This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Spa TMF Logistics falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 36.6 GB of the organization’s data, including contracts, financial records, and HR files, which they intend to publish within 4 days.
- Date: 2025-10-31T23:33:32Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69053b5ce1a4e4b3ffc2cd1b)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Algeria
- Victim Industry: Transportation & Logistics
- Victim Organization: spa tmf logistics
- Victim Site: tmf-logistics.com
- TwoNet Group claims to target America
- Category: Alert
- Content: A recent post by the group indicates that they are targeting America
- Date: 2025-10-31T21:44:07Z
- Network: telegram
- Published URL: (https://t.me/TwoNetchannel/111)
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of TISZA Világ
- Category: Data Breach
- Content: The threat actor claims to be selling Large amount of personal data from TISZA Világ.
- Date: 2025-10-31T20:46:29Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/large-amount-of-personal-data-from-hungary-domain-tiszavilag-hu.45102/)
- Screenshots:
- Threat Actors: thehackingguy43
- Victim Country: Hungary
- Victim Industry: Political Organization
- Victim Organization: tisza világ
- Victim Site: tiszavilag.hu
- Alleged data breach of Aviatrix
- Category: Data Breach
- Content: Threat actor claims to have leaked data and source code from Aviatrix, USA. The compromised data reportedly contains Source Code, RSA Keys, Terraform Files, Configuration Files and Hard Coded Credentials.
- Date: 2025-10-31T20:31:59Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-Aviatrix-ai-Data-Breach-Leaked-Download?pid=293723#pid293723)
- Screenshots:
- Threat Actors: 888
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: aviatrix
- Victim Site: aviatrix.ai
- Alleged data breach of Amina Hospital
- Category: Data Breach
- Content: Threat actor claims to have leaked database of Amina Hospital, part of Amina Healthcare Group, Ajman, UAE. The compromised data reportedly contains data from 2023-11-06 to 2025-10-31, Including full names, email addresses, phone numbers, IP addresses, etc.
- Date: 2025-10-31T20:22:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-aminahospital-FULL-DBs-⭐)
- Screenshots:
- Threat Actors: xNov
- Victim Country: UAE
- Victim Industry: Hospital & Health Care
- Victim Organization: amina hospital
- Victim Site: aminahospital.ae
- Alleged sale of Italian vehicle ownership documents
- Category: Data Breach
- Content: The threat actor claims to be selling scans and photos of documents related to the ownership of a vehicle registered in Italy. The dataset allegedly includes ID cards (both sides), a car purchase agreement, a digital ownership certificate, a declaration of sale, and commercial register documents.
- Date: 2025-10-31T20:17:07Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269383/)
- Screenshots:
- Threat Actors: Radik_c_VF
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Adamson Ahdoot LLP falls victim to INC RANSOM ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data, including all criminal cases, clients’ personal documents, medical records, and all confidential files were stolen.
- Date: 2025-10-31T19:55:59Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69050d26e1a4e4b3ffc02904)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: adamson ahdoot llp
- Victim Site: aa-llp.com
- Alleged sale of Chinese citizens data
- Category: Data Breach
- Content: Threat actor claims to have leaked citizen data from China. The compromised data reportedly contains 25,000,000 lines of bank information including name, phone number, password, card number, address, etc. and 20,000,000 lines of Chinese hotels clients information including name, document of identification, document number, address, phone number, mail, etc.
- Date: 2025-10-31T18:30:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Chinese-citizens-data-45-000-000-lines)
- Screenshots:
- Threat Actors: Eternal
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of access to unidentified company from Switzerland
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized FTP server access to an unidentified computer equipment manufacturing company from Switzerland.
- Date: 2025-10-31T18:21:23Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-FTP-ACCESS-FOR-4-6B)
- Screenshots:
- Threat Actors: Dark_Alpha
- Victim Country: Switzerland
- Victim Industry: Electrical & Electronic Manufacturing
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of access to unidentified company from Canada
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized FTP admin access to an unidentified business services company based in Canada.
- Date: 2025-10-31T18:06:43Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-FTP-ADMIN-ACCESS-CANADA)
- Screenshots:
- Threat Actors: Dark_Alpha
- Victim Country: Canada
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Airbus database
- Category: Data Breach
- Content: The threat actor claims to be offering a database from airbus and states the data is being shared via a private chat channel.
- Date: 2025-10-31T17:40:12Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/airbus-db-avilable-on-pr1vate-chat.45087/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: France
- Victim Industry: Aviation & Aerospace
- Victim Organization: airbus
- Victim Site: airbus.com
- Alleged data breach of ValueText in México
- Category: Data Breach
- Content: The threat actor claims to be selling from ValueText in México. The compromised data reportedly contains more than 127,000 records that includes name, phone, city, state, zip code, etc.
- Date: 2025-10-31T17:22:56Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269372/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Mexico
- Victim Industry: Information Technology (IT) Services
- Victim Organization: valuetext
- Victim Site: valuetext.io
- Alleged sale of 1.1M+ records of myclubmarriott.com and gms-group.com
- Category: Data Breach
- Content: The threat actor claims to be offering a dataset of 1.1 million+ records. The listing states the database references myclubmarriott.com and gms-group.com in an administrator field, but the seller says they do not know which company the data belongs to. The compromised data reportedly contains name, city, state, zip code, etc.
- Date: 2025-10-31T17:10:33Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269371/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Singapore
- Victim Industry: Hospitality & Tourism
- Victim Organization: myclubmarriott.com
- Victim Site: myclubmarriott.com
- Alleged sale of UK database
- Category: Data Breach
- Content: The threat actor claims to be offering a database from the United Kingdom containing more than 100 million records, with a listed date of 14 October 2025.
- Date: 2025-10-31T16:37:07Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/uk-db-avilable-2025-10-14-more-than-100-million-lines.45084/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: UK
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Data sale of Spain Citizen’s data
- Category: Data Breach
- Content: The threat actor claims to be selling data of Spain Citizens. The compromised data reportedly contains 34 millions records that includes name, DNI, email, phone, etc.
- Date: 2025-10-31T16:24:46Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/spain-citizens-db-2025-10-15-34-million-rows.45080/)
- Screenshots:
- Threat Actors: Cayenne22
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of customer records from a US Business Intelligence (BI) software company
- Category: Data Breach
- Content: The threat actor claims to be selling customer records from a US-based Business Intelligence (BI) software company. The compromised data reportedly contains more than 143,000 records that includes name, phone, email, website, etc,
- Date: 2025-10-31T16:03:14Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269370/)
- Screenshots:
- Threat Actors: betway
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of multiple WordPress accesses
- Category: Initial Access
- Content: Threat actor claims to be selling 8455 WordPress admin accesses from various countries.
- Date: 2025-10-31T15:56:23Z
- Network: openweb
- Published URL: (https://xss.pro/threads/144027/)
- Screenshots:
- Threat Actors: _C3FaRiR_
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of USA front and back Id card and selfie
- Category: Data Breach
- Content: Threat actor claims to have leaked front and back I’d card and selfie from USA.
- Date: 2025-10-31T15:49:43Z
- Network: openweb
- Published URL: (https://xss.pro/threads/144024/)
- Screenshots:
- Threat Actors: RootShift
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of admin panel and shell access to an unidentified online stores
- Category: Initial Access
- Content: The threat actor claims to be selling admin-panel and shell access to an unidentified online store in multiple countries ( Poland, Sweden, Spain, France, Italy, Switzerland, Denmark).
- Date: 2025-10-31T15:47:35Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269369/)
- Screenshots:
- Threat Actors: kobenotnow
- Victim Country: Poland
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Pakistan ISI leaders personal data
- Category: Data Breach
- Content: Threat actor claims to be selling leaked personal data of Inter Services Intelligence (ISI) leaders from Pakistan, allegedly exposing residential address, phone number, ID, etc.
- Date: 2025-10-31T15:42:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-PAKISTAN-ISI-paki-cia-LEADERS-PERSONAL-INFO-LEAK)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Pakistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of French credit cards data
- Category: Data Breach
- Content: A threat actor claims to be selling 150 French credit card records with a reported 90%+ validity rate. The actor states that the cards were recently obtained through sniffing activity. The compromised data reportedly contains name, address, city, zip, phone, email.
- Date: 2025-10-31T15:34:57Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/269367/)
- Screenshots:
- Threat Actors: Cleverly
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- HOLTZ OFFICE SUPPORT falls victim to SAFEPAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-31T15:28:40Z
- Network: tor
- Published URL: (http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/holtzofficesupportcom/)
- Screenshots:
- Threat Actors: SAFEPAY
- Victim Country: Germany
- Victim Industry: Manufacturing
- Victim Organization: holtz office support
- Victim Site: holtzofficesupport.com
- Alghanim International falls victim to RADAR group ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-31T15:05:12Z
- Network: tor
- Published URL: (http://3bnusfu2lgk5at43ceu7cdok5yv4gfbono2jv57ho74ucjvc7czirfid.onion/awaiting-publication)
- Screenshots:
- Threat Actors: RADAR group
- Victim Country: Kuwait
- Victim Industry: Building and construction
- Victim Organization: alghanim international
- Victim Site: falghanim.com
- Alleged database leak of Kenya Medical Practitioners and Dentists Council
- Category: Data Breach
- Content: Threat actor claims to have leaked 9GB database of Kenya Medical Practitioners and Dentists Council.
- Date: 2025-10-31T14:36:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-kmpdc-go-ke-Breach-9Gb)
- Screenshots:
- Threat Actors: Kazu
- Victim Country: Kenya
- Victim Industry: Hospital & Health Care
- Victim Organization: kenya medical practitioners and dentists council
- Victim Site: kmpdc.go.ke
- Alleged database leak of Japanese citizens
- Category: Data Breach
- Content: Threat actor claims to have leaked Japanese citizens data including ID, First Name, Last Name, Email, Address, City, State, ZIP, Country, Phone, Date of Birth, Gender, Marital Status, etc.
- Date: 2025-10-31T14:14:04Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Japanese-2025-10-13-citizens)
- Screenshots:
- Threat Actors: Cayenne
- Victim Country: Japan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- RASHTRIYA CYBER SENA targets the website of CT Bazar
- Category: Defacement
- Content: The group claims to have defaced the website of CT Bazar.
- Date: 2025-10-31T14:10:43Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/42)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Bangladesh
- Victim Industry: Supermarkets
- Victim Organization: ct bazar
- Victim Site: news.ctbazar.com
- Alleged sale of WormGPT
- Category: Malware
- Content: Threat actor claims to be selling WormGPT ,a malicious software using for hacking.
- Date: 2025-10-31T14:08:21Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Free-WormGPT)
- Screenshots:
- Threat Actors: dealer00
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of US military documents
- Category: Data Breach
- Content: Threat actor claims to have leaked 398 GB of data from US military.
- Date: 2025-10-31T14:01:37Z
- Network: telegram
- Published URL: (https://t.me/rubiconhack/85)
- Screenshots:
- Threat Actors: Rubiconhack
- Victim Country: USA
- Victim Industry: Military Industry
- Victim Organization: Unknown
- Victim Site: Unknown
- RipperSec claims to target UAE
- Category: Alert
- Content: A recent post by the group indicates that they will be attacking UAE
- Date: 2025-10-31T13:36:21Z
- Network: telegram
- Published URL: (https://t.me/c/2875163062/172)
- Screenshots:
- Threat Actors: RipperSec
- Victim Country: UAE
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of credit card data from multiple countries
- Category: Data Breach
- Content: Threat actor claims to be selling credit card data from multiple countries
- Date: 2025-10-31T13:32:14Z
- Network: openweb
- Published URL: (https://xss.pro/threads/144022/)
- Screenshots:
- Threat Actors: hwy16888
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged breach of energy infrastructure in Ukraine and Germany
- Category: Data Breach
- Content: The group claims to have targeted the energy infrastructure of Ukraine and Germany. Five power plants were allegedly compromised, each with an average capacity exceeding 500 kW. The intrusion reportedly caused equipment overheating and thermal overloads, triggering automatic shutdown protocols in combined heat and power (CHP) units. As a result, the affected systems were taken offline, leading to significant operational disruption across multiple energy facilities.
- Date: 2025-10-31T13:27:57Z
- Network: telegram
- Published URL: (https://t.me/itarmyofrussianews/268)
- Screenshots:
- Threat Actors: IT ARMY OF RUSSIA
- Victim Country: Germany
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Expro
- Category: Data Breach
- Content: The threat actor claims to be selling 1.5GB data bases of Expro.
- Date: 2025-10-31T13:22:46Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-1-5-GB-EXPRO-YPF-Well-Integrity-Database)
- Screenshots:
- Threat Actors: sentap
- Victim Country: UK
- Victim Industry: Oil & Gas
- Victim Organization: expro
- Victim Site: expro.com
- Alleged unauthorized access to industrial control system of Gajarda s.r.l. in Italy
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the control system of Gajarda s.r.l.
- Date: 2025-10-31T12:50:01Z
- Network: telegram
- Published URL: (https://t.me/c/2787466017/88)
- Screenshots:
- Threat Actors: NoName057(16)
- Victim Country: Italy
- Victim Industry: Industrial Automation
- Victim Organization: gajarda s.r.l.
- Victim Site: gajarda.com
- NCT [NTB CYBER TEAM] targets the website of BITV
- Category: Defacement
- Content: The group claims to have deface the website of BITV
- Date: 2025-10-31T12:39:34Z
- Network: telegram
- Published URL: (https://t.me/Garuda_Tersakiti/83)
- Screenshots:
- Threat Actors: NCT [NTB CYBER TEAM]
- Victim Country: Indonesia
- Victim Industry: Newspapers & Journalism
- Victim Organization: bitv
- Victim Site: bitvonline.com
- Alleged data breach of Rumah Sakit Umum Daerah Cilacap
- Category: Data Breach
- Content: Threat actor claims to be leaking a database allegedly belonging to the Rumah Sakit Umum Daerah Cilacap.
- Date: 2025-10-31T11:59:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-RSUD-CILACAP-DATABASE-LEAKED-BY-LOLFORUM)
- Screenshots:
- Threat Actors: LolForum
- Victim Country: Indonesia
- Victim Industry: Hospital & Health Care
- Victim Organization: rumah sakit umum daerah cilacap
- Victim Site: rsud.cilacapkab.go.id
- Alleged leak of admin credentials of VietnamPost
- Category: Initial Access
- Content: The group claims to have leaked admin credentials to VietnamPost
- Date: 2025-10-31T11:59:03Z
- Network: telegram
- Published URL: (https://t.me/notctber/1338)
- Screenshots:
- Threat Actors: NOTCTBER404
- Victim Country: Vietnam
- Victim Industry: Transportation & Logistics
- Victim Organization: vietnampost
- Victim Site: vnpost.vn
- HomeTown Credit Union falls victim to akira ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes employee personal information such as social security number, addresses, phones, emails, driver licenses, lots of financial documents, accounting documents and other internal documents.
- Date: 2025-10-31T11:55:06Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Banking & Mortgage
- Victim Organization: hometown credit union
- Victim Site: hometowncu.coop
- RASHTRIYA CYBER SENA targets the website of Zipxgo
- Category: Defacement
- Content: The group claims to have defaced the website of Zipxgo.
- Date: 2025-10-31T11:48:35Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/41)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Bangladesh
- Victim Industry: E-commerce & Online Stores
- Victim Organization: zipxgo
- Victim Site: zipxgo.com
- Z-BL4CX-H4T targets the website of FMPB
- Category: Defacement
- Content: The group claims to have defaced the website of FMPB
- Date: 2025-10-31T11:21:44Z
- Network: telegram
- Published URL: (https://t.me/c/3027611821/112)
- Screenshots:
- Threat Actors: Z-BL4CX-H4T
- Victim Country: India
- Victim Industry: Religious Institutions
- Victim Organization: fmpb
- Victim Site: fmpb.co.in
- Alleged data breach of OleconOle
- Category: Data Breach
- Content: The threat actor claims to be leaked 6K data bases of OleconOle, which includes data of id,treatment,mame.surname,email,sales,activated,newsletter,registration date and last visit.
- Date: 2025-10-31T11:17:17Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-oleconole-es-leak)
- Screenshots:
- Threat Actors: Tanaka
- Victim Country: Spain
- Victim Industry: Printing
- Victim Organization: oleconole
- Victim Site: oleconole.es
- Alleged sale of unidentified military database
- Category: Data Breach
- Content: Threat actor claims to be selling unidentified military database.
- Date: 2025-10-31T11:02:49Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-buy-military-database-then-message-me)
- Screenshots:
- Threat Actors: Nikolai699999
- Victim Country: Unknown
- Victim Industry: Military Industry
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of Shopping Delivery Address Database in China
- Category: Data Breach
- Content: Threat actor claims to be selling 810 M Shopping Delivery Address Database in China.
- Date: 2025-10-31T10:53:49Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-China-Shopping-Delivery-Address-Database-810-Million-Lines)
- Screenshots:
- Threat Actors: MisterD
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged leak of admin credentials of Supreme Court of the Republic of Indonesia
- Category: Initial Access
- Content: The group claims to have leaked admin credentials to Supreme Court of the Republic of Indonesia
- Date: 2025-10-31T10:53:12Z
- Network: telegram
- Published URL: (https://t.me/teamRcs/39)
- Screenshots:
- Threat Actors: RASHTRIYA CYBER SENA
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: supreme court of the republic of indonesia
- Victim Site: mahkamahagung.go.id
- KAL EGY 319 targets the website of Lecxo
- Category: Defacement
- Content: The group claims to have defaced the website of Lecxo Mirror Link: https://zone-xsec.com/mirror/id/761129
- Date: 2025-10-31T10:36:54Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/36)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: UAE
- Victim Industry: Consumer Electronics
- Victim Organization: lecxo
- Victim Site: lecxo.ae
- Alleged data breach of KNOWNSEC
- Category: Data Breach
- Content: The threat actor claims to be selling 12K data bases of KNOWNSEC in China, which includes data of employee data, corporate information ,financials, military tools and project information
- Date: 2025-10-31T10:25:58Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Chinese-infosec-company-Knownsec-hacked-confidential-company-files-2023)
- Screenshots:
- Threat Actors: t1g3r
- Victim Country: China
- Victim Industry: Information Technology (IT) Services
- Victim Organization: knownsec
- Victim Site: knownsec.com.hk
- Alleged sale of database in Russia
- Category: Data Breach
- Content: The threat actor claims to be selling databases from Russia, which includes full name,passport,SNILS,registration address,residential address,cell phone number,home number and date of birth.
- Date: 2025-10-31T09:46:40Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Russia-database-St-Petersburg-Moscow-153-000-contacts)
- Screenshots:
- Threat Actors: keshaworker
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- CCI Tax Pros falls victim to BlackShrantac ransomware
- Category: Ransomware
- Content: The group claims to have obtained 80 GB of the organization’s data. The compromised information includes client personal details such as names, SSNs, contact info, as well as tax filings, income reports, deductions, audit records, financial statements, payroll data, compliance documents, and tax planning and consulting information for individuals and small businesses.
- Date: 2025-10-31T08:13:37Z
- Network: tor
- Published URL: (http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/14)
- Screenshots:
- Threat Actors: BlackShrantac
- Victim Country: USA
- Victim Industry: Accounting
- Victim Organization: cci tax pros
- Victim Site: ccitaxpros.com
- Gun Accessory Supply falls victim to Qilin ransomware
- Category: Ransomware
- Content: The group claims to have obtained 300 GB of the organization’s data.
- Date: 2025-10-31T08:04:19Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=bbcfbd8d-4c16-328a-acab-289690da2921)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Sporting Goods
- Victim Organization: gun accessory supply
- Victim Site: gunaccessorysupply.com
- VZW Avalon falls victim to INC RANSOM Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data.
- Date: 2025-10-31T05:45:09Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68fe4766e1a4e4b3ff57b999)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Belgium
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: vzw avalon
- Victim Site: avalon-vzw.be
- Alleged data breach of Suvidha Supermarket
- Category: Data Breach
- Content: Threat actor claims to have leaked data from SuvidhaSupermarket.in, a long-established Indian retail chain and online grocery platform. The exposed dataset reportedly includes information on over 600,000 customers and 1,000+ employees, containing customer IDs, names, mobile numbers, addresses, cashback points, outstanding amounts, origin stores, account creation dates, and last visit records.
- Date: 2025-10-31T05:08:48Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-suvidhasupermarket-in-600k-customers-1k-employees-data-and-more)
- Screenshots:
- Threat Actors: nullbytes_0x00
- Victim Country: India
- Victim Industry: Retail Industry
- Victim Organization: suvidha supermarket
- Victim Site: suvidhasupermarket.in
- Alleged data breach of SVisual
- Category: Data Breach
- Content: A threat actor claims to have leaked data from svisual, a Spain-based communication and accessibility platform. The compromised data contains 100,000 user records, including names, emails, phone numbers, cities, provinces, dates of birth, and login credentials and other personal information.
- Date: 2025-10-31T03:51:43Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Spain-Database-svisual-org-2025-100K)
- Screenshots:
- Threat Actors: Robert2025
- Victim Country: Spain
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: svisual
- Victim Site: svisual.org
- The Matlusky Firm LLC falls victim to BlackShrantac
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data. the data includes 100gb financial documents (payrolls, bank accounts, invoices, tax files), legal and research documents, insurance and deposition data,sensitive employee details,driver’s licenses and Social Security numbers.
- Date: 2025-10-31T02:39:09Z
- Network: tor
- Published URL: (http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/13)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/78cc2408-3d9f-4c34-b83d-dc4c6c673e9e.png
- https://d34iuop8pidsy8.cloudfront.net/39cba891-be70-4e11-8519-a4af6cde6295.png
- https://d34iuop8pidsy8.cloudfront.net/3cff5e14-33ee-410b-9651-095de9f9124c.png
- https://d34iuop8pidsy8.cloudfront.net/2a352968-fae5-4055-a6ad-661d1cada068.png
- Threat Actors: BlackShrantac
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: the matlusky firm llc
- Victim Site: thematluskyfirm.com
- Alleged data breach of InWebsiteBuilder
- Category: Data Breach
- Content: Threat actor claims to have leaked data from InWebsiteBuilder.com, a platform providing website-building services for insurance agencies. The exposed dataset reportedly contains 18,047 records related to insurance websites and client information.
- Date: 2025-10-31T02:32:18Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-InWebsiteBuilder-com-Insurance-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: punk
- Victim Country: India
- Victim Industry: Software
- Victim Organization: inwebsitebuilder
- Victim Site: inwebsitebuilder.com
- Tenax Law Group, P.C. falls victim to BlackShrantac Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 150GB of sensitive data from TENAX Law Group PC, a U.S.–based law firm specializing in business, employment, real estate, bankruptcy matters, and civil litigation. The leaked data reportedly includes legal case files and documents across these practice areas, along with multiple insurance-related documents.
- Date: 2025-10-31T01:35:12Z
- Network: tor
- Published URL: (http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/15)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/62bf78ca-bbb0-4720-80cc-9da819839305.png
- https://d34iuop8pidsy8.cloudfront.net/27065499-4e49-483e-bcac-453fe250689d.png
- https://d34iuop8pidsy8.cloudfront.net/7430add6-027f-48c0-b62d-63ae337746bf.png
- https://d34iuop8pidsy8.cloudfront.net/fbd75a69-176e-4909-b660-27333bf9810f.png
- https://d34iuop8pidsy8.cloudfront.net/dab0ff1c-130a-4f4e-9937-757f92e6c4d3.png
- Threat Actors: BlackShrantac
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: tenax law group, p.c.
- Victim Site: tenaxlawgroup.com
- Cypark Resources Berhad falls victim to BlackShrantac Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 10TB of data from CyPark Resources Berhad, a Malaysian renewable energy and environmental engineering company. The stolen data allegedly includes financial information such as invoices, banking and insurance records, asset details, and salary information, along with HR data including employee lists, email addresses, and physical addresses.
- Date: 2025-10-31T01:18:42Z
- Network: tor
- Published URL: (http://jvkpexgkuaw5toiph7fbgucycvnafaqmfvakymfh5pdxepvahw3xryqd.onion/targets/22)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/12e80dc6-e3d4-4084-9f39-45ec5703f096.png
- https://d34iuop8pidsy8.cloudfront.net/0b2b29a4-03d4-4ef9-a905-ab8eee035b39.png
- https://d34iuop8pidsy8.cloudfront.net/af5b9687-2c33-4dfb-ae87-ee0fefb1e9b5.png
- https://d34iuop8pidsy8.cloudfront.net/1019e3dc-8803-429b-a850-78ee7c62fc5a.png
- https://d34iuop8pidsy8.cloudfront.net/42888fe4-ac56-4149-ab8d-9d6dbb9df501.png
- https://d34iuop8pidsy8.cloudfront.net/21cae5ad-32a6-4c89-9d96-1ac83a464973.png
- https://d34iuop8pidsy8.cloudfront.net/d7851f07-36e0-4186-9c67-5af180b15ca1.png
- Threat Actors: BlackShrantac
- Victim Country: Malaysia
- Victim Industry: Renewables & Environment
- Victim Organization: cypark resources berhad
- Victim Site: cypark.com
- Alleged data breach of Ministry of Foreign Affairs, Republic of China (Taiwan)
- Category: Data Breach
- Content: Threat actor claims to have leaked an excerpt from the Republic of China (Taiwan) Armed Forces’ Major Equipment Summary Register. The compromised data reportedly includes details on Army, Navy, and Air Force equipment, such as equipment codes, names, categories, assigned units, operational status, distribution dates, and security classifications. Examples include entries for F-16V fighter jets, CM-11 tanks, Kang Ding-class frigates, and Tien Chien II missiles.
- Date: 2025-10-31T00:53:31Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Taiwan-Military-Equipment-Record-Leak)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Taiwan
- Victim Industry: Government Administration
- Victim Organization: ministry of foreign affairs, republic of china (taiwan)
- Victim Site: mofa.gov.tw
- Alleged data breach of Kimia Farma
- Category: Data Breach
- Content: Threat actor claims to have leaked legal documents of Kimia Farma, Indonesia. The compromised data reportedly includes land certificates and related legal files, totaling around 12,000 files (10 GB).
- Date: 2025-10-31T00:44:06Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Indonesia-Legal-Documents-of-Kimiafarma-Land-Certificates-10-GB?pid=292571#pid292571)
- Screenshots:
- Threat Actors: toshikana
- Victim Country: Indonesia
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: kimia farma
- Victim Site: kimiafarma.co.id
- Verdugo Hills Dental Group falls victim to Mydata/Alphalocker Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s internal data and they intend to publish it within 6-7 days
- Date: 2025-10-31T00:38:23Z
- Network: tor
- Published URL: (http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1-27)
- Screenshots:
- Threat Actors: Mydata/Alphalocker
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: verdugo hills dental group
- Victim Site: verdugohillsdental.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats, strictly based on the provided data. Data breaches and leaks are prominent, affecting various sectors from Transportation & Logistics and Software Development to Hospital & Health Care and Law Practice & Law Firms, and impacting countries including USA, China, India, Indonesia, Spain, and Germany. The compromised data ranges from personal user information, credit card data, and delivery addresses to Source Code, legal case files, financial records, and classified military equipment details. Beyond data compromise, the report also reveals significant activity in Initial Access sales, with threat actors offering unauthorized access to FTP servers, WordPress admin accounts, and even an industrial control system in Italy. The sale of malware (like WormGPT) further underscores the availability of offensive capabilities in the cyber underground. The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools.