This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Studio Corvo Parma falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained 42GB of organization’s data.
- Date: 2025-11-06T22:24:57Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6f5ff8e0-145f-38a0-be0f-4e39b0c7be01)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Italy
- Victim Industry: Business and Economic Development
- Victim Organization: studio corvo parma
- Victim Site: studiocorvo.com
- Washington Post falls victim to CL0P ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization data.
- Date: 2025-11-06T22:01:51Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/washingtonpost-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Publishing Industry
- Victim Organization: washington post
- Victim Site: washingtonpost.com
- Alleged data leak of PAKISTANI/PUNJAB POLICE DATABASE
- Category: Data Breach
- Content: Threat actor claims to be leaked details of PAKISTANI/PUNJAB POLICE DATABASE.
- Date: 2025-11-06T21:44:24Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-PAKISTANI-PUNJAB-POLICE-DATABASE-LEAK)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Zanaco falls victim to CL0P ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization data.
- Date: 2025-11-06T21:44:00Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/zanaco-co-zm)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: Zambia
- Victim Industry: Financial Services
- Victim Organization: zanaco
- Victim Site: zanaco.co.zm
- Alleged data breach of Turkish Higher Education Quality Council
- Category: Data Breach
- Content: The Threat actor claims to be leaked the Turkish Higher Education Quality Council database.
- Date: 2025-11-06T21:38:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-yokak-gov-tr-Turkish-Government-University-Database-Leaked)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Turkey
- Victim Industry: Higher Education/Acadamia
- Victim Organization: turkish higher education quality council
- Victim Site: yokak.gov.tr
- Alleged data leak of ISIS
- Category: Data Breach
- Content: Threat actor claims to be leaked ISIS documents.
- Date: 2025-11-06T21:20:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-MAJOR-ISIS-LEAK-DB-Private-Documents)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized WordPress admin access to an unidentified Kuwait e-commerce site (credit-card redirect)
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized WordPress admin access For an unidentified e-commerce website Located in Kuwait (KW). The listing indicates the site uses a credit-card redirect payment method and provides recent transaction volumes: October — 104 COD, 51 credit-card orders; September — 125 COD, 69 credit-card orders.
- Date: 2025-11-06T21:17:24Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269788/)
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: Kuwait
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized WordPress admin access to an unidentified US e-commerce website
- Category: Initial Access
- Content: The threat actor is allegedly offering unauthorized administrative access to an unidentified e-commerce website based in the United States, reportedly operating on the WordPress/WooCommerce Platform.
- Date: 2025-11-06T21:10:37Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269784/)
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized access to an unidentified Peruvian bakery website
- Category: Initial Access
- Content: The threat actor is allegedly offering unauthorized access to an unidentified e-commerce website based in Peru, identified as a bakery or pastry shop operating on the WordPress/WooCommerce Platform. The listing claims the website has processed a total of 14,518 Orders, with 69 Orders in October and 18 of those involving card payments. The payment system reportedly uses an iframe-based payment form, which may indicate potential interception or manipulation risk if compromised.
- Date: 2025-11-06T21:04:15Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269771/)
- Screenshots:
- Threat Actors: SammyWalt
- Victim Country: Peru
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-11-06T21:01:28Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690cfb46e1a4e4b3ff3860ac)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Music
- Victim Organization: musikcomputer gmbh
- Victim Site: musikcomputer.eu
- Prutsch-Lang & Damitner Lawyers falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-11-06T20:50:16Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690cf80fe1a4e4b3ff382b0b)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Law Practice & Law Firms
- Victim Organization: prutsch-lang & damitner lawyers
- Victim Site: prutsch-ra.at
- Meyer & Vögele Elektroanlagen GmbH falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-11-06T20:40:39Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690cf324e1a4e4b3ff37c2be)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Germany
- Victim Industry: Printing
- Victim Organization: meyer & vögele elektroanlagen gmbh
- Victim Site: mvelektroanlagen.de
- Ketat Grundstücksverwertungs GmbH falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-11-06T20:23:48Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690cf653e1a4e4b3ff380d0a)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Real Estate
- Victim Organization: ketat grundstücksverwertungs gmbh
- Victim Site: ketat.at
- Alleged data breach of ItzEazy
- Category: Data Breach
- Content: The threat actor claims to have leaked 3.4 GB of customer data from ItzEazy.in, a Govtech startup founded in 2015 that provides services for obtaining various government documents such as passports, visas, marriage and birth certificates, and RTO-related services like driving licenses
- Date: 2025-11-06T20:21:31Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-ItzEazy-in-3-4GB-Data-Documents)
- Screenshots:
- Threat Actors: Moscow
- Victim Country: India
- Victim Industry: Consumer Services
- Victim Organization: itzeazy
- Victim Site: itzeazy.in
- Alleged leak of admin access to neatchapter
- Category: Initial Access
- Content: Threat actor claims to have leaked admin credentials belonging to neatchapter.
- Date: 2025-11-06T19:55:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Korean-site-neatchapter-imweb-me-Admin-Access)
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: South Korea
- Victim Industry: Unknown
- Victim Organization: neatchapter
- Victim Site: neatchapter.imweb.me
- Provincial Department of Health Services falls victim to Kryptos Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and intends to publish it within 10 days.
- Date: 2025-11-06T19:55:19Z
- Network: tor
- Published URL: (http://kryptospnjzz7vfkr663bnqv3dxirmr3svo5zwq7cvu2wdfngujgknyd.onion/)
- Screenshots:
- Threat Actors: Kryptos
- Victim Country: Sri Lanka
- Victim Industry: Hospital & Health Care
- Victim Organization: provincial department of health services
- Victim Site: healthdept.nw.gov.lk
- Alleged data sale of USER PERSONAL DATA INFORMATION PAYTM
- Category: Data Breach
- Content: The threat actor claims to be selling personal data of Paytm online payment service users located in India. They allege that the data has been collected since early 2025, with portions from mid-2025 and more recent months, originating from multiple transaction sources across the country.
- Date: 2025-11-06T18:58:15Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-INDIA-8M-USER-PERSONAL-DATA-INFORMATION-PAYTM)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: India
- Victim Industry: Financial Services
- Victim Organization: paytm
- Victim Site: paytm.com
- Alleged sale of unauthorized Spanish and EU identity dossiers (DNI, IBAN, business documents)
- Category: Data Breach
- Content: The threat actor claim to be selling unauthorized Spanish and EU identity dossiers containing extensive personal and business information. The listing advertises Spain DNI (National ID) scans along with IBAN details, business registration documents, professional certificates, notarized rental forms, and insurance policies.
- Date: 2025-11-06T18:54:37Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269765/)
- Screenshots:
- Threat Actors: boto
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Piaty Müller-Mezin Schoeller Partner falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive data.
- Date: 2025-11-06T18:46:23Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690ce7c0e1a4e4b3ff36d3b8)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Law Practice & Law Firms
- Victim Organization: piaty müller-mezin schoeller partner
- Victim Site: pmsp.at
- Alleged sale of online trade personal information from Russia
- Category: Data Breach
- Content: Threat actor claims to be selling leaked online trade personal information from Russia. This data contains names, emails, dob and phone numbers. this data contains a mix of several .ru emails and was collected since mid 2025.
- Date: 2025-11-06T18:42:23Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-RUSSIA-1M-PERSONAL-INFORMATION-ONLINE-TRADING)
- Screenshots:
- Threat Actors: Shinchan
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- ZEBRA falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T18:21:47Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690ce012e1a4e4b3ff364399)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Austria
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: zebra
- Victim Site: zebra.or.at
- UScraft falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-06T17:39:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d93e4467-1add-3e22-a6be-a1d554846708)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: uscraft
- Victim Site: uscraft.com
- Alleged sale of unauthorized root access to sigmadomain.com
- Category: Initial Access
- Content: The threat actor claims to be offering root-level access to the website sigmadomain.com, stating the site is for sale and they possess full server control. The actor asserts root access (highest privilege) and the ability to modify or exfiltrate site contents and services.
- Date: 2025-11-06T17:36:24Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269760/)
- Screenshots:
- Threat Actors: APT_Hunter
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- PCB Funeral Care falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained 30 GB of the organization’s data.
- Date: 2025-11-06T17:28:17Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ad533e11-1afb-300c-b05b-b833258d02b5)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Netherlands
- Victim Industry: Consumer Services
- Victim Organization: pcb funeral care
- Victim Site: pcbuitvaartzorg.nl
- Alleged sale of unauthorized access to an unidentified UK-based online store
- Category: Initial Access
- Content: The threat actor is claim to be selling unauthorized access to an unidentified UK e-commerce website operating on the PrestaShop Platform.
- Date: 2025-11-06T17:18:25Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269759/)
- Screenshots:
- Threat Actors: manofworld
- Victim Country: UK
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized domain admin access to an unidentified Belgian agricultural organization
- Category: Initial Access
- Content: threat actor clam to be selling unauthorized domain administrator access to the network of an unidentified organization based in Belgium, reportedly operating in the agriculture and rural production sector.
- Date: 2025-11-06T17:10:28Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269757/)
- Screenshots:
- Threat Actors: setvik
- Victim Country: Belgium
- Victim Industry: Farming
- Victim Organization: Unknown
- Victim Site: Unknown
- Sai Mai Hospital falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1030 GB of the organization’s data
- Date: 2025-11-06T16:53:49Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4111a2ba-260a-3c3f-bd78-51e673d4ddcc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Thailand
- Victim Industry: Hospital & Health Care
- Victim Organization: sai mai hospital
- Victim Site: saimai.co.th
- Systems Integrated falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 140 GB of the organization’s data
- Date: 2025-11-06T16:30:03Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c78c9a6d-174d-354c-bac7-f9defd1a5fe7)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing & Industrial Products
- Victim Organization: systems integrated
- Victim Site: systemsintegrated.com
- Alleged data breach of MYM
- Category: Data Breach
- Content: The threat actor claims to have leaked SQL data of over 5 million users from MYM.fans, allegedly from a 2021 data breach. The compromised data, dated March 2021, includes user information. The breach reportedly contains more than 5 million user records in SQL format, with an uncompressed size of 1.81 GB, and passwords hashed using MD5.
- Date: 2025-11-06T16:22:50Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-mym-fans-2021-5M-french-users-sql-dump)
- Screenshots:
- Threat Actors: alec3899
- Victim Country: France
- Victim Industry: Software Development
- Victim Organization: mym
- Victim Site: mym.fans
- Tass Meister Patent Firm falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-06T15:50:34Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=73fc97b7-fcb1-3f75-8f53-736d4543ce6d)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Japan
- Victim Industry: Legal Services
- Victim Organization: tass meister patent firm
- Victim Site: tassmeister.com
- Cyb3r Drag0nz targets the website of Rangala General Trading LTD
- Category: Defacement
- Content: Group claims to have defaced the website of Rangala General Trading LTD
- Date: 2025-11-06T14:30:37Z
- Network: telegram
- Published URL: (https://t.me/c/2508606000/44)
- Screenshots:
- Threat Actors: Cyb3r Drag0nz
- Victim Country: Iraq
- Victim Industry: Wholesale
- Victim Organization: rangala general trading ltd
- Victim Site: rangala.co
- Ville de Mont-Laurie falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-06T14:27:21Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=735b2639-7735-3bca-a651-6a5b4fbe4317)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Government Administration
- Victim Organization: ville de mont-laurie
- Victim Site: villemontlaurier.qc.ca
- Dermatology Associates falls victim to ANUBIS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained data from Dermatology Associates, including patient records, test results, sensitive photos, addresses, phone numbers, emails, 20,000 insurance policies, and employee information.
- Date: 2025-11-06T14:25:31Z
- Network: tor
- Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/16PgHcQZZ6puf1n71XgMPzLqmOv+tWE4ptmN4Ionax+OJpUc+6zGujgf2m1MYZqXuENg6nNTFSnIn1AzFsnBvWXJiSHk4)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/b48723ef-1dd9-47f3-9af4-a3c59ccbb9fa.png
- https://d34iuop8pidsy8.cloudfront.net/b03bb968-9dca-4cca-93c1-f0f51fe2fb52.png
- https://d34iuop8pidsy8.cloudfront.net/646a71af-ae50-4976-b505-83ee5ae329cf.png
- https://d34iuop8pidsy8.cloudfront.net/6abc39e8-c56d-4bc3-ab7e-a07061c17b6b.png
- https://d34iuop8pidsy8.cloudfront.net/f5b197db-f534-4e2c-b57f-142d75f75da1.png
- https://d34iuop8pidsy8.cloudfront.net/711fe1d7-9f9b-4742-8940-975015e8cfa2.png
- https://d34iuop8pidsy8.cloudfront.net/597f8f32-1b9c-4824-8949-42fb84d75d81.png
- https://d34iuop8pidsy8.cloudfront.net/3892fe57-61f4-4d61-ae1a-902e4f295308.png
- https://d34iuop8pidsy8.cloudfront.net/8938bd3e-61ad-4e26-b312-992819166219.png
- https://d34iuop8pidsy8.cloudfront.net/410a8ea8-6c9e-4895-86e7-ba25c9e9726a.png
- Threat Actors: ANUBIS
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: dermatology associates
- Victim Site: dermctr.com
- Alleged data leak of Mymoneytimes
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Mymoneytimes.
- Date: 2025-11-06T14:24:45Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-INDIAN-economic-news-site-mymoneytimes-com)
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: India
- Victim Industry: Online Publishing
- Victim Organization: mymoneytimes
- Victim Site: mymoneytimes.com
- Alleged sale of admin access to costless.ae
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized admin access to costless.ae.
- Date: 2025-11-06T14:17:26Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Emirati-online-shop-costless-ae-Admin-Access)
- Screenshots:
- Threat Actors: crazyboy68
- Victim Country: UAE
- Victim Industry: E-commerce & Online Stores
- Victim Organization: costless.ae
- Victim Site: costless.ae
- Pharaoh’s Team targets the website of Kağan Şimşek
- Category: Defacement
- Content: The group claims to have defaced the website of Kağan Şimşek
- Date: 2025-11-06T13:59:25Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/265)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Turkey
- Victim Industry: Online Publishing
- Victim Organization: kağan şimşek
- Victim Site: kagansimsek.com.tr
- Alleged leak of login access of Cambodia Journal of Basic and Applied Research (CJBAR)
- Category: Initial Access
- Content: The group claims to have leaked access to Cambodia Journal of Basic and Applied Research (CJBAR)
- Date: 2025-11-06T13:56:36Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/3014)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Cambodia
- Victim Industry: Education
- Victim Organization: cambodia journal of basic and applied research
- Victim Site: cjbar.rupp.edu.kh
- Cyb3r Drag0nz targets the website of Nawshirwan Mustafa
- Category: Defacement
- Content: Group claims to have defaced the website of Nawshirwan Mustafa
- Date: 2025-11-06T13:49:50Z
- Network: telegram
- Published URL: (https://t.me/c/2508606000/41)
- Screenshots:
- Threat Actors: Cyb3r Drag0nz
- Victim Country: Iraq
- Victim Industry: Political Organization
- Victim Organization: nawshirwan mustafa
- Victim Site: nawshirwanmustafa.org
- Alleged sale of unauthorized access to BELTEI International School
- Category: Initial Access
- Content: The group claims to have selling unauthorized access to BELTEI International School
- Date: 2025-11-06T13:48:10Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/3010)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Cambodia
- Victim Industry: Education
- Victim Organization: beltei international school
- Victim Site: beltei.edu.kh
- Black Hills Bentonite LLC falls victim to Nitrogen ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-06T13:34:14Z
- Network: tor
- Published URL: (http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/690c9ded13b9b6ae96964033)
- Screenshots:
- Threat Actors: Nitrogen
- Victim Country: USA
- Victim Industry: Mining/Metals
- Victim Organization: black hills bentonite llc
- Victim Site: bhbentonite.com
- Alleged data breach of Health Dimensions Group
- Category: Data Breach
- Content: The group claims to have breached data from Health Dimensions Group, and intends to publish it within 1–2 days.
- Date: 2025-11-06T13:22:55Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/4518445519/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Business and Economic Development
- Victim Organization: health dimensions group
- Victim Site: healthdimensionsgroup.com
- Cyb3r Drag0nz targets the website of Azadbun Organization
- Category: Defacement
- Content: Group claims to have defaced the website of Azadbun Organization
- Date: 2025-11-06T13:17:07Z
- Network: telegram
- Published URL: (https://t.me/c/2508606000/39)
- Screenshots:
- Threat Actors: Cyb3r Drag0nz
- Victim Country: Iraq
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: azadbun organization
- Victim Site: azadbun.com
- Alleged data breach of Horst Realty
- Category: Data Breach
- Content: The group claims to have leaked 27 GB compressed files from Horst Realty. NB: The authenticity of the claim is yet to be verified.
- Date: 2025-11-06T13:15:15Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: USA
- Victim Industry: Commercial Real Estate
- Victim Organization: horst realty company, llc
- Victim Site: horstrealty.com
- E-First Aid Supplies falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 14 GB of the organization’s corporate data, including employee and customer information, financial records, confidential files, etc.
- Date: 2025-11-06T13:05:33Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: e-first aid supplies
- Victim Site: e-firstaidsupplies.com
- Secretaria Municipal de Saúde de Fortaleza falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 400 GB of the organization’s internal data and intends to publish it within 15- 16 days
- Date: 2025-11-06T12:52:49Z
- Network: tor
- Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
- Screenshots:
- Threat Actors: Nova
- Victim Country: Brazil
- Victim Industry: Government Administration
- Victim Organization: secretaria municipal de saúde de fortaleza
- Victim Site: saudefortaleza.ce.gov.br
- Alleged data sale of Dubai Police Academy
- Category: Data Breach
- Content: The threat actor claims to be selling student’s data from the Dubai Police Academy, allegedly including administrator information such as first name, last name, email address, phone number, and ID photos (front and back).
- Date: 2025-11-06T11:22:37Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-UAE-Police-Academy-Student-Data)
- Screenshots:
- Threat Actors: united_arab_emirates_op
- Victim Country: UAE
- Victim Industry: Government Administration
- Victim Organization: dubai police academy
- Victim Site: dubaipolice.ac.ae
- Noble Compañía de Seguros falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-11-06T10:52:46Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9b9806c7-f738-3ee0-95d6-503f2ee6a859)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Argentina
- Victim Industry: Insurance
- Victim Organization: noble compañía de seguros
- Victim Site: nobleseguros.com
- Advanced Technology Group falls victim to Warlock Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intends to publish it within 6-7 days.
- Date: 2025-11-06T09:49:58Z
- Network: tor
- Published URL: (http://warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion/)
- Screenshots:
- Threat Actors: Warlock
- Victim Country: Czech Republic
- Victim Industry: Machinery Manufacturing
- Victim Organization: advanced technology group,spol.s r.o.
- Victim Site: atg.cz
- Speedmais falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 2.3 GB of the organization’s data and intends to publish it within 3–4 days.
- Date: 2025-11-06T09:36:48Z
- Network: tor
- Published URL: (http://nspiremkiq44zcxjbgvab4mdedyh2pzj5kzbmvftcugq3mczx3dqogid.onion/database)
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: Brazil
- Victim Industry: Information Technology (IT) Services
- Victim Organization: speedmais
- Victim Site: speedmais.com.br
- Vrata Tech Solutions falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and intends to publish it within 3-4 days.
- Date: 2025-11-06T09:32:20Z
- Network: tor
- Published URL: (http://nspiremkiq44zcxjbgvab4mdedyh2pzj5kzbmvftcugq3mczx3dqogid.onion/database)
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: vrata tech solutions
- Victim Site: vratatech.com
- Brihta falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1.5TB of the organization’s data and intends to publish it within 3-4 days.
- Date: 2025-11-06T09:28:22Z
- Network: tor
- Published URL: (http://nspiremkiq44zcxjbgvab4mdedyh2pzj5kzbmvftcugq3mczx3dqogid.onion/database)
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: Slovenia
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: brihta
- Victim Site: brihtamarketing.si
- Silanos falls victim to Warlock Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and intends to publish in 6 to 7 days.
- Date: 2025-11-06T09:23:21Z
- Network: tor
- Published URL: (http://warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion/)
- Screenshots:
- Threat Actors: Warlock
- Victim Country: Italy
- Victim Industry: Machinery Manufacturing
- Victim Organization: silanos
- Victim Site: silanosn.local
- TEIN, INC. falls victim to Warlock Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intend to publish it within 6-7 days.
- Date: 2025-11-06T09:15:24Z
- Network: tor
- Published URL: (http://warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion/)
- Screenshots:
- Threat Actors: Warlock
- Victim Country: Japan
- Victim Industry: Automotive
- Victim Organization: tein, inc.
- Victim Site: tein.co.jp
- NARTIS Plant LLC falls victim to Warlock Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intend to publish it within 7 days.
- Date: 2025-11-06T09:12:39Z
- Network: tor
- Published URL: (http://warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion/)
- Screenshots:
- Threat Actors: Warlock
- Victim Country: Russia
- Victim Industry: Manufacturing
- Victim Organization: nartis plant llc
- Victim Site: nartis.ru
- miltech.local falls victim to Warlock Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data
- Date: 2025-11-06T09:08:37Z
- Network: tor
- Published URL: (http://warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion/)
- Screenshots:
- Threat Actors: Warlock
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: miltech.local
- Alleged data sale of Prisoner’s Legal Services of Massachusetts
- Category: Data Breach
- Content: The threat actor claims to be selling sensitive data from the Prisoner’s Legal Services of Massachusetts, Allegedly including PII, SSNs, bank statements, insurance details, employee data, and internal emails from July 2025.
- Date: 2025-11-06T08:22:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Raw-Data-of-the-Massachusetts-Prisoners-Legal-Services-Organization)
- Screenshots:
- Threat Actors: sentap
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: prisoner’s legal services of massachusetts
- Victim Site: plsma.org
- Alleged sale of unauthorized access to unidentified shop in France
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to unidentified shop in France.
- Date: 2025-11-06T05:52:56Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269716/)
- Screenshots:
- Threat Actors: Stari4ok
- Victim Country: France
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of DHARAHARA TICKETING SYSTEM PANEL
- Category: Data Breach
- Content: The group claims to have sale of DHARAHARA TICKETING SYSTEM PANEL.
- Date: 2025-11-06T05:52:31Z
- Network: telegram
- Published URL: (https://t.me/ctrl_nepal/184)
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Government & Public Sector
- Victim Organization: dharahara
- Victim Site: dharahara.gov.np
- Alleged Shell Access to Multiple Argentine Organizations
- Category: Initial Access
- Content: The group claims to have gained shell access to multiple organizations based in Argentina.
- Date: 2025-11-06T05:20:21Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/261)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: buenos aires tucumán express
- Victim Site: expresobsastucuman.com.ar
- Alleged leak of passport, ID card from Romania
- Category: Data Breach
- Content: The threat actor claims to be selling Romanian passport and ID card.
- Date: 2025-11-06T05:04:33Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Romanian-passport-ID-card)
- Screenshots:
- Threat Actors: Arnoldsudney123
- Victim Country: Romania
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Data Sale of Ferrovial Database
- Category: Data Breach
- Content: The threat actor claims to have leaked and listed the database of Ferrovial, dated September 20, 2025, for sale on a private Telegram channel. The post advertises access to the full archive through Telegram contact, suggesting that the exposed data may include sensitive corporate or client information.
- Date: 2025-11-06T05:01:27Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/ferrovial-2025-09-20-db-avilable-on-priva1e-channe1-to-b0y-acces-dm-telgram.45344/)
- Screenshots:
- Threat Actors: yees0987
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Padel Mates
- Category: Data Breach
- Content: The threat actor claims to have leaked the source code of Padel Mates.
- Date: 2025-11-06T04:59:21Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-Padel-Mates-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: Sweden
- Victim Industry: Software Development
- Victim Organization: padel mates
- Victim Site: padelmates.se
- Alleged sale of Bolivia E-Commerce user database
- Category: Data Breach
- Content: Threat actor claims to be selling 500k Bolivia E-Commerce user data with detailed profiles. The compromised data includes id, city, email, state, address, country, enabled, profile, surname, utcZone, zipCode, password, birthDate, telephone, etc.
- Date: 2025-11-06T04:56:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-500k-Bolivia-E-Commerce-User-Database-Leak-with-Detailed-Profiles)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Bolivia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak Chile telecom directory
- Category: Data Breach
- Content: Threat actor claims to have leaked 120K Chile Telecom Business Contact Directory dated in 2023. The compromised data includes id, fax, email, telephone, etc.
- Date: 2025-11-06T04:48:03Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-120k-Chile-Telecom-Business-Contact-Directory-2023-Leaked)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Chile
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Chilean Utility Customer Database
- Category: Data Breach
- Content: The threat actor claims to be selling a dataset containing approximately 200,000 customer records allegedly tied to Chilean utility services. The compromised data reportedly includes UUID, customer ID, account numbers, phone numbers, names, email addresses, physical addresses, usernames, hashed passwords, timestamps (signup, last login, deactivation), and additional fields suggesting service usage, billing attributes (e.g., solar, water, heating), and administrative observations.
- Date: 2025-11-06T04:38:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-200k-Chileno-Utility-Customer-Data-Leak-with-Detailed-Personal-Profiles)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Chile
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Australian consumer mobile database
- Category: Data Breach
- Content: Threat actor claims to have leaked Australian consumer mobile database.
- Date: 2025-11-06T04:17:07Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/australia-consumer-mobile-database.45349/)
- Screenshots:
- Threat Actors: henryjoe02
- Victim Country: Australia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Australian Manufacturer Contact Database
- Category: Data Breach
- Content: The threat actor claims to be selling a dataset containing approximately 127,603 contact records allegedly tied to Australian manufacturers. The compromised data reportedly includes UUID, CatManID, ManufacturerID, fax number, name (Nama), email address, physical address (Alamat), country (Negara), telephone number (Telpon), and homepage URLs.
- Date: 2025-11-06T03:46:07Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-127-603-Australia-Manufacturer-Contacts-Full-Export-Leak)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Australia
- Victim Industry: Manufacturing
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Australian Online Retail Customer Database
- Category: Data Breach
- Content: The threat actor claims to be selling a dataset containing approximately 567,890 customer records allegedly tied to Australian online retail. The compromised data reportedly includes UUID, store ID, address ID, customer ID, customer group ID, IP address, fax number, cart contents, email, token, account status, approval flags, full names, hashed passwords, wishlist entries, telephone numbers, account creation timestamps, and newsletter subscription status.
- Date: 2025-11-06T03:15:20Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-567-890-Australia-Online-Retail-Customer-Database-Leaked-Full-Contact-Profile)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Australia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of data from an unidentified China-based recruitment platform
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing over 500,000 records from a China-based recruitment platform. The leaked data reportedly includes UUID, candidate and job IDs, age, gender, full name, mobile number, email address, national ID numbers, education level, birthplace, current address, marital status, nationality, language skills, and resume content.
- Date: 2025-11-06T02:56:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-500k-China-Recruitment-Data-Leak-Extensive-List-of-Job-Seekers-with-Profiles-and)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of tourism booking records from Canada
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing 500,000 Canada tourism booking records. The compromised data reportedly includes UUID, user and country IDs, occupation, birthdate, email, phone, booking details (package, bookname, addtime), budget/ready/need/reason fields, personal name fields (firstname, salutation), and image/email metadata.
- Date: 2025-11-06T02:44:25Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-500k-Canada-Tourism-Booking-Data-Leak-with-Detailed-Customer-Profiles)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Canada
- Victim Industry: Hospitality & Tourism
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Cameroon E-Commerce Platform
- Category: Data Breach
- Content: Threat actor claims to have leaked transaction and customer records, including detailed shipping and payment logs, from a Cameroon e-commerce platform.
- Date: 2025-11-06T02:35:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-150-000-Cameroon-E-Commerce-Purchase-Database-with-Detailed-Shipping-Payment-Log)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Cameroon
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of records from a Canada-based mapping service
- Category: Data Breach
- Content: A threat actor is claiming to sell a database containing over 250,000 records from a Canada-based mapping service. The leaked data reportedly includes UUID, map ID, latitude and longitude coordinates, map name, description, contact name, phone number, email, address, city, state, ZIP code, website, and associated images or logos.
- Date: 2025-11-06T02:32:03Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-250k-Rows-Canada-Mapping-Service-Data-Leak-Exposes-Location-and-Contact-Details)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of personal data from Brazil
- Category: Data Breach
- Content: Threat actor claims to have leaked 1M personal data from Brazil. The compromised data includes id, email, name, data, Reg, etc.
- Date: 2025-11-06T02:24:09Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-1m-Brazil-Massive-Personal-Data-Leak-with-Email-Passwords)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- ELSEWEDY ELECTRIC falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. Note: ELSEWEDY ELECTRIC has previously fallen victim to LockBit Ransomware on December 01, 2023
- Date: 2025-11-06T02:15:46Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/elsewedyelectric-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: Egypt
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: elsewedy electric
- Victim Site: elsewedyelectric.com
- Alleged data leak of unidentified Holiday rentals in Austria
- Category: Data Breach
- Content: Threat actor claims to be selling data from unidentified Holiday rentals in Austria. The compromised data includes id, customer id, fax, beds, city, logo, name, email, phone, active, address, homepage, location, etc.
- Date: 2025-11-06T02:15:06Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-135-687-Austria-Holiday-Rentals-Exposed-Full-Property-Management-Dataset-Leaked)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Austria
- Victim Industry: Leisure & Travel
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of unidentified Australian E-commerce platform
- Category: Data Breach
- Content: Threat actor claims to have leaked 500k data from unidentified Australian E commerce platform. The compromised data includes city, name, id, post code, etc.
- Date: 2025-11-06T02:09:25Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-500k-Australia-E-commerce-Platform-Data-Leak-with-User-Profiles-and-Contact-Informa)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Australia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of course registration and payment platform Brazil
- Category: Data Breach
- Content: A threat actor is claiming to sell a database containing approximately 890,000 records from a Brazil course registration and payment platform. The leaked dataset reportedly includes full personally identifiable information (PII) and financial details such as name identifiers, course and transaction IDs, CPF/CNPJ, address, phone number, IP, city, state, ZIP (CEP), payment method, card brand, installment details, coupon codes, and payment values.
- Date: 2025-11-06T02:08:08Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-890k-Brazil-Course-Payment-Registration-Dataset-Full-PII-Transaction-Details)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Shaparak
- Category: Data Breach
- Content: Threat actor claims to have leaked 168k customer records 55.36 GB from Shaparak, Iran’s electronic card payment network operator.
- Date: 2025-11-06T02:05:30Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Shaparak-com-Data-Breach-168M-unique-customers)
- Screenshots:
- Threat Actors: Spirigatito
- Victim Country: Iran
- Victim Industry: Financial Services
- Victim Organization: shaparak
- Victim Site: shaparak.com
- Logitech falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T02:01:37Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/logitech-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: Switzerland
- Victim Industry: Consumer Electronics
- Victim Organization: logitech
- Victim Site: logitech.com
- Alleged data leak of Argentina e-commerce records
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing 250,000 Argentina e-commerce records. The compromised data reportedly includes UUID, account IDs/codes, usernames and passwords (pass), primary and secondary emails (e_mail, e_mail_2), phone/fax (e_tel, e_fax), website (e_web), company/store names (e_empresa, e_vendedor), addresses (e_domicilio/e_loc), product/brand fields (e_prod, e_marcas), listing/advertiser info and other commercial metadata.
- Date: 2025-11-06T01:57:28Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-250k-Argentina-E-Commerce-Leak-with-Full-Contact-Details–58335)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Argentina
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Argentina Comprehensive Data
- Category: Data Breach
- Content: A threat actor claims to be selling a database containing personally identifiable and organizational data, including fields such as UUID, email, company name, phone number, and address
- Date: 2025-11-06T01:53:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-500k-Argentina-Comprehensive-Data-Exposure-from-Corporate-Directory-with-Contact-D)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Kirby Corporation falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:47:50Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/kirbycorp-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: kirby corporation
- Victim Site: kirbycorp.com
- Trimble Inc. falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:39:45Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/trimble-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: trimble inc.
- Victim Site: trimble.com
- Alleged leak of Bangladeshi job seekers database
- Category: Data Breach
- Content: The threat actor is claims to be selling a database containing 250,000 records of Bangladeshi job seekers, allegedly sourced from the telecom sector. The leaked data reportedly includes UUID, gender, salary, location, education, username, experience, job category, phone number (MSISDN), and registration details.
- Date: 2025-11-06T01:37:51Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-250k-Bangladesh-Job-Seekers-Dataset-Featuring-Salaries-and-Locations-Telecom-Sourc)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Bangladesh
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- MKS Inc. falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:33:55Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/mks-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Semiconductors
- Victim Organization: mks inc
- Victim Site: mks.com
- Alleged leak of Austria Business Directory
- Category: Data Breach
- Content: The threat actor is claims to be selling database containing 300,000 records from an Austria Business Directory. The leaked data reportedly includes UUID, ID, name, business type, image, phone number, address, village, and website details.
- Date: 2025-11-06T01:30:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-300k-Austria-Business-Directory-Leak-Detailed-Profiles-with-Images-and-Contact-Inf)
- Screenshots:
- Threat Actors: Kunta
- Victim Country: Austria
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- International Motors, LLC falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:29:16Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/international-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: international motors, llc
- Victim Site: international.com
- Informa PLC falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:23:02Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/informa-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: UK
- Victim Industry: Information Services
- Victim Organization: informa plc
- Victim Site: informa.com
- Kier Group falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T01:11:49Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/kier-co-uk)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: UK
- Victim Industry: Building and construction
- Victim Organization: kier group
- Victim Site: kier.co.uk
- John Wood Group PLC falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T00:59:31Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/woodplc-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: UK
- Victim Industry: Professional Services
- Victim Organization: john wood group plc
- Victim Site: woodplc.com
- Rheem Manufacturing falls victim to CL0P Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-11-06T00:50:41Z
- Network: tor
- Published URL: (http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/rheem-com)
- Screenshots:
- Threat Actors: CL0P
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: rheem manufacturing
- Victim Site: rheem.com
- Alleged data breach of Cumilla City Corporation
- Category: Data Breach
- Content: Threat actor claims to have leaked 13K+ records from Cumilla City Corporation. NB: Authenticity of the claim is yet to be verified.
- Date: 2025-11-06T00:41:58Z
- Network: telegram
- Published URL: (https://t.me/c/2805167925/83)
- Screenshots:
- Threat Actors: Trojan 1337
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: cumilla city corporation
- Victim Site: cocc.portal.gov.bd
- The Union League of Philadelphia falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s sensitive data.
- Date: 2025-11-06T00:32:11Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/690b8501e1a4e4b3ff1d8fbe)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Hospitality & Tourism
- Victim Organization: the union league of philadelphia
- Victim Site: unionleague.org
- Alleged Unauthorized Access to Taiwanese Smart Home Automation System
- Category: Initial Access
- Content: The group claims to have gained access to an intelligent home control system in Taiwan that manages lighting, air conditioning, floor heating, and audio-video equipment. They allege that the compromised network allows centralized and room-specific control—including full lighting activation with a single command indicating a breach within a modern, high-end home automation infrastructure.
- Date: 2025-11-06T00:25:05Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2302)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Taiwan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Unauthorized Access to Greek Heating Control System (ALFA THERM)
- Category: Initial Access
- Content: The group claims to have gained access to a system in Greece belonging to ALFA THERM, a company specializing in intelligent heating solutions. The compromised system allegedly manages central heating boilers, temperature regulation, and automated control of pumps, valves, and fans, enabling real-time monitoring and adjustments within residential or industrial energy networks.
- Date: 2025-11-06T00:16:29Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2301)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Greece
- Victim Industry: Energy & Utilities
- Victim Organization: alfa therm
- Victim Site: alphatherm.com.gr
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and Data Breaches are prominent, affecting sectors from E-commerce and Financial Services to Government Administration and Healthcare, and impacting countries including the USA, Austria, India, and Canada. The compromised data ranges from personal user information and credit card details to sensitive patient records and corporate data.
The report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to e-commerce platforms, educational systems, and domain admin accounts. Defacement attacks were also observed against organizations in Iraq and Turkey.
The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.