1. Alleged unauthorized access to Spark Energy system in Italy
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to Spark Energy srl’s power equipment management system in Italy. The compromised system allegedly allows full administrative control, including real-time monitoring of voltage, current, and frequency, controlling generator operating modes, managing parameters such as load, pressure, temperature, engine speed, and equipment runtime, and accessing and modifying error and alarm logs.
- Date: 2025-09-18T14:15:43Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/773
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Italy
- Victim Industry: Retail Industry
- Victim Organization: spark energy srl
- Victim Site: Unknown
2. Alleged sale of unauthorized CRM access to an unidentified organization
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to the CRM and database of an unidentified platform, allegedly leaking 79k rows of data, including names, phone numbers, emails, and registration details.
- Date: 2025-09-18T14:12:48Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266506/
- Screenshots:
- Threat Actors: betway
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged data breach of My Homemade Porn
- Category: Data Breach
- Content: The threat actor claims to have leaked data from My Homemade Porn, allegedly containing usernames, emails, and passwords.
- Date: 2025-09-18T14:03:38Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-myhomemadeporn-com-database-breach
- Screenshots:
- Threat Actors: kanie2903
- Victim Country: Unknown
- Victim Industry: Entertainment & Movie Production
- Victim Organization: my homemade porn
- Victim Site: [suspicious link removed]
4. Alleged data breach of Ecigarette Land
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Ecigarette Land, allegedly containing names, emails, passwords, addresses, and phone numbers.
- Date: 2025-09-18T13:57:24Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-ecigaretland-dk-breach
- Screenshots:
- Threat Actors: kanie2903
- Victim Country: Denmark
- Victim Industry: E-commerce & Online Stores
- Victim Organization: ecigarette land
- Victim Site: ecigaretland.dk
5. Alleged data breach of National Narcotics Agency of the Republic of Indonesia
- Category: Data Breach
- Content: The threat actor claims to be selling workers’ data from the National Narcotics Agency of the Republic of Indonesia, allegedly containing no, nik, full name, place of birth, date of birth, gender, work unit, position, and education.
- Date: 2025-09-18T13:50:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-BNN-workers-data-by-TERRORISM666
- Screenshots:
- Threat Actors: TERRORISM666
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: national narcotics agency of the republic of indonesia
- Victim Site: bnn.go.id
6. Alleged data breach of Israel Aerospace Industries (IAI)
- Category: Data Breach
- Content: The group claims to have leaked data from Israel Aerospace Industries (IAI).
- Date: 2025-09-18T13:21:08Z
- Network: telegram
- Published URL: https://t.me/Golden_falcon_team/521
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/f3130dc6-4fb4-4b41-9ad3-be8b26011baf.JPG
- https://d34iuop8pidsy8.cloudfront.net/5f9cb774-5c5a-40be-9616-1778d410ea4e.JPG
- https://d34iuop8pidsy8.cloudfront.net/e864f0b4-6a99-43a9-ac0a-181856f746a6.JPG
- https://d34iuop8pidsy8.cloudfront.net/e79a5dfc-9d76-43ef-9eb5-1bf168c6891d.JPG
- Threat Actors: Golden falcon
- Victim Country: Israel
- Victim Industry: Aviation & Aerospace
- Victim Organization: israel aerospace industries (iai)
- Victim Site: iai.co.il
7. Alleged data breach of Biosol
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Biosol, allegedly containing emails, passwords, names, addresses, and card numbers.
- Date: 2025-09-18T13:14:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-biosol-dk-breach
- Screenshots:
- Threat Actors: kanie2903
- Victim Country: Denmark
- Victim Industry: E-commerce & Online Stores
- Victim Organization: biosol
- Victim Site: biosol.dk
8. GARUDA ERROR SYSTEM targets the website of RentCarHub
- Category: Defacement
- Content: The group claims to have defaced the website of RentCarHub.
- Date: 2025-09-18T12:25:16Z
- Network: telegram
- Published URL: https://t.me/c/2004556114/2005
- Screenshots:
- Threat Actors: GARUDA ERROR SYSTEM
- Victim Country: USA
- Victim Industry: Leisure & Travel
- Victim Organization: rentcarhub
- Victim Site: rentcarhub.com
9. Alleged data sale of an unidentified P2P platform in Philippines
- Category: Data Breach
- Content: The threat actor claims to be selling data from the top 3 unidentified P2P platforms in Philippines. The compromised data reportedly contains ID, user ID, time created, source type, and more.
- Date: 2025-09-18T12:23:03Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Data-from-the-Philippines-Top-3-P2P-Lending-Platforms-for-Sale
- Screenshots:
- Threat Actors: Y0y0123
- Victim Country: Philippines
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
10. Alleged leak of Admin access to Ministry of Education and Research
- Category: Initial Access
- Content: The group claims to have leaked access to Ministry of Education’s administration system in Romania
- Date: 2025-09-18T12:22:46Z
- Network: telegram
- Published URL: https://t.me/AnonymousRoNews/180
- Screenshots:
- Threat Actors: Anonymous / Ro
- Victim Country: Romania
- Victim Industry: Government Administration
- Victim Organization: ministry of education and research
- Victim Site: jobs.edu.ro
11. Alleged data breach of Bangladesh Bank
- Category: Data Breach
- Content: The threat actor claims to have leaked customer data from Bangladesh Bank, allegedly containing prefix, full name, father’s name, mother’s name, date of birth, age, mailing address, contact number and more.
- Date: 2025-09-18T12:10:23Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Bangladesh-Bank-Customers-data
- Screenshots:
- Threat Actors: TomSec
- Victim Country: Bangladesh
- Victim Industry: Financial Services
- Victim Organization: bangladesh bank
- Victim Site: bb.org.bd
12. Alleged Data Leak of Beit Dagan Parking Management Portal
- Category: Data Breach
- Content: The group claims to have leaked data from a parking management portal in Beit Dagan, Israel.
- Date: 2025-09-18T12:06:20Z
- Network: telegram
- Published URL: https://t.me/fattah_iriii/986
- Screenshots:
- Threat Actors: Cyber Fattah Team
- Victim Country: Israel
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
13. Alleged unauthorized access to unidentified military surveillance systems
- Category: Initial Access
- Content: The group claims to have selling unauthorized access to an unidentified military surveillance systems and selling data of confidential information about modern military equipment’s from an unidentified country.
- Date: 2025-09-18T12:02:00Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/1673
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Military Industry
- Victim Organization: Unknown
- Victim Site: Unknown
14. Alleged data breach of CRESA Centro de Radiología Especializada
- Category: Data Breach
- Content: The group claims to have leaked data from CRESA Centro de Radiología Especializada. The compromised data reportedly includes files such as name, gender, id number, date of birth, account number etc,
- Date: 2025-09-18T11:29:57Z
- Network: telegram
- Published URL: https://t.me/AnonsecRD/37
- Screenshots:
- Threat Actors: Anonsec RD
- Victim Country: Dominican Republic
- Victim Industry: Hospital & Health Care
- Victim Organization: cresa centro de radiología especializada
- Victim Site: cresa.do
15. Alleged sale of unauthorized CRM access to unidentified online store in Bahrain
- Category: Initial Access
- Content: The threat actor claims to be selling unauthorized access to the CRM account of an unidentified online store in Bahrain, allegedly leaking 80k rows of the customer table and 600k rows of the order table.
- Date: 2025-09-18T11:18:08Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266496/
- Screenshots:
- Threat Actors: betway
- Victim Country: Bahrain
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
16. Alleged unauthoirzed access to unidentified ICS and SCADA Water Infrastructure
- Category: Initial Access
- Content: The group claims to have gained access to unidentified ICS and SCADA systems of a water infrastructure provider. NB: This incident represents the second stage of Operation Saif Al-Haydar targeting water infrastructure.
- Date: 2025-09-18T11:05:10Z
- Network: telegram
- Published URL: https://t.me/unknowns_cyberteam/745
- Screenshots:
- Threat Actors: Unknowns cyber team
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
17. Alleged leak of Psychic mail bomber
- Category: Alert
- Content: The threat actor claims to have leaked Psychic mail Bomber 2025.
- Date: 2025-09-18T10:57:37Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-Psychic-mail-Bomber-2025
- Screenshots:
- Threat Actors: JordiChin
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
18. Alleged data breach of Federal Student Aid
- Category: Data Breach
- Content: The threat actor claims to have leaked 115,885 records from Federal Student Aid, allegedly containing first name, last name, street address, city, state, zip code, date of birth, DB origin, driver’s license ID, driver’s license state, email, JD MBA, person ID, and Social Security number.
- Date: 2025-09-18T10:29:34Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-115-885-StudentAid-gov-SSN-leaks
- Screenshots:
- Threat Actors: opsec1617
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: federal student aid
- Victim Site: studentaid.gov
19. Alleged data breach of Click Into Wealth
- Category: Data Breach
- Content: The threat actor claims to have leaked 137,885 user records from Click Into Wealth, allegedly containing source, first name, last name, country, address, state, city, zip code, phone number, and email.
- Date: 2025-09-18T09:54:55Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-137-885-clickintowealth-com-data-leaks
- Screenshots:
- Threat Actors: opsec1617
- Victim Country: USA
- Victim Industry: E-commerce & Online Stores
- Victim Organization: click into wealth
- Victim Site: clickintowealth.com
20. Alleged data breach of Microsoft Corporation servers
- Category: Data Breach
- Content: The group claims to have leaked 410MB of data from Microsoft Corporation servers. The compromised data reportedly includes files such as DHL-API-master.rar, POS.rar, deploy_projects_git, ebay.rar, g_new_sdk_dafiti.rar, g_new_sdk_falabella, g_new_transportadora, marketplaces.rar, and shopify-malva.rar.
- Date: 2025-09-18T09:22:42Z
- Network: telegram
- Published URL: https://t.me/c/2911263260/10
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: USA
- Victim Industry: Software Development
- Victim Organization: microsoft corporation
- Victim Site: microsoft.com
21. Anonymous / Ro claims to target Russia
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Russian financial services.
- Date: 2025-09-18T08:39:02Z
- Network: telegram
- Published URL: https://t.me/AnonymousRoNews/179
- Screenshots:
- Threat Actors: Anonymous / Ro
- Victim Country: Russia
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
22. Alleged data leak of Yuanta Securities
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Yuanta Financial Holding. The compromised data reportedly include 690,000 records of users information such as .
- Date: 2025-09-18T07:55:23Z
- Network: telegram
- Published URL: https://t.me/aqj986/7270
- Screenshots:
- Threat Actors: Aiqianjin
- Victim Country: Thailand
- Victim Industry: Financial Services
- Victim Organization: yuanta securities (thailand) co., ltd.
- Victim Site: yuanta.co.th
23. Alleged data leak of Iraqi citizens
- Category: Data Breach
- Content: The threat actor claims to have leaked 30 million records of Iraqi citizens, allegedly containing ID numbers, names, bank IDs, email addresses, and more.
- Date: 2025-09-18T07:39:20Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Data-of-30-million-Iraqi-citizens-2025
- Screenshots:
- Threat Actors: Shada007
- Victim Country: Iraq
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
24. Alleged gain of access to Unidentified Organisation
- Category: Initial Access
- Content: The group claims to have gained full, unrestricted access to the target system, allowing real-time monitoring, data exfiltration, and potential privilege escalation for persistent control of Unidentified Organisation.
- Date: 2025-09-18T06:29:53Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/772
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Italy
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
25. Alleged sale of cryptocurrency exchange user phone numbers
- Category: Data Breach
- Content: Threat actor claims to be selling large datasets containing verified mobile phone numbers tied to users of major cryptocurrency exchanges. The post claims coverage across multiple regions, including the UAE, USA, Hong Kong, France, Oman, Saudi Arabia, Kuwait, UK, Italy, and the Netherlands
- Date: 2025-09-18T06:21:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Cryptocurrency-exchange-mobile-phone-number
- Screenshots:
- Threat Actors: 1688shuju
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
26. GenZRisingNepal targets the website of Rashtriya Swatantra Party
- Category: Defacement
- Content: Group claims to have targets the website of Rashtriya Swatantra Party Proof : https://rspnepal.org/news/press-2082-06-02
- Date: 2025-09-18T06:01:16Z
- Network: telegram
- Published URL: https://t.me/ctrl_nepal/111
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Political Organization
- Victim Organization: rashtriya swatantra party
- Victim Site: rspnepal.org
27. Alleged data breach of St. John Ambulance
- Category: Data Breach
- Content: Threat actor claims to have gained access and leaked the database of St. John Ambulance. The compromised data include 17K users including user account credentials and personal identifiers.
- Date: 2025-09-18T04:53:39Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-sja-ca
- Screenshots:
- Threat Actors: arac
- Victim Country: Canada
- Victim Industry: Consumer Services
- Victim Organization: st. john ambulance
- Victim Site: sja.ca
28. TEAM BD CYBER NINJA OFFICIAL targets the website of Nursing Study Hub
- Category: Defacement
- Content: Group claims to have targets the website of Nursing Study Hub. Proof – https://blog.nursingstudyhub.com/wp-includes/widgets/index.php DEFACER ID:- https://defacer.id/mirror/id/190319
- Date: 2025-09-18T04:37:10Z
- Network: telegram
- Published URL: https://t.me/c/2594876836/159
- Screenshots:
- Threat Actors: TEAM BD CYBER NINJA OFFICIAL
- Victim Country: Unknown
- Victim Industry: Education
- Victim Organization: nursing study hub
- Victim Site: blog.nursingstudyhub.com
29. Alleged data breach of Community College of Qatar
- Category: Data Breach
- Content: Threat actor claims to have leaked data from ccq.edu.qa, an educational institution in Qatar. The compromised data reportedly includes student emails, national ID numbers, gender, course information, card/payment details (masked), transaction statuses, payment methods (e.g., NAPS), and timestamps.
- Date: 2025-09-18T04:13:36Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266486/
- Screenshots:
- Threat Actors: r57
- Victim Country: Qatar
- Victim Industry: Higher Education/Acadamia
- Victim Organization: community college of qatar
- Victim Site: ccq.edu.qa
30. Alleged data breach of Ministry Of Construction and Housing Israel
- Category: Data Breach
- Content: Threat actor claims to have leaked the database of Ministry Of Construction and Housing Israel. The compromised data includes personally identifiable information such as full names, residential addresses, district details, ZIP codes, phone numbers (cellular and fax), and email addresses, along with record IDs and timestamps. NB: The organization was previously breached on June 08, 2025.
- Date: 2025-09-18T04:04:33Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-ISRAELI-MINISTRY-OF-CONSTRUCTION-AND-HOUSING-496-300-DATABASE
- Screenshots:
- Threat Actors: INDOHAXSEC
- Victim Country: Israel
- Victim Industry: Government Administration
- Victim Organization: ministry of construction and housing israel
- Victim Site: moch.gov.il
31. Alleged Data Leak of Philippine Beauty Center
- Category: Data Breach
- Content: Threat actor claims to have obtained the leaked data from Philippine Beauty Center
- Date: 2025-09-18T03:59:34Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266487/
- Screenshots:
- Threat Actors: r57
- Victim Country: Philippines
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
32. Alleged data leak of Pakistani caller provider
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing information from a Pakistani caller provider, exposing over 1.5 million records. The leaked data includes mobile phone numbers and associated names, with sample entries showing both English and non-Latin characters.
- Date: 2025-09-18T03:05:15Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266488/
- Screenshots:
- Threat Actors: r57
- Victim Country: Pakistan
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
33. Alleged data breach of Universidad Privada Antenor Orrego (UPAO)
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of photos from the Universidad Privada Antenor Orrego (UPAO). The attacker alleges that they successfully extracted 27,360 photos of both students and faculty members.
- Date: 2025-09-18T02:52:24Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-LEAK-UPAO-EDU-PE-27-360-Fotos-de-Estudiantes-y-Docentes
- Screenshots:
- Threat Actors: milan
- Victim Country: Peru
- Victim Industry: Higher Education/Acadamia
- Victim Organization: universidad privada antenor orrego (upao)
- Victim Site: upao.edu.pe
34. Alleged Data Leak of YG Select
- Category: Data Breach
- Content: Threat actor claims to leak data of YG Select
- Date: 2025-09-18T01:57:15Z
- Network: telegram
- Published URL: https://t.me/aqj986/7267
- Screenshots:
- Threat Actors: Aiqianjin
- Victim Country: Thailand
- Victim Industry: E-commerce & Online Stores
- Victim Organization: yg select
- Victim Site: ygselect.com
35. Alleged Data Leak of Kooku
- Category: Data Breach
- Content: Threat actor claims to leak data of Kooku
- Date: 2025-09-18T01:51:37Z
- Network: telegram
- Published URL: https://t.me/aqj986/7268
- Screenshots:
- Threat Actors: Aiqianjin
- Victim Country: Germany
- Victim Industry: Human Resources
- Victim Organization: kooku
- Victim Site: kooku.de
36. Alleged gain of access to Warin Chamrap Vocational College Management System
- Category: Initial Access
- Content: The group claims to have gained access of Warin Chamrap Vocational College Management System
- Date: 2025-09-18T01:42:45Z
- Network: telegram
- Published URL: https://t.me/NigthCrawlerX/947
- Screenshots:
- Threat Actors: NightCrawlerX
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: warin chamrap vocational college management system
- Victim Site: rms.warinice.ac.th
37. Alleged data breach of Raiox Predictive Courses and Training
- Category: Data Breach
- Content: Threat actor claims to have leaked the data of Raiox Predictive Courses and Training. The compromised data includes exposed database credentials (username, password, host, and database names).
- Date: 2025-09-18T00:20:40Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Brazil-https-raioxpreditivo-com-br
- Screenshots:
- Threat Actors: gr4c3ann
- Victim Country: Brazil
- Victim Industry: Professional Training
- Victim Organization: raiox predictive courses and training
- Victim Site: raioxpreditivo.com.br
Based on the incidents detailed in this report, the cyber threat landscape is diverse and active. Data breaches and leaks are a prominent concern, impacting a range of sectors including education, gaming, healthcare, automotive, and financial services. The compromised data is varied, from personal user information and credit card details to sensitive patient records and classified military components.
In addition to data compromise, there is significant activity in initial access sales. Threat actors are offering unauthorized access to various systems, including banking and corporate networks, and even government and military infrastructure. The sale of malicious tools, such as penetration testing and DDoS tools, further highlights the availability of offensive capabilities in the cyber underground.
Collectively, these incidents demonstrate that organizations across different industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. This underscores the critical need for robust cybersecurity measures, including strong access controls, comprehensive data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.