This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged database Sale of Israeli Ministry of Tourism
- Category: Data Breach
- Content: The threat actor claims to be selling a dataset allegedly obtained from the Israeli Ministry of Tourism. The data reportedly contains around 665,000 records detailing tourist visits to Israel between 2018 and 2025, categorized by nationality.
- Date: 2025-09-17T14:16:09Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Israel-665-000-Tourists-visiting-Israel-2018-2025)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Israel
- Victim Industry: Hospitality & Tourism
- Victim Organization: israeli ministry of tourism
- Victim Site: gov.il
- Alleged data breach of Bank Central Asia
- Category: Data Breach
- Content: The threat actor claims to have leaked 20 million user records from Bank Central Asia (BCA). The compromised data includes the employee number, identity number, job position, name, date of birth, address, gender, email, bank details, job title, department, mobile phone number, and more. The organization was previously breached on Jul 31, 2025.
- Date: 2025-09-17T13:46:50Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-20-MILLION-USER-BCA-BANK-BY-COMMUNISM)
- Screenshots:
- Threat Actors: COMMUNISM
- Victim Country: Indonesia
- Victim Industry: Banking & Mortgage
- Victim Organization: bank central asia
- Victim Site: bca.co.id
- Alleged account sale of Algérie Poste
- Category: Initial Access
- Content: The group claims to be selling accounts and login data list of Algérie Poste.
- Date: 2025-09-17T13:40:11Z
- Network: telegram
- Published URL: (https://t.me/c/3035412121/66)
- Screenshots:
- Threat Actors: Dark 07X HAT
- Victim Country: Algeria
- Victim Industry: Government Administration
- Victim Organization: algérie poste
- Victim Site: poste.dz
- Alleged Data Breach of Ministry of Defence, Bangladesh
- Category: Data Breach
- Content: The group claims to have accessed the Ministry of Defence portal of Bangladesh and exfiltrated data containing ranks, names, and personal details of Bangladesh Army officers.
- Date: 2025-09-17T13:21:16Z
- Network: telegram
- Published URL: (https://t.me/j4ev3r/41?single)
- Screenshots:
- Threat Actors: J4Ev3R
- Victim Country: Bangladesh
- Victim Industry: Government Administration
- Victim Organization: ministry of defence
- Victim Site: mod.gov.bd
- Alleged data sale of Ministry of Religious Affairs
- Category: Data Breach
- Content: The threat actor claims to be selling admin access and 300,000 rows of data from the Pakistani Hajj site belonging to the Ministry of Religious Affairs.
- Date: 2025-09-17T13:19:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Pakistan-hajjinfo-org-Dumped-Data-300-000-rows)
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Pakistan
- Victim Industry: Government Administration
- Victim Organization: ministry of religious affairs
- Victim Site: hajjinfo.org
- Alleged unauthorized access to an unidentified sales service system in Algeria
- Category: Initial Access
- Content: The group claims to have gained access to product sales service system in Algeria.
- Date: 2025-09-17T13:11:21Z
- Network: telegram
- Published URL: (https://t.me/FireWireMaroc/160?single)
- Screenshots:
- Threat Actors: Fire Wire
- Victim Country: Algeria
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Indonesian Ministry of Communication and Digital
- Category: Data Breach
- Content: The threat actor claims to be selling 50 GB of data from the Indonesian Ministry of Communication and Digital. The compromised data includes number, name, broadcasting radio, television broadcasting, microwave link, conventional radio, trunking radio and more.
- Date: 2025-09-17T12:47:35Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-SELL-50GB-DATABASE-KOMDIGI-go-id-BY-COMMUNISM)
- Screenshots:
- Threat Actors: COMMUNISM
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: indonesian ministry of communication and digital
- Victim Site: komdigi.go.id
- Alleged data breach of CollegeDekho
- Category: Data Breach
- Content: The threat actor claims to have leaked 1.04 million records from CollegeDekho. The compromised data includes account usernames, password hashes and raw entries, emails, phone numbers and more.
- Date: 2025-09-17T12:39:34Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-COLLEGEDEKHO-COM-%E2%80%94-1-04M-Records-191MB-Accounts-%E2%80%A2-Emails-%E2%80%A2-Phones)
- Screenshots:
- Threat Actors: privilege
- Victim Country: India
- Victim Industry: Education
- Victim Organization: collegedekho
- Victim Site: collegedekho.com
- Alleged data leak of VitLamData
- Category: Data Breach
- Content: The threat actor claims to have leaked data from VitLamData. The compromised data reportedly includes 7,305 registration records containing masked emails, birth years, job titles, industries, learning motivations, generation cohort, registration timestamps, and other sign-up metadata.
- Date: 2025-09-17T12:35:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-VITLAMDATA-COM-%E2%80%94-7-305-Records-Registrations-masked-emails)
- Screenshots:
- Threat Actors: privilege
- Victim Country: Unknown
- Victim Industry: Education
- Victim Organization: vitlamdata
- Victim Site: vitlamdata.com
- Alleged unauthorized access to General Directorate of Civil Protection
- Category: Initial Access
- Content: The group claims to have gained access to General Directorate of Civil Protection
- Date: 2025-09-17T12:32:12Z
- Network: telegram
- Published URL: (https://t.me/c/3035412121/48)
- Screenshots:
- Threat Actors: Dark 07X HAT
- Victim Country: Algeria
- Victim Industry: Government Administration
- Victim Organization: general directorate of civil protection
- Victim Site: dgpc.dz
- Alleged data breach of SiteSmart
- Category: Data Breach
- Content: The threat actor claims to have leaked 1.94 GB of client data from SiteSmart, allegedly containing data from 21 clients.
- Date: 2025-09-17T12:32:02Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Source-Code-SiteSmart-io-Data-Breach-Leaked-Download)
- Screenshots:
- Threat Actors: N1KA
- Victim Country: New Zealand
- Victim Industry: Graphic & Web Design
- Victim Organization: sitesmart
- Victim Site: sitesmart.io
- Alleged data breach of Apollo Technologies, Inc.
- Category: Data Breach
- Content: The threat actor claims to have leaked 19,275 user records from Apollo Technologies, Inc. The compromised data includes account metadata, contact emails, hashed passwords, usernames, contact numbers, creation and update timestamps, and administrative flags.
- Date: 2025-09-17T12:19:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-APOLLO-COM-PH-%E2%80%94-19-275-Records-Accounts-Emails-Password-Hashes)
- Screenshots:
- Threat Actors: privilege
- Victim Country: Philippines
- Victim Industry: Information Technology (IT) Services
- Victim Organization: apollo technologies, inc.
- Victim Site: apollo.com.ph
- Alleged data breach of FairMoney
- Category: Data Breach
- Content: The threat actor claims to have leaked 138,824 user records from SimpleTire. The compromised data includes the full user/account table, containing authentication data, contact information, and account metadata.
- Date: 2025-09-17T12:16:54Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-FAIRMONEY-IO-%E2%80%94-138-824-Records-User-Accounts-Emails-Password-Hashes)
- Screenshots:
- Threat Actors: privilege
- Victim Country: Nigeria
- Victim Industry: Financial Services
- Victim Organization: fairmoney
- Victim Site: fairmoney.io
- Alleged data breach of Cargo Data Exchange Center, Inc.
- Category: Data Breach
- Content: The threat actor claims to have leaked 22,529 records from Cargo Data Exchange Center, Inc. The compromised data includes user accounts auto-created during ticket submissions, exposing contact emails, organization names, real names, and metadata.
- Date: 2025-09-17T12:01:33Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-CDEC-COM-PH-%E2%80%94-22-529-Records-User-Accounts-Emails-Orgs)
- Screenshots:
- Threat Actors: privilege
- Victim Country: Philippines
- Victim Industry: Transportation & Logistics
- Victim Organization: cargo data exchange center, inc.
- Victim Site: cdec.com.ph
- Alleged data leak of Kasikornbank Public Company Limited (KBank)
- Category: Data Breach
- Content: The group claims to have leaked data from Kasikornbank Public Company Limited (KBank).
- Date: 2025-09-17T11:46:30Z
- Network: telegram
- Published URL: (https://t.me/h3c4kedz_official/32)
- Screenshots:
- Threat Actors: H3C4KEDZ
- Victim Country: Thailand
- Victim Industry: Financial Services
- Victim Organization: kasikornbank public company limited (kbank)
- Victim Site: kbiz.kasikornbank.com
- Alleged data breach of Dr. Next
- Category: Data Breach
- Content: The threat actor claims to have leaked 58,205 records from Dr. Next. The compromised data includes Persian user profiles with full names, mobile phone numbers, and national identity codes.
- Date: 2025-09-17T11:27:47Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DB-LEAK-DRNEXT-IR-%E2%80%94-58-205-Records-Names-Mobiles-National-IDs)
- Screenshots:
- Threat Actors: privilege
- Victim Country: Iran
- Victim Industry: Information Technology (IT) Services
- Victim Organization: dr. next
- Victim Site: drnext.ir
- Alleged data breach of SimpleTire
- Category: Data Breach
- Content: The threat actor claims to have leaked 3,091 customer records from SimpleTire. The compromised data includes customer contact details, payment identifiers, referral codes, and account metadata linked to individual customers and fleet accounts.
- Date: 2025-09-17T11:19:30Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-DATABASE-LEAK-SIMPLETIRE-COM-%E2%80%94-3-091-Records-Customers-Phones-Payments)
- Screenshots:
- Threat Actors: privilege
- Victim Country: USA
- Victim Industry: Automotive
- Victim Organization: simpletire
- Victim Site: simpletire.com
- Alleged unauthorized access to unidentified water filtration control system in Spain
- Category: Initial Access
- Content: The group claims to have gained access to an unidentified water filtration control system in Spain. The alleged breach reportedly enables control of filtration, pumps, and schedules.
- Date: 2025-09-17T11:15:15Z
- Network: telegram
- Published URL: (https://t.me/Z_ALLIANCE/770)
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Spain
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged reward scheme for targeting Moroccan politicians
- Category: Alert
- Content: The threat actor offers a financial reward for eliminating corrupt Moroccan politicians, listing several individuals allegedly involved in corruption.
- Date: 2025-09-17T11:10:22Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-A-special-prize-for-whoever-can-eliminate-just-one-person)
- Screenshots:
- Threat Actors: justiceMA
- Victim Country: Morocco
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of email IDs
- Category: Initial Access
- Content: The threat actor claims to be selling access to 19k valid emails.
- Date: 2025-09-17T11:08:55Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-19K-VALID-MAIL-ACCESS)
- Screenshots:
- Threat Actors: C4AK1NGAGE
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of access to unidentified casino from UAE
- Category: Initial Access
- Content: The threat actor claims to be selling SSH and SQL Server access to an unidentified casino game provider based in UAE.
- Date: 2025-09-17T10:51:10Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Access-to-Live-Casino-Game-Provider)
- Screenshots:
- Threat Actors: 888
- Victim Country: UAE
- Victim Industry: Gambling & Casinos
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of the USA Sneaker Buyers e-commerce database
- Category: Data Breach
- Content: The threat actor claims to be selling 500k USA Sneaker Buyers e-commerce database records, allegedly containing names, phone numbers, emails, addresses, and more.
- Date: 2025-09-17T10:21:53Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-SELLING-500K-USA-Sneaker-Buyers-Ecom-DATABASE)
- Screenshots:
- Threat Actors: neelki
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged database leak of Indonesia’s General Elections Commission (KPU)
- Category: Data Breach
- Content: The threat actor claims to have leaked a database allegedly containing personal and contact details of officials from Indonesia’s General Elections Commission (KPU). The exposed data reportedly includes names, positions, phone numbers, and email addresses.
- Date: 2025-09-17T10:09:13Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-database-goverment-kpu)
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: indonesia’s general elections commission (kpu)
- Victim Site: kpu.go.id
- NXBB.SEC targets the website of PEAK Sports
- Category: Defacement
- Content: The group claims to have defaced the website of PEAK Sports. Mirror Id : https://defacer.id/mirror/id/190136
- Date: 2025-09-17T10:00:06Z
- Network: telegram
- Published URL: (https://t.me/nxbbsec/2648)
- Screenshots:
- Threat Actors: NXBB.SEC
- Victim Country: Cambodia
- Victim Industry: Media Production
- Victim Organization: peak sports
- Victim Site: sports.peakdigital.com.kh
- Alleged Sale of Access to Swiss Organization Infrastructure
- Category: Initial Access
- Content: The threat actor claims to be selling access to systems in Switzerland. The actor states that the access relates to a Swiss entity’s infrastructure (“aдpHиK”) and mentions available data totaling more than 50 GB on the C:// drive.
- Date: 2025-09-17T09:39:06Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266429/)
- Screenshots:
- Threat Actors: copart43432
- Victim Country: Switzerland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of Egypt Based Auto Parts Company Chat Support Access
- Category: Initial Access
- Content: The threat actor claims to be selling access to an Egypt-based auto parts company’s customer support system on a dark web forum. The listing states the sale includes email+password credentials for a support agent account that handles live user issues, tickets, and related operations.
- Date: 2025-09-17T09:34:42Z
- Network: openweb
- Published URL: (https://forum.exploit.in/topic/266430/)
- Screenshots:
- Threat Actors: betway
- Victim Country: Egypt
- Victim Industry: Automotive
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Sale of Multiple Sensitive Government and Corporate Databases
- Category: Data Breach
- Content: The group claims to be selling large volumes of allegedly compromised data from multiple organizations. The datasets listed include: 240GB of data from the Ministry of Defense of the Republic of Korea. Data from the Mexican government website 1TB of military data from Iran’s armed forces. 2TB of defense-related documents from Qantas Airways Limited Service. 4TB of datasets from Google and Salesforce (2025). Court documents from the Ministry of Justice (NCA). 52GB of court documents from the Ministry of Justice (2025). 1.2 billion records from the Shanghai National Police 300GB of top-secret data on the Russia–Ukraine war. 340GB of police records from Kerala Police Financial, customer, employee, and company data from Israel. 10TB of hospital records from ChangShen Hospital. 10TB of data on Iran’s nuclear, air defense, navy, army, and drone systems. Defense-related data from the U.S. Army Aviation and Missile agency. 815 million Aadhaar-linked records (90GB) from ICMR. Database on Brazil’s nuclear and missile manufacturing.
- Date: 2025-09-17T08:58:29Z
- Network: telegram
- Published URL: (https://t.me/Hider_N3x/237)
- Screenshots:
- Threat Actors: Hider_Nex
- Victim Country: South Korea
- Victim Industry: Government Administration
- Victim Organization: ministry of national defense, republic of korea
- Victim Site: mnd.go.kr
- Alleged data breach of National Polytechnic Institute (IPN)
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from the National Polytechnic Institute (IPN).
- Date: 2025-09-17T08:55:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-DATABASE-Instituto-Politecnico-Nacional-small-database)
- Screenshots:
- Threat Actors: s4mmy
- Victim Country: Mexico
- Victim Industry: Education
- Victim Organization: national polytechnic institute
- Victim Site: ipn.mx
- Alleged sale of unauthorized access to Bloxham Parish Council, UK
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to Bloxham Parish Council in UK.
- Date: 2025-09-17T07:59:57Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Selling-Bloxham-Parish-Council-GOV-UK-Access)
- Screenshots:
- Threat Actors: krekti
- Victim Country: UK
- Victim Industry: Government Administration
- Victim Organization: bloxham parish council
- Victim Site: bloxhamparishcouncil.gov.uk
- Alleged leak of government employees data from China
- Category: Data Breach
- Content: Threat actors are advertising a database allegedly containing Chinese government employee records and other sensitive data from 2025.
- Date: 2025-09-17T06:32:16Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-China-DB-government-employees-2025)
- Screenshots:
- Threat Actors: we_matrix
- Victim Country: China
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- InDoM1nu’s targets the website of Connectchainblock
- Category: Defacement
- Content: The group claims to have defaced the website of Connectchainblock. Mirror Id : https://defacer.id/mirror/id/190136
- Date: 2025-09-17T05:40:30Z
- Network: telegram
- Published URL: (https://t.me/InDoM1nuss/141)
- Screenshots:
- Threat Actors: InDoM1nu’s
- Victim Country: Colombia
- Victim Industry: Financial Services
- Victim Organization: connectchainblock
- Victim Site: connect-chain-block.co
- Alleged Data Breach of Open Society Foundations
- Category: Data Breach
- Content: threat actor claims to have obtained the data from Open Society Foundations and Indonesia’s Kurawal Foundation funded anti-government protests and attempted to undermine food estate programs in Papua through multiple grant projects.
- Date: 2025-09-17T03:12:43Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-Document-Leaked-Documents-from-Open-Society-Foundations)
- Screenshots:
- Threat Actors: ZeroPhantom
- Victim Country: USA
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: open society foundations
- Victim Site: opensocietyfoundations.org
- Alleged Data Breach of Newton Crypto Ltd
- Category: Data Breach
- Content: threat actor claims to be obtained the Newton Crypto data dump containing 131k user records with emails, passwords, names, numbers, orders, and balances.
- Date: 2025-09-17T01:11:02Z
- Network: openweb
- Published URL: (https://xss.pro/threads/143306/)
- Screenshots:
- Threat Actors: society
- Victim Country: Canada
- Victim Industry: Financial Services
- Victim Organization: newton crypto ltd
- Victim Site: newton.co
- Alleged data breach of Addpay Service Point Co., Ltd.
- Category: Data Breach
- Content: The threat actor claims the leaked database of Addpay Service Point Co., Ltd.
- Date: 2025-09-17T00:56:17Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-addpay-co-th)
- Screenshots:
- Threat Actors: kanie2903
- Victim Country: Thailand
- Victim Industry: Financial Services
- Victim Organization: addpay service point co., ltd.
- Victim Site: addpay.co.th
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from financial services and government to education and e-commerce, and impacting countries including Israel, Indonesia, Algeria, Bangladesh, Pakistan, New Zealand, Philippines, Nigeria, Iran, USA, Thailand, Cambodia, Switzerland, Egypt, China, and Colombia. The compromised data ranges from personal user information and banking details to sensitive government and military records. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to government systems, corporate networks, and financial institutions. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.