A threat actor identified as N2LX is allegedly offering personnel database entries tied to multiple Pakistani government agencies on an underground forum. The claimed leak includes sensitive employee details such as names, addresses, phone numbers, dates of birth, service records, and current postings, raising risks of phishing, impersonation, and identity theft….
Category: Cyber Attack
A threat actor identified as zSenior is allegedly auctioning a WisERP customer database on an underground forum, claiming it contains 1,531,363 CSV records and starts at $10. The exposed data may include names, phone numbers, email addresses, and location details, which could enable phishing, impersonation, and targeted fraud. #WisERP #zSenior…
A threat actor on an underground forum claims to have breached VIPER, an integrated management platform allegedly used by Chilean fire departments, exposing internal documents, firefighter records, and administrative portal data. The alleged leak could enable phishing, impersonation, and operational disruption, but the compromise remains unverified. #VIPER #Chile #azazeljakeI…
A threat actor named AplaGroup is claiming on an underground forum to have leaked a database allegedly belonging to Optic 2000, a French optical retail and eyewear brand. The alleged dump includes invoice PDF files, franchise information, and customer records that could enable phishing, invoice fraud, and impersonation. #Optic2000 #AplaGroup…
A threat actor identified as ChimeraZ allegedly claimed a database leak involving Avea Vacances, exposing 46K records and 128MB of data tied to French holiday camp operations. The reported dataset may include names, birth dates, invoice information, payment status, and PDF document references, which could support phishing, invoice fraud, and social…
The town hall of Eyguières in southern France was hit by a cyberattack attributed to the Qilin ransomware group, disrupting electronic systems and putting municipal and resident data at risk. Gendarmes are investigating, but tracing the attackers is difficult because anonymization tools were used. #Qilin #Eyguières
A cyberattack targeted the systems of the Contagem City Hall in Brazil, prompting the administration to temporarily restrict access to protect system integrity. While officials said the data remained safe with no leak reported, sources indicated that institutional email accounts, including Mayor Ricardo Faria’s, may have been compromised. #Contagem #RicardoFaria #ContagemCityHall
A threat actor named zSenior is claiming to leak allegedly stolen data from Hillpointe, a U.S. housing development and property management company. The unverified underground forum post says the dataset contains 2,516,271 CSV records and may expose customer, employee, and candidate information. #Hillpointe #zSenior…
DragonForce is a highly scalable ransomware cartel that blends traditional RaaS operations, decentralized affiliates, and integrated initial access brokers to run global double-extortion campaigns. Its platform-driven model, coalition activity with groups like Qilin and LockBit, and ties to Scattered Spider show how it has evolved into a multi-actor ecosystem built for fast access, broad recruitment, and layered monetization. #DragonForce #Qilin #LockBit #ScatteredSpider #RAMP
Hospital Clínic de Barcelona in Spain was targeted by the RansomHouse group, which demanded $4.5 million to avoid leaking patient data. Authorities said they will not pay, leaving a high risk of data exposure after attackers reportedly accessed 4 terabytes of information. #RansomHouse #HospitalClínicdeBarcelona
MexicoPassports is advertising an alleged service for Mexican citizenship and passport documents on an underground forum, claiming access to officially verified identity documents collected in person at government offices. If credible, the offering could enable identity fraud, immigration fraud, impersonation, and financial account abuse. #MexicoPassports #CURP #Mexico…
ATOA was named in an alleged forum leak claiming exposure of 23,685 tabular fintech records and 326 KYC document archives. The reported dataset includes user, wallet, transaction, identity, billing, and banking-related information that could enable fraud and identity abuse. #ATOA #tabaskoss #France…
Parts of the Rhomberg Bau Group were hit by a cyberattack in which unknown attackers breached the company network and exfiltrated data. Rhomberg Bau shut down some systems, including finance and project calculation platforms, to prevent further attacks, while construction sites and the railway division were not affected. #RhombergBau
Some government email accounts in the Northern Mariana Islands were disrupted by a cyberattack, causing access issues for certain users and potentially slowing government operations. The Office of Information Technology activated security protocols to restore service, and officials have not confirmed ransomware, data theft, or any ransom demand. #NorthernMarianaIslands #OfficeofInformationTechnology #CNMI
A cyberattack on an external billing provider exposed data belonging to tens of thousands of patients from university hospitals in Baden-Württemberg, including Freiburg, Heidelberg, Tübingen, Ulm, and Mannheim. The stolen information includes names, addresses, billing records, and in some cases diagnosis, treatment, and bank account details, while the clinics’ own IT systems were not affected. #Unimed #UniversitätsklinikumFreiburg #UniversitätsklinikumHeidelberg #UniversitätsklinikumTübingen #UniversitätsklinikumUlm #UniversitätsklinikumMannheim