This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1.
Alleged Sale of RDWeb Access to Dutch Home Improvement & Hardware Retail Firm
- Category: Initial Access
- Content: The threat actor claims to be selling RDWeb access to a Netherlands-based home improvement and hardware retail company with reported revenue of $5.9 million. According to the listing, the access includes around 200 Active Directory accounts and Datto RMM integration.
- Date: 2025-09-08T13:46:09Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/265795/
- Screenshots:
- Threat Actors: gadji
- Victim Country: Netherlands
- Victim Industry: Retail Industry
- Victim Organization: Unknown
- Victim Site: Unknown
2.
Alleged data leak of Kraken
- Category: Data Breach
- Content: The threat actor claims to have leaked a 6 TB database from Kraken. The compromised data includes user information, full KYC records, transaction histories, wallet details, and the complete web application source, exposing highly sensitive financial and personal data.
- Date: 2025-09-08T12:17:05Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-Kraken-com-6TB
- Screenshots:
- Threat Actors: krekti
- Victim Country: USA
- Victim Industry: Financial Services
- Victim Organization: kraken
- Victim Site: kraken.com
3.
Alleged unauthorized access to Palazzo Raja Hotel, Italy
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to the Palazzo Raja Hotel, Italy.
- Date: 2025-09-08T12:01:15Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/721
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Italy
- Victim Industry: Hospitality & Tourism
- Victim Organization: palazzo raja
- Victim Site: palazzoraja.com
4.
Z-ALLIANCE targets the website of Agrohills Nut
- Category: Defacement
- Content: The group claims to have defaced the website of Agrohills Nut.
- Date: 2025-09-08T11:45:47Z
- Network: telegram
- Published URL: https://t.me/Z_ALLIANCE/719
- Screenshots:
- Threat Actors: Z-ALLIANCE
- Victim Country: Ukraine
- Victim Industry: Agriculture & Farming
- Victim Organization: agrohills nut
- Victim Site: agrohills-nut.com
5.
Alleged access to unidentified CCTV cameras in Turkey
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to 5 unidentified CCTV cameras in Turkey.
- Date: 2025-09-08T11:27:22Z
- Network: telegram
- Published URL: https://t.me/hezirash/1526
- Screenshots:
- Threat Actors: HEZI RASH
- Victim Country: Turkey
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
6.
Alleged access sale to OJSC Multiregional TransitTelecom
- Category: Initial Access
- Content: The threat actor claims to be selling access to OJSC Multiregional TransitTelecom in Russia, exposing user and operational data including full names, email addresses, phone numbers, encrypted passwords, financial transaction details, purchase histories, and guestbook messages.
- Date: 2025-09-08T11:24:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-All-user-phone-numbers-and-call-logs-of-the-Russian-company-OJSC-Multiregional-Transi
- Screenshots:
- Threat Actors: ZeroLatency_CVE
- Victim Country: Russia
- Victim Industry: Network & Telecommunications
- Victim Organization: ojsc multiregional transittelecom
- Victim Site: mtt.ru
7.
Alleged Sale of HizeAero PDM Data
- Category: Data Breach
- Content: The threat actor claims to be selling the entire Product Data Management (PDM) database of HizeAero, a South Korean aerospace company. The leaked data includes carbon composite technology, sheet metal technology, and other sensitive information.
- Date: 2025-09-08T11:06:30Z
- Network: openweb
- Published URL: https://leakbase.la/threads/korean-hizeaero-pdm-data.42453/
- Screenshots:
- Threat Actors: hizeaero_hacker
- Victim Country: South Korea
- Victim Industry: Aviation & Aerospace
- Victim Organization: hizeaero co., ltd.
- Victim Site: hizeaero.com
8.
Alleged unauthorised access to multiple unidentified organizations
- Category: Initial Access
- Content: The group claims to have gained access to systems across multiple sectors, including the Energy sector in the Pacific region, Telecommunications on the West Coast, Water Supply in the European sector, and Cloud Infrastructure.
- Date: 2025-09-08T11:02:44Z
- Network: telegram
- Published URL: https://t.me/hkvd_team/53
- Screenshots:
- Threat Actors: HKVD
- Victim Country: Unknown
- Victim Industry: Energy & Utilities
- Victim Organization: Unknown
- Victim Site: Unknown
9.
Alleged sale of financial data from Vietnam
- Category: Data Breach
- Content: The threat actor claims to be selling a comprehensive financial database from Vietnam, reportedly containing sensitive information such as personal identification details, credit payment histories, risk analyses, credit card data, military and government IDs, tax IDs, income statements, and debt records.
- Date: 2025-09-08T11:02:28Z
- Network: telegram
- Published URL: https://t.me/c/2976044031/2242
- Screenshots:
- Threat Actors: Scattered Lapsus$
- Victim Country: Vietnam
- Victim Industry: Financial Services
- Victim Organization: Unknown
- Victim Site: Unknown
10.
Alleged Sale of WooCommerce Canada Access
- Category: Initial Access
- Content: The threat actor claims to be selling access to a WooCommerce-based platform in Canada, which includes both a webshell and database. The system reportedly processes 400-450 card transactions per month via iframe, while the admin panel reflects 550-600 transactions per month.
- Date: 2025-09-08T10:27:57Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/265774/
- Screenshots:
- Threat Actors: bonafire
- Victim Country: Canada
- Victim Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
11.
Alleged sale of admin access to Svedala Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Svedala Municipality.
- Date: 2025-09-08T09:58:43Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: svedala municipality
- Victim Site: svedala.se
12.
Alleged sale of admin access to Skolinspektionen
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Skolinspektionen.
- Date: 2025-09-08T09:58:36Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: skolinspektionen
- Victim Site: skolinspektionen.se
13.
Alleged sale of admin access to Oskarshamn Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Oskarshamn Municipality.
- Date: 2025-09-08T09:58:26Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: oskarshamn municipality
- Victim Site: oskarshamn.se
14.
Alleged sale of admin access to Öckerö Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Öckerö Municipality.
- Date: 2025-09-08T09:58:16Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: öckerö municipality
- Victim Site: ockero.se
15.
Alleged sale of admin access to Lund Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Lund Municipality.
- Date: 2025-09-08T09:58:05Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: lund municipality
- Victim Site: lund.se
16.
Alleged sale of admin access to Gällivare Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Gällivare Municipality.
- Date: 2025-09-08T09:57:52Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: gällivare municipality
- Victim Site: gallivare.se
17.
Alleged sale of admin access to Kommuninvest
- Category: Initial Access
- Content: The threat actor claims to have gained unauthorized admin access to Kommuninvest.
- Date: 2025-09-08T09:57:43Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: kommuninvest
- Victim Site: kommuninvest.se
18.
Alleged sale of admin access to Falun Municipality
- Category: Initial Access
- Content: The threat actor claims to be selling admin access to Falun’s municipal systems.
- Date: 2025-09-08T09:57:32Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-8X-Sweden-Cities-municipalities-Admin-Access
- Screenshots:
- Threat Actors: BIGBROTHER
- Victim Country: Sweden
- Victim Industry: Government Administration
- Victim Organization: falun municipality
- Victim Site: falun.se
19.
Alleged unauthorized access to unidentified Advanced Metering Infrastructure (AMI) in Ukraine
- Category: Initial Access
- Content: The group claims to have gained unauthorized access to an unidentified Advanced Metering Infrastructure (AMI) in Ukraine. The compromised system allegedly allows control reading electricity consumption data, communication control via PLC, monitoring signal strength, adding, configuring, and managing meters centrally, setting tariffs and managing peak load zones, managing user accounts and access rights.
- Date: 2025-09-08T09:51:51Z
- Network: telegram
- Published URL: https://t.me/n2LP_wVf79c2YzM0/1431
- Screenshots:
- Threat Actors: Infrastructure Destruction Squad
- Victim Country: Ukraine
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
20.
Alleged unathorized access to NM India Biotech
- Category: Initial Access
- Content: The threat actor claims to have gain access NM India Biotech, obtaining all user and order information, including login credentials, email addresses, contact numbers, and server-level access. The actor also claims root access and control over the organization’s servers.
- Date: 2025-09-08T09:46:38Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-All-user-data-and-order-information-of-NM-India-Biotech
- Screenshots:
- Threat Actors: ZeroLatency_CVE
- Victim Country: India
- Victim Industry: Biotechnology
- Victim Organization: nm india biotech
- Victim Site: nmindiabio.com
21.
Alleged data leak of 10 Design
- Category: Data Breach
- Content: The threat actor claims to have leaked 10 Design, exposing over 100,000 rows. The compromised data reportedly includes source code, client information, user data, and other sensitive business records, posing significant intellectual property and privacy risks.
- Date: 2025-09-08T09:04:06Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-SQL-Chinese-Building-Company-100K-Lines-21M-revenue-leaked-Download
- Screenshots:
- Threat Actors: NetworkBrokers
- Victim Country: China
- Victim Industry: Architecture & Planning
- Victim Organization: 10 design
- Victim Site: 10design.co
22.
GenZRisingNepal claims to target Federal Parliament of Nepal
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Federal Parliament of Nepal.
- Date: 2025-09-08T08:22:22Z
- Network: telegram
- Published URL: https://t.me/ctrl_nepal/40
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Government Administration
- Victim Organization: federal parliament of nepal
- Victim Site: parliament.gov.np
23.
GenZRisingNepal targets the website of Hotel Association Nepal
- Category: Defacement
- Content: The group claims to have defaced the website of Hotel Association Nepal.
- Date: 2025-09-08T08:01:06Z
- Network: telegram
- Published URL: https://t.me/ctrl_nepal/38
- Screenshots:
- Threat Actors: GenZRisingNepal
- Victim Country: Nepal
- Victim Industry: Hospitality & Tourism
- Victim Organization: hotel association nepal
- Victim Site: hotelassociationnepal.org.np
24.
Alleged data breach of NCC Alumni Association
- Category: Data Breach
- Content: The threat actor claims to have leaked 23 enrollment registration records from the Indian government domain nccauto.gov.in (related to National Cadet Corps). The exposed dataset includes personally identifiable information (PII) such as full names, mobile numbers, emails, dates of birth, addresses, blood groups, bank account details with IFSC codes, parents’ information, and cadet enrollment details.
- Date: 2025-09-08T06:26:32Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Document-nccauto-gov-in-Enrollment-registrations-x23
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/132e4863-be1c-4db2-9539-ff59bc8ec58b.png
- https://d34iuop8pidsy8.cloudfront.net/c976a821-ef7a-4dfb-927a-81a3ff471fc3.png
- https://d34iuop8pidsy8.cloudfront.net/e3ee08c8-af28-4946-8420-019440d8ea93.png
- https://d34iuop8pidsy8.cloudfront.net/81bca7c3-0f4d-4dad-a6b8-2d73317e2671.png
- Threat Actors: Purple0piOd
- Victim Country: India
- Victim Industry: Government Administration
- Victim Organization: ncc alumni association
- Victim Site: nccauto.gov.in
25.
Alleged data breach of National Academy of Science and Technology, Philippines
- Category: Data Breach
- Content: The threat actor claims to be selling a database from the National Academy of Science and Technology (NAST-DOST), Philippines, allegedly obtained through a recent breach. The dataset reportedly contains emails, usernames, and passwords in structured CSV/SQL format.
- Date: 2025-09-08T05:37:33Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-DATABASE-National-Academy-of-Science-Technology-of-the-Philippines-NAST-DOST
- Screenshots:
- Threat Actors: Terror
- Victim Country: Philippines
- Victim Industry: Government Administration
- Victim Organization: the national academy of science and technology
- Victim Site: nast.dost.gov.ph
26.
UNDERGROUND-NET targets the website of Mak Pet
- Category: Defacement
- Content: The group claims to have defaced the website of Mak Pet, an online pet market based in Greece.
- Date: 2025-09-08T03:57:58Z
- Network: telegram
- Published URL: https://t.me/c/2195292966/1198
- Screenshots:
- Threat Actors: UNDERGROUND-NET
- Victim Country: Greece
- Victim Industry: E-commerce & Online Stores
- Victim Organization: mak pet
- Victim Site: mak-pet.gr
27.
Alleged data breach of Watertec India Pvt Ltd
- Category: Data Breach
- Content: The threat actor claims to have leaked the database of Watertec India Pvt Ltd.
- Date: 2025-09-08T02:36:05Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-watertecindia-com
- Screenshots:
- Threat Actors: kanie2903
- Victim Country: India
- Victim Industry: Manufacturing
- Victim Organization: watertec india pvt ltd
- Victim Site: watertecindia.com
28.
Alleged sale of 161 Credit Card from USA
- Category: Data Breach
- Content: Threat actor is offering to sell 161 U.S.-issued credit card records, claiming an 80% validity rate. The data format includes card number, expiration date, CVV, full name, email, address, and timestamp.
- Date: 2025-09-08T02:33:33Z
- Network: openweb
- Published URL: https://forum.exploit.in/topic/265767/
- Screenshots:
- Threat Actors: General_Iroh
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
Conclusion
The cyber incidents detailed in this report indicate a varied and active threat landscape. Data breaches and the sale of access are prominent, affecting sectors such as government administration, retail, financial services, and manufacturing, across countries including Sweden, Ukraine, India, and the Philippines. The compromised data ranges from highly sensitive financial information and personal user data to intellectual property and operational system access. The sale of administrative access to government and corporate systems highlights the ongoing risk of unauthorized access. These events collectively underscore the persistent and diverse nature of cyber threats, emphasizing the need for robust security measures to protect against data exfiltration and unauthorized network access. Sources