A threat actor known as ChimeraZ claims to have leaked a database allegedly linked to FNHPA, France’s main campsite and outdoor-hospitality federation. The reported leak is said to include about 9,000 member records and invoice data, potentially exposing sensitive organizational information. #ChimeraZ #FNHPA…
Category: Cyber Attack
A threat actor calling themselves azazeljakel claims to have gained administrator access to preparados.gob.mx, the training portal of Mexico’s Coordinación Nacional de Protección Civil. The actor also alleges exfiltrating the user list, suggesting a potential admin compromise and credential leak affecting the civil protection platform. #azazeljakel #preparadosgobmx #CoordinaciónNacionaldeProtecciónCivil…
A threat actor using the alias henrymartin allegedly posted the full database leak of EasyPay, a now-defunct Bermudian financial service that handled transactions between individuals and businesses. The exposed data is said to include about 2 million transactions and 10,000 cards, suggesting a significant breach of sensitive financial records. #EasyPay #henrymartin…
Qilin is reportedly reusing initial access obtained through the ZipLine phishing campaign to carry out encryption and extortion operations, with confirmed incidents in Austria and a reported case in Switzerland. The campaign uses recruitment-themed domains and long, deceptive recruiter-style email exchanges to lure targets into opening malicious ZIP files, while new domains and Microsoft 365 MX records indicate continued phishing activity. #Qilin #ZipLine #steinersearchat #haasrecruitingat #bergersearchat #valenzsearchat
A threat actor known as azazeljakel claims to have leaked the full database of DCI Group Mexico, a process-automation firm that works with Mexican entities including SAT, IMSS, and Zéndere. The alleged exposure includes about 240,000 national IDs and mortgage-related data, raising concerns about sensitive personal and financial information being compromised….
A threat actor using the alias Sorb claims to be selling a database allegedly linked to Tripocity, a UK B2B transport-management company. The alleged sale is said to involve about 202,000 users and could expose customer and business-related data across the UK and Europe. #Tripocity #Sorb…
NightSpire is an emerging ransomware family that uses double extortion, stealing data before encryption and threatening to leak it on a Tor-based site. Between March and June 2025, it hit at least 64 organizations in 33 countries, using tools like Chrome Remote Desktop, AnyDesk, Everything, 7-Zip, and MEGAsync to stay stealthy and exfiltrate data. #NightSpire #ChromeRemoteDesktop #AnyDesk #MEGAsync #OneDrive
A threat actor using the alias sxcfox claims to have leaked a database allegedly linked to ManoMano, the French online marketplace for DIY, home improvement, and gardening. The exposed data is said to contain about 178,000 customer order records, raising concerns about customer privacy and data handling. #ManoMano #sxcfox…
A threat actor using the alias kr0x6 claims to have live access to an administrative payroll portal belonging to an unnamed Spanish public-sector entity. The alleged access reportedly covers 371 accounts and could allow modification of employee bank details used for payroll deposits. #kr0x6 #SpanishPublicSector #PayrollPortal…
A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Socotec, a French testing, inspection, certification, and technical-consulting company. The alleged leak is said to contain about 8.4K customer and business invoices, potentially exposing sensitive commercial records. #Socotec #ChimeraZ…
A threat actor using the alias Sorb claims to be selling a full database allegedly belonging to Koufu, a Singapore food and beverage company. The alleged leak is said to contain about 191,000 user records, raising concerns about exposed customer information. #Sorb #Koufu…
A threat actor using the alias Sorb claims to be selling a database allegedly tied to EcoAssist, a Brazilian reverse-logistics and ESG waste management company. The listing reportedly contains 1.19 million records of personal data, raising concerns about a significant data exposure. #EcoAssist #Sorb…
EVERY8D, operated by Teamplus, was hit by a ransomware attack that disrupted its services and affected a critical communications platform handling over one billion messages per month. The incident prompted a level-three security alert from F-ISAC, while the company brought in forensic experts and strengthened its defenses. #EVERY8D #Teamplus #FISAC
Payload ransomware is a Windows locker that encrypts files with ChaCha20, appends the .payload extension, and drops RECOVER_payload.txt notes while using per-file Curve25519 ECDH key exchange. It also uses aggressive anti-forensics tactics such as ETW patching, VSS deletion, and Windows Event Log clearing to hinder detection and recovery. #Payload #SODIC #A-SonicLogisticsSolutions
A threat actor known as yeblan claims to be selling private customer data from an unnamed AI chat platform, including user and customer emails, the last four digits of payment cards, and subscription IDs. The alleged listing suggests a structured data breach involving financial details and account identifiers from the platform….