This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged sale of a Golang-based information stealer
- Category: Malware
- Content: Threat actor claims to be selling a Golang-based information stealer designed to exfiltrate browser credentials, crypto wallets, system and network data, and other sensitive information.
- Date: 2025-10-15T22:15:36Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-SELLING-THIS-STEALER-FULLY-MADE-BY-ME-GOLANG)
- Screenshots:
- Threat Actors: void3000
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
2. Rasi Laboratories falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 250 GB of the organization’s data.
- Date: 2025-10-15T22:10:30Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=18d46ed4-b280-3e45-9038-aac28e588381)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/3c9f9d71-6e27-470c-abf1-d4cf53c9a6d4.png
- https://d34iuop8pidsy8.cloudfront.net/fdb2a667-ed8e-4907-9dd5-b3665b58792b.png
- https://d34iuop8pidsy8.cloudfront.net/5195865e-2015-43d2-a91d-6dcdc1271583.png
- https://d34iuop8pidsy8.cloudfront.net/ff9d7485-6885-4415-9b8a-a9144a496aa5.png
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: rasi laboratories
- Victim Site: rasilabs.com
3. Richmond Behavioral Health falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 192 GB of the organization’s data.
- Date: 2025-10-15T21:55:29Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2d6b4f06-d5d1-3b1c-a99e-ed604abe78db)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: richmond behavioral health
- Victim Site: rbha.org
4. Alleged sale of India Employers Database
- Category: Data Breach
- Content: The threat actor claims to be selling database containing information on employers or companies based in India.
- Date: 2025-10-15T21:49:01Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/india-employers-database.44540/)
- Screenshots:
- Threat Actors: henryjoe02
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
5. State Tax Administration Agency falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 60 GB of the organization’s data.
- Date: 2025-10-15T21:45:28Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8ed83392-81a3-3007-bb16-953d8fd580a8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Spain
- Victim Industry: Public Relations/PR
- Victim Organization: state tax administration agency
- Victim Site: sede.agenciatributaria.gob.es
6. Alleged sale of classified U.S. Space Force documents
- Category: Data Breach
- Content: Threat actor claims to be selling classified U.S. Space Force documents related to Operation Quantum Parallax.
- Date: 2025-10-15T21:44:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%91%BD-TOP-SECRET-US-SPACE-FORCE-DOCS-%F0%9F%91%BD)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: united states space force
- Victim Site: spaceforce.com
7. Alleged sale of Global Business Companies email database
- Category: Data Breach
- Content: The threat actor claims to be selling Global Business Companies email database.
- Date: 2025-10-15T21:43:14Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/global-business-companies-email-database.44538/#post-247735)
- Screenshots:
- Threat Actors: henryjoe02
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
8. Alleged unauthorized admin access to Kuwait Real Estate Brokers Union
- Category: Initial Access
- Content: Threat actor claims to have leaked unauthorized admin access to the Kuwait Real Estate Brokers Union.
- Date: 2025-10-15T21:36:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Kuwaiti-krbu-org-Admin-Access)
- Screenshots:
- Threat Actors: blackhunter1
- Victim Country: Kuwait
- Victim Industry: Real Estate
- Victim Organization: kuwait real estate brokers union
- Victim Site: krbu.org
9. Pharaoh’s Team targets the website of SkyBridge Logistics
- Category: Defacement
- Content: The group claims to have deface the website of SkyBridge Logistics.
- Date: 2025-10-15T21:33:03Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/168)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: UK
- Victim Industry: Transportation & Logistics
- Victim Organization: skybridge logistics
- Victim Site: skybridgelogist.org
10. Pharaoh’s Team targets the website duanduancapital.org
- Category: Defacement
- Content: the group claims to have deface the website duanduancapital.org.
- Date: 2025-10-15T21:27:31Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/168)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: duanduancapital.org
11. Pharaoh’s Team targets the website beconwealthcapital.org
- Category: Defacement
- Content: The group claims to have deface the website beconwealthcapital.org.
- Date: 2025-10-15T21:23:25Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/168)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: beconwealthcapital.org
12. Pharaoh’s Team targets the website of stargatexpress.co.uk
- Category: Defacement
- Content: The group claims to have deface the website stargatexpress.co.uk.
- Date: 2025-10-15T21:20:28Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/168)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: stargatexpress.co.uk
13. Alleged Sale of UAE Employers Database
- Category: Data Breach
- Content: The threat actor claims to be selling database containing information on employers or companies based in the United Arab Emirates (UAE).
- Date: 2025-10-15T21:16:06Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/uae-employers-database.44539/)
- Screenshots:
- Threat Actors: henryjoe02
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
14. REGIONAL UROLOGY, LLC falls victim to DEVMAN 2.0 Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and they intend to publish it within 2-3 days.
- Date: 2025-10-15T20:55:21Z
- Network: tor
- Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: regional urology, llc
- Victim Site: regionalurology.com
15. Alleged data sale of Bicing
- Category: Data Breach
- Content: Threat actor claims to be selling data from Bicing. The compromised dataset contains approximately 353,000 records, including names, email addresses, phone numbers, and other personal details.
- Date: 2025-10-15T20:42:09Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Spain-bicing-barcelona)
- Screenshots:
- Threat Actors: pls
- Victim Country: Spain
- Victim Industry: Transportation & Logistics
- Victim Organization: bicing
- Victim Site: bicing.barcelona
16. Alleged gain of access to Fertirrigatore 32 EV station, Italy
- Category: Initial Access
- Content: The group claims to have gained access to the Fertirrigatore 32 EV station in Ragusa, Italy.
- Date: 2025-10-15T20:21:03Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/50)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Italy
- Victim Industry: Agriculture & Farming
- Victim Organization: fertirrigatore 32 ev
- Victim Site: fertirrigationsystem.com
17. Alleged gain of admin access to Ministry of Natural Resources and Environment
- Category: Initial Access
- Content: The group claims to have gained admin access to Ministry of Natural Resources and Environment.
- Date: 2025-10-15T19:40:40Z
- Network: telegram
- Published URL: (https://t.me/kxichixxsec/1131)
- Screenshots:
- Threat Actors: Kxichixxsec
- Victim Country: Thailand
- Victim Industry: Government Administration
- Victim Organization: ministry of natural resources and environment
- Victim Site: mnre.go.th
18. Royal Thai falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 4 to 5 days.
- Date: 2025-10-15T19:29:30Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=31upMMuTs5kFST)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Design
- Victim Organization: royal thai
- Victim Site: royalthai.com
19. Koch & White Heating & Cooling falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 4 to 5 days.
- Date: 2025-10-15T19:22:12Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=WabYYrJFq9f0Wz)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: koch & white heating & cooling
- Victim Site: koch-white.com
20. Legacy Manufacturing falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 4 to 5 days.
- Date: 2025-10-15T19:13:08Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=cWHEH5P1wW0BAB)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: legacy manufacturing
- Victim Site: legacymfg.com
21. Global Shop Solutions falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 4 to 5 days.
- Date: 2025-10-15T19:01:33Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=4QiCJWGxmHcIW)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: global shop solutions
- Victim Site: globalshopsolutions.com
22. Cellucap Manufacturing falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 4 to 5 days.
- Date: 2025-10-15T18:51:41Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=6ZmWhCSNmHLvhx)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: cellucap manufacturing
- Victim Site: cellucap.com
23. Alleged sale of data from Chipman
- Category: Data Breach
- Content: Threat actor claims to be selling data from Chipman. The compromised data reportedly contains 18,000 records that includes number, firstname, last name, email and address.
- Date: 2025-10-15T18:07:54Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/chipmanpt-18k-lines-ze0ccbajjeux)
- Screenshots:
- Threat Actors: Observador
- Victim Country: Portugal
- Victim Industry: E-commerce & Online Stores
- Victim Organization: chipman
- Victim Site: chipman.pt
24. East Jefferson General Hospital falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 50 GB of the organization’s data. The compromised data includes Customer’s data, Incidents, and more. They plan to publish it within 14 to 15 days.
- Date: 2025-10-15T18:04:03Z
- Network: tor
- Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68efcdd588b6823fa293d6a2)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: east jefferson general hospital
- Victim Site: ejgh.org
25. Alleged sale of personal data of job seekers in the UAE
- Category: Data Breach
- Content: Threat actor claims to be selling personal data for approximately 220,000 job seekers in the UAE.
- Date: 2025-10-15T17:57:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UAE-220-000-Job-Seekers-of-Uae)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
26. Alleged sale of a dataset containing information on active real estate agencies in the UAE
- Category: Data Breach
- Content: Threat actor claims to be selling dataset containing full details for approximately 15,000 active real estate agencies in the UAE.
- Date: 2025-10-15T17:53:30Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UAE-15-000-Active-Real-State-Agencies-in-UAE)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Real Estate
- Victim Organization: Unknown
- Victim Site: Unknown
27. Zierick Manufacturing falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 30 GB of the organization’s data. The compromised data includes Confidential, Contracts, Financial data, and more. They plan to publish it within 14 to 15 days.NB: Zierick Manufacturing has previously fallen victim to Sarcoma Ransomware on Oct 19, 2024.
- Date: 2025-10-15T17:51:12Z
- Network: tor
- Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68efcf1488b6823fa293de39)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: zierick manufacturing
- Victim Site: zierick.com
28. Alleged sale of a dataset containing information on active commercial companies
- Category: Data Breach
- Content: Threat actor claims to be selling a dataset containing full details for approximately 600,000 active commercial companies in the UAE.
- Date: 2025-10-15T17:48:59Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UAE-600-000-Active-Commercial-Companies-in-UAE)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
29. Alleged sale of French database
- Category: Data Breach
- Content: Threat actor claims to be selling leaked database from France.
- Date: 2025-10-15T17:48:38Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/french-data.44530/)
- Screenshots:
- Threat Actors: Vancleef
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
30. Core Resources Inc (CRI) falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 150 GB of the organization’s data. The compromised data includes Financial data, Customer’s data, Contracts, and more. They plan to publish it within 14 to 15 days.NB: Core Resources Inc (CRI) has previously fallen victim to RansomHub Ransomware on March 21, 2025.
- Date: 2025-10-15T17:41:06Z
- Network: tor
- Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68efcbbd88b6823fa293c89e)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: core resources inc (cri)
- Victim Site: core-1.com
31. Alleged sale of personal data of Iranian nationals residing in the UAE
- Category: Data Breach
- Content: Threat actor claims to be selling personal data for approximately 100,000 Iranian nationals residing in the UAE.
- Date: 2025-10-15T17:39:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UAE-100-000-Iranian-Nationals-residence-of-UAE)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
32. Alleged sale of personal data of UAE police personnel
- Category: Data Breach
- Content: The threat actor claims to be selling the personal data of approximately 30,000 UAE police personnel.
- Date: 2025-10-15T17:35:59Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-UAE-30-000-Police-Personnel-Information-Full-Details)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
33. Newmark Healthcare Services falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 80 GB of the organization’s data. The compromised data includes customer information, incident reports, confidential documents, and more. They plan to publish it within 14 to 15 days.
- Date: 2025-10-15T17:20:52Z
- Network: tor
- Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68efccfe88b6823fa293d0b7)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: newmark healthcare services
- Victim Site: newmarkhealthcareservices.com
34. FOUNDER-525 targets the website fulsheareb5.com
- Category: Defacement
- Content: The group claims to have deface the website fulsheareb5.com.
- Date: 2025-10-15T16:41:00Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: fulsheareb5.com
35. FOUNDER-525 targets the website gm.ontherightway.com
- Category: Defacement
- Content: The group claims to have deface the website gm.ontherightway.com.
- Date: 2025-10-15T16:36:54Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: gm.ontherightway.com
36. Alleged data leak of Lumisa Energías
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Lumisa Energías. The compromised data reportedly include name, phone number, city, IBAN, etc.
- Date: 2025-10-15T16:32:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-LUMISA-ENERGIAS-DB-2-6M)
- Screenshots:
- Threat Actors: 222
- Victim Country: Spain
- Victim Industry: Energy & Utilities
- Victim Organization: lumisa energías
- Victim Site: lumisa.es
37. FOUNDER-525 targets the website movazzedent.com
- Category: Defacement
- Content: The group claims to have deface the website movazzedent.com.
- Date: 2025-10-15T16:30:18Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: movazzedent.com
38. FOUNDER-525 targets the website of tour.gorib.space
- Category: Defacement
- Content: The group claims to have deface the website tour.gorib.space.
- Date: 2025-10-15T16:22:50Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Hospitality & Tourism
- Victim Organization: Unknown
- Victim Site: tour.gorib.space
39. Alleged sale of compromised PrestaShop admin access & credit‑card redirect
- Category: Initial Access
- Content: The threat actor claims to be selling access to compromised PrestaShop admin panels and a credit-card payment redirect system targeting Spanish e-commerce stores.
- Date: 2025-10-15T16:22:28Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268273/)
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
40. FOUNDER-525 targets the website sundarbansangbad.com
- Category: Defacement
- Content: The group claims to have deface the website sundarbansangbad.com.
- Date: 2025-10-15T16:19:00Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: sundarbansangbad.com
41. FOUNDER-525 targets the website autolunasmungia.com
- Category: Defacement
- Content: The group claims to have deface the website autolunasmungia.com.
- Date: 2025-10-15T16:10:40Z
- Network: telegram
- Published URL: (https://t.me/NOTHINGISTRUE525/382)
- Screenshots:
- Threat Actors: FOUNDER-525
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: autolunasmungia.com
42. Alleged sale of Italy hoitos
- Category: Data Breach
- Content: The threat actor claims to be selling 8500 Italy hoitos.
- Date: 2025-10-15T15:58:59Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/8-5k-italy-h0it0s.44527/)
- Screenshots:
- Threat Actors: Nira
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
43. Alleged data breach of Lorestan Petrochemical Company
- Category: Data Breach
- Content: The threat actor claims to be selling data from Lorestan Petrochemical Company in Iran. Its parent organization, Bakhtar Petrochemical Company.
- Date: 2025-10-15T15:31:30Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/the-lorestan-petrochemical-company.44515/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Chemical Manufacturing
- Victim Organization: lorestan petrochemical company
- Victim Site: Unknown
44. Alleged sale of unauthorized TRX withdrawal tool
- Category: Malware
- Content: The threat actor claims to be selling a self‑written “Tron/TRX drainer” that can withdraw funds from other people’s Tron (TRX) wallets without authorization. The listing explicitly markets the tool for use in offices and call centres, advertises ready‑made funnels for targeting victims, and invites private messages for detailed terms. This appears to be malicious software intended to enable theft, fraud, and money laundering.
- Date: 2025-10-15T15:03:52Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268265/)
- Screenshots:
- Threat Actors: cappucino
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
45. Alleged sale of German IBAN, crypto, and casino leads
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing German IBANs, crypto leads, and casino leads.
- Date: 2025-10-15T14:19:43Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/i-have-germany-database-iban-and-crypto-leads-casino-leads-available.44522/)
- Screenshots:
- Threat Actors: clara283
- Victim Country: Germany
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
46. NXBB.SEC targets the website of Nakhon Ratchasima Rajabhat University
- Category: Defacement
- Content: The group claims to have defaced the website of Nakhon Ratchasima Rajabhat University.
- Date: 2025-10-15T13:55:23Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2835)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: nakhon ratchasima rajabhat university
- Victim Site: clinique.nrru.ac.th
47. Centurion Family Office Services falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:54:47Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e75be6df-e42a-36c6-a84b-9d8d04bdce7b)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: centurion family office services
- Victim Site: centurionfos.com
48. Buanderie Blanchelle falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:50:43Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=5a5f8b90-cda6-341c-b64a-69734cf66a02alert)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Facilities Services
- Victim Organization: buanderie blanchelle
- Victim Site: blanchelle.net
49. Alleged data breach of ChampionX
- Category: Data Breach
- Content: The group claims to have leaked data from the organization.
- Date: 2025-10-15T13:42:34Z
- Network: tor
- Published URL: (http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/championx)
- Screenshots:
- Threat Actors: CoinbaseCartel
- Victim Country: USA
- Victim Industry: Oil & Gas
- Victim Organization: championx
- Victim Site: championx.com
50. Victory Church falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:40:24Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2cc440a1-e76c-3f31-95df-abce70c06162)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Religious Institutions
- Victim Organization: victory church
- Victim Site: victory.com
51. Leyhausen Research GmbH falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:35:37Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9a465983-0ded-330c-89d0-7fe4309863cc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Germany
- Victim Industry: Market Research
- Victim Organization: leyhausen research gmbh
- Victim Site: leyhausen.com
52. Bay West LLC, falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:31:00Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=293567bf-81e4-33d0-847d-4de861dbdbdf)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Environmental Services
- Victim Organization: bay west llc
- Victim Site: baywest.com
53. Ville Elne falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:24:43Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e8df620c-7b9e-31a9-bbff-7961e02356fb)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Government Administration
- Victim Organization: ville elne
- Victim Site: ville-elne.fr
54. Wheale Law Firm falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:20:16Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=51f805e7-b009-3c98-b9ad-4e08bd39661b)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: wheale law firm
- Victim Site: whealelaw.com
55. Le Toit Forézien falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:20:14Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e290d57a-df7c-3ded-9c3c-05f6be2e7e1d)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: France
- Victim Industry: Real Estate
- Victim Organization: le toit forézien
- Victim Site: toitforezien.fr
56. The Kennedy Group, an Inovar company falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T13:13:45Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a0386590-350d-34d7-8748-f79ab6a9c4fb)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Printing
- Victim Organization: the kennedy group, an inovar company
- Victim Site: floridamarking.com
57. Kearney Public Schools falls victim to INTERLOCK Ransomware
- Category: Ransomware
- Content: The group claims to have obtained over 354 GB of the organizations data.
- Date: 2025-10-15T13:13:16Z
- Network: tor
- Published URL: (http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/)
- Screenshots:
- Threat Actors: INTERLOCK
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: kearney public schools
- Victim Site: kearneypublicschools.org
58. Superior Linen Supply Company falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T12:37:44Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=938fa39b-c0e5-3a35-9614-79e3ea124f8f)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Textiles
- Victim Organization: superior linen supply company
- Victim Site: superiorlinen.com
59. Turnkey Africa falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T12:30:27Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=17cc1bcb-95a5-3785-b0b6-23bc5c001f10)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Kenya
- Victim Industry: Software Development
- Victim Organization: turnkey africa ltd.
- Victim Site: turnkeyafrica.com
60. Community Based Support falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-15T12:12:44Z
- Network: tor
- Published URL: (http://lynxblogco7r37jt7p5wrmfxzqze7ghxw6rihzkqc455qluacwotciyd.onion/leaks/68e8f56bcc2d2d4e685d5f25)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: Australia
- Victim Industry: Individual & Family Services
- Victim Organization: community based support (cbs) ltd.
- Victim Site: cbsaust.org.au
61. Alleged sale of Windows LPE 0-Day Exploit
- Category: Malware
- Content: Threat actor claims to be selling a 0-day Windows local privilege-escalation exploit that grants SYSTEM for an unidentified system.
- Date: 2025-10-15T11:46:07Z
- Network: openweb
- Published URL: (https://ramp4u.io/threads/0day-lpe-windows.3543/)
- Screenshots:
- Threat Actors: zeroplayer
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
62. Alleged sale of US database
- Category: Data Breach
- Content: A threat actor claims to be selling a U.S. database. The compromised data reportedly includes full name, address, phone number, email, gender, date of birth, Social Security number (SSN), driver’s license, employment information, and Employer Identification Number (EIN)
- Date: 2025-10-15T11:23:55Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268251/)
- Screenshots:
- Threat Actors: Shadowland
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
63. Alleged leak of vietnam student data
- Category: Data Breach
- Content: The threat actor claims to have leaked data of vietnam student.
- Date: 2025-10-15T11:18:21Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/vietnam-student.44511/#post-247615)
- Screenshots:
- Threat Actors: show_more
- Victim Country: Vietnam
- Victim Industry: Education
- Victim Organization: Unknown
- Victim Site: Unknown
64. BABAYO EROR SYSTEM targets the website of International Tamil Arts And Cultural Council (ITAACC)
- Category: Defacement
- Content: The group claims to have defaced the website of ITAACC
- Date: 2025-10-15T11:08:57Z
- Network: telegram
- Published URL: (https://t.me/c/2532663346/292)
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: UK
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: itaacc
- Victim Site: itaacc.org
65. Alleged leak of Chinese citizens data
- Category: Data Breach
- Content: The threat actor claims to have leaked 14.2 GB of SQL data of Chinese citizens.
- Date: 2025-10-15T10:47:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Chinese-citizens-2025)
- Screenshots:
- Threat Actors: Fox_con
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
66. Alleged unauthorized access to an unidentified organization in Singapore
- Category: Initial Access
- Content: The threat actor claims to have gained admin access to an unidentified organization in Singapore.
- Date: 2025-10-15T10:46:00Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268250/)
- Screenshots:
- Threat Actors: Big-Bro
- Victim Country: Singapore
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
67. Alleged unauthorized access to an unidentified organization in Canada
- Category: Initial Access
- Content: The threat actor claims to have gained access to an unidentified manufacturing based organization in Canada.
- Date: 2025-10-15T10:31:41Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268249/)
- Screenshots:
- Threat Actors: Big-Bro
- Victim Country: Canada
- Victim Industry: Manufacturing
- Victim Organization: Unknown
- Victim Site: Unknown
68. Alleged data sale of Packingsupply.in
- Category: Data Breach
- Content: The threat actor claims to be selling 200,000 lines of records from Packingsupply.in, allegedly including address id, name, email, company, mobile number, city, state, postcode, country, and user id.
- Date: 2025-10-15T10:24:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-India-packingsupply-in-Online-Shopping-Database-200K)
- Screenshots:
- Threat Actors: camillaDF
- Victim Country: India
- Victim Industry: E-commerce & Online Stores
- Victim Organization: packingsupply.in
- Victim Site: packingsupply.in
69. Global Go falls victim to Kill Security Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-15T09:24:37Z
- Network: tor
- Published URL: (http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/?view=75f4198ee48a)
- Screenshots:
- Threat Actors: Kill Security
- Victim Country: Peru
- Victim Industry: Financial Services
- Victim Organization: global go s.a.c.
- Victim Site: globalgo.com.pe
70. NXBB.SEC targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced multiple websites.
- Date: 2025-10-15T09:22:00Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2830)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: autolunasmungia.com
71. Navigator Business Solutions falls victim to PEAR Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 9.9 TB of the organization’s data. The compromised data reportedly includes files and SQL databases containing NBS clients’ information.
- Date: 2025-10-15T08:50:48Z
- Network: tor
- Published URL: (http://peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion/Companies/nbs-us/)
- Screenshots:
- Threat Actors: PEAR
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: navigator business solutions
- Victim Site: nbs-us.com
72. Night Owll targets the website of [suspicious link removed]
- Category: Defacement
- Content: The group claims to have defaced the website of [suspicious link removed]
- Date: 2025-10-15T08:43:42Z
- Network: telegram
- Published URL: (https://t.me/c/2702757113/601)
- Screenshots:
- Threat Actors: Night Owll
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: thoughtmongery
- Victim Site: [suspicious link removed]
73. Night Owll targets the website of WPEngine
- Category: Defacement
- Content: The group claims to have defaced the website of WPEngine, Inc.
- Date: 2025-10-15T08:26:24Z
- Network: telegram
- Published URL: (https://t.me/c/2702757113/599)
- Screenshots:
- Threat Actors: Night Owll
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: wpengine, inc.
- Victim Site: wpengine.com
74. NXBB.SEC targets the website of Slot Demo PG Soft
- Category: Defacement
- Content: The group claims to have defaced the website of Slot Demo PG Soft.
- Date: 2025-10-15T08:17:01Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2827)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Gambling & Casinos
- Victim Organization: slot demo pg soft
- Victim Site: tkc.ac.th
75. Unimed do Brasil falls victim to Sarcoma Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 2,8 TB of organization’s data.
- Date: 2025-10-15T07:34:00Z
- Network: tor
- Published URL: (http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/)
- Screenshots:
- Threat Actors: Sarcoma
- Victim Country: Brazil
- Victim Industry: Government Administration
- Victim Organization: unimed do brasil
- Victim Site: unimed.coop.br
76. Alleged Data breach of Bank of America
- Category: Data Breach
- Content: The threat actor claims to be selling a Bank of America customer database (2025).
- Date: 2025-10-15T06:25:48Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/b-a-n-k-of-america-customer-database-2025.44509/)
- Screenshots:
- Threat Actors: show_more
- Victim Country: USA
- Victim Industry: Banking & Mortgage
- Victim Organization: bank of america
- Victim Site: bankofamerica.com
77. Alleged data breach of Teknobuilt
- Category: Data Breach
- Content: The threat actor claims to have leaked source code from Teknobuilt, a technology company that partners with Oracle and focuses on digital solutions for energy, infrastructure, and construction projects. The alleged breach occurred in October 2025 and reportedly exposed the company’s source code.
- Date: 2025-10-15T05:57:04Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-Teknobuilt-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: 888
- Victim Country: UK
- Victim Industry: Information Technology (IT) Services
- Victim Organization: teknobuilt
- Victim Site: teknobuilt.com
78. Alleged sale of unauthorized access to an unidentified wordpress shop
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to an unidentified WooCommerce/WordPress shop
- Date: 2025-10-15T04:02:56Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268232/)
- Screenshots:
- Threat Actors: Emperorcvv
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
79. Alleged data breach of Chipman
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Chipman.pt, reportedly containing 18,000 records with details such as phone numbers, first names, last names, email addresses, and physical addresses.
- Date: 2025-10-15T03:55:24Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/chipmanpt-18k-lines-ze0ccbajjeux)
- Screenshots:
- Threat Actors: Observador
- Victim Country: Portugal
- Victim Industry: E-commerce & Online Stores
- Victim Organization: chipman
- Victim Site: chipman.pt
80. Alleged data breach of Selby Furniture Hardware
- Category: Data Breach
- Content: The threat actor claims to have leaked over 100 GB of data from Selby Hardware
- Date: 2025-10-15T03:39:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-selbyhardware-data-leak-100GB)
- Screenshots:
- Threat Actors: CCLand
- Victim Country: USA
- Victim Industry: Wholesale
- Victim Organization: selby furniture hardware
- Victim Site: selbyhardware.com
81. Alleged data breach of Fiscalía General del Estado – Bolivia
- Category: Data Breach
- Content: The threat actor claims to be selling leaked data from the Bolivia Attorney General’s Office (Fiscalía General del Estado). The compromised data reportedly includes full names, email addresses, phone numbers, home addresses, ID numbers (DNI), scanned signatures, and official documents related to prosecutors.
- Date: 2025-10-15T03:27:05Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Bolivia-Attorney-General-s-Office-Fiscalia-General-del-Estado)
- Screenshots:
- Threat Actors: Megumi
- Victim Country: Bolivia
- Victim Industry: Government Administration
- Victim Organization: fiscalía general del estado
- Victim Site: fiscalia.gob.bo
82. Alleged leak of Academic Jihad Qazvin Province Iran DataBase
- Category: Data Breach
- Content: The threat actor claims to be leaking an Academic Jihad Qazvin Province Database
- Date: 2025-10-15T03:05:58Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/academic-jihad-qazvin-province-iran-database.44491/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Research Industry
- Victim Organization: academic jihad qazvin province
- Victim Site: jdqazvin.ir
83. Alleged leak of WhatsApp users mobile numbers from Iran
- Category: Data Breach
- Content: The threat actor claims to be leaking a hacked WhatsApp database Iranian user numbers section.
- Date: 2025-10-15T02:58:40Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/hacked-whatsapp-database-iranian-user-numbers-section.44485/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
84. Alleged data breach of Ministry of Cooperatives, Labour, and Social Welfare of Iran
- Category: Data Breach
- Content: The threat actor claims to be selling a database from mcls.gov.ir (Iran Ministry of Cooperatives, Labour, and Social Welfare) an alleged dataset containing Iranian citizens’ personal records including mail account information, birth dates, education status, and additional sensitive PII.
- Date: 2025-10-15T02:43:16Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/iran-goverment-site-database-leaked.44487/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Government Administration
- Victim Organization: ministry of cooperatives, labour, and social welfare of iran
- Victim Site: mcls.gov.ir
85. Alleged data leak of Yazd University
- Category: Data Breach
- Content: The threat actor claims to be selling a database of Yazd University staff details.
- Date: 2025-10-15T02:33:12Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/academic-iran-database-yazd-city.44489/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Education
- Victim Organization: yazd university
- Victim Site: mtrc.yazd.ac.ir
86. Alleged leak of Iranian Student Data
- Category: Data Breach
- Content: The threat actor claims to be leaking a database of students’ emails and passwords from Iran.
- Date: 2025-10-15T02:19:07Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/iran-students-email-password.44484/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
87. Alleged data leak of 95 Million iranian citizens
- Category: Data Breach
- Content: A threat actor claims to have leaked the data of 95 million Iranian citizens.
- Date: 2025-10-15T02:12:03Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/iranian-citizens-database-full-information-95m-citizen.44481/)
- Screenshots:
- Threat Actors: Rat_leak
- Victim Country: Iran
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
88. Alleged Leak of Star Management System and Client Accounts
- Category: Initial Access
- Content: The group claimes to have gained access to client account management systems and the Star Management platform, holding a total of 1,127 stars. The group stated they donated 50 stars to the Children’s Helpline and plan further donations to hospitals and children in need. They claim these actions aim to support medical and humanitarian aid initiatives for children.
- Date: 2025-10-15T01:31:35Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1941)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: star management system and client accounts
- Victim Site: Unknown
89. All Truck Transportation Co, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 261 GB of organization’s internal data.Note: All Truck Transportation Co, Inc. has previously fallen victim to Space Bears Ransomware on August 21, 2025.
- Date: 2025-10-15T00:53:01Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3f715ff6-1941-3351-b399-971ff185d481)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: all truck transportation co, inc.
- Victim Site: alltruck.com
90. Charles River Properties LLC falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 13 GB of organization’s internal data
- Date: 2025-10-15T00:35:17Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=aa9731e9-d5d3-324b-8a41-21f6da22a19e)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: charles river properties llc
- Victim Site: charlesriver.properties
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware activity, particularly from the Qilin and PLAY groups, is prominent, impacting sectors like Healthcare & Pharmaceuticals, Hospital & Health Care, Manufacturing, and Financial Services across the USA, Canada, France, Germany, and Kenya. These attacks involve the theft of significant volumes of internal and confidential data, with one incident citing a massive 9.9 TB breach of client information.
Data Breach/Leak incidents remain widespread, affecting organizations and individuals globally, including in the UAE (targeting real estate agencies, police personnel, and Iranian nationals), Iran (compromising academic, government, and citizen data), Spain (utility and transport data), India (e-commerce), and the USA (classified government documents and financial services). The compromised data is highly sensitive, ranging from full personal information, credit card details, and IBANs to highly classified military and government documents.
Furthermore, the report reveals continued activity in the Initial Access market, with threat actors selling access to government systems (Thailand), industrial control systems (Italy), real estate organizations (Kuwait), and e-commerce platforms (Spain). The presence of Malware offerings, including a Golang-based information stealer and a Windows LPE 0-Day Exploit, underscores the proliferation of advanced offensive capabilities available in the cyber underground.
Finally, Defacement activity, with groups like Pharaoh’s Team and NXBB.SEC, targets various websites globally, including logistics firms, universities, and gaming sites.
Collectively, these incidents demonstrate that organizations across diverse industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the continued trade of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.