[October-17-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged data leak of F-13 fighter jet documents
  1. Alleged data leak of unidentified Brazilian e-commerce firm
  • Category: Data Breach
  • Content: Threat actor claims to be selling an 820,000-record database of Brazilian e-commerce customers that includes CPF (Brazilian tax ID) numbers and extensive order details.
  • Date: 2025-10-17T23:42:22Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-820k-Brazil-E-Commerce-Database-with-CPF-Order-Details)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/827d12eb-f24a-480f-8d32-c5622aaac58c.png
  • Threat Actors: Loser
  • Victim Country: Brazil
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged leak of Top Secret Joint Cyberspace Operations document
  1. Alleged gain of access to Shengao Biotechnology Co., Ltd.
  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to Shengao Biotechnology Co., Ltd.’s internal monitoring system. The system reportedly manages temperature and humidity in the company’s refrigeration and culture facilities and tracks warehouses storing biological materials and pharmaceuticals in real time. It also issues alerts for abnormal conditions and includes network configuration, device connection, and automatic data backup to an SD card.
  • Date: 2025-10-17T23:15:11Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/1993)
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: shengao biotechnology co., ltd.
  • Victim Site: Unknown
  1. Alleged data leak of an unidentified Argentina National Business Project Portal
  • Category: Data Breach
  • Content: Threat actor claims to be selling a 620,000-entry dump from an Argentina National Business Project Portal, allegedly including passwords and account fields (id, hashID, clave, email, level, active, committee, name, company, username, project, website, phone, address, timestamps, etc.)
  • Date: 2025-10-17T23:13:08Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-620k-Argentina-National-Business-Project-Portal-Database-with-Passwords–56436)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/85f2c7ba-9666-4732-9971-f207ad6b00d5.png
  • Threat Actors: Loser
  • Victim Country: Argentina
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data leak of an unidentified amateur sports league platform in Canada
  • Category: Data Breach
  • Content: The threat actor claims to be selling leaked data from a Canadian amateur sports league platform. The compromised database reportedly contains information of 265,000 users, including emails, passwords, IP addresses, usernames, and personal details such as city, bio, and arena names.
  • Date: 2025-10-17T23:03:12Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-265k-Canada-Amateur-Sports-League-Platform-User-Database-Passwords-IPs)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/f24652f5-6ead-4b69-bbcd-aac6b39ae5e1.png
  • Threat Actors: Loser
  • Victim Country: Canada
  • Victim Industry: Sports
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of cfx.re
  1. Alleged data breach of Zasudali
  • Category: Data Breach
  • Content: Threat actor claims to have leaked data from Zasudali, Russia. The compromised data reportedly contains database of magistrates (219,161), database of judges with biographies (28,492), and database of FSIN facilities (923).
  • Date: 2025-10-17T22:11:34Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-zasudili-ru-Leak)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/56b113ba-0f93-4ce1-aadd-28127db71d4d.png
  • Threat Actors: btCC
  • Victim Country: Russia
  • Victim Industry: Information Services
  • Victim Organization: zasudali
  • Victim Site: zasudili.ru
  1. Hoehner Research & Consulting Group GmbH falls victim to Sinobi ransomware
  • Category: Ransomware
  • Content: Group claims to have obtained 20 GB of organization’s data.
  • Date: 2025-10-17T22:04:24Z
  • Network: tor
  • Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f2b08c88b6823fa2a1813b)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/c70d28fb-bea5-4a20-ac1e-880ee9614429.png
  • Threat Actors: Sinobi
  • Victim Country: Germany
  • Victim Industry: Renewables & Environment
  • Victim Organization: hoehner research & consulting group gmbh
  • Victim Site: hrcg.eu
  1. D Magazine Partners falls victim to Sinobi ransomware
  • Category: Ransomware
  • Content: Group claims to have obtained 205 GB of organization’s data.
  • Date: 2025-10-17T21:59:44Z
  • Network: tor
  • Published URL: (http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/68f2ac6288b6823fa2a166b5)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/a124442d-65e6-4013-bf2e-17bb5cf51e4c.png
  • Threat Actors: Sinobi
  • Victim Country: USA
  • Victim Industry: Publishing Industry
  • Victim Organization: d magazine
  • Victim Site: dmagazine.com
  1. Alleged data sale of TravelWifi
  1. Madagascar Airlines falls victim to The Gentlemen ransomware
  1. Alleged data breach of Fruit paradise
  1. Collins Aerospace falls victim to Everest ransomware
  1. Alleged sale of server root access and payment-redirect scheme
  1. Shadrix & Parmer, P.C. falls victim to INC RANSOM ransomware
  1. Cottage Corporation falls victim to PLAY ransomware
  1. Alleged data sale of Australian accounting
  • Category: Data Breach
  • Content: The threat actor claims to be selling a large dataset of Australian accounting. The compromised data reportedly contains 89.9 gb records that includes tax return, audits, company statement, corporate key, shares in the company, etc.
  • Date: 2025-10-17T19:58:38Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/268446/)
  • Screenshots:
  • Threat Actors: remotedesktop
  • Victim Country: Austria
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data sale of Democrazia Sovrana Popolare
  1. Milgard Windows and Doors falls victim to CL0P ransomware
  1. Alleged sale of mixed access to email accounts
  1. Alleged data sale of prueba.farmagranada.es
  1. Alleged data breach of adscale
  • Category: Data Breach
  • Content: Threat actor claims to have leaked data and source code from adscale, USA. The compromised data reportedly contains data from as recent as October 16th, and had their source code. NB: adscale was previously breached on Mon Sep 15 2025.
  • Date: 2025-10-17T18:58:57Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Source-Code-AdScale-Data-Breach-Leaked-Download)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/fd3e664f-3b88-4ac5-b09a-becab710b7ee.png
  • Threat Actors: 888
  • Victim Country: USA
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: adscale
  • Victim Site: adscale.com
  1. Alleged sale of 3.5M UK email leads
  • Category: Data Breach
  • Content: The threat actor claims to be selling a dataset of 3.5 million UK email leads.
  • Date: 2025-10-17T18:52:27Z
  • Network: openweb
  • Published URL: (https://leakbase.la/threads/3-5m-uk-emails-leads.44605/)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/09138450-fe4b-464e-a162-c51334770999.png
  • Threat Actors: oguser
  • Victim Country: UK
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data sale of Crypto University
  • Category: Data Breach
  • Content: Threat actor claims to be selling leaked users data from Crypto University, UAE. The compromised data reportedly contains 25,800 records including user id, status, affiliate code, email address, passwords (hashed), first name, last name, address, postal code, phone number etc.
  • Date: 2025-10-17T18:16:45Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-CryptoUniversity-network-Database)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/1d92bddc-08ce-41ad-8834-2d7d0188657c.png
    • https://d34iuop8pidsy8.cloudfront.net/4bcd1b26-f67b-41fc-82b4-bdabfc5853bd.png
  • Threat Actors: 888
  • Victim Country: UAE
  • Victim Industry: E-Learning
  • Victim Organization: crypto university
  • Victim Site: cryptouniversity.network
  1. Law Offices of Galine, Frye, Fitting & Frangos, LLP falls victim to PEAR ransomware
  • Category: Ransomware
  • Content: Group claims to have obtained 2.1 TB of the organization’s data. The compromised information reportedly includes financial records, confidential documents, personal data, and more.
  • Date: 2025-10-17T17:19:18Z
  • Network: tor
  • Published URL: (http://peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion/Companies/dongaline/)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/193250c1-9361-48e2-8d26-8edd6634903f.png
  • Threat Actors: PEAR
  • Victim Country: USA
  • Victim Industry: Law Practice & Law Firms
  • Victim Organization: law offices of galine, frye, fitting & frangos, llp
  • Victim Site: dongaline.com
  1. Tenryu America falls victim to Akira ransomware
  • Category: Ransomware
  • Content: Group claims to have obtained the organization’s data. The compromised information reportedly includes employee records, client data, contracts, and financial documents.
  • Date: 2025-10-17T16:49:58Z
  • Network: tor
  • Published URL: (https://www.google.com/search?q=https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/45a67654-789b-45e6-bd4c-70d643469304.png
  • Threat Actors: akira
  • Victim Country: USA
  • Victim Industry: Building and construction
  • Victim Organization: tenryu america, inc.
  • Victim Site: tenryu.com
  1. Alleged data breach of TripWorks
  1. Manko Window Systems falls victim to akira ransomware
  1. Pharmacie des Alizés falls victim to DEVMAN 2.0 ransomware
  1. Dental Society of La Plata falls victim to DragonForce ransomware
  1. Sold Real Estate falls victim to RADAR group ransomware
  1. Alleged sale of RDWeb/RDP access to U.S. retail company
  1. Alleged sale of RDP/RDWeb access to Spain freight & logistics company
  1. One Agency Eastlakes falls victim to RADAR group ransomware
  1. UrbanX falls victim to RADAR group ransomware
  1. Alleged Sale of Bittrex Database
  1. Alleged sale of access to unidentified french association
  1. Curtis Steel falls victim to Akira Ransomware
  1. Alleged sale of Discord’s 0day exploit
  1. Alleged unauthorized access to an unidentified AC system of sewing factory in Poland
  1. Consolidated Restaurant Operations falls victim to akira Ransomware
  1. Plastics Extrusion Machinery LLC falls victim to Akira Ransomware
  1. Night Owll targets the website of Badan Pengelola Perbatasan Daerah (BPPD)
  1. Alleged unauthorized access to an unidentified German citizen’s computer
  1. WEBER GmbH falls victim to RansomHouse Ransomware
  1. Alleged data leak of Insurance Office of America
  • Category: Data Breach
  • Content: The threat actor claims to have leaked over 100k internal documents data from Insurance Office of America.
  • Date: 2025-10-17T10:45:23Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-Insurance-Office-of-America-US-Full-Leak-100k-internal-documents)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/5c62440f-ad60-4567-ad11-f076cb51d738.png
  • Threat Actors: MarlboroRed
  • Victim Country: USA
  • Victim Industry: Insurance
  • Victim Organization: insurance office of america
  • Victim Site: ioausa.com
  1. Alleged data breach of Universal Thought Consult
  • Category: Data Breach
  • Content: The group claims to have leaked data from Universal Thought Consult.
  • Date: 2025-10-17T10:31:29Z
  • Network: telegram
  • Published URL: (https://t.me/lunarisS3C/60)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/9cab49c8-659a-42cc-b60b-e1de5deb0c87.png
  • Threat Actors: LunarisSec
  • Victim Country: Nepal
  • Victim Industry: Education
  • Victim Organization: universal thought consult
  • Victim Site: utc.com.np
  1. Alleged unauthorized access to Kittiwit School
  • Category: Initial Access
  • Content: The group claims to have gained login access to Kittiwit School.
  • Date: 2025-10-17T10:15:57Z
  • Network: telegram
  • Published URL: (https://t.me/notctber/1323)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/efaef391-1946-4141-ba53-c88cb90cf900.png
  • Threat Actors: NOTCTBER404
  • Victim Country: Thailand
  • Victim Industry: Education
  • Victim Organization: kittiwit school
  • Victim Site: kittivit.ac.th
  1. Alitech Sp. z o.o falls victim to Nova Ransomware
  • Category: Ransomware
  • Content: The group claims to have obtained 22 GB of the organization’s data and intends to publish them within 10-11 days.
  • Date: 2025-10-17T10:13:26Z
  • Network: tor
  • Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/b21a1eef-729a-42eb-a075-2622ea259715.jpg
  • Threat Actors: Nova
  • Victim Country: Poland
  • Victim Industry: Retail Industry
  • Victim Organization: alitech sp. z o.o
  • Victim Site: alitech.com.pl
  1. Alleged unauthorized access to Cargo airport network in Canada
  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to Cargo airport network in Canada.
  • Date: 2025-10-17T09:53:13Z
  • Network: telegram
  • Published URL: (https://t.me/Mhwear98/1133)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/51a94d56-fdba-4e6b-a5e6-336314c52713.png
    • https://d34iuop8pidsy8.cloudfront.net/6770f0e1-5ca9-4ec8-b52f-2ca2f8130af0.png
  • Threat Actors: Cyber Islamic resistance
  • Victim Country: Canada
  • Victim Industry: Transportation & Logistics
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Gardiner’s Solicitors falls victim to DragonForce Ransomware
  • Category: Ransomware
  • Content: The group claims to have obtained 87.4 GB of the organization’s data and intends to publish them within 5-6 days.
  • Date: 2025-10-17T09:36:56Z
  • Network: tor
  • Published URL: (https://www.google.com/search?q=http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/192ad9f3-6598-44e2-8d49-2a90e38f04b4.png
    • https://d34iuop8pidsy8.cloudfront.net/a9b59544-70be-445e-bdd1-1558fe111deb.png
  • Threat Actors: DragonForce
  • Victim Country: UK
  • Victim Industry: Law Practice & Law Firms
  • Victim Organization: gardiner’s solicitors
  • Victim Site: gardinerssolicitors.co.uk
  1. Gerhard Geiger GmbH & Co. KG falls victim to RHYSIDA Ransomware
  • Category: Ransomware
  • Content: The group claims to have obtained organization’s data and intents to publish it within 6 to 7 days.
  • Date: 2025-10-17T08:55:40Z
  • Network: tor
  • Published URL: (http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion/)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/0fdec735-2056-4801-8536-4ad13885b375.jpg
  • Threat Actors: RHYSIDA
  • Victim Country: Germany
  • Victim Industry: Manufacturing & Industrial Products
  • Victim Organization: gerhard geiger gmbh & co. kg
  • Victim Site: geiger.de
  1. Scattered LAPSUS$ Hunters claims to target USA
  • Category: Alert
  • Content: A recent post by the group indicates that they are targeting U.S. Critical Infrastructure.
  • Date: 2025-10-17T07:54:11Z
  • Network: telegram
  • Published URL: (https://t.me/ripalldaguyz/101)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/30aab595-c616-4d48-b621-028303e6d8f7.png
  • Threat Actors: scattered LAPSUS$ hunters 7.0
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of 10k credit card data from USA
  • Category: Data Breach
  • Content: Threat actor claims to be selling 10000 CC from USA.
  • Date: 2025-10-17T06:09:04Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/268387/)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/93414ef1-adb9-4a73-8e85-4ead628dfe10.png
  • Threat Actors: cashmoneycard
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. KAL EGY 319 claims to target all Educational Institutions in Egypt
  • Category: Alert
  • Content: A recent post by the group indicates that they are targeting all educational institutions in Egypt.
  • Date: 2025-10-17T05:58:09Z
  • Network: telegram
  • Published URL: (https://t.me/KALOSHA319/23)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/3749f19f-df16-48d1-b4cd-cbbb93f95f4e.png
  • Threat Actors: KAL EGY 319
  • Victim Country: Egypt
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of European Air Defense Database
  • Category: Data Breach
  • Content: The threat actor claims to have leaked and is selling 8 GB of sensitive database allegedly tied to a European air defense entity.
  • Date: 2025-10-17T05:42:53Z
  • Network: openweb
  • Published URL: (https://breachsta.rs/topic/fresh-european-air-defense-database-breach-by-daemonroot-cdj7ng71d28s)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/2f5cbbed-e55f-4808-9126-f1bad5240085.png
  • Threat Actors: DaemonRoot
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data leak of European air defense network
  • Category: Data Breach
  • Content: The threat actor claims to have breached a European air defense database and is offering 8 GB of documents for sale
  • Date: 2025-10-17T05:20:04Z
  • Network: openweb
  • Published URL: (https://breachsta.rs/topic/fresh-european-air-defense-database-breach-by-daemonroot-cdj7ng71d28s)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/8ad9bba9-82bc-4f9f-8b51-35f279e36e9a.png
  • Threat Actors: DaemonRoot
  • Victim Country: Unknown
  • Victim Industry: Defense & Space
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of ATM hacking tools
  • Category: Malware
  • Content: A threat actor offering a productized ATM cash‑out platform called “CUTLET MAKER 2025” that claims to enable large‑scale, modular ATM compromises with multi‑tier user roles (admin/staff/drop), automated bulk workflows (scan → exploit → backdoor → cash extraction), centralized real‑time monitoring and analytics with encrypted communications.
  • Date: 2025-10-17T05:01:25Z
  • Network: openweb
  • Published URL: (https://demonforums.net/Thread-Leak-ATM-hacking-tools-tutoria)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/f53c58ad-4c3c-4793-becd-b40f71e7809a.png
    • https://d34iuop8pidsy8.cloudfront.net/d455aff4-13e5-463e-85ec-00789855c961.png
  • Threat Actors: rippors
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of University of Oxford
  • Category: Data Breach
  • Content: Threat actor claims to have leaked 21,658 student data from University of Oxford. The compromised data includes student ID, full name, date of birth, home and mailing addresses, city and other location details, country information, postal codes, phone and mobile numbers, email addresses, roll number, and job title or company details.
  • Date: 2025-10-17T04:42:25Z
  • Network: openweb
  • Published URL: (https://breachsta.rs/topic/oxford-university-breach-full-database-21658-students-uk-h6v050fqhlck)
  • Screenshots:
    • https://d34iuop8pidsy8.cloudfront.net/c18ffc08-f85a-40de-b0db-00edec2d3ea8.png
  • Threat Actors: BlackOrcaX
  • Victim Country: UK
  • Victim Industry: Higher Education/Acadamia
  • Victim Organization: university of oxford
  • Victim Site: ox.ac.uk
  1. Alleged data breach of Club Atlético Talleres
  1. Alleged data breach of Like4Like
  1. SK shieldus falls victim to BlackShrantac Ransomware

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats.

Data breaches and leaks are prominent, affecting various sectors from e-commerce and gaming to defense and higher education, and impacting countries including the USA, Brazil, Russia, Canada, Germany, UK, Argentina, Italy, Nepal, Thailand, and South Korea. The compromised data ranges from personal user information and tax IDs to internal documents, military-related classified documents, and large customer databases.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to corporate networks (including RDWeb/RDP access to U.S. and Spanish firms), a German citizen’s computer, a Canadian cargo airport, a Polish factory’s AC system, a French association, and a Thai school.

The prevalence of ransomware attacks, specifically by groups like Akira, Sinobi, DragonForce, RADAR group, Everest, PLAY, CL0P, RHYSIDA, Nova, and BlackShrantac, is notable, with victims across the USA, Germany, Madagascar, Argentina, France, Australia, Poland, and South Korea, targeting industries from aerospace and law firms to real estate and manufacturing.

The sale of malware, including an ATM cash-out platform, and the sale of a Discord 0-day exploit underscore the availability of offensive capabilities and vulnerabilities being traded in the cyber underground. Additionally, alerts indicate targeting of U.S. Critical Infrastructure and Egyptian educational institutions.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts