[November-22-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged data breach of Copper Steel Fabricators

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of Copper Steel Fabricators. It consists of 330 GB dataset containing a full mirror of their FTP server with current project files, Tekla 3D models, PE-stamped engineering drawings, and materials from major jobs including Project ROCKY, Publix Greensboro RDC, and Amazon CMH5. The seller claims all files are recent and is asking $28,500 in BTC or XMR via escrow.
• Date: 2025-11-22T23:32:15Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270543/ Screenshots:
• Threat Actors: zestix
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: copper steel fabricators
• Victim Site: coopersteel.com

2. scattered LAPSUS$ hunters 7.0 claims to target Krebs On Security

• Category: Alert
• Content: A recent post by the group claims that they are targeting Krebs On Security.
• Date: 2025-11-22T23:24:34Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/256 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Newspapers & Journalism
• Victim Organization: krebs on security
• Victim Site: krebsonsecurity.com

3. Alleged sale of unauthorized Vmware-veeam cloud access to an unidentified IT company in Portugal

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized Vmware-veeam cloud access to unidentified IT company in Portugal.
• Date: 2025-11-22T22:51:10Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270574/ Screenshots:
• Threat Actors: personX
• Victim Country: Portugal
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

4. Alleged data breach of ERC KP LLC (Complatezh)

• Category: Data Breach
• Content: The group claims to have leaked 276K data containing full names and postal address from ERC KP LLC (Complatezh).
• Date: 2025-11-22T22:46:49Z
• Network: telegram
• Published URL: https://t.me/perunswaroga/779 Screenshots:
• Threat Actors: Perun Svaroga
• Victim Country: Ukraine
• Victim Industry: Financial Services
• Victim Organization: erc kp llc (complatezh)
• Victim Site: complatezh.info

5. Alleged Leak of Bolivia Police Officers Database

• Category: Data Breach
• Content: Group claims to be leaked Bolivia Police Officers Database.
• Date: 2025-11-22T22:23:38Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Bolivia-Police-Officer-Database Screenshots:
• Threat Actors: vulnerandolo
• Victim Country: Bolivia
• Victim Industry: Unknown
• Victim Organization: bolivia police officers database.
• Victim Site: Unknown

6. Alleged sale of unauthorized admin access to unidentified Pharmaceutical organization in Austria

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized admin access to unidentified Pharmaceutical organization in Austria.
• Date: 2025-11-22T22:03:06Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270573/ Screenshots:
• Threat Actors: personX
• Victim Country: Austria
• Victim Industry: Healthcare & Pharmaceuticals
• Victim Organization: Unknown
• Victim Site: Unknown

7. Bodega San Huberto falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 34.88 GB of the organization’s data.
• Date: 2025-11-22T21:25:42Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: Argentina
• Victim Industry: Wine & Spirits
• Victim Organization: bodega san huberto
• Victim Site: bodegassanhuberto.com.ar

8. f-w-s countertops falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 18.98 GB of the organization’s data and intends to publish it within 5-6 days.
• Date: 2025-11-22T21:19:08Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: f-w-s countertops
• Victim Site: f-w-s.net

9. Barr Companies falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 18.19 GB of the organization’s data and intends to publish it within 5-6 days.
• Date: 2025-11-22T21:13:22Z
• Network: tor
• Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Transportation & Logistics
• Victim Organization: barr companies
• Victim Site: barrcos.com

10. healthcare & more falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 17.19 GB of the organization’s data and intends to publish it within 5-6 days.
• Date: 2025-11-22T21:04:12Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Insurance
• Victim Organization: healthcare & more
• Victim Site: healthcareandmoore.com

11. Fueling Solutions, Inc. falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 16.03 GB of the organization’s data and intends to publish it within 3-4 days.
• Date: 2025-11-22T20:54:04Z
• Network: tor
• Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Oil & Gas
• Victim Organization: fueling solutions, inc.
• Victim Site: fueling-solutions.com

12. Nugent Supply Co., Inc. falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 5.6 GB of the organization’s data and intends to publish it within 3-4 days.
• Date: 2025-11-22T20:46:35Z
• Network: tor
• Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: nugent supply co., inc.
• Victim Site: nugentsupply.com

13. Summit Construction Supply falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 5.56 GB of the organization’s data and intends to publish it within 3-4 days.
• Date: 2025-11-22T20:40:43Z
• Network: tor
• Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: summit construction supply
• Victim Site: summitconstructionsupply.com

14. Parsirang falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 10.63 GB of the organization’s data and intends to publish it within 0-1 days.
• Date: 2025-11-22T20:30:59Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: Iran
• Victim Industry: Consumer Goods
• Victim Organization: parsirang
• Victim Site: parsirang.com

15. Alleged sale of unauthorized FTP admin access to unidentified Architecture organization in Canada

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized FTP admin access to unidentified Architecture organization in Canada. The compromised data reportedly includes jpg files, png files, txt files, source codes, docs, pdfs, and more.
• Date: 2025-11-22T19:05:57Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270563/ Screenshots:
• Threat Actors: Anon-WMG
• Victim Country: Canada
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

16. Alleged sale of unauthorized admin access to an unidentified organization in Canada

• Category: Initial Access
• Content: Threat actor claims to be selling admin-level FTP server access to a company in Canada operating in the architecture and engineering industry.
• Date: 2025-11-22T18:43:25Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-FTP-Admin-access-CANADA-59M Screenshots:
• Threat Actors: Dark_Alpha
• Victim Country: Canada
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

17. Alleged Data Leak of tmc.co.il

• Category: Data Breach
• Content: Group claims to be leaked data tmc.co.il.
• Date: 2025-11-22T18:20:58Z
• Network: telegram
• Published URL: https://t.me/CyberToufan08/456 Screenshots:
• Threat Actors: CyberToufan
• Victim Country: Israel
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: tmc.co.il
• Victim Site: tmc.co.il

18. Alleged sale of gambling/casino leads from Ukraine

• Category: Data Breach
• Content: Threat actor claims to be selling a 2024 Ukraine gambling/casino leads database containing 258,000 records. The data reportedly includes email addresses, mobile numbers, gaming platforms, last active timestamps, last IP addresses, country codes, platform details, and account status. The files are offered in XLSX and CSV formats.
• Date: 2025-11-22T17:26:43Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-For-sale-Ukraine-Gambling-Casino-leads-2024%C2%A0-258K-Records Screenshots:
• Threat Actors: LandLord
• Victim Country: Ukraine
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

19. Alleged sale of sensitive document related to Sukhoi S-70 Okhotnik-B Russian fighter

• Category: Data Breach
• Content: Threat actor claims to be selling 8GB of sensitive documents related to the Sukhoi S-70 Okhotnik-B Russian fighter.
• Date: 2025-11-22T17:03:25Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-%F0%9F%9A%80-8GB-Sukhoi-S-70-Okhotnik-B-RUSSIAN-FIGHTERJET-BLUEPRINTS-DOCUMENTS-FOR-SALE-%F0%9F%9A%80–60212 Screenshots:
• Threat Actors: jrintel
• Victim Country: Russia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

20. Alleged sale of unauthorized network access to unidentified organizations in China

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized network access to unidentified organizations in China.
• Date: 2025-11-22T16:55:36Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/270557/ Screenshots:
• Threat Actors: nopiro
• Victim Country: China
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

21. Alleged data leak of Equity Fund Accountability Information System (Paraguay)

• Category: Data Breach
• Content: Threat actor claims to have leaked data from Equity Fund Accountability Information System under the Ministry of Public Health and Social Welfare of Paraguay. The compromised data reportedly include ID, name, phone number, email, address, etc.
• Date: 2025-11-22T16:52:06Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Document-SYSTEM-SIRFE-2-0-PARAGUAY-LEAK-FRESH Screenshots:
• Threat Actors: Johan_Liebheart
• Victim Country: Paraguay
• Victim Industry: Government Administration
• Victim Organization: ministry of public health and social welfare of paraguay
• Victim Site: sirfesalud.mspbs.gov.py

22. Alleged Sale of Magento 2 RCE Exploit (CVE-2025-54236)

• Category: Vulnerability
• Content: Threat actor claims to be selling an exploit Magento 2 CVE-2025-54236 RCE.
• Date: 2025-11-22T16:39:59Z
• Network: openweb
• Published URL: https://forum.exploit.in/topic/270551/ Screenshots:
• Threat Actors: TylerDurden
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

23. Alleged data breach of HID

• Category: Data Breach
• Content: The threat actor claims to be selling HID Global 2TB source code & document of secure identity products.
• Date: 2025-11-22T16:25:31Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Source-Code-HID-Global-2TB-source-code-document-of-secure-identity-products Screenshots:
• Threat Actors: acheron
• Victim Country: USA
• Victim Industry: Security & Investigations
• Victim Organization: hid
• Victim Site: hidglobal.com

24. Alleged sale of shell access to an unidentified shop in Spain

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized shell access to an unidentified shop in Spain.
• Date: 2025-11-22T16:24:16Z
• Network: openweb
• Published URL: https://rehubcom.pro/threads/920/ Screenshots:
• Threat Actors: gustavo
• Victim Country: Spain
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

25. Katch Can falls victim to PLAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizational data and plans to publish it within 4-5 days.
• Date: 2025-11-22T16:17:57Z
• Network: tor
• Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=cW520Nu0gJwgn Screenshots:
• Threat Actors: PLAY
• Victim Country: Canada
• Victim Industry: Oil & Gas
• Victim Organization: katch can
• Victim Site: katchkan.com

26. Keystone Fabricating Inc falls victim to PLAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizational data and plans to publish it within 4-5 days.
• Date: 2025-11-22T16:13:19Z
• Network: tor
• Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=9gMiZvsACN2GES Screenshots:
• Threat Actors: PLAY
• Victim Country: USA
• Victim Industry: Machinery Manufacturing
• Victim Organization: keystone fabricating inc
• Victim Site: keystonefabricating.com

27. Turkstra Trusses falls victim to PLAY ransomware

• Category: Ransomware
• Content: Group claims to have obtained organizational data and plans to publish it within 4-5 days.
• Date: 2025-11-22T16:12:54Z
• Network: tor
• Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=alGp2AcglwuKhb Screenshots:
• Threat Actors: PLAY
• Victim Country: Canada
• Victim Industry: Building and construction
• Victim Organization: turkstra trusses
• Victim Site: turkstratrusses.ca

28. VANTEC EUROPE LIMITED falls victim to LYNX Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s internal data.
• Date: 2025-11-22T14:45:22Z
• Network: tor
• Published URL: http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/6921c09c2423bc3ce089d3ca Screenshots:
• Threat Actors: LYNX
• Victim Country: UK
• Victim Industry: Transportation & Logistics
• Victim Organization: vantec europe limited
• Victim Site: vanteceurope.com

29. D1$RUPT0R targets the website of RENSUM INSTITUTE OF NURSING

• Category: Defacement
• Content: Group claims to have defaced the website of RENSUM INSTITUTE OF NURSING
• Date: 2025-11-22T14:28:07Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211231 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Education
• Victim Organization: rensum institute of nursing
• Victim Site: rensum.com

30. Order403 targets the website of Shoppagina

• Category: Defacement
• Content: The group claims to have defaced the website of Shoppagina.
• Date: 2025-11-22T14:26:47Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211196 Screenshots:
• Threat Actors: Order403
• Victim Country: Netherlands
• Victim Industry: Information Technology (IT) Services
• Victim Organization: shoppagina
• Victim Site: atotz.student4.shoppagina.nl

31. scattered LAPSUS$ hunters 7.0 claims to target JLR

• Category: Alert
• Content: The group claims to have targeted JLR
• Date: 2025-11-22T14:24:16Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/246 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: UK
• Victim Industry: Automotive
• Victim Organization: jlr
• Victim Site: jlr.com

32. scattered LAPSUS$ hunters 7.0 claims to target Porsche

• Category: Alert
• Content: The group claims to have targeted Porsche
• Date: 2025-11-22T14:19:56Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/245 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: Germany
• Victim Industry: Automotive
• Victim Organization: porsche
• Victim Site: porsche.com

33. HonkSec targets the website of CELTECH College

• Category: Defacement
• Content: The group claims to have defaced the website of CELTECH College, Attributing the attack to its member MrAstra.
• Date: 2025-11-22T14:12:59Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211204 Screenshots:
• Threat Actors: HonkSec
• Victim Country: Philippines
• Victim Industry: Higher Education/Acadamia
• Victim Organization: celtech college
• Victim Site: clcst.com.ph

34. D1$RUPT0R targets the website of Oxygen Medical Center

• Category: Defacement
• Content: The group claims to have defaced the organization’s website.
• Date: 2025-11-22T14:02:29Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211287 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: UAE
• Victim Industry: Hospital & Health Care
• Victim Organization: oxygen medical center
• Victim Site: oxygenmedical.ae

35. D1$RUPT0R targets the website of One Youth Global

• Category: Defacement
• Content: Group claims to have defaced the website of One Youth Global
• Date: 2025-11-22T13:58:39Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211279 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: Nigeria
• Victim Industry: Education
• Victim Organization: one youth global
• Victim Site: oneyouthglobal.org

36. SHADOWX targets the website of yattti.co-id.id

• Category: Defacement
• Content: The group claims to have defaced the website of yattti.co-id.id

MIRROR : https://defacer.id/mirror/id/211286

• Date: 2025-11-22T13:24:17Z
• Network: telegram
• Published URL: https://t.me/irfacyber/365 Screenshots:
• Threat Actors: SHADOWX
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: yattti.co-id
• Victim Site: yattti.co-id.id

37. SHADOWX targets the website of tokobangunanbojo.co-id.id

• Category: Defacement
• Content: The group claims to have defaced the website of tokobangunanbojo.co-id.id

MIRROR : https://defacer.id/mirror/id/211288

• Date: 2025-11-22T13:19:27Z
• Network: telegram
• Published URL: https://t.me/irfacyber/365 Screenshots:
• Threat Actors: SHADOWX
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: tokobangunanbojo.co-id
• Victim Site: tokobangunanbojo.co-id.id

38. SHADOWX targets the website of bidotiyanto.co-id.id

• Category: Defacement
• Content: The group claims to have defaced the website of bidotiyanto.co-id.id.

MIRROR : https://defacer.id/mirror/id/211290

• Date: 2025-11-22T13:15:43Z
• Network: telegram
• Published URL: https://t.me/irfacyber/365 Screenshots:
• Threat Actors: SHADOWX
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: bidotiyanto.co-id
• Victim Site: bidotiyanto.co-id.id

39. D1$RUPT0R targets the website of Bhayalakshmi Camphor

• Category: Defacement
• Content: Group claims to have defaced the website of Bhayalakshmi Camphor
• Date: 2025-11-22T13:13:52Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211207 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: Sri Lanka
• Victim Industry: Retail Industry
• Victim Organization: bhayalakshmi camphor
• Victim Site: bhaagyaa.com

40. D1$RUPT0R targets the website of Gyan Infotube Education

• Category: Defacement
• Content: Group claims to have defaced the website of Gyan Infotube Education.
• Date: 2025-11-22T13:07:11Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211208 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Education
• Victim Organization: gyan infotube education.
• Victim Site: gyaninfoedu.in

41. D1$RUPT0R targets the website of CorpAcumen.

• Category: Defacement
• Content: Group claims to have defaced the website of CorpAcumen.
• Date: 2025-11-22T12:39:53Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211209 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Management Consulting
• Victim Organization: corpacumen
• Victim Site: corpacumen.com

42. D1$RUPT0R targets the website of Corp Acumen

• Category: Defacement
• Content: Group claims to have defaced the website of Corp Acumen
• Date: 2025-11-22T12:29:05Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211210 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Management Consulting
• Victim Organization: corp acumen
• Victim Site: corpacumenglobal.com

43. C&M Software falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 393.92 GB of the organization’s data and intends to publish it within 6–7 days.
• Date: 2025-11-22T12:23:40Z
• Network: tor
• Published URL: https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog Screenshots:
• Threat Actors: DragonForce
• Victim Country: Brazil
• Victim Industry: Software
• Victim Organization: c&m software
• Victim Site: cmsw.com

44. D1$RUPT0R targets the website of Kadam Polymers Private Limited

• Category: Defacement
• Content: Group claims to have defaced the website of Kadam Polymers Private Limited
• Date: 2025-11-22T12:14:37Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211211 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Manufacturing
• Victim Organization: kadam polymers private limited
• Victim Site: kadambpolymers.com

45. D1$RUPT0R targets the website of MK SOLAR ENERGY

• Category: Defacement
• Content: Group claims to have defaced the website of AARVI CHIPS
• Date: 2025-11-22T12:02:39Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211212 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Food Production
• Victim Organization: aarvi chips
• Victim Site: aarvichips.com

46. McGinnis Leslie Attorneys At Law falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 65 GB of the organization’s data.
• Date: 2025-11-22T11:54:33Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2f6f7cc9-e8cc-3b4c-9f3b-0f82466f5cbb Screenshots:
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: mcginnis leslie attorneys at law
• Victim Site: mmlkadvantage.com

47. D1$RUPT0R targets the website of S.S ENGINEERING WORKS LIMITED

• Category: Defacement
• Content: Group claims to have defaced the website of S.S ENGINEERING WORKS LIMITED
• Date: 2025-11-22T11:44:15Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211213 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Environmental Services
• Victim Organization: s.s engineering works limited
• Victim Site: ssewltd.com

48. Dream Hack targets the website of Rise Finserve

• Category: Defacement
• Content: The group claims to have defaced the website of Rise Finserve, Attributing the attack to its member CrazyOFC.
• Date: 2025-11-22T11:38:55Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211281 Screenshots:
• Threat Actors: dream hack
• Victim Country: India
• Victim Industry: Financial Services
• Victim Organization: rise finserve
• Victim Site: risefinserve.com

49. 6ickzone targets the websites of visionextcloud.in

• Category: Defacement
• Content: The group claims to have defaced these domains:

visionextcloud.in MIRROR: https://defacer.id/mirror/id/211227

mail.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211228

doctorbooking.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211226

bizlist.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211219

cakesy.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211220

dentalhospital.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211223

dentalhospita2.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211222

digimart.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211224

digitalstore.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211225

classiads.visionextcloud.in MIRROR: https://defacer.id/mirror/id/211221

• Date: 2025-11-22T11:25:48Z
• Network: openweb
• Published URL: https://defacer.id/archive/2 Screenshots:
• Threat Actors: 6ickzone
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: mail.visionextcloud.in

50. D1$RUPT0R targets the website of EMBRYO

• Category: Defacement
• Content: Group claims to have defaced the website of EMBRYO
• Date: 2025-11-22T11:18:16Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211214 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: Thailand
• Victim Industry: Hospitality & Tourism
• Victim Organization: embryo
• Victim Site: embryohotel.com

51. Kajima europe falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 400 GB of the organization’s data
• Date: 2025-11-22T10:49:34Z
• Network: openweb
• Published URL: https://www.ransom-db.com/real-time-updates Screenshots:
• Threat Actors: Qilin
• Victim Country: UK
• Victim Industry: Real Estate
• Victim Organization: kajima europe
• Victim Site: kajimaeurope.com

52. Alleged data breach of AECORP 005 SL

• Category: Data Breach
• Content: The threat actor claims to be leaked AECORP 005 SL database, functioning as a Sociedad Limitada (limited liability company).
• Date: 2025-11-22T10:27:26Z
• Network: openweb
• Published URL: https://xss.pro/threads/144400/ Screenshots:
• Threat Actors: MaximusSpawn
• Victim Country: Spain
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: aecorp 005
• Victim Site: Unknown

53. D1$RUPT0R targets the website of theaarka.com

• Category: Defacement
• Content: Group claims to have defaced the website of theaarka.com
• Date: 2025-11-22T10:26:25Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211215 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Food Production
• Victim Organization: theaarka
• Victim Site: theaarka.com

54. D1$RUPT0R targets the website of MK SOLAR ENERGY

• Category: Defacement
• Content: Group claims to have defaced the website of MK SOLAR ENERGY.
• Date: 2025-11-22T09:52:09Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211216 Screenshots:
• Threat Actors: D1$RUPT0R
• Victim Country: India
• Victim Industry: Energy & Utilities
• Victim Organization: mk solar energy
• Victim Site: mksolarenergy.com

55. Medical Center, LLP falls victim to PEAR Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 1.7 TB of the organization’s data.
• Date: 2025-11-22T09:24:07Z
• Network: tor
• Published URL: http://pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion/Companies/dublinmedicalcenter/ Screenshots:
• Threat Actors: PEAR
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: medical center, llp
• Victim Site: dublinmedicalcenter.com

56. Alleged security exposure in Pakistan Red Crescent Society systems

• Category: Vulnerability
• Content: The group claims to have identified weak security controls in systems belonging to the Pakistan Red Crescent Society (PRCS), reportedly allowing unexpected access to internal management platforms. According to the claim, the exposed entry point could reveal sensitive operational information, including records tied to an estimated 720,000 volunteers. The actor states that no data was accessed, modified, or leaked.
• Date: 2025-11-22T09:02:24Z
• Network: telegram
• Published URL: https://t.me/c/2588114907/613 Screenshots:
• Threat Actors: Keymous Plus
• Victim Country: Pakistan
• Victim Industry: Non-profit & Social Organizations
• Victim Organization: pakistan red crescent society
• Victim Site: prcs.org.pk

57. Alleged unauthorized access to unidentified SCADA system in Italy

• Category: Initial Access
• Content: The group claims to have gained access to the SCADA system of a biogas cogeneration plant in Italy operated by Spark Energy, reportedly gaining visibility into engine and generator controls, biogas flow, thermal and cooling systems, real-time operational data, event logs, diagnostics, and remote-operation functions.
• Date: 2025-11-22T08:49:43Z
• Network: telegram
• Published URL: https://t.me/c/2549402132/433 Screenshots:
• Threat Actors: Inteid
• Victim Country: Italy
• Victim Industry: Energy & Utilities
• Victim Organization: Unknown
• Victim Site: Unknown

58. HonkSec targets the website of Olongapo Wesley School Inc.

• Category: Defacement
• Content: The group claims to have defaced the website of Olongapo Wesley School Inc. Attributing the attack to its member MrAstra.
• Date: 2025-11-22T08:31:32Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211229 Screenshots:
• Threat Actors: HonkSec
• Victim Country: Philippines
• Victim Industry: Education
• Victim Organization: olongapo wesley school inc.
• Victim Site: ows.edu.ph

59. CiaoxD_ targets the website of createAsolution

• Category: Defacement
• Content: The group claims to have defaced the website of createAsolution.
• Date: 2025-11-22T07:49:54Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211217 Screenshots:
• Threat Actors: CiaoxD_
• Victim Country: India
• Victim Industry: Human Resources
• Victim Organization: createasolution
• Victim Site: createasolution.co

60. Alleged data leak of COCA – COLA Employees in UAE

• Category: Data Breach
• Content: The group claims to have leaked the employee data of COCA-COLA. They claims that they have leaked 959 Employee data
• Date: 2025-11-22T06:34:11Z
• Network: telegram
• Published URL: https://t.me/ctrl_nepal/219 Screenshots:
• Threat Actors: GenZRisingNepal
• Victim Country: UAE
• Victim Industry: Food & Beverages
• Victim Organization: coca-cola
• Victim Site: coca-cola.com

61. Interlink Trade Services falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data.
• Date: 2025-11-22T06:27:09Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2f7eff92-bbaf-3504-80d1-81dd407853ae Screenshots:
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Transportation & Logistics
• Victim Organization: interlink trade services
• Victim Site: interlinktrade.com

62. Indonesia Sadboy Xploit targets the website of PT Vepo Indah Pratama

• Category: Defacement
• Content: The group claims to have defaced the website of PT Vepo Indah Pratama.
• Date: 2025-11-22T06:24:22Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211159 Screenshots:
• Threat Actors: Indonesia Sadboy Xploit
• Victim Country: Indonesia
• Victim Industry: Manufacturing
• Victim Organization: pt vepo indah pratama
• Victim Site: vepoindahpratama.com

63. scattered LAPSUS$ hunters 7.0 claims to target Salesforce

• Category: Alert
• Content: A recent post by the group claims that they are targeting Salesforce
• Date: 2025-11-22T06:23:02Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/70 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: salesforce
• Victim Site: salesforce.com

64. ./meicookies targets the website of Amafy Africa

• Category: Defacement
• Content: The group claims to have defaced the website of Amafy Africa
• Date: 2025-11-22T06:17:58Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211163 Screenshots:
• Threat Actors: ./meicookies
• Victim Country: Rwanda
• Victim Industry: Information Technology (IT) Services
• Victim Organization: amafy africa
• Victim Site: amaafy.com

65. scattered LAPSUS$ hunters 7.0 claims to target CrowdStrike

• Category: Alert
• Content: A recent post by the group claims that they are targeting CrowdStrike
• Date: 2025-11-22T06:15:20Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/102 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Computer & Network Security
• Victim Organization: crowdstrike
• Victim Site: crowdstrike.com

66. scattered LAPSUS$ hunters 7.0 claims to target CrunchLabs LLC

• Category: Alert
• Content: A recent post by the group claims that they are targeting CrunchLabs LLC
• Date: 2025-11-22T06:06:26Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/85 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: crunchlabs llc
• Victim Site: crunchlabs.com

67. scattered LAPSUS$ hunters 7.0 claims to target Federal Bureau of Investigation

• Category: Alert
• Content: A recent post by the group claims that they are targeting Federal Bureau of Investigation.
• Date: 2025-11-22T06:02:19Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/105 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Government & Public Sector
• Victim Organization: federal bureau of investigation
• Victim Site: fbi.gov

68. Jakarta Blackhat targets the website of Universitas Wirahusada Medan

• Category: Defacement
• Content: The group claims to have defaced the organization’s website
• Date: 2025-11-22T05:58:16Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211177 Screenshots:
• Threat Actors: Jakarta Blackhat
• Victim Country: Indonesia
• Victim Industry: Education
• Victim Organization: universitas wirahusada medan
• Victim Site: repositori.uwh.ac.id

69. scattered LAPSUS$ hunters 7.0 claims to target Flock Safety

• Category: Alert
• Content: A recent post by the group claims that they are targeting Flock Safety.
• Date: 2025-11-22T05:55:49Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/88 Screenshots:
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: USA
• Victim Industry: Public Safety
• Victim Organization: flock safety
• Victim Site: flocksafety.com

70. Alleged sale of unauthorized access to Grupo Novelec

• Category: Initial Access
• Content: A threat actor claims to be selling unauthorized access to the Hybris WCRM system (Web Customer Relationship Management) of Group Novelec
• Date: 2025-11-22T05:48:21Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Access-to-Hybris-WCRM-of-Group-Novelec Screenshots:
• Threat Actors: NetWeaverLLM
• Victim Country: Spain
• Victim Industry: Wholesale
• Victim Organization: grupo novelec
• Victim Site: gruponovelec.com

71. LegioNLeakeRs targets the website of Centro de Conciliación Laboral del Estado de Campeche (CENCOLAB)

• Category: Defacement
• Content: The group claims to have defaced the website of Centro de Conciliación Laboral del Estado de Campeche (CENCOLAB)
• Date: 2025-11-22T05:44:40Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211138 Screenshots:
• Threat Actors: LegioNLeakeRs
• Victim Country: Mexico
• Victim Industry: Government Administration
• Victim Organization: centro de conciliación laboral del estado de campeche (cencolab)
• Victim Site: cencolab.campeche.gob.mx

72. ch1yo1 targets the website of Department of Transportation – Philippines

• Category: Defacement
• Content: The group claims to have defaced the website of Department of Transportation – Philippines.
• Date: 2025-11-22T05:37:26Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211194 Screenshots:
• Threat Actors: ch1yo1
• Victim Country: Philippines
• Victim Industry: Government Administration
• Victim Organization: department of transportation – philippines
• Victim Site: dotr.gov.ph

73. Indonesia Sadboy Xploit targets the website of PT Sukses Bersama Teknindo

• Category: Defacement
• Content: The threat actor claims to have defaced the organization’s website.
• Date: 2025-11-22T05:24:30Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211160 Screenshots:
• Threat Actors: Indonesia Sadboy Xploit
• Victim Country: Indonesia
• Victim Industry: Information Technology (IT) Services
• Victim Organization: pt sukses bersama teknindo
• Victim Site: suksesbersamateknindo.com

74. Alleged sale of customer database from adidas AG

• Category: Data Breach
• Content: The threat actor claims to be selling a dataset allegedly belonging to Adidas AG. The dataset reportedly contains sensitive personal information of approximately 4.9 million customers, including names, email addresses, phone numbers, full mailing addresses, account and contact IDs, market segmentation details, language preferences, timestamps, and metadata linked to Adidas’s cloud‑hosted CRM infrastructure.
• Date: 2025-11-22T05:14:37Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-Adidas-costumers-DB-leak-for-sale-samples-avilables Screenshots:
• Threat Actors: the front page
• Victim Country: Germany
• Victim Industry: Sporting Goods
• Victim Organization: adidas
• Victim Site: adidas.com

75. MASHMALLOW targets the website of Film.Ar Productions

• Category: Defacement
• Content: Group claims to have defaced the website of Film.Ar Productions.
• Date: 2025-11-22T05:13:15Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211170 Screenshots:
• Threat Actors: MASHMALLOW
• Victim Country: Brazil
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: film.ar productions
• Victim Site: filmarproducoes.com.br

76. MASHMALLOW targets the website of Maia Magazine

• Category: Defacement
• Content: Group claims to have defaced the website of Maia Magazine.
• Date: 2025-11-22T05:04:41Z
• Network: openweb
• Published URL: https://defacer.id/mirror/id/211171 Screenshots:
• Threat Actors: MASHMALLOW
• Victim Country: Brazil
• Victim Industry: E-commerce & Online Stores
• Victim Organization: maia magazine
• Victim Site: maiamagazine.com.br

77. Alleged leak of login credentials of VCOMSAT Joint Stock Company

• Category: Initial Access
• Content: The group claims to have leaked the login credentials of VCOMSAT Joint Stock Company
• Date: 2025-11-22T05:02:09Z
• Network: telegram
• Published URL: https://t.me/black_bullett/494 Screenshots:
• Threat Actors: Black Bullet
• Victim Country: Vietnam
• Victim Industry: Network & Telecommunications
• Victim Organization: vcomsat joint stock company
• Victim Site: tnd.giamsathanhtrinh.vn

78. Alleged leak of login credentials of Funtap

• Category: Initial Access
• Content: The group claims to have leaked the login credentials of Funtap.
• Date: 2025-11-22T04:57:38Z
• Network: telegram
• Published URL: https://t.me/black_bullett/494 Screenshots:
• Threat Actors: Black Bullet
• Victim Country: Vietnam
• Victim Industry: Gaming
• Victim Organization: funtap
• Victim Site: id.funtap.vn

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and Data Breaches are prominent, affecting various sectors from Construction and Healthcare to Automotive and Government Administration, and impacting countries including the USA, Canada, India, Brazil, and Spain. The compromised data ranges from sensitive engineering drawings and government records to customer databases and internal organizational files. Beyond data compromise, the report reveals significant activity in initial access sales and website defacements. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.