[September-4-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Z-ALLIANCE targets the website of Cafe Hotel KORONA • Category: Defacement • Content: The group claims to have defaced the website of Cafe Hotel KORONA.• Date: 2025-09-04T14:19:26Z • Network: telegram • Published URL: https://t.me/Z_ALLIANCE/707 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/04f1155a-d6de-4056-a16d-bc8dbe26229d.png • Threat Actors: Z-ALLIANCE • Victim Country: Ukraine • Victim Industry: Hospitality & Tourism • Victim Organization: cafe hotel korona • Victim Site: koronalt.com.ua
  1. Alleged data breach of Waycation • Category: Data Breach • Content: The group claims to be have defaced and breached the data from Waycation.• Date: 2025-09-04T13:18:53Z • Network: telegram • Published URL: https://t.me/kxichixxsec/910 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/8fa0dc05-38e1-4163-9447-7db4bf73cd50.JPG • Threat Actors: Kxichixxsec • Victim Country: Thailand • Victim Industry: Leisure & Travel • Victim Organization: waycation • Victim Site: waycation.in.th
  1. Alleged sale of access to U.S. Army • Category: Initial Access • Content: The group claims to be selling access to U.S. Army.• Date: 2025-09-04T12:55:02Z • Network: telegram • Published URL: https://t.me/c/2976044031/1600 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5306cd66-0d70-41fe-893a-1d421207e064.png • Threat Actors: Scattered Lapsus$ • Victim Country: USA • Victim Industry: Military Industry • Victim Organization: us army • Victim Site: army.mil
  1. Alleged leak of Australia’s Private Lender’s Data • Category: Data Breach • Content: A threat actor claims to be selling data of Australian citizens. The compromised dataset reportedly includes 6,000 records from a private lender, containing Driving License, passport, medicare, marriage certificate, birth certificate, bank statements, ATO NOA (NOTICE OF ASSESMENT), TFN (TAX FILE NUMBER), property papers, equifax credit report rtc.• Date: 2025-09-04T12:49:34Z • Network: openweb • Published URL: https://forum.exploit.in/topic/265557/ • Screenshots: https://d34iuop8pidsy8.cloudfront.net/4cacef5b-8a89-45a5-9b5a-990647635ffd.JPG https://d34iuop8pidsy8.cloudfront.net/83b1cf85-e079-44fa-a95a-c66dc9019b58.JPG • Threat Actors: TerminatorSMD7 • Victim Country: Australia • Victim Industry: Unknown • Victim Organization: Unknown • Victim Site: Unknown
  1. Kxichixxsec targets the website of Bueng Kan Provincial Land Transport Office • Category: Defacement • Content: The group claims to have defaced the website of Bueng Kan Provincial Land Transport Office.• Date: 2025-09-04T12:22:19Z • Network: telegram • Published URL: https://t.me/kxichixxsec/905 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/13a6403a-4528-4c85-bba4-82d74ceec742.jpg • Threat Actors: Kxichixxsec • Victim Country: Thailand • Victim Industry: Government Administration • Victim Organization: bueng kan provincial land transport office • Victim Site: bkn.dlt.go.th
  1. Alleged data sale of Bumpa • Category: Data Breach • Content: The threat actor claims to be selling a database allegedly obtained from Bumpa. The leaked data includes personal information of over 526,864 unique users, including Customer IDs, Store IDs, full names, email addresses, and phone numbers.• Date: 2025-09-04T10:40:44Z • Network: openweb • Published URL: https://darkforums.st/Thread-Selling-Getbumpa-com-Data-Breach • Screenshots: https://d34iuop8pidsy8.cloudfront.net/05233110-5c02-467b-a8e9-c3aafbac8ab5.png https://d34iuop8pidsy8.cloudfront.net/f6abcf6c-80f3-4889-ba44-3ba592f4d179.png • Threat Actors: ghidra • Victim Country: Nigeria • Victim Industry: Management Consulting • Victim Organization: bumpa • Victim Site: getbumpa.com
  1. Alleged sale of custom botnet source code • Category: Malware • Content: The threat actor claims to be selling a custom botnet source code, featuring a modular client-server setup with Tor support, dynamic payload delivery (EXE, MSI, CMD), and capabilities like reverse shell, keylogger, file explorer, SOCKS proxy, and UAC bypass. It uses Bun, Next.js, PowerShell, PostgreSQL, and Redis, and supports API rebinding via DNS TXT records. The bot is reportedly undetected by Windows Defender.• Date: 2025-09-04T10:26:13Z • Network: openweb • Published URL: https://xss.pro/threads/142581/ • Screenshots: https://d34iuop8pidsy8.cloudfront.net/86a8a43a-a2bc-4a15-be97-d07566eebfd3.png • Threat Actors: mock • Victim Country: Unknown • Victim Industry: Unknown • Victim Organization: Unknown • Victim Site: Unknown
  1. Alleged leak of an unidentified chinese database • Category: Data Breach • Content: The threat actor claims to have leaked an unidentified Chinese database containing personally identifiable information (PII) of registered users. The dataset includes sensitive fields such as full names, mobile numbers, ID card/national codes, email addresses, usernames, IP addresses (registration and login), WeChat IDs, UnionIDs, avatars, company and position data, and registration timestamps.• Date: 2025-09-04T09:46:31Z • Network: openweb • Published URL: https://darkforums.st/Thread-CHINA-DATABASE-NAME-ID-CARD-ADRESS-EMAIL • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5131336d-d070-49ac-91fe-b101c3048ef8.png • Threat Actors: Digimon • Victim Country: China • Victim Industry: Unknown • Victim Organization: Unknown • Victim Site: Unknown
  1. Alleged unauthorized access to unidentified Warehouse Operation Control System in South Korea • Category: Initial Access • Content: The group claims to have gained unauthorized access to an unidentified Warehouse Operation Control System in South Korea.• Date: 2025-09-04T09:23:18Z • Network: telegram • Published URL: https://t.me/n2LP_wVf79c2YzM0/1348 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/b0909fc5-285b-443c-8939-ca85ec521d36.png • Threat Actors: Infrastructure Destruction Squad • Victim Country: South Korea • Victim Industry: Warehousing • Victim Organization: Unknown • Victim Site: Unknown
  1. Alleged data breach of Solok District Court • Category: Data Breach • Content: The threat actor claims to have leaked data from the Indonesian government website of Solok District Court, which handles traffic violation cases. The exposed database reportedly contains 3,718 records including violation IDs, names, fines, license plate numbers, legal articles, addresses, and case details.• Date: 2025-09-04T06:07:04Z • Network: openweb • Published URL: https://darkforums.st/Thread-DATABASE-OF-tilang-pn-solok-go-id-HAS-BEEN-LEAKED-BY-WAHSD • Screenshots: https://d34iuop8pidsy8.cloudfront.net/95c91976-2fae-4eef-8dd0-3a0911589348.png • Threat Actors: WASHD • Victim Country: Indonesia • Victim Industry: Government Administration • Victim Organization: solok district court • Victim Site: tilang.pn-solok.go.id
  1. Alleged data breach of SMAN 1 Gondang Mojokerto • Category: Data Breach • Content: The threat actor is leaking data of 1,000 students from SMAN Gomoker in Indonesia. The compromised data reportedly contains Name and NIPD (student ID).• Date: 2025-09-04T06:05:39Z • Network: openweb • Published URL: https://darkforums.st/Thread-1K-STUDENT-DATA-FROM-SMAN-GOMOKER • Screenshots: https://d34iuop8pidsy8.cloudfront.net/b4b61f32-f5e9-4cb9-9675-39545331a134.jpg • Threat Actors: WASHD • Victim Country: Indonesia • Victim Industry: Education • Victim Organization: sman 1 gondang mojokerto • Victim Site: sman1gomoker.sch.id
  1. Alleged sale of credit card from multiple countries • Category: Data Breach • Content: The threat actor is offering to sell cloned debit and credit cards, PayPal, and bank accounts from the US, Europe, Australia, Canada, and New Zealand.• Date: 2025-09-04T05:28:34Z • Network: openweb • Published URL: https://darkforums.st/Thread-Cartes-de-cr%C3%A9dit-et-comptes-Revolut • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ee078b72-e5a6-45b8-a97b-269593ba9872.jpg • Threat Actors: Brickmaszn • Victim Country: Unknown • Victim Industry: Unknown • Victim Organization: Unknown • Victim Site: Unknown
  1. Alleged data breach of Yellowshop • Category: Data Breach • Content: The threat actor claims to be selling a database from Yellowshop.es, containing over 188,000 records from 2022. The compromised data includes customer identifiers, billing agreement IDs, DNI numbers, account tokens, loyalty points, dates of birth, gender, phone numbers, email addresses, passwords, and other personal details.• Date: 2025-09-04T05:27:01Z • Network: openweb • Published URL: https://darkforums.st/Thread-DATABASE-150K-Yellowshop-es • Screenshots: https://d34iuop8pidsy8.cloudfront.net/c797d020-5367-43ff-9536-0cb5edb30c88.png • Threat Actors: Trezor • Victim Country: Spain • Victim Industry: E-commerce & Online Stores • Victim Organization: yellowshop • Victim Site: yellowshop.es
  1. Alleged data breach of My Psychiatrist • Category: Data Breach • Content: The threat actor claims to have breached My Psychiatrist, a mental health services provider based in Florida, United States, which offers both online and offline psychiatric care. The leaked database allegedly contains sensitive user information, including usernames, emails, hashed passwords, account verification status, and one-time password (OTP) details.• Date: 2025-09-04T04:24:32Z • Network: openweb • Published URL: https://darkforums.st/Thread-DATABASE-My-Psychiatrist-Data-Breach-Leaked-Download • Screenshots: https://d34iuop8pidsy8.cloudfront.net/c28afe20-0692-498c-a064-f2b8c3e46b4d.png • Threat Actors: N1KA • Victim Country: USA • Victim Industry: Mental Health Care • Victim Organization: my psychiatrist • Victim Site: mypsychiatrist.com
  1. Alleged data breach of ECOS • Category: Data Breach • Content: The threat actor claims to have breached ECOS, a Bitcoin mining infrastructure platform based in Armenia, which offers cloud mining contracts, ASIC rentals, mining farms, and BTC wallets. According to the post, the attackers exploited an exposed .git/config file, leading to the theft of 3.4TB of sensitive data, including AWS credentials, Kubernetes infrastructure, wallet files, API keys, VPN files, Docker images, Cloudflare configurations, and database credentials.• Date: 2025-09-04T04:13:18Z • Network: openweb • Published URL: https://breachsta.rs/topic/2025-ecos-ecosam-full-infra-tlrdga2wk8y7 • Screenshots: https://d34iuop8pidsy8.cloudfront.net/b0f52dd0-a95d-4a8d-bc5b-f1808bcc274d.png https://d34iuop8pidsy8.cloudfront.net/1bf7a542-16e2-4260-a178-232e18c66c1a.png https://d34iuop8pidsy8.cloudfront.net/fc2c3fae-7862-458f-9d67-f2137b1fe238.png https://d34iuop8pidsy8.cloudfront.net/3c697c48-1ddb-4858-8792-cc86ea9361bf.png • Threat Actors: ayame • Victim Country: Armenia • Victim Industry: Information Technology (IT) Services • Victim Organization: ecos • Victim Site: ecos.am
  1. Alleged Data Breach of Mobilesub • Category: Data Breach • Content: Threat actor claims to have breached MobileSub.com.ng, exposing over 10,000 users’ personal, financial, and account information.• Date: 2025-09-04T04:02:24Z • Network: openweb • Published URL: https://darkforums.st/Thread-DATABASE-Mobilesub-com-ng-Data-Breach-Leaked-Download • Screenshots: https://d34iuop8pidsy8.cloudfront.net/0d55732b-93e5-4c03-bac2-0dc694446c87.png https://d34iuop8pidsy8.cloudfront.net/fdb8f4d2-db85-44bc-9cc6-9d94debb0334.png • Threat Actors: N1KA • Victim Country: Nigeria • Victim Industry: Network & Telecommunications • Victim Organization: mobilesub • Victim Site: mobilesub.com.ng
  1. Alleged sale of unauthorized access to Beethoven Store • Category: Initial Access • Content: The threat actor claims to be selling unauthorized access to beethoven store, an active clothing retail website. The access reportedly allows to manage orders, access customer wallets, and perform other administrative actions.• Date: 2025-09-04T01:43:58Z • Network: openweb • Published URL: https://breachsta.rs/topic/access-to-beethovenstorecom-xflz57u927df • Screenshots: https://d34iuop8pidsy8.cloudfront.net/e438410a-c948-4e9b-bf75-ae15d8046a2e.png • Threat Actors: Lucifer • Victim Country: Turkey • Victim Industry: E-commerce & Online Stores • Victim Organization: beethoven store • Victim Site: beethovenstore.com
  1. Alleged data breach of Trianz • Category: Data Breach • Content: The threat actor claims to be selling data allegedly obtained from Trianz, a digital transformation and technology consulting firm based in the United States. The actor is offering a Snowflake database dump, reportedly containing over 5.9 GB of compressed files.• Date: 2025-09-04T01:19:58Z • Network: openweb • Published URL: https://breachsta.rs/topic/2025-trianzcom-use-this-one-nxyma7p1lkfa • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5eb53f7e-a4ac-4b46-b196-2be8ae895b92.png https://d34iuop8pidsy8.cloudfront.net/558cc2c9-5fdb-4513-a95b-65b3d7d8d9eb.png https://d34iuop8pidsy8.cloudfront.net/9a0e9af2-14d9-49aa-8e00-ab30cf90324c.png • Threat Actors: ayame • Victim Country: USA • Victim Industry: Information Technology (IT) Services • Victim Organization: trianz • Victim Site: trianz.com
  1. Alleged Data Breach of Fédération Nationale des Chasseurs • Category: Data Breach • Content: Threat actor claims to have obtained the Fédération Nationale des Chasseurs data.• Date: 2025-09-04T00:05:08Z • Network: openweb • Published URL: https://darkforums.st/Thread-leak-federation-nationale-des-chasseurs • Screenshots: https://d34iuop8pidsy8.cloudfront.net/ad7f87e4-bcac-4c9e-bdb7-89b9109224b7.png • Threat Actors: mecrobyte • Victim Country: France • Victim Industry: Environmental Services • Victim Organization: fédération nationale des chasseurs • Victim Site: chasseurdefrance.com

Conclusion The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and leaks are prominent, affecting various sectors from education and gaming to healthcare and automotive, and impacting countries including Bangladesh, Mexico, Malaysia, India, Indonesia, France, Brazil, and Israel. The compromised data ranges from personal user information and credit card details to sensitive patient records, classified military components, and large customer databases. Beyond data compromise, the report also reveals significant activity in initial access sales, with threat actors offering unauthorized access to banking systems, corporate networks (including RDWeb access to Canadian and UK firms), and even government and military infrastructure like the Royal Thai Air Force and Madrid’s irrigation system. The sale of malware, including penetration testing tools and DDoS tools, further underscores the availability of offensive capabilities in the cyber underground.

The incidents collectively demonstrate that organizations across various industries and geographies face persistent threats from data exfiltration, unauthorized network access, and the proliferation of malicious tools. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts