I. Executive Summary
The past 24 hours have seen a dynamic and concerning cybersecurity landscape, primarily shaped by escalating geopolitical tensions, particularly those linked to the ongoing Israel-Iran conflict. This period has been marked by a significant volume of cyberattacks, including notable data breaches, alleged data exfiltrations, and widespread denial-of-service (DDoS) campaigns targeting government entities, critical infrastructure, and private sector organizations. Concurrently, financially motivated groups, exemplified by the highly adaptive Scattered Spider collective, continue to leverage sophisticated social engineering tactics and ransomware-as-a-service (RaaS) models, demonstrating the persistent and evolving nature of cybercrime.
A critical observation from recent activities is the pronounced escalation of hybrid warfare, where cyber operations are seamlessly integrated into broader geopolitical conflicts. The surge in diverse pro-Iran hacktivist groups, numbering over 60, engaging in DDoS attacks, data leaks, and disinformation campaigns, alongside more covert state-sponsored activities, underscores this trend.1 This multi-pronged approach aims not only for technical disruption but also for psychological impact and narrative control, fundamentally altering the informational environment.1 The sheer volume of actors and the varied tactics employed signal a coordinated effort to achieve strategic objectives that extend beyond simple technical intrusions.
Further complicating the threat landscape is the blurring of lines between state-sponsored and hacktivist operations. The repeated indication that Iranian state interests may play a supporting role for groups like Handala 3, coupled with the inherent difficulty in distinguishing between state-supported, state-sponsored, state-tolerated, or purely hacktivist activities 4, points to a deliberate strategy by nation-states to utilize ostensibly independent hacktivist groups as proxies. This approach provides a layer of plausible deniability, amplifying the reach and impact of cyber operations while simultaneously complicating attribution and international response efforts.
A nuanced aspect of the motivational landscape involves the observation that state-linked actors are often not well compensated for their state-directed activities and consequently seek alternative monetization methods.4 This financial incentive serves as a strong secondary driver, even when their primary objective is geopolitical, such as information operations or propaganda. This dual motivation can render these actors more prolific and less predictable, as they may engage in opportunistic cybercrime alongside their state-directed operations, blurring the traditional distinctions between cyber espionage and cybercrime.
II. Daily Breach Overview
The following table provides a concise summary of prominent cybersecurity incidents observed in the last 24-hour period, based on available intelligence. This overview serves as a rapid reference for understanding the scope and nature of recent attacks, facilitating quick identification of pressing threats and supporting initial triage efforts.
| Incident ID | Affected Entity/Sector | Type of Breach | Primary Threat Actor | Date Reported | Key Data Compromised |
| INC-2025-06-22-001 | Saudi Games 2024 (Sports/Public Sector) | Data Exfiltration | ZeroDayX / Cyber Fattah | June 22, 2025 | Visitors & Athletes Data, Personal Documents (Scans) |
| INC-2025-06-19-001 | mPrest (Defense Contractor/Technology) | Alleged Data Breach | DigitalGhost | June 19, 2025 | Personal Information of Individuals Connected to Company |
| INC-2025-06-17-001 | Delek Group & Delkol (Petroleum) | Data Exfiltration | Handala | June 17, 2025 | 2 TB of Data, 300,000 Classified Documents (purported) |
| INC-2025-06-16-001 | Weizmann Institute of Science (Education/Research) | Alleged Data Exfiltration | Handala | June 16, 2025 | 4 TB of Confidential Scientific Data (purported) |
| INC-2025-06-16-002 | TBN Israel (Religious Broadcaster) | Data Exfiltration | Handala | June 16, 2025 | 542 GB of Internal Data |
Note: The incidents listed above are illustrative examples drawn from the provided research material, reflecting the types of breaches that would be detailed from a real-time JSON feed. Specific dates reflect the latest reported activity for these groups in the provided context.
III. Detailed Incident Analysis
This section provides a comprehensive description of selected cybersecurity incidents, detailing the nature of the attack, its impact, the targeted entity, and associated links.
Incident: Alleged Sale of Conservice Utility Bill Template
Incident Description: The threat actor is allegedly offering a Conservice utility bill template claimed to represent current bills used in Southern California. The listing describes it as a 1200 DPI fully editable PSD file and asserts it has never failed when used by the actor.
Category: Alert
Date: 2025-06-23T14:21:49Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country: USA
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140437/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/b90d4603-356e-4b06-8632-d4442b56b503.png
Incident: Alleged Sale of EagleSpy v5
Incident Description: Threat actor claims to be selling EagleSpy v5, the latest version of an advanced Android Remote Access Trojan (RAT), capable of remotely hacking Android devices globally with powerful surveillance and control features.
Category: Malware
Date: 2025-06-23T14:19:05Z
Network: openweb
Threat Actor(s): xperttechy
Victim Country:
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://demonforums.net/Thread-EagleSpy-v5-LifeTime-Activated-Latest-Android-RAT
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/000ae6a6-b5be-4c5d-9b00-9becb5c7120c.png
Incident: Alleged data breach of Baran Group
Incident Description: The group claims to have leaked the data from Baran Group.
Category: Data Breach
Date: 2025-06-23T14:18:34Z
Network: telegram
Threat Actor(s): Cyber Isnaad Front
Victim Country: Israel
Victim Industry: Civil Engineering
Victim Organization: baran group
Victim Site: barangroup.com
Associated Links:
- Published URL: https://t.me/CyberIsnaadFront/149
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/24d90332-85f4-436f-88f3-42087520db86.png
- https://d34iuop8pidsy8.cloudfront.net/a3ba1bd0-c36c-4fea-ae34-e6875b360f0e.png
Incident: Alleged data breach of Amy Metom Engineers & Consultants Ltd
Incident Description: The group claims to have leaked the data from Amy Metom Engineers & Consultants Ltd
Category: Data Breach
Date: 2025-06-23T14:14:28Z
Network: telegram
Threat Actor(s): Cyber Isnaad Front
Victim Country: Israel
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: amy metom engineers & consultants ltd
Victim Site: amymetom.co.il
Associated Links:
- Published URL: https://t.me/CyberIsnaadFront/145?single
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/4dbc9064-6583-48f3-8e13-76fadc2ba4cf.png
Incident: Alleged Sale of Business Document Filing Approval Template
Incident Description: The threat actor is allegedly offering a business filing approval notice template. The file is advertised as a 1200 DPI receipt used after online filing and labeled as a key part of the business document verification process.
Category: Alert
Date: 2025-06-23T14:13:11Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country:
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140436/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/2b616576-38e9-4e50-9fe4-3a08048fee28.png
Incident: Alleged Sale of Power of Attorney Template
Incident Description: The threat actor is allegedly offering a Power of Attorney template which includes an actual California notary stamp and is based on a real document used in a real estate transaction.
Category: Alert
Date: 2025-06-23T14:06:25Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country:
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140435/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/28ed0c9d-9a3a-41a1-8ed2-4eb9ded92acc.png
Incident: Alleged Sale of IRS Tax Return Stimulus Check Template
Incident Description: The threat actor is allegedly selling a high-resolution IRS tax return stimulus check template. The template is claimed to be meticulously hand-drawn, made from a real check, delivered as a 1200 DPI PSD file, tested in multiple transactions, and includes a UV template layer.
Category: Alert
Date: 2025-06-23T13:57:55Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country:
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140433/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/68cb1757-3787-4c52-8485-0cc378fc6b56.png
Incident: Alleged Sale of Chase Personal Check Template
Incident Description: The threat actor claims to be selling an editable Chase personal checking template. The alleged template features a genuine guilloche design, microprint signature line, fully editable MICR line, fractional number and check number fields, and an option to remove the Chase logo for different applications.
Category: Alert
Date: 2025-06-23T13:57:48Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country:
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140432/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/df41633b-19fc-4d98-a5d0-71751d4c920e.png
Incident: Alleged sale of editable California voter card templates
Incident Description: The threat actor claims to be selling editable templates of voter cards from California.
Category: Alert
Date: 2025-06-23T13:57:36Z
Network: openweb
Threat Actor(s): iKingdom
Victim Country: USA
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://xss.is/threads/140431/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/4bd99d76-0a61-4d76-bf69-e432a3d673d4.png
Incident: Alleged leak of databases from various countries
Incident Description: The threat actor claims to have leaked data from various countries. The compromised data comes from Canada, France, Japan, Israel, Italy, Thailand, and Ukraine.
Category: Data Leak
Date: 2025-06-23T13:11:49Z
Network: openweb
Threat Actor(s): SukaLebok06
Victim Country: Canada
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://darkforums.st/Thread-DATA-LEAKS-IN-VARIOUS-COUNTRIES-BY-SukaLebok06
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/6e47eeb8-1371-485e-84ec-85a065fdb5cd.png
Incident: Alleged data breach of Jobinfo
Incident Description: The threat actor claims to have breached the organization data, leaking over 50,000 records amounting to 419 GB. The exposed data primarily contains personal information such as names, roles, resumes, phone numbers and much more.
Category: Data Breach
Date: 2025-06-23T13:06:09Z
Network: telegram
Threat Actor(s): Handala Hack
Victim Country: Israel
Victim Industry: Human Resources
Victim Organization: jobinfo
Victim Site: jobinfo.co.il
Associated Links:
- Published URL: https://t.me/handala_hack26/69
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/03ec7b23-fe71-4646-b251-99c4e3bab24a.png
- https://d34iuop8pidsy8.cloudfront.net/5993ec88-75fd-4148-b7e0-57e3c59dd938.png
Incident: Alleged data leak of Shelter Locations in Israel
Incident Description: The group claims to have exposed the full list of shelter locations across Israel, stating that every coordinate is now public. They warn that traditional refuge sites are no longer safe, emphasizing this as a statement of fact, not a threat, and urge civilians to leave for their own safety.
Category: Data Leak
Date: 2025-06-23T12:59:38Z
Network: telegram
Threat Actor(s): Handala Hack
Victim Country: Israel
Victim Industry: Public Safety
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://t.me/handala_hack26/90
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/fe2b2c9f-9d99-4179-904b-8059e89086ce.png
- https://d34iuop8pidsy8.cloudfront.net/eecfbf90-b90c-4c9e-a558-645e401bd1a5.png
Incident: Arabian Ghosts targets the website of erms.co.in
Incident Description: The group claims to have defaced the website of erms.co.in
Category: Defacement
Date: 2025-06-23T12:37:26Z
Network: telegram
Threat Actor(s): Arabian Ghosts
Victim Country: India
Victim Industry:
Victim Organization: erms.co.in
Victim Site: erms.co.in
Associated Links:
- Published URL: https://t.me/ARABIAN_GHOSTS/1143
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/8d611156-8749-4bc5-b334-1d6e15f505be.png
Incident: Alleged data leak of Sirene
Incident Description: The threat actor claims to have leaked a database from Sirene. The compromised data contains 2.5 million records, including information about establishments in France.
Category: Data Breach
Date: 2025-06-23T12:37:17Z
Network: openweb
Threat Actor(s): giorggios
Victim Country: France
Victim Industry: Government Administration
Victim Organization: sirene
Victim Site: sirene.fr
Associated Links:
- Published URL: https://darkforums.st/Thread-Selling-FRANCE-sirene-2-5millions
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/f7d41f5b-484c-4b1c-af6e-cefcbb2dc92a.png
Incident: Arabian Ghosts targets the website of Estimulo
Incident Description: The group claims to have defaced the website of Estimulo.
Category: Defacement
Date: 2025-06-23T12:16:10Z
Network: telegram
Threat Actor(s): Arabian Ghosts
Victim Country: India
Victim Industry: Education
Victim Organization: estimulo
Victim Site: estimulo.co.in
Associated Links:
- Published URL: https://t.me/ARABIAN_GHOSTS/1143
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/5004d41e-14c2-42a6-b461-da1cee8f3a18.png
Incident: Arabian Ghosts targets the website of Terna Global Business School
Incident Description: The group claims to have defaced the website of Terna Global Business School.
Category: Defacement
Date: 2025-06-23T12:08:10Z
Network: telegram
Threat Actor(s): Arabian Ghosts
Victim Country: India
Victim Industry: Education
Victim Organization: terna global business school
Victim Site: ternagbs.in
Associated Links:
- Published URL: https://t.me/ARABIAN_GHOSTS/1143
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/131838dc-8515-4583-8a2e-f5f826444efd.png
Incident: Alleged data leak of TARGOBANK
Incident Description: The threat actor claims to have leaked a database from TARGOBANK. The compromised data includes International Bank Account Number.
Category: Data Breach
Date: 2025-06-23T12:05:24Z
Network: openweb
Threat Actor(s): mikespinter
Victim Country: Germany
Victim Industry: Banking & Mortgage
Victim Organization: targobank
Victim Site: targobank.de
Associated Links:
- Published URL: https://darkforums.st/Thread-Targo-bank-germany-customer-database-fullz-with-iban
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/2d6d7735-9ea7-4441-bfc6-543d66fee378.png
Incident: Alleged data leak of TOVADO PROPERTIES
Incident Description: The threat actor claims to have leaked a 80 GB database from TOVADO PROPERTIES.
Category: Data Breach
Date: 2025-06-23T12:05:20Z
Network: openweb
Threat Actor(s): DigitalGhost
Victim Country: Israel
Victim Industry: Real Estate
Victim Organization: tovado properties
Victim Site: tovado.com
Associated Links:
- Published URL: http://darkforums.st/Thread-80GB-TOVADOPROPERTIES-DATA
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/19646d1a-4932-45ec-b625-26d19ab40dfe.png
Incident: Alleged data breach of Computer Warriors Education
Incident Description: The threat actor claims to have obtained the database of the Computer Warriors Education, and states that a portion of the data will be leaked.
Category: Data Breach
Date: 2025-06-23T11:29:00Z
Network: telegram
Threat Actor(s): LulzSec Black
Victim Country: India
Victim Industry: Education
Victim Organization: computer warriors education
Victim Site: cwepatna.com
Associated Links:
- Published URL: https://t.me/c/2218423825/7901
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/4f457a17-f405-446e-9507-89dfa8c196a7.png
Incident: Alleged sale of dump of Spanish personal data
Incident Description: Threat actor claims to be selling a dataset Fulki Spain containing over 500 individual entries, allegedly comprising personal information of Spanish citizens.
Category: Data Leak
Date: 2025-06-23T09:57:06Z
Network: openweb
Threat Actor(s): OttoFonBismark
Victim Country: Spain
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://forum.exploit.in/topic/261315/
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/978f909a-e5df-48a5-b93b-9956f8b3b94e.png
Incident: Alleged data breach of AMI 3F
Incident Description: The threat actor claims to have breach the database of AMI 3F.customer contracts and customer data. The compromised database consists of 20,000 customer contracts and customer data like name, DOB, phone, email, username, password etc.
Category: Data Breach
Date: 2025-06-23T09:54:57Z
Network: openweb
Threat Actor(s): ups
Victim Country: France
Victim Industry: Insurance
Victim Organization: ami 3f
Victim Site: ami3f.com
Associated Links:
- Published URL: https://darkforums.st/Thread-AMI-3F-Leaked-Download
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/dd5daf17-28e7-4e55-aa78-1152cddd83ab.png
Incident: Alleged data sale of ERGO Seguros de Viaje
Incident Description: The threat actor claims to be selling a database from ERGO Seguros de Viaje. The compromised data contains 2M records including sensitive personal information such as name, address, national ID, dob etc.
Category: Data Breach
Date: 2025-06-23T09:34:37Z
Network: openweb
Threat Actor(s): Zoldyck
Victim Country: Spain
Victim Industry: Insurance
Victim Organization: ergo seguros de viaje
Victim Site: ergo-segurosdeviaje.es
Associated Links:
- Published URL: https://darkforums.st/Thread-Selling-Ergo-Seguros-Spain
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/1a15bcac-1048-4bab-895e-223dc36aae20.png
Incident: Mysterious Team Bangladesh claims to target USA, Israel and several Arab countries
Incident Description: A recent post by the group indicated that they are targeting the USA, Israel, and several Arab countries, while also hinting at separate plans underway for Argentina.
Category: Alert
Date: 2025-06-23T08:45:13Z
Network: telegram
Threat Actor(s): Mysterious Team Bangladesh
Victim Country: USA
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
- Published URL: https://t.me/M_T_B_official/412
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/62186efb-845a-4817-b2b1-2cb13c1f81e1.png
Incident: Alleged data leak of ADIM Tel Aviv
Incident Description: The threat actor claims to have leaked data from Aerospace, Defense & Innovation Meetings Tel Aviv. The compromised data contains 68M records.
Category: Data Breach
Date: 2025-06-23T07:41:44Z
Network: openweb
Threat Actor(s): DigitalGhost
Victim Country: Israel
Victim Industry: Events Services
Victim Organization: aerospace, defense & innovation meetings tel aviv
Victim Site: tel-aviv.bciaerospace.com
Associated Links:
- Published URL: https://darkforums.st/Thread-68M-AEROSPACE-TEL-AVIV-SYSTEM-DATA
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/e3cc9fff-e884-4adb-aea8-592f37f0663d.png
Incident: Alleged data breach of Alpha Epsilon Pi
Incident Description: The threat actor claims to have breached 700GB data of Alpha Epsilon Pi in Israel.
Category: Data Breach
Date: 2025-06-23T06:39:22Z
Network: openweb
Threat Actor(s): DigitalGhost
Victim Country: Israel
Victim Industry: Non-profit & Social Organizations
Victim Organization: alpha epsilon pi
Victim Site: aepi.org
Associated Links:
- Published URL: https://darkforums.st/Thread-700GB-ISRAEL-AEPI-DATABASE
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/376933bb-2f06-4986-87cf-72c302e9dfa0.png
Incident: Alleged data breach of Seznam.cz
Incident Description: The threat actor claims to have leaked 1,889 lines of data from seznam.cz
Category: Data Breach
Date: 2025-06-23T06:25:36Z
Network: openweb
Threat Actor(s): BestCombos
Victim Country: Czech Republic
Victim Industry: Information Technology (IT) Services
Victim Organization: seznam.cz
Victim Site: seznam.cz
Associated Links:
- Published URL: https://demonforums.net/Thread-Email-Pass-1-889-lines-%E2%98%A3%EF%B8%8Fseznam-cz-21-06-25
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/8d080a20-ee92-43f2-b26a-1b5fcddb1411.png
Incident: Alleged Data Leak of Indian Business Owners
Incident Description: A threat actor claims to have obtained a database of 120,000 executives of Indian business owners. The leaked data allegedly includes names, position, state, indusutry, etc
Category: Data Leak
Date: 2025-06-23T06:13:38Z
Network: tor
Threat Actor(s): Market Exchange
Victim Country: India
Victim Industry:
Victim Organization:
Victim Site:
Associated Links:
Works cited
- Radware reports hybrid warfare as cyberattacks, disinformation …, accessed June 23, 2025, https://industrialcyber.co/threats-attacks/radware-reports-hybrid-warfare-as-cyberattacks-disinformation-escalate-in-2025-israel-iran-conflict/
- Cyberwar rages in Israel-Iran conflict – IT-Online, accessed June 23, 2025, https://it-online.co.za/2025/06/23/cyberwar-rages-in-israel-iran-conflict/
- Disrupting Handala: Did OP Innovate Help Silence a Major Cyber …, accessed June 23, 2025, https://op-c.net/blog/did-op-innovate-disrupt-handala-cyber-threat/
Iran-Linked Threat Actors Leak Visitors and Athletes … – Resecurity, accessed June 23, 2025, https://www.resecurity.com/blog/article/iran-linked-threat-actors-leak-visitors-and-athletes-data-from-saudi-games
