[September-9-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

  1. Alleged leak of Python Mailing Script for Russian State Messenger “Max”
  1. Alleged data leak of Student Loan Fund Unit Student services and welfare Student Development Division Phetchaburi Rajabhat University
  • Category: Data Breach
  • Content: The group claims to have leaked SQL data from the Student Loan Fund Unit, Student Services and Welfare, and the Student Development Division of Phetchaburi Rajabhat University.
  • Date: 2025-09-09T14:30:50Z
  • Network: telegram
  • Published URL: (https://t.me/bl4ckcyb3rofficial/1873)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/1dca2a80-099f-4397-b88f-90148be46a61.png
  • Threat Actors: BL4CK CYB3R
  • Victim Country: Thailand
  • Victim Industry: Financial Services
  • Victim Organization: student loan fund unit student services and welfare student development division phetchaburi rajabhat university
  • Victim Site: pbruloan.pbru.ac.th
  1. Alleged data sale of Argentina National Business Project Portal
  1. Alleged sale of admin access and data from Pakistan Police
  • Category: Initial Access
  • Content: The threat actor claims to have gained admin access to the Police Website of Pakistan, offering both admin access and data for sale. The leaked data reportedly includes sensitive law enforcement information such as region, district, police station, complaint records, person and officer names, contact numbers, complaint category, offense details, creation and follow-up dates, complaint status, FIR information, remarks, and response times.
  • Date: 2025-09-09T14:15:21Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-Selling-Admin-Access-to-Police-Website-of-Pakistan)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/7a384485-e533-400b-98dc-10cd1a3168b2.png
  • Threat Actors: BIGBROTHER
  • Victim Country: Pakistan
  • Victim Industry: Law Enforcement
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged sale of an unidentified South Korea user database
  1. Alleged data sale of an unidentified South Korea e-commerce site
  1. Alleged data sale of an unidentified Singapore based e-commerce site
  1. Alleged sale of an unidentified Saudi Arabia recruitment database
  1. Alleged Sale of Mexico National Professional Registry
  1. Alleged Sale of Netherlands Rental Search Profiles
  1. Alleged database sale of Mywallet Company Limited
  • Category: Data Breach
  • Content: The group claims to be selling a database from Mywallet Company Limited, exposing data on over 15 million users. The compromised information reportedly includes first and last names, tier status, email addresses, gender, dates of birth, country, and loyalty account details.
  • Date: 2025-09-09T13:22:19Z
  • Network: telegram
  • Published URL: (https://t.me/h3c4kedzofficial/70)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/5b8a5b9d-cd50-4653-ad78-c30f69ef89cb.png
  • Threat Actors: H3C4KEDZ
  • Victim Country: Thailand
  • Victim Industry: Information Technology (IT) Services
  • Victim Organization: mywallet company limited
  • Victim Site: mywallet.co
  1. Alleged data sale of Korus Group
  • Category: Data Breach
  • Content: The threat actor claims to be selling a database from Korus Group, containing over 15 million entries with full personal information. The leaked data reportedly includes full names, dates of birth, addresses, cities, postal codes, gender, email addresses, and phone numbers. Sample entries show detailed records for individuals, including titles, locations, and contact information.
  • Date: 2025-09-09T13:18:07Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-K0LRUS-GROUP-ETAT-CIVIL-FR-DATA-15M)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/999073d2-2b32-4ef4-b0eb-5d366362c639.png
  • Threat Actors: FRENCHBOUYGUES
  • Victim Country: France
  • Victim Industry: Design
  • Victim Organization: korus group
  • Victim Site: korusgroup.com
  1. Alleged data leak of Dubai Electricity & Water Authority (DEWA)
  1. Alleged unauthorized access to the internal system of the state of Antigua and Barbuda
  1. Alleged sale of technical manual for Russia’s KH-47M2 Kinzhal hypersonic missile
  1. Alleged data sale of an unidentified Korean hotel
  1. Alleged sale of RD Web access to an unidentified organization in USA
  1. Alleged unauthorised access to AIR MILES
  1. Alleged unauthorized access to the national complaint system of the Latvian government.
  1. Alleged unauthorized access to an advanced monitoring system in Latvia
  1. Alleged unauthorized access to Corruption Prevention and Combating Bureau (KNAB)
  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to the systems of Corruption Prevention and Combating Bureau (KNAB). NB: The authenticity of the post is not verified.
  • Date: 2025-09-09T10:58:32Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/1445)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/270ac802-0176-4cb9-849e-27e167cdc7a6.png
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Latvia
  • Victim Industry: Government Administration
  • Victim Organization: corruption prevention and combating bureau
  • Victim Site: knab.gov.lv
  1. Alleged unauthorized access to Siemens SINUMERIK system in France
  1. Alleged data sale of 100k worldwide international credit Card
  1. Alleged Sale of Australian Magento-Based E-commerce Data
  • Category: Data Breach
  • Content: The threat actor claims to be selling data from an Australian e-commerce shop operating on Magento 2.3. The dataset contains 9,031 orders recorded between 01 August 2025 and 01 September 2025, including 1,850 credit card transactions. The actor also claims to provide phpMyAdmin access, along with payment details from credit card, PayPal, and bank transfers.
  • Date: 2025-09-09T10:28:52Z
  • Network: openweb
  • Published URL: (https://forum.exploit.in/topic/265846/)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/407b4fff-9d9a-4e3e-af12-744160024f59.png
  • Threat Actors: charley88
  • Victim Country: Australia
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged data sale of USA checking accounts
  • Category: Data Breach
  • Content: The threat actor claims to be selling a USA checking account database, allegedly containing data for 250,000 accounts. The leaked dataset reportedly includes sensitive personal and financial information such as first and last names, addresses, city, state, ZIP code, email addresses, dates of birth, Social Security Numbers (SSNs), driving license numbers and states, phone and cell numbers, requested amounts, bank names, IBAN numbers, bank account countries, income types, occupations, net monthly income, employers, account types, account numbers, and routing numbers.
  • Date: 2025-09-09T10:15:12Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-100k-WORLD-WIDE-CC-DATA)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/d153ba80-8677-4f47-ab61-7e5b4b3ca67b.png
  • Threat Actors: clara283
  • Victim Country: USA
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown
  1. Alleged unauthorized access to air conditioners management system in Latvia
  1. BD Anonymous claims to target Investment Board Nepal
  1. BD Anonymous claims to target Nepal
  1. GenZRisingNepal targets the website of Inland Revenue Department
  1. Alleged data leak of MK Brokers
  1. Alleged leak of Japanese passport data
  1. Alleged data sale of Mamaket Inc.
  1. Alleged leak of credit card details from France.
  1. Alleged database leak of Pelaku Ekonomi (go.id), Indonesia
  1. Alleged unauthorized access to OMNTEC tank monitoring systems in the United States
  1. Alleged data leak of Department of Public Works and Spatial Planning in Lebak Regency
  • Category: Data Breach
  • Content: The threat actor claims to have leaked a database from the official portal of the Department of Public Works and Spatial Planning in Lebak Regency, Indonesia. The exposed file contains detailed infrastructure data such as road segment IDs, names, condition status, length, surface types (hotmix, beton, lapen), and timestamps, with over 100 entries.
  • Date: 2025-09-09T07:13:37Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-DATABASE-dpupr-lebakkab-go-id-Leak-Indonesian)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/020794b3-768d-4f0d-8461-cd67441d4256.png
  • Threat Actors: movase
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: department of public works and spatial planning in lebak regency
  • Victim Site: dpupr.lebakkab.go.id
  1. UNDERGROUND-NET targets the multiple websites of India
  1. UNDERGROUND-NET targets the multiple websites of India
  1. Alleged data breach of PROG Holdings, Inc.
  1. Alleged leak of login access to Public Procurement Monitoring Office, Government of Nepal
  • Category: Initial Access
  • Content: The group claims to have leaked login credential belonging to Public Procurement Monitoring Office, Government of Nepal
  • Date: 2025-09-09T05:48:19Z
  • Network: telegram
  • Published URL: (https://t.me/ctrl_nepal/65)
  • Screenshots: https://d34iuop8pidsy8.cloudfront.net/f318e60b-ac11-4bcf-85c8-ab6cafb0bfae.png
  • Threat Actors: GenZRisingNepal
  • Victim Country: Nepal
  • Victim Industry: Government Administration
  • Victim Organization: public procurement monitoring office, government of nepal
  • Victim Site: bolpatra.gov.np
  1. Alleged data breach of Ministry of Education and Technical Education
  1. UNDERGROUND-NET targets the website of Protades Indonesia
  1. Alleged data breach of aiqfome
  1. UNDERGROUND-NET targets the website of Alpargatas Palanec
  1. AL-MUJAHIDEEN FORCE 313 claims to target India
  1. UNDERGROUND-NET targets the website of BUDONGO WOMEN
  1. Alleged data breach of EMB-IIS
  1. UNDERGROUND-NET targets the website of HealthCare Cult
  1. UNDERGROUND-NET targets the website of Global GPS
  1. Tunisian Maskers Cyber Force claims to target Israel
  1. Alleged Data Breach of Ministry of Culture in Morroco
  1. Alleged Data Leak of Iranian Nuclear Archive
  1. Alleged sale of Israel customer data

The cyber incidents outlined in this report reveal a varied and active threat landscape. Data breaches and leaks are widespread, impacting a range of sectors including education, gaming, healthcare, and finance, and affecting countries like Bangladesh, Mexico, Malaysia, India, Indonesia, France, Brazil, and Israel. The compromised data is diverse, ranging from personal information, credit card details, and sensitive patient records to military components and extensive customer databases.

In addition to data compromise, there’s significant activity in the sale of initial access. Threat actors are selling unauthorized access to banking systems, corporate networks (including RDWeb access to firms in Canada and the UK), and even government and military infrastructure, such as the Royal Thai Air Force and an irrigation system in Madrid. The availability of offensive tools, like penetration testing and DDoS tools, further highlights the capabilities present in the cyber underground.

These events collectively show that organizations across different industries and regions are facing constant threats from data exfiltration, unauthorized network access, and the spread of malicious tools. The nature of these attacks underscores the critical need for strong cybersecurity measures, including robust access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against both sophisticated and opportunistic attacks.

Related Posts