{"uuid": "a936ba8f-bfca-4bc9-92db-aeb089e25a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10035", "type": "exploited", "source": "https://t.me/baseleeak/340", "content": "\ud83d\udd10 INCIDENT: COMCAST CORPORATION\n\n\ud83d\udcc5 Attackers' claim date: October 19, 2025\n\n\ud83e\udda0 Attacking group: MEDUSA ransomware group\n\n\ud83c\udfaf Compromised domain: comcast.com / xfinity.com\n\n\ud83c\udfe2 ABOUT THE COMPANY: Comcast Corporation is a global media and technology company headquartered in Philadelphia, Pennsylvania, USA. The company operates through Residential Connectivity &amp; Platforms, Business Services Connectivity, Media, Studios, and Theme Parks segments. Comcast owns Xfinity (broadband, cable TV, and wireless services), NBCUniversal (NBC television network, Universal Studios, and various cable channels), and Sky (European entertainment). The company has approximately 182,000 employees and serves millions of customers worldwide. \n\n\ud83d\udce6 Total volume of leaked archive: 186.36 GB (compressed) / 834.4 GB (decompressed) \n\n\ud83d\udcc2 WHAT WAS LEAKED (attackers' claims and analysis data):\n\n*  Excel spreadsheets (e.g., Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm)\n*  Python and SQL scripts (related to auto premium impact analysis and insurance modeling)\n*  Product management information\n*  Claim analytics data\n*  Insurance modeling scripts\n* Internal corporate documents\n\nOver 20 screenshots of internal Comcast files were published as proof, along with a file listing containing more than 167,000 entries. The leaked data was split into 47 files (45 files at 4 GB each and 1 file at 2 GB). \n\n\ud83e\uddfe NOTE:\n\nInitial attack timeline: The Medusa group breached Comcast systems in late September 2025, exploiting the GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0 \u2014 unauthenticated remote code execution). \n\nPrevious breaches: Comcast experienced a major data breach in October 2023 (CitrixBleed vulnerability) that exposed sensitive data of approximately 35.9 million Xfinity customers, including usernames, hashed passwords, security questions, dates of birth, and partial Social Security numbers. That incident resulted in a $117.5 million class-action settlement. \n\nOfficial response: Comcast did not publicly acknowledge or confirm the Medusa breach, leaving the incident unconfirmed but considered highly credible given Medusa's track record. \n\n\u26a0\ufe0f STATUS:\nPublished \u2014 the attack has been confirmed by the Medusa group, the leak page has been published on the Medusa darknet site, the data has been published.\n\n\ud83d\udcab", "creation_timestamp": "2026-07-12T08:00:06.580763Z"}