This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. My Florida Case Management Services, LLC falls victim to RADAR group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data and intends to publish it within 15-16 days.
- Date: 2025-10-19T23:27:37Z
- Network: tor
- Published URL: (http://3bnusfu2lgk5at43ceu7cdok5yv4gfbono2jv57ho74ucjvc7czirfid.onion/awaiting-publication)
- Screenshots:
- Threat Actors: RADAR group
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: my florida case management services, llc
- Victim Site: Unknown
2. Alleged data breach of Indonesia’s Ministry of Public Works and Housing
- Category: Data Breach
- Content: The threat actor claims to have leaked 1.9 GB of documents allegedly belonging to the Indonesia Ministry of Public Works. The data reportedly includes 635 files containing detailed engineering design documents.
- Date: 2025-10-19T23:21:46Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Indonesia-Ministry-of-Public-Works-Detailed-Engineering-Design-1-9-GB)
- Screenshots:
- Threat Actors: toshikana
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: indonesia’s ministry of public works and housing
- Victim Site: pu.go.id
3. Alleged Data Leak of Vehicle Registration Records in Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked 186 files allegedly containing BPKB(Motor Vehicle Ownership Certificate) and STNK (Vehicle Registration Certificate) documents from Indonesia.
- Date: 2025-10-19T22:21:24Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Indonesia-186-BPKB-STNK)
- Screenshots:
- Threat Actors: toshikana
- Victim Country: Indonesia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
4. Alleged data sale of jocommunity.com
- Category: Data Breach
- Content: Threat actor claims to be selling data from jocommunity.com. The compromised data reportedly contains 2852 records that includes user_id, ip, email, image, phone, type, gender, etc.
- Date: 2025-10-19T22:00:04Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268568/)
- Screenshots:
- Threat Actors: AckLine
- Victim Country: Jordan
- Victim Industry: Unknown
- Victim Organization: jocommunity.com
- Victim Site: jocommunity.com
5. Accord Carton falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information, and more. They plan to publish it within 3 to 4 days.
- Date: 2025-10-19T21:43:49Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=EasFJ6jSPkpLn)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Packaging & Containers
- Victim Organization: accord carton
- Victim Site: accordcarton.com
6. Alleged sale of Indian Government and Military data
- Category: Data Breach
- Content: The threat actor claims to be selling data belonging to the Indian government and military. The compromised data reportedly includes various top secret, and confidential documents.
- Date: 2025-10-19T21:43:48Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%93%A1-Indian-Government-and-Military-Defense-Data-Mega-Leak-9-35-GB-%F0%9F%93%A1)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
7. Alleged leak of Indian Government and Military data
- Category: Data Breach
- Content: The threat actor claims to have leaked data belonging to the Indian government and military. The compromised data reportedly includes various top secret, and confidential documents.
- Date: 2025-10-19T21:38:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%93%A1-Indian-Government-and-Military-Defense-Data-Mega-Leak-9-35-GB-%F0%9F%93%A1)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
8. Alleged Sale of RDP Access to US Business Services Company
- Category: Initial Access
- Content: Threat actor claims to be selling RDP access with Local Administrator privileges to a US Business Services Company.
- Date: 2025-10-19T21:24:30Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268563/)
- Screenshots:
- Threat Actors: 361CrimeLiFe
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
9. healthandvitalitycenter falls victim to SAFEPAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T21:13:57Z
- Network: tor
- Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/healthandvitalitycentercom/)
- Screenshots:
- Threat Actors: SAFEPAY
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: healthandvitalitycenter
- Victim Site: healthandvitalitycenter.com
10. Alleged data breach of Dakota Shushi
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Dakota Shushi, Russia. The compromised data reportedly contains 40,000 records including order id, invoice no, customer id, name, email, telephone, etc.
- Date: 2025-10-19T21:13:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-FREE-RUSSIAN-DATABASE-dakotadostavka-ru-40K-rows–56644)
- Screenshots:
- Threat Actors: trashfunny
- Victim Country: Russia
- Victim Industry: Restaurants
- Victim Organization: dakota shushi
- Victim Site: dakotadostavka.ru
11. Alleged data breach of Gallato
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Gallato, Russia. The compromised data reportedly includes phone, email, name, password, address etc.
- Date: 2025-10-19T21:05:19Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-FREE-RUSSIAN-DATABASE-gallato-ru)
- Screenshots:
- Threat Actors: trashfunny
- Victim Country: Russia
- Victim Industry: E-commerce & Online Stores
- Victim Organization: gallato
- Victim Site: gallato.ru
12. Alleged sale of admin access to an unidentified Prestashop in Spain
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to a Prestashop in spain.
- Date: 2025-10-19T20:29:06Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268558/)
- Screenshots:
- Threat Actors: …..
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
13. Klima-Therm Poland falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T20:25:52Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=610db456-5906-313f-9ca6-4ab19fb2cb00)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Poland
- Victim Industry: Manufacturing
- Victim Organization: klima-therm poland
- Victim Site: klima-therm.com
14. Distribuciones Camba falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T20:17:10Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=5dc1c1e5-a603-30da-8c13-015fac008851)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Spain
- Victim Industry: Food & Beverages
- Victim Organization: distribuciones camba
- Victim Site: distribucionescamba.com
15. KW Landscape Architects falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T20:07:28Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c66e164b-8599-3d9f-89f5-98828f4ea3bc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Architecture & Planning
- Victim Organization: kw landscape architects
- Victim Site: kwtexas.com
16. SANgel falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T19:59:56Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=27e0082f-5277-3a2a-961e-7fe5579e3d8c)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Gabon
- Victim Industry: Food Production
- Victim Organization: sangel
- Victim Site: san-gel.com
17. Alleged leak of att.net data
- Category: Data Breach
- Content: Threat actor claims to have leaked 5 million username and password data from att.net, related to AT&T and yahoo mail.
- Date: 2025-10-19T19:52:20Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-att-net-5M)
- Screenshots:
- Threat Actors: Secur3rat
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: att.net
18. Khatami Law falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T19:42:04Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=22ae936e-cf32-3e22-9dc0-2459f9e3c8c6)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: khatami law
- Victim Site: khatamilaw.com
19. Laloma Inc falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T19:28:37Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a7f10325-60e3-3fef-ba61-5a5d7e82c1ed)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Fashion & Apparel
- Victim Organization: laloma inc
- Victim Site: lalomainc.com
20. Alleged Sale of RDP Access to US Software Company
- Category: Initial Access
- Content: Threat actor claims to be selling RDP access to a US-based software company.
- Date: 2025-10-19T19:27:32Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268557/)
- Screenshots:
- Threat Actors: 361CrimeLiFe
- Victim Country: USA
- Victim Industry: Software
- Victim Organization: Unknown
- Victim Site: Unknown
21. Alleged Sale of RDP access to Spain-Based Construction Company
- Category: Initial Access
- Content: Threat actor claims to be selling RDP access to a Spain-based company in the Commercial & Residential Construction sector.
- Date: 2025-10-19T19:22:42Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268556/)
- Screenshots:
- Threat Actors: 361CrimeLiFe
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
22. Alleged sale of admin access to Magento 2
- Category: Initial Access
- Content: Threat actor claims to be selling admin access to Magento 2.
- Date: 2025-10-19T19:15:49Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268553/)
- Screenshots:
- Threat Actors: bizether
- Victim Country: Unknown
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
23. Scales Sales & Service falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T18:33:26Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=3054145b-1829-3df0-8087-5c3d20af90d4)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Machinery
- Victim Organization: scales sales & service
- Victim Site: 247scales.com
24. London Women’s Clinic falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 500 GB of the organization’s data.
- Date: 2025-10-19T18:21:05Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=28393601-eff0-34dc-8409-ebae51916180)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: UK
- Victim Industry: Medical Practice
- Victim Organization: london women’s clinic
- Victim Site: londonwomensclinic.com
25. Alleged sale of BTMob malware
- Category: Malware
- Content: Threat actor claims to be selling BTMob source APK and source builder malware package.
- Date: 2025-10-19T18:13:17Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143837/)
- Screenshots:
- Threat Actors: XDRevil
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
26. Stephenson’s Rental Services falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T18:11:21Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c77fbbfb-4db7-32b2-9a9e-baf1ed91a2a3)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Building and construction
- Victim Organization: stephenson’s rental services
- Victim Site: stephensons.ca
27. BIOPHARMEX falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T17:59:38Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c6501e5e-393a-3457-a131-409439dbd6b7)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Mexico
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: biopharmex
- Victim Site: biopharmex.com.mx
28. Alleged Sale of FTX Claims Database 2025
- Category: Data Breach
- Content: The threat actor claims to be selling a database of FTX. The compromised data reportedly contains over 300,000 records that includes user id, first name, last name, email, claim id, phone number, etc.
- Date: 2025-10-19T17:47:36Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/ftx-breach-kroll-300k-claimant-portal-records-w-2025-updates.44677/)
- Screenshots:
- Threat Actors: boyka
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: ftx
- Victim Site: ftx.com
29. JA Jennings falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 239 GB of the organization’s data.
- Date: 2025-10-19T17:45:19Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4c9762-2df3-3aec-b898-1a15b29252fb)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: ja jennings
- Victim Site: jajenningsinc.com
30. Alleged sale of Facebook scrapped data
- Category: Data Breach
- Content: Threat actor claims to be selling leaked scrapped data from Facebook. The compromised data reportedly contains over 1.7 billion data from year 2025, including ID, gender, DOB, place, relationship, and friends count.
- Date: 2025-10-19T17:34:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-%E2%9C%93-VERIFIED-1-7B-FACEBOOK-SCRAPED-DATA-2025)
- Screenshots:
- Threat Actors: cRime
- Victim Country: USA
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: facebook
- Victim Site: facebook.com
31. Stowaway Storage falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T17:25:39Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2f275dab-db34-3ec1-804a-acf487b8c9b7)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Warehousing
- Victim Organization: stowaway storage
- Victim Site: stowawaystoragect.com
32. Alleged data sale of Abacus Desk
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from Abacus Desk, India. The compromised data reportedly contains 60 MB of data including name, phone, phone 2, email, address, dob, etc.
- Date: 2025-10-19T16:50:05Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-India-73k-Name-Phone-Phone-2-Email-Address-Dob-abacusdesk-com)
- Screenshots:
- Threat Actors: AgSlowly
- Victim Country: India
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: abacus desk
- Victim Site: abacusdesk.com
33. CELLINI DESIGN CENTER falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T16:43:44Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=aed1f023-8c5a-3bef-9a1c-0a228c283590)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Singapore
- Victim Industry: Furniture
- Victim Organization: cellini design center
- Victim Site: cellini.com.sg
34. Gas Generator Solutions falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T16:25:41Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=95fcf129-99f9-3337-a647-58d9adb2c7a2)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Machinery
- Victim Organization: gas generator solutions
- Victim Site: gasgeneratorsolutions.com
35. Octomeca OY falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T16:14:48Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7aaca2f4-7d89-36bd-864c-73f810ddc256)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Finland
- Victim Industry: Machinery
- Victim Organization: octomeca oy
- Victim Site: octomeca.fi
36. Alleged Sale of Credit Cards from 5 STAR HOTEL
- Category: Data Breach
- Content: Threat actor claims to be selling 886 credit-card records allegedly taken from a five-star hotel across multiple countries.
- Date: 2025-10-19T16:09:33Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268539/)
- Screenshots:
- Threat Actors: s4sori
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
37. Barco Rent A Truck falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T16:02:55Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0ddc7828-053a-3147-9c75-f949c2d893b8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: barco rent a truck
- Victim Site: barcotrucks.com
38. SIGN Fracture Care falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T15:42:12Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=386fe80f-e49a-3541-b21a-d5ccc94c135d)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Medical Equipment Manufacturing
- Victim Organization: sign fracture care
- Victim Site: signfracturecare.org
39. Winholt Equipment Group falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T15:26:58Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1187af26-3702-34a9-a7a1-8106d03a6a10)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: winholt equipment group
- Victim Site: winholt.com
40. Alleged sale of credit card data from USA and Europe
- Category: Data Breach
- Content: Threat actor claims to be selling 1160 credit card data from unidentified website in USA and Europe.
- Date: 2025-10-19T14:43:28Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143829/)
- Screenshots:
- Threat Actors: LeaksPlus
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
41. All Weather Architectural Aluminum falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:41:44Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ab3fc1a6-54c5-3633-8a9b-0d92a0d334f0)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: all weather architectural aluminum
- Victim Site: allweatheraa.com
42. WASSA falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:35:15Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f8fcbfba-1f38-3ab6-abe7-674e3a01e7db)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Czech Republic
- Victim Industry: Transportation & Logistics
- Victim Organization: wassa
- Victim Site: wassa.eu
43. Alleged data breach of Partai Nasdem
- Category: Data Breach
- Content: Threat actor claims to be breached the databases of Partai Nasdem.. The compromised data reportedly contains name, province, number, KTP Card etc.
- Date: 2025-10-19T14:33:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Data-Politic-Indonesian-partainasdem-id)
- Screenshots:
- Threat Actors: TRexID
- Victim Country: Indonesia
- Victim Industry: Political Organization
- Victim Organization: partai nasdem
- Victim Site: partainasdem.id
44. Indian Spring Country Club falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:28:48Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=bb69f8e1-13fd-3f8d-9d00-623c85f6338a)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Hospitality & Tourism
- Victim Organization: indian spring country club
- Victim Site: indianspringcc.com
45. Sports Medicine and Orthopedics falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:22:29Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=51955e62-9fb4-37ab-af21-0eb1a43a56e8)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Medical Practice
- Victim Organization: sports medicine and orthopedics
- Victim Site: sportsmedcenter.com
46. Grande Prairie Public Library falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:18:35Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=12fbb60a-31ef-3cf1-b623-1e76d7a35a50)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Government & Public Sector
- Victim Organization: grande prairie public library
- Victim Site: grandeprairie.org
47. Platinum Wines & Spirits falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T14:18:23Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=44c6114f-97c2-316c-81e9-e8e86e93042b)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Singapore
- Victim Industry: Food & Beverages
- Victim Organization: platinum wines & spirits
- Victim Site: platinumpws.com
48. BLOOD & MARROW TRANSPLANT GROUP OF GEORGIA falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-19T13:46:48Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=730600d7-8e62-3dae-956f-04ed5b3c42dc)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Medical Practice
- Victim Organization: blood & marrow transplant group of georgia
- Victim Site: bmtga.com
49. Alleged data breach of Fatih Turizm
- Category: Data Breach
- Content: Threat actor claims to be breached the databases of Fatih Turizm in Turkey. The compromised data reportedly contains id, groupid,company id, city, town, email, adress, career, gender, academy, member no, password, tcnumber, temp name, birthdate, cepnumber, transdate, transuser, defination, groupcount, membername, telephone1, telephone2,updatetime,updateuser,infomessage,nationality,refmemberno,membersurname etc.
- Date: 2025-10-19T13:06:46Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-TURKEY-FATIH-TURIZM-DATABASE-HACKED)
- Screenshots:
- Threat Actors: l33t
- Victim Country: Turkey
- Victim Industry: Leisure & Travel
- Victim Organization: fatih turizm
- Victim Site: fatihturizm.com.tr
50. Alleged data leak of Sportbook
- Category: Data Breach
- Content: Threat actor claims to be leaked 8K Denmark users Database from Sportbook.
- Date: 2025-10-19T12:48:21Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-8k-Sportbook-all-Danish-users)
- Screenshots:
- Threat Actors: goonix
- Victim Country: Denmark
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
51. Alleged data leak of Regional Civil Service Agency and Human Resources Development (BKPSDM)
- Category: Data Breach
- Content: The threat actor claims to be leaked data from Regional Civil Service Agency and Human Resources Development (BKPSDM).
- Date: 2025-10-19T12:39:52Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-LEAKED-data-asn-kab-buol-BY-DarkHandshake–56610)
- Screenshots:
- Threat Actors: darkHandshake
- Victim Country: Indonesia
- Victim Industry: Government & Public Sector
- Victim Organization: regional civil service agency and human resources development (bkpsdm)
- Victim Site: sim-asn.buolkab.go.id
52. Pharaoh’s Team targets multiple Indian websites
- Category: Defacement
- Content: The group claims to have defaced multiple Indian websites.
- Date: 2025-10-19T11:35:14Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/199)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: ads2core
- Victim Site: ads2core.com
53. Alleged sale to Monolock Ransomware V1.0
- Category: Malware
- Content: The threat actor claims to be selling a ransomware builder named Monolock Ransomware V1.0.
- Date: 2025-10-19T11:20:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-MONOLOCK-RANSOMWARE-V1-0)
- Screenshots:
- Threat Actors: monolocksup
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
54. Linxx Global Solutions falls victim to MEDUSA Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data and they intend to publish it within 12-13 days.
- Date: 2025-10-19T11:11:57Z
- Network: tor
- Published URL: (http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=82f424a65906e1ae0d4ce8b9233cd550)
- Screenshots:
- Threat Actors: MEDUSA
- Victim Country: USA
- Victim Industry: Security & Investigations
- Victim Organization: linxx global solutions, inc.
- Victim Site: linxxglobal.com
55. Imagicle falls victim to Medusa Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data and they intend to publish it within 9-10 days.
- Date: 2025-10-19T10:58:54Z
- Network: tor
- Published URL: (http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=3b18e81d7260e19566d659c3a8f61ec9)
- Screenshots:
- Threat Actors: MEDUSA
- Victim Country: Italy
- Victim Industry: Network & Telecommunications
- Victim Organization: imagicle
- Victim Site: imagicle.com
56. Dalcans falls victim to Medusa Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1 TB of organization’s data and they intend to publish it within 15-16 days.
- Date: 2025-10-19T10:39:54Z
- Network: tor
- Published URL: (http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=2681e5abe695b4fe95c45401115b4aae)
- Screenshots:
- Threat Actors: MEDUSA
- Victim Country: France
- Victim Industry: Design
- Victim Organization: dalcans
- Victim Site: dalcans.com
57. Alleged leak of 1700 vulnerability in Web application
- Category: Vulnerability
- Content: The threat actor claims to have leaked a collection of 1700 web application vulnerabilities on an underground forum. The disclosed vulnerabilities include known CVEs, various exploit scripts, and URLs targeting common plugins and subscription systems.
- Date: 2025-10-19T09:03:33Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143827/)
- Screenshots:
- Threat Actors: Spider777
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
58. Alleged data leak of Gibran Rakabuming Raka
- Category: Data Breach
- Content: The threat actor claims to have leaked personal data of Gibran Rakabuming Raka.
- Date: 2025-10-19T07:59:01Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DATA-PERSONAL-GIBRAN-RAKABUMING-RAKA)
- Screenshots:
- Threat Actors: Rizkyexecutorx
- Victim Country: Indonesia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
59. Alleged data breach of CyberCoders
- Category: Data Breach
- Content: The threat actor claims to be selling a massive data dump from CyberCoders, a U.S.-based technology-focused recruiting and staffing platform that connects employers with professionals across industries like tech, engineering, finance, and healthcare. The compromised dataset reportedly contains around 35 million records, including candidate profiles, resumes, and emails. Exposed information allegedly includes full names, email addresses, phone numbers, cities, employment history, work authorization status, education background, salary details, and security clearance information. The total leak size is said to be approximately 274 GB uncompressed (38 GB compressed)
- Date: 2025-10-19T06:26:39Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/cybercoderscom-35m-joqmqowejat7)
- Screenshots:
- Threat Actors: wikkid
- Victim Country: USA
- Victim Industry: Staffing/Recruiting
- Victim Organization: cybercoders
- Victim Site: cybercoders.com
60. Alleged data leak of 28K Subscription Records from Bosnian/Romanian Credit Company
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of 28,000 subscription records from a Bosnian/Romanian credit company. The package reportedly includes emails, registration dates (XLSX format) and a Wormhole file-sharing link.
- Date: 2025-10-19T06:21:33Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/28k-subscription-records-of-bosnianromanian-credit-company-bwv2ghmjrv7d)
- Screenshots:
- Threat Actors: bitcoin
- Victim Country: Romania
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
61. Alleged data leak of Verification.io
- Category: Data Breach
- Content: Threat actor claims to have leaked the full database of Verification.io.
- Date: 2025-10-19T06:11:35Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/verification-io.44656/)
- Screenshots:
- Threat Actors: jacksparrow874
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: verification.io
- Victim Site: verification.io
62. Alleged data leak of Global Premium Database
- Category: Data Breach
- Content: The threat actor claims to have leaked a premium-quality cloud of databases covering targets in 65+ countries across Europe, Asia, Africa, the Americas and Australia. The package allegedly includes full company databases; document scans (ID, driving licence, passport); consumer info; phone and email lists; number:pass & email:user dumps; citizens’ records including SSN/SIN; databases from large sites.
- Date: 2025-10-19T06:07:28Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Verification-Proof-of-Address-%C2%B7-Income-%C2%B7-Funds-%C2%B7-Contracts-%C2%B7-Selfie-Edits)
- Screenshots:
- Threat Actors: Khanagha122
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
63. Alleged Data Leak of Verified UK Identity and Background Check Information
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing verified UK identity information. The package includes a UK Driving Licence, full BS7858 background check, National Insurance Number (NIN), date of birth, and residential address.
- Date: 2025-10-19T04:39:05Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/uk-identity-with-verified-background-check-e0qyu14ru8nf)
- Screenshots:
- Threat Actors: KAPTEIN
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
64. WOLF CYBER ARMY targets multiple websites under Cariumulya Village Government
- Category: Defacement
- Content: The group claims to have defaced multiple websites associated with the Cariumulya Village Government in Indonesia.
- Date: 2025-10-19T04:39:03Z
- Network: telegram
- Published URL: (https://t.me/c/2670088117/390)
- Screenshots:
- Threat Actors: WOLF CYBER ARMY
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: jdih desa cariumulya
- Victim Site: jdih.desacariumulya.com
65. Long Island Weight Loss Institute falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 13 GB of the organization data. Sample screenshots are available on their dark web portal.
- Date: 2025-10-19T03:50:04Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=724324d2-6978-3741-9aee-4970717e9ec6)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Health & Fitness
- Victim Organization: long island weight loss institute
- Victim Site: liwli.com
66. Alleged data breach of Universidad Nacional de San Martín
- Category: Data Breach
- Content: The threat actor claims to have breached the academic system of the Universidad Nacional de San Martín (Peru). They extracted 2,343 personal records and photographs of students.
- Date: 2025-10-19T02:50:37Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-PERU-UNIVERSIDAD-NACIONAL-DE-SAN-MARTIN)
- Screenshots:
- Threat Actors: milanesa
- Victim Country: Peru
- Victim Industry: Higher Education/Acadamia
- Victim Organization: universidad nacional de san martín
- Victim Site: unsm.edu.pe
67. Summit Golf Brands falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 50.63 GB of the organization’s data and intend to publish it within 5-6 days.
- Date: 2025-10-19T00:44:19Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68f0fd5bfa0b6f4bdfbd57f7)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: summit golf brands
- Victim Site: summitgolfbrands.com
68. Alleged gain of access to Hungarian railway control and monitoring system
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the control and monitoring system of the Hungarian railway network. The compromised system allegedly allows control over track switches, signal lights, real-time train location tracking, and interlocking functions, enabling comprehensive management of the entire railway network’s operations and infrastructure.
- Date: 2025-10-19T00:27:55Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2014)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Hungary
- Victim Industry: Transportation & Logistics
- Victim Organization: Unknown
- Victim Site: Unknown
69. Alleged data leak of multiple domains
- Category: Data Breach
- Content: The threat actor claims to be leaking databases containing account credentials for multiple international serviceShoppingBitcoins.coms and domains across various countries and industries.
- Date: 2025-10-19T00:12:36Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/ga-pacc-243-dbs.44646/)
- Screenshots:
- Threat Actors: wonder
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: 000webhost.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats.
Data breaches and leaks are prominent, affecting various sectors from government administration and e-commerce to medical practice and financial services, and impacting countries including the USA, Indonesia, India, Russia, Spain, UK, Canada, Mexico, Singapore, Finland, Czech Republic, Gabon, Turkey, Denmark, Peru, Hungary, Romania, and Jordan. The compromised data ranges from detailed engineering documents, vehicle registration records, and social media scraped data to personal patient information, credit card details, and large customer databases including 35 million records from a recruiting platform and 1.7 billion Facebook scraped data.
Beyond data compromise, the report also reveals significant activity in Ransomware attacks, primarily by the Qilin and MEDUSA groups, targeting numerous organizations across multiple countries, including those in manufacturing, healthcare, and construction.
The prevalence of Initial Access sales, such as RDP access and admin access to various companies and a railway control system, and the sale of Malware like the Monolock Ransomware builder, further underscore the availability of offensive capabilities in the cyber underground.
The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.