This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- WarmBlue falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 15 GB of the organization’s data
- Date: 2025-10-28T22:29:08Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69013a0888b6823fa2fa33d0)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: warmblue
- Victim Site: Unknown
- Florida-Spectrum Environmental Services falls victim to Sinobi ransomware
- Category: Ransomware
- Content: The group claims to have obtained 500 GB of the organization’s data
- Date: 2025-10-28T22:21:31Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/69013d0188b6823fa2fa48a1)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Environmental Services
- Victim Organization: florida-spectrum environmental services
- Victim Site: flenviro.com
- Alleged sale of Spain database
- Category: Data Breach
- Content: The actor claims to be selling a fresh Spain database. The compromised data reportedly contains name, email, address, etc.
- Date: 2025-10-28T22:04:13Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/spain-database-fresh-2025-10.44972/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of financial data from China
- Category: Data Breach
- Content: Threat actor claims to be selling 128,000 records of leaked stock market financial data from China.
- Date: 2025-10-28T21:45:01Z
- Network: openweb
- Published URL: (https://bhf.pro/threads/715029/)
- Screenshots:
- Threat Actors: Barracuda555
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of admin credentials of SUB100 Sistemas
- Category: Initial Access
- Content: Threat actor claims to have leaked user admin credentials to efort subdomain of SUB100 Sistemas, Brazil.
- Date: 2025-10-28T21:30:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-efort-sistemasgl-com-br-user-admin-Access)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: Brazil
- Victim Industry: Software Development
- Victim Organization: sub100 sistemas
- Victim Site: efort.sistemasgl.com.br
- Alleged leak of admin credentials of Virtualpos
- Category: Initial Access
- Content: Threat actor claims to have leaked admin credentials of Virtualpos, Chile.
- Date: 2025-10-28T21:22:36Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-www-virtualpos-cl-admin-Access?pid=289718#pid289718)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: Chile
- Victim Industry: Financial Services
- Victim Organization: virtualpos
- Victim Site: virtualpos.cl
- Alleged leak of admin credentials of CPAGrip.com
- Category: Initial Access
- Content: Threat actor claims to have leaked admin credentials of CPAGrip.com, USA.
- Date: 2025-10-28T21:15:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-www-cpagrip-com-admin-Access?pid=289713#pid289713)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: cpagrip.com
- Victim Site: cpagrip.com
- Alleged leak of admin credentials of IEB Global
- Category: Initial Access
- Content: Threat actor claims to have leaked admin credentials of IEB Global, Argentina.
- Date: 2025-10-28T21:06:58Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-iebtranslationservices-com-admin-Access?pid=289677#pid289677)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: Argentina
- Victim Industry: Translation & Localization
- Victim Organization: ieb global
- Victim Site: iebtranslationservices.com
- Eligibility Tracking Calculators falls victim to BlackShrantac ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300 GB of the organization’s data.
- Date: 2025-10-28T20:56:51Z
- Network: tor
- Published URL: (http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/19)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/f3602b8b-9099-428f-8b8e-766193141046.png
- https://d34iuop8pidsy8.cloudfront.net/1b8e9fcf-f0be-4698-bc17-1e9a5c82cd69.png
- https://d34iuop8pidsy8.cloudfront.net/a23b2beb-a06e-42dc-b182-180aa4bde760.png
- https://d34iuop8pidsy8.cloudfront.net/c7443109-7690-44d1-80cd-2afcd866dbfe.png
- https://d34iuop8pidsy8.cloudfront.net/b48f5594-fb2d-401e-8340-effd2adee2e5.png
- Threat Actors: BlackShrantac
- Victim Country: USA
- Victim Industry: Human Resources
- Victim Organization: eligibility tracking calculators
- Victim Site: eligibilitytrackingcalculators.com
- Alleged leak of admin credentials to Radcore
- Category: Initial Access
- Content: Threat actor claims to have leaked admin credentials from Radcore, Brazil.
- Date: 2025-10-28T20:56:28Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-www-radcore-pro-br-Admin-Access)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: Brazil
- Victim Industry: Information Technology (IT) Services
- Victim Organization: radcore
- Victim Site: radcore.pro.br
- Heimbrock falls victim to GENESIS ransomware
- Category: Ransomware
- Content: The group claims to have obtained 350 GB of organization’s sensitive data including Personal data of employees of company clients, Contracts and NDA, Financial data, Email archives, Folders of network users, Management folders, Data exfiltrated from company file server.
- Date: 2025-10-28T20:38:17Z
- Network: tor
- Published URL: (http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/feb6c5c0b2acddc96ed8/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: heimbrock
- Victim Site: heimbrock.com
- Alleged gain of access to the FTP server of DREAM GLUTEN FREE S.R.L.
- Category: Initial Access
- Content: The group claims to have gained access to the FTP server of DREAM GLUTEN FREE S.R.L.
- Date: 2025-10-28T20:22:00Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/100)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Italy
- Victim Industry: Food Production
- Victim Organization: dream gluten free s.r.l.
- Victim Site: dreamglutenfree.it
- Alleged sale of Solana SPL Token Hijacker
- Category: Malware
- Content: Threat actor claims to be selling Solana SPL token hijacker, tested in Phantom wallet.
- Date: 2025-10-28T20:19:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-SOLANA-SPL-HIJACK)
- Screenshots:
- Threat Actors: gggsss
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- DEVMAN 2.0 ransomware group adds an unknown victim(rp**flwa*ps.com)
- Category: Ransomware
- Content: Group claims to have obtained organization’s data and plans to publish within 4-5 days.
- Date: 2025-10-28T20:18:33Z
- Network: tor
- Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Web Servers Remote Shell Tool
- Category: Malware
- Content: Threat actor claims to be selling terminal based web servers remote shell tool.
- Date: 2025-10-28T20:09:25Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Advanced-Web-Servers-Remote-Shell-Tool-GhostShell)
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Family Health West falls victim to DEVMAN 2.0 ransomware
- Category: Ransomware
- Content: Group claims to have obtained 120 GB of organization’s data and plans to publish within 4- days.
- Date: 2025-10-28T20:04:11Z
- Network: tor
- Published URL: (http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/)
- Screenshots:
- Threat Actors: DEVMAN 2.0
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: family health west
- Victim Site: fhw.org
- ALIOS FINANCE falls victim to INC RANSOM ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100GB of organization’s internal data.
- Date: 2025-10-28T19:58:09Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69010efde1a4e4b3ff83a7ad)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Tunisia
- Victim Industry: Financial Services
- Victim Organization: alios finance
- Victim Site: alios-finance.com
- Alleged leak of data on 50K million Canadian leads
- Category: Data Breach
- Content: The threat actor claims to have leaked from Canadian leads. The compromised data reportedly contains 50,000 records that includes name, state, zip code, email, phone number, etc.
- Date: 2025-10-28T19:55:33Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269150/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin access and card-payment redirect to unidentified online store in Spain
- Category: Initial Access
- Content: The threat actor claims to be selling admin access and card-payment redirect to unidentified online store in Spain.
- Date: 2025-10-28T19:40:13Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269153/)
- Screenshots:
- Threat Actors: Fancy.Bear
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged unauthorized access to U.S. fuel systems
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to U.S. fuel systems.
- Date: 2025-10-28T19:39:06Z
- Network: telegram
- Published URL: (https://t.me/Golden_falcon_team/549)
- Screenshots:
- Threat Actors: Golden falcon
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: u.s. fuel systems.
- Victim Site: Unknown
- Golden falcon claims to target USA
- Category: Alert
- Content: A recent post by the group indicates that they are targeting USA.
- Date: 2025-10-28T19:29:58Z
- Network: telegram
- Published URL: (https://t.me/Golden_falcon_team/548)
- Screenshots:
- Threat Actors: Golden falcon
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Gemini Group falls victim to RHYSIDA ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data
- Date: 2025-10-28T18:10:19Z
- Network: tor
- Published URL: (http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion/)
- Screenshots:
- Threat Actors: RHYSIDA
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: gemini group
- Victim Site: geminigroup.net
- Lorber, Greenfield & Polito, LLP falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data
- Date: 2025-10-28T17:51:32Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=55111e4f-140b-3d7c-b05d-f87847d03f02)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: lorber, greenfield & polito, llp
- Victim Site: lorberlaw.com
- Alleged data breach of Roche
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from Roche.
- Date: 2025-10-28T17:50:42Z
- Network: telegram
- Published URL: (https://t.me/rubiconhack/64)
- Screenshots:
- Threat Actors: Rubiconhack
- Victim Country: Switzerland
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: roche
- Victim Site: roche.com
- Alleged sale of unauthorized shell access to an unidentified online store
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized shell access to an unidentified online store in Sweden.
- Date: 2025-10-28T17:37:28Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269143/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: Sweden
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Henry Raymond & Thompson falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T17:35:59Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=JCoPQzunTXxvo)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: henry raymond & thompson
- Victim Site: hrmtcpas.com
- Evogence falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T17:35:21Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=VihjR1Jxhw3noh)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Computer Hardware
- Victim Organization: evogence
- Victim Site: evogence.com
- Alleged Sale of SK Telecom
- Category: Data Breach
- Content: Threat actor claims to be selling data from SK Telecom. The compromised data reportedly contains customer data, employee data, user database, etc.
- Date: 2025-10-28T17:26:41Z
- Network: telegram
- Published URL: (https://t.me/rubiconhack/58?single)
- Screenshots:
- Threat Actors: Rubiconhack
- Victim Country: South Korea
- Victim Industry: Network & Telecommunications
- Victim Organization: sk telecom
- Victim Site: sktelecom.com
- Super Quik falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T17:24:47Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=OGkBH66YYazHUo)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Oil & Gas
- Victim Organization: super quik
- Victim Site: superquik.net
- Fast Freight falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T17:23:48Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=sQNI0eyvobEgZy)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: Canada
- Victim Industry: Transportation & Logistics
- Victim Organization: fast freight
- Victim Site: fastfreightinc.com
- Aphase II inc. falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T17:16:52Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=gz4yK0IHDt7fPx)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: aphase ii inc.
- Victim Site: aphaseii.com
- Kitchen Design Concepts falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization data.
- Date: 2025-10-28T16:55:19Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=q83D2APplnNeV9)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Architecture & Planning
- Victim Organization: kitchen design concepts
- Victim Site: kitchendesignconcepts.com
- Alleged Sale of Israeli Nuclear Warhead Documents
- Category: Data Breach
- Content: Threat actor claims to be selling leaked Israeli nuclear warhead documents.
- Date: 2025-10-28T16:51:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%8E%83-TOP-SECRET-ISRAELI-NUCLEAR-WARHEAD-DOCUMENTS-LEAKED-%F0%9F%8E%83)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Israel
- Victim Industry: Defense & Space
- Victim Organization: Unknown
- Victim Site: Unknown
- Furniture Plus falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T16:50:03Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=DTWf917psq33q)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: furniture plus
- Victim Site: furnitureplus.com
- Ouranos falls victim to PLAY ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-28T16:47:43Z
- Network: tor
- Published URL: (http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=P9PouZvKNtBnNO)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: Canada
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: ouranos
- Victim Site: ouranos.ca
- HMEI7 targets the website of Shri Ram Charitable Trust
- Category: Defacement
- Content: The group claims to have defaced the website of Shri Ram Charitable Trust
- Date: 2025-10-28T16:23:11Z
- Network: telegram
- Published URL: (https://t.me/c/2412030007/1815)
- Screenshots:
- Threat Actors: HMEI7
- Victim Country: India
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: shri ram charitable trust
- Victim Site: shriramcharitabletrust.com
- Alleged sale of admin panel and shell access to an unidentified online store
- Category: Initial Access
- Content: The threat actor claims to selling admin panel and shell access to an unidentified online store in Spain/France.
- Date: 2025-10-28T15:44:22Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269130/)
- Screenshots:
- Threat Actors: sinus
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Boyer falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained more than 13 GB of the organization’s data. The compromised data includes Client information, detailed accounting and financials, w-9 forms with personal information, lots of agreements and other internal docs.
- Date: 2025-10-28T15:21:00Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: UK
- Victim Industry: Architecture & Planning
- Victim Organization: boyer
- Victim Site: boyerplanning.co.uk
- BK Technologies Inc. falls victim to Akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained more than 25 GB of the organization’s data. The compromised data includes Employees information (phones, emails, addresses, medical cards and so on) accounting and financials, lots of confidential agreements, military contracts, contracts with BOSCH and other companies, NDA, credit card information, payment details, etc.
- Date: 2025-10-28T14:56:04Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Network & Telecommunications
- Victim Organization: bk technologies inc.
- Victim Site: bktechnologies.com
- Alleged sale of unauthorized RDP accesses
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized RDP access to organizations across various countries sourced through brute-force methods.
- Date: 2025-10-28T14:49:12Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143991/)
- Screenshots:
- Threat Actors: C3FaRiR
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin access to Dolphin Travel Agency
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Dolphin Travel Agency
- Date: 2025-10-28T14:41:30Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: South Korea
- Victim Industry: Leisure & Travel
- Victim Organization: dolphin travel agency
- Victim Site: dolphintour.shop
- Microbix falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-28T14:29:08Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=807fd22a-ff12-3bf9-ac40-49a56295231e)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: Canada
- Victim Industry: Biotechnology
- Victim Organization: microbix
- Victim Site: microbix.com
- Alleged sale of admin access to EGSHOP
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to EGSHOP
- Date: 2025-10-28T14:16:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Bangladesh
- Victim Industry: E-commerce & Online Stores
- Victim Organization: egshop
- Victim Site: egshop.io
- CESO, INC. falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised information reportedly includes personal employees information such as passport scans, SSN lists, driver licenses, phones, emails, addresses, medical cards and so on), accounting and financials, confidential clients projects and other files, lots of NDA, credit card information, etc.
- Date: 2025-10-28T14:10:45Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Design
- Victim Organization: ceso, inc.
- Victim Site: cesoinc.com
- Alleged sale of admin access to Abir Shop
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Abir Shop
- Date: 2025-10-28T14:08:56Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Bangladesh
- Victim Industry: E-commerce & Online Stores
- Victim Organization: abir shop
- Victim Site: abirshop.com
- Alleged sale of admin access to EBET
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to EBET
- Date: 2025-10-28T14:03:04Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Unknown
- Victim Industry: Gambling & Casinos
- Victim Organization: ebet
- Victim Site: 365ebet365.com
- Alleged sale of admin access to beisbolito.bet
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to beisbolito.bet
- Date: 2025-10-28T14:00:49Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Unknown
- Victim Industry: Gambling & Casinos
- Victim Organization: beisbolito.bet
- Victim Site: Unknown
- Z-BL4CX-H4T targets the website of Nursing Journal of India
- Category: Defacement
- Content: The group claims to have defaced the website of The Nursing Journal of India.
- Date: 2025-10-28T13:51:10Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/100)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: India
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: the nursing journal of india
- Victim Site: tnaijournal-nji.com
- Alleged sale of bank leads from multiple country
- Category: Data Breach
- Content: Threat actor claims to be selling bank leads from multiple country.
- Date: 2025-10-28T13:46:36Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Worldwide-Bank-Leads-2025-Total-Line-5436524)
- Screenshots:
- Threat Actors: Cayenne
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Productive Tool Products falls victim to Qilin ransomware
- Category: Ransomware
- Content: Group claims to have obtained organization’s data.
- Date: 2025-10-28T13:39:19Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=f6511058-48cc-365e-9742-1e568c99b0c7)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: productive tool products
- Victim Site: ptpsystems.com
- Alleged sale of database from Spain
- Category: Initial Access
- Content: Threat actor claims to be selling databases from Spain.
- Date: 2025-10-28T13:36:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-%F0%9F%87%AA%F0%9F%87%B8Spanish-DBs-avilable-fresh-10-xx-09-xx)
- Screenshots:
- Threat Actors: Cayenne
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Z-BL4CX-H4T targets multiple US websites
- Category: Defacement
- Content: The group claims to have defaced multiple US websites.
- Date: 2025-10-28T13:24:18Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/98)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: avw equipment company, inc.
- Victim Site: carwashbeltconveyor.com
- BDG Law Group falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 110 GB of the organization’s data. The compromised information reportedly includes employees and clients information such as phones, emails, addresses, driver licenses, passports, social security numbers, confidential legal files, court hearings, police reports, medical information, accounting and financials, NDA, etc.
- Date: 2025-10-28T13:21:27Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: bdg law group
- Victim Site: bdgfirm.com
- Z-BL4CX-H4T targets the website of Naloxone Box
- Category: Defacement
- Content: The group claims to have defaced the website of Naloxone Box
- Date: 2025-10-28T13:07:40Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/99)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: USA
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: naloxone box
- Victim Site: naloxonebox.com
- RASHTRIYA CYBER SENA targets the website of Saidpur Cantonment Board
- Category: Defacement
- Content: The group claims to have defaced the website of Saidpur Cantonment Board.
- Date: 2025-10-28T13:04:21Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/33)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: saidpur cantonment board
- Victim Site: cbs.gov.bd
- Alleged sale of admin access to Embiz.ae
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Embiz.ae
- Date: 2025-10-28T12:58:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Selling-Admin-Access-of-Multiple-Sites)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: UAE
- Victim Industry: Professional Services
- Victim Organization: embiz.ae
- Victim Site: embiz.ae
- Alleged data sale of Central Bank of The UAE
- Category: Data Breach
- Content: A threat actor claims to be selling full compliance framework of Central Bank of The UAE. The compromised data reportedly includes agents(multiple agent scripts), core(workflow handling), models(Object Relational Mapping), database files, main scripts and other files, also they leaked the admin credentials, user credentials, JWT Secret for session management, mcp endpoint., databases and encryption details, redis, redis_cluster, retention policies, llm configuration, cbuae api, cloud storage, email configuration, logging configuration, security configuration,external services, agent configuration, backup configuration etc.
- Date: 2025-10-28T12:13:07Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143986/)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/7b90d530-e1f1-47c8-8cce-1788197596dd.png
- https://d34iuop8pidsy8.cloudfront.net/b40403f6-5df4-4864-8c58-3f1365bfdd81.png
- https://d34iuop8pidsy8.cloudfront.net/ac3982ca-8613-4519-a182-03ea9b68b68c.png
- https://d34iuop8pidsy8.cloudfront.net/3557df83-cb7c-42bb-9bff-d57107a766e6.png
- https://d34iuop8pidsy8.cloudfront.net/b60c13d4-9e65-4bf1-af6d-af46d651ebcb.png
- https://d34iuop8pidsy8.cloudfront.net/431f43b2-660b-4526-9aa0-9d4358b2dd25.png
- https://d34iuop8pidsy8.cloudfront.net/70023e8b-2f9f-4731-8aaf-28fc8d60a29e.png
- Threat Actors: Spider777
- Victim Country: UAE
- Victim Industry: Banking & Mortgage
- Victim Organization: central bank of the uae
- Victim Site: entralbank.ae
- Axelson Williamowsky Bender & Fishman P.C. falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 100 GB of the organization’s data. The compromised information reportedly includes financial data such as audit, payment details, financial reports, invoices, detailed employees and customers information (passports, driver’s license , Social Security Numbers, medical information, emails, phones) confidential information, NDAs and other documents with detailed personal information.
- Date: 2025-10-28T11:13:51Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Legal Services
- Victim Organization: axelson williamowsky bender & fishman p.c.
- Victim Site: awbflaw.com
- Z-BL4CX-H4T targets the website of Viajes DQ
- Category: Defacement
- Content: The group claims to have defaced the website of Viajes DQ.
- Date: 2025-10-28T10:25:07Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/97)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: Spain
- Victim Industry: Hospitality & Tourism
- Victim Organization: viajes dq
- Victim Site: vacacional.viajesdq.com
- Riddell Law Group falls victim to PEAR Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 1.7 TB of the organization’s data. The compromised data reportedly includes Financials, HR, Partner’s and Vendor’s Data, Client’s Privileged & Confidential Data, PII & PHI Records, Police Reports & Court Files, Exhibits & Evidences, Mailboxes & Email Correspondence, etc.
- Date: 2025-10-28T10:13:59Z
- Network: tor
- Published URL: (http://peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion/Companies/rlglawfirm/)
- Screenshots:
- Threat Actors: PEAR
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: riddell law group
- Victim Site: rlglawfirm.com
- Alleged data leak of Coinbase
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing details of 13K Coinbase users, including first name, last name, email, phone number, country, source and last balance.
- Date: 2025-10-28T09:59:29Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Private-Coinbase-13k-Leads-Fresh–57416)
- Screenshots:
- Threat Actors: sxxmj
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: coinbase
- Victim Site: coinbase.com
- Alleged gain of access to the control panel of Cantine del Notaio
- Category: Initial Access
- Content: The group claims to have gained access to the control panel of Cantine del Notaio.
- Date: 2025-10-28T07:59:10Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/98)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Italy
- Victim Industry: Wine & Spirits
- Victim Organization: cantine del notaio
- Victim Site: cantinedelnotaio.it
- Alleged data sale of IDLabz
- Category: Data Breach
- Content: Threat actor claims to be selling leaked Romanian ID cards from IDLabz.
- Date: 2025-10-28T07:29:48Z
- Network: tor
- Published URL: (http://qeei4m7a2tve6ityewnezvcnf647onsqbmdbmlcw4y5pr6uwwfwa35yd.onion/Thread-Selling-ID-Cards-Full-Data-idlabz-mysellauth-com)
- Screenshots:
- Threat Actors: fuckoverflow
- Victim Country: Romania
- Victim Industry: Online Publishing
- Victim Organization: idlabz
- Victim Site: idlabz.mysellauth.com
- Alleged leak of access to Keflon Fine Products
- Category: Initial Access
- Content: Threat actor claims to be leaked access to a dashboard of Keflon Fine Products.
- Date: 2025-10-28T07:14:19Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Management-Dashboard-Access-keflonfineproducts-com)
- Screenshots:
- Threat Actors: EternalRed
- Victim Country: India
- Victim Industry: Manufacturing
- Victim Organization: keflon fine products
- Victim Site: keflonfineproducts.com
- Alleged sale of Wasp
- Category: Malware
- Content: Threat actor claims to be selling Wasp, a macOS infostealer offered as a paid MaaS (limited-access), advertising fileless DMG execution across macOS versions (10.10+) and architectures (x86-64, ARM64), 0/62 VirusTotal evasion, a React control panel, rapid startup data collection (browsers, extensions, crypto wallets, files/notes), exclusive Gecko-browser support, and a sophisticated Ledger Live phishing module that preserves app functionality and captures seed phrases.
- Date: 2025-10-28T06:28:21Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269082/)
- Screenshots:
- Threat Actors: iLeakSupp
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- M A D G H O S T targets the website of Femina Care
- Category: Defacement
- Content: The group claims to have defaced the website of Femina Care.
- Date: 2025-10-28T04:13:18Z
- Network: telegram
- Published URL: (https://t.me/ARABIAN_GHOSTS/1614)
- Screenshots:
- Threat Actors: M A D G H O S T
- Victim Country: Israel
- Victim Industry: E-commerce & Online Stores
- Victim Organization: femina care
- Victim Site: femina-care.co.il
- Alleged unauthorized access to a unidentified company
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to a unidentified company.
- Date: 2025-10-28T03:57:31Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2139)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Jimfor, S.A. falls victim to Ciphbit Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s internal data and intends to publish it within 8 days.
- Date: 2025-10-28T03:16:21Z
- Network: tor
- Published URL: (http://ciphbitqyg26jor7eeo6xieyq7reouctefrompp6ogvhqjba7uo4xdid.onion/)
- Screenshots:
- Threat Actors: Ciphbit
- Victim Country: Panama
- Victim Industry: Insurance
- Victim Organization: jimfor, s.a.
- Victim Site: jimfor.com
- Fatimion Cyber Team targets U.S. critical sectors
- Category: Alert
- Content: The group claims to have gained access to sensitive data from multiple U.S. critical sectors, including government, defense, and energy networks. They allege possession of confidential files, internal communications, and infrastructure-related information belonging to American agencies and private contractors.
- Date: 2025-10-28T02:47:26Z
- Network: telegram
- Published URL: (https://t.me/hak994/4343?single)
- Screenshots:
- Threat Actors: Fatimion cyber team
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Hutchison Ports Duisburg GmbH falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 650 GB of the organization’s internal data.
- Date: 2025-10-28T02:39:26Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/FR6bO1HYJoY61qaDdLK12cqmVohNGJoN/decete)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: Germany
- Victim Industry: Transportation & Logistics
- Victim Organization: hutchison ports duisburg gmbh
- Victim Site: decete.de
- Alleged leak of City West Housing Trust
- Category: Data Breach
- Content: Threat actor claims to have leaked data from City West Housing Trust.
- Date: 2025-10-28T02:27:35Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/city-west-housing-trust-leaked-data-of-council-and-residents.44946/)
- Screenshots:
- Threat Actors: An0nybyte
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of Ferrari Data
- Category: Data Breach
- Content: Threat actor claims to be selling 7.5 GB+ of leaked Ferrari data.
- Date: 2025-10-28T02:20:52Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/huge-ferrari-leak-data-7-5g.44945/)
- Screenshots:
- Threat Actors: An0nybyte
- Victim Country: Italy
- Victim Industry: Automotive
- Victim Organization: ferrari s.p.a.
- Victim Site: ferrari.com
- Pharaoh’s Team targets multiple websites
- Category: Defacement
- Content: Group claims to have defaced multiple websites.
- Date: 2025-10-28T02:07:08Z
- Network: telegram
- Published URL: (https://t.me/Pharaohs_n/230)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/72ccd879-c6ce-493d-bbb0-705db78168bb.png
- https://d34iuop8pidsy8.cloudfront.net/016b6ac2-c2b6-4c13-aff4-d212424919d6.png
- https://d34iuop8pidsy8.cloudfront.net/e80125fe-e04a-4f89-8c3b-54386e06bdae.png
- https://d34iuop8pidsy8.cloudfront.net/51961feb-6a51-4653-bf36-bdd257ddacac.png
- Threat Actors: Pharaoh’s Team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Advantage CDC falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have exfiltrated 500 GB of data from the company’s file server, including personal data of employees linked to company clients, medical records, network user folders, and management files, which they intend to publish within 4 days. Note: Advantage CDC has previously fallen victim to MEOW Ransomware on October 08, 2024 and RansomHub Ransomware on September 15, 2024.
- Date: 2025-10-28T01:17:27Z
- Network: tor
- Published URL: (http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/cf4ccd0aad02d49e77da/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Banking & Mortgage
- Victim Organization: advantage cdc
- Victim Site: advantagecdc.org
- Kipp & Christian, P.C. falls victim to GENESIS Ransomware
- Category: Ransomware
- Content: The group claims to have exfiltrated 1 TB of data from the company’s file server, including client personal and medical information, legal paperwork, and other confidential files, which they intend to publish within 4 days.
- Date: 2025-10-28T00:58:28Z
- Network: tor
- Published URL: (http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/b70dd25a3891a86f2354/)
- Screenshots:
- Threat Actors: GENESIS
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: kipp & christian, p.c.
- Victim Site: kippandchristian.com
- Alleged Unauthorized Access to a U.S.-Based Organic Waste Processing System
- Category: Initial Access
- Content: A group claims to have gained unauthorized access to a U.S.-based system managing organic waste processing facilities. The system reportedly controls feed pumps, separators, and digestate pumps operating in full automatic mode via variable frequency drives (VFDs). The attackers allege the ability to influence system functions and monitor operations remotely
- Date: 2025-10-28T00:39:05Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/2128)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Renewables & Environment
- Victim Organization: Unknown
- Victim Site: Unknown
- Cohen’s Fashion Optical falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 350 GB of the organization’s data, including financial records, internal contracts, and incident documentation, which they intend to publish within 8 days.
- Date: 2025-10-28T00:30:33Z
- Network: tor
- Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68ffb0f388b6823fa2f0d016)
- Screenshots:
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: cohen’s fashion optical
- Victim Site: cohensfashionoptical.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats, all reported on 2025-10-28.
Ransomware remains a major concern, with groups like PLAY (8 victims), Akira (4 victims), GENESIS (3 victims), and Sinobi (3 victims) listing victims from multiple industries, predominantly in the USA, but also in Canada, Tunisia, Panama, Germany, and the UK. Compromised data volume ranges from 15 GB to a massive 1.7 TB, often including highly sensitive information such as personal employee/client data, financials, legal files, and medical records.
Initial Access sales are also significant, with threat actors offering administrative and shell access to organizations across Brazil, Chile, Argentina, USA, South Korea, Bangladesh, UAE, Sweden, and Spain. The sectors targeted include IT Services, E-commerce, Financial Services, and even government/critical systems like U.S. fuel and waste processing.
Data Breaches involve the alleged sale of large datasets, notably from the Central Bank of the UAE, SK Telecom (South Korea), and Ferrari S.p.A. (Italy), alongside leaks of country-specific databases for Spain, China, Canada, and an alleged sale of Israeli Nuclear Warhead Documents.
Defacement activity targeted sites in India, USA, Bangladesh, and Israel. Finally, the sale of specialized Malware, such as a Solana SPL token hijacker and a macOS infostealer, underscores the availability of offensive tools in the cyber underground.