from an unidentified French Professional Training website
    • Category: Data Leak
    • Content: The threat actor claims to be selling the database of an Unidentified French Professional Training Website. The dataset reportedly contains 588,600 records of user information, including personal and professional training details.
    • Date: 2025-07-31T10:17:10Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-FR-Biggest-French-Professional-Training-Website
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/aab58f23-593f-4a9e-9ea9-e52445cf6475.png
      • https://d34iuop8pidsy8.cloudfront.net/45c6b1f9-ca57-4df5-9dcd-e87021a66ef2.png
    • Threat Actors: Cena1010
    • Victim Country: France
    • Victim Industry: Professional Training
    • Victim Organization: Unknown
    • Victim Site: Unknown
  17. Alleged sale of data from an unidentified French Sushi Store
    • Category: Data Leak
    • Content: The threat actor claims to be selling a database of an unidentified French sushi store, containing approximately 1,686,950 records. The dataset is said to include customer information such as first names, last names, email addresses, postal codes, and physical addresses.
    • Date: 2025-07-31T10:15:11Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-FR-French-Sushi-Store-1-6M
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/53f3e4c5-82cc-4ecd-8292-9374ae686e31.png
      • https://d34iuop8pidsy8.cloudfront.net/d76c9178-faa4-4514-86a5-6acfafc78578.png
    • Threat Actors: Cena1010
    • Victim Country: France
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  18. Alleged sale of database from an unidentified French Professional Training website
    • Category: Data Leak
    • Content: The threat actor claims to be selling the database of an Unidentified French Professional Training Website. The dataset reportedly contains 588,600 records of user information, including personal and professional training details.
    • Date: 2025-07-31T10:14:50Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-SELLING-FR-Biggest-French-Professional-Training-Website
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/aab58f23-593f-4a9e-9ea9-e52445cf6475.png
      • https://d34iuop8pidsy8.cloudfront.net/45c6b1f9-ca57-4df5-9dcd-e87021a66ef2.png
    • Threat Actors: Cena1010
    • Victim Country: France
    • Victim Industry: Professional Training
    • Victim Organization: Unknown
    • Victim Site: Unknown
  19. Alleged sale of Cirebon Community Records
    • Category: Data Breach
    • Content: The threat actor claims to be selling a database containing 1.2 million records from the Cirebon community in Indonesia. The exposed data reportedly includes full names, residential addresses, phone numbers, emails, scanned ID cards (KTP), and family card numbers (No KK).
    • Date: 2025-07-31T09:48:03Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Source-Code-1-2-Million-Data-Masyarakat-Cirebon
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/807a22e4-8189-449b-a618-aee2719fdb0c.png
    • Threat Actors: BabayoSysteam
    • Victim Country: Indonesia
    • Victim Industry: Government Administration
    • Victim Organization: cirebon
    • Victim Site: cirebonkota.go.id
  20. Alleged Admin Access Sale of German Electronics Affiliate WordPress Site
    • Category: Initial Access
    • Content: The threat actor claims to be selling administrator access to a German WordPress-based website associated with a major electronics affiliate store that reportedly receives around 900,000 monthly visitors.
    • Date: 2025-07-31T08:58:29Z
    • Network: openweb
    • Published URL: https://forum.exploit.in/topic/263403/
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/30654281-bdd9-49f8-9fab-b86f0c518099.PNG
    • Threat Actors: glower
    • Victim Country: Germany
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  21. Alleged Sale of Admin Panel Access Logs Including cPanel, OWA, and phpMyAdmin
    • Category: Initial Access
    • Content: The threat actor claims to be auctioning access to over 2.7 million hosts across various administrative login panels, including /admin/owa/administrator, and ports such as 2082. The list includes directories and ports like /whm/admin/config/login, and services such as phpMyAdmin, cPanel, and more.
    • Date: 2025-07-31T08:57:46Z
    • Network: openweb
    • Published URL: https://forum.exploit.in/topic/263393/
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/b9f777b2-2ce4-4b00-b08a-8a802e0fb013.PNG
    • Threat Actors: ShadowRipper
    • Victim Country: Unknown
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  22. Alleged Admin Access Sale of German Electronics Affiliate WordPress Site
    • Category: Initial Access
    • Content: The threat actor claims to be selling administrator access to a German WordPress-based website associated with a major electronics affiliate store that reportedly receives around 900,000 monthly visitors.
    • Date: 2025-07-31T08:49:13Z
    • Network: openweb
    • Published URL: https://forum.exploit.in/topic/263403/
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/30654281-bdd9-49f8-9fab-b86f0c518099.PNG
    • Threat Actors: glower
    • Victim Country: Germany
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  23. Alleged sale of Root server access to an Unidentified Bulgarian Hosting Company
    • Category: Initial Access
    • Content: The threat actor claims to be selling root server access to an Unidentified Bulgarian hosting provider, reportedly granting full control over 50+ hosted websites.
    • Date: 2025-07-31T08:28:12Z
    • Network: openweb
    • Published URL: https://breachforums.hn/Thread-Bulgaria-Hosting-Company-Root-Server-Access
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/d5977103-7f2b-4f61-aa71-080e1d069cc2.png
    • Threat Actors: Z10N
    • Victim Country: Bulgaria
    • Victim Industry: Information Technology (IT) Services
    • Victim Organization: Unknown
    • Victim Site: Unknown
  24. Alleged data breach of Cherkasy City Council
    • Category: Data Breach
    • Content: The group claims to have leaked the data of Cherkasy City Council.
    • Date: 2025-07-31T08:23:59Z
    • Network: telegram
    • Published URL: https://t.me/perunswaroga/357
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/72e4d55c-8a2b-4cb1-af89-165899c35d1f.JPG
      • https://d34iuop8pidsy8.cloudfront.net/ccf1ae48-dca8-42e2-bc77-9237154dbcf1.JPG
    • Threat Actors: Perun Svaroga
    • Victim Country: Ukraine
    • Victim Industry: Government & Public Sector
    • Victim Organization: cherkasy city council
    • Victim Site: chmr.gov.ua
  25. Alleged Leak of Official Driver’s License Data from IMOVEQROO
    • Category: Data Breach
    • Content: The threat actor claims to have leaked sensitive data allegedly from IMOVEQROO, including two compressed datasets: one containing 4,957 folders (1.2 GB) with official driver’s licenses featuring photos, signatures, personal details, and links to add the licenses to Google Wallet; and another (3.3 GB) with 5,145 PDFs containing personal data such as photos, signatures, addresses, and license information.
    • Date: 2025-07-31T07:55:27Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Licencias-de-conducir-IMOVEQROO
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/5ca6cfd5-fd2c-4e73-8916-497e80acf57b.png
      • https://d34iuop8pidsy8.cloudfront.net/4c15122f-2f4f-4ea3-ab87-aafd847186e6.png
      • https://d34iuop8pidsy8.cloudfront.net/6b1f4f0a-c5df-4042-8123-803bb93b35ff.png
    • Threat Actors: Charlotte
    • Victim Country: Mexico
    • Victim Industry: Transportation & Logistics
    • Victim Organization: imoveqroo
    • Victim Site: imoveqroo.qroo.gob.mx
  26. Alleged data breach of Grido Helado
    • Category: Data Breach
    • Content: A threat actor claims to have breached the Club Grido loyalty program, leaking a full database containing names, national IDs, emails, loyalty card numbers, birthdates, point balances, and personal details of users in Argentina.
    • Date: 2025-07-31T06:19:50Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-Club-Grido-Leak
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/6ee9a87d-c568-4f3d-99b8-4eb9d5d7c803.png
    • Threat Actors: DelitosPenales
    • Victim Country: Argentina
    • Victim Industry: Food & Beverages
    • Victim Organization: grido helado
    • Victim Site: argentina.gridohelado.com
  27. Alleged Sale of Unauthorized Access to an Unidentified Organization in Germany
    • Category: Initial Access
    • Content: A threat actor claims to be selling unauthorized access to an AMG EASYGEN industrial control system in Nuremberg, Germany. The system reportedly controls critical functions such as generators, load distribution, and safety mechanisms. The actor alleges that malicious code has been embedded to enable remote shutdowns, manipulation of operating parameters, and disruption of emergency systems.
    • Date: 2025-07-31T06:16:00Z
    • Network: telegram
    • Published URL: https://t.me/n2LP_wVf79c2YzM0/752
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/6411c694-83be-4d88-bd5b-c535eafa8332.png
      • https://d34iuop8pidsy8.cloudfront.net/f032a999-ab37-4499-8e3a-f0af26d12b3a.png
    • Threat Actors: Infrastructure Destruction Squad
    • Victim Country: Germany
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  28. H3C4KEDZ targets the website of Wang Sa La Subdistrict Municipality
    • Category: Defacement
    • Content: The group claims to have defaced the website of Wang Sa La Subdistrict Municipality.
    • Date: 2025-07-31T05:36:42Z
    • Network: telegram
    • Published URL: https://t.me/We_H3c4kedz1/512
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/8b3cca68-d654-4560-81f5-8168b961fa5f.png
    • Threat Actors: H3C4KEDZ
    • Victim Country: Thailand
    • Victim Industry: Government Administration
    • Victim Organization: wang sa la subdistrict municipality
    • Victim Site: wangsala.go.th
  29. Alleged data breach of Madrasah Aliyah (MA) Bustanul Arifin
    • Category: Data Breach
    • Content: The threat actor claims to have breached the database of MA Bustanul Arifin’s subdomains, exposing server details and IPs, with no Cloudflare protection in place.
    • Date: 2025-07-31T04:42:21Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-DATABASE-SUB-DOMAIN-MABUSTANULARIFIN-sch-id-BY-OHKA21
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/3c3eff5b-66a1-438a-b1d6-c5a739f5a7e0.jpg
    • Threat Actors: RETAABI404
    • Victim Country: Indonesia
    • Victim Industry: Higher Education/Academia
    • Victim Organization: madrasah aliyah (ma) bustanul arifin
    • Victim Site: mabustanularifin.sch.id
  30. Alleged Data Leak of Ukrainian Military Systems
    • Category: Data Leak
    • Content: The threat actor claims to have leaked sensitive data and warns a Ukrainian officer that without stronger defenses, the next phase will bring total cybersecurity collapse.
    • Date: 2025-07-31T04:26:44Z
    • Network: telegram
    • Published URL: https://t.me/n2LP_wVf79c2YzM0/748
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/4f39e3d3-656f-46c0-a210-b46b388730a3.jpg
    • Threat Actors: Infrastructure Destruction Squad
    • Victim Country: Ukraine
    • Victim Industry: Military Industry
    • Victim Organization: ukrainian military systems
    • Victim Site: Unknown
  31. Alleged data breach of Bathmate
    • Category: Data Breach
    • Content: The threat actor claims to have breached the website of Bathmate.
    • Date: 2025-07-31T02:06:07Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-bathmate-com-DATA-LEAK
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/dd581556-da07-4741-8cd0-0957a84460c9.jpg
    • Threat Actors: l33tfg
    • Victim Country: Argentina
    • Victim Industry: Retail Industry
    • Victim Organization: bathmate
    • Victim Site: bathmate.com.ar
  32. Alleged Unauthorized Access to ATM System in the USA
    • Category: Initial Access
    • Content: A threat group claims to have gained unauthorized access to an ATM system located in the United States. According to their statement, they have access to administrative SMB shares, system files, and ATM-specific directories. They further allege that the system holds a balance of $36,000 USD.
    • Date: 2025-07-31T02:05:06Z
    • Network: telegram
    • Published URL: https://t.me/n2LP_wVf79c2YzM0/743
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/c4e065da-181a-4a2a-92d8-7ab16718f973.png
    • Threat Actors: Infrastructure Destruction Squad
    • Victim Country: USA
    • Victim Industry: Unknown
    • Victim Organization: Unknown
    • Victim Site: Unknown
  33. Alleged data breach of University of California, Berkeley
    • Category: Data Breach
    • Content: The threat actor claims to be selling a full database from University of California, Berkeley available in both SQL and CSV formats, with access to phpMyAdmin. The dump allegedly includes data on students, seminars, teachers, usernames, password hashes, and school payment records.
    • Date: 2025-07-31T02:03:33Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-SELLING-BERKELEY-USA-University-Database
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/0f45f07b-1438-45ac-bdfc-e42b3af09157.png
    • Threat Actors: ByteToBreach
    • Victim Country: USA
    • Victim Industry: Education
    • Victim Organization: university of california, berkeley
    • Victim Site: berkeley.edu
  34. Alleged data breach of University of California, Berkeley
    • Category: Data Breach
    • Content: The threat actor claims to be selling a full database from University of California, Berkeley available in both SQL and CSV formats, with access to phpMyAdmin. The dump allegedly includes data on students, seminars, teachers, usernames, password hashes, and school payment records.
    • Date: 2025-07-31T01:56:49Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-SELLING-BERKELEY-USA-University-Database
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/0f45f07b-1438-45ac-bdfc-e42b3af09157.png
    • Threat Actors: ByteToBreach
    • Victim Country: USA
    • Victim Industry: Education
    • Victim Organization: university of california, berkeley
    • Victim Site: berkeley.edu
  35. Alleged data breach of University of California, Berkeley
    • Category: Data Breach
    • Content: The threat actor claims to be selling a full database from University of California, Berkeley available in both SQL and CSV formats, with access to phpMyAdmin. The dump allegedly includes data on students, seminars, teachers, usernames, password hashes, and school payment records.
    • Date: 2025-07-31T01:44:24Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-SELLING-BERKELEY-USA-University-Database
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/0f45f07b-1438-45ac-bdfc-e42b3af09157.png
    • Threat Actors: ByteToBreach
    • Victim Country: USA
    • Victim Industry: Education
    • Victim Organization: university of california, berkeley
    • Victim Site: berkeley.edu
  36. Alleged data breach of Bathmate
    • Category: Data Breach
    • Content: The threat actor claims to have breached the website of Bathmate.
    • Date: 2025-07-31T00:51:49Z
    • Network: openweb
    • Published URL: https://darkforums.st/Thread-bathmate-com-DATA-LEAK
    • Screenshots:
      • https://d34iuop8pidsy8.cloudfront.net/b55d3c56-fa1b-4f09-91cf-c60ec3139a48.jpg
    • Threat Actors: l33tfg
    • Victim Country: Argentina
    • Victim Industry: Retail Industry
    • Victim Organization: bathmate
    • Victim Site: bathmate.com.ar

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors such as education, healthcare, government, law, and technology services across multiple countries including Saudi Arabia, France, India, Israel, the United States, and others. The compromised data ranges from personal information (names, contact details, national IDs) and financial records to sensitive healthcare data and large-scale user databases.

Beyond data compromise, the report also reveals significant activity in initial access sales and other cyber operations. Threat actors are offering unauthorized access to systems ranging from corporate websites and hosting servers to critical infrastructure like industrial control systems and ATMs. We also observe defacement attacks on government websites and public threats against nation-state targets, underscoring the varied tactics and motivations at play. This wide array of malicious activities emphasizes the critical importance of robust cybersecurity measures — strong access controls, data protection strategies, continuous monitoring, and proactive threat intelligence — to defend against an evolving range of threats.

Related Posts