This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged data sale of Cargus
- Category: Data Breach
- Content: The threat actor claims to be selling 552,659 records from Cargus, allegedly containing name, telephone number, address, postal code, city, county, email, ID, user ID, and more.
- Date: 2025-11-16T12:36:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-cargus-ro-Romania-Business-Database)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: Romania
- Victim Industry: Transportation & Logistics
- Victim Organization: cargus
- Victim Site: cargus.ro
2. Alleged data sale of 700Credit
- Category: Data Breach
- Content: The threat actor claims to be selling 8.4 million customer records from 700Credit, allegedly containing full names, dates of birth, addresses, Social Security numbers, and employment information.
- Date: 2025-11-16T12:30:23Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-700Credit-Databreach-8-4-Milllion-FULLZ-SSN)
- Screenshots:
- Threat Actors: ROOTBOY
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: 700credit
- Victim Site: 700credit.com
3. Alleged data breach of Krabet store
- Category: Data Breach
- Content: The threat actor claims to be selling Krabet Stores Odoo customer data. The exposed information reportedly includes ID, name, email, phone number, ZIP code, country, state or province, customer type, website, confirmed email status, account creation details, billing and shipping addresses, dates, VAT number, gender, company details, account lock status, rewards balance, mobile number, and Odoo customer ID.
- Date: 2025-11-16T12:28:31Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-1M-Iranian-Odoo-customer-export)
- Screenshots:
- Threat Actors: Ater
- Victim Country: Iran
- Victim Industry: E-commerce & Online Stores
- Victim Organization: krabet
- Victim Site: krabet.com
4. Alleged unauthorized access to unidentified industrial automation system in Ukraine
- Category: Initial Access
- Content: The group claims to have gained access to the unidentified industrial automation system in Ukraine. They reportedly have the ability to control the powder coating, welding, prefabrication, adhesive application, MDF processing, ventilation, temperature, also they controlled operators and administrators by changing passwords and access rights.
- Date: 2025-11-16T11:34:43Z
- Network: telegram
- Published URL: (https://t.me/zpentestalliance/718)
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Industrial Automation
- Victim Organization: Unknown
- Victim Site: Unknown
5. Maresa Logistica falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-16T11:18:37Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7b6191bf-cf9b-32da-8fad-b64f8e81717e)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Spain
- Victim Industry: Transportation & Logistics
- Victim Organization: maresa logistica
- Victim Site: maresalogistica.com
6. Ahloy Anonymous targets the website of Royal Thai Police
- Category: Initial Access
- Content: The group claims to have leaked login access to Royal Thai Police.
- Date: 2025-11-16T09:30:55Z
- Network: telegram
- Published URL: (https://t.me/ahloyanonymous/12)
- Screenshots:
- Threat Actors: Ahloy Anonymous
- Victim Country: Thailand
- Victim Industry: Law Enforcement
- Victim Organization: royal thai police
- Victim Site: stronger.police.go.th
7. KAL EGY 319 targets the website of Comisión Episcopal de Pastoral Universitaria
- Category: Defacement
- Content: The group claims to have defaced the website of Comisión Episcopal de Pastoral UniversitariaMirror Link: https://zone-xsec.com/mirror/id/764526
- Date: 2025-11-16T09:18:45Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/44)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Argentina
- Victim Industry: Religious Institutions
- Victim Organization: comisión episcopal de pastoral universitaria
- Victim Site: cepau.org.ar
8. Alleged leak of login access of Suphan Buri provincial education office
- Category: Initial Access
- Content: Group claims to have leaked login access to Suphan Buri provincial education office
- Date: 2025-11-16T09:11:05Z
- Network: telegram
- Published URL: (https://t.me/ahloyanonymous/10)
- Screenshots:
- Threat Actors: Ahloy Anonymous
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: suphan buri provincial education office
- Victim Site: moesuphan.go.th
9. TRUTH LEGION 707 claims to target Africa
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Africa.
- Date: 2025-11-16T06:26:27Z
- Network: telegram
- Published URL: (https://t.me/c/3186755612/37)
- Screenshots:
- Threat Actors: TRUTH LEGION 707
- Victim Country: South Africa
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
10. Pharaoh’s Team targets the website of Inter Credit Union
- Category: Defacement
- Content: Group claims to have defaced the website of Inter Credit Union.
- Date: 2025-11-16T05:59:28Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/321)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Financial Services
- Victim Organization: inter credit union
- Victim Site: increditu.com
11. Alleged data breach of Policía Auxiliar
- Category: Data Breach
- Content: The threat actor claim to be have breached database belonging to the Policía Auxiliar of Mexico City (CDMX)
- Date: 2025-11-16T04:42:58Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-POLICIA-AUXILIAR-CDMX-4-ALL)
- Screenshots:
- Threat Actors: s4mmy
- Victim Country: Mexico
- Victim Industry: Government Administration
- Victim Organization: policía auxiliar
- Victim Site: pa.cdmx.gob.mx
12. Alleged data leak of medical insurance from Taiwan
- Category: Data Breach
- Content: Threat actor claims to have leaked 12.9 million medical insurance data from Taiwan.
- Date: 2025-11-16T03:59:16Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/taiwan-medical-insurance-avilable-12-9-million-lines.46042/)
- Screenshots:
- Threat Actors: jdudjbdd
- Victim Country: Taiwan
- Victim Industry: Insurance
- Victim Organization: Unknown
- Victim Site: Unknown
13. BABAYO EROR SYSTEM targets the website of PT. Premier Equity Futures
- Category: Defacement
- Content: The group claims to have defaced the website of PT. Premier Equity Futures.
- Date: 2025-11-16T02:01:27Z
- Network: telegram
- Published URL: (https://t.me/babayoerorsysteam3/694)
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: Indonesia
- Victim Industry: Financial Services
- Victim Organization: pt. premier equity futures
- Victim Site: premierequityfutures.co.id
14. Alleged leak of military and intelligence documents
- Category: Data Breach
- Content: The group claims to be selling 32GB of highly sensitive military and intelligence documents
- Date: 2025-11-16T01:11:40Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2460)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Military Industry
- Victim Organization: Unknown
- Victim Site: Unknown
15. Alleged sale of accounts from Stake
- Category: Data Breach
- Content: The threat actor claims to be selling Level-2 verified Stake.com accounts
- Date: 2025-11-16T23:55:26Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-STAKE-COM-ACCOUNTS-CHEAPEST)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: Curaçao
- Victim Industry: Gambling & Casinos
- Victim Organization: stake
- Victim Site: stake.com
16. Alleged data breach of SeAH HOLDINGS & SeAH STEEL HOLDINGS
- Category: Data Breach
- Content: The threat actor claims to have leaked data from SeAH Holdings. The compromised data includes source code, configuration files, access keys, API keys, and hardcoded credentials.
- Date: 2025-11-16T22:51:20Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-SeAH-Holdings-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: South Korea
- Victim Industry: Mining/Metals
- Victim Organization: seah holdings & seah steel holdings
- Victim Site: seah.co.kr
17. Alleged data breach of Blossom Cloud Co., Ltd.
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Blossom Cloud Co., Ltd. The Compromised Data includes Source Codes, SQL Files, Configuration Files and API Keys.
- Date: 2025-11-16T20:45:44Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-BlossomCloud-co-kr-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: South Korea
- Victim Industry: Retail Industry
- Victim Organization: blossom cloud co., ltd.
- Victim Site: blossomcloud.co.kr
18. Alleged data breach of L’Assurance retraite
- Category: Data Breach
- Content: The threat actor claims to have leaked L’Assurance retraite. The Compromised Data includes Full Names, Email Addresses, Physical Addresses, Phone Numbers, etc.
- Date: 2025-11-16T20:31:44Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-AssuranceRetraite)
- Screenshots:
- Threat Actors: Wildpistol
- Victim Country: France
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: l’assurance retraite
- Victim Site: lassuranceretraite.fr
19. Alleged Sale of U.S. Payment Card Data
- Category: Data Breach
- Content: Threat actor claims to be selling 800 US credit card details . The compromised data reportedly includes credit card number ,expiry month ,expiry year ,cvv ,full name ,address ,city ,state ,zip ,phone ,and mail.
- Date: 2025-11-16T19:31:11Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270184/)
- Screenshots:
- Threat Actors: XDev
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
20. Alleged Access to T-Systems International
- Category: Initial Access
- Content: Group claims to have gained access to T-Systems International.
- Date: 2025-11-16T17:40:22Z
- Network: telegram
- Published URL: (https://t.me/usersecc/577?single)
- Screenshots:
- Threat Actors: UserSec
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: t-systems international
- Victim Site: t-systems.com
21. Alleged Sale of Thailand citizens Data
- Category: Data Breach
- Content: Threat actor claims to be selling 30 million Thailand citizen’s data.
- Date: 2025-11-16T17:38:44Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%B9%F0%9F%87%ADThailand-citizens-30-million-lines-samples-avilables)
- Screenshots:
- Threat Actors: yeestge33
- Victim Country: Thailand
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
22. Alleged data sale of Lindsey Ferguson Database
- Category: Data Breach
- Content: The threat actor claims to have leaked Lindsey Ferguson Database.
- Date: 2025-11-16T17:28:48Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Lindsey-Ferguson-Database)
- Screenshots:
- Threat Actors: Stanley19463
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: lindsey ferguson
- Victim Site: Unknown
23. Alleged Sale of 1,200 Fortinet VPN Network Accesses
- Category: Initial Access
- Content: Threat actor claims to be selling 1,200 Fortinet VPN network accesses.
- Date: 2025-11-16T15:30:51Z
- Network: openweb
- Published URL: (https://forum.exploit.biz/topic/270163/)
- Screenshots:
- Threat Actors: anna_s
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
24. Red wolf cyber claims to target Iran
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Iran.
- Date: 2025-11-16T14:23:24Z
- Network: telegram
- Published URL: (https://t.me/c/2609313110/556)
- Screenshots:
- Threat Actors: Red wolf cyber
- Victim Country: Iran
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
25. Alleged leak of access to EduSofto
- Category: Initial Access
- Content: The group claims to have leaked admin access to EduSofto
- Date: 2025-11-16T13:50:47Z
- Network: telegram
- Published URL: (https://t.me/kingsman_india1/755)
- Screenshots:
- Threat Actors: KINGSMAN INDIA
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: edusofto
- Victim Site: edusofto.com.bd
26. Alleged leak of access to Mongalkandi Islamia Kamil Madrasah
- Category: Initial Access
- Content: The group claims to have leaked login access to the Mongalkandi Islamia Kamil Madrasah.
- Date: 2025-11-16T13:46:26Z
- Network: telegram
- Published URL: (https://t.me/kingsman_india1/755)
- Screenshots:
- Threat Actors: KINGSMAN INDIA
- Victim Country: Bangladesh
- Victim Industry: Religious Institutions
- Victim Organization: mongalkandi islamia kamil madrasah
- Victim Site: mkm.edu.bd
27. Alleged unauthorized access to Tahfizul Ummah Madrasah
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Tahfizul Ummah Madrasah.
- Date: 2025-11-16T13:44:16Z
- Network: telegram
- Published URL: (https://t.me/kingsman_india1/755)
- Screenshots:
- Threat Actors: KINGSMAN INDIA
- Victim Country: Bangladesh
- Victim Industry: Education
- Victim Organization: tahfizul ummah madrasah
- Victim Site: tahfizulummah.com
28. Alleged leak of login access of CAPER Information Technology System
- Category: Initial Access
- Content: The group claims to have leaked login access to CAPER Information Technology System
- Date: 2025-11-16T13:39:16Z
- Network: telegram
- Published URL: (https://t.me/ahloyanonymous/15)
- Screenshots:
- Threat Actors: Ahloy Anonymous
- Victim Country: Indonesia
- Victim Industry: Information Services
- Victim Organization: caper
- Victim Site: caper.sks.go.th
29. Alleged data breach of UKMPPG – Uji Kinerja
- Category: Data Breach
- Content: The group claims to have gained the access of admin panel and selling organization’s data from UKMPPG – Uji Kinerja
- Date: 2025-11-16T13:31:33Z
- Network: telegram
- Published URL: (https://t.me/kingsman_india1/752)
- Screenshots:
- Threat Actors: KINGSMAN INDIA
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: ukmppg – uji kinerja
- Victim Site: ukin.ukmppg.id
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and sales were prominent, including the sale of 8.4 million customer records from 700Credit (USA), 552,659 records from Cargus (Romania), and sensitive data leaks from SeAH Holdings (South Korea), L’Assurance retraite (France), and the Policía Auxiliar (Mexico). This also includes the sale of a large database of Thailand citizens and the leak of medical insurance data from Taiwan.
Significant Initial Access was also offered, such as access to T-Systems International (Germany), 1,200 Fortinet VPN network accesses, and admin/login access to several organizations in Bangladesh and Thailand, including the Royal Thai Police. The report also features a Ransomware incident involving Maresa Logistica (Spain) and Defacement attacks targeting organizations in Argentina, Indonesia, and an Inter Credit Union.
These incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and attacks by threat groups like KINGSMAN INDIA, Ahloy Anonymous, and the data sellers fuckoverflow and ROOTBOY.