[September-26-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged data leak of McDonald’s and Partners
  1. Alleged Database Leak of ITTell Ukraine
  1. Alleged data sale of Shellter Elite v11.1
  1. Alleged unauthorized access to unidentified hosting providers in Europe
  1. Alleged data sale of Hyderabad Metro Rail Limited
  • Category: Data Breach
  • Content: The threat actor claims to be selling data from Hyderabad Metro Rail Limited, India. The compromised data include merchant ID, merchant short ID, encryption secret key, encryption IV key, QR encryption secret key, Paytm merchant key, Paytm callback URL, and more.
  • Date: 2025-09-26T12:24:25Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Hyderabad-Metro)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ab4f6496-11f7-42c6-9982-b7c78da11ceb.png
  • Threat Actors: meoow
  • Victim Country: India
  • Victim Industry: Transportation & Logistics
  • Victim Organization: hmrl
  • Victim Site: hmrl.co.in
  1. Alleged data breach of Tecnova Group Srl
  1. Alleged unauthorized access to Munro Control System, USA
  1. Alleged unauthorized access to MEBLE WOŹNIAK
  1. Alleged data breach of The Changanacherry Co-operative Urban Bank Ltd.
  • Category: Data Breach
  • Content: The group claims to have gained database from The Changanacherry Co-operative Urban Bank Ltd. The data reportedly includes id, login type id, password, user name, name, create date, online status, enabled status, last visited ip, last visited date etc.
  • Date: 2025-09-26T10:07:56Z
  • Network: telegram
  • Published URL: (https://t.me/babayoerorsystem1/205)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/56ce8d8c-1e4f-4a04-a448-2e01852c76e1.JPG
  • Threat Actors: BABAYO EROR SYSTEM
  • Victim Country: India
  • Victim Industry: Banking & Mortgage
  • Victim Organization: the changanacherry co-operative urban bank ltd.
  • Victim Site: changanacherryurban.in
  1. Alleged data breach of National Planning Department (NPD), Sri Lanka
  1. Alleged Sale of Corporate Accesses and Logs
  • Category: Initial Access
  • Content: The threat actor claims to be selling corporate access credentials, logs, and related services targeting entities primarily located in the US and EU. The available inventory includes diverse access types such as RDP/WEB/ SQL for various industries, including Insurance Services, Software, Government & Hardware Retail, and Construction.
  • Date: 2025-09-26T08:55:19Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/267033/)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/8a013983-6600-4ded-9b9f-5716830efd26.png
  • Threat Actors: soler
  • Victim Country: USA
  • Victim Industry: Insurance
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of Tentara Nasional Indonesia Personnel Records
  1. Alleged data breach of Brunei Postal Services Department
  1. Alleged data leak of stock investors lead in USA
  1. Alleged sale of MetaMask Checker by CodeGangland
  • Category: Malware
  • Content: Threat actor is offering MetaMask Checker by CodeGangland a fast folder/ZIP-crawling wallet-sweeper that extracts wallet addresses and hashes, snapshots USD balance estimates, supports exportable CSV/JSON results and an optional password-check; classified as high-risk crypto-theft tooling (dual-use for authorized forensics but commonly abused for illicit wallet harvesting).
  • Date: 2025-09-26T04:58:41Z
  • Network: openweb
  • Published URL: (https://demonforums.net/Thread-MetaMask-Checker-by-CodeGangland–177158)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/05e82f6b-f428-4ec5-b086-6afc81b4929c.png
  • Threat Actors: Starip
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of Land Transportation Office (LTO) – Philippines
  1. Alleged sale of unauthorized access to unidentified Managed Services Provider in USA
  1. Alleged sale of Hazard Nuker v1.3.3
  • Category: Malware
  • Content: Threat actor is offering Hazard Nuker v1.3.3 a command-line, assault-style toolkit that automates multi-vector account disruption (mass messaging, deletions, bans), credential/telemetry capture, and high-intensity abuse workflows; classified as malicious nuker/abuseware though occasionally repackaged for red-team testing.
  • Date: 2025-09-26T04:07:39Z
  • Network: openweb
  • Published URL: (https://demonforums.net/Thread-Hazard-Nuker-v1-3-3)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/b7a2f22b-5af1-428f-a841-a8c1022c186a.png
  • Threat Actors: Starip
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data sale of Calzzapato
  1. Alleged sale access to unidentified Worldwide FinTech
  1. Alleged sale access to US Navy
  1. Alleged sale of unauthorized access to unidentified Insurance organization in Canada
  1. Alleged sale of unauthorized access to unidentified medical equipment manufacturing organization in USA
  1. Alleged data leak of Saxo Bank Germany
  • Category: Data Breach
  • Content: Alleged Data Leak of September Saxo Bank Germany Financial Investment and Wealth Management Records Involving 700,000 Online Trades NB : Authenticity of claim is yet to be verified
  • Date: 2025-09-26T03:30:58Z
  • Network: telegram
  • Published URL: (https://t.me/aqj986/7382)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/455a8fab-7e17-405a-8fe0-98f4e2caa017.png
  • Threat Actors: Aiqianjin
  • Victim Country: Germany
  • Victim Industry: Banking & Mortgage
  • Victim Organization: saxo bank
  • Victim Site: Unknown
  1. Alleged sale of unauthorized access to Saudi Government Ministry
  1. Alleged data leak of CIMB Bank
  • Category: Data Breach
  • Content: Alleged Data Leak of September Malaysia CIMB Financial Investments Covering All Fund Types and Bonds Worth 720,000 NB : Authenticity of claim is yet to be verified
  • Date: 2025-09-26T03:25:42Z
  • Network: telegram
  • Published URL: (https://t.me/aqj986/7384)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ebf740f3-6c7e-4f05-821d-2f3d83fa9022.png
  • Threat Actors: Aiqianjin
  • Victim Country: Malaysia
  • Victim Industry: Banking & Mortgage
  • Victim Organization: cimb bank
  • Victim Site: cimb.com
  1. Alleged data leak of HSBC UK
  1. Alleged data leak of Indonesian full names and Tax Identification Numbers
  1. Alleged data leak of National Student Registration Numbers
  1. Alleged Leak of Sensitive Data From Indonesian Public Figure’s System
  1. Alleged sale of TexSender Pro v8.9.7
  1. Alleged sale of RDWeb access to an unidentified Home Improvement & Hardware Retail in USA and Germany
  1. Alleged sale of Android one-click RCE
  1. Alleged sale of RDWeb access to an unidentified Building Materials company in USA
  1. Alleged sale of Fud word exploit
  1. Alleged sale of RDWeb access to an unidentified business services company in the USA
  1. Alleged sale of RDWeb access to an unidentified Airlines in USA
  1. Alleged sale of RDWeb access to an unidentified Netherlands-based commercial and residential construction company
  1. Alleged sale of RDWeb access to an unidentified Membership Organization in Belgium
  • Category: Initial Access
  • Content: Threat actor claims to be selling RDWeb access to an unidentified Membership Organizations and Medical Specialists Hospitals & Physicians company in Belgium.The environment is protected by WithSecure, and the access level is Local User.
  • Date: 2025-09-26T02:19:10Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/267015/)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/63999cf8-4f74-4a78-96e5-04b96265a473.png
  • Threat Actors: soler
  • Victim Country: Belgium
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data breach of MedSkin Solutions Dr. Suwelack AG
  1. Alleged data breach of Swedish National Courts Administration (Domstolsverket)
  • Category: Data Breach
  • Content: The group claims to have obtained 500 GB of internal data from the Swedish National Courts Administration (SNCA). The exposed samples include Swedish court verdicts containing sensitive personal data
  • Date: 2025-09-26T00:36:34Z
  • Network: telegram
  • Published URL: (https://t.me/c/2297393697/668)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/e47bce51-8863-40f4-8860-c787fd59e61c.png
  • Threat Actors: HIME666
  • Victim Country: Sweden
  • Victim Industry: Judiciary
  • Victim Organization: swedish national courts administration (snca)
  • Victim Site: domstol.se
  1. Alleged data breach of Sambas Regency
  1. Alleged data leak of Indonesian civil servants

Defacement Incidents

The following incidents relate to website defacements, strictly based on the provided data.

  1. V FOR VENDETTA CYBER TEAM targets the website of Ayapoa
  1. V FOR VENDETTA CYBER TEAM targets the website of MACRO-IT
  1. V FOR VENDETTA CYBER TEAM targets the website of Paragon Career Solution
  1. V FOR VENDETTA CYBER TEAM targets the website of Maqbool Solutions
  1. V FOR VENDETTA CYBER TEAM targets mutliple websites in India

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from restaurants and telecommunications to government and military industries, and impacting countries including the USA, Ukraine, Italy, India, Sri Lanka, Indonesia, Brunei, Philippines, Mexico, Canada, Germany, Sweden, Belgium, and the Netherlands. The compromised data ranges from personal user information, financial records, and login credentials to sensitive personnel records and logistical tracking data.

Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to control systems (Munro, MEBLE WOŹNIAK), corporate networks (RDWeb access to US, Canadian, Dutch, and Belgian firms), and government/military infrastructure (Saudi Government Ministry, US Navy/USAF/USDoD contractor).

The sale of malware, including a penetration testing tool (Shellter Elite v11.1), crypto-theft tooling (MetaMask Checker), a command-line assault toolkit (Hazard Nuker), bulk messaging tools (TexSender Pro), an Android RCE exploit, and FUD exploit sales, further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts