Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Eurofiber Data Claims, BMW Employee Leak, and FortiWeb Exploit Surface Online
Nov 17, 2025
5 Mins Read
Moon

Eurofiber Data Claims, BMW Employee Leak, and FortiWeb Exploit Surface Online

SOCRadar’s Dark Web Team uncovered multiple high-impact listings this week, including an alleged Eurofiber data sale linked to GLPI system records, a Fortinet CVE-2025-64446 exploit advertisement, and claimed leaks involving the Mexico City Auxiliary Police. Additional listings offered alleged operational documents from Alpek Polyester and employee data attributed to BMW India. These claims could have far-reaching implications across industrial, governmental, and technology sectors.

Receive a Free Dark Web Report for Your Organization:

Alleged Data of Eurofiber are on Sale

Alleged Data of Eurofiber are on Sale

SOCRadar Dark Web Team detected on a hacker forum that a threat actor advertised an alleged data sale involving Eurofiber, a major B2B digital infrastructure provider in Europe.

The post claims the leaked data originates from Eurofiber’s GLPI IT system and includes client data, internal messages, support tickets, and administrator-level information. The threat actor claims the dataset contains information belonging to over 10,000 clients, including sensitive entities such as the French Ministry of Interior, Ministry of Sustainable Development, Thales Aerospace, SFR Telecom, Orange Telecom, Colt Technology, AXA Insurance, BPCE Group, Auchan Group, CGI Group, Banquemisr, and several pharmaceutical companies.

According to the post, the compromised ticketing system contains sensitive materials such as SSH private keys, FTP configurations, cloud setup files, JDBC URLs, credentials, certificates, source code, SQL backups, and email files. The threat actor alleges the breach traces back to vulnerabilities in the GLPI platform, with data spanning from 2015 and increasing around 2018–2019 following Eurofiber’s acquisition of Avenir Télématique (ATE). The post also includes employee hashes as alleged proof of the compromise.

For more detailed information on this incident, visit our dedicated blog post where we explain the full scope of the breach.

CVE-2025-64446 Exploit Sale is Detected for Fortinet

CVE-2025-64446 Exploit Sale is Detected for Fortinet

SOCRadar Dark Web Team detected on a hacker forum that a threat actor advertised a CVE-2025-64446 exploit for Fortinet products.

The post claims the exploit was written in Go, tested on a real vulnerable target, and can create a new administrator account on FortiWeb devices. The threat actor offers the exploit with source code included, accepts escrow, and sets the price at 200 USD.

For a detailed analysis of CVE-2025-64446 and its technical impact, visit our dedicated blog post.

Alleged Database of the Mexico City Auxiliary Police is Leaked

Alleged Database of the Mexico City Auxiliary Police is Leaked

SOCRadar Dark Web Team detected on a hacker forum that a threat actor leaked an alleged database belonging to the Mexico City Auxiliary Police. The post claims the leak includes a password-protected database and was shared as part of the threat actor’s message against the government and police in Mexico. The threat actor says the data may include information about police officers, possibly including grenadier units, and states that more leaks may follow.

Alleged Documents of Alpek Polyester are on Sale

Alleged Documents of Alpek Polyester are on Sale

SOCRadar Dark Web Team detected on a hacker forum that a threat actor advertised an alleged documents sale involving Alpek Polyester.

The post claims the dataset comes from the company’s systems and relates to technical and operational processes in the petrochemical supply chain. According to the threat actor, the package includes workplace safety checklists, technical inspection reports, equipment photo sets, maintenance and quality records, technical process data, and operational documents such as certificates and signatures. The actor states the files mainly cover 2023 to 2025, total about 5 GB, and are marketed as valuable for industrial misuse. The alleged price is 1,000 USD.

Alleged Employee Data of BMW India are on Sale

Alleged Employee Data of BMW India are on Sale

SOCRadar Dark Web Team detected on a hacker forum that a threat actor advertised an alleged employee data sale involving BMW India.

The post claims BMW India suffered a breach in November 2025 that exposed 40,788 employee records. The threat actor says the leaked dataset includes names, family details, birth dates, employment information, caste and category fields, home addresses, email addresses, phone numbers, PF and SI numbers, designation details, and other HR-related data. The actor offers the data as a one-time sale and shares TOX contact information for buyers.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.