This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged Sale of U.S. Citizens Social Security Numbers
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing personal information of U.S. citizens with Social Security Numbers (SSNs) with a sample of 150,000 rows.
- Date: 2025-11-03T23:55:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-%F0%9F%87%BA%F0%9F%87%B8USA-citizens-with-SSN-DB-leak-fresh-stolen)
- Screenshots:
- Threat Actors: Mamy22
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
2. Alleged Data leak of Unidentified Organisation in USA
- Category: Data Breach
- Content: The group claims to have leaked data from the Unidentified Organisation in USA.
- Date: 2025-11-03T23:43:49Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2266)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. HeiTech falls victim to DEVMAN 2.0 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 60 GB of the organization’s data and intends to publish them within 2-3 days.
- Date: 2025-11-03T22:29:13Z
- Network: tor
- Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: Malaysia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: heitech
- Victim Site: heitech.com.my
4. Alleged data leak of Mossad Intelligence agents
- Category: Data Breach
- Content: Threat actor claims to be selling leaked Mossad Intelligence agents details. The compromised data reportedly contains ID, name, email, city, phone number, etc.
- Date: 2025-11-03T22:03:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-%E2%9C%A1%EF%B8%8F-100-FULL-PAGES-OF-MOSSAD-INTELLIGENCE-AGENTS-DETAILS-LEAKED-%E2%9C%A1%EF%B8%8F)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Israel
- Victim Industry: Education
- Victim Organization: mossad
- Victim Site: mossad.gov.il
5. Alleged leak of Ministry of Justice Court Documents (UK)
- Category: Data Breach
- Content: Threat actor claims to be selling leaked Ministry of Justice Court documents related to Shineyhunters group.
- Date: 2025-11-03T21:52:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%91%A8%E2%80%8D%F0%9F%92%BB-United-Kingdom-Ministry-of-Justice-Court-Documents-Related-to-Shinyhunters%F0%9F%91%A8%E2%80%8D%F0%9F%92%BB)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: UK
- Victim Industry: Government Administration
- Victim Organization: ministry of justice
- Victim Site: gov.uk
6. Alleged data sale of udikov.ru
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from udikov.ru, Russia. The compromised data reportedly contains ID, post author, post password, post name, etc.
- Date: 2025-11-03T21:33:52Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-WordPress-Database-udikov-ru-Russian)
- Screenshots:
- Threat Actors: Richard2002
- Victim Country: Russia
- Victim Industry: Online Publishing
- Victim Organization: udikov.ru
- Victim Site: udikov.ru
7. Alleged sale of 5,000 U.S. credit-card records
- Category: Data Breach
- Content: The threat actor claims to be selling 5,000 U.S. credit-card records. The compromised data reportedly includes name, address, city, zip code, email, etc.
- Date: 2025-11-03T21:15:02Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269559/)
- Screenshots:
- Threat Actors: Cleaner
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
8. Riverside Dental falls victim to Mydata/Alphalocker Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and intends to publish it within 9 to 10 days.
- Date: 2025-11-03T21:02:07Z
- Network: tor
- Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1-26)
- Screenshots:
- Threat Actors: Mydata/Alphalocker
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: riverside dental
- Victim Site: myriversidedentaloffice.com
9. Alleged data breach of Chervona Zirka Chemical and Pharmaceutical Plant
- Category: Data Breach
- Content: Group claims to have leaked data from Chervona Zirka Chemical and Pharmaceutical Plant. The compromised data reportedly include name, email, phone number, address, etc.
- Date: 2025-11-03T20:08:01Z
- Network: telegram
- Published URL: (https://t.me/itarmyofrussianews/269)
- Screenshots:
- Threat Actors: IT ARMY OF RUSSIA
- Victim Country: Ukraine
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: chervona zirka chemical and pharmaceutical plant
- Victim Site: chervonazirka.com.ua
10. Alleged unauthorized access to an electrical substation in Estonia
- Category: Initial Access
- Content: Group claims to have gained unauthorized access to a electrical substation in Estonia.
- Date: 2025-11-03T19:50:36Z
- Network: telegram
- Published URL: (https://t.me/perunswaroga/672)
- Screenshots:
- Threat Actors: Perun Svaroga
- Victim Country: Estonia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
11. Irwin Car and Equipment falls victim to PLAY ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data and plans to publish it within 4-5 days.
- Date: 2025-11-03T19:44:49Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=iV8hnc13PW38Qt)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Mining/Metals
- Victim Organization: irwin car and equipment
- Victim Site: irwincar.com
12. Alleged database sale of Pan no Tora
- Category: Data Breach
- Content: Threat actor claims to have leaked 8.4MB of data from Pan no Tora. The compromised data includes 30,120 records which contains full names, email addresses, phone numbers, physical addresses, unencrypted passwords, etc.
- Date: 2025-11-03T18:52:13Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Japan-pannotora-shop-com-30k)
- Screenshots:
- Threat Actors: siege
- Victim Country: Japan
- Victim Industry: Food & Beverages
- Victim Organization: pan no tora
- Victim Site: pannotora-shop.com
13. GHOST’S OF GAZA targets the website of UpSoul
- Category: Defacement
- Content: Group claims to have defaced the website of UpSoul.
- Date: 2025-11-03T17:47:44Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/101)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Business and Economic Development
- Victim Organization: upsoul
- Victim Site: upsoul.com.br
14. GHOST’S OF GAZA targets the website of Datacom
- Category: Defacement
- Content: Group claims to have defaced the website of Datacom.
- Date: 2025-11-03T17:45:12Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/101)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Information Technology (IT) Services
- Victim Organization: datacom
- Victim Site: datacom.com
15. GHOST’S OF GAZA targets the official website of the Association of Guardianship Councilors of the State of Rio de Janeiro
- Category: Defacement
- Content: Group claims to have defaced the official website of the Association of Guardianship Councilors of the State of Rio de Janeiro.
- Date: 2025-11-03T17:42:57Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/101)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: association of guardianship councilors of the state of rio de janeiro
- Victim Site: acterj.org.br
16. GHOST’S OF GAZA targets the website of Support Surgical
- Category: Defacement
- Content: Group claims to have defaced the website of Support Surgical.
- Date: 2025-11-03T17:40:07Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/101)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Hospital & Health Care
- Victim Organization: support surgical
- Victim Site: supportsurgical.com.br
17. GHOST’S OF GAZA targets the website of Trade Union of Employees in Presidente Venceslau
- Category: Defacement
- Content: Group claims to have defaced the website of Trade Union of Employees in Presidente Venceslau.
- Date: 2025-11-03T17:37:32Z
- Network: telegram
- Published URL: (https://t.me/GHOSTS_OF_GAZA/101)
- Screenshots:
- Threat Actors: GHOST’S OF GAZA
- Victim Country: Brazil
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: trade union of employees in presidente venceslau
- Victim Site: sincomerciariospv.com.br
18. Alleged unauthorized access to an unidentified financial institution in Thailand
- Category: Initial Access
- Content: Group claims to have obtained unauthorized access to the internal banking management system of an unidentified financial institution in Thailand.
- Date: 2025-11-03T16:47:36Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2263)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Thailand
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
19. Alleged sale of European healthcare data
- Category: Data Breach
- Content: The threat actor claims to be selling European healthcare data. The compromised data reportedly includes name, DOB, address, etc.
- Date: 2025-11-03T16:35:04Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/european-healthcare-medicare-db-leak.45209/)
- Screenshots:
- Threat Actors: yees0987
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
20. Moonlight Basin falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 17 GB of the organization’s data. The compromised data includes a bit of client and employee data, lots of internal reports, contracts and agreements, accounting and financial documents, NDA, etc.
- Date: 2025-11-03T16:08:22Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Hospitality & Tourism
- Victim Organization: moonlight basin
- Victim Site: moonlightbasin.com
21. Alleged unauthorized access to Genius Systems
- Category: Initial Access
- Content: Group claims to have gained unauthorized access to Genius Systems through leaked login credentials.
- Date: 2025-11-03T16:05:11Z
- Network: telegram
- Published URL: (https://t.me/fornetcloud/4173)
- Screenshots:
- Threat Actors: FORNET ORG
- Victim Country: Nepal
- Victim Industry: Information Technology (IT) Services
- Victim Organization: genius systems
- Victim Site: geniussystems.com.np
22. Designs for Vision, Inc. falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 50 GB of the organization’s data. The compromised data includes lots of project information, a bit of personal information, credit cards details and other financial and accounting information, contracts and agreements, NDA, etc.
- Date: 2025-11-03T16:01:38Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: designs for vision, inc.
- Victim Site: designsforvision.com
23. Mecanex USA,Inc. falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 24 GB of the organization’s data. The compromised data includes employee information (Social security number, passports, driver licenses, phones, addresses and so on), confidential military information, lots of contracts and agreements (including military), information on how to work with explosive and so on, NDA, etc.
- Date: 2025-11-03T15:54:20Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Airlines & Aviation
- Victim Organization: mecanex usa,inc.
- Victim Site: mecanexusa.com
24. Alleged sale of unauthorized FTP administrator access to an unidentified multi-industry organization
- Category: Initial Access
- Content: A threat actor claim to be selling unauthorized administrator-level access to the FTP main server of an unidentified organization based in Brazil. The company operates across the Food & Beverage, Retail, Manufacturing, and Grocery Retail Industries.
- Date: 2025-11-03T15:45:17Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269538/)
- Screenshots:
- Threat Actors: Anon-WMG
- Victim Country: Brazil
- Victim Industry: Food & Beverages
- Victim Organization: Unknown
- Victim Site: Unknown
25. Pinto Coates Kyre & Bowers falls victim to INTERLOCK Ransomware
- Category: Ransomware
- Content: The group claims to have obtained over 862 GB of the organizations data.
- Date: 2025-11-03T15:31:20Z
- Network: tor
- Published URL: (http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php)
- Screenshots:
- Threat Actors: INTERLOCK
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: pinto coates kyre & bowers
- Victim Site: pckb-law.com
26. Bishop Ireton High School falls victim to INTERLOCK Ransomware
- Category: Ransomware
- Content: The group claims to have obtained over 763 GB of the organizations data.
- Date: 2025-11-03T15:25:11Z
- Network: tor
- Published URL: (http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php)
- Screenshots:
- Threat Actors: INTERLOCK
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: bishop ireton high school
- Victim Site: bishopireton.org
27. Dayal Metal Containers Factory LLC falls victim to NightSpire ransomware
- Category: Ransomware
- Content: The group claims to have obtained 30 GB of the organization’s data and plans to publish it within 16-17 days.
- Date: 2025-11-03T15:24:51Z
- Network: tor
- Published URL: (http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database)
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: UAE
- Victim Industry: Manufacturing
- Victim Organization: dayal metal containers factory llc
- Victim Site: dayalmc.com
28. Alleged data breach of Air France
- Category: Data Breach
- Content: The threat actor claims to have leaked customers data and companies database from Air France.
- Date: 2025-11-03T15:12:32Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/airfrance-com-constumers-and-conpanie-db-leak-avilable-on-pr1vate-channe1.45207/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: France
- Victim Industry: Airlines & Aviation
- Victim Organization: air france
- Victim Site: airfrance.com
29. The Aetherius Society falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-03T14:26:44Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6908aab1e1a4e4b3fff0c666)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Religious Institutions
- Victim Organization: the aetherius society
- Victim Site: aetherius.org
30. Vitalmex falls victim to INC RANSOM ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-03T14:22:14Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6908b0e6e1a4e4b3fff12d74)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Mexico
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: vitalmex
- Victim Site: vitalmex.com.mx
31. Kingcan Holdings Limited falls victim to RADAR group Ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data and plans to publish it within 30 -31 days.
- Date: 2025-11-03T13:58:23Z
- Network: tor
- Published URL: (http://3bnusfu2lgk5at43ceu7cdok5yv4gfbono2jv57ho74ucjvc7czirfid.onion/awaiting-publication)
- Screenshots:
- Threat Actors: RADAR group
- Victim Country: Taiwan
- Victim Industry: Packaging & Containers
- Victim Organization: kingcan holdings limited
- Victim Site: kingcan.net
32. Ellafi Federal Credit Union falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 17 GB of the organization’s data. The compromised data includes employee and customer information, w-9 forms, contracts and agreements, confidential files, accounting and financial documents, HR files, NDA, etc.
- Date: 2025-11-03T13:31:42Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: ellafi federal credit union
- Victim Site: ellafifcu.org
33. Montage Marketing Services falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 26 GB of the organization’s data. The compromised data includes employee and customer information, contracts and agreements, accounting and financial documents, HR files, etc.
- Date: 2025-11-03T13:19:12Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: montage marketing services
- Victim Site: montagemarketingservices.com
34. Morris Communications Company, LLC. falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained 84GB of the organization’s data. The compromised data includes financial data (audit, payment details, invoices), employees and customers information (passports, driver’s license, Social Security Numbers, medical information, death/birth certificate, emails, phones) confidential information, NDAS and other documents with detailed personal information.
- Date: 2025-11-03T13:18:42Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Publishing Industry
- Victim Organization: morris communications company, llc.
- Victim Site: morris.com
35. WINDALLINCE targets the website of Aquaservice
- Category: Defacement
- Content: The group claims to have defaced the website of Aquaservice.
- Date: 2025-11-03T13:01:54Z
- Network: telegram
- Published URL: (https://t.me/c/2619773723/3897)
- Screenshots:
- Threat Actors: WINDALLINCE
- Victim Country: Ukraine
- Victim Industry: Facilities Services
- Victim Organization: aquaservice
- Victim Site: aquaservice.od.ua
36. Alleged access sale to Angola Government mail
- Category: Initial Access
- Content: The threat actor claims to be selling access to Angolan government email.
- Date: 2025-11-03T13:01:46Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-government-mail)
- Screenshots:
- Threat Actors: dontlookatme
- Victim Country: South Africa
- Victim Industry: Government Administration
- Victim Organization: government of angola
- Victim Site: governo.gov.ao
37. G. Hauswirth Architekten AG falls victim to DragonForce Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1.44 TB of organization’s data.
- Date: 2025-11-03T12:22:06Z
- Network: tor
- Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
- Screenshots:
- Threat Actors: DragonForce
- Victim Country: Switzerland
- Victim Industry: Architecture & Planning
- Victim Organization: g. hauswirth architekten ag
- Victim Site: hauswirth-architekten.ch
38. Gerson & Schwartz Accident & Injury Lawyers falls victim to PEAR Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1.1 TB of the organization’s data. The compromised data reportedly includes Partners’ and Vendors’ Data, Clients’ Privileged & Confidential Data, PII & PHI Records, Police Reports & Court Files, Exhibits & Evidences, Internal and External Email Correspondence, etc.
- Date: 2025-11-03T12:10:54Z
- Network: tor
- Published URL: (http://peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion/Companies/injuryattorneyfla/)
- Screenshots:
- Threat Actors: PEAR
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: gerson & schwartz accident & injury lawyers
- Victim Site: injuryattorneyfla.com
39. ANCO falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of organization’s data.
- Date: 2025-11-03T11:46:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=949f97d5-25dd-3b78-b464-9142e6633ac2)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Spain
- Victim Industry: Information Technology (IT) Services
- Victim Organization: anco
- Victim Site: anco.es
40. Victorian Chemical Company Pty Ltd. falls victim to RansomHouse Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-03T10:34:21Z
- Network: tor
- Published URL: (http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/d27193cd8c972a8c0dcf2fa1b066d6b9c0603103)
- Screenshots:
- Threat Actors: RansomHouse
- Victim Country: Australia
- Victim Industry: Manufacturing
- Victim Organization: victorian chemical company pty ltd.
- Victim Site: vicchem.com
41. Alleged unauthorized access to BNW Therapeutics
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to BNW Therapeutics.
- Date: 2025-11-03T09:21:16Z
- Network: telegram
- Published URL: (https://t.me/c/3203428005/56)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Pakistan
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: bnw therapeutics
- Victim Site: bnwpak.com
42. Alleged sale of Chinese Army data
- Category: Data Breach
- Content: The threat actor claims to be selling a 1.9 MB CSV file allegedly containing data belonging to the China Army 13th Command (Di 13 Shī Sīlìngbù).
- Date: 2025-11-03T08:32:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-CHINA-ARMY-%E7%AC%AC13%E5%B8%88%E5%8F%B8%E4%BB%A4%E9%83%A8-D%C3%AC-13-Sh%C4%AB-S%C4%ABl%C3%ACngb%C3%B9-2025)
- Screenshots:
- Threat Actors: black_matrix
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
43. Alleged data sale of Gateworks Corporation
- Category: Data Breach
- Content: The threat actor claims to be selling data from Gateworks Corporation. The compromised data includes sensitive corporate documents from companies such as Trimble, DLC Display Co., Limited, Microchip, eGalax eMPIA Technology, NXP, Max Integrated, and Analog Devices (ADV).
- Date: 2025-11-03T07:54:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Gateworks-Corporation-Data-Breach)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: USA
- Victim Industry: Computer Hardware
- Victim Organization: gateworks corporation
- Victim Site: gateworks.com
44. Alleged Data leak of Life Insurance Corporation of India
- Category: Data Breach
- Content: The group claims to have leaked data from the Life Insurance Corporation of India, including personal and policy records from 2023. The exposed information allegedly contains policyholder names, policy numbers, premium amounts, and coverage details, indicating unauthorized access to sensitive insurance databases.
- Date: 2025-11-03T06:35:07Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2259)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: life insurance corporation of india
- Victim Site: licindia.in
45. University of Gävle falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 2 TB of the organization’s internal data and intends to publish it within 12 days
- Date: 2025-11-03T06:27:47Z
- Network: tor
- Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/)
- Screenshots:
- Threat Actors: Nova
- Victim Country: Sweden
- Victim Industry: Education
- Victim Organization: university of gävle
- Victim Site: hig.se
46. Alleged data breach of Phonehouse
- Category: Data Breach
- Content: The threat actor claims to have leaked the Phone House Spain database, containing over 13 million records of customer and employee personal data.
- Date: 2025-11-03T05:51:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Phonehouse-Database-13M-%F0%9F%87%AA%F0%9F%87%B8)
- Screenshots:
- Threat Actors: scandal
- Victim Country: Spain
- Victim Industry: Network & Telecommunications
- Victim Organization: phonehouse
- Victim Site: phonehouse.es
47. LEAKS DATABASE CYBER TEAM INDONESIA targets the website of ClassiJobs
- Category: Defacement
- Content: Group claims to have defaced the websites of ClassiJobs.
- Date: 2025-11-03T05:09:54Z
- Network: telegram
- Published URL: (https://t.me/c/2326263047/482)
- Screenshots:
- Threat Actors: LEAKS DATABASE CYBER TEAM INDONESIA
- Victim Country: Brazil
- Victim Industry: Human Resources
- Victim Organization: classijobs
- Victim Site: fortaleza.classijobs.com.br
48. KAL EGY 319 claims to target Egyptian government
- Category: Alert
- Content: A recent post by the group indicates they are targeting Egyptian government.
- Date: 2025-11-03T03:23:23Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/37)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Egypt
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
49. Unterkofler falls victim to Mydata/Alphalocker Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 117 GB of the organization’s data and intends to publish it within 7 days.
- Date: 2025-11-03T01:47:08Z
- Network: tor
- Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1-28)
- Screenshots:
- Threat Actors: Mydata/Alphalocker
- Victim Country: Austria
- Victim Industry: Food & Beverages
- Victim Organization: unterkofler llc
- Victim Site: unterkofler.info
50. Automotive Manufacturers Private Limited falls victim to Mydata/Alphalocker
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data and intends to publish it within 7 days
- Date: 2025-11-03T01:01:31Z
- Network: tor
- Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1-29)
- Screenshots:
- Threat Actors: Mydata/Alphalocker
- Victim Country: India
- Victim Industry: Automotive
- Victim Organization: automotive manufacturers private limited
- Victim Site: automotiveml.com
51. Mayco International falls victim to ANUBIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1 TB of the organization’s internal data. The exposed data includes 3D CAD models (.prt, .mfr), manufacturing blueprints, production videos, internal presentations, business correspondence, and partner-related documents. The leak allegedly exposes proprietary designs for major automotive clients, including Tesla and Chrysler.
- Date: 2025-11-03T00:08:23Z
- Network: tor
- Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/+Ux7ZGwb+wgrPFOpEZAPcrEbDNULtEza6f7gmyh1TvoWxcevgNeFRvtThKLhZ0VfAIHZqLM8p1w++ZKWbeZS+kY2ajUxTE1k)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/07f3f058-671e-4ef4-9894-bb249610acde.png
- https://d34iuop8pidsy8.cloudfront.net/7462a2dc-8c55-4678-90f1-fac8053738c4.png
- https://d34iuop8pidsy8.cloudfront.net/2f14b5ca-48aa-4973-9205-fc4ba1061222.png
- https://d34iuop8pidsy8.cloudfront.net/10e70ae1-89e7-4361-b11e-47d94cc5b074.png
- https://d34iuop8pidsy8.cloudfront.net/16ff5a2b-b4fe-4ec0-b4ae-4363f27b7c33.png
- https://d34iuop8pidsy8.cloudfront.net/273b43cd-e797-42d3-9906-5ef744fc1a64.png
- https://d34iuop8pidsy8.cloudfront.net/2a70253d-1cf4-41fe-8c83-9e9f2ad1390d.png
- https://d34iuop8pidsy8.cloudfront.net/68bf11d3-3f86-4122-9d21-c5b62cb9f6f8.png
- https://d34iuop8pidsy8.cloudfront.net/1e27a87f-4fdf-4b6b-8a10-9565bb380af8.png
- https://d34iuop8pidsy8.cloudfront.net/d50e5f63-2483-4557-912b-488a6565dcd0.png
- https://d34iuop8pidsy8.cloudfront.net/7c54203f-6b3d-4134-9e92-65534e7fea4c.png
- https://d34iuop8pidsy8.cloudfront.net/3f5f594d-1f39-4aae-bd57-819f05af1907.png
- https://d34iuop8pidsy8.cloudfront.net/04d1e7d9-6fc2-427f-85ea-497feb9b503a.png
- Threat Actors: ANUBIS
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: mayco international
- Victim Site: maycointernational.com
52. BROTHERHOOD CAPUNG INDONESIA targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced multiple websites.
- Date: 2025-11-03T00:03:16Z
- Network: telegram
- Published URL: (https://t.me/c/3203428005/38)
- Screenshots:
- Threat Actors: BROTHERHOOD CAPUNG INDONESIA
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: fashiondrd.bdimit.online
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and Data Breaches are prominent, affecting various sectors and geographies. The compromised data ranges from personal information (including SSNs, credit card records, and sensitive policyholder data) to confidential corporate and military information (including project data, internal reports, and proprietary designs). The report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to internal banking systems, corporate networks, and government email. Furthermore, Defacement attacks were observed, primarily targeting Brazilian organizations. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.