This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged data sale of Wekiwi
- Category: Data Breach
- Content: Threat actor claims to be selling leaked customers and employee data from Wekiwi, Spain. The compromised data reportedly conatins 320,000 records including full name, address, postal code, city, date of birth, phone number, iban, and national ID.
- Date: 2025-10-23T22:05:43Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Spain-wekiwi-es)
- Screenshots:
- Threat Actors: pls
- Victim Country: Spain
- Victim Industry: Energy & Utilities
- Victim Organization: wekiwi
- Victim Site: wekiwi.es
- Alleged sale of admin-panel access to UK e-commerce site
- Category: Initial Access
- Content: The threat actor claims to be selling admin panel access for a self-built e-commerce site hosted in the United Kingdom.
- Date: 2025-10-23T21:45:06Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268828/)
- Screenshots:
- Threat Actors: CMPunk
- Victim Country: UK
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Institute of Real Estate Management (IREM®) falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T21:15:23Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=bf2175ec-9878-36de-92ac-d98b5991bc3c)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Real Estate
- Victim Organization: institute of real estate management (irem®)
- Victim Site: irem.org
- HEZI RASH targets the website of Tecpack Solutions
- Category: Defacement
- Content: The group claims to have deface the website of Tecpack Solutions.
- Date: 2025-10-23T21:14:43Z
- Network: telegram
- Published URL: (https://t.me/hezi_rash/133)
- Screenshots:
- Threat Actors: HEZI RASH
- Victim Country: China
- Victim Industry: Manufacturing
- Victim Organization: tecpack solutions
- Victim Site: tecpacksolutions.com
- OCI International Holdings Limited falls victim to RansomHouse Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T20:58:14Z
- Network: tor
- Published URL: (http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/dcdb1b1cd88437db9b96d85ab83e95241e3ab009)
- Screenshots:
- Threat Actors: RansomHouse
- Victim Country: China
- Victim Industry: Financial Services
- Victim Organization: oci international holdings limited
- Victim Site: oci-intl.com
- Alleged data sale of International Social Survey Programme
- Category: Data Breach
- Content: Threat actor has claimed to be selling leaked personal data from the International Social Survey Programme (ISSP). The compromised dataset reportedly contains 7,296,176 records from multiple countries, including the United States, United Kingdom, and Australia. The exposed information allegedly includes names, phone numbers, addresses, email addresses, etc..
- Date: 2025-10-23T20:45:00Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-issp-org-7-296-176-personal-data-UK-USA-AU-etc)
- Screenshots:
- Threat Actors: Sorb
- Victim Country: Switzerland
- Victim Industry: Research Industry
- Victim Organization: international social survey programme
- Victim Site: issp.org
- Kurogane Kasei Co. falls victim to RansomHouse Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T19:53:05Z
- Network: tor
- Published URL: (http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/30060efc59f61cff0830b97ac69e3596e589cddd)
- Screenshots:
- Threat Actors: RansomHouse
- Victim Country: Japan
- Victim Industry: Chemical Manufacturing
- Victim Organization: kurogane kasei co.
- Victim Site: kuroganekasei.com
- UniCursos falls victim to TENGU Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes enrollment records, student files, financial transactions, tutor contracts, exam strategies, etc.
- Date: 2025-10-23T19:35:12Z
- Network: tor
- Published URL: (http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/15f2b93e929d7acc1e24dfd6b25ab9f5c7144e70d305869c0d3685e63525bf40/)
- Screenshots:
- Threat Actors: TENGU
- Victim Country: Brazil
- Victim Industry: Education
- Victim Organization: unicursos
- Victim Site: Unknown
- Alleged data breach of Cocamar Cooperativa Agroindustrial
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Cocamar Cooperativa Agroindustrial. The compromised data reportedly contains over 45,000 records that includes name, email, phone number, etc.
- Date: 2025-10-23T19:12:58Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268819/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Brazil
- Victim Industry: Food & Beverages
- Victim Organization: cocamar cooperativa agroindustrial
- Victim Site: cocamar.com.br
- Gericke Group falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300 GB of the organization’s data.
- Date: 2025-10-23T19:04:03Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=10396695-a081-3d49-a8ca-d45e35688e34.png)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Switzerland
- Victim Industry: Machinery Manufacturing
- Victim Organization: gericke group
- Victim Site: gerickegroup.com
- SFOOD Inc. falls victim to RansomHouse Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T18:23:23Z
- Network: tor
- Published URL: (http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/8ce15faf3c8a67bae2dacc110f05aaa0359175ad)
- Screenshots:
- Threat Actors: RansomHouse
- Victim Country: South Korea
- Victim Industry: Food & Beverages
- Victim Organization: sfood inc.
- Victim Site: s-food.co.kr
- Pharaoh’s Team targets multiple subdomains of Hostinger
- Category: Defacement
- Content: The group claims to have deface multiple subdomains of Hostinger.
- Date: 2025-10-23T17:08:53Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/212)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Lithuania
- Victim Industry: Information Technology (IT) Services
- Victim Organization: hostinger
- Victim Site: hostingersite.com
- ozsoft.com.au falls victim to LYNX Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T17:06:47Z
- Network: tor
- Published URL: (http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks/68f89a502423bc3ce0cc181b)
- Screenshots:
- Threat Actors: LYNX
- Victim Country: Australia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: ozsoft.com.au
- Victim Site: ozsoft.com.au
- Alleged sale of unauthorized access to Fortinet systems (200 instances)
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to 200 Fortinet systems.
- Date: 2025-10-23T16:43:58Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268808/)
- Screenshots:
- Threat Actors: anna_s
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of unauthorized access to Fortinet systems (300 instances)
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to 300 Fortinet systems
- Date: 2025-10-23T16:36:12Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268805/)
- Screenshots:
- Threat Actors: anna_s
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Pharaoh’s Team targets the website fgcsrl-containers.it
- Category: Defacement
- Content: The group claims to have deface the website fgcsrl-containers.it.
- Date: 2025-10-23T15:46:49Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/212)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: fgcsrl-containers.it
- STAR LÉGUMES falls victim to TENGU Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data. Sample screenshots were provided on their dark web portal.
- Date: 2025-10-23T15:40:37Z
- Network: tor
- Published URL: (http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/0f09749244704dd7eda6e563ddd286eb4bd7ab0138dfefbc93a237c6179c0b21/)
- Screenshots:
- Threat Actors: TENGU
- Victim Country: Morocco
- Victim Industry: Wholesale
- Victim Organization: star légumes
- Victim Site: Unknown
- Pharaoh’s Team targets the website feriascasa.com
- Category: Defacement
- Content: The group claims to have deface the website feriascasa.com.
- Date: 2025-10-23T15:39:18Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/212)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: feriascasa.com
- Pharaoh’s Team targets the website e-versicherungsb-ank.de
- Category: Defacement
- Content: The group claims to have deface the website e-versicherungsb-ank.de
- Date: 2025-10-23T15:34:14Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/212)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Germany
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: e-versicherungsb-ank.de
- Alleged data breach of Assemblée Nationale
- Category: Data Breach
- Content: The threat actor claims to be selling data and access to Assemblée Nationale. The compromised data includes name, email, department, etc.
- Date: 2025-10-23T15:23:23Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/assemblee-nationale-fr-breach.44788/)
- Screenshots:
- Threat Actors: djuu
- Victim Country: France
- Victim Industry: Government Administration
- Victim Organization: assemblée nationale
- Victim Site: assemblee-nationale.fr
- Pharaoh’s Team targets the website of Sellora
- Category: Defacement
- Content: The group claims to have defaced multiple subdomains of Sellora, Nigeria.
- Date: 2025-10-23T15:12:52Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/213)
- Screenshots:
- Threat Actors: Pharaoh’s Team
- Victim Country: Nigeria
- Victim Industry: E-commerce & Online Stores
- Victim Organization: sellora
- Victim Site: sellora.ng
- Qatargas and Tar Company falls victim to TENGU Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data. Sample screenshots were provided on their dark web portal.
- Date: 2025-10-23T14:56:39Z
- Network: tor
- Published URL: (http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/9169dd48cabbf3e397e0a7a8e857dcab66598b3c22984607080f4a13b77b51e9/)
- Screenshots:
- Threat Actors: TENGU
- Victim Country: Iran
- Victim Industry: Manufacturing & Industrial Products
- Victim Organization: qatargas and tar company
- Victim Site: Unknown
- Alleged leak of Paypal accounts of USA
- Category: Data Breach
- Content: The threat actor claim to have selling the paypal accounts, email ,owner’s full name, Ebay accounts and Various shops mails.
- Date: 2025-10-23T14:40:40Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268787/)
- Screenshots:
- Threat Actors: fattonyw
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: paypal holdings, inc
- Victim Site: paypal.com
- Oscar Manresa Group falls victim to TENGU Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data. Sample screenshots were provided on their dark web portal.
- Date: 2025-10-23T14:38:28Z
- Network: tor
- Published URL: (http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/4821b80070a6e4cec911a0f632e4702e30d7342375f19a0ad50809abd1ebc631/)
- Screenshots:
- Threat Actors: TENGU
- Victim Country: Spain
- Victim Industry: Restaurants
- Victim Organization: oscar manresa group
- Victim Site: oscarmanresa.com
- Alleged leak of login access to Diebold Thailand Co., Ltd
- Category: Initial Access
- Content: The group claims to have leaked access to Diebold Thailand Co., Ltd.
- Date: 2025-10-23T14:24:43Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2908)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Information Services
- Victim Organization: diebold thailand co., ltd
- Victim Site: diebold.co.th
- Al Rimal Foodstuff Industries FZC falls victim to TENGU Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 21 GB of organization’s data. Sample screenshots were provided on their dark web portal.
- Date: 2025-10-23T14:15:09Z
- Network: tor
- Published URL: (http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/3483b78af6ee44881238e7fc60509b54c0e83edce7687f606c2682e60ab9b981/)
- Screenshots:
- Threat Actors: TENGU
- Victim Country: UAE
- Victim Industry: Food & Beverages
- Victim Organization: al rimal foodstuff industries fzc
- Victim Site: alrimalgroup.com
- Alleged leak of login access to Faculty of Science and Digital Innovation, Thaksin University
- Category: Initial Access
- Content: The group claims to have leaked access to Faculty of Science and Digital Innovation, Thaksin University.
- Date: 2025-10-23T14:09:17Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2910)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: faculty of science and digital innovation, thaksin university
- Victim Site: scidi.tsu.ac.th
- Alleged leak of login access to Thai-German Institute
- Category: Initial Access
- Content: The group claims to have leaked access to Thai-German Institute.
- Date: 2025-10-23T13:30:33Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2909)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Professional Training
- Victim Organization: thai-german institute
- Victim Site: tgi.or.th
- Alleged data leak of Gavriel Machal an unidentified Israeli law firm
- Category: Data Breach
- Content: The threat actor claims to have leaked over 40GB of data from Gavriel Machal, an unidentified Israeli law firm. The leak allegedly includes over 2,000 customer records, legal documents, contracts, and thousands of database records.
- Date: 2025-10-23T13:02:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Gavriel-Machal-Israeli-Law-Firm)
- Screenshots:
- Threat Actors: CyberToufan02
- Victim Country: Israel
- Victim Industry: Law Practice & Law Firms
- Victim Organization: Unknown
- Victim Site: Unknown
- Paterson & Dowding Family Lawyers falls victim to Anubis Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T12:31:09Z
- Network: tor
- Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/ylT8ETgghDfrKnFidvOIC8Dcnm76+F5nIGlsZGTf2BeWIbycjfJkEBwWBw+dlRjRBm7RYKG6ChGMH2PMSPMOKXh1Z0Jtdlo3)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/241149bb-9910-4c69-b9db-29a725ba8b38.png
- https://d34iuop8pidsy8.cloudfront.net/4d30aa84-9cb0-4600-8977-38184347ad7a.png
- https://d34iuop8pidsy8.cloudfront.net/6698c191-10e4-4314-8830-ccd5378d3dbd.png
- https://d34iuop8pidsy8.cloudfront.net/30335d04-9287-4059-b1d3-bdd67ce6f358.png
- https://d34iuop8pidsy8.cloudfront.net/d0cfc1eb-5179-4dba-9234-fdcbf0163103.png
- https://d34iuop8pidsy8.cloudfront.net/13375797-e593-48e6-bf34-ec2807b979ef.png
- https://d34iuop8pidsy8.cloudfront.net/c1b73f9a-b9bb-43ba-abed-406198de419.png
- https://d34iuop8pidsy8.cloudfront.net/87fa3c9d-42f2-49de-91f6-152ddae3ce5f.png
- Threat Actors: ANUBIS
- Victim Country: Australia
- Victim Industry: Law Practice & Law Firms
- Victim Organization: paterson & dowding family lawyers
- Victim Site: patersondowding.com.au
- Goodfellow & Schuettlaw falls victim to Anubis Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-23T12:30:51Z
- Network: tor
- Published URL: (http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/aWp0hFQIqkWMJCRmweY8S3cP+m7DVeEdxxWO0HDPxZAC1rOAHXNTTgmprW0oQOEcN4LcXZZu5JpnN4xJY7xEEJvZWdkelQz)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/7d4ac497-692c-4d6c-8d74-76735cd2c5ab.png
- https://d34iuop8pidsy8.cloudfront.net/4962c582-6c0e-41bf-b8ed-2eb248157f7a.png
- https://d34iuop8pidsy8.cloudfront.net/ad37a83b-4b77-4f5b-ada1-e3f78731b2a9.png
- https://d34iuop8pidsy8.cloudfront.net/013b1094-0bd4-480a-902e-449cd1241bd9.png
- https://d34iuop8pidsy8.cloudfront.net/87c0c36b-8eed-4c64-a340-4ddc6e241297.png
- https://d34iuop8pidsy8.cloudfront.net/f0bf1d06-c3f4-4f5c-b5e7-fd9cdad5324f.png
- https://d34iuop8pidsy8.cloudfront.net/1c301362-c98f-4f7b-b70c-ebb4fe562f92.png
- https://d34iuop8pidsy8.cloudfront.net/dd3d2448-6a4d-47fd-8182-ec33d49ac91a.png
- https://d34iuop8pidsy8.cloudfront.net/174f1653-47cf-40c4-80c-dc78b96e1a42.png
- https://d34iuop8pidsy8.cloudfront.net/4f1d2b9a-2969-499f-b4f4-2fd9c9d81289.png
- Threat Actors: ANUBIS
- Victim Country: Canada
- Victim Industry: Law Practice & Law Firms
- Victim Organization: goodfellow & schuettlaw
- Victim Site: gfslaw.ca
- Alleged sale of Screen Connnect Alternative Remote Tool
- Category: Malware
- Content: The threat actor claims to be selling Screen Connnect Alternative Remote Tool, this malicious tool that can secretly control computers, extract sensitive information, and bypass security protections, this software could be used for cyberattacks, ransomware campaigns, or spying on networks.
- Date: 2025-10-23T12:11:03Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268771/)
- Screenshots:
- Threat Actors: SICKOTRUSTED-URL
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Google ads credit in UK
- Category: Data Breach
- Content: Threat actor claims to be selling Google ads credit in UK.
- Date: 2025-10-23T11:51:55Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268783/)
- Screenshots:
- Threat Actors: expcl
- Victim Country: UK
- Victim Industry: Information Technology (IT) Services
- Victim Organization: google.co.uk
- Victim Site: google.co.uk
- Alleged leak of login access to Graduate Employment System of Rajamangala University of Technology Lanna
- Category: Initial Access
- Content: The group claims to have leaked access to Graduate Employment System of Rajamangala University of Technology Lanna.
- Date: 2025-10-23T09:58:10Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2906)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: graduate employment system of rajamangala university of technology lanna
- Victim Site: rmutl.ac.th
- Alleged leak of login access to Payme
- Category: Initial Access
- Content: The group claims to have leaked access to Payme.
- Date: 2025-10-23T09:12:19Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2904)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Financial Services
- Victim Organization: payme
- Victim Site: payme.in.th
- Alleged leak of login access to NavTECH Co.,Ltd
- Category: Initial Access
- Content: The group claims to have leaked access to NavTECH Co.,Ltd.
- Date: 2025-10-23T09:11:58Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2905)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Thailand
- Victim Industry: Information Technology (IT) Services
- Victim Organization: navtech co.,ltd
- Victim Site: navtech.in.th
- Alleged data breach of Warbirds Ukraine
- Category: Data Breach
- Content: The group claims to have leaked data from Warbirds Ukraine.
- Date: 2025-10-23T08:24:50Z
- Network: telegram
- Published URL: (https://t.me/WeAreKillnet_Channel/424)
- Screenshots:
- Threat Actors: WE ARE KILLNET
- Victim Country: Ukraine
- Victim Industry: Aviation & Aerospace
- Victim Organization: warbirds ukraine
- Victim Site: warbirds.com.ua
- The Laxmi Niwas Palace falls victim to Nova Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 29 GB of the organization’s data and intends to publish them within 11-12 days.
- Date: 2025-10-23T07:28:14Z
- Network: tor
- Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
- Screenshots:
- Threat Actors: Nova
- Victim Country: India
- Victim Industry: Hospitality & Tourism
- Victim Organization: the laxmi niwas palace
- Victim Site: laxminiwaspalace.com
- Alleged data breach of CityPlantes
- Category: Data Breach
- Content: A threat actor has leaked a database allegedly belonging to CityPlantes. The exposed data reportedly includes customer details such as names, addresses, postal codes, cities, phone numbers, and company information in CSV format.
- Date: 2025-10-23T06:18:32Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-DATABASE-Database-Francia-cityplantes-com-Free)
- Screenshots:
- Threat Actors: camillaDF
- Victim Country: France
- Victim Industry: Retail Industry
- Victim Organization: cityplantes
- Victim Site: cityplantes.com
- ACTi Corporation falls victim to EMBARGO Ransomware
- Category: Ransomware
- Content: The group claims to have obtained more than 1.5 TB of organization’s internal data and intends to publish it within 18 days.
- Date: 2025-10-23T06:04:13Z
- Network: tor
- Published URL: (http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/#/post/7e0fe038-1185-4f6e-9a51-e43e56889e20)
- Screenshots:
- Threat Actors: EMBARGO
- Victim Country: Taiwan
- Victim Industry: Security & Investigations
- Victim Organization: acti corporation
- Victim Site: acti.com
- NOTRASEC TEAM targets the website dokkan.agency
- Category: Defacement
- Content: The group claims to have deface the website of dokkan.agency
- Date: 2025-10-23T05:57:28Z
- Network: telegram
- Published URL: (https://t.me/c/2761195311/6400)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of login access to dokkan.agency
- Category: Initial Access
- Content: The group claims to have leaked access to dokkan.agency
- Date: 2025-10-23T05:53:24Z
- Network: telegram
- Published URL: (https://t.me/c/2761195311/6399)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of iWeaver Pte. Ltd
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from iWeaver.ai, an AI assistant platform that hosts several chatbots including one using GPT-5. The leak allegedly includes 128,000+ user records with emails, IPs, names, and profile images, as well as over 1 million chat messages and 161,800 uploaded file links.
- Date: 2025-10-23T04:20:58Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-ChatGpt-Alternative-iWeaver-ai-All-User-Data-Chatlogs-All-File-Upload-Links)
- Screenshots:
- Threat Actors: interference
- Victim Country: Singapore
- Victim Industry: Software
- Victim Organization: iweaver pte. ltd
- Victim Site: iweaver.ai
- Alleged sale of RDP access to an unidentified Cryptocurrency company in South Korea
- Category: Initial Access
- Content: Threat actor is selling full unauthorized access to a South Korean cryptocurrency company.Access via RDP to a core developer’s PC and main router (VPN).
- Date: 2025-10-23T04:04:46Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/268763/)
- Screenshots:
- Threat Actors: enname
- Victim Country: South Korea
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of banking files
- Category: Data Breach
- Content: The threat actor claims to have gained access to a computer in India, infected it with ransomware after the victim did not pay, and is now leaking banking-related files recovered from that machine.
- Date: 2025-10-23T03:56:07Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Ransomware-Bank-file-leak)
- Screenshots:
- Threat Actors: l33tfg
- Victim Country: India
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and Data Breaches are prominent, affecting various sectors across numerous countries, including Law Practice & Law Firms, E-commerce & Online Stores, and Information Technology Services in the USA, UK, China, and more. The compromised data ranges from sensitive customer records, financial information, to internal organizational data and intellectual property.
The report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to admin panels, Fortinet systems, and internal networks, notably across Thailand. Furthermore, the sale of Malware, such as a Screen Connect Alternative Remote Tool, underscores the readily available offensive capabilities in the cyber underground.
The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.
