[November-23-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Pharaoh’s Team Channel targets the website of Servicio Vecino

• Category: Defacement
• Content: The group claims to have defaced the website of Servicio Vecino.
• Date: 2025-11-23T23:58:00Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/368
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/2fb0ca2e-ca71-444d-bd8c-5a7c3a0f86c2.png
• Threat Actors: Pharaoh’s Team Channel
• Victim Country: Argentina
• Victim Industry: Professional Services
• Victim Organization: servicio vecino
• Victim Site: serviciovecino.com.ar

2. SYLHET GANG-SG claims to target Romania

• Category: Alert
• Content: A recent post by the group claims that they are targeting Romania.
• Date: 2025-11-23T23:55:32Z
• Network: telegram
• Published URL: https://t.me/SylhetGangSG1/7115
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/540f8aee-8bed-4af6-be6a-4d9d87156320.png
• Threat Actors: SYLHET GANG-SG
• Victim Country: Romania
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

3. Pharaoh’s Team targets the website of Association of Certified Public Translators

• Category: Defacement
• Content: The group claims to have defaced the website of Association of Certified Public Translators
• Date: 2025-11-23T23:52:02Z
• Network: telegram
• Published URL: https://t.me/Pharaohs_n/369
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/fc454a4d-e496-4284-b4ff-945cf0993c3d.png
• Threat Actors: Pharaoh’s Team
• Victim Country: Lebanon
• Victim Industry: Legal Services
• Victim Organization: association of certified public translators
• Victim Site: sworntranslators.org

4. Alleged data breach of Netanya Academic College

• Category: Data Breach
• Content: The group in collaboration with Infinite international claims to breached Netanya Academic College. The breached data’s include over a thousand personal IDs, passports, academic transcripts, 13,000 email addresses, and some personal documents
• Date: 2025-11-23T23:44:58Z
• Network: telegram
• Published URL: https://t.me/Team_S4uD1Pwnz/71
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/f73d90a4-b3cd-4c37-b5f7-eadd75476e40.pnghttps://d34iuop8pidsy8.cloudfront.net/e0499c2b-1bcf-4806-a3b8-37b1c49d8ddc.pnghttps://d34iuop8pidsy8.cloudfront.net/2fee9b4d-f549-47eb-a0cb-032275af203f.png
• Threat Actors: S4uD1Pwnz
• Victim Country: Israel
• Victim Industry: Education
• Victim Organization: netanya academic college
• Victim Site: netanya.ac.il

5. scattered LAPSUS$ hunters 7.0 claims to target Iran

• Category: Alert
• Content: A recent post by the group claims that they are targeting Iran
• Date: 2025-11-23T23:28:21Z
• Network: telegram
• Published URL: https://t.me/smokinmandiant/327
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/ac772fe0-f3a9-48f6-bcc5-70f35754b677.png
• Threat Actors: scattered LAPSUS$ hunters 7.0
• Victim Country: Iran
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

6. National Institute of Materials Physics (NIMP) falls victim to Nova Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 700 GB of the organization’s internal data and intends to publish it within 7 days.
• Date: 2025-11-23T23:23:20Z
• Network: tor
• Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/b83e4481-5f66-4715-b09f-e7755625701f.png
• Threat Actors: Nova
• Victim Country: Romania
• Victim Industry: Research Industry
• Victim Organization: national institute of materials physics (nimp)
• Victim Site: infim.ro

7. Alleged Data Leak of 28000 Personal Records in USA

• Category: Data Breach
• Content: Threat actor claims to have leaked the database of 28000 Personal Records in USA which includes full personal identity data, including full name, complete address details, hometown, date of birth, Social Security Number, driver’s license information, and phone number.
• Date: 2025-11-23T23:08:19Z
• Network: openweb
• Published URL: https://forum.exploit.in/topic/270623/
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/9826906a-e92f-4682-a33d-6d7aac618e42.pnghttps://d34iuop8pidsy8.cloudfront.net/c3fadb6d-ec95-4908-962e-52ba777fb696.png
• Threat Actors: IncredAustin
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

8. Alleged data leak of US NAVY

• Category: Data Breach
• Content: A threat actor claims to have leaked sensitive U.S. Navy data, including alleged blueprints of Arleigh Burke–class destroyer.
• Date: 2025-11-23T22:16:01Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Document-%F0%9F%9A%A2-TOP-SECRET-US-NAVY-Arleigh-Burke-Class-Destroyer-BLUEPRINTS-LEAKED-%F0%9F%9A%A2
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/eaf96c22-68ff-4fce-a632-f58ca6cff3e4.png
• Threat Actors: jrintel
• Victim Country: USA
• Victim Industry: Security & Investigations
• Victim Organization: us navy
• Victim Site: Unknown

9. Alleged Sale of Unauthorized Remote Desktop Web Access to an Unidentified Organization in UK

• Category: Initial Access
• Content: Threat actor claims to be selling unauthorized Remote Desktop Web user access to an unidentified organization in the UK.
• Date: 2025-11-23T20:59:24Z
• Network: openweb
• Published URL: https://forum.exploit.in/topic/270617/
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/4b59913d-44aa-4ecc-878f-38504f9df4d8.png
• Threat Actors: 7TEAMS
• Victim Country: UK
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

10. Alleged Data Breach of French Ministry of Agriculture and Food

• Category: Data Breach
• Content: The threat actor claiming to be selling a French Ministry of Agriculture and Food.
• Date: 2025-11-23T20:45:59Z
• Network: openweb
• Published URL: https://darkforums.st/Thread-Selling-%E2%AD%90agriculture-gouv-fr-DATABASE-%E2%AD%90
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/22a914b3-ab57-4e7b-8300-6e09469e9156.png
• Threat Actors: Exploit4000938832
• Victim Country: France
• Victim Industry: Government Administration
• Victim Organization: french ministry of agriculture and food
• Victim Site: agriculture.gouv.fr

11. mToilet falls victim to CHAOS Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 450 GB of the organization’s data.
• Date: 2025-11-23T20:27:21Z
• Network: tor
• Published URL: http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/LoIVHrGk2QVH31i8dOCeikejqIpkcwcm/mtoilet
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/05999f7e-35ae-422f-86a8-67038de84287.png
• Threat Actors: CHAOS
• Victim Country: Poland
• Victim Industry: Energy & Utilities
• Victim Organization: mtoilet
• Victim Site: mtoilet.pl

12. Alleged Data Breach of Genious Communications

• Category: Data Breach
• Content: The threat actor claims to be selling Genious Communications data.
• Date: 2025-11-23T20:26:57Z
• Network: openweb
• Published URL: http://darkforums.st/Thread-DATABASE-Big-Moroccan-Company-genious-net-leaked
• Screenshots:https://d34iuop8pidsy8.cloudfront.net/e99d4425-5aab-4f78-b422-900a2eec96f5.png
• Threat Actors: xNov
• Victim Country: Morocco
• Victim Industry: Information Technology (IT) Services
• Victim Organization: genious communications
• Victim Site: genious.net

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats occurring on November 23, 2025. Data breaches and ransomware attacks are prominent, affecting various sectors from government administration and education to healthcare and research. Notable victims include the French Ministry of Agriculture, the US Navy, and Netanya Academic College, impacting countries such as France, the USA, Israel, Romania, and Poland.

The compromised data ranges from sensitive personal identity records and military blueprints to large-scale organizational databases and internal communications. Beyond data compromise, the report also reveals significant activity in initial access sales and defacements, with threat actors like Qilin, Pharaoh’s Team, and Infrastructure Destruction Squad actively targeting critical infrastructure and commercial entities. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures to defend against a wide array of sophisticated and opportunistic attacks.