This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged leak of Personally Identifiable Information data
- Category: Data Breach
- Content: The threat actor claims to have leaked personal data of an individual named Raffi Farid Ahmad, allegedly containing sensitive information such as full name, ID number, date of birth, gender, blood type, and address.
- Date: 2025-09-24T14:10:49Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-RAFFI-AHMAD-DATABASE
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
2. Alleged unauthorized access to unidentified control system of industrial pumps in Lithuania
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified control system of industrial pumps in Lithuania. The compromised system allegedly allows full control over power settings, switching etc.
- Date: 2025-09-24T14:02:36Z
- Network: telegram
- Published URL: https://t.me/sauron_of_eye/20
- Screenshots:
- Threat Actors: EYE OF SAURON
- Victim Country: Lithuania
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged data breach of General Directorate of Traffic, Spain
- Category: Data Breach
- Content: The threat actor claims to have leaked the General Directorate of Traffic (DGT) database in Spain, allegedly containing sensitive information such as fines, driver’s licenses, vehicle details, and MOT records.
- Date: 2025-09-24T13:42:38Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DGT-SPAIN-2025–44236
- Screenshots:
- Threat Actors: patatatatatatan
- Victim Country: Spain
- Victim Industry: Government Administration
- Victim Organization: general directorate of traffic
- Victim Site: dgt.es
4. Alleged leak of Personally Identifiable Information data
- Category: Data Breach
- Content: The threat actor claims to have leaked personal data of an individual named Ahmad Sahroni, allegedly containing sensitive information such as full name, ID number, date of birth, address, marital status, occupation, and nationality.
- Date: 2025-09-24T13:34:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-AHMAD-SAHRONI-DATA
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
5. Alleged sale of unidentified private French organization
- Category: Data Breach
- Content: The threat actor claims to be selling a unidentified private French database containing over 2.9 million verified users, allegedly including personal details such as names, addresses, emails, and telephone numbers.
- Date: 2025-09-24T13:33:56Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Private-French-Database-with-over-2-9M-verified-users
- Screenshots:
- Threat Actors: Shin0bi
- Victim Country: France
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
6. Alleged Sale of Russian Documents
- Category: Data Breach
- Content: The threat actor claims to be selling a collection of Russian documents. The files consist of 79 pages and are 793 MB in size, allegedly containing information about a potential Russian attack on the Baltic countries.
- Date: 2025-09-24T13:32:40Z
- Network: openweb
- Published URL: https://leakbase.la/threads/topsecret-russ1a-atack-on-baltic-countries-2025-9-18-79pg-793mb.43458/
- Screenshots:
- Threat Actors: Minion
- Victim Country: Russia
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
7. Alleged database leak of 1Win
- Category: Data Breach
- Content: The threat actor claims to have leaked database from 1Win Brazil.
- Date: 2025-09-24T13:22:38Z
- Network: openweb
- Published URL: https://leakbase.la/threads/brazil-1win-database.43451/
- Screenshots:
- Threat Actors: kodahe4237
- Victim Country: Brazil
- Victim Industry: Gambling & Casinos
- Victim Organization: 1win
- Victim Site: 1-wins.br.com
8. Alleged Leak of Poland Citizen Database
- Category: Data Breach
- Content: The threat actor claims to have leaked a database containing personal information of Polish citizens.
- Date: 2025-09-24T13:20:14Z
- Network: openweb
- Published URL: https://leakbase.la/threads/poland-citizen-database.43454/
- Screenshots:
- Threat Actors: topopow941
- Victim Country: Poland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
9. Alleged Sale of Access to Italian E-commerce Website
- Category: Initial Access
- Content: The threat actor claims to be selling full access to the site, including the administrative panel, a web shell, and SQL administrator privileges. The listing specifies a substantial volume of compromised payment card data, allegedly affecting more than 251,443 registered users, with an average transaction value of €39. Additionally, a chronological record of stolen credit cards from the compromised platform is included.
- Date: 2025-09-24T13:17:28Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266916/
- Screenshots:
- Threat Actors: Yudgin
- Victim Country: Italy
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
10. Alleged leak of credit card data
- Category: Data Breach
- Content: The threat actor claims to have leaked over 5,000 valid credit card details, allegedly containing the card number, expedition date, CVV, email, and address.
- Date: 2025-09-24T13:13:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-5K-VALID-CREDIT-CARDS-24-09-2025-UPDATED
- Screenshots:
- Threat Actors: patatatatatatan
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
11. Alleged database leak of Halara
- Category: Data Breach
- Content: The threat actor claims to have obtained database of Halara.
- Date: 2025-09-24T13:10:32Z
- Network: openweb
- Published URL: https://leakbase.la/threads/halara-com-database.43453/
- Screenshots:
- Threat Actors: dadexi4657
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: halara
- Victim Site: halara.com
12. Alleged Sale of US Citizen Data
- Category: Data Breach
- Content: The threat actor claims to be selling US citizen data, including credit card details.
- Date: 2025-09-24T13:02:14Z
- Network: openweb
- Published URL: https://leakbase.la/threads/us-leak-citizen-data-available-with-fulz.43464/
- Screenshots:
- Threat Actors: clara283
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
13. Alleged Sale of U.S. Social Security Number Database
- Category: Data Breach
- Content: The threat actor claims to be selling a database containing U.S. Social Security Numbers (SSNs).
- Date: 2025-09-24T12:58:47Z
- Network: openweb
- Published URL: https://leakbase.la/threads/usa-ssn-database-2025.43456/
- Screenshots:
- Threat Actors: jacare9658
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
14. Alleged Leak of Multiple Login Credentials in Indonesia
- Category: Initial Access
- Content: The group claims to have leaked multiple login credentials from several organizations in Indonesia.
- Date: 2025-09-24T12:39:43Z
- Network: telegram
- Published URL: https://t.me/BangladeshAnonymous56/521
- Screenshots:
- Threat Actors: BD Anonymous
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: magang kemenkeu
- Victim Site: magang.kemenkeu.go.id
15. Alleged sale of admin access to iframe to an unidentified US shop.
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to an iframe to an unidentified US shop.
- Date: 2025-09-24T12:36:19Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266906/
- Screenshots:
- Threat Actors: Stari4ok
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
16. Alleged data breach of SMK Negeri 2 Padang
- Category: Data Breach
- Content: The threat actor claims to have leaked teacher’s data from SMK Negeri 2 Padang, Indonesia, allegedly containing name, employee ID, and position.
- Date: 2025-09-24T12:18:27Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-DATA-GURU-SMK-PADANG
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Indonesia
- Victim Industry: Education
- Victim Organization: smk negeri 2 padang
- Victim Site: smkn2padang.sch.id
17. Alleged data breach of LCBO
- Category: Data Breach
- Content: The threat actor claims to have leaked a database from LCBO, allegedly containing account ID, first name, last name, email, phone number, and account type.
- Date: 2025-09-24T12:11:49Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-LCBO-com-Data-breach
- Screenshots:
- Threat Actors: ghidra
- Victim Country: Canada
- Victim Industry: Wine & Spirits
- Victim Organization: lcbo
- Victim Site: lcbo.com
18. Alleged data breach of Hamdard Pakistan
- Category: Data Breach
- Content: The threat actor claims to have leaked 6,000 data from Hamdard Pakistan, Allegedly containing title, marital status, first name, last name, department, email, mobile number and more.
- Date: 2025-09-24T11:35:33Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Hamdard-Pakistan-Database-Leaked-Download
- Screenshots:
- Threat Actors: KaruHunters
- Victim Country: Pakistan
- Victim Industry: Health & Fitness
- Victim Organization: hamdard pakistan
- Victim Site: hamdard.com.pk
19. Alleged Unauthorized Access to Jabłonna Lacka Water Treatment Plant, Poland
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the control system of the Jabłonna Lacka Water Treatment Plant in Poland. The compromised system reportedly allows full management of water filters, pump equipment, tanks, and environmental parameters, including monitoring water flow, pressure, and reagent dosing. The system is reportedly vulnerable to power supply issues and pump blockages, which could lead to operational failures.
- Date: 2025-09-24T11:08:48Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/785
- Screenshots:
- Threat Actors: Z-PENTEST ALLIANCE
- Victim Country: Poland
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
20. Alleged data breach of SATPOL PP JAKARTA, Indonesia
- Category: Data Breach
- Content: The threat actor claims to have leaked data from SATPOL PP JAKARTA, Indonesia. The compromised data includes employee id, name, education, rank, position, and position details.
- Date: 2025-09-24T10:44:39Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-data-satpol-pp
- Screenshots:
- Threat Actors: FokafSquad
- Victim Country: Indonesia
- Victim Industry: Government Administration
- Victim Organization: satpol pp jakarta
- Victim Site: satpolpp.jakarta.go.id
21. Alleged data leak of forged and real registered documents
- Category: Data Breach
- Content: The threat actor claims to offer a wide range of forged and real registered documents, including passports, driver’s licenses, ID cards, SSNs, visas, birth and death certificates, COVID-19 vaccination cards, diplomas, and marriage certificates. These documents are allegedly available for countries such as Germany, the USA, UK, Canada, Australia, and more.
- Date: 2025-09-24T08:23:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Buy-German-Passport-Whatsap-49-15511-029239-Buy-German-Drivers-Licenese-ID-Card
- Screenshots:
- Threat Actors: edel
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
22. Alleged data breach of Tsitsigias
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Tsitsigias, allegedly containing first names, last names, email addresses, telephone numbers, fax numbers, passwords, salts, cart information, and more.
- Date: 2025-09-24T08:19:03Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Greek-Database-tsitsigias-com
- Screenshots:
- Threat Actors: Wizard
- Victim Country: Greece
- Victim Industry: Fashion & Apparel
- Victim Organization: tsitsigias
- Victim Site: tsitsigias.com
23. Alleged data breach of Google Asia Pacific Pte. Ltd.
- Category: Data Breach
- Content: The threat actor claims to have gained 249,058 database of Google Asia Pacific Pte. Ltd. based in Jakarta, Indonesia. The compromised data includes google pay, google maps platform, and youTube.
- Date: 2025-09-24T08:17:55Z
- Network: telegram
- Published URL: https://t.me/c/2911263260/80
- Screenshots:
- Threat Actors: CLOBELSECTEAM
- Victim Country: Indonesia
- Victim Industry: Information Technology (IT) Services
- Victim Organization: google asia pacific pte. ltd.
- Victim Site: google.com
24. Alleged data leak of Breach Forums
- Category: Data Breach
- Content: The threat actor claims to have leaked data from Breach Forums. The compromised data includes user registrations and domain control information.
- Date: 2025-09-24T07:49:34Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Leak-of-Breachforums
- Screenshots:
- Threat Actors: kokocorp
- Victim Country: Unknown
- Victim Industry: Social Media & Online Social Networking
- Victim Organization: breach forums
- Victim Site: breachforums.info
25. Alleged Sale of Admin Access to a Bulgarian University
- Category: Initial Access
- Content: The threat actor claims to be selling Admin + Database Access to one of the biggest Universities in Bulgaria.
- Date: 2025-09-24T07:48:45Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Access-University-of-Bulgaria
- Screenshots:
- Threat Actors: kokocorp
- Victim Country: Bulgaria
- Victim Industry: Education
- Victim Organization: Unknown
- Victim Site: Unknown
26. Alleged Sale of Admin Access to a Bulgarian Online Pharmacy
- Category: Initial Access
- Content: The threat actor claims to be selling administrator access to a large online pharmacy in Bulgaria.
- Date: 2025-09-24T07:45:09Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Access-Admin-Access-to-Bulgaria-Pharmacy
- Screenshots:
- Threat Actors: kokocorp
- Victim Country: Bulgaria
- Victim Industry: Healthcare & Pharmaceuticals
- Victim Organization: Unknown
- Victim Site: Unknown
27. Alleged data sale of the Ministry of Health, Rwanda
- Category: Data Breach
- Content: The threat actor claims to be selling 53GB of data from the Ministry of Health in Rwanda. The compromised data includes documents, CVs, emails, and SQL files.
- Date: 2025-09-24T07:42:46Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Government-of-Rwanda-Ministry-of-Health
- Screenshots:
- Threat Actors: kokocorp
- Victim Country: Rwanda
- Victim Industry: Government Administration
- Victim Organization: ministry of health
- Victim Site: hmis.moh.gov.rw
28. Alleged sale of unauthorized access to an unidentified shop in Switzerland
- Category: Initial Access
- Content: Threat actor claims to be selling unauthorized admin access to a Switzerland-based e-commerce shop running on PrestaShop.
- Date: 2025-09-24T06:08:28Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/266738/
- Screenshots:
- Threat Actors: niggaboi
- Victim Country: Switzerland
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
29. Alleged data breach of Pakhtunkhwa Group Of Schools (PGS)
- Category: Data Breach
- Content: The threat actor claims to have leaked full database of Pakhtunkhwa Group Of Schools (PGS). The exposed data contain names, account IDs, email addresses, Facebook IDs, passwords, WhatsApp, phone numbers, CNICs etc.
- Date: 2025-09-24T05:54:37Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-PK-PGS-Database
- Screenshots:
- Threat Actors: Yrrrr
- Victim Country: Pakistan
- Victim Industry: Education
- Victim Organization: pakhtunkhwa group of schools (pgs)
- Victim Site: pakhtunkhwaschools.com
30. Alleged data breach of Jhumar Bazar
- Category: Data Breach
- Content: Threat actor claims to have leaked customer database from JhumarBazar, a chandelier seller and service provider based in Hyderabad, India.
- Date: 2025-09-24T04:08:04Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-jhumarbazar-com-DATABASE
- Screenshots:
- Threat Actors: l33tfg
- Victim Country: India
- Victim Industry: Retail Industry
- Victim Organization: jhumar bazar
- Victim Site: jhumarbazar.com
31. Alleged sale of unauthorized access to an unidentified software company in Saudi Arabia
- Category: Initial Access
- Content: Threat actor claims to be selling firewall access to unidentified software company in Saudi Arabia.
- Date: 2025-09-24T01:57:33Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Initial-Access-Saudi-Arabia-Software-Company
- Screenshots:
- Threat Actors: paws
- Victim Country: Saudi Arabia
- Victim Industry: Software Development
- Victim Organization: Unknown
- Victim Site: Unknown
32. Alleged data breach of PARIVESH
- Category: Data Breach
- Content: Threat actor claims to have leaked 1.2 million user records from PARIVESH. The compromised data reportedly includes attendance records, committee person IDs, designations and designation orders, dates of birth, email addresses, employee codes and types, entity IDs, gender information, mobile phone numbers, names, and user types.
- Date: 2025-09-24T01:33:08Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Parivesh-Data-Breach-Leaked-Download
- Screenshots:
- Threat Actors: flirt
- Victim Country: India
- Victim Industry: Government Administration
- Victim Organization: parivesh
- Victim Site: parivesh.nic.in
33. Alleged data breach of K Shipbuilding Co. Ltd
- Category: Data Breach
- Content: The threat actor claims to have leaked a database belonging to K Shipbuilding Co. Ltd, contains approximately 330,000 files totaling 30 GB, including sensitive documents such as shipbuilding designs and engineering drawings.
- Date: 2025-09-24T00:56:30Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-Data-K-Shipbuilding-Co-Ltd-333-000-files
- Screenshots:
- Threat Actors: Sorb
- Victim Country: South Korea
- Victim Industry: Shipbuilding
- Victim Organization: k shipbuilding co. ltd
- Victim Site: kshipbuilding.com
34. Alleged data breach of Ministry of Agriculture and Livestock Development
- Category: Data Breach
- Content: Threat actor claims to have leaked data from Ministry of Agriculture and Livestock Development. The compromised data includes Name, Email, Contact Number, User Type, Status, Role, etc.
- Date: 2025-09-24T00:56:09Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Nepal-Ministry-of-Agriculture-and-Livestock-Development
- Screenshots:
- Threat Actors: Purple0piOd
- Victim Country: Nepal
- Victim Industry: Government Administration
- Victim Organization: ministry of agriculture and livestock development
- Victim Site: moald.gov.np
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education, gaming, healthcare, and automotive, to government and financial services. The compromised data ranges from personal user information and credit card details to sensitive patient records, classified military components, and large customer databases.
Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to banking systems, corporate networks (including RDWeb access to Canadian and UK firms), and even government and military infrastructure like the Royal Thai Air Force and Madrid’s irrigation system. The sale of malware, including penetration testing tools and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground.
The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.