[October-8-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged leak of Discord Logs

• Category: Data Breach
• Content: The group claims to have obtained over 2.3 billion Discord logs from more than 56 million users.
• Date: 2025-10-08T23:56:09Z
• Network: openweb
• Published URL: (https://leakbase.la/threads/discord-2-3b-discord-logs-available-from-56m-users.44239/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/909206db-990a-4e4b-a8ce-7df7041f25b7.png
• Threat Actors: discordbreach
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: discord
• Victim Site: discord.com

2. Alleged data leak of OLX Kazakhstan

• Category: Data Breach
• Content: The threat actor claims to have leaked sensitive customer database from OLX Kazakhstan. The exposed dataset reportedly include name, phone number, contact address etc. NB: Authenticity of claim is yet to be verified
• Date: 2025-10-08T23:36:30Z
• Network: telegram
• Published URL: (https://t.me/aqj986/7590)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9151d8a8-1af4-4bff-b664-dffb2c1fce57.png
• Threat Actors: Aiqianjin
• Victim Country: Kazakhstan
• Victim Industry: Consumer Services
• Victim Organization: olx kazakhstan
• Victim Site: olx.kz

3. Alleged unauthorized access to Mersin Akdeniz Endüstriyel Soğutma

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to a system in Turkey responsible for industrial cooling of refrigerated warehouses. The compromised system regulates temperature, humidity, and gas levels for the storage of fruits and vegetables in controlled environments.
• Date: 2025-10-08T23:35:57Z
• Network: telegram
• Published URL: (https://t.me/n2LP_wVf79c2YzM0/1867)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0b0cd071-2147-45e8-bbd4-7e970fb216b1.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Turkey
• Victim Industry: Industrial Automation
• Victim Organization: mersin akdeniz endüstriyel soğutma
• Victim Site: akdenizsogutmasanayi.com.tr

4. Industrial Chemicals Corporation (ICC) falls victim to Sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have exfiltrated approximately 380 GB of data from Industrial Chemicals Corporation, including financial data, confidential documents, and contractual information. They intend to publish it within 6-7 days
• Date: 2025-10-08T23:34:57Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6741c88b6823fa26927ce)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6e7e074c-8a65-4204-81c9-5739e80f055d.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Manufacturing
• Victim Organization: industrial chemicals corporation (icc)
• Victim Site: industrialchemcorp.com

— PAGE 2 —

5. Alleged data sale of FirstTwo

• Category: Data Breach
• Content: Threat actor claims to be selling leaked data from FirstTwo, USA. The compromised data reportedly contains 88.5 million records that includes names, numbers, address, date of birth.
• Date: 2025-10-08T21:52:12Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267839/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d944151b-30fc-4bdd-bffe-5ccb3636ae59.png
• Threat Actors: Neur0n
• Victim Country: USA
• Victim Industry: Public Safety
• Victim Organization: firsttwo
• Victim Site: firsttwo.com

6. Alleged sale of Credit Card data from Turkey

• Category: Data Breach
• Content: The threat actor claims to be selling Credit Card data from Turkey. The compromised data reportedly contains 2938 records that includes name, email, address, phone, town, etc.
• Date: 2025-10-08T21:35:57Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267834/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7a54c89a-4d9a-47d0-bfd0-365d3b2b8b67.png
• Threat Actors: Gualtieri
• Victim Country: Turkey
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

7. Alleged Data Breach of CORDIALITO

• Category: Data Breach
• Content: A threat actor claims to have leaked the data of CORDIALITO, a Venezuelan betting house. The compromised data reportedly contains 423,000 lines of records, including user IDs, personal information, account credentials, PINs, account types, birth dates, country, city, etc.
• Date: 2025-10-08T20:35:14Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-VENEZUELA-CORDIALITO-leaks-betting-house-423K-lines)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/cc0618f4-5555-4a18-9112-ea89ae3e0c22.png
• Threat Actors: malconguerra2
• Victim Country: Venezuela
• Victim Industry: Gambling & Casinos
• Victim Organization: cordialito
• Victim Site: cordialitos.com

8. Sun Fiber LLC falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 750 GB of organization’s data including Confidential, Financial data, Contracts, HR, etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T20:20:07Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e68b4688b6823fa26994ef)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/cb859622-72bb-4a66-a090-8d7b81a87c41.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Manufacturing
• Victim Organization: sun fiber llc
• Victim Site: sunfiberllc.com

9. RIGHT AT HOME CARE, LLC falls victim to sinobi ransomware

• Category: Ransomware
• Content: The group claims to have obtained 50 GB of organization’s data including Customer’s data, Contracts, etc.
• Date: 2025-10-08T20:19:49Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6736388b6823fa269247a)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/16ad62e9-b046-4a34-98d4-60850f9cc5bb.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: right at home care, llc
• Victim Site: rightathomecare.org

— PAGE 3 —

10. D. Wilson Construction Co. falls victim to sinobi ransomware

• Category: Ransomware
• Content: The group claims to have obtained 510 GB of organization’s data including Financial data, Customer’s data, Contracts, Incidents, etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T20:05:09Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e68ed188b6823fa269ab38)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a83d7317-c431-4167-a508-0c175a43e42f.png
  • https://d34iuop8pidsy8.cloudfront.net/c1edf0cd-f8ac-48b4-a44f-be4997a3b6fd.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: d. wilson construction co.
• Victim Site: dwilsonconstruction.com

11. Alleged Data sale of Redexis

• Category: Data Breach
• Content: The threat actor claims to be selling leaked data of Redexis. The compromised data reportedly contains around 755,000 unique customer records, including names, ID numbers, phone numbers, years of birth, and IBANs.
• Date: 2025-10-08T19:59:39Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-SPAIN-Redexis-Gas)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/58530a1b-7558-4429-9959-5a2ccfe3d326.png
• Threat Actors: dry
• Victim Country: Spain
• Victim Industry: Oil & Gas
• Victim Organization: redexis
• Victim Site: redexis.es

12. Alleged sale of full access to shop sites

• Category: Initial Access
• Content: Threat actor claims to be selling full access to shop sites.
• Date: 2025-10-08T19:59:23Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267824/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d802d024-39e0-45f2-ba9c-c4cb5f083408.png
  • https://d34iuop8pidsy8.cloudfront.net/66e271a9-5736-4f7b-bf5d-e7ddf9dfc3e5.png
• Threat Actors: APT_Hunter
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

13. Chek Tan and Company, LLP falls victim to RADAR group Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data and intends to publish it within 13-14 days.
• Date: 2025-10-08T19:47:54Z
• Network: tor
• Published URL: (http://3bnusfu2lgk5at43ceu7cdok5yv4gfbono2jv57ho74ucjvc7czirfid.onion/awaiting-publication)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9d3add8e-eca3-42d3-9f5d-9428d82bf564.png
  • https://d34iuop8pidsy8.cloudfront.net/e49ad4e8-77f0-40c6-9044-389f1efefd76.png
• Threat Actors: RADAR group
• Victim Country: USA
• Victim Industry: Accounting
• Victim Organization: chek tan and company, llp
• Victim Site: chektan.com

14. Ackermann Group falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 250 GB of organization’s data including Financial data, Customer’s data, Contracts, etc. They intend to publish it within 5-6 days.
• Date: 2025-10-08T19:41:54Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6765388b6823fa269314b)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/8bf44e91-67f2-4639-877c-378ac6294d50.png
• Threat Actors: Sinobi
• Victim Country: France
• Victim Industry: Wholesale
• Victim Organization: ackermann group
• Victim Site: groupeackermann.fr

— PAGE 4 —

15. Alleged data breach of MS Glow

• Category: Data Breach
• Content: The threat actor claims to have leaked a database belonging to MS Glow, an Indonesian skincare and beauty brand. The compromised data reportedly contains personal information of users from the MS Glow mobile application, including names, addresses, phone numbers, bank account details, ID card numbers (KTP), provinces, and cities. NB: The organization previously breached on September 27 2024
• Date: 2025-10-08T19:41:44Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-DATABASE-Data-Users-Member-Application-MS-Glow-Indonesian)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0f3cc18a-ddab-4a56-9fd5-c1542f1cf74b.png
• Threat Actors: TRexID
• Victim Country: Indonesia
• Victim Industry: Manufacturing
• Victim Organization: ms glow
• Victim Site: msglowid.com

16. Dakota Boys and Girls Ranch falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 150 GB of organization’s data including Confidential, Incidents, HR, etc. They intend to publish it within 5-6 days.
• Date: 2025-10-08T19:35:37Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e680e188b6823fa26963bf)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5694b59c-f7d7-4852-97dd-b46453250447.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Mental Health Care
• Victim Organization: dakota boys and girls ranch
• Victim Site: dakotaranch.org

17. The Catered Affair falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 120 GB of organization’s data including Customer’s data, Financial data, Incidents, etc. They intend to publish it within 5-6 days.
• Date: 2025-10-08T19:08:03Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6818588b6823fa26965b4)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6aad1888-778a-4421-83c2-c40d0744e5cd.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Food & Beverages
• Victim Organization: the catered affair
• Victim Site: thecateredaffair.com

18. Shape Corp. falls victim to Nova Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 55 GB of the organization’s data and intends to publish it within 13-14 days.
• Date: 2025-10-08T19:05:40Z
• Network: tor
• Published URL: (http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/bb57278e-1453-4831-b23b-b9dffa3e266d.png
• Threat Actors: Nova
• Victim Country: USA
• Victim Industry: Automotive
• Victim Organization: shape corp.
• Victim Site: shapecorp.com

19. Bohlsen Restaurant Group falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 700 Gb of organization’s data including Financial data, Contracts, HR data etc. They intend to publish it within 5-6 Hours.
• Date: 2025-10-08T18:53:31Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e684c488b6823fa2697650)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f6c43550-b9f3-457d-8d8d-ad2dce79ee6b.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Restaurants
• Victim Organization: bohlsen restaurant group
• Victim Site: brgroup.biz

— PAGE 5 —

20. Public Relations Society of America (PRSA) falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 800 GB of organization’s data including Confidential, Customer’s data, Financial data, Incidents, etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T18:51:52Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e685cf88b6823fa2697aba)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ad5d7a05-489f-4918-9681-993f76eff875.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Public Relations/PR
• Victim Organization: public relations society of america (prsa)
• Victim Site: prsa.org

21. Desert Plastering, LLC falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 740 GB of organization’s data including Confidential, Financial data, Contracts, Customer’s data etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T18:47:41Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6873d88b6823fa269821f)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/710d6158-b674-4b08-896b-5dbb46e4b230.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Building and construction
• Victim Organization: desert plastering, llc
• Victim Site: desertplastering.com

22. MTI America falls victim to sinobi ransomware

• Category: Ransomware
• Content: The group claims to have obtained 120 GB of organization’s data including Financial data, Customer’s data, Contracts, etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T18:40:09Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e68e3a88b6823fa269a6e1)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e371b934-bb23-400a-b731-fd53a051b911.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Hospital & Health Care
• Victim Organization: mti america
• Victim Site: mtiamerica.com

23. Alleged Sale of Access to 1000+ POS Machines

• Category: Initial Access
• Content: The threat actor claims to be selling RMM Admin Panels access to more than 1000 POS Machines from USA and UK.
• Date: 2025-10-08T18:26:49Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267817/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5a16e4f4-354d-4fc9-926a-088df2021cbd.png
• Threat Actors: nixploiter
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

24. Lashbrook falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data.
• Date: 2025-10-08T18:19:31Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e683eb88b6823fa269705d)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/aa686701-096d-4551-b7b6-2cde432b6524.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Wholesale
• Victim Organization: lashbrook
• Victim Site: lashbrookdesigns.com

— PAGE 6 —

25. Alleged sale of Driver License data from USA

• Category: Data Breach
• Content: The threat actor claims to be selling Driver License data from USA. The compromised data reportedly contain more than 9000 records.
• Date: 2025-10-08T18:10:58Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267816/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fbc01728-2291-43f9-a9dd-43de301c884b.png
  • https://d34iuop8pidsy8.cloudfront.net/d76d5ddc-d8c6-4464-8df4-d8ff1691a0dc.png
• Threat Actors: SinCity
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

26. Tibbetts Lumber Co. LLC falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 920 GB of organization’s data including Confidential, Financial data, Contracts, Customer’s data, etc. They intend to publish it within 7-8 days.
• Date: 2025-10-08T18:00:59Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6781d88b6823fa2693877)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/3a6167e8-2426-40f6-8d0d-d0fd8d41c94e.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: tibbetts lumber co. llc
• Victim Site: tibbettslumber.com

27. Cameron, Hodges, Coleman, LaPointe, & Wright, P.A. falls victim to Qilin Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 163.00 GB of the organization’s data. NB : The organization previously fell victim to Sarcoma Ransomware on July 01 2025 and RansomHub ransomware on July 16 2024
• Date: 2025-10-08T17:47:24Z
• Network: tor
• Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=dbcf7c18-46f5-3ac8-abaf-669f91a7b6d3)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/8c8904c8-99cd-4cb4-8932-68422edf5242.png
  • https://d34iuop8pidsy8.cloudfront.net/1bc4ae97-2a90-4887-a76d-549a900996cd.png
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: cameron, hodges, coleman, lapointe, & wright, p.a
• Victim Site: cameronhodges.com

28. Osland Financial Group falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 50 GB of organization’s data including Financial data, Customer’s data, etc.
• Date: 2025-10-08T17:37:01Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6714588b6823fa2691bb2)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7bfb50bd-22e3-48ac-a0ba-142ddce96b02.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: osland financial group
• Victim Site: oslandgroup.com

— PAGE 7 —

29. Alleged sale of shell access to PrestaShop in france

• Category: Initial Access
• Content: Threat actor claims to be selling shell access to PrestaShop in france.
• Date: 2025-10-08T17:36:16Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267809/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b1fb7dd3-39b9-4731-92a6-32c3170437c2.png
• Threat Actors: akr1t
• Victim Country: France
• Victim Industry: E-commerce & Online Stores
• Victim Organization: Unknown
• Victim Site: Unknown

30. Alleged Sale of access to unidentified Grocery Retail in USA

• Category: Initial Access
• Content: threat actor claims to be selling Fortinet VPN credentials and Domain Administrator access to a USA based grocery retail company.
• Date: 2025-10-08T17:17:15Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267802/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ea0c8931-e9e4-4fc1-a320-dbd16e6f3d16.png
• Threat Actors: Mark1777
• Victim Country: USA
• Victim Industry: Retail Industry
• Victim Organization: Unknown
• Victim Site: Unknown

31. ST. CATHERINE OF SIENA CATHOLIC CHURCH falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 30 GB of organization’s data including Incidents, Confidential data, etc.
• Date: 2025-10-08T17:07:27Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e671fa88b6823fa2691dac)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a55fa286-30b2-4e4d-80f7-155812f72219.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Religious Institutions
• Victim Organization: st. catherine of siena catholic church
• Victim Site: scswf.org

32. Alleged data leak of French Badminton Federation

• Category: Data Breach
• Content: Threat actor claims to have leaked data from French Badminton Federation. The compromised data reportedly contain 500,000 records of information including name, id, email, zip code, etc. NB: The organization was previously breached on september 07, 2025.
• Date: 2025-10-08T16:49:12Z
• Network: openweb
• Published URL: (https://leakbase.la/threads/ffbad-fftt.44231/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b9f207cb-5f3a-4a0d-877c-670739fe08ac.png
  • https://d34iuop8pidsy8.cloudfront.net/de6e32fd-7f0d-405a-8606-e89cd3436a2a.png
• Threat Actors: kenya
• Victim Country: France
• Victim Industry: Sports
• Victim Organization: french badminton federation
• Victim Site: ffbad.org

33. Termotasajero S.A. E.S.P. falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 200 GB of organization’s data including Confidential, Incidents, Financial data, Contracts, etc.
• Date: 2025-10-08T16:45:51Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e672a188b6823fa2692061)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5b800923-9cb3-4f15-90c1-a8d3d761e43e.png
• Threat Actors: Sinobi
• Victim Country: Colombia
• Victim Industry: Oil & Gas
• Victim Organization: termotasajero s.a. e.s.p.
• Victim Site: termotasajero.com.co

— PAGE 8 —

34. Alleged data breach of Bank Rakyat Indonesia

• Category: Data Breach
• Content: The threat actor claims to have leaked a customer database belonging to Bank Republik Indonesia Maluku customers.
• Date: 2025-10-08T16:25:03Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-DATABASE-BANK-REPUBLIK-INDONESIA-MALUKU-customers)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4b72cc28-1707-4889-aa23-b99d69bacaa9.png
• Threat Actors: Mr404Here
• Victim Country: Indonesia
• Victim Industry: Banking & Mortgage
• Victim Organization: bank rakyat indonesia
• Victim Site: bri.co.id

35. J B Brown & Sons falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 50 GB of organization’s data including Financial data, HR data, etc.
• Date: 2025-10-08T16:23:11Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e6752388b6823fa2692c3e)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a4232995-746a-46b7-beb6-4fafff131a95.png
• Threat Actors: Sinobi
• Victim Country: USA
• Victim Industry: Real Estate
• Victim Organization: j b brown & sons
• Victim Site: jbbrown.com

36. Alleged leak of Business information data from UK

• Category: Data Breach
• Content: The threat actor clam to be selling business information data from UK. The compromised data includes name, address, city, phone number, dob, etc.
• Date: 2025-10-08T16:19:04Z
• Network: openweb
• Published URL: (https://forum.exploit.in/topic/267799/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/67f21fcb-6e91-4845-92b8-115083a55f63.png
• Threat Actors: Ghost_devil
• Victim Country: UK
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

37. Tecnomarket Snc falls victim to sinobi Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 7.5 GB of organization’s data including Contracts, Financial data, etc.
• Date: 2025-10-08T16:08:41Z
• Network: tor
• Published URL: (http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/68e676ec88b6823fa26933a5)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/27a57a69-6068-4f3a-8152-ad3a81fab7af.png
• Threat Actors: Sinobi
• Victim Country: Italy
• Victim Industry: Restaurants
• Victim Organization: tecnomarket snc
• Victim Site: tecnomarketrubiera.it

38. Alleged data breach of Verizon

• Category: Data Breach
• Content: Threat actor claims to have leaked data of E-UTRAN networking project related to Verizon, USA. The compromised data reportedly contains telephone number, utran-cell-id-3gpp, RSSI, TP, etc.
• Date: 2025-10-08T15:59:15Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1408)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5d62c0d5-a553-4b29-ae97-0b2e588c7c73.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: USA
• Victim Industry: Network & Telecommunications
• Victim Organization: verizon
• Victim Site: verizon.com

— PAGE 9 —

39. Alleged data breach of True Corporation Public Company Limited

• Category: Data Breach
• Content: Threat actor claims to have leaked data from true.th and dtac.co.th, operated by True Corporation Public Company Limited, a telecom-tech company based in Thailand. The compromised data reportedly contains ID, name, phone number, email address, etc.
• Date: 2025-10-08T15:36:53Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1413)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/1ae6b868-42af-494b-8983-f595b543b022.png
  • https://d34iuop8pidsy8.cloudfront.net/7d6b64ac-4a1b-4aa2-b303-ce7ae6c3f355.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: Thailand
• Victim Industry: Network & Telecommunications
• Victim Organization: true corporation public company limited
• Victim Site: true.th

40. VIM Technologies Inc. falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data. The compromised data includes corporate documents, Customer information, partners files, projects, contracts and agreements, employee files, NDA, etc.
• Date: 2025-10-08T15:36:18Z
• Network: tor
• Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fd88c1cb-4908-40bf-bcca-6d1c30a00cd8.png
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Environmental Services
• Victim Organization: vim technologies inc.
• Victim Site: vimtechnologies.com

41. Alleged data breach of True Corporation

• Category: Data Breach
• Content: Threat actor claims to have leaked data from True Corporation, telecom-tech company based in Thailand. The compromised data reportedly contains ID, name, phone number, email address, etc.
• Date: 2025-10-08T15:28:49Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1413)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/1ae6b868-42af-494b-8983-f595b543b022.png
  • https://d34iuop8pidsy8.cloudfront.net/7d6b64ac-4a1b-4aa2-b303-ce7ae6c3f355.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: Thailand
• Victim Industry: Network & Telecommunications
• Victim Organization: true corporation
• Victim Site: true.th

42. Hoyer Law Group, PLLC falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data. The compromised data includes corporate documents. Customer personal documents, employee files (w4 complete forms, SSNs, phones, addresses and so on), project information, medical reports, police reports, and other confidential documents, NDAs, etc.
• Date: 2025-10-08T15:28:23Z
• Network: tor
• Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/527ff961-fecd-438e-aa71-5f050388fdb8.png
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: hoyer law group, pllc
• Victim Site: “hoyerlawgroup.com”

— PAGE 10 —

43. Alleged data leak of Lyca Mobile

• Category: Data Breach
• Content: Threat actor claims to have leaked data from Lyca Mobile, France. The compromised data reportedly contains ID, email, IP address, phone number, user UUID, etc.
• Date: 2025-10-08T15:07:02Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1405)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/99717168-ce61-4769-889f-f16b359c777a.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: France
• Victim Industry: Network & Telecommunications
• Victim Organization: lyca mobile
• Victim Site: lycamobile.fr

44. IFPC Worldwide falls victim to INTERLOCK Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 126 GB of data from the organization, comprising over 32,531 files stored across nearly 4,916 folders.
• Date: 2025-10-08T14:32:22Z
• Network: tor
• Published URL: (http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6d591dbe-611c-4109-a9b7-d89277c779d9.png
  • https://d34iuop8pidsy8.cloudfront.net/5a5f8c5d-f1a8-4d2b-a541-2ffa571bd710.png
• Threat Actors: INTERLOCK
• Victim Country: USA
• Victim Industry: Security & Investigations
• Victim Organization: ifpc worldwide, inc.
• Victim Site: ifpcworldwide.com

45. Alleged sale of 100k leads of Indian Doctors

• Category: Data Breach
• Content: The group claims to be selling a large dataset allegedly containing personal and professional information for approximately 100,000 Indian doctors, including id, unique_id, UIN, name, specialty, qualification, email address, mobile number, and city.
• Date: 2025-10-08T14:29:26Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-IN-Doctors-database)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/51d7b7bd-106e-4bd3-9b8b-1c82fe8b99f0.png
• Threat Actors: Yrrrr
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

46. Alleged Access Sale to Argentine Government Systems

• Category: Initial Access
• Content: The threat actor claims to be selling unauthorized access to a system allegedly belonging to the Argentine government. The leaked access reportedly includes MySQL 5.7.36 credentials, database dumps, and a PHP web shell.
• Date: 2025-10-08T14:10:57Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Argentine-Government)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c5d381b0-39e3-4257-980d-2b527ebfe7fd.png
• Threat Actors: Near
• Victim Country: Argentina
• Victim Industry: Government Administration
• Victim Organization: government of argentina
• Victim Site: argentina.gob.ar

47. HEZI RASH claims to target multiple countries

• Category: Alert
• Content: A recent post by the group indicates they are targeting Turkey, Iraq, Armenia and Germany
• Date: 2025-10-08T14:02:34Z
• Network: telegram
• Published URL: (https://t.me/hezirash/1818)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/95a2d33b-67ae-4085-8420-5b696e47ffdf.png
• Threat Actors: HEZI RASH
• Victim Country: Turkey
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

— PAGE 11 —

48. Alleged data leak of Kuwait Airways

• Category: Data Breach
• Content: The threat actor claims to have leaked the data of Kuwait Airways, The compromised data includes member title, full name, member status, martial status, job title, birth date etc. NB: This breach was previously done by SkeltonCrew from the xss forum, we reported it on Mar 24, 2024. FalconFeeds: https://dash.falconfeeds.io/threat-feed/posts/POST-2981212D098C7755
• Date: 2025-10-08T13:46:33Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1392)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/722f981b-8eb8-41eb-8f8d-c846ea822913.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: Kuwait
• Victim Industry: Airlines & Aviation
• Victim Organization: kuwait airways
• Victim Site: kuwaitairways.com

49. Alleged database sale of Hinds County Government, USA

• Category: Data Breach
• Content: The threat actor claims to be selling a database and unauthorized access allegedly belonging to Hinds County, Mississippi, USA. The leaked data reportedly includes various internal records, session IDs, and payment-related tables.
• Date: 2025-10-08T13:33:59Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Hinds-County-Mississippi-USA-hindscountyms-com)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/5e31d866-c04f-4dfc-b4a3-12bd448baa23.png
• Threat Actors: krekti
• Victim Country: USA
• Victim Industry: Government Administration
• Victim Organization: hinds county government
• Victim Site: hindscountyms.com

50. St. Peter O’Brien Law Offices, P.C. falls victim to Akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 188GB of corporate data from St. Peter O’Brien Law Offices, P.C., including personal information of employees such as driver’s licenses, financial records, and other documents, as well as client data containing driver’s licenses, Social Security numbers, credit card and payment details, medical records, project information, financial and accounting data, NDAs, and other sensitive files.
• Date: 2025-10-08T13:25:57Z
• Network: tor
• Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4d31c3ea-62c3-48d8-9bb4-4fe8ec914d89.png
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: st. peter o’brien law offices, p.c.
• Victim Site: stplawoffices.com

51. Alleged sale of Dell customer and product data

• Category: Data Breach
• Content: The group claims to be selling a large dataset allegedly containing Dell customer and product information, including warranty details, serial numbers, and purchase records for millions of devices such as monitors, notebooks, desktops, and servers.
• Date: 2025-10-08T13:23:04Z
• Network: telegram
• Published URL: (https://t.me/andrewfedman/1389)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/322bc0b6-a273-4e39-8428-4d3f32394120.png
• Threat Actors: Scattered LAPSUS$ Hunters
• Victim Country: USA
• Victim Industry: Information Technology (IT) Services
• Victim Organization: dell inc.
• Victim Site: dell.com

— PAGE 12 —

52. Alleged sale of Indonesian Credential Data

• Category: Data Breach
• Content: The group claims to have selling complete SQL data containing Indonesian user credentials. The data includes sensitive fields such as id_student,name, email,semester_id, status_study,photo etc.
• Date: 2025-10-08T13:15:50Z
• Network: telegram
• Published URL: (https://t.me/chipercoreteam01/8)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c6e6a1eb-3526-4c66-849d-9cf8fb8fdb26.JPG
• Threat Actors: CipherCore Team
• Victim Country: Indonesia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

53. Alleged Sale of Fox RAT v6.0 Android Malware Tool

• Category: Malware
• Content: The threat actor claims to be selling a sophisticated Android Remote Access Trojan called Fox RAT v6.0, which allegedly provides unauthorized remote control and persistent surveillance of infected devices — including access to contacts, call/SMS logs, device identifiers (IMEI), file management, keylogging, camera/microphone streaming, APK installation, clipboard theft, and remote command execution — and is advertised to spread via phishing or trojanized apps.
• Date: 2025-10-08T13:13:49Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Fox-RAT-V-6-0)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/d00ce02d-6910-474d-856d-b2a776f88ac7.png
• Threat Actors: dimexor4381
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

54. DataStream Content Solutions falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained corporate data from DataStream Content Solutions, including customer files, project information, and other sensitive documents.
• Date: 2025-10-08T13:05:30Z
• Network: tor
• Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/0c000993-5c2d-4452-b3cb-3a64b1bde5b0.jpg
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Information Technology (IT) Services
• Victim Organization: datastream content solutions
• Victim Site: dscs.com

55. Wind alliance targets the website of AquaService

• Category: Defacement
• Content: The group claims to have deface the website of AquaService
• Date: 2025-10-08T12:57:33Z
• Network: telegram
• Published URL: (https://t.me/c/2619773723/3108)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/dc1933a8-e0ff-4b31-9772-a8aaef65b5d5.png
• Threat Actors: Wind alliance
• Victim Country: Ukraine
• Victim Industry: Retail Industry
• Victim Organization: aquaservice
• Victim Site: aquaservice.od.ua

— PAGE 13 —

56. Alleged data breach of Sarva Haryana Gramin Bank

• Category: Data Breach
• Content: The threat actor claims to have leaked MySQL data from Sarva Haryana Gramin Bank, allegedly containing employee and client data and more.
• Date: 2025-10-08T12:46:01Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Sarva-Haryana-Gramin-Bank-Database)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f88cec9e-11bd-4bda-b89d-fa615e8ae119.png
• Threat Actors: ByteToBreach
• Victim Country: India
• Victim Industry: Banking & Mortgage
• Victim Organization: sarva haryana gramin bank
• Victim Site: shgb.co.in

57. Alleged data leak of appel.com

• Category: Data Breach
• Content: The threat actor claims to be leaked data from apple.com.
• Date: 2025-10-08T12:37:10Z
• Network: openweb
• Published URL: (https://leakbase.la/threads/appel-com-2020-7kk.44222/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ff2111ee-1c32-4b7e-b868-0136a8f47213.png
• Threat Actors: 999hpbugatti
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: appel.com

58. Alleged data leak of Russian confidential documents

• Category: Data Breach
• Content: The threat actor claims to be selling a highly confidential document related to Russia’s Kinzhal hypersonic missile system. The document allegedly contains sensitive operational and maintenance procedures for the missile, including pre-launch protocols, in-flight operations, and post-mission guidelines. It also details the missile’s integration with various aircraft platforms, without disclosing specific performance data.
• Date: 2025-10-08T12:35:02Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-Highly-Confidential-Russian-Missile-Kh-47M2-Kinzhal-System-Operation-Document)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fedf44b3-6634-4470-b54b-da25244a5b53.png
• Threat Actors: A1HM27
• Victim Country: Russia
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

59. Cerenade falls victim to akira Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 100 GB corporate data from Cerenade Technology, including scanned client documents such as passports, visas and documents from India, USA, Mexico, Middle East countries, Japan and other countries around the globe.
• Date: 2025-10-08T12:11:58Z
• Network: tor
• Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/e7107fc0-43fd-4641-8a1a-66d2c2d25f90.png
• Threat Actors: akira
• Victim Country: USA
• Victim Industry: Software Development
• Victim Organization: cerenade
• Victim Site: cerenade.com

— PAGE 14 —

60. Carey D. Ebert, Chapter 13 Trustee falls victim to INC Ransom Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 150 GB of organization’s data and plans to publish it within 1 day.
• Date: 2025-10-08T12:09:13Z
• Network: tor
• Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68defd0dfa0b6f4bdfb76a48)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a793b0c2-1aba-4a9d-b503-9cfa36b16d5d.png
  • https://d34iuop8pidsy8.cloudfront.net/37621b58-f976-418b-b465-83dba04ee7cd.png
• Threat Actors: INC RANSOM
• Victim Country: USA
• Victim Industry: Financial Services
• Victim Organization: carey d. ebert, chapter 13 trustee
• Victim Site: planoch13.com

61. Charter Industrial Supply falls victim to Sarcoma Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 440 GB of organization’s data and plans to publish it within the next 6-7 days. Update: On October 08 2025, they revealed the full domain name and samples of 64 GB of data.
• Date: 2025-10-08T10:35:09Z
• Network: tor
• Published URL: (http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9b5985a4-9ba8-4b82-bd42-56b92c479940.png
  • https://d34iuop8pidsy8.cloudfront.net/1dd6d697-46c5-4e32-9753-2b2e0b6b1c71.png
  • https://d34iuop8pidsy8.cloudfront.net/b8f9a991-7c7e-432a-8b12-b2ed26107f49.png
  • https://d34iuop8pidsy8.cloudfront.net/9989100c-e9a7-467e-af15-04ded991e6a4.png
  • https://d34iuop8pidsy8.cloudfront.net/9c466764-165d-4286-9cba-73609fbcd13b.png
  • https://d34iuop8pidsy8.cloudfront.net/9a63bac1-c470-4361-90cc-75ccdf58880e.png
  • https://d34iuop8pidsy8.cloudfront.net/e55f612d-aa2c-4924-b322-0c96ab8f1b28.jpeg
  • https://d34iuop8pidsy8.cloudfront.net/dc37b578-6c77-4370-a408-5b9c8bfdc497.jpeg
• Threat Actors: Sarcoma
• Victim Country: USA
• Victim Industry: Wholesale
• Victim Organization: charter industrial supply
• Victim Site: charterindustrial.com

62. Linxx Global Solutions falls victim to Payouts King Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 1.1 TB of the organization’s data and intends to publish it within 6 to 7 days. Update: On October 08 2025, they revealed the full domain name and samples of 1.1 TB of data.
• Date: 2025-10-08T10:34:33Z
• Network: tor
• Published URL: (https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fc09a37b-ef19-4276-9aa8-b4674f79eaac.png
  • https://d34iuop8pidsy8.cloudfront.net/842115ab-296c-48a2-8339-50127913e455.png
• Threat Actors: Payouts King
• Victim Country: USA
• Victim Industry: Security & Investigations
• Victim Organization: linxx global solutions
• Victim Site: linxxglobal.com

— PAGE 15 —

63. Shit Alliance claims to target Germany

• Category: Alert
• Content: A recent post by the group indicates they are targeting Germany.
• Date: 2025-10-08T10:21:37Z
• Network: telegram
• Published URL: (https://t.me/c/2958462092/34)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9a7793cb-2487-439d-9fa6-ef85c533f5df.JPG
• Threat Actors: Shit Alliance
• Victim Country: Germany
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

64. Alleged data breach of DBGov

• Category: Data Breach
• Content: The group claims to have obtained database of DBGov.
• Date: 2025-10-08T10:16:18Z
• Network: telegram
• Published URL: (https://t.me/c/2958462092/29)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/c5837a52-03a7-40ce-ad59-bfa7d1757364.JPG
• Threat Actors: Shit Alliance
• Victim Country: Germany
• Victim Industry: Government & Public Sector
• Victim Organization: dbgov
• Victim Site: ggm.dbgov.de

65. Kryptos Ransomware group adds an unknown victim ( mea*****.com)

• Category: Ransomware
• Content: The group claims to have obtained organization data and intends to publish it within 10-11 days.
• Date: 2025-10-08T10:04:38Z
• Network: tor
• Published URL: (http://kryptospnjzz7vfkr663bnqv3dxirmr3svo5zwq7cvu2wdfngujgknyd.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/452dbe99-0939-4309-b4d9-168a49c7049b.jpg
• Threat Actors: Kryptos
• Victim Country: USA
• Victim Industry: Architecture & Planning
• Victim Organization: Unknown
• Victim Site: Unknown

66. Alleged data sale of PT Bank Danamon Indonesia Tbk

• Category: Data Breach
• Content: The group claims to have selling 20K database of PT Bank Danamon Indonesia Tbk.
• Date: 2025-10-08T09:50:36Z
• Network: telegram
• Published URL: (https://t.me/c/2702757113/541)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/fc888508-abcd-4266-aca6-fcb7663333cb.JPG
• Threat Actors: Night Owll
• Victim Country: Indonesia
• Victim Industry: Banking & Mortgage
• Victim Organization: pt bank danamon indonesia tbk
• Victim Site: danamon.co.id

67. Cofiex Asesoria De Empresas Sl falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 68.25 GB of the organization data.
• Date: 2025-10-08T08:58:01Z
• Network: tor
• Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a693376f-1053-4f58-96aa-dc9dd6d1ab65.png
  • https://d34iuop8pidsy8.cloudfront.net/ce76fcc3-ddae-4659-92de-91bba6f08b0a.png
• Threat Actors: DragonForce
• Victim Country: Spain
• Victim Industry: Professional Services
• Victim Organization: cofiex asesoria de empresas sl.
• Victim Site: cofiex.es

— PAGE 16 —

68. Grupo Serex falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 110.82 GB of the organization data.
• Date: 2025-10-08T08:45:32Z
• Network: tor
• Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/f42f24ff-37a4-4cf0-987a-e270420fb68b.jpg
• Threat Actors: DragonForce
• Victim Country: Guatemala
• Victim Industry: Architecture & Planning
• Victim Organization: grupo serex
• Victim Site: gruposerex.com

69. ClawSec Team claims to target multiple countries

• Category: Alert
• Content: A recent post by the group indicates that they are targeting multiple countries, such as India, Romania, Israel, Germany, Poland, Brazil.
• Date: 2025-10-08T08:43:53Z
• Network: telegram
• Published URL: (https://t.me/ClawSecTeam/62)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4d3f2e79-9e00-4e4d-be84-97bf58cc99bd.png
• Threat Actors: ClawSec Team
• Victim Country: India
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

70. AllgäuStern Hotel falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 12.73 GB of the organization data.
• Date: 2025-10-08T08:15:28Z
• Network: tor
• Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/10e9fc34-492a-41f5-8b52-04b35a250baa.png
• Threat Actors: DragonForce
• Victim Country: Germany
• Victim Industry: Hospitality & Tourism
• Victim Organization: allgäusternhotel
• Victim Site: allgaeustern.de

71. Vanan Services falls victim to Kill Security Ransomware

• Category: Ransomware
• Content: The group claims to have obtained organization’s data and plans to publish it within 5-6 days. Sample screenshots are provided in their dark web portal.
• Date: 2025-10-08T08:13:01Z
• Network: tor
• Published URL: (http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/?view=BTnGq2jhqB7xNEXgZIzfvxq5)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/2f274eed-ce1d-4e12-ab96-9e87f325bd9f.jpg
  • https://d34iuop8pidsy8.cloudfront.net/e4178cf7-4a90-4bc8-beca-ff32ec30650e.jpg
  • https://d34iuop8pidsy8.cloudfront.net/518f53c3-999d-40b9-8cf8-e306a393f319.jpg
• Threat Actors: Kill Security
• Victim Country: USA
• Victim Industry: Translation & Localization
• Victim Organization: vanan services, inc.
• Victim Site: vananservices.com

— PAGE 17 —

72. LC Informatique Sàrl falls victim to DragonForce Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 1.46GB of the organization data.
• Date: 2025-10-08T08:10:53Z
• Network: tor
• Published URL: (http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/b3608538-6118-437a-a833-521269ff1b0d.png
• Threat Actors: DragonForce
• Victim Country: Switzerland
• Victim Industry: Information Technology (IT) Services
• Victim Organization: lc informatique sàrl
• Victim Site: lc-informatique.ch

73. Kill Security Ransomware group adds an unknown victim (•••yc•• •o••• C••••o)

• Category: Ransomware
• Content: The group claims to have obtained the organization’s data and intends to publish it within 3–4 days.
• Date: 2025-10-08T07:44:37Z
• Network: tor
• Published URL: (http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/?view=sUWk5NS5NGlfndp5iPn4WD7E)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ab89b917-1ac9-4833-b67d-b40182fc6a72.png
  • https://d34iuop8pidsy8.cloudfront.net/0498c1ed-ba18-424e-88eb-81aa896c3594.png
• Threat Actors: Kill Security
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

74. Alleged data breach of Now Book It

• Category: Data Breach
• Content: A threat actor claims to have leaked data from Now Book It, a booking platform used in Australia and New Zealand. The breach allegedly includes over 10.7 million records, with millions of unique emails and phone numbers, along with sensitive personal details.
• Date: 2025-10-08T05:27:39Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-5kk-Now-Book-It-AU-NZ)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ec24e9e8-97df-445d-9f01-5ecdf57f5124.png
• Threat Actors: Trezor
• Victim Country: Australia
• Victim Industry: Hospitality & Tourism
• Victim Organization: now book it
• Victim Site: nowbookit.com

75. INDOHAXSEC claims to target Israeli Websites

• Category: Alert
• Content: A recent post by the group indicates that they are targeting Israeli websites using multiple servers for their operations.
• Date: 2025-10-08T05:19:47Z
• Network: telegram
• Published URL: (https://t.me/INDOHAXSEC/39)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/35bce502-71ae-4e10-8ef7-9d6ee59bcdb0.png
• Threat Actors: INDOHAXSEC
• Victim Country: Israel
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

— PAGE 18 —

76. Alleged data sale of Kuwait Ministry of Public Works

• Category: Data Breach
• Content: Threat actor claims to be selling data from the Kuwait Ministry of Public Works (MPW). The compromised data includes 12 TB dump (1,643,432 files in 226,731 folders) dated October 2025.
• Date: 2025-10-08T03:41:03Z
• Network: openweb
• Published URL: (https://darkforums.st/Thread-Selling-%F0%9F%87%B0%F0%9F%87%BC-KUWAIT-Ministry-of-Public-Works-MPW-Breach-12-TB)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/4e56d6ff-3a4e-4ea6-8834-b367287cef20.png
  • https://d34iuop8pidsy8.cloudfront.net/06bf47e6-0483-42d9-b471-20f3fd51dada.png
• Threat Actors: Kazu
• Victim Country: Kuwait
• Victim Industry: Government Administration
• Victim Organization: kuwait ministry of public works
• Victim Site: mpw.gov.kw

77. Alleged gain of access to Maejo University

• Category: Initial Access
• Content: The group claims to have gained access to Maejo University.
• Date: 2025-10-08T03:34:30Z
• Network: telegram
• Published URL: (https://t.me/NigthCrawlerX/997)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/a4c05473-e79b-4c6a-b189-d0640ed0227a.png
• Threat Actors: NightCrawlerX
• Victim Country: Thailand
• Victim Industry: Education
• Victim Organization: maejo university
• Victim Site: reg3.mju.ac.th

78. Alleged data leak of Banjarnegara of Indonesia

• Category: Data Breach
• Content: The threat actor claims to have leaked data from Banjarnegara of Indonesia. which includes: ID, PN, NIK, NIP, name, post/position, work unit, sub-unit, agency name, NHK, field, number of reports, mobile number, email account, status, WL year, WL type, report status, report date, submission date, LHKPN status, and post status.
• Date: 2025-10-08T03:26:24Z
• Network: openweb
• Published URL: (https://breachsta.rs/topic/data-rekap-banjarnegaradownload-e3j8m19j4)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/6ac94e95-a535-4146-964a-b108ec948e26.jpeg
• Threat Actors: NIGHTBREAKER403
• Victim Country: Indonesia
• Victim Industry: Government Administration
• Victim Organization: banjarnegara regency government
• Victim Site: banjarnegarakab.go.id

79. Alleged unauthorized access to Lucky Investments company

• Category: Initial Access
• Content: The group claims to have gained unauthorized access to a Lucky Investments company. The internal server contains client data, investment data, and financial information.
• Date: 2025-10-08T02:57:42Z
• Network: telegram
• Published URL: (https://t.me/n2LP_wVf79c2YzM0/1864)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/9fdff229-2d22-4ab2-847a-428e3d787017.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Pakistan
• Victim Industry: Financial Services
• Victim Organization: lucky investments company
• Victim Site: luckyinvestments.com.pk

— PAGE 19 —

80. Alleged data leak of multiple domains in france

• Category: Data Breach
• Content: The threat actor claims to be leaking databases containing account credentials for multiple French services and domains.
• Date: 2025-10-08T02:22:09Z
• Network: openweb
• Published URL: (https://leakbase.la/threads/french-db.44208/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/ff4373ee-46e1-4108-8376-281777a7ea4c.png
• Threat Actors: qlfclre
• Victim Country: France
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

81. Acuna Fombona falls victim to Space Bears Ransomware

• Category: Ransomware
• Content: The group claims to have obtained the organization data that includes Personal information of employees and clients Financial documents etc. They intend to publish the data within 6-7 days,
• Date: 2025-10-08T02:17:30Z
• Network: tor
• Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/)
• Screenshots:
  • https://d34iuop8pidsy8.cloudfront.net/7e225a86-4dee-4d29-9cea-43d32cb719ce.png
• Threat Actors: Space Bears
• Victim Country: Spain
• Victim Industry: Medical Equipment Manufacturing
• Victim Organization: acuna fombona
• Victim Site: acuna-fombona.com

— PAGE 20 —

Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats, encompassing Ransomware, Data Breaches, Initial Access sales, Malware distribution, and Defacement attacks. Ransomware attacks, notably by the Sinobi group (with 12 distinct victims), constituted a significant portion of the activity, primarily affecting US-based organizations across diverse sectors like Manufacturing, Construction, and Health Care, with data volumes ranging from a few GB up to 920 GB. The akira and DragonForce groups also demonstrated active operations, hitting Law, IT, and Financial sectors.

Data Breaches were prominent, with high-volume leaks impacting Discord (2.3 billion logs), FirstTwo (88.5 million records), and Now Book It (10.7 million records). Geographically, the USA, France, and Indonesia were frequently targeted.

Initial Access remains a marketable commodity, with threat actors selling access to government systems (Argentina), retail infrastructure (POS Machines, Fortinet VPN/Domain Admin), and academic networks (Maejo University).

These incidents collectively underscore the critical and ongoing nature of cyber threats across multiple sectors and geographies, demanding a continuous focus o