This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. ICET STUDIOS S.R.L. falls victim to The Gentlemen Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and intends to publish it within 10 days
- Date: 2025-10-14T23:51:49Z
- Network: tor
- Published URL: (http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/)
- Screenshots:
- Threat Actors: The Gentlemen
- Victim Country: Italy
- Victim Industry: Entertainment & Movie Production
- Victim Organization: icet studios s.r.l.
- Victim Site: icetstudios.com
2. Alleged sale of TWINT Phishing Panel
- Category: Phishing
- Content: The threat actor claims to be selling a TWINT Phishing Panel a live admin panel for running phishing campaigns against TWINT and “71+ Swiss banks,” advertising credential-harvesting, anti-bot evasion, and partnership/traffic support.
- Date: 2025-10-14T22:54:09Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268231/)
- Screenshots:
- Threat Actors: Mastermind100
- Victim Country: Switzerland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged sale of unidentified hosting service providers data from Italy
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from an unidentified Italian hosting service providers. The compromised data reportedly contains over 526,000 website backups, 4,631 hosting customer records, and 6,546 MySQL databases.
- Date: 2025-10-14T22:30:22Z
- Network: openweb
- Published URL: (https://bhf.pro/threads/714334/)
- Screenshots:
- Threat Actors: 010010
- Victim Country: Italy
- Victim Industry: Information Technology (IT) Services
- Victim Organization: Unknown
- Victim Site: Unknown
4. Alu Perpignan falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T22:22:49Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9ddf1c6c-7e52-329b-b2da-56a3c538ab2e)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Building and construction
- Victim Organization: alu perpignan
- Victim Site: alu-perpignan.fr
5. Alleged Sale of Russian Legal Entities Database
- Category: Data Breach
- Content: The threat actor claims to be selling a database of Russian legal entities. The compromised data reportedly contains 6,427,681 records that includes name, dob, passport , and OGRN are highly reliable throughout the dataset.
- Date: 2025-10-14T22:21:35Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/russian-legal-entities-database-64m-records-bhg2w7qrwfmd)
- Screenshots:
- Threat Actors: exporter
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
6. Alleged data sale of Democrazia Sovrana Popolare
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Democrazia Sovrana Popolare, an Italian political party. The compromised data reportedly contains 5,000 records including admin, user, password, phone, payments and personal data.
- Date: 2025-10-14T22:17:03Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Democrazia-Sovrana-Popolare-Political-Party-Data-Leaked-Download)
- Screenshots:
- Threat Actors: DARK39
- Victim Country: Italy
- Victim Industry: Political Organization
- Victim Organization: democrazia sovrana popolare
- Victim Site: democraziasovranapopolare.net
7. Roger Renard Entreprise falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:16:47Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3c6d0a58-7134-3b4f-8bf5-02a4e00205f8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Building and construction
- Victim Organization: roger renard entreprise
- Victim Site: roger-renard.fr
8. Hunter Construction Group falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:13:03Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0d96ba6f-149c-34f5-8302-4148479cff70)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: hunter construction group
- Victim Site: hunterconstructiongroup.com
9. Urban Linker falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:10:31Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f3eb6919-36a4-30ae-951c-bd9bc08cc082)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Staffing/Recruiting
- Victim Organization: urban linker
- Victim Site: urbanlinker.com
10. Executive Cabinetry falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T22:09:04Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3ba3c58a-1620-3b55-b8a3-b73f619e4977)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Furniture
- Victim Organization: executive cabinetry
- Victim Site: executivecabinetry.com
11. Alquería falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:07:35Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=80abe74b-1d86-3c3f-b2f3-6001db7c2407)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Colombia
- Victim Industry: Food & Beverages
- Victim Organization: alquería
- Victim Site: alqueria.com.co
12. SICE falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:03:57Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=19650561-99ff-3c4a-8140-8c24391190c8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: sice
- Victim Site: sice.com
13. Alleged Sale of Customer Export from EKK Anlagentechnik GmbH & Co. KG
- Category: Data Breach
- Content: The threat actor claims to be selling Customer Export from EKK Anlagentechnik GmbH & Co. KG in Germany. The compromised data reportedly contains id, age, city, email, zip code, etc.
- Date: 2025-10-14T22:03:55Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/german-company-customer-export-from-ekk-anlagentechnik-deconfidential.44474/)
- Screenshots:
- Threat Actors: iamanigga
- Victim Country: Germany
- Victim Industry: Manufacturing
- Victim Organization: ekk anlagentechnik gmbh & co. kg
- Victim Site: ekk-anlagentechnik.de
14. Alleged data sale of Ola Chat
- Category: Data Breach
- Content: Threat actor claims to be selling leaked customer data, internal database, and source codes from Ola Chat, Singapore. The compromised data reportedly contains over 100 million users data, over 1500 repos of source code, and internal DB for company manage.
- Date: 2025-10-14T22:03:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-olachat-over-100-million-users-worldwide-customer-internal-DB-source-codes)
- Screenshots:
- Threat Actors: olachat_mail
- Victim Country: Singapore
- Victim Industry: Information Technology (IT) Services
- Victim Organization: ola chat
- Victim Site: olachat.sg
15. New Jersey Property-Liability Insurance Guaranty Association falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T22:01:08Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=90e6f071-a346-32b6-8c40-73094f1bbaa2)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Insurance
- Victim Organization: new jersey property-liability insurance guaranty association
- Victim Site: njguaranty.org
16. SFG Technology falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T21:58:18Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7762f78d-9e97-3e7a-b868-1bf3a5715d45)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Malaysia
- Victim Industry: Professional Services
- Victim Organization: sfg technology
- Victim Site: sfg.com.my
17. Saint Charles International falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T21:55:13Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a88bd773-f7d0-36b9-a80f-f128858aecf4)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: International Trade & Development
- Victim Organization: saint charles international
- Victim Site: public.saintcharlesinternational.com
18. WebCut Converting falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-14T21:54:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8ae71cf0-3fe7-37de-a1f5-0e3ba221b030)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Packaging & Containers
- Victim Organization: webcut converting
- Victim Site: webcutconverting.com
19. Volkswagen France falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained 150 GB of organization’s data. Sample screenshots are provided on their dark web portal.
- Date: 2025-10-14T21:51:41Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=826b0da1-6b16-3761-9f7d-288e18c59dc4)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Automotive
- Victim Organization: volkswagen france
- Victim Site: volkswagen.fr
20. Pro Fab falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-10-14T21:47:34Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=878a5488-4ff5-3139-a4c6-d9f0ffe7d491)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: pro fab
- Victim Site: pro-fab.com
21. Alleged sale of access to Ministry of Finance, Thailand
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to email of Ministry of finance, Thailand.
- Date: 2025-10-14T21:28:13Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-mof-go-th-access)
- Screenshots:
- Threat Actors: syzyf
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: ministry of finance
- Victim Site: mof.go.th
22. L.LOFT falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T21:07:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=fb95f198-d1b8-3998-bd23-500b2dcb91c6)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Furniture
- Victim Organization: l.loft
- Victim Site: l-loft.fr
23. Typology falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T20:54:14Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8adea6e3-c348-3320-8b48-209a1c55d4af)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Cosmetics
- Victim Organization: typology
- Victim Site: typology.com
24. ditransa falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T20:48:15Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=57453d52-0fd4-3c95-b7b6-c1c84f1449f0)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Colombia
- Victim Industry: Transportation & Logistics
- Victim Organization: ditransa
- Victim Site: ditransa.com.co
25. LaRosa’s Pizzeria, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T20:41:19Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=79eb08a7-9a67-3145-94f5-03130c2bbeb5)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Restaurants
- Victim Organization: larosa’s pizzeria, inc.
- Victim Site: larosas.com
26. TRANS-WORLD SHIPPING SERVICE, INC. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T20:33:25Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8d28bd4b-fc43-32fb-9403-79eaeadf4fef)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: trans-world shipping service, inc.
- Victim Site: tws-tac.net
27. Addis falls victim to Qilin Ransomware
- Category: Ransomware
- Content: Group claims to have obtained the organization’s data.
- Date: 2025-10-14T20:23:18Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7beb8d97-0f21-30f2-9dc3-d6c3ddec6ef5)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: addis
- Victim Site: addisla.org
28. Gittens Healthcare falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T19:51:43Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=71de869a-f77b-365e-88fb-1049a789dd3f)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Grenada
- Victim Industry: Hospital & Health Care
- Victim Organization: gittens healthcare
- Victim Site: gittenshealthcare.com
29. Alleged leak of admin credentials from hustle.ne.jp
- Category: Initial Access
- Content: Threat actor claims to have leaked the admin account credentials of hustle.ne.jp, Japan.
- Date: 2025-10-14T19:49:07Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Japanese-hustle-ne-jp-Admin-Access?pid=270439#pid270439)
- Screenshots:
- Threat Actors: blackhunter1
- Victim Country: Japan
- Victim Industry: Information Technology (IT) Services
- Victim Organization: hustle.ne.jp
- Victim Site: hustle.ne.jp
30. City of Riviera Beach falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T19:23:18Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=995f6816-6ab4-352b-8a07-0e44ce390993)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: city of riviera beach
- Victim Site: rivierabch.com
31. Alleged sale of Russia Gambling – Casino leads
- Category: Data Breach
- Content: Threat actor claims to be selling leaked gambling – casino leads from Russia. The compromised data reportedly contains 187,000 records of year 2025, including email, first name, last name, phone, data of birth, balance, and last played.
- Date: 2025-10-14T19:17:31Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-For-sale-Russia-Gambling-Casino-leads-2025%C2%A0-187K-Records)
- Screenshots:
- Threat Actors: LandLord
- Victim Country: Russia
- Victim Industry: Gambling & Casinos
- Victim Organization: Unknown
- Victim Site: Unknown
32. Buldi falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T19:14:42Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ad4902bf-f5b6-3ebb-b908-84b6a37005d6)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Real Estate
- Victim Organization: buldi
- Victim Site: buldi.fr
33. Paris Retina Vision falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T19:00:12Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=33674ec4-5849-36c4-bc7c-237fd1ca56a9)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Medical Practice
- Victim Organization: paris retina vision
- Victim Site: parisretinavision.fr
34. Alleged sale of unauthorized access to an unidentified wordpress shop from Asia
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified wordpress shop from Asia.
- Date: 2025-10-14T18:49:13Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268214/)
- Screenshots:
- Threat Actors: autocrypt
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
35. Perinatal Quality Collaborative of North Carolina (PQCNC) falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T18:44:07Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b9c6cbc5-be55-3fbe-8ee9-7d64d6bc4c6f)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: perinatal quality collaborative of north carolina (pqcnc)
- Victim Site: pqcnc.org
36. HMP Global falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 174 GB of the organization’s data.
- Date: 2025-10-14T18:14:12Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ae715c99-4c8a-3559-ac22-3c949d04a4bc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Media Production
- Victim Organization: hmp global
- Victim Site: hmpglobal.com
37. INDOHAXSEC targets the website of Trans7
- Category: Defacement
- Content: The group claims to have deface the website of PT. Duta Visual Nusantara Tivi Tujuh.
- Date: 2025-10-14T17:54:25Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/64)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Indonesia
- Victim Industry: Broadcast Media
- Victim Organization: trans7
- Victim Site: trans7.co.id
38. Helene Gascon falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained 132 GB of organization’s data.
- Date: 2025-10-14T17:52:31Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2b5dfde8-52e2-3d82-87a7-6a6e794d4c1c)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Legal Services
- Victim Organization: helene gascon
- Victim Site: etude-gascon.fr
39. Polar-Studio Ltd falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained 48 GB of organization’s data.
- Date: 2025-10-14T17:44:55Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f4d3bc31-ea74-3d09-b893-ede1f576a1fc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Hungary
- Victim Industry: Building and construction
- Victim Organization: polar-studio ltd
- Victim Site: polar-studio.hu
40. Morris – Sockle falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 520 GB of the organization’s data.
- Date: 2025-10-14T17:44:09Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d263c98c-29a0-38ce-8072-2cba054bc3d6)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: morris – sockle
- Victim Site: morris-sockle.com
41. Alleged data breach of TRANS7
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from TRANS7, Indonesia. The compromised data reportedly contains 1.1 GB of data including full name, place & date of birth, gender, id address, current address, telephone / mobile, etc.
- Date: 2025-10-14T17:38:40Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-1-1GB-TRANS7-TELEVISION-STATION-DATABASE)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Indonesia
- Victim Industry: Broadcast Media
- Victim Organization: trans7
- Victim Site: trans7.co.id
42. Capitol Construction Services falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained 1400 GB of organization’s data.
- Date: 2025-10-14T17:38:11Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a2a4e909-592e-3c2f-a6a4-51a3da473e00)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: capitol construction services
- Victim Site: capitolconstruct.com
43. Catawba County Government falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 432 GB of the organization’s data.
- Date: 2025-10-14T17:11:35Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2e3bb9ed-f55c-3761-b3d5-294a310c4968)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: catawba county government
- Victim Site: catawbacountync.gov
44. Alleged Sale of Australian Data Lookup API
- Category: Data Breach
- Content: The threat actor claims to be selling an API service that provides personal and contact information on individuals across Australia. The API allegedly allows searches by phone number or full name and returns detailed data including names, addresses, phone numbers, city, state, and postal codes. It is promoted as a tool for identity verification, marketing, and investigative purposes.
- Date: 2025-10-14T17:10:14Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268205/)
- Screenshots:
- Threat Actors: Shadowland
- Victim Country: Australia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
45. Alleged Sale of Canadian Data Lookup API
- Category: Data Breach
- Content: The threat actor claims to be selling an API service that provides detailed personal and contact information on Canadian residents. The API allegedly supports person searches by phone number or full name and returns data such as full names, complete addresses, phone numbers, city, province, and postal codes. It is promoted as a tool for background verification, marketing, and investigative purposes.
- Date: 2025-10-14T16:58:35Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268204/)
- Screenshots:
- Threat Actors: Shadowland
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
46. Art Guild, Inc. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 24 GB of the organization’s data. The compromised data includes HR files with employee information (DOB, addresses, phones, medical test and so on), a bit of client data, financials, contracts, confidential project files, NDAs, etc.
- Date: 2025-10-14T16:55:44Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Events Services
- Victim Organization: art guild, inc.
- Victim Site: artguildinc.com
47. Alleged Sale of U.S. Data Validation and Enrichment API
- Category: Data Breach
- Content: The threat actor claims to be selling an API that provides detailed personal and demographic information on U.S. residents. The service allegedly includes data such as full names, dates of birth, phone numbers, email addresses, current and historical addresses, relatives, income levels, education details, and political affiliations. It is promoted as a “data validation” API with full U.S. coverage, REST/JSON integration, and 24/7 technical support, indicating a commercial sale of potentially sensitive personal data.
- Date: 2025-10-14T16:49:42Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268202/)
- Screenshots:
- Threat Actors: Shadowland
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
48. Ostrolenk Faber LLP falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 43 GB of the organization’s data. The compromised data includes Employees personal documents, scans of customer documents (SSNs, name, DOB, address and so on), project files, lots of client information, financials, confidential project files, contracts and agreements, INDAs, etc.
- Date: 2025-10-14T16:39:45Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: ostrolenk faber llp
- Victim Site: ostrolenk.com
49. Repeated Signal Solutions, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 10.2 TB of the organization’s data.
- Date: 2025-10-14T16:19:27Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8e49189e-930b-3a3f-813b-094a69664942)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Network & Telecommunications
- Victim Organization: repeated signal solutions, inc.
- Victim Site: repeatedsignal.com
50. Club Lleuresport falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 54 GB of the organization’s data.
- Date: 2025-10-14T16:05:27Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d70d7bbd-92c3-36f5-8d2c-7feb16491ee9)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Spain
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: club lleuresport
- Victim Site: lleuresport.cat
51. Tong Yang Industry Co Ltd falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of the organization’s data.
- Date: 2025-10-14T15:41:44Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=24d6ab60-d54b-35d5-876a-17d8ba211eba)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Taiwan
- Victim Industry: Automotive
- Victim Organization: tong yang industry co ltd
- Victim Site: tyg.com.tw
52. Radiant Beauty Supplies falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 62 GB of the organization’s data.
- Date: 2025-10-14T15:22:12Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d6cf02bd-90d3-345b-a2af-af5f6f90fb33)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Cosmetics
- Victim Organization: radiant beauty supplies
- Victim Site: radiantbeautysupplies.com
53. The Law Office of Michael C. George P.A. falls victim to DragonForce Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 442.61 GB of the organization’s data and intends to publish it within 5 to 6 days.
- Date: 2025-10-14T13:55:40Z
- Network: tor
- Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
- Screenshots:
- Threat Actors: DragonForce
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: the law office of michael c. george p.a.
- Victim Site: lawofficemcg.com
54. Autorotor Srl falls victim to DragonForce Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 124.64 GB of the organization’s data and intends to publish it within 6 to 7 days.
- Date: 2025-10-14T13:39:36Z
- Network: tor
- Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
- Screenshots:
- Threat Actors: DragonForce
- Victim Country: Italy
- Victim Industry: Machinery Manufacturing
- Victim Organization: autorotor srl
- Victim Site: autorotorgroup.com
55. DV Hardwoods falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 83 GB of the organization’s data, totaling 10,685 files.
- Date: 2025-10-14T13:32:13Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f27393bd-3de2-3256-a979-545b4f450faf)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Manufacturing
- Victim Organization: dv hardwoods
- Victim Site: boisdv.ca
56. Alleged sale of Russian legal entities data
- Category: Data Breach
- Content: The threat actor claims to be selling 6.4 million records from Russian legal entities and individuals, allegedly containing names, passport numbers, dates of birth, and income data collected between 2024 and 2025.
- Date: 2025-10-14T13:26:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Russian-Legal-Entities-Database-6-4M-Records)
- Screenshots:
- Threat Actors: exporter
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
57. Blood Bank Computer Systems falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 20 GB of the organization’s data. The compromised data includes employee’s personal document scans such as passports, driver’s licenses, Social Security numbers, W-9 forms, and credit card details, as well as confidential HR forms, client information, medical records, financial and accounting data, contracts and agreements, and NDAs.
- Date: 2025-10-14T13:23:59Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Software
- Victim Organization: blood bank computer systems
- Victim Site: bbcsinc.com
58. Alleged data sale of Medicine Mahasarakham University
- Category: Data Breach
- Content: The threat actor claims to be selling data on 2 million individuals from the Faculty of Medicine at Mahasarakham University, allegedly containing names, gender, personal ID numbers, citizenship information, and more.
- Date: 2025-10-14T13:22:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Thailand-Database-share-msu-ac-th-Personnel-Information-More-than-2M)
- Screenshots:
- Threat Actors: RobotMan
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: medicine mahasarakham university
- Victim Site: med.msu.ac.th
59. PRATT HOMES & REMODELING falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-14T13:16:38Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0e54b82c-e1de-3124-a57e-badaf2d3fada)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: pratt homes & remodeling
- Victim Site: pratthomes.com
60. DuVal & Associates, PA falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-14T13:12:20Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=71156906-0ae8-3646-a2a4-d392ae988d1a)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: duval & associates, pa
- Victim Site: duvalfdalaw.com
61. Greenstar Social Marketing Pakistan (Guarantee) Limited falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-14T13:11:48Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=30fbffe1-ee4b-3d5c-b761-a29e8303958d)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Pakistan
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: greenstar social marketing pakistan (guarantee) limited
- Victim Site: greenstar.org.pk
62. Force Marketing falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 210 GB and 114,590 files from the organization’s data.
- Date: 2025-10-14T13:02:59Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=dde60c32-e31c-31f2-b2cf-b44805b5a84c)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: force marketing
- Victim Site: forcemktg.com
63. Plast-O-Matic Valves falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 51 GB of the organization’s data. The compromised data includes employees personal documents (DLs and others), lots of HR forms, clients information, financial and accounting data, NDAs, etc.
- Date: 2025-10-14T13:01:13Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: plast-o-matic valves, inc.
- Victim Site: plastomatic.com
64. M & E Global Group falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 98.00 GB and 113768 files from organization’s data.
- Date: 2025-10-14T12:30:40Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=5a4856dd-2cad-3ee9-b3a9-ed4e2eb505fe)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: m & e global group inc.
- Victim Site: megroupinc.com
65. NTB CYBER TEAM targets the website of SOLARGRAM
- Category: Defacement
- Content: The group claims to have defaced the organization’s website.
- Date: 2025-10-14T12:11:03Z
- Network: telegram
- Published URL: (https://t.me/Garuda_Tersakiti/64)
- Screenshots:
- Threat Actors: NTB CYBER TEAM
- Victim Country: India
- Victim Industry: Renewables & Environment
- Victim Organization: solargram
- Victim Site: solargram.in
66. NTB CYBER TEAM targets the website of Youth Education
- Category: Defacement
- Content: The group claims to have defaced the organization’s website.
- Date: 2025-10-14T12:08:58Z
- Network: telegram
- Published URL: (https://t.me/Garuda_Tersakiti/62)
- Screenshots:
- Threat Actors: NTB CYBER TEAM
- Victim Country: India
- Victim Industry: Education
- Victim Organization: youth education
- Victim Site: youtheducation.in
67. Alleged leak of admin access to Office of the Basic Education Commission
- Category: Initial Access
- Content: The group claims to have leaked admin access to the Office of the Basic Education Commission.
- Date: 2025-10-14T11:30:05Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1120)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government & Public Sector
- Victim Organization: office of the basic education commission
- Victim Site: learntoearn.obec.go.th
68. Alleged leak of admin access to Department of Highways
- Category: Initial Access
- Content: The group claims to have leaked admin access to Department of Highways
- Date: 2025-10-14T10:17:42Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1122)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government & Public Sector
- Victim Organization: department of highways
- Victim Site: dohttl.doh.go.th
69. Alleged sale of admin access to the Khyber Pakhtunkhwa Health Care Commission in Pakistan
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to the Khyber Pakhtunkhwa Health Care Commission in Pakistan.
- Date: 2025-10-14T09:43:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Admin-access-of-heathcare-comission-of-Pachunkhaaa)
- Screenshots:
- Threat Actors: AnataraCharin
- Victim Country: Pakistan
- Victim Industry: Government Administration
- Victim Organization: khyber pakhtunkhwa health care commission
- Victim Site: hcc.kp.gov.pk
70. Alleged data breach of the Ministry of Welfare and Social Affairs, Israel
- Category: Data Breach
- Content: The threat actor claims to have leaked 120,000 records from the Ministry of Welfare and Social Affairs in Israel. The compromised data includes personal information such as full names, birth details, country and more.
- Date: 2025-10-14T08:25:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-120-000-ISRAELI-MILITARY-DATA)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Israel
- Victim Industry: Government Administration
- Victim Organization: ministry of welfare and social affairs
- Victim Site: idf.il
71. Alleged data breach of Nimpha
- Category: Data Breach
- Content: The group claims to have leaked 20K records of Nimpha in Ukraine. . The compromised data reportedly contain personal customer data (names, contact information), email addresses, phone numbers, password, order and bonus account data and internal identifiers and service information.
- Date: 2025-10-14T08:19:36Z
- Network: telegram
- Published URL: (https://t.me/itarmyofrussianews/263)
- Screenshots:
- Threat Actors: IT ARMY OF RUSSIA
- Victim Country: Ukraine
- Victim Industry: E-commerce & Online Stores
- Victim Organization: nimpha
- Victim Site: nimpha.ua
72. Alleged data leak of Empat Lawang Regency
- Category: Data Breach
- Content: The threat actor claims to have leaked the Regional Development Information System of Empat Lawang Regency, allegedly in 2024.
- Date: 2025-10-14T08:06:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Leak-INDONESIA-Regional-development-information-system-for-Empat-Lawang)
- Screenshots:
- Threat Actors: karedoxcbr
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: empat lawang regency
- Victim Site: empatlawangkab.go.id
73. Alleged data leak of Kyiv tax service passport records
- Category: Data Breach
- Content: The group claims to be selling a dataset allegedly exfiltrated from the Kyiv Tax Service. The data reportedly includes over 90,000 passport copies, along with individuals’ addresses, phone numbers, and professional details, totaling approximately 24.5 GB of information.
- Date: 2025-10-14T06:55:57Z
- Network: telegram
- Published URL: (https://t.me/molotTeam/55)
- Screenshots:
- Threat Actors: M.O.L.O.T.
- Victim Country: Ukraine
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
74. Alleged data leak of Niche Health emails
- Category: Data Breach
- Content: Threat actor claims to have leaked 54000 unique Niche Health emails.
- Date: 2025-10-14T06:00:46Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/database-br-niche-health-email-list-y8jubyatsm0t)
- Screenshots:
- Threat Actors: ekozz
- Victim Country: Brazil
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: Unknown
- Victim Site: Unknown
75. Speed Inter Transport Co., Ltd. falls victim to Dire Wolf Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 90 GB of the organization’s data. The exposed data reportedly includes financial documents, customer information, insurance contracts, business contracts, bank records, and the organization’s internal database.
- Date: 2025-10-14T05:55:50Z
- Network: tor
- Published URL: (http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/articles/Speedth.html)
- Screenshots:
- Threat Actors: Dire Wolf
- Victim Country: Thailand
- Victim Industry: Import & Export
- Victim Organization: speed inter transport co., ltd.
- Victim Site: speedth.com
76. Miguel Veiga, Neiva Santos e Associados falls victim to Dire Wolf Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of organization’s internal data including sensitive legal document data.
- Date: 2025-10-14T05:41:49Z
- Network: tor
- Published URL: (http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/articles/MVNS.html)
- Screenshots:
- Threat Actors: Dire Wolf
- Victim Country: Portugal
- Victim Industry: Legal Services
- Victim Organization: miguel veiga, neiva santos e associados
- Victim Site: mvns.pt
77. Alleged Data Leak of Argentine CUIT/CUIL Emails
- Category: Data Breach
- Content: A threat actor claims to be leaking a database of CUIT/CUIL citizen and industry data for Argentina says the dump contains roughly 80,000 lines with fields listed as mail,tipoDocumento,numeroDocumento; the full dataset is hidden behind a reply/upgrade paywall.
- Date: 2025-10-14T05:17:15Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-AR-email-CUIL-CUIT-database)
- Screenshots:
- Threat Actors: Yrrrr
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
78. Alleged sale of Fudbio
- Category: Malware
- Content: A threat actor offering to sell an online “fud” crypter service called fud.bio that claims to make binaries undetectable and bypass SmartScreen via DLL sideloading; they charge per-crypt (standard native EXE = 1 credit, DLL sideloading = 2 credits) with bundles.
- Date: 2025-10-14T05:16:41Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268163/)
- Screenshots:
- Threat Actors: TyroneJohnson
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
79. Alleged data breach of Schedler Transport-Logistik GmbH
- Category: Data Breach
- Content: The group claims to have exfiltrated data from the organization.
- Date: 2025-10-14T04:40:51Z
- Network: tor
- Published URL: (http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/schedler)
- Screenshots:
- Threat Actors: CoinbaseCartel
- Victim Country: Germany
- Victim Industry: Transportation & Logistics
- Victim Organization: schedler transport-logistik gmbh
- Victim Site: schedler-translog.de
80. Alleged sale of ALBIRIOX
- Category: Malware
- Content: Threat actor is selling a paid Android spyware/remote-access tool marketed to steal crypto and banking credentials. Claims include VNC-style screen rendering/control, accessibility-based keylogging and login injects, a web control panel, and stealth features
- Date: 2025-10-14T04:19:45Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268160/)
- Screenshots:
- Threat Actors: NMZ
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
81. Karnes Electric Cooperative, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 337 GB of organization’s internal data including sensitive financial documents, along with personal data of employees and customers.
- Date: 2025-10-14T00:44:58Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7c108f95-3389-3635-b034-4966ffbca219)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: karnes electric cooperative, inc.
- Victim Site: karnesec.org
82. Business Integra Technology Solutions, Inc. falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 16 GB of organization’s internal data. The exposed data reportedly include sensitive employee records such as I-9 form, passport, driver’s license, Social Security number, address, and email, along with customer records, financial documents, and NDAs.
- Date: 2025-10-14T00:17:26Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: business integra technology solutions, inc.
- Victim Site: businessintegra.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware remains the most frequent category, often perpetrated by the Qilin group, affecting a wide range of industries globally, with a concentration in the USA and France. The Building and construction, Legal Services, and Manufacturing sectors are notably impacted by ransomware campaigns.
Data Breaches are also prominent, involving the sale of sensitive personal and corporate data, often through openweb forums, and impacting countries like Italy, Russia, and Indonesia. Several incidents involved the sale of bulk data, including records from Russian legal entities (6.4 million records), an Australian Data Lookup API, and a large dataset of customer and internal data from Ola Chat (over 100 million users).
The sale of Initial Access continues to be a key element of the cyber underground, targeting government organizations in Thailand and Pakistan, as well as Japanese and generic Asian WordPress shops. Furthermore, the market for Malware tools is active, with offers for a TWINT Phishing Panel, a crypting service (Fudbio), and an Android spyware/RAT (ALBIRIOX).
The geographical spread and varied tactics of these incidents emphasize the critical need for robust cybersecurity defenses, particularly in managing access controls, protecting customer data, and defending against pervasive ransomware operations.