Blog Trainings Get a Demo Login
Free Trial
Dark Web Report
SOCRadar® Cyber Intelligence Inc. | Cyber Threats Hit TAP Air, Check Point, Dell, and Samsung Germany
Free Dark Web Report
Is your Domain Exposed? Find Out.
Table Of Content
Moon
Home

Resources

Blog
Apr 02, 2025
5 Mins Read

Cyber Threats Hit TAP Air, Check Point, Dell, and Samsung Germany

This week, SOCRadar’s Dark Web Team uncovered several notable cyber threats circulating on hacker forums. Among the key findings are an alleged leak of TAP Air Portugal customer data and a controversial claim involving unauthorized network access to Check Point systems – though Check Point has publicly disputed the severity. Additional posts include the sale of a purported vulnerability affecting Dell Unity products and a leaked dataset allegedly tied to Samsung Germany, raising ongoing concerns about sensitive data exposure across multiple industries.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of TAP Air Portugal is Leaked

Alleged Database of TAP Air Portugal is Leaked

SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor claims to have leaked a database allegedly belonging to TAP Air Portugal, the country’s flag carrier airline. According to the threat actor’s statements, the leaked dataset originates from 2023, is 1GB in size, and contains approximately 6.2 million records in CSV format. The post includes a sample of the alleged data, which appears to contain email addresses, names, and phone number fragments.

Alleged Unauthorized Network Access Sale is Detected for the Check Point

Alleged Unauthorized Network Access Sale is Detected for the Check Point

On March 31, 2025, a threat actor using the alias CoreInjection surfaced on a hacker forum, offering what they claim to be sensitive internal data allegedly stolen from Check Point Software Technologies. The data allegedly includes internal network diagrams, hashed and plaintext credentials, employee contact details, and access information related to customer environments. The actor is selling the dataset for 5 BTC and has shared screenshots that appear to show admin panel access—though notably, the images lack timestamps.

In response, Check Point released an official statement, confirming that a limited incident occurred in December 2024 involving compromised credentials tied to a portal account. The company emphasized that the issue was contained, affected no customer environments or production systems, and that the threat actor’s claims are exaggerated and misleading.

While some cybersecurity researchers initially found the screenshots compelling, further analysis and the lack of concrete evidence have led to skepticism about the scope and legitimacy of the breach.

For a detailed breakdown of the incident timeline, threat actor background, and Check Point’s official response, refer to: Alleged Check Point Breach: What Happened and What You Need to Know?

Alleged Vulnerability of Dell Unity, Dell Unity XT and UnityVSA are on Sale

Alleged Vulnerability of Dell Unity, Dell Unity XT and UnityVSA are on Sale

SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor claims to be offering an alleged vulnerability affecting Dell Unity, Dell Unity XT, and UnityVSA products. The vulnerability is referenced as CVE-2025-24383 and, according to the threat actor’s statements, could allow unauthenticated remote attackers to delete arbitrary files on affected systems.

The threat actor further notes that exploit repositories for such critical vulnerabilities are rarely public, but suggests that experienced individuals could develop exploitation techniques based on the information provided. Interested parties are invited to contact the threat actor directly for access to further technical details or code samples.

Alleged Database of Samsung Deutschland is Leaked

Alleged Database of Samsung Deutschland is Leaked

SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor claims to have leaked a dataset allegedly belonging to Samsung Electronics Germany. According to the threat actor’s statements, the leak occurred in March 2025 and contains over 270,000 customer satisfaction tickets.

The exposed data allegedly includes personally identifiable information (PII) such as full names, email addresses, physical addresses, and phone numbers of customers who submitted feedback or inquiries. The actor also shared structured data samples, suggesting the records were collected via online forms.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.

Related Articles
SOCRadar® Cyber Intelligence Inc. | Inside the Minds of Hackers: Using Dark Web Intelligence to Supercharge Pentesting & Red Teaming
Inside the Minds of Hackers: Using Dark Web Intelligence to Supercharge Pentesting & Red Teaming
Mar 27, 2025
SOCRadar® Cyber Intelligence Inc. | Top 10 Dark Web Search Engines in 2025
Top 10 Dark Web Search Engines in 2025
Mar 26, 2025
SOCRadar® Cyber Intelligence Inc. | Everything You Need to Know About Oracle Cloud Security Incident by rose87168
Everything You Need to Know About Oracle Cloud Security Incident by rose87168
Mar 25, 2025
SOCRadar® Cyber Intelligence Inc. | Dark Web Market: Russian Market
Dark Web Market: Russian Market
Mar 25, 2025
SOCRadar® Cyber Intelligence Inc. | Oracle Sale Claims Found on Hacker Forums, Crypto Wallet Service, and Empik Data Leak
Oracle Sale Claims Found on Hacker Forums, Crypto Wallet Service, and Empik Data Leak
Mar 24, 2025