This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
- Alleged data breach of University of Perpetual Help System DALTA
- Category: Data Breach
- Content: The threat actor claims to have leaked data and admin credentials from the University of Perpetual Help System DALTA, Philippines. The compromised data includes events, alumni magazines, alumnus bio, careers, courses, discounts, event commits, event gallery, and more.
- Date: 2025-09-23T14:01:37Z
- Network: openweb
- Published URL: (https://darkforums.st/Thread-UNIVERSITY-OF-PERPATUAL-ADMIN-CREDENTIALS-LEAKED-BY-NOSTR4)
- Screenshots:
- Threat Actors: nostra
- Victim Country: Philippines
- Victim Industry: Education
- Victim Organization: university of perpetual help system dalta
- Victim Site: perpetualdalta.edu.ph
- Alleged data breach of Paul Rossi Law Offices
- Category: Data Breach
- Content: The group claims to have leaked data from Paul Rossi Law Offices
- Date: 2025-09-23T13:12:28Z
- Network: tor
- Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/7398234740/overview
- Screenshots:
- Threat Actors: Worldleaks
- Victim Country: USA
- Victim Industry: Law Practice & Law Firms
- Victim Organization: paul rossi law offices
- Victim Site: paulrossilaw.com
- Alleged sale of unauthorized access to backup systems of an unidentified organization
- Category: Initial Access
- Content: The group claims to have selling access to an unidentified organization. The compromised system contains a massive database of 10.7 terabytes distributed among documents, security systems, audio files, video materials, over 100 gigabytes of additional data.
- Date: 2025-09-23T13:09:19Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/1727
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged Data Leak of Korean law firm
- Category: Data Breach
- Content: The threat actor claims to be selling data allegedly taken from a Korean law firm.
- Date: 2025-09-23T11:51:39Z
- Network: openweb
- Published URL: https://leakbase.la/threads/korea-lawfirm-barun-data.43359/
- Screenshots:
- Threat Actors: hizeaero_hacker
- Victim Country: Unknown
- Victim Industry: Law Practice & Law Firms
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of US citizens’ records
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing 30 million rows of sensitive information belonging to U.S. citizens. The exposed dataset reportedly includes full names, email addresses, physical addresses, phone numbers, account numbers, routing numbers, Social Security Numbers (SSNs), dates of birth, and ID details.
- Date: 2025-09-23T11:44:40Z
- Network: openweb
- Published URL: https://leakbase.la/threads/usa-citizens-fresh-extracted-2025-9-1630-30-million-rows.43347/
- Screenshots:
- Threat Actors: Minion
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Malvern Hills District Council
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from Malvern Hills District Council. The compromised data includes property reference, account name, address, postcode, property description code, and more.
- Date: 2025-09-23T11:06:16Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATABASE-MALVERNHILLS
- Screenshots:
- Threat Actors: darknessAttack404
- Victim Country: UK
- Victim Industry: Government Administration
- Victim Organization: malvern hills district council
- Victim Site: malvernhills.gov.uk
- Alleged data leak of an unidentified Thailand furniture industry
- Category: Data Breach
- Content: The threat actor claims to have leaked a database of an unidentified Thailand furniture industry, including customer profiles, sales details, and original system exports.
- Date: 2025-09-23T11:06:11Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Thailand-Furniture-Industry-Database-%E6%B3%B0%E5%9B%BD%E5%AE%B6%E5%85%B7%E8%A1%8C%E4%B8%9A%E6%95%B0%E6%8D%AE%E5%BA%93
- Screenshots:
- Threat Actors: chihsoa
- Victim Country: Thailand
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of ICICI Bank, USA
- Category: Data Breach
- Content: The threat actor claims to have leaked data from ICICI Bank, USA. The compromised data reportedly includes: name of the bank, IFSC code, MICR code, branch name, address, contact details, centre, district, and state.
- Date: 2025-09-23T10:45:48Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATABASE-ICICI-BANK
- Screenshots:
- Threat Actors: darknessAttack404
- Victim Country: USA
- Victim Industry: Banking & Mortgage
- Victim Organization: icici bank
- Victim Site: icicibankusa.com
- Alleged unauthorized access to unidentified utility system of a residential building in Ukraine
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified automated utility system of a residential building in Ukraine. The compromised system allegedly allows full control over real-time monitoring, control of temperature and power parameters, adjusting supply and exhaust air exchange, controlling hydraulic units, and regulating heat flow, residential microclimate, ensuring comfort and energy efficiency.
- Date: 2025-09-23T09:51:00Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/782
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Mai Linh Group
- Category: Data Breach
- Content: The threat actor claims to have leaked data on 30,000 drivers and GPS location records from Mai Linh Group, allegedly containing driver code, name, license, time limit, phone number, identity card, birthday, blood type, staff card, agent name and more.
- Date: 2025-09-23T09:42:54Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Vietnam-Database-share-mailinh-vn-%EF%BC%A4river%EF%BC%8Bgps-30K
- Screenshots:
- Threat Actors: RobotMan
- Victim Country: Vietnam
- Victim Industry: Transportation & Logistics
- Victim Organization: mai linh group
- Victim Site: mailinh.vn
- Alleged data leak of Indonesia Ministry & President Personal Data
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Indonesia’s Ministry, including the personal data of the President. The leaked information reportedly includes name, number, and NIK (National Identity Number).
- Date: 2025-09-23T08:44:30Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATA-of-PRESIDEN-INDONESIA
- Screenshots:
- Threat Actors: satzfcv
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of Iron March
- Category: Data Breach
- Content: The threat actor claims to have leaked data on 15,218 individuals from Iron March, allegedly published on September 20, 2025. The compromised data includes Name, Member Group ID, Email, IP Address, Admin Mails, date of birth and more.
- Date: 2025-09-23T08:34:31Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Iron-March-Database-Leaked-Download
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Unknown
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: iron march
- Victim Site: ironmarch.org
- Alleged unauthorized access to an unidentified boiler system in Poland
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified boiler system in Poland. The compromised system allegedly allows control over adjusting pumps, valve , temperature control, pressure etc.
- Date: 2025-09-23T08:30:02Z
- Network: telegram
- Published URL: https://t.me/c/2948243735/65
- Screenshots:
- Threat Actors: TwoNet
- Victim Country: Poland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data sale of Assurance Maladie
- Category: Data Breach
- Content: The threat actor claims to be selling data on 10.1 million records from Assurance Maladie, allegedly containing the following information: title, last name, first name, address, phone number, profession, type of activity, and more.
- Date: 2025-09-23T08:22:18Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Ameli-fr-Assurance-Maladie-10-1M
- Screenshots:
- Threat Actors: Shin0bi
- Victim Country: France
- Victim Industry: Insurance
- Victim Organization: assurance maladie
- Victim Site: ameli.fr
- Alleged data leak of Tia.gov.np
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Tia.gov.np.
- Date: 2025-09-23T07:10:10Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Tia-gov-np
- Screenshots:
- Threat Actors: Masan
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: tia.gov.np
- Alleged data breach of Department of Education – Philippines (DepEd)
- Category: Data Breach
- Content: The threat actor claims to have leaked internal data from Department of Education – Philippines, including administrator credentials, employee records, and internal publication metadata. The exposed information reportedly includes usernames, email addresses, password hashes, privilege levels etc.
- Date: 2025-09-23T06:39:47Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DepEd-Pagadian-Leak
- Screenshots:
- Threat Actors: Terror
- Victim Country: Philippines
- Victim Industry: Education
- Victim Organization: department of education – philippines
- Victim Site: deped.gov.ph
- Alleged sale of 0day Nodes Cloudflare
- Category: Vulnerability
- Content: The threat actor claims to be selling a 0day vulnerability in Cloudflare CDN nodes that enables CDN bypass when chained with Host Header Injection (HHI). The exploit allows direct access to origin servers, bypassing protection mechanisms, and is demonstrated in a proof-of-concept video comparing normal and exploited behavior.
- Date: 2025-09-23T06:23:43Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266829/
- Screenshots:
- Threat Actors: APT_Hunter
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Vtenext
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Vtenext.com, an open-source CRM platform based in Italy exposed private messages and source code, with a total data size of 103 GB and a 700 MB sample provided.
- Date: 2025-09-23T05:16:08Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Source-Code-Vtenext-com-Data-Leaked-Download
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Italy
- Victim Industry: Software Development
- Victim Organization: vtenext
- Victim Site: vtenext.com
- Alleged data sale of Feathers Fashion
- Category: Data Breach
- Content: Threat actor claims to be selling data from Feathers Fashion. The alleged dump reportedly contains 727,920 records in CSV/SQL format.
- Date: 2025-09-23T05:14:13Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-feathers-ae-United-Arab-Emirates-Rich-Store
- Screenshots:
- Threat Actors: NanC
- Victim Country: UAE
- Victim Industry: Fashion & Apparel
- Victim Organization: feathers fashion
- Victim Site: feathers.ae
- Alleged data sale of Ministry of Education, Research and Technology Indonesia
- Category: Data Breach
- Content: Threat actor claims to be selling data from Ministry of Education, Research and Technology Indonesia. The compromised data includes Confidential letters, secret documents, financial records, infrastructure information, employees, etc. NB: The organization was previously breached on August 18, 2025.
- Date: 2025-09-23T05:02:05Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-kemdikbud-go-id-Ministry-Education-Research-and-Technology-Indonesia
- Screenshots:
- Threat Actors: NanC
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: ministry of education, research and technology indonesia
- Victim Site: kemdikbud.go.id
- Alleged data breach of Zen Tower Corporation of the Philippines
- Category: Data Breach
- Content: The threat actor claims to have leaked the database of Zen Tower Corporation of the Philippines, exposing user information from their systems. The leaked data includes user IDs, names, emails, usernames, passwords (in MD5), gender, location, account types, and timestamps.
- Date: 2025-09-23T05:00:47Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Zen-Tower-Cooperation-of-the-Philippines
- Screenshots:
- Threat Actors: Terror
- Victim Country: Philippines
- Victim Industry: Real Estate
- Victim Organization: zen tower corporation of the philippines
- Victim Site: zentowers.com.ph
- Alleged data breach of Foodiv
- Category: Data Breach
- Content: The threat actor claims to have leaked sensitive operational data from Foodiv. The exposed dataset reportedly includes shop names, email addresses, phone numbers, account IDs, order histories, subscription details etc.
- Date: 2025-09-23T03:39:52Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-foodiv-com-DataLeak
- Screenshots:
- Threat Actors: Purple0piOd
- Victim Country: India
- Victim Industry: Information Technology (IT) Services
- Victim Organization: foodiv
- Victim Site: foodiv.com
- CLOBELSECTEAM targets the website of Komite Pemantauan Pelaksanaan Otonomi Daerah
- Category: Defacement
- Content: The group claims to have defaced the website of KPPOD (Komite Pemantauan Pelaksanaan Otonomi Daerah) Proof : https://www.kppod.org/personil/view?id=43
- Date: 2025-09-23T03:27:19Z
- Network: telegram
- Published URL: https://t.me/c/2911263260/67
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: Indonesia
- Victim Industry: Non-profit & Social Organizations
- Victim Organization: komite pemantauan pelaksanaan otonomi daerah
- Victim Site: kppod.org
- Alleged data breach of Universidad de Piura
- Category: Data Breach
- Content: The threat actor claims to have leaked the database of the Universidad de Piura exposing personal data and photos of 1,714 students. The leaked information includes names, identification numbers, birth dates, addresses, emails, phone numbers, emergency contacts, and facial photographs.
- Date: 2025-09-23T03:05:26Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-PERU-UDEP-EDU-PE-Datos-y-Fotos-de-1-714-Estudiantes
- Screenshots:
- Threat Actors: milan
- Victim Country: Peru
- Victim Industry: Education
- Victim Organization: universidad de piura
- Victim Site: udep.edu.pe
- Alleged data leak of Cambodian mobile numbers
- Category: Data Breach
- Content: Threat actor claims to have leaked 1.5 Million Cambodian mobile numbers
- Date: 2025-09-23T02:46:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-1-5-Million-Cambodia-Numbers-Dataset-Leaked-Download
- Screenshots:
- Threat Actors: UNIT_PEGASUS
- Victim Country: Cambodia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data breach of Vercel
- Category: Data Breach
- Content: A threat actor claims to have leaked a user database belonging to the organization Vercel.
- Date: 2025-09-23T02:42:08Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-vercel-app-User-Database-Dump
- Screenshots:
- Threat Actors: Purple0piOd
- Victim Country: USA
- Victim Industry: Computer Software/Engineering
- Victim Organization: vercel
- Victim Site: vercel.app
- Alleged sale of VPN access to an unidentified organization in USA
- Category: Initial Access
- Content: Threat actor claims to be selling VPN domain user access in the USA
- Date: 2025-09-23T02:41:27Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266826/
- Screenshots:
- Threat Actors: yesdaddy
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged sale of VPN access to an unidentified organization in Denmark
- Category: Initial Access
- Content: Threat actor claims to be selling VPN domain user access in Denmark.
- Date: 2025-09-23T02:31:35Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266825/
- Screenshots:
- Threat Actors: yesdaddy
- Victim Country: Denmark
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of 1 Million Swiss Phone Numbers
- Category: Data Breach
- Content: The threat actor claims to have leaked 1 million Swiss phone numbers
- Date: 2025-09-23T01:50:49Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-1-million-Swiss-numbers
- Screenshots:
- Threat Actors: criminallife
- Victim Country: Switzerland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of classified Algerian eSIM Policy Directive
- Category: Data Breach
- Content: Threat Actor claims to have leaked classified Algerian eSIM Policy Directive.
- Date: 2025-09-23T01:44:10Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-Classified-AGERIAN-Policy-on-eSIM
- Screenshots:
- Threat Actors: vusets
- Victim Country: Algeria
- Victim Industry: Government Administration
- Victim Organization: Unknown
- Victim Site: Unknown
- Alleged data leak of German and Austrian Phone Numbers
- Category: Data Breach
- Content: Threat actor claims to have leaked 69,655 German and Austrian Phone Numbers.
- Date: 2025-09-23T01:35:18Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-69655-k-de-at-number
- Screenshots:
- Threat Actors: criminallife
- Victim Country: Germany
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
The cyber incidents documented in this report reveal a dynamic threat landscape with a variety of malicious activities. Data breaches and leaks are widespread, impacting a range of sectors including education, law, banking, and government administration across multiple countries like the Philippines, USA, UK, Thailand, Indonesia, Ukraine, Poland, France, Vietnam, Peru, Cambodia, Switzerland, Denmark, Algeria, and Germany . The compromised data is extensive, ranging from personal user details, financial records, and classified documents to sensitive operational data and administrative credentials .
Beyond data breaches, the report highlights a significant market for initial access, with threat actors offering unauthorized entry to utility systems, corporate networks, and government infrastructure. The report also details the sale of vulnerabilities, such as a 0-day exploit targeting Cloudflare CDN nodes. These incidents collectively underscore the persistent threat of data exfiltration, unauthorized network access, and the availability of malicious tools, emphasizing the critical need for robust cybersecurity defenses, including strong access controls, continuous vulnerability management, and proactive threat intelligence to combat these varied and opportunistic attacks.