This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Shamir Medical Center falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 8 TB of data from Shamir Medical Center and intends to publish it within 2–3 days.
- Date: 2025-10-02T14:37:16Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=839cffc8-d981-3d0a-88fc-cab81e2c4afd)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Israel
- Victim Industry: Hospital & Health Care
- Victim Organization: shamir medical center
- Victim Site: shamir.org
2. Alleged sale of ChileAtiende
- Category: Data Breach
- Content: The threat actor claims to have leaked 9.2 million of data from ChileAtiende, allegedly including personal details, contact information, taxpayer IDs, and full vehicle registration data.
- Date: 2025-10-02T14:36:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-SRCEI-Chile-National-Register-of-Motor-Vehicles)
- Screenshots:
- Threat Actors: Sorb
- Victim Country: Chile
- Victim Industry: Government Administration
- Victim Organization: chileatiende
- Victim Site: chileatiende.gob.cl
3. Alleged Sale of Admin Dashboard Access
- Category: Initial Access
- Content: The threat actor claims to be selling Admin Dashboard access to a compromised PrestaShop e-commerce site located in France.
- Date: 2025-10-02T14:36:06Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267417/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: France
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
4. Alleged Sale of Redirect/ Admin Dashboard Access
- Category: Initial Access
- Content: The threat actor shadowwss claims to be selling Admin Dashboard – Full Rights access to a compromised PrestaShop e-commerce site located in Spain (Espania).
- Date: 2025-10-02T14:21:21Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267420/)
- Screenshots:
- Threat Actors: shadowwss
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
5. Alleged sale of Cyprus Post data
- Category: Data Breach
- Content: The threat actor claims to be selling data allegedly stolen from Cyprus Post, including mails, invoices, and sensitive documents from government entities, police departments, embassies, and ministries. The data reportedly involves communications from various embassies and ministries of the Republic of Cyprus.
- Date: 2025-10-02T14:20:44Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Cyprus-Post-Database)
- Screenshots:
- Threat Actors: ByteToBreach
- Victim Country: Cyprus
- Victim Industry: Transportation & Logistics
- Victim Organization: cyprus post
- Victim Site: cypruspost.post
6. Alleged Data Breach of Red Hat
- Category: Data Breach
- Content: The group claims to have exported over 28,000 repositories from Red Hat, including customer CERs, infrastructure analysis, and private developer repositories. They also claim to have gained access to some of Red Hat’s clients’ infrastructure and leaked associated data.
- Date: 2025-10-02T14:19:17Z
- Network: telegram
- Published URL: (https://t.me/thecrimsoncollective/20?single)
- Screenshots:
- Threat Actors: Crimson Collective
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: red hat
- Victim Site: redhat.com
7. INDOHAXSEC targets multiple Indian websites
- Category: Defacement
- Content: Group claims to have defaced multiple Indian websites.
- Date: 2025-10-02T14:12:52Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/16)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: India
- Victim Industry: Leisure & Travel
- Victim Organization: bindra tours n travels private limited
- Victim Site: bindratoursntravels.com
8. BABAYO EROR SYSTEM targets the website of Joyou Inc.
- Category: Defacement
- Content: The group claims to have defaced the website of Joyou Inc.
- Date: 2025-10-02T13:36:10Z
- Network: telegram
- Published URL: (https://t.me/c/2532663346/62)
- Screenshots:
- Threat Actors: BABAYO EROR SYSTEM
- Victim Country: USA
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: joyou inc.
- Victim Site: myjoyou.org
9. Alleged data leak of Banjarbaru City Government, Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked a city database from Banjarbaru, Indonesia, containing personal information such as full names, addresses, national ID numbers, and birth dates.
- Date: 2025-10-02T13:25:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-INDONESIA-CITY-BANJARBARU-DATABASE-LEAKED)
- Screenshots:
- Threat Actors: M4UL1337
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: banjarbaru city government
- Victim Site: banjarbarukota.go.id
10. Alleged sale of unauthorized admin access to a Silicon Valley-based supply chain platform
- Category: Initial Access
- Content: The threat actor is selling admin access to a Silicon Valley-based supply chain platform, including GitHub, production database, and AWS cloud global admin credentials.
- Date: 2025-10-02T13:23:48Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267402/)
- Screenshots:
- Threat Actors: ChaosIon
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
11. Alleged data leak of unidentified organisation in Japan
- Category: Data Breach
- Content: The threat actor claims to have leaked several documents containing the Accelerator Driven System for nuclear waste transmutation, international projects details,working schemes of fusion reactors and Japanese research facilities details from unidentified organisation in Japan.
- Date: 2025-10-02T13:22:32Z
- Network: telegram
- Published URL: (https://t.me/c/2911263260/247)
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: Japan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
12. Dual Temp Company falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained corporate data from Dual Temp Company, including detailed information of employees such as driver’s licenses, photos, and other files, along with financial records, customer information, confidentiality agreements, projects, NDAs, and other sensitive documents.
- Date: 2025-10-02T13:16:53Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: dual temp company, inc.
- Victim Site: dualtemp.com
13. Alleged data leak of Zeelab Pharmacy
- Category: Data Breach
- Content: The threat actor claims to be leaked data from Zeelab Pharmacy alleging that the online pharmacy was breached for a second time resulting in 4.4 Million lines of compromised data. This data supposedly includes PlI such as orders details, addresses, names, city, information about doctors, and more, affecting an estimated 251,604 users and containing 224,024 unique emails.
- Date: 2025-10-02T13:15:54Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/zeelab-india-biggest-pharmacy-zeelabpharmacy-leak.44026/)
- Screenshots:
- Threat Actors: frog
- Victim Country: India
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: zeelab pharmacy
- Victim Site: zeelabpharmacy.com
14. Alleged Sale of Admin Access for a French E-commerce Site
- Category: Initial Access
- Content: The threat actor claims to be selling administrator access to a PrestaShop e-commerce website located in France.
- Date: 2025-10-02T13:04:05Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267418/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: France
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
15. DisplayIt falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 105GB of corporate data from Displayit, including employees information, financial records, confidential client files, contracts and agreements, project data notably Starbucks project files, and other sensitive documents.
- Date: 2025-10-02T12:59:43Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: displayit
- Victim Site: displayitinc.com
16. Apricorn falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained corporate data from Apricorn, including personal information of employees such as medical records, tests, EEGs, MRIs, CTs, and SSN scans, along with financial records, client information, contracts, agreements, NDAs, projects, and other sensitive documents.
- Date: 2025-10-02T12:48:26Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Computer & Network Security
- Victim Organization: apricorn
- Victim Site: apricorn.com
17. Cyb3r Drag0nz claims to target Iraq
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Iraq.
- Date: 2025-10-02T12:40:03Z
- Network: telegram
- Published URL: (https://t.me/TeamCyb3rDrag0nz/170)
- Screenshots:
- Threat Actors: Cyb3r Drag0nz
- Victim Country: Iraq
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
18. FANATIX LEGION targets multiple German websites
- Category: Defacement
- Content: The group claims to have defaced multiple German websites. mirror link: https://zone-xsec.com/search/q=Bnzet
- Date: 2025-10-02T11:58:04Z
- Network: telegram
- Published URL: (https://t.me/fanatixlegionv/6)
- Screenshots:
- Threat Actors: FANATIX LEGION
- Victim Country: Germany
- Victim Industry: Leisure & Travel
- Victim Organization: wim coppens
- Victim Site: beniontour.de
19. Gesimde, Ausil Systems and Esnova Racks falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes source code, projects, new applications under development, SQL databases, personal information of employees and clients, financial information of clients and other sensitive information. NB: According to the post, the stolen archive contains material linked to Esnova and Ausil as well, indicating possible exposure across all three organizations.
- Date: 2025-10-02T11:39:52Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/91/gesimde-asociados-ausil-systems-esnova)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Spain
- Victim Industry: Information Technology (IT) Services
- Victim Organization: gesimde
- Victim Site: gesimde.es
20. Alleged leak of Santander, BBVA, and Sabadell bank data
- Category: Data Breach
- Content: The threat actor claims to have leaked databases from major Spanish banks such as Santander, BBVA, and Sabadell. The compromised data allegedly contains approximately 40 million records.
- Date: 2025-10-02T11:25:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Santander-BBVA-and-Sabadell-bank-DB-leak-avilable-on-private-channel-2025-9-21-40mill)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Spain
- Victim Industry: Financial Services
- Victim Organization: santander
- Victim Site: bbva.com
21. Gesimde falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes source code, projects, new applications under development, SQL databases, personal information of employees and clients, financial information of clients and other sensitive information.
- Date: 2025-10-02T11:22:38Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/91/gesimde-asociados-ausil-systems-esnova)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Spain
- Victim Industry: Information Technology (IT) Services
- Victim Organization: gesimde
- Victim Site: gesimde.es
22. Alleged data breach of DepEd – Cordillera Administrative Region
- Category: Data Breach
- Content: The threat actor claims to have leaked data from the DepEd – Cordillera Administrative Region, exfiltrating over 6 million records from 42 databases. The stolen data allegedly includes 1,951 CSV files containing personally identifiable information (PII) and sensitive personal data of employees, students, and government personnel. The actor also claims to have defaced multiple DepEd CAR subdomains and leaked a 318MB database dump via a public file-sharing platform.
- Date: 2025-10-02T10:22:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-PHILIPPINES-DEPED-CAR-FULL-DABASE-LEAK-OVER-6-MILLION-RECORDS)
- Screenshots:
- Threat Actors: Quantum_Security_Group
- Victim Country: Philippines
- Victim Industry: Education
- Victim Organization: deped – cordillera administrative region
- Victim Site: m.depedcar.ph
23. Alleged data leak of Ukrainian citizens, companies, and army database
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing sensitive information on Ukrainian citizens, companies, and the army. The archive is being shared via a private Telegram channel, with access offered upon request.
- Date: 2025-10-02T10:20:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Ucranian-Citizens-companies-and-army-DB-avilable-on-private-channel-2025-9)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Ukraine
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
24. Alleged data leak of Moroccan citizens database
- Category: Data Breach
- Content: The threat actor claims to have leaked a Moroccan database containing 10 million records, totalling 7.8 GB of data, on a private channel. According to the post, the data archive is being shared via Telegram, with full access offered upon request.
- Date: 2025-10-02T10:19:33Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Morroco-DB-leak-avilable-on-private-channel-2025-9-25-10-million-rows-7-8GB)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Morocco
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
25. Alleged data breach of OrderZ
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from OrderZ, allegedly including name, user ID, domain, role, email, and more.
- Date: 2025-10-02T10:11:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-OrderZ-Database-Download)
- Screenshots:
- Threat Actors: DeltaForceUnit
- Victim Country: India
- Victim Industry: E-commerce & Online Stores
- Victim Organization: orderz
- Victim Site: orderz.app
26. Alleged data leak of Corolis
- Category: Data Breach
- Content: The threat actor claims to have leaked 1.2 GB of data from Corolis. NB: The authenticity of the leak has not been verified.
- Date: 2025-10-02T09:18:10Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Corolis-DB-leak-2025-9-20-3-4million-rows-1-2GB–52816)
- Screenshots:
- Threat Actors: yees027
- Victim Country: France
- Victim Industry: Transportation & Logistics
- Victim Organization: corolis
- Victim Site: corolis.fr
27. Alleged data leak of BMW AG
- Category: Data Breach
- Content: The threat actor claims to have leaked 3.5 GB of data from BMW AG. NB: The authenticity of the leak has not been verified.
- Date: 2025-10-02T09:11:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-BMW-db-leak-fresh-extracted-2025-8-24-3million-rows-3-5GB–52799)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Germany
- Victim Industry: Automotive
- Victim Organization: bmw ag
- Victim Site: bmw.com
28. Alleged data leak of Mercedes-Benz AG
- Category: Data Breach
- Content: The threat actor claims to have leaked 5.4 GB of data from Mercedes-Benz AG. NB: The authenticity of the leak has not been verified.
- Date: 2025-10-02T09:04:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Mercedes-fresh-extracted-db-leak-2025-9-15-12-3-mill-rows-5-4GB–52800)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Germany
- Victim Industry: Automotive
- Victim Organization: mercedes-benz ag
- Victim Site: mercedes-benz.com
29. Alleged data breach of Inditex
- Category: Data Breach
- Content: The threat actor claims to have leaked 104 GB of data from Inditex. NB: The authenticity of the leak has not been verified.
- Date: 2025-10-02T08:54:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Inditex-DB-avilableok-provate-channel-2025-9-29-203-1-million-rows-104GB–52796)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: Spain
- Victim Industry: Retail Industry
- Victim Organization: inditex
- Victim Site: inditex.com
30. Alleged data leak of OpenAI
- Category: Data Breach
- Content: The threat actor claims to have leaked 19 GB of data from OpenAI.
- Date: 2025-10-02T08:42:36Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-OpenAi-DB-leak-avilabke-on-private-channel-2025-9-30-34million-rows-19GB)
- Screenshots:
- Threat Actors: Leakuniv
- Victim Country: USA
- Victim Industry: Research Industry
- Victim Organization: openai
- Victim Site: openai.com
31. Alleged data breach of deSEC e.V.
- Category: Data Breach
- Content: The threat actor claims to have leaked data from desec e.v. The compromised data includes companies that had their source code stolen, such as icann grant program, nlnet foundation, ripe ncc in the european union, dns4eu, nextcloud, systemsecurity.com, and sav.com.
- Date: 2025-10-02T07:44:28Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-JavaManiac-Desec-io-Data-Leaked-Download)
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Germany
- Victim Industry: Information Technology (IT) Services
- Victim Organization: desec e.v.
- Victim Site: desec.io
32. Alleged sale of B2B USA finance professional leads data
- Category: Data Breach
- Content: The threat actor claims to be selling B2B USA finance professional leads data, including 25K verified records such as names, titles, business emails, company names, website URLs, industry, and location.
- Date: 2025-10-02T06:51:42Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-SELLING-25K-USA-Finance-Professionals-B2B-Leads)
- Screenshots:
- Threat Actors: neelki
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
33. Alleged data leak of Malaysian Navy
- Category: Data Breach
- Content: The threat actor claims to have leaked a classified database from the Malaysian Navy, offering access to modern sensitive military documents.
- Date: 2025-10-02T06:33:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%91%BD-Malaysian-Navy-Classified-Documents-%F0%9F%91%BD)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
34. Alleged leak of Cephas Installer 1.0
- Category: Malware
- Content: Threat actor claims to have leaked Cephas Installer 1.0, a malicious backdoored Debian installer package that contains an embedded installer script which establishes persistent remote access, reports status to a Telegram bot, and can download and install additional components potentially enabling unauthorized remote control, data exfiltration, and lateral movement on compromised Linux systems.
- Date: 2025-10-02T06:05:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-PRIV8TOOL-SPY-HIS-SUBCRIBER)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/f8f8b645-e682-4646-9f82-554307b09d84.png
- https://d34iuop8pidsy8.cloudfront.net/fa921ad1-3c7f-4c81-8f32-43ca5b009ee8.png
- https://d34iuop8pidsy8.cloudfront.net/820239a0-3664-4456-9f99-f662dd5632db.png
- https://d34iuop8pidsy8.cloudfront.net/0e1d887f-5387-4d6c-8ee6-81016d8895a3.png
- https://d34iuop8pidsy8.cloudfront.net/239cc109-100e-4d6d-bbeb-024ab0e73080.png
- https://d34iuop8pidsy8.cloudfront.net/6018bd6f-9d4d-462a-ac13-25a1c9aedabd.png
- Threat Actors: HxGRD
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
35. Sarcoma ransomware group has added an unidentified victim
- Category: Ransomware
- Content: The group claims to have obtained 440 GB of organization’s data and plans to publish it within the next 6-7 days.
- Date: 2025-10-02T06:01:12Z
- Network: tor
- Published URL: (http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/)
- Screenshots:
- Threat Actors: Sarcoma
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
36. Alleged leak of admin credentials of SD ISLAM TAHFIDZ QUR’AN AL FA-JR
- Category: Initial Access
- Content: The threat actor claims to have compromised the login panel of SD ISLAM TAHFIDZ QUR’AN AL FA-JR, leaking administrator login credentials including the admin username and password
- Date: 2025-10-02T06:00:22Z
- Network: telegram
- Published URL: (https://t.me/c/2622575053/97)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: sd islam tahfidz qur’an al fa-jr
- Victim Site: sditalfajr.com
37. Alleged sale of unauthorized access to Cisco ThousandEyes
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized access to a corporate Cisco ThousandEyes platform, including remote desktop access, administrative console rights, and active API tokens.
- Date: 2025-10-02T05:21:48Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/selling-full-access-thousandeyes-corporate-rdp-api-tokens-lw214fvjuw28)
- Screenshots:
- Threat Actors: rider
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: cisco thousandeyes
- Victim Site: thousandeyes.com
38. Alleged sale of WinRAR RCE exploit CVE-2025-8088
- Category: Vulnerability
- Content: The threat actor claims to be selling information about CVE-2025-8088, a critical path traversal vulnerability in WinRAR. This flaw allows attackers to craft malicious RAR archives that bypass extraction paths, potentially leading to remote code execution on affected systems.
- Date: 2025-10-02T04:44:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-CVE-2025-8088-Path-traversal-vulnerability-in-WinRAR-that-could-lead-to-remote-codehttps://darkforums.st/Thread-Document-CVE-2025-8088-Path-traversal-vulnerability-in-WinRAR-that-could-lead-to-remote-code)
- Screenshots:
- Threat Actors: zvok1337
- Victim Country: Indonesia
- Victim Industry: Software Development
- Victim Organization: winrar
- Victim Site: win-rar.com
39. Drain-All Ltd. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 152 GB of the organization data and intends to publish it within 1-2 days.
- Date: 2025-10-02T04:07:39Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd88ea88b6823fa246658b)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Canada
- Victim Industry: Environmental Services
- Victim Organization: drain-all ltd.
- Victim Site: drain-allltd.com
40. Alleged sale of WP admin access to an unidentified organization in USA
- Category: Initial Access
- Content: Threat actor is offering to sell unauthorized access to the WordPress admin panel of USA Shop.
- Date: 2025-10-02T04:00:05Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267399/)
- Screenshots:
- Threat Actors: corptoday
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
41. Jaraflex Energiesysteme falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 470 GB of the organization data and intends to publish it within 6-7 days.
- Date: 2025-10-02T03:55:22Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd8baa88b6823fa24671d1)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Austria
- Victim Industry: Wholesale
- Victim Organization: jaraflex energiesysteme
- Victim Site: jaraflex.at
42. Integrity Wealth Consulting falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 15 GB of organization’s sensitive data including financial records.
- Date: 2025-10-02T03:49:45Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd9ed888b6823fa246c356)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: integrity wealth consulting
- Victim Site: iwcnow.com
43. Marsee Baking falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 30 GB of organization’s sensitive data including financial files, employee HR records, and contractual records.
- Date: 2025-10-02T03:45:38Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd8ef888b6823fa2467c5a)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Food & Beverages
- Victim Organization: marsee baking
- Victim Site: marseebaking.com
44. LASER AUTOMOTIVE VALENCIA SL falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 65 GB of organization’s sensitive data including financial records and customer information.
- Date: 2025-10-02T03:44:22Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd9f7f88b6823fa246c49d)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Spain
- Victim Industry: Automotive
- Victim Organization: laser automotive valencia sl
- Victim Site: laserautomotive.com
45. Spectrum Painting NYC falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 420 GB of organization’s sensitive data including financial documents, contractual records, and customer information
- Date: 2025-10-02T03:35:48Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd8fab88b6823fa2467eea)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: spectrum painting nyc
- Victim Site: spectrumpaintingnyc.com
46. Prince William Ice Center falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 91 GB of organization’s sensitive data including financial records and customer information
- Date: 2025-10-02T03:17:46Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd90bf88b6823fa2468478)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Recreational Facilities & Services
- Victim Organization: prince william ice center
- Victim Site: innovativesportsva.com
47. John Muir Charter Schools falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 280 GB of the organization data and intend to publish it within 4-5 days.
- Date: 2025-10-02T03:10:09Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd8e3b88b6823fa2467a2c)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: john muir charter schools
- Victim Site: johnmuircs.com
48. Lugand Aciers falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained data from the organization.
- Date: 2025-10-02T03:06:55Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd9e0b88b6823fa246bec2)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: France
- Victim Industry: Energy & Utilities
- Victim Organization: lugand aciers
- Victim Site: lugand-aciers.fr
49. Muller Inc. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 460 GB of the organization data and intends to publish it within 9-10 days.
- Date: 2025-10-02T03:05:50Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd8d6388b6823fa24676e8)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Food & Beverages
- Victim Organization: muller inc.
- Victim Site: mullerbev.com
50. AT Solution falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 250GB of the organization’s data
- Date: 2025-10-02T03:01:24Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd995b88b6823fa246ab46)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: China
- Victim Industry: Financial Services
- Victim Organization: at solution
- Victim Site: atsolution.com.hk
51. Judson Center falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data.
- Date: 2025-10-02T02:55:59Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd964288b6823fa2469d3f)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: judson center
- Victim Site: judsoncenter.org
52. Immaculate Heart of Mary falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 70 GB of the organization data.
- Date: 2025-10-02T02:52:51Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd97df88b6823fa246a64c)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Religious Institutions
- Victim Organization: immaculate heart of mary
- Victim Site: ihm-brooklyn.org
53. American Association on Health and Disability (AAHD) falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 80 GB of organization’s sensitive data including customer information, internal incident reports, and sensitive HR records.
- Date: 2025-10-02T02:50:21Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd91d088b6823fa2468883)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: american association on health and disability (aahd)
- Victim Site: aahd.us
54. Johnson Regional Medical Center falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 440 GB of the organization’s data and intends to publish it within 9-10 days.
- Date: 2025-10-02T02:43:51Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd987288b6823fa246a84c)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: johnson regional medical center
- Victim Site: jrmc.com
55. Alleged data sale of Progressive Leasing
- Category: Data Breach
- Content: A threat actor claims to be selling 18 TB of internal data from Progressive Leasing, including 40M customer records with SSNs, DOBs, banking info, and source code. The breach allegedly impacts customers of retail partners such as Best Buy, Samsung, Wayfair, Overstock, Kay Jewelers, Big Lots, and Cricket Wireless.
- Date: 2025-10-02T02:34:53Z
- Network: telegram
- Published URL: (https://t.me/rubiconh4ckss/96)
- Screenshots:
- Threat Actors: Rubicon
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: progressive leasing
- Victim Site: progleasing.com
56. Karat® by Lollicup™ falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 500 GB of organization’s data including confidential internal documents, financial data, customer’s data, and contracts. They intend to publish it within 9-10 days.
- Date: 2025-10-02T02:18:39Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68dd972f88b6823fa246a2d6)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Food & Beverages
- Victim Organization: karat® by lollicup™
- Victim Site: karatpackaging.com
57. Alleged data leak of Indonesian people’s data
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of 1,500 random Indonesian people data, includes personal details such as full names, gender, dates of birth, national ID numbers, phone numbers, class information, and activity logs.
- Date: 2025-10-02T01:35:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-1-500-RANDOM-INDONESIA-PEOPLE-DATA)
- Screenshots:
- Threat Actors: M4UL1337
- Victim Country: Indonesia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
58. Alleged leak of gmail accounts from Argentina
- Category: Data Breach
- Content: Threat actor claims to have leaked gmail accounts from Argentina.
- Date: 2025-10-02T01:03:38Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-COM-AR-GMAILS)
- Screenshots:
- Threat Actors: CataLeyaPRE
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
59. Alleged data leak of government logins
- Category: Data Breach
- Content: Threat actor claims to have leaked government logins.
- Date: 2025-10-02T00:59:25Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-GOV-AND-GOB-LOGINS)
- Screenshots:
- Threat Actors: CataLeyaPRE
- Victim Country: Unknown
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and ransomware attacks are prominent, affecting various sectors from Healthcare and Financial Services to Government Administration and E-commerce, and impacting countries including the USA, Spain, France, India, and Indonesia.
The compromised data is extensive, ranging from patient records and financial information (including SSNs and banking details) to customer records, source code, and classified military documents.
Beyond data compromise, the report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to a Silicon Valley supply chain platform, Cisco ThousandEyes, and various e-commerce sites. The sale of malware, including a backdoored Debian installer, and information on a critical WinRAR vulnerability further underscores the availability of offensive capabilities in the cyber underground.
The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.
