This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Tonga Power Limited (TPL) falls victim to INC Ransom Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 97GB of organization’s data.
- Date: 2025-10-09T23:47:36Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68e83ea6fa0b6f4bdf39ab61)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Tonga
- Victim Industry: Energy & Utilities
- Victim Organization: tonga power limited (tpl)
- Victim Site: tongapower.to
2. NextGen Mold Technologies Inc. falls victim to INC Ransom Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 350 GB of organization’s data.
- Date: 2025-10-09T23:43:54Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68e843d9fa0b6f4bdf39f7f8)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: Canada
- Victim Industry: Manufacturing
- Victim Organization: nextgen mold technologies inc.
- Victim Site: nextgenmold.com
3. Alleged leak of admin access to an BitCoin PayPal Protection Program
- Category: Initial Access
- Content: The group claims to have gained unauthorized administrator access to the BitCoin PayPal Protection Program Version V1.2, including credentials and a wallet address, allowing control over the Email Portal, Database Manager, Backup System, and Task Scheduler, with the internal system containing client data, investment data, and financial information.
- Date: 2025-10-09T23:42:12Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1880)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
4. Georgetown Brewing Company falls victim to INC Ransom Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-09T23:33:43Z
- Network: tor
- Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68e841defa0b6f4bdf39d9cd)
- Screenshots:
- Threat Actors: INC RANSOM
- Victim Country: USA
- Victim Industry: Food & Beverages
- Victim Organization: georgetown brewing company
- Victim Site: georgetownbeer.com
5. Alleged sale of access to unidentified construction company from Kuwait
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized user level NAS server access to an unidentified construction company based in Kuwait. The compromised website reportedly have 4,033,426 files , and 37.18 TB of data and more than 12,000 employees.
- Date: 2025-10-09T22:13:00Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Kuwait-private-NAS-Server-Access-%E2%80%93-37-TB)
- Screenshots:
- Threat Actors: Kazu
- Victim Country: Kuwait
- Victim Industry: Building and construction
- Victim Organization: Unknown
- Victim Site: Unknown
6. Alleged data breach of Action Currency
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from Action Currency, a site that sells collectible currency. The compromised data reportedly contains more than 10,000 unique customers, 40,000 records for every transaction they have had between 2011 and 2025.
- Date: 2025-10-09T22:04:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-actioncurrency-com-40K-USA-Records-Name-Email-Address)
- Screenshots:
- Threat Actors: gray
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: action currency
- Victim Site: actioncurrency.com
7. Uvalde CISD falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Personal data of employees, financial information, and personal data of students, etc.
- Date: 2025-10-09T22:03:22Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=bf3ffe79-8ab7-38c6-8d7d-247d60fbff90)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Education
- Victim Organization: uvalde cisd
- Victim Site: ucisd.net
8. INDOHAXSEC targets the website of Doctor Fitness
- Category: Defacement
- Content: The group claims to have deface the website of Doctor Fitness.
- Date: 2025-10-09T21:26:04Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/46)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Israel
- Victim Industry: Health & Fitness
- Victim Organization: doctor fitness
- Victim Site: doctor-fitness.co.il
9. EBA Engineering, Inc. falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 450 GB of the organization’s data.
- Date: 2025-10-09T20:51:25Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/OVsE8XTrZxDuO2GaH6AbnrdTxK2EUqM2/ebaengineering-com)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Civil Engineering
- Victim Organization: eba engineering, inc.
- Victim Site: ebaengineering.com
10. MSS Solutions, LLC falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 200 GB of the organization’s data.
- Date: 2025-10-09T20:39:18Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/mQZlIJ5H99x7bu7x0pUtErKLOrVcgQ9r/www-msssolutions-com)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: mss solutions, llc
- Victim Site: msssolutions.com
11. Alleged sale of fullz data
- Category: Data Breach
- Content: The threat actor claims to be selling full personal-identity packages (“fullz”) for individuals born between 2000 and 2005.
- Date: 2025-10-09T20:16:54Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267905/)
- Screenshots:
- Threat Actors: Shadowland
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
12. Black Rabbit targets the website of Telangana State Portal
- Category: Defacement
- Content: Group claims to have take down the website of Telangana State Portal.
- Date: 2025-10-09T19:23:36Z
- Network: openweb
- Published URL: (https://zone-xsec.com/mirror/id/750330)
- Screenshots:
- Threat Actors: Black Rabbit
- Victim Country: India
- Victim Industry: Government & Public Sector
- Victim Organization: telangana state portal
- Victim Site: dgts.telangana.gov.in//application/lol.php
13. Accelerated, Inc. falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information and etc. They intends to publish it within 3-4 days.
- Date: 2025-10-09T19:07:40Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=4tCgfb4owfQ8G)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Transportation & Logistics
- Victim Organization: accelerated, inc.
- Victim Site: acceleratedusa.net
14. NOTRASEC TEAM targets the website technomehdi.com
- Category: Defacement
- Content: The group claims to have deface the website technomehdi.com .
- Date: 2025-10-09T19:02:42Z
- Network: telegram
- Published URL: (https://t.me/c/2622575053/156)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: technomehdi.com
15. NOTRASEC TEAM targets the website of Madrasatii
- Category: Defacement
- Content: The group claims to have deface the website of Madrasatii.
- Date: 2025-10-09T18:57:49Z
- Network: telegram
- Published URL: (https://t.me/c/2622575053/156)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Algeria
- Victim Industry: Education
- Victim Organization: madrasatii
- Victim Site: madrasatii.com
16. NOTRASEC TEAM targets the website groupesosim.com
- Category: Defacement
- Content: The group claims to deface the website groupesosim.com.
- Date: 2025-10-09T18:52:32Z
- Network: telegram
- Published URL: (https://t.me/c/2622575053/156)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: groupesosim.com
17. NOTRASEC TEAM targets the website amrichauffe.com
- Category: Defacement
- Content: The group claims to have take down the website amrichauffe.com.
- Date: 2025-10-09T18:51:33Z
- Network: telegram
- Published URL: (https://t.me/c/2622575053/156)
- Screenshots:
- Threat Actors: NOTRASEC TEAM
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: amrichauffe.com
18. Elmer W. Davis, Inc. falls victim to PLAY Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data. The compromised data includes Private and personal confidential data, clients documents, budget, payroll, accounting, taxes, IDs, finance information and etc. They intends to publish it within 3-4 days.
- Date: 2025-10-09T18:48:43Z
- Network: tor
- Published URL: (http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion/topic.php?id=ZxdUSlMvUrr6CM)
- Screenshots:
- Threat Actors: PLAY
- Victim Country: USA
- Victim Industry: Building and construction
- Victim Organization: elmer w. davis, inc.
- Victim Site: elmerdavis.com
19. Alleged data sale of V-comp
- Category: Data Breach
- Content: Threat actor claims to be selling leaked database from V-comp, Ukraine. The compromised data reportedly contains over 22,270 records including name, phone, email, date, price, msg, and delivery.
- Date: 2025-10-09T18:41:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-2-in-1-Ukraine-Database-Pack)
- Screenshots:
- Threat Actors: Rothmans
- Victim Country: Ukraine
- Victim Industry: Information Technology (IT) Services
- Victim Organization: v-comp
- Victim Site: v-comp.ua
20. Alleged sale of Nigerian Navy leaked Documents
- Category: Data Breach
- Content: The threat actor claims to be selling leaked documents from Nigerian Navy,
- Date: 2025-10-09T18:37:32Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%A7%9F%E2%80%8D%E2%99%82%EF%B8%8F-TOP-SECRET-Nigerian-Navy-Documents-%F0%9F%A7%9F%E2%80%8D%E2%99%82%EF%B8%8F)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: Nigeria
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
21. Alleged data sale of 7dreamsport
- Category: Data Breach
- Content: Threat actor claims to be selling leaked database from 7dreamsport, Ukraine. The compromised data reportedly contains more than 32,600 records including email, name, and phone.
- Date: 2025-10-09T18:23:26Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-2-in-1-Ukraine-Database-Pack)
- Screenshots:
- Threat Actors: Rothmans
- Victim Country: Ukraine
- Victim Industry: E-commerce & Online Stores
- Victim Organization: 7dreamsport
- Victim Site: 7dreamsport.ua
22. Alleged sale of US Military Leaked Documents
- Category: Data Breach
- Content: Threat actor claims to be selling leaked documents from US Military.
- Date: 2025-10-09T18:19:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-%F0%9F%8E%83-TOP-SECRET-US-MILITARY-LEAKED-DOCUMENTS-%F0%9F%A7%9B)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
23. Alleged data sale of Accordbank
- Category: Data Breach
- Content: Threat actor claims to be selling leaked database from Accord Bank, Ukraine. The compromised data reportedly contains over 114,000 records including full name, INN, phone, email, address, passport, birthday, and birthplace.
- Date: 2025-10-09T18:13:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-accordbank-com-ua-Database)
- Screenshots:
- Threat Actors: Rothmans
- Victim Country: Ukraine
- Victim Industry: Banking & Mortgage
- Victim Organization: accord bank
- Victim Site: accordbank.com.ua
24. Alleged sale of FBI UAV Bird Schematics
- Category: Data Breach
- Content: Threat actor claims to be selling leaked insider photos of a UAV imitating a bird from the FBI.
- Date: 2025-10-09T17:57:04Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-%E2%9C%A8-TOP-SECRET-FBI-UAV-BIRD-SCHEMATICS-%E2%9C%A8)
- Screenshots:
- Threat Actors: jrintel
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
25. Alleged admin access sale of an unidentified shop in Switzerland
- Category: Initial Access
- Content: The threat actor is offering to sell admin access to an unidentified shop in Switzerland.
- Date: 2025-10-09T17:54:01Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267900/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: Switzerland
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
26. Alleged data sale of KFC (Venezuela)
- Category: Data Breach
- Content: Threat actor claims to be selling leaked data from KFC, Venezuela. The compromised data reportedly contains 1,067,291 rows including full customer names, phone numbers, email address, delivery address, order ID, store information, etc.
- Date: 2025-10-09T17:50:45Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-KFC-Venezuela-Customer-Order-Database-Leak)
- Screenshots:
- Threat Actors: iDaddy
- Victim Country: Venezuela
- Victim Industry: Restaurants
- Victim Organization: kfc
- Victim Site: kfc.com.ve
27. Alleged admin access sale of an unidentified shop in Spain
- Category: Initial Access
- Content: The threat actor is offering to sell admin access to an unidentified shop in Spain.
- Date: 2025-10-09T17:44:29Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267899/)
- Screenshots:
- Threat Actors: akr1t
- Victim Country: Spain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
28. Alleged sale of abcproxy.com Brute & Checker
- Category: Malware
- Content: The threat actor claims to be selling abcproxy.com Brute & Checker.
- Date: 2025-10-09T17:04:14Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267897/)
- Screenshots:
- Threat Actors: Credit card
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
29. Northern Air Systems falls victim to akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 22 GB of the organization’s data. The compromised data includes Client data (DLs, addresses, emails), employee information (DLs, emails, phones and so on), lots of projects information.
- Date: 2025-10-09T16:41:05Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: USA
- Victim Industry: Manufacturing
- Victim Organization: northern air systems
- Victim Site: northernairsystems.com
30. Alleged data sale of ZoomInfo
- Category: Data Breach
- Content: The threat actor claims to be selling a database from ZoomInfo. The compromised data reportedly contains 185 millions records that includes USA verified business/personal contacts, Linkedin, positions, Industry, revenues, etc.NB: The organization was previously breached on Sep 12 2025.
- Date: 2025-10-09T16:13:50Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267890/)
- Screenshots:
- Threat Actors: Mallory
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: zoominfo
- Victim Site: zoominfo.com
31. Alleged data breach of Nexa DPM
- Category: Data Breach
- Content: Threat actor claims to have leaked database of Nexa DPM, a division of Intas Pharmaceuticals, based in India. The compromised data reportedly contains around 30,000 records of doctors data including id, doctor name, mslno, position code, doctor speciality, mobile no, etc.
- Date: 2025-10-09T15:56:27Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-IN-NexaDPM-database)
- Screenshots:
- Threat Actors: Yrrrr
- Victim Country: India
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: nexa dpm
- Victim Site: nexadpm.in
32. Alleged sale of shell access to PrestaShop in france
- Category: Initial Access
- Content: Threat actor claims to be selling shell access to PrestaShop in france.
- Date: 2025-10-09T15:54:50Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267879/)
- Screenshots:
- Threat Actors: SinCity
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
33. Midsun Group, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 198 GB of the organization’s data.
- Date: 2025-10-09T15:49:27Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=17703593-d5f0-3e8a-a4b0-783f19d6afb0)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Energy & Utilities
- Victim Organization: midsun group, inc.
- Victim Site: midsungroup.com
34. Alleged data breach of Deped Tayo Ilocos Norte
- Category: Data Breach
- Content: Threat actor claims to have defaced and leaked 17 databases from domains and subdomains of Deped Tayo Ilocos Norte, Philippines. The compromised data reportedly contains 3 million records including name, username, email, school name, contact number, address, position, etc.
- Date: 2025-10-09T15:49:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-PHILIPPINES-DEPED-ILOCOS-NORTE-DATA-LEAK-AND-BREACH-WITH-3-MILLIONS-OF-RECORDS)
- Screenshots:
- Threat Actors: Quantum_Security_Group
- Victim Country: Philippines
- Victim Industry: Education
- Victim Organization: deped tayo ilocos norte
- Victim Site: depedilocosnorte.com
35. Alleged sale of Credit Card data from Turkey
- Category: Data Breach
- Content: The threat actor claims to be selling Credit Card data from Turkey. The compromised data reportedly contains 100 records that includes name, street, city, state, country, telephone, email, etc,
- Date: 2025-10-09T15:39:26Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267883/)
- Screenshots:
- Threat Actors: urbsnv
- Victim Country: Turkey
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
36. RipperSec targets the website of InterSpace Ltd.
- Category: Defacement
- Content: The group claims to have deface the website of InterSpace Ltd.
- Date: 2025-10-09T15:39:02Z
- Network: telegram
- Published URL: (https://t.me/c/2875163062/105)
- Screenshots:
- Threat Actors: RipperSec
- Victim Country: Israel
- Victim Industry: Information Technology (IT) Services
- Victim Organization: interspace ltd.
- Victim Site: internic.co.il
37. Alleged data sale of creatorlink
- Category: Data Breach
- Content: A threat actor claims to have leaked data from Creatorlink.net, a platform based in South Korea. The compromised data reportedly contains around 575,000 email addresses, 244,000 names, and 459,901 hashed passwords
- Date: 2025-10-09T15:32:39Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-South-Korea-575k-Name-Email-Password-Hash-creatorlink-net)
- Screenshots:
- Threat Actors: AgSlowly
- Victim Country: South Korea
- Victim Industry: Software
- Victim Organization: creatorlink
- Victim Site: creatorlink.net
38. Retail Texas falls victim to Radiant Group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization’s data.
- Date: 2025-10-09T15:26:37Z
- Network: tor
- Published URL: (http://trfqksm6peaeyz4q6egxbij5n2ih6zrg65of4kwasrejc7hnw2jtxryd.onion/)
- Screenshots:
- Threat Actors: Radiant Group
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
39. Alleged data breach of insafshop.com
- Category: Data Breach
- Content: “The threat actor claims to be selling a database allegedly containing customer information belonging to InsafShop Bangladesh. The leaked dataset reportedly includes around 10,000 records with customer IDs, warehouse details, names, email addresses, contact numbers, tax numbers, and postal information.
- Date: 2025-10-09T14:31:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-BD-insafshopbd-com)
- Screenshots:
- Threat Actors: Yrrrr
- Victim Country: Bangladesh
- Victim Industry: E-commerce & Online Stores
- Victim Organization: insafshop.com
- Victim Site: insafshopbd.com
40. Alleged database sale of Pure Incubation Ventures
- Category: Data Breach
- Content: The threat actor claims to be selling a database allegedly belonging to Pure Incubation Ventures, containing over 132 million records. The leaked data reportedly includes personal and corporate details such as names, emails, phone numbers, addresses, job titles, and company information.
- Date: 2025-10-09T14:27:10Z
- Network: openweb
- Published URL: (https://leakbase.la/threads/pureincubation-132m.44255/)
- Screenshots:
- Threat Actors: jacksparrow874
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: pure incubation ventures
- Victim Site: pureincubation.com
41. Alleged data breach of Partai Keadilan Sejahtera
- Category: Data Breach
- Content: The group claims to have breached the data of Partai Keadilan Sejahtera.
- Date: 2025-10-09T14:08:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Indonesian-political-party-PKS)
- Screenshots:
- Threat Actors: anonimx
- Victim Country: Indonesia
- Victim Industry: Political Organization
- Victim Organization: partai keadilan sejahtera
- Victim Site: pks.id
42. UK Rail Services falls victim to Radiant Group Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data and intends to publish it within 2-3 days.
- Date: 2025-10-09T13:55:15Z
- Network: tor
- Published URL: (http://trfqksm6peaeyz4q6egxbij5n2ih6zrg65of4kwasrejc7hnw2jtxryd.onion/)
- Screenshots:
- Threat Actors: Radiant Group
- Victim Country: UK
- Victim Industry: Transportation & Logistics
- Victim Organization: uk rail services
- Victim Site: ukrailservices.com
43. Alleged breach of unidentified Iraqi FTTH organization
- Category: Data Breach
- Content: The group claims to have breached the systems and dashboards of an Iraqi FTTH company, gaining access to several user accounts and dealer accounts.
- Date: 2025-10-09T13:53:13Z
- Network: telegram
- Published URL: (https://t.me/Cyb3rBlitz/874)
- Screenshots:
- Threat Actors: Cyber Blitz
- Victim Country: Iraq
- Victim Industry: Network & Telecommunications
- Victim Organization: Unknown
- Victim Site: Unknown
44. Ntiva, Inc. falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 171 GB of the organization’s data.
- Date: 2025-10-09T13:47:28Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=40202b3d-7426-33bb-9804-b6f8855f97ed)
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Information Technology (IT) Services
- Victim Organization: ntiva, inc.
- Victim Site: ntiva.com
45. Alleged Sale of Indian E-commerce Database
- Category: Data Breach
- Content: The threat actor claims to be selling Indian E-commerce Database. The database contains sensitive personal information, including Email, Phone, Name, City, and Address details of customers
- Date: 2025-10-09T13:22:41Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Indian-Ecommerce-Database-Fresh-Stock-Email-Phone-Adress-Name-City)
- Screenshots:
- Threat Actors: Gibli
- Victim Country: India
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
46. Alleged data breach of OMH SCIENCE Group Co., Ltd.
- Category: Data Breach
- Content: The threat actor claims to be selling unauthorized access allegedly belonging to OMH SCIENCE Group, a Chinese industrial machinery and equipment manufacturer with approximately 529 employees.
- Date: 2025-10-09T13:21:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-OMH-SCIENCE-Group-CHINA-omhgroup-com)
- Screenshots:
- Threat Actors: krekti
- Victim Country: China
- Victim Industry: Manufacturing
- Victim Organization: omh science group co., ltd.
- Victim Site: omhgroup.com
47. Alleged data breach of Progress Party
- Category: Data Breach
- Content: The group claims to have breached the data of Progress Party, also it leading to its disconnection from the server and main system.
- Date: 2025-10-09T13:17:29Z
- Network: telegram
- Published URL: (https://t.me/hak994/4261)
- Screenshots:
- Threat Actors: Fatimion cyber team
- Victim Country: Iraq
- Victim Industry: Political Organization
- Victim Organization: progress party
- Victim Site: takadum.org
48. V FOR VENDETTA CYBER TEAM claims to target multiple countries
- Category: Alert
- Content: A recent post by the group indicates they are targeting China, Nepal, Israel, Japan, Indonesia, India, Cambodia and Malaysia.
- Date: 2025-10-09T12:54:40Z
- Network: telegram
- Published URL: (https://t.me/NewVforvendetta/8)
- Screenshots:
- Threat Actors: V FOR VENDETTA CYBER TEAM
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
49. Ceresco falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 38GB of corporate data from Ceresco, including human resources files, customer information, project details, internal confidential documents, detailed financial records, NDAs, and other sensitive corporate files.
- Date: 2025-10-09T12:44:42Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: Canada
- Victim Industry: Agriculture & Farming
- Victim Organization: ceresco
- Victim Site: sgceresco.com
50. Kal Egy 319 targets the website of Dar Al-Bashaer Islamic
- Category: Defacement
- Content: The group claims to have defaced the website of Dar Al-Bashaer Islamic Mirror: https://zone-xsec.com/mirror/id/741074
- Date: 2025-10-09T12:37:33Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/18)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Printing
- Victim Organization: dar al-bashaer islamic
- Victim Site: dar-albashaer.com
51. Legal & Contingency Limited falls victim to Akira Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 237GB of corporate data, including employee personal files such as passports and driver’s licenses, client information including passports, driver’s licenses, and birth/death certificates, as well as hearings, police reports, and other confidential corporate documents.
- Date: 2025-10-09T12:33:59Z
- Network: tor
- Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
- Screenshots:
- Threat Actors: akira
- Victim Country: UK
- Victim Industry: Insurance
- Victim Organization: legal & contingency limited
- Victim Site: legal-contingency.co.uk
52. Alleged data breach of Motility Software Solutions
- Category: Data Breach
- Content: The threat actor claims to have leaked a 3.3 GB compressed archive containing files and database dumps.NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:32:01Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: motility software solutions
- Victim Site: motilitysoftware.com
53. Alleged data breach of Orion Communications and Public Relations
- Category: Data Breach
- Content: The group claims to have leaked 13 GB data from Orion Communications and Public Relations.NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:24:28Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: orion communications and public relations
- Victim Site: orioncommunications-pr.com
54. Alleged data breach of UVJ Technologies Pvt Ltd
- Category: Data Breach
- Content: The Threat actor claims to have leaked data from UVJ Technologies Pvt Ltd.NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:20:46Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: India
- Victim Industry: Software Development
- Victim Organization: uvj technologies pvt ltd
- Victim Site: uvjtech.com
55. Kal Egy 319 targets the website of Ibn Hazm Publishing House
- Category: Defacement
- Content: The group claims to have defaced the website of Ibn Hazm Publishing House. Mirror:
- Date: 2025-10-09T12:08:24Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/18)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Publishing Industry
- Victim Organization: ibn hazm publishing house
- Victim Site: daribnhazm.com
56. Alleged data breach of Kevmor
- Category: Data Breach
- Content: The group claims to have leaked 45 GB data from Kevmor.NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:05:08Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: Australia
- Victim Industry: Wholesale
- Victim Organization: kevmor pty ltd
- Victim Site: kevmor.com.au
57. Alleged data breach of Sternthal Montigny Greenberg St-Germain LLP
- Category: Data Breach
- Content: The group claims to have leaked 22 GB data from Sternthal Montigny Greenberg St-Germain.NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:04:15Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: Canada
- Victim Industry: Legal Services
- Victim Organization: sternthal montigny greenberg st-germain llp
- Victim Site: smgs.ca
58. Alleged data breach of CISWO
- Category: Data Breach
- Content: The group claims to have leaked organization’s data from CISWO – The Coal Industry Social Welfare Organization.NB: NB: The authenticity of the claim is yet to be verified.
- Date: 2025-10-09T12:00:12Z
- Network: tor
- Published URL: (http://brohoodyaifh2ptccph5zfljyajjabwjjo4lg6gfp4xb6ynw5w7ml6id.onion/)
- Screenshots:
- Threat Actors: BROTHERHOOD
- Victim Country: UK
- Victim Industry: Individual & Family Services
- Victim Organization: ciswo
- Victim Site: ciswo.org.uk
59. Kal Egy 319 targets the website of Dental Rehabilitation Center
- Category: Defacement
- Content: The group claims to have defaced the website of Dental Rehabilitation Center Mirror: https://zone-xsec.com/mirror/id/741076
- Date: 2025-10-09T12:00:04Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/18)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Hospital & Health Care
- Victim Organization: dental rehabilitation center
- Victim Site: drc-lb.com
60. Kal Egy 319 targets the website of Fabrication-Drawings
- Category: Defacement
- Content: The group claims to have defaced the website of Fabrication-Drawings Mirror: https://zone-xsec.com/mirror/id/741077
- Date: 2025-10-09T11:57:54Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/18)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Building and construction
- Victim Organization: fabrication-drawings
- Victim Site: fabrication-drawings.com
61. Kal Egy 319 targets the website of Al-Halabi Legal Publications
- Category: Defacement
- Content: The group claims to have defaced the website of Al-Halabi Legal Publications.Mirror: https://zone-xsec.com/mirror/id/741079
- Date: 2025-10-09T11:49:58Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/18)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Publishing Industry
- Victim Organization: al-halabi legal publications
- Victim Site: halabi-lp.com
62. Kal Egy 319 targets the website of AfaaQ
- Category: Defacement
- Content: The group claims to have defaced the website of AfaaQMirror Link: https://zone-xsec.com/mirror/id/741082 https://zone-xsec.com/mirror/id/741081 https://zone-xsec.com/mirror/id/741080 https://zone-xsec.com/mirror/id/741078 https://zone-xsec.com/mirror/id/741073 https://zone-xsec.com/mirror/id/741072 https://zone-xsec.com/mirror/id/741071
- Date: 2025-10-09T11:31:58Z
- Network: telegram
- Published URL: (https://t.me/KALOSHA319/16)
- Screenshots:
- Threat Actors: KAL EGY 319
- Victim Country: Lebanon
- Victim Industry: Information Technology (IT) Services
- Victim Organization: afaaq
- Victim Site: mobi.afaaq.com
63. Alleged data breach of Magyar Érmebolt
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Magyar Érmebolt, allegedly containing first name, last name, DOB, email address, and default address.
- Date: 2025-10-09T10:31:46Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Hungary-Database-magyarermebolt-hu-Free)
- Screenshots:
- Threat Actors: camillaDF
- Victim Country: Hungary
- Victim Industry: Retail Industry
- Victim Organization: magyar érmebolt
- Victim Site: magyarermebolt.hu
64. HEZI RASH claims to target Azerbaijan
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Azerbaijan.
- Date: 2025-10-09T09:50:29Z
- Network: telegram
- Published URL: (https://t.me/hezirash/1830)
- Screenshots:
- Threat Actors: HEZI RASH
- Victim Country: Azerbaijan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
65. WOLF CYBER ARMY targets the website of SMA Cendana Pekanbaru
- Category: Defacement
- Content: The group claims to have defaced the website of SMA Cendana Pekanbaru Mirror Link: https://defacer.id/mirror/id/193924
- Date: 2025-10-09T09:46:26Z
- Network: telegram
- Published URL: (https://t.me/c/2670088117/388)
- Screenshots:
- Threat Actors: WOLF CYBER ARMY
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: sma cendana pekanbaru
- Victim Site: smacendanapekanbaru.sch.id
66. Alleged Sale of U.S. Credit Card Records
- Category: Data Breach
- Content: The threat actor claims to be selling 15,000 U.S. credit card records, including card numbers, expiration dates, holder names, and full billing details (address, city, state, and ZIP).
- Date: 2025-10-09T09:45:18Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267856/)
- Screenshots:
- Threat Actors: cashmoneycard
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
67. Alleged data sale of Ambon City Department of Population and Civil Registration
- Category: Data Breach
- Content: The threat actor claims to be selling a database allegedly belonging to the Ambon City Department of Population and Civil Registration (Disdukcapil Ambon). The database includes 1.5 million records containing personal information such as NIK, names, and addresses.
- Date: 2025-10-09T09:37:26Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-1-5-MILLION-DUKCAPIL-MALUKU-AMBON)
- Screenshots:
- Threat Actors: Mr404Here
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: ambon city department of population and civil registration
- Victim Site: disdukcapil.ambon.go.id
68. Alleged leak of multiple user login credentials of Saudi Ministry of Interior
- Category: Data Breach
- Content: The group claims to have leaked multiple user login credentials associated with the Saudi Ministry of Interior.
- Date: 2025-10-09T09:26:05Z
- Network: telegram
- Published URL: (https://t.me/AnonSec16/17)
- Screenshots:
- Threat Actors: ANONSEC 16
- Victim Country: Saudi Arabia
- Victim Industry: Government Administration
- Victim Organization: ministry of interior
- Victim Site: moi.gov.sa
69. Edelman & Edelman, P.C falls victim to Qilin Ransomware
- Category: Ransomware
- Content: The group claims to have obtained organization’s data.
- Date: 2025-10-09T09:08:28Z
- Network: tor
- Published URL: (http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=c4c58b9f-865c-3713-981f-b06bbce80aa5)
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/80eea696-ebf8-4033-9673-88330b49a1e9.png
- https://d34iuop8pidsy8.cloudfront.net/9f6ca394-498a-4d41-8c9d-fb48f678cbd9.png
- https://d34iuop8pidsy8.cloudfront.net/03108cce-a7e2-4871-9c66-9fa13347ba3f.png
- https://d34iuop8pidsy8.cloudfront.net/ee3687ce-fee5-4d95-8a28-8d9ccd806a9a.png
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: edelman & edelman, p.c
- Victim Site: edelmanpclaw.com
70. Alleged data breach of Heritage Communities
- Category: Data Breach
- Content: The group claims to have leaked corporate data from Heritage Communities.
- Date: 2025-10-09T07:46:45Z
- Network: tor
- Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/5436588969/overview)
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Hospital & Health Care
- Victim Organization: heritage communities
- Victim Site: heritage-communities.com
71. INDOHAXSEC targets the website of Kid Jump
- Category: Defacement
- Content: The group claims to have defaced the website of Kid Jump
- Date: 2025-10-09T07:45:21Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/43)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Israel
- Victim Industry: Events Services
- Victim Organization: kid jump
- Victim Site: kidjump.cp25.evhost.co.il
72. Alleged leak of Radio user data in Brazil
- Category: Data Breach
- Content: The group claims to have leaked 200K radio user data in Brazil.
- Date: 2025-10-09T07:30:37Z
- Network: telegram
- Published URL: (https://t.me/VFCTeam/280)
- Screenshots:
- Threat Actors: V FOR VENDETTA CYBER TEAM
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
73. Alleged data leak of Afgan passports
- Category: Data Breach
- Content: The threat actor claims to have published a collection of sensitive documents, including passports, driver’s licenses, ID cards, and business records. Moderators and relevant authorities are being notified to investigate and contain any potential harm.
- Date: 2025-10-09T06:36:11Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Afghan-passport)
- Screenshots:
- Threat Actors: Arnoldsudney123
- Victim Country: Afghanistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
74. Alleged data sale of Malaysian ID cards and bank statements
- Category: Data Breach
- Content: The threat actor claims to have leaked and is selling 17 GB of dataset containing Malaysian ID cards and bank statements which includes sensitive Personally Identifiable Information (PII) and financial records
- Date: 2025-10-09T06:27:17Z
- Network: openweb
- Published URL: (https://breachsta.rs/topic/im-selling-malaysia-id-card-17gb-with-bank-statement-a417sf8k2a9b)
- Screenshots:
- Threat Actors: moneyline
- Victim Country: Malaysia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
75. ARCHWAY falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The group claims to have obtained approximately 710 GB of data from Archway
- Date: 2025-10-09T05:11:34Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/3CabmpqRnr57X6rPcMw5IBarWgyoHq9o/archway-com)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: USA
- Victim Industry: Marketing, Advertising & Sales
- Victim Organization: archway
- Victim Site: archway.com
76. Dun & Bradstreet falls victim to CHAOS Ransomware
- Category: Ransomware
- Content: The threat group claims to have exfiltrated around 200 GB of data from Autohaus Malin, a long-standing Renault and Dacia partner based in Sulz, Vorarlberg.
- Date: 2025-10-09T05:03:05Z
- Network: tor
- Published URL: (http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/pGpCNAgVLfsiTfksxCxvUwzKMWZyHwzd/autohausmalin)
- Screenshots:
- Threat Actors: CHAOS
- Victim Country: Liechtenstein
- Victim Industry: Information Services
- Victim Organization: dun & bradstreet
- Victim Site: dnb.com
77. Alleged sale of admin access to an unidentified wordpress shop from Brazil
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized admin-panel access to an unidentified WordPress shop in Brazil
- Date: 2025-10-09T04:49:11Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/267855/)
- Screenshots:
- Threat Actors: corptoday
- Victim Country: Brazil
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
78. Personal Collection falls victim to The Gentlemen Ransomware
- Category: Ransomware
- Content: The threat group claims to have compromised data belonging to Personal Collection Direct Selling Inc., reportedly obtaining a substantial amount of internal information.They allege plans to release the stolen data within the next few days, citing 2GO.com.ph as the access point used in the breach.
- Date: 2025-10-09T04:47:06Z
- Network: tor
- Published URL: (http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/)
- Screenshots:
- Threat Actors: The Gentlemen
- Victim Country: Philippines
- Victim Industry: Retail Industry
- Victim Organization: personal collection
- Victim Site: personalcollection.com.ph
79. INDOHAXSEC targets the website of Eilat Info
- Category: Defacement
- Content: The group claims to have defaced the website associated with Eilat Info
- Date: 2025-10-09T03:59:09Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/42)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Israel
- Victim Industry: Hospitality & Tourism
- Victim Organization: eilat info
- Victim Site: pink.eilatinfo.co.il
80. Roxu cranes falls victim to Space Bears Ransomware
- Category: Ransomware
- Content: The group claims to have obtained the organization data and they intend to publish it within 6-7 days.
- Date: 2025-10-09T02:47:40Z
- Network: tor
- Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/)
- Screenshots:
- Threat Actors: Space Bears
- Victim Country: Spain
- Victim Industry: Transportation & Logistics
- Victim Organization: roxu cranes
- Victim Site: gruporoxu.com
81. INDOHAXSEC targets the website of Innovative Craftx
- Category: Defacement
- Content: The group claims to have defaced multiple websites associated with Innovative Craftx
- Date: 2025-10-09T00:24:32Z
- Network: telegram
- Published URL: (https://t.me/INDOHAXSEC/41)
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Bangladesh
- Victim Industry: Software Development
- Victim Organization: innovative craftx
- Victim Site: innovativecraftx.com
82. Alleged data leak of HOT GUNS firearms dealer database
- Category: Data Breach
- Content: The threat actor claims to have leaked a sensitive dealer and customer database tied to the firearms licensee “HOT GUNS” (FFL ID: 367000077M52528). The exposed dataset reportedly includes dealer details (license name, FFL ID, address, phone), customer names, phone numbers, contact addresses, transaction records (including NICS responses and final transaction status), NTN, and transaction timestamps.
- Date: 2025-10-09T00:21:24Z
- Network: telegram
- Published URL: (https://t.me/n2LP_wVf79c2YzM0/1873)
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware attacks (including those by INC RANSOM, Qilin, CHAOS, akira, Radiant Group, PLAY, The Gentlemen, and Space Bears) remain prominent, targeting sectors like Energy & Utilities, Manufacturing, Education, Civil Engineering, and Transportation & Logistics across multiple countries. Data breaches and sales are widespread, affecting various industries from E-commerce and Financial Services to Government Administration and Healthcare & Pharmaceuticals, with leaked data ranging from massive customer databases to credit card records and highly sensitive passports/ID cards. Initial access sales are also notable, offering administrative or server access to organizations globally. The presence of Defacement activity, primarily targeting sites in Israel and Lebanon, along with claims of selling malware like a Brute & Checker tool, further underscores the persistent and varied threats faced by organizations worldwide. The data reveals a busy 24-hour period with a high volume of malicious activity across multiple threat categories and geographies.