This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged sale of unauthorized access to an unidentified IT company in Germany
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified IT company in Germany.
- Date: 2025-11-25T21:48:08Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/270760/
- Screenshots:
- Threat Actors: KamalTrump
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: Unknown
- Victim Site: Unknown
2. Alleged Unauthorized Admin Access to Bayleaf Indian Restaurant
- Category: Initial Access
- Content: The threat actor claims to have leaked Unauthorized Admin Access to Bayleaf Indian Restaurant in Switzerland.
- Date: 2025-11-25T21:32:49Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-bayleaf-chaslay-com-Indian-restaurant-admin-access
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: Switzerland
- Victim Industry: Restaurants
- Victim Organization: bayleaf indian restaurant
- Victim Site: bayleaf.chaslay.com
3. Kids & Company falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: group claims to have obtained 200 GB of the organization’s data, including Contracts, Financial data, Incidents, etc.
- Date: 2025-11-25T21:08:00Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/6926100188b6823fa2ef7e07
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Canada
- Victim Industry: Individual & Family Services
- Victim Organization: kids & company
- Victim Site: kidsandcompany.com
4. Money Mart falls victim to Everest Ransomware
- Category: Ransomware
- Content: Group claims to have obtained of the organization’s data. The compromised data includes Personal Identification, Contact Information, Identity Documents, etc.
- Date: 2025-11-25T20:53:53Z
- Network: tor
- Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/National_Money_Mart_Company/
- Screenshots:
- Threat Actors: Everest
- Victim Country: Canada
- Victim Industry: Financial Services
- Victim Organization: money mart
- Victim Site: moneymart.ca
5. Alleged Data Breach of DCDC Kidney Care
- Category: Data Breach
- Content: The threat actor claims to have leaked data from DCDC Kidney Care. The compromised data reportedly includes patient records, dialysis center information, operational details.
- Date: 2025-11-25T20:44:56Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-dcdc-co-in-Indian-medical-site
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: India
- Victim Industry: Hospital & Health Care
- Victim Organization: dcdc kidney care
- Victim Site: dcdc.co.in
6. Columbia Medical Practice falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:27:22Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=490d9067-6680-326e-bc35-89149b7de65d
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Colombia
- Victim Industry: Medical Practice
- Victim Organization: columbia medical practice
- Victim Site: cmpractice.com
7. Lake Superior State University falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:23:42Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=38edd8a2-9174-38b2-baf4-8becddac711b
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: lake superior state university (lssu)
- Victim Site: lssu.edu
8. Paal falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:19:09Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c0df3a93-f6e7-3ad8-8f3f-885d7c536b8a
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Germany
- Victim Industry: Manufacturing
- Victim Organization: paal
- Victim Site: paal.de
9. Inspire Communities falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:14:16Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=03f9cf25-57d0-330c-89c8-4f9cc96486de
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: inspire communities
- Victim Site: inspirecommunities.com
10. New England Tractor Trailer Training School falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:11:09Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7667b9ac-0554-31e6-9c00-1e8ee4ce8741
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: new england tractor trailer training school
- Victim Site: nettts.com
11. Christofle falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-11-25T20:07:44Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=66a45e21-17ea-372b-9226-b30c2a22cd6f
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Luxury Goods & Jewelry
- Victim Organization: christofle
- Victim Site: christofle.com
12. Rochester Philharmonic Orchestra falls victim to Akira Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data. The compromised information reportedly includes personal information (SSNs, DLs, phones and so on), budget, internal confidential docs, NDA, etc.
- Date: 2025-11-25T20:01:07Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Music
- Victim Organization: rochester philharmonic orchestra
- Victim Site: rpo.org
13. Alleged leak of login credentials of bitcoin
- Category: Initial Access
- Content: The group claims to have leaked the login credentials of bitcoin
- Date: 2025-11-25T19:22:52Z
- Network: telegram
- Published URL: https://t.me/z111ttfqqqqxqaZFffFQqaaqqq17q/201
- Screenshots:
- Threat Actors: FORNET PRIVATE COMBOLIST
- Victim Country: Unknown
- Victim Industry: Financial Services
- Victim Organization: bitcoin
- Victim Site: bitcoinptc.top
14. Cyber Islamic resistance-Axis claims to target Netivot Moshe schools
- Category: Alert
- Content: A recent post by the group claims that they are targeting Netivot Moshe schools
- Date: 2025-11-25T18:53:55Z
- Network: telegram
- Published URL: https://t.me/Mhwear98/1236
- Screenshots:
- Threat Actors: Cyber Islamic resistance-Axis
- Victim Country: Israel
- Victim Industry: Education
- Victim Organization: netivot moshe schools
- Victim Site: Unknown
15. Iberia Airlines falls victim to Everest Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 596 GB of the organization’s data. The compromised data includes Personal Information, Loyalty / Membership Information, Flight & Travel Data and more. They plan to publish it within 3 to 4 days.
- Date: 2025-11-25T17:48:04Z
- Network: tor
- Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Iberia/
- Screenshots:
- Threat Actors: Everest
- Victim Country: Spain
- Victim Industry: Airlines & Aviation
- Victim Organization: iberia airlines
- Victim Site: iberia.com
16. Alleged data breach of Police Tenant & Registration System Data OF Pakistan sindh
- Category: Data Breach
- Content: group claims to have leaked 5 GB of Data from Police Tenant & Registration System Data OF Pakistan Sindh. The compromised data reportedly includes officials name, identity card number, phone number, district, police station name, family members info, home address etc.
- Date: 2025-11-25T16:39:05Z
- Network: telegram
- Published URL: https://t.me/IndianCyberForceTG/25
- Screenshots:
- Threat Actors: INDIAN CYBER FORCE
- Victim Country: Pakistan
- Victim Industry: Government Administration
- Victim Organization: police tenant & registration system data of pakistan sindh
- Victim Site: sindhpolice.gov.pk
17. INDIAN CYBER FORCE targets the website of University of Balochistan
- Category: Defacement
- Content: The group claims to have defaced the website of University of Balochistan.Mirror: https://web.archive.org/web/20251125095543/http://feedeposit.uob.edu.pk/
- Date: 2025-11-25T14:23:09Z
- Network: telegram
- Published URL: https://t.me/IndianCyberForceTG/23
- Screenshots:
- Threat Actors: INDIAN CYBER FORCE
- Victim Country: Pakistan
- Victim Industry: Higher Education/Acadamia
- Victim Organization: university of balochistan
- Victim Site: feedeposit.uob.edu.pk
18. Alleged data leak of TIM Brasil
- Category: Data Breach
- Content: The group claims to have leaked 32,138 database of TIM Brasil. The compromised data includes tdoc,doc,name,tp_log,lograd,number, compl,neighborhood, city,state, zipcode, area code, phone,operator etc
- Date: 2025-11-25T14:22:37Z
- Network: telegram
- Published URL: https://t.me/c/3211040888/3
- Screenshots:
- Threat Actors: Chronus leaks
- Victim Country: Brazil
- Victim Industry: Network & Telecommunications
- Victim Organization: tim brasil
- Victim Site: tim.com.br
19. Alleged shell access to S2O Care Services
- Category: Initial Access
- Content: The group claims to have unauthorized access to S2O Care ServicesNB: The authenticity of the post is yet to be verified.
- Date: 2025-11-25T14:01:56Z
- Network: telegram
- Published URL: https://t.me/c/2758066065/362
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: UK
- Victim Industry: Health & Fitness
- Victim Organization: s2o care services
- Victim Site: s2ocareservices.co.uk
20. Alleged shell access to Al Hakeem International Contracting
- Category: Initial Access
- Content: The group claims to have unauthorized access to Al Hakeem International Contracting.NB: The authenticity of the post is yet to be verified.
- Date: 2025-11-25T13:54:35Z
- Network: telegram
- Published URL: https://t.me/c/2758066065/362
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: UAE
- Victim Industry: Building and construction
- Victim Organization: al hakeem international contracting
- Victim Site: alhakeemcont.com
21. Nullsec Philippines targets the website of DILG Philippines
- Category: Defacement
- Content: The group claims to have defaced the website of DILG Philippines.
- Date: 2025-11-25T13:45:35Z
- Network: telegram
- Published URL: https://t.me/nullsechackers/569
- Screenshots:
- Threat Actors: Nullsec Philippines
- Victim Country: Philippines
- Victim Industry: Government Administration
- Victim Organization: dilg philippines
- Victim Site: dilg.gov.ph
22. Alleged sale of access to Metal Design Inc Arts
- Category: Initial Access
- Content: The group claims to be selling shell access to Metal Design Inc Arts.
- Date: 2025-11-25T13:30:34Z
- Network: telegram
- Published URL: https://t.me/c/2758066065/362
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: India
- Victim Industry: Manufacturing
- Victim Organization: metal design inc arts
- Victim Site: metaldesigninc.com
23. Cryo Pur falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data.
- Date: 2025-11-25T13:28:55Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6925a0f8e1a4e4b3ffdaeaf4
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: France
- Victim Industry: Machinery Manufacturing
- Victim Organization: cryo pur
- Victim Site: cryopur.com
24. Alleged sale of access to Jelly Bean Learning Center
- Category: Initial Access
- Content: The group claims to be selling shell access to Jelly Bean Learning Center.
- Date: 2025-11-25T13:27:00Z
- Network: telegram
- Published URL: https://t.me/c/2758066065/362
- Screenshots:
- Threat Actors: HellR00ters Team
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: jelly bean learning center
- Victim Site: jellybeanllc.com
25. Alleged sale of webShell access to Government of Penajam Paser Utara Regency PPID
- Category: Initial Access
- Content: The group claims to be selling web shell access to Government of Penajam Paser Utara Regency PPID.
- Date: 2025-11-25T13:18:54Z
- Network: telegram
- Published URL: https://t.me/c/2670088117/407
- Screenshots:
- Threat Actors: WOLF CYBER ARMY
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: government of penajam paser utara regency ppid
- Victim Site: ppidppu.penajamkab.go.id
26. Alleged data breach of CIFP Los Gladiolos
- Category: Data Breach
- Content: The group claims to be leaked database of CIFP Los Gladiolos, compromised data contains Full name of the minor, Contact email address, etc.NB: Data leak by L0stex x Nayid
- Date: 2025-11-25T13:15:31Z
- Network: telegram
- Published URL: https://t.me/c/3211040888/9
- Screenshots:
- Threat Actors: Chronus leaks
- Victim Country: Spain
- Victim Industry: Education
- Victim Organization: cifp los gladiolos
- Victim Site: losgladiolos.es
27. Alleged data breach of Government of Paraguay
- Category: Data Breach
- Content: The group claims to be leaked 1.52 GB database of Government of Paraguay, compromised data contains full name, age, diseases, date of birth, ID number, number, etc.
- Date: 2025-11-25T13:03:43Z
- Network: telegram
- Published URL: https://t.me/c/3211040888/14
- Screenshots:
- Threat Actors: Chronus leaks
- Victim Country: Paraguay
- Victim Industry: Government Administration
- Victim Organization: government of paraguay
- Victim Site: paraguay.gov.py
28. Payouts King Ransomware group adds an unknown victim (V****l)
- Category: Ransomware
- Content: The group claims to have obtained 855 GB of the organization’s data.
- Date: 2025-11-25T13:02:22Z
- Network: tor
- Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
- Screenshots:
- Threat Actors: Payouts King
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
29. Alleged sale of webShell access to DPMPTSP Garut Regency
- Category: Initial Access
- Content: The group claims to be selling web shell access to DPMPTSP Garut Regency.
- Date: 2025-11-25T13:02:19Z
- Network: telegram
- Published URL: https://t.me/c/2670088117/407
- Screenshots:
- Threat Actors: WOLF CYBER ARMY
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: dpmptsp garut regency
- Victim Site: dpmptsp.garutkab.go.id
30. Alleged data breach of Declaranet
- Category: Data Breach
- Content: The group claims to have leaked database of Declaranet, the compromised data contains Name, Curp, Rfc, Homoclave, EmailNB: Data breach by adrxx.
- Date: 2025-11-25T12:27:23Z
- Network: telegram
- Published URL: https://t.me/c/3211040888/20
- Screenshots:
- Threat Actors: Chronus leaks
- Victim Country: Mexico
- Victim Industry: Government Administration
- Victim Organization: declaranet
- Victim Site: declaranet.slp.gob.mx
31. Chronus leaks targets the website of Gobierno De Coahuila
- Category: Defacement
- Content: The group claims to have defaced the website of Gobierno De Coahuila
- Date: 2025-11-25T12:20:45Z
- Network: telegram
- Published URL: https://t.me/c/3211040888/17
- Screenshots:
- Threat Actors: Chronus leaks
- Victim Country: Mexico
- Victim Industry: Government Administration
- Victim Organization: gobierno de coahuila
- Victim Site: coahuila.gob.mx
32. Schmidt’s Naturals falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of the organization’s data. The compromised information reportedly includes contracts, client information, payment data, PII, and bank transfers.
- Date: 2025-11-25T12:11:38Z
- Network: tor
- Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/692591cde1a4e4b3ffda7932
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Cosmetics
- Victim Organization: schmidt’s naturals
- Victim Site: schmidts.com
33. KingSkrupellos targets the website of Ministry of Environment and Sustainable Development of Colombia
- Category: Defacement
- Content: The group claims to have defaced the website of Ministry of Environment and Sustainable Development of Colombia.
- Date: 2025-11-25T11:54:52Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211703
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Colombia
- Victim Industry: Government Administration
- Victim Organization: ministry of environment and sustainable development
- Victim Site: geonode.minambiente.gov.co
34. scattered LAPSUS$ hunters 7.0 claims to target Falconfeeds.io
- Category: Alert
- Content: The group claims to target Falconfeeds.io.
- Date: 2025-11-25T11:26:03Z
- Network: telegram
- Published URL: https://t.me/comefacediswood/2125
- Screenshots:
- Threat Actors: scattered LAPSUS$ hunters 7.0
- Victim Country: UK
- Victim Industry: Computer & Network Security
- Victim Organization: falconfeeds.io
- Victim Site: falconfeeds.io
35. Standing Chapter 13 Trustee District of Minnesota falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 44GB of the organization’s data. The compromised information reportedly includes employee and client personal documents such as SSNs, passports, driver’s licenses, detailed financials, internal confidential documents, contracts and agreements, court documents, etc.
- Date: 2025-11-25T11:25:39Z
- Network: tor
- Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: standing chapter 13 trustee district of minnesota
- Victim Site: ch13mn.com
36. Rempe Construction falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have exfiltrated 160 GB of the organization’s Confidential data including, Customer’s data and contracts, and intends to publish it within 7 days.
- Date: 2025-11-25T11:16:35Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/692318c988b6823fa2dc15a8
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: rempe construction
- Victim Site: rempe.com
37. Order-403 targets the website of YouCan
- Category: Defacement
- Content: The group claims to have defaced the website of YouCan. Mirror: https://defacer.id/mirror/id/211293
- Date: 2025-11-25T10:59:08Z
- Network: telegram
- Published URL: https://t.me/order403/25
- Screenshots:
- Threat Actors: Order-403
- Victim Country: Morocco
- Victim Industry: Information Technology (IT) Services
- Victim Organization: youcan
- Victim Site: elrayk.youcan.store
38. NONC falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 12GB of organization’s data, which they intend to publish within a day.
- Date: 2025-11-25T10:34:05Z
- Network: tor
- Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: India
- Victim Industry: Music
- Victim Organization: nonc
- Victim Site: nonc.in
39. Alleged unauthorized access to an industrial SCADA system in Spain
- Category: Initial Access
- Content: The group claims to have accessed the SCADA system of a water filtration facility in Spain, reportedly gaining control of pumps, filters, operating parameters, emergency settings, and admin access, allowing them to change passwords, alter runtimes, trigger shutdowns, disable alerts, and view resulting alarms.
- Date: 2025-11-25T10:34:01Z
- Network: telegram
- Published URL: https://t.me/c/2787466017/654
- Screenshots:
- Threat Actors: NoName057(16)
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
40. D4LGH4CK_TM targets the website of JPL
- Category: Defacement
- Content: The group claims to have defaced the website of NASA Jet Propulsion Laboratory (JPL).
- Date: 2025-11-25T10:18:38Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211711
- Screenshots:
- Threat Actors: D4LGH4CK_TM
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: jpl
- Victim Site: flightplanning.jpl.nasa.gov
41. Balkrishna Paper Mills Limited falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 2 GB of organization’s data, which they intend to publish within a day.
- Date: 2025-11-25T10:18:15Z
- Network: tor
- Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: India
- Victim Industry: Paper & Forest Products
- Victim Organization: balkrishna paper mills limited
- Victim Site: bpml.in
42. LAMAICA falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 2 GB of organization’s data, which they intend to publish within 21 – 22 days.
- Date: 2025-11-25T10:10:31Z
- Network: tor
- Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: Egypt
- Victim Industry: Manufacturing
- Victim Organization: lamaica
- Victim Site: lamaica.com
43. Alleged data breach of Cool Bangalore News
- Category: Data Breach
- Content: The group claims to be leaked database of Cool Bangalore News
- Date: 2025-11-25T10:07:14Z
- Network: telegram
- Published URL: https://t.me/irfacyber/442
- Screenshots:
- Threat Actors: SHADOWX
- Victim Country: India
- Victim Industry: Online Publishing
- Victim Organization: cool bangalore news
- Victim Site: coolbangalorenews.com
44. KingSkrupellos targets the website of Institute of Geological and Energy Research
- Category: Defacement
- Content: The group claims to have defaced the website of Institute of Geological and Energy Research.
- Date: 2025-11-25T09:54:39Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211683
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Ecuador
- Victim Industry: Research Industry
- Victim Organization: institute of geological and energy research
- Victim Site: movimientosenmasadmq.geoenergia.gob.ec
45. KingSkrupellos targets the website of OAP agro
- Category: Defacement
- Content: The group claims to have defaced the website of OAP agro
- Date: 2025-11-25T09:37:59Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211679
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Bolivia
- Victim Industry: Government Administration
- Victim Organization: oap agro
- Victim Site: geoppbr.observatorioagro.gob.bo
46. KingSkrupellos targets the website of Dirección Provincial de Vialidad de Entre Ríos.
- Category: Defacement
- Content: The group claims to have defaced the website of Dirección Provincial de Vialidad de Entre Ríos.
- Date: 2025-11-25T09:37:55Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211680
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Argentina
- Victim Industry: Publishing Industry
- Victim Organization: dirección provincial de vialidad de entre ríos.
- Victim Site: geoportal-test.vialidadentrerios.gob.ar
47. KingSkrupellos targets the website of Municipalidad de Gral. San Martín
- Category: Defacement
- Content: The group claims to have defaced the website of Municipalidad de Gral. San Martín
- Date: 2025-11-25T09:08:26Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211678
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Argentina
- Victim Industry: Government Administration
- Victim Organization: municipalidad de gral. san martín
- Victim Site: sig.sanmartinmza.gob.ar
48. KingSkrupellos targets the website of Geoportal de San Carlos en mapas
- Category: Defacement
- Content: The group claims to have defaced the website of Geoportal de San Carlos en mapas
- Date: 2025-11-25T09:02:42Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211681
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Argentina
- Victim Industry: Government Administration
- Victim Organization: geoportal de san carlos en mapas
- Victim Site: mapas.sancarlos.gob.ar
49. KingSkrupellos targets the website of COPECO
- Category: Defacement
- Content: The group claims to have defaced the website of COPECO
- Date: 2025-11-25T09:01:22Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211677
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Honduras
- Victim Industry: Government Administration
- Victim Organization: copeco
- Victim Site: geonode.copeco.gob.hn
50. KingSkrupellos targets the website of National Institute of Meteorology and Hydrology of Ecuador
- Category: Defacement
- Content: The group claims to have defaced the website of National Institute of Meteorology and Hydrology of Ecuador.
- Date: 2025-11-25T08:56:01Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211682
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Ecuador
- Victim Industry: Renewables & Environment
- Victim Organization: national institute of meteorology and hydrology
- Victim Site: geoservicios.inamhi.gob.ec
51. KingSkrupellos targets the website of Asociación de Municipalidades Ecuatorianas
- Category: Defacement
- Content: The group claims to have defaced the website of Asociación de Municipalidades Ecuatorianas
- Date: 2025-11-25T08:50:33Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211684
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Ecuador
- Victim Industry: Government Administration
- Victim Organization: asociación de municipalidades ecuatorianas
- Victim Site: geoportal.ame.gob.ec
52. KingSkrupellos targets the website of Công Bố Dữ Liệu Viễn Thám
- Category: Defacement
- Content: The group claims to have defaced the website of Công Bố Dữ Liệu Viễn Thám
- Date: 2025-11-25T08:44:50Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211704
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Vietnam
- Victim Industry: Government Administration
- Victim Organization: công bố dữ liệu viễn thám
- Victim Site: congbo.dulieuvientham.gov.vn
53. Alleged leak of admin login access to Udonpichairakpittaya School
- Category: Initial Access
- Content: The group claims to have leaked login access to Udonpichairakpittaya School.
- Date: 2025-11-25T08:43:59Z
- Network: telegram
- Published URL: https://t.me/nxbbsec/3568
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: udonpichairakpittaya school
- Victim Site: upr.ac.th
54. StatMedPlus LLC falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have exfiltrated 230 GB of the organization’s Confidential data including, financial records and internal contracts, and intends to publish it within 7 days.
- Date: 2025-11-25T08:41:24Z
- Network: tor
- Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/6923174b88b6823fa2dc0be0
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: statmedplus llc
- Victim Site: statmedplus.com
55. Red wolf cyber claims to target Morocco and Algeria
- Category: Alert
- Content: A recent post by the group claims that they are targeting Morocco and Algeria.
- Date: 2025-11-25T08:39:07Z
- Network: telegram
- Published URL: https://t.me/c/2609313110/584
- Screenshots:
- Threat Actors: Red wolf cyber
- Victim Country: Morocco
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
56. KingSkrupellos targets the website of Government of the Province of Buenos Aires
- Category: Defacement
- Content: The group claims to have defaced the website of Government of the Province of Buenos Aires.
- Date: 2025-11-25T08:25:26Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211702
- Screenshots:
- Threat Actors: KingSkrupellos
- Victim Country: Argentina
- Victim Industry: Government Administration
- Victim Organization: government of the province of buenos aires
- Victim Site: sata.ambiente.gba.gob.ar
57. scattered LAPSUS$ hunters 7.0 promoting ransomware
- Category: Malware
- Content: A recent post by the group states they are are promoting kirkbit 4.0 and KirkForce ransomware.
- Date: 2025-11-25T07:00:18Z
- Network: telegram
- Published URL: https://t.me/smokinmandiant/476
- Screenshots:
- Threat Actors: scattered LAPSUS$ hunters 7.0
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
58. Alleged Data Breach of Maxon Computer
- Category: Data Breach
- Content: Threat actor claims to have breached the database of Maxon Computer.
- Date: 2025-11-25T06:30:24Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/270703/
- Screenshots:
- Threat Actors: aisus
- Victim Country: Germany
- Victim Industry: Software Development
- Victim Organization: maxon computer
- Victim Site: maxon.net
59. Alleged leak of admin login access to Blue Elephant Thailand Tours
- Category: Initial Access
- Content: The group claims to have leaked login access to Blue Elephant Thailand Tours
- Date: 2025-11-25T06:27:17Z
- Network: telegram
- Published URL: https://t.me/c/3321178780/22
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Thailand
- Victim Industry: Hospitality & Tourism
- Victim Organization: blue elephant thailand tours
- Victim Site: blueelephantthailandtours.com
60. Alleged Data Leak of Maxon.net
- Category: Data Breach
- Content: Threat actor claims to have leaked the data of Maxon.net.
- Date: 2025-11-25T06:21:42Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/270703/
- Screenshots:
- Threat Actors: aisus
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
61. BABAYO EROR SYSTEM targets the website of Peeks Printing
- Category: Defacement
- Content: The group claims to have defaced the website of Peeks Printing.
- Date: 2025-11-25T05:47:00Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211716
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: USA
- Victim Industry: Printing
- Victim Organization: peeks printing
- Victim Site: peeksprinting.com
62. Alleged data breach of Cred Auto Network
- Category: Data Breach
- Content: Threat actor claims to have leaked the data of Cred Auto Network.
- Date: 2025-11-25T05:42:46Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-BRAZIL-CAR-DATA-CREDAUTO
- Screenshots:
- Threat Actors: C0deKing
- Victim Country: Brazil
- Victim Industry: Information Technology (IT) Services
- Victim Organization: cred auto network
- Victim Site: redecredauto.com.br
63. Zecher GmbH falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data
- Date: 2025-11-25T05:24:45Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=faa06017-ba32-35ab-926a-27c5d7e02cae
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Germany
- Victim Industry: Printing
- Victim Organization: zecher gmbh
- Victim Site: zecher.com
64. BABAYO EROR SYSTEM targets the website of AIS Radio
- Category: Defacement
- Content: The group claims to have defaced the website of AIS Radio.
- Date: 2025-11-25T05:21:45Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211715
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: USA
- Victim Industry: Broadcast Media
- Victim Organization: ais radio
- Victim Site: aisradio.com
65. Blue Projects falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data.
- Date: 2025-11-25T05:18:16Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f904c9a2-c16b-30ad-9b4a-a92c657a48d4
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Romania
- Victim Industry: Building and construction
- Victim Organization: blue projects
- Victim Site: blueprojects.com
66. BABAYO EROR SYSTEM targets the website of Furbly
- Category: Defacement
- Content: The group claims to have defaced the website of Furbly.
- Date: 2025-11-25T05:14:00Z
- Network: openweb
- Published URL: https://defacer.id/mirror/id/211713
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: Estonia
- Victim Industry: Furniture
- Victim Organization: furbly
- Victim Site: furbly.ee
67. Nottingham Village falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 110 GB of organization’s data.
- Date: 2025-11-25T05:08:53Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7d70328d-14a4-3a29-91f9-8af0622bb3be
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: nottingham village
- Victim Site: nottinghamvillage.org
68. Alleged leak of malicious JavaScript exploit source code
- Category: Malware
- Content: The group claims to have leaked the source code of a malicious JavaScript exploit allegedly used to steal user data, reportedly targeting a Ukrainian Energy Center in Chernihiv.
- Date: 2025-11-25T05:07:27Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/2563
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Ukraine
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
69. Alleged leak of admin login access to YOORI-SpaGreen Creative
- Category: Initial Access
- Content: The group claims to have leaked login access to YOORI-SpaGreen Creative
- Date: 2025-11-25T04:41:20Z
- Network: telegram
- Published URL: https://t.me/neffex_the_blackhat/42
- Screenshots:
- Threat Actors: Neffex THe BlackHat
- Victim Country: Singapore
- Victim Industry: E-commerce & Online Stores
- Victim Organization: yoori-spagreen creative
- Victim Site: yoori.spagreen.net
70. Alleged leak of admin login access to 24×7 Parcels
- Category: Initial Access
- Content: The group claims to have leaked login access to 24×7 Parcels.
- Date: 2025-11-25T04:36:16Z
- Network: telegram
- Published URL: https://t.me/neffex_the_blackhat/42
- Screenshots:
- Threat Actors: Neffex THe BlackHat
- Victim Country: Netherlands
- Victim Industry: E-commerce & Online Stores
- Victim Organization: 24×7 parcels
- Victim Site: 24x7parcels.com
71. scattered LAPSUS$ hunters 7.0 claims to target National Security Agency
- Category: Alert
- Content: A recent post by the group claims that they are targeting National Security Agency
- Date: 2025-11-25T04:26:59Z
- Network: telegram
- Published URL: https://t.me/smokinmandiant/454
- Screenshots:
- Threat Actors: scattered LAPSUS$ hunters 7.0
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: national security agency
- Victim Site: nsa.gov
72. Alleged data breach of Amcor
- Category: Data Breach
- Content: The group claims to have breached the organization’s data.
- Date: 2025-11-25T04:21:35Z
- Network: tor
- Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/amcore
- Screenshots:
- Threat Actors: CoinbaseCartel
- Victim Country: Switzerland
- Victim Industry: Packaging & Containers
- Victim Organization: amcor
- Victim Site: amcor.com
73. Alleged Data Sale of My Monster Labs
- Category: Data Breach
- Content: Threat Actor claims to be selling domain and site of My Monster Labs.
- Date: 2025-11-25T03:21:47Z
- Network: openweb
- Published URL: https://forum.exploit.biz/topic/270705/
- Screenshots:
- Threat Actors: plahotniuc
- Victim Country: USA
- Victim Industry: Health & Fitness
- Victim Organization: my monster labs
- Victim Site: mymonsterlabs.com
74. Alleged Data Leak of 1.3 Billion Chinese Citizens Database
- Category: Data Breach
- Content: Threat Actor claims to have leaked 1.3 Billion records of Chinese Citizens Database which includes full name, gender, date of birth, citizen ID number, registered address, province, city, and district, phone number, last login IP, device IMEI or MAC address, real-name verification status, and face recognition result.
- Date: 2025-11-25T02:28:53Z
- Network: openweb
- Published URL: https://leakbase.la/threads/big-leaks.46488/
- Screenshots:
- Threat Actors: hackoozz
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
75. Alleged Data Breach of 900 Million SSN Records in USA
- Category: Data Breach
- Content: Threat Actor claims to have breached 900 Million Social Security Number Records in USA which includes SSNs, names, addresses, dates of birth, phone numbers, etc.
- Date: 2025-11-25T02:19:23Z
- Network: openweb
- Published URL: https://leakbase.la/threads/big-leaks.46488/
- Screenshots:
- Threat Actors: hackoozz
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: social security administration
- Victim Site: ssa.gov
76. Commercial WR falls victim to MEDUSA Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intend to publish it within 20-21 days.
- Date: 2025-11-25T02:02:13Z
- Network: tor
- Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=ddab626b0dfa3a63105df32b332fa4bb
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/30853882-e7d2-4917-9024-d7c9121d7024.png
- https://d34iuop8pidsy8.cloudfront.net/2a085ab8-379b-4de0-8f79-4fc7ac39d6e6.png
- https://d34iuop8pidsy8.cloudfront.net/0e827999-67cb-4b5c-a647-0a9a99e92668.png
- https://d34iuop8pidsy8.cloudfront.net/d3c6ee59-47db-4ea5-8f72-bd617b07e831.png
- https://d34iuop8pidsy8.cloudfront.net/79e1896f-659a-410f-ba2b-528786dfd553.png
- https://d34iuop8pidsy8.cloudfront.net/7d1fdeeb-d662-44d8-804e-52c4c9cd9234.png
- Threat Actors: MEDUSA
- Victim Country: Brazil
- Victim Industry: Outsourcing & Offshoring
- Victim Organization: commercial wr
- Victim Site: wrcomercial.com.br
77. Alleged Data Breach of 850 Million HI-TEK’s Citizen Database in India
- Category: Data Breach
- Content: Threat Actor claims to have breached 850 Million records of HI-TEK’s Citizen Database in India, which includes name, Aadhaar, address, alternate number, mobile number, etc.
- Date: 2025-11-25T01:38:14Z
- Network: openweb
- Published URL: https://leakbase.la/threads/big-leaks.46488/
- Screenshots:
- Threat Actors: hackoozz
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: hi-tek group
- Victim Site: hitekgroup.in
78. Alleged Data Breach of 608 MILLION CITIZEN CNIC NADRA DATABASE in Pakistan
- Category: Data Breach
- Content: Threat actor claims to have breached 608 million citizen records of CNIC NADRA database in Pakistan, which includes name, CNIC, address, mobile number, etc.
- Date: 2025-11-25T01:36:26Z
- Network: openweb
- Published URL: https://leakbase.la/threads/big-leaks.46488/
- Screenshots:
- Threat Actors: hackoozz
- Victim Country: Pakistan
- Victim Industry: Government Administration
- Victim Organization: national database and registration authority
- Victim Site: nadra.gov.pk
79. Infrastructure Destruction Squad claims to target USA
- Category: Alert
- Content: A recent post by the group claims that they are targeting USA
- Date: 2025-11-25T01:10:03Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/2559
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
80. Infrastructure Destruction Squad claims to target India
- Category: Alert
- Content: A recent post by the group claims that they are targeting India
- Date: 2025-11-25T01:06:48Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/2556
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
81. Alleged Data Leak of 608 MILLION CITIZEN CNIC NADRA DATABASE in Pakistan
- Category: Data Breach
- Content: Threat actor claims to have leaked the data of 608 million citizen CNIC NADRA database in Pakistan, which includes name, CNIC, address, mobile number, etc.
- Date: 2025-11-25T00:52:38Z
- Network: openweb
- Published URL: https://leakbase.la/threads/big-leaks.46488/
- Screenshots:
- Threat Actors: hackoozz
- Victim Country: Pakistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
82. Municipal University of Sao Caetano do Sul (USCS) falls victim to MEDUSA Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intend to publish it within 17-18 days.
- Date: 2025-11-25T00:40:32Z
- Network: tor
- Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=a4f6f6bd335ab7802859759b380d03f6
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/6d9b877f-059c-4377-ab4e-ec767ea32597.png
- https://d34iuop8pidsy8.cloudfront.net/68979b6c-434b-43a1-93e1-bc3ca7ad92b1.png
- https://d34iuop8pidsy8.cloudfront.net/83cfe040-afb8-4bc8-9c53-e4700a4e85ff.png
- https://d34iuop8pidsy8.cloudfront.net/6f6c413e-d747-488e-bd2c-4e83aace8eeb.png
- https://d34iuop8pidsy8.cloudfront.net/82e96b3d-fbe7-4acf-8529-26a24e516e88.png
- Threat Actors: MEDUSA
- Victim Country: Brazil
- Victim Industry: Education
- Victim Organization: municipal university of sao caetano do sul (uscs)
- Victim Site: uscs.edu.br
Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks are particularly prominent, with major groups like Qilin, Everest, and Sinobi targeting sectors ranging from education and healthcare to manufacturing and real estate across countries like the USA, Canada, Germany, and France. Data breaches and leaks remain a critical issue, with massive alleged exposures involving citizen databases in China, the USA, India, and Pakistan. Beyond data compromise, the report reveals significant activity in initial access sales and website defacements, affecting government bodies and private enterprises globally. The wide geographic spread—spanning North and South America, Europe, Asia, and the Middle East—demonstrates that organizations across all industries face persistent threats from sophisticated actors and opportunistic attacks. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence.