1. Executive Summary
This report analyzes 150 cyber incidents recorded on January 13, 2026. The data highlights a highly active threat landscape dominated by three primary vectors: high-impact ransomware attacks against the manufacturing and infrastructure sectors, large-scale data breaches affecting government and telecommunication entities, and a surge in hacktivist website defacements.
Notable events include significant data leaks from Indian telecommunications providers, ransomware attacks by INC RANSOM and Dire Wolf, and the alleged sale of military and government documents from the US and Thailand.
2. Ransomware Activity
Ransomware groups continued to target critical industries, particularly manufacturing and infrastructure, with threats to publish massive amounts of sensitive data.
Key Threat Actors and Incidents
- INC RANSOM: This group was highly active, claiming responsibility for multiple attacks:
- Bellows Manufacturing and Research, Inc. (USA): The group claims to have obtained 1.3 TB of data1.
- Juteng International Co., Ltd. (China): Allegedly obtained 200 GB of confidential project information and financial records2222.+1
- Gulf Business Machines (UAE): Claims to have stolen 200 GB of fiscal data and internal emails3.
- STIM GROUP (Italy): Claims to have obtained 100 GB of data4.
- Pilot Automotive (USA): A massive claim of 2,600 GB of data exfiltrated5.
- Dire Wolf: This group targeted Malaysian and Egyptian entities:
- Perdana Petroleum Berhad (Malaysia): 150 GB of financial and legal documents allegedly stolen6.
- Tepco-Group (Egypt): A significant breach of 300 GB including design drawings and internal agreements7.
- Other Notable Ransomware Events:
- TENGU Ransomware: Targeted Quick Safety Electric (Israel), claiming 56.82 GB of data8.
- Akira Ransomware: Targeted Bulk Handling Systems (USA) 9and Itasca Consulting Group10.+1
- ANUBIS Ransomware: Claimed to have compromised the North Adriatic Sea Port Authority in Italy11.
3. Major Data Breaches and Leaks
A significant volume of personally identifiable information (PII), government records, and corporate data was listed for sale or leaked on forums like BreachForums and dark web marketplaces.
Government and Military Leaks
- United States: A threat actor claimed to be selling “Top Secret” US Government military documents12. Another leak allegedly contains documents related to the Jeffrey Epstein case, including flight logs and court filings13.+1
- Thailand: Access to the Thai Military Intelligence Server (27,000 documents) was allegedly put up for sale 14, along with data from the 2nd Army Region15.+1
- Japan: A group claimed to have breached the Ministry of Land, Infrastructure, Transport and Tourism16.
- Indonesia: Multiple agencies were targeted, including the Ministry of Marine Affairs and Fisheries 17and the Regional Agency for Personnel and Human Resources Development18.+1
- India: A data breach was claimed against the Delhi Police19.
Telecommunications and Corporate Infrastructure
- Indian Telecoms: A massive leak reportedly involving 100+ GB of user data from major providers like Jio, Airtel, and Vi was advertised20202020.+1
- Cloud & Email Services: Threat actors claimed to leak credentials for Amazon accounts 21, Google accounts 22, and Microsoft email credentials23.+2
- Software/Tech: Clyo Systems (France) allegedly had a dataset of 147,000 users leaked24.
4. Initial Access and Vulnerabilities
Threat actors are actively selling tools and access points to facilitate further attacks.
- Vulnerabilities:
- Android 0-Day: A “1 click full-chain RCE exploit” for Android was listed for sale25.
- E-commerce: A 0-day SSRF vulnerability for a popular unidentified e-commerce platform was advertised26.
- Access Sales:
- Webshells: A massive sale of 10,000 webshell accesses and 5,000 WHMCS accesses across 50,000 domains was reported27.
- ISP Access: Unauthorized domain admin access to an unidentified ISP was offered28.
- Corporate Access: Sales included WEX corporate payment API access 29and VPN access to universities and stores30303030.+2
5. Hacktivism and Website Defacement
A high volume of low-sophistication but high-visibility attacks (defacements) occurred, primarily driven by political or ideological motives.
- Prominent Groups:
- DARK 07x: Extremely active, targeting a wide range of French and Tunisian websites including “Avis Piano” 31, “Cinema Zone” 32, and “Architect Tunisia”33.+2
- CinCauGhast: Targeted TerryWhite Chemmart (Australia) 34and leaked government login access in Indonesia35.+1
- GhostNet-X: Targeted educational institutions in Indonesia and Vietnam36363636.+1
- YIIX103: Focused on targets in the UAE and Saudi Arabia, including investment firms and medical centers37373737.+1
6. Geographic and Sector Analysis
The following table summarizes the most frequently targeted countries and industries based on the incident report.
| Top Targeted Countries | Top Targeted Industries |
| Indonesia (Gov, Education) | Government Administration |
| USA (Manufacturing, Gov) | Education & Academia |
| India (Telecom, Education) | Manufacturing (Machinery) |
| France (Retail, Services) | E-commerce & Retail |
| UAE (Finance, Real Estate) | Healthcare & Pharmaceuticals |
7. Conclusion
The cyber incidents recorded on January 13, 2026, demonstrate a volatile digital environment. Ransomware groups like INC RANSOM are acting with impunity against global manufacturing and infrastructure targets, leveraging data theft for extortion. Simultaneously, the sale of critical government data (US, Thai, Japanese) suggests deep penetrations into public sector networks.
A distinct trend is the commodification of access, with actors selling “ready-to-use” exploits (Android RCE) and massive webshell lists, lowering the barrier to entry for other criminals. Finally, the geographic concentration of attacks in South/Southeast Asia (India, Indonesia) and Western nations (USA, France) indicates that threat actors are opportunistically targeting both developing digital infrastructures and high-value Western economies.
Detected Incidents Draft Data
- CinCauGhast targets the website of TerryWhite Chemmart
Category: Defacement
Content: The group claims to have defaced the website of TerryWhite Chemmart
Date: 2026-01-13T23:51:37Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/36
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08a5706c-472d-4f75-997a-39fba610a2c4.png
Threat Actors: CinCauGhast
Victim Country: Australia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: terrywhite chemmart
Victim Site: dedicatedtocare.com - Alleged data breach of Ministry of Land, Infrastructure, Transport and Tourism
Category: Data Breach
Content: The group claims to have breached data from Land, Infrastructure, Transport and Tourism
Date: 2026-01-13T23:36:40Z
Network: telegram
Published URL: https://t.me/c/3667951656/1130
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e87b04a5-52c9-4cd4-af57-799ef053ec5d.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Japan
Victim Industry: Government Administration
Victim Organization: land, infrastructure, transport and tourism
Victim Site: mlit.go.jp - Quick Safety Electric Falls Victim for TENGU Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 56.82 GB of Organization’s Data. They Intent to Publish within 5-6 days.
Date: 2026-01-13T23:24:22Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/b97904dfa9f56c1edd2c4bc06a22786ff9ec1bb76c4e5717796b18ca076bbbb5/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/414ec42a-b5cc-450a-8281-70b756088595.png
https://d34iuop8pidsy8.cloudfront.net/13a2d535-0995-4d14-8323-e170fe5eecdd.png
Threat Actors: TENGU
Victim Country: Israel
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: quick safety electric
Victim Site: Unknown - Alleged data breach of Ligue de Football de la Wilaya de Tizi-Ouzou
Category: Data Breach
Content: Group claims to have breached data of Ligue de Football de la Wilaya de Tizi-Ouzou.
Date: 2026-01-13T23:10:08Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/426
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eea170f8-d69f-4c02-b2d3-a46bab1b2a7c.png
https://d34iuop8pidsy8.cloudfront.net/5115523c-6ffc-43fc-a0cc-19e60388b883.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Sports
Victim Organization: ligue de football de la wilaya de tizi-ouzou
Victim Site: lfwto.dz - Bellows Manufacturing and Research, Inc. Falls Victim for INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 1.3 TB of Organization’s Data.
Date: 2026-01-13T22:20:13Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6966c1018f1d14b7439913ea
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/788d9dd0-6c36-4dcf-88d6-4c59a7731eb9.png
https://d34iuop8pidsy8.cloudfront.net/eafba9b1-f3aa-472a-8409-4c917da69a6b.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: bellows manufacturing and research, inc.
Victim Site: bellowsmfg.com - Juteng International Co., Ltd. falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 200 GB of the Organization’s Data. The data includes confidential project information, covering development, lab testing, drawings, subcontractors, and suppliers; financial records such as income and expenses, IPD data, financial reports, contracts with customers and suppliers, NDAs along with other highly sensitive corporate information.
Date: 2026-01-13T22:05:28Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6966bbef8f1d14b74398968d
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0a9890d2-4aa6-4e1f-b067-6e376b185619.png
Threat Actors: INC RANSOM
Victim Country: China
Victim Industry: Consumer Electronics
Victim Organization: juteng international co., ltd.
Victim Site: juteng.com.hk - Alleged sale of unauthorized access to unidentified ISP company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain admin access to an unidentified ISP company.
Date: 2026-01-13T21:59:18Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Access-to-a-major-ISP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/070a7523-6a87-4fb3-8735-acb66827ea2c.png
Threat Actors: TheArchitect1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Chinese Expatriates Dataset
Category: Data Breach
Content: The group claims to have shared a dataset containing personal information related to Chinese expatriates residing in the United States. The exposed data is alleged to include names, contact details, residential addresses, postal codes, and email addresses.
Date: 2026-01-13T21:55:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Chinese-expatriates-in-the-United-States-Share
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/162b12f0-011a-404b-ab9e-55750d06fb4f.png
Threat Actors: HACKCN
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged access to CCTV system of an unidentified ski resort in Poland
Category: Initial Access
Content: The group claims to have gained unauthorized access to a CCTV surveillance system of an unidentified ski resort in Poland
Date: 2026-01-13T21:54:20Z
Network: telegram
Published URL: https://t.me/zpentestalliance/964
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a032df6-2901-429b-b5e3-e18134cc0848.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Clyo Systems
Category: Data Breach
Content: The group claims to have leaked data associated with Clyo Systems, a France-based software and digital services provider. The exposed dataset is approximately 147,000 users.
Date: 2026-01-13T21:47:44Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-REPOST-FR-Clyosystems-com-147K-2023
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23009fae-2a3c-4e83-a1fd-3929538c711e.png
https://d34iuop8pidsy8.cloudfront.net/01831a9b-8b73-42df-ad25-7236d1d44f04.png
Threat Actors: aaa
Victim Country: France
Victim Industry: Software Development
Victim Organization: clyo systems
Victim Site: clyosystems.com - Alleged data breach Nova Poshta
Category: Data Breach
Content: The group claims to have leaked a database associated with Nova Poshta. the exposed data include customer and shipment-related data such as names, contact details, delivery addresses, account or user identifiers, and other logistics-related records.
Date: 2026-01-13T21:41:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Nova-Poshta-Nova-Post-2016-2022-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f32a4438-b4fe-4eec-b7b8-abccc8a6b0bd.png
https://d34iuop8pidsy8.cloudfront.net/be052740-fca2-4e8b-8449-6b8b7db1df13.png
Threat Actors: kol00n
Victim Country: Ukraine
Victim Industry: Transportation & Logistics
Victim Organization: nova poshta
Victim Site: novaposhta.ua - Alleged data breach of Micro76
Category: Data Breach
Content: The group claims to have leaked data associated with Micro76, a company operating in the retail / electronics sector. The exposed information is described as consisting of customer-related records, potentially including personal details, contact information, purchase or account references, and other data typically collected through retail transactions.
Date: 2026-01-13T21:33:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-Micro76-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92bf0b93-6303-4216-8d03-fafe20773e1a.png
Threat Actors: Sahquelfou
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: micro76
Victim Site: micro76.fr - Alleged sale of unauthorized access to unidentified website from Bangladesh
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified shop website from Bangladesh.
Date: 2026-01-13T21:28:38Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273725/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92d13baa-6cce-435e-9f48-fbd1cd875e79.png
Threat Actors: ed1n1ca
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of an unidentified UAE Hotel
Category: Data Breach
Content: The group claims to have leaked data of an unidentified UAE Hotel. The exposed information is claimed to include hotel guest and booking-related records, potentially containing personal and contact details
Date: 2026-01-13T21:21:37Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-LEAKED-UAE-Hotel-Information
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e805776-1e20-4a36-bf44-e85a04257d8a.png
Threat Actors: Kakominez
Victim Country: UAE
Victim Industry: Hospitality & Tourism
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to unidentified WordPress shop from Denmark
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified WordPress shop from Denmark.
Date: 2026-01-13T21:14:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273727/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3d4d96d-96f1-4b32-a5a3-77708607b336.png
Threat Actors: ed1n1ca
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to Ekagro’s microclimate control system
Category: Initial Access
Content: The group claims to have gained unauthorized access to the Ekagro microclimate control system in Poland, reportedly used to manage industrial insect breeding processes. According to the claim, the compromised system controls ventilation, heating, and humidification across two isolated tunnels and monitors critical environmental parameters including temperature, humidity, and CO₂ levels. The stated access allegedly allows modification of target and limit thresholds, programming of equipment operating cycles, and management of alarms and diagnostics
Date: 2026-01-13T21:11:27Z
Network: telegram
Published URL: https://t.me/zpentestalliance/963
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/26ee9e54-2142-4ca2-ab9e-fb0e95051def.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Agriculture & Farming
Victim Organization: ekagro
Victim Site: dendrobena.com - Alleged sale of unauthorized access to unidentified WordPress shop from Chile
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified WordPress shop website from Chile.
Date: 2026-01-13T21:05:15Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273726/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f31d3e7-35c1-47f7-86c0-08bead274444.png
Threat Actors: ed1n1ca
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of 120K ORANGE FRANCE MAIL:PASSWORD
Category: Data Breach
Content: A threat actor allegedly leaked dataset 120K ORANGE FRANCE MAIL:PASSWORD. The post claims to contain approximately 120,000 email and plaintext password combinations.
Date: 2026-01-13T20:59:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-120K-ORANGE-FRANCE-MAIL-PASSWORD
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11884d42-628c-48dd-abb9-23af0ab04e96.png
Threat Actors: xmlrpc
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to unidentified shop from Australia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified WordPress shop from Australia.
Date: 2026-01-13T20:53:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273724/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f64fcb4-2963-48a8-ac1c-83ff9d64d878.png
Threat Actors: ed1n1ca
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of 800K FREE FRANCE MAIL:PASSWORD
Category: Data Breach
Content: A threat actor claims to have a dataset titled “800K FREE FRANCE MAIL:PASSWORD. The post claims to contain approximately 800,000 email and plaintext password combinations.
Date: 2026-01-13T20:52:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-800K-FREE-FRANCE-MAIL-PASSWORD
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9bff47a2-fd84-412b-8692-b5785feafbd6.png
Threat Actors: xmlrpc
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of ET Online
Category: Data Breach
Content: The threat actor is advertising the sale of an alleged customer database associated with ET Online, an entertainment and celebrity news platform. The dataset is claimed to contain approximately 5 million records in raw CSV format and is described as including subscriber and customer information such as names, email addresses, phone numbers, referral data, and travel or purchase-related details.
Date: 2026-01-13T20:31:44Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-ETONLINE-COM-%E2%80%94-5M-ENTERTAINMENT-CELEBRITY-CUSTOMERS-USA-RAW-CSV-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74cac29e-67bf-4063-bd32-a5bf97780c7e.png
Threat Actors: Solonik
Victim Country: USA
Victim Industry: Media Production
Victim Organization: et online
Victim Site: etonline.com - Alleged sale of unauthorized access to unidentified university from India
Category: Initial Access
Content: Threat actor claims to be selling unauthorized Fortinet SSL-VPN access to an unidentified state funded university from India.
Date: 2026-01-13T20:24:41Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-VPN-initial-access-Indian-UNI
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b63f25f5-b1e3-41c5-838d-924c4a31717d.png
Threat Actors: yellowishGreen
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to unidentified shop from Germany
Category: Initial Access
Content: Threat actor claims to be selling unauthorized WordPress admin access to an unidentified online shop in Germany.
Date: 2026-01-13T20:17:36Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273718/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a63511bd-74ab-43d7-888d-94eee2629a96.png
Threat Actors: Reve
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of WordPress login credentials to Zouari School
Category: Initial Access
Content: The group claims to have leaked the WordPress login credentials to Zouari School in Tunisia
Date: 2026-01-13T20:06:24Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/411
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/133495e4-259e-4f11-af6e-bf99486ecbce.png
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Education
Victim Organization: zouari school
Victim Site: zouarischool.tn - Alleged data leak of China whataspp numbers
Category: Data Breach
Content: The threat actor advertises a dataset allegedly containing approximately 150,000 WhatsApp phone numbers linked to China. The seller claims the data consists only of phone numbers associated with WhatsApp accounts, with no additional personal details shown publicly.
Date: 2026-01-13T20:02:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-China-whataspp-numbers-150k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8d29f88-0fad-4591-a6fb-ab2d6ef6f441.png
Threat Actors: Selleryselry
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Portugal whatsapp numbers
Category: Data Breach
Content: The threat actor advertises a dataset allegedly containing approximately 70,000 Portugal-based WhatsApp phone numbers. The seller claims the data consists only of phone numbers registered on WhatsApp.
Date: 2026-01-13T19:39:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-portugal-whatsapp-numbers-70k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bfe17a68-11bf-4f52-b064-f65618b62492.png
Threat Actors: Selleryselry
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of data leak of U.S. lawyer Jeffrey I. Zimmerman
Category: Data Breach
Content: The group claims to have leaked the data belonging to U.S. lawyer Jeffrey I. Zimmerman
Date: 2026-01-13T19:36:08Z
Network: telegram
Published URL: https://t.me/BlackEmber/310
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b97bd3d3-3ac9-4da4-9370-538a015fb53d.png
https://d34iuop8pidsy8.cloudfront.net/dc4d6f24-f451-401f-9340-00c70479bc84.png
Threat Actors: Black Ember
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: jeffrey i. zimmerman, pc
Victim Site: zimmlawpc.com - Alleged data breach of KNS
Category: Data Breach
Content: Threat actor claims to have leaked database of KNS, an automation machinery manufacturing company based in Korea.
Date: 2026-01-13T19:23:53Z
Network: openweb
Published URL: https://bhf.pro/threads/718227/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d5c3904-3b49-4f5e-acc6-3c787c7a849d.png
Threat Actors: Alex_bog777
Victim Country: South Korea
Victim Industry: Machinery Manufacturing
Victim Organization: kns
Victim Site: knssystem.com - Alleged data leak of Palangkaraya City Fisheries Service
Category: Data Breach
Content: The threat actor claims to have leaked employee data belonging to the Palangkaraya City Fisheries Service. The exposed dataset contains sensitive employee information, including employee names, job positions, domicile details, complete residential addresses, active mobile phone numbers, and email addresses.
Date: 2026-01-13T19:21:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Palangkaraya-City-Fisheries-Service-employee-data-leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/318afbf8-f101-437c-b7ed-b4cfe23334e6.png
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Comune di Selargius
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to the Comune di Selargius municipal website. The exposed dataset reportedly contains approximately 124,000 records of full citizen personally identifiable information (PII).
Date: 2026-01-13T19:10:36Z
Network: openweb
Published URL: https://breachforums.bf/Thread-124k-Italy-comune-selargius-ca-it-Full-Citizen-PII-Plaintext-Temporary-Passwor
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cb8be92f-384d-4601-89f9-8b86e9ca6740.png
Threat Actors: Bestjpdata1
Victim Country: Italy
Victim Industry: Government Administration
Victim Organization: comune di selargius
Victim Site: comune.selargius.ca.it - GHOSTNET-X targets the website of FKK UMJ Library Management System
Category: Defacement
Content: The group claims to have defaced the website of Library Management System of Fakultas Kedokteran, Universitas Muhammadiyah Jakarta (UMJ)
Date: 2026-01-13T19:04:19Z
Network: telegram
Published URL: https://t.me/c/3560880038/96
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aac7a1eb-49f7-4a0b-a57c-f999b025c007.png
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: fakultas kedokteran, universitas muhammadiyah jakarta (umj)
Victim Site: perpustakaan.fkkumj.ac.id - Alleged data leak of Multiple Indian Telecom Service
Category: Data Breach
Content: The threat actor claims to be selling an “All India Telecom Services” database with a reported size of 100+ GB. The dataset allegedly includes telecom user data associated with major Indian service providers such as Jio, Airtel, and Vi.
Date: 2026-01-13T18:56:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-All-India-Telecom-Services-database-100-Gb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d4edff84-ad57-4283-813c-475d64e38109.png
Threat Actors: ElectronCursed
Victim Country: India
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Multiple Philippine government agencies
Category: Data Breach
Content: The threat actor claims to be selling large-scale email lists allegedly associated with multiple Philippine government agencies. The leaked data reportedly includes millions of email addresses linked to government domains.
Date: 2026-01-13T18:51:12Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-SELLONG-EMAIL-LIST-GOV-PH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9dcae5e1-f228-47ad-8a66-0ffbef13c5b4.png
Threat Actors: Abduljabar
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - GHOSTNET-X targets the website of HVNA Chimkudo Academy
Category: Defacement
Content: The group claims to have defaced the website of HVNA Chimkudo Academy
Date: 2026-01-13T18:50:30Z
Network: telegram
Published URL: https://t.me/c/3560880038/92
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0f68d17-74ee-4e02-8ba9-484ca57c26bb.png
Threat Actors: GHOSTNET-X
Victim Country: Vietnam
Victim Industry: Professional Training
Victim Organization: hvna chimkudo academy
Victim Site: hocviennhiepanh.com - Alleged data leak of USA Clients of Lawyers
Category: Data Breach
Content: The threat actor claims to be selling a database containing approximately 2,000 records associated with clients of lawyers, marketed as legal leads. The dataset allegedly includes highly sensitive personally identifiable information (PII), such as full names, email addresses, phone numbers, physical addresses, dates of birth, gender, Social Security Numbers (SSNs), marital status, emergency contact details, accident and injury information, insurance company data, policy numbers, medical and therapy details, IP addresses, device and browser fingerprints, geolocation data, and case-related metadata.
Date: 2026-01-13T18:48:29Z
Network: openweb
Published URL: https://darkforums.io/Thread-SSN-EMAIL-PHONE-ADDRESS-relationship-lawyers-clients-Leads
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a43ab23d-d7a1-46e3-86ed-9b457204f462.png
https://d34iuop8pidsy8.cloudfront.net/9dfebe94-9534-4e8d-a4cf-0e2585df2dce.png
Threat Actors: sexybroker
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown - GHOSTNET-X targets the website of Muhammadiyah Mu’allimaat Madrasah Yogyakarta
Category: Defacement
Content: The group claims to have defaced the website of Muhammadiyah Mu’allimaat Madrasah Yogyakarta
Date: 2026-01-13T18:41:35Z
Network: telegram
Published URL: https://t.me/c/3560880038/99
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/381ad871-e628-43c0-b24d-7420956843d8.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: muhammadiyah mu’allimaat madrasah yogyakarta
Victim Site: mas.muallimaat.sch.id - GHOSTNET-X targets the website of Santa Laurensia School
Category: Defacement
Content: The group claims to have defaced the website of Santa Laurensia School
Date: 2026-01-13T18:35:26Z
Network: telegram
Published URL: https://t.me/c/3560880038/99
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b393929-f66a-41c5-90b9-c50902918520.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: santa laurensia school
Victim Site: elibrary.santa-laurensia.sch.id - Alleged data leak of KittyRCE Tool
Category: Data Breach
Content: The threat actor is advertising KittyRCE, a web-server-based Remote Command Execution (RCE) tool designed to bypass Web Application Firewalls (WAF) and maintain stealthy access.
Date: 2026-01-13T18:33:14Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-KittyRCE-WebServers-Based-Remote-Command-Execution-WAF-Bypass-Stealth
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/52f7e178-48ef-4cd3-ae21-d9e639025f8e.png
https://d34iuop8pidsy8.cloudfront.net/1880b937-2d4f-4bc1-8a43-eb928566d172.png
Threat Actors: yanko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Chatouillez-moi
Category: Data Breach
Content: The threat actor claims to have leaked data from chatouillez-moi.com. The exposed data includes approximately 2,778 unique email addresses from newsletter subscriptions and around 195 customer records.
Date: 2026-01-13T18:11:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-chatouillez-moi-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c0547df6-20f7-4fbe-8f4b-28ce39b57f6c.png
Threat Actors: Insecurias
Victim Country: France
Victim Industry: Luxury Goods & Jewelry
Victim Organization: chatouillez-moi
Victim Site: chatouillez-moi.com - Alleged data breach of Nafta Academy
Category: Data Breach
Content: The threat actor claims to have leaked data belonging to Nafta Academy, reportedly affecting 5,000+ customer accounts. The exposed dataset is said to include email addresses and passwords of registered users.
Date: 2026-01-13T18:10:28Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-naftaacademy-5K-cust-email-password
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e952f23c-20de-4028-9a0b-4e9992b70ba0.png
Threat Actors: adamw991
Victim Country: Pakistan
Victim Industry: E-Learning
Victim Organization: nafta academy
Victim Site: naftaacademy.com - Alleged sale of unauthorized server access to unidentified website from USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized server access to an unidentified public website and client portal used for tax case management from USA.
Date: 2026-01-13T18:06:59Z
Network: tor
Published URL: https://exploitivzcm5dawzhe6c32bbylyggbjvh5dyvsvb5lkuz5ptmunkmqd.onion/topic/273712/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/31a6b853-f04f-4992-9a4d-2f7de2c0bed5.png
Threat Actors: powder12
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - North Adriatic Sea Port Authority falls victim to ANUBIS Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-13T18:05:10Z
Network: tor
Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/6Lvh9+A6+GyNby820TQPM3sCJMx54PPxhBeEcYN4v4nPXINhsFjCgfNsV1YmHlddli8OKURoCWqUOzFue2g2JaOVNRU2pC
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a036b236-4be3-42ff-a20b-9cd236df4c6f.png
https://d34iuop8pidsy8.cloudfront.net/d682f111-1207-4ef4-b79c-518c085a1638.png
https://d34iuop8pidsy8.cloudfront.net/9b791851-1338-49a3-8e0e-06f5c1ce1b8a.png
https://d34iuop8pidsy8.cloudfront.net/04ef7020-69af-471c-9695-0b4de415b539.png
https://d34iuop8pidsy8.cloudfront.net/94102f9e-1ed1-4b1f-b6c6-0f9ed5c74de3.png
https://d34iuop8pidsy8.cloudfront.net/6602bf73-2c41-4bd1-887e-f73482c523d2.png
Threat Actors: ANUBIS
Victim Country: Italy
Victim Industry: Government Administration
Victim Organization: north adriatic sea port authority
Victim Site: port.venice.it - Alleged data breach of Palevo
Category: Data Breach
Content: The threat actor claims to have leaked data associated with Palevo .The exposed dataset reportedly contains user registration records, including usernames, email addresses, account identifiers , and registration timestamps.
Date: 2026-01-13T18:03:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Palevo-com-Date-2021-Leaks
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/afb0b46d-7675-4cec-a4cb-9dfe2874f9e5.png
Threat Actors: aiyewumi
Victim Country: Russia
Victim Industry: Manufacturing
Victim Organization: palevo
Victim Site: palevo.com - Alleged data breach of Water and Power Development Authority (WAPDA)
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly related to Water and Power Development Authority (WAPDA), Pakistan. The exposed archive is reported to contain a large internal database backup with an uncompressed size of approximately 3.31 GB.
Date: 2026-01-13T18:02:20Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-PK-Water-and-Power-Development-Authority
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e0a5a4f2-59cb-427d-95d8-05b2397cfd8e.png
Threat Actors: breach3d
Victim Country: Pakistan
Victim Industry: Government & Public Sector
Victim Organization: water and power development authority (wapda)
Victim Site: wapda.gov.pk - maul1337 taregts the website of E-Destinations Travel Services
Category: Defacement
Content: The group claims to have defaced the website of E-Destinations Travel Services
Date: 2026-01-13T17:41:14Z
Network: telegram
Published URL: https://t.me/maul1337anon/447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/59d97bcc-9039-41ab-87ea-d63a88f0f230.png
Threat Actors: maul1337
Victim Country: Pakistan
Victim Industry: Hospitality & Tourism
Victim Organization: e-destinations travel services
Victim Site: edestinationspk.com - Alleged data leak of Armenia Population Database
Category: Data Breach
Content: The threat actor claims to be offering an Armenia population database allegedly containing approximately 3.1 million records. The exposed data is said to include social security numbers (SSN), passport numbers, first and last names, second names, dates of birth, issue dates, and residential addresses.
Date: 2026-01-13T17:30:31Z
Network: openweb
Published URL: https://darkforums.io/Thread-Armenia-Population-Database-3-1M-Records
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/750c2fc8-98b4-44b1-ac57-4c1c92048ea7.png
Threat Actors: datsell_alld
Victim Country: Armenia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - DARK 07x targets the website of Avis Piano
Category: Defacement
Content: The group claims to have defaced the website of Avis Piano
Date: 2026-01-13T17:26:51Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42efd60f-1b8b-4e5d-9022-4ec151c17724.png
https://d34iuop8pidsy8.cloudfront.net/fd2773c0-63f5-433f-9c1a-0e6cc07ea6b2.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Consumer Electronics
Victim Organization: avis piano
Victim Site: avispiano.fr - DARK 07x targets the website of Équitation Club
Category: Defacement
Content: The group claims to have defaced the website of Équitation Club.
Date: 2026-01-13T17:25:12Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa66cf70-717f-4d1a-b485-c4d8181b5556.png
https://d34iuop8pidsy8.cloudfront.net/6279d473-6612-4b45-bd55-cb3c6d4f5f75.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Sports
Victim Organization: équitation club
Victim Site: equitation-club.fr - DARK 07x targets the website of Il Mio Piano
Category: Defacement
Content: The group claims to have defaced the website of Il Mio Piano
Date: 2026-01-13T17:22:05Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/541e16af-7bad-470f-967a-e89465fec1a8.png
https://d34iuop8pidsy8.cloudfront.net/1d80e45a-47e8-4a62-ada7-b481fd09f272.png
Threat Actors: DARK 07x
Victim Country: Italy
Victim Industry: Retail Industry
Victim Organization: il mio piano
Victim Site: ilmiopiano.it - Alleged sale of 0-Day Android Full-Chain RCE
Category: Vulnerability
Content: Threat actor claims to be selling 0-day 1 click full-chain RCE exploit for Android.
Date: 2026-01-13T17:21:31Z
Network: tor
Published URL: https://exploitivzcm5dawzhe6c32bbylyggbjvh5dyvsvb5lkuz5ptmunkmqd.onion/topic/273711/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35cdf836-f753-4893-9a36-78ce49e04d05.png
Threat Actors: zeroplayer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - DARK 07x targets the website of Avis Piano
Category: Defacement
Content: The group claims to have defaced the website of Avis Piano
Date: 2026-01-13T17:20:07Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42efd60f-1b8b-4e5d-9022-4ec151c17724.png
https://d34iuop8pidsy8.cloudfront.net/fd2773c0-63f5-433f-9c1a-0e6cc07ea6b2.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Consumer Electronics
Victim Organization: avis piano
Victim Site: avispiano.fr - DARK 07x targets the website of Amine Aissaoui
Category: Defacement
Content: The group claims to have defaced the website of Amine Aissaoui
Date: 2026-01-13T17:14:39Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e28acf1f-a8f8-4696-8673-c2898a06c0ae.png
https://d34iuop8pidsy8.cloudfront.net/ccc814b3-dad4-45f9-bf09-74d306538928.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Software Development
Victim Organization: amine aissaoui
Victim Site: demo-rh.amineaissaoui.com - Alleged data breach of VietISO
Category: Data Breach
Content: A threat actor claims to have leaked a customer database belonging to VietISO’s Vietnam-based travel CRM platform. The dataset allegedly contains approximately 209,000 records associated with Vietnamese travel clients and is described as including full KYC information. Exposed data reportedly consists of full names, national ID numbers (CCCD), dates of birth, phone numbers, and complete residential addresses.
Date: 2026-01-13T17:07:04Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-VIETISO-COM-%E2%80%94-209K-VIETNAMESE-TRAVEL-CLIENTS-FULL-KYC-DATA-2026-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5cc095c-ec7e-471a-8e3e-127fd2e1c53c.png
Threat Actors: Solonik
Victim Country: Vietnam
Victim Industry: Leisure & Travel
Victim Organization: vietiso
Victim Site: vietiso.com - Alleged unauthorized access to PLIVA
Category: Initial Access
Content: The group claims to have gained unauthorized access to the systems of PILVA.
Note: PLIVA has been a wholly owned subsidiary of Teva Pharmaceutical Industries since its acquisition in 2008; however, PLIVA continues to operate under its own brand and infrastructure in the regional market.
Date: 2026-01-13T17:02:23Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3294
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ed1fb5e-585f-4daa-a229-d86fb4a85ae5.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Croatia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: pliva
Victim Site: pliva.hr
- DARK 07x targets the website of Amine AISSAOUI
Category: Defacement
Content: The group claims to have defaced the personal website of Amine AISSAOUI
Date: 2026-01-13T17:01:06Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eb18f474-ded1-474f-846a-32d26a4a3244.png
https://d34iuop8pidsy8.cloudfront.net/ee6caa38-4312-459b-87c5-a8f6a4e021b3.png
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Graphic & Web Design
Victim Organization: amine aissaoui
Victim Site: amineaissaoui.com - Alleged data leak of Jeffrey Epstein case related documents
Category: Data Breach
Content: A threat actor claims to have released a bundled archive of high-profile documents related to the Jeffrey Epstein case. which including flight logs, contact books, court filings, legal transcripts, and investigative exhibits. The dataset reportedly contains names, contact details, travel records, legal documents, and related evidentiary files, and is presented as raw material intended for investigative, journalistic, or OSINT use.
Date: 2026-01-13T16:58:50Z
Network: openweb
Published URL: https://darkforums.io/Thread-Document-EPSTEIN-FILES-2024-%E2%80%94-FLIGHT-LOGS-BLACK-BOOK-US-COURT-DOCS-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad467f6d-0953-47f3-a05e-514606ae507e.png
https://d34iuop8pidsy8.cloudfront.net/0e4f879d-2714-41fd-bb3c-602c1ea4a771.png
Threat Actors: Solonik
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Uzbekistan Institute of Cybersecurity and Confidential Information
Category: Data Breach
Content: The threat actor claims to have leaked confidential student-related data associated with a cybersecurity institute in Uzbekistan. The leaked information allegedly includes approximately 10,000 student accounts, containing full names, personal identification numbers, and other sensitive records.
Date: 2026-01-13T16:58:09Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Uzbekistan-Institute-of-Cybersecurity-and-Confidential-Information-10k-student-accoun–64470
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8c09d15-2ae0-40fe-bb56-3c14e5581791.png
Threat Actors: tocyber
Victim Country: Uzbekistan
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Perdana Petroleum Berhad falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 150 GB of the organization’s data. The data includes
Financial Documents, Legal Documents, Supplier Documents, Customer Data and they intend to publish it within 28-29 days.
Date: 2026-01-13T16:56:44Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e90ef1f0-61e1-4f7a-bea5-d3d389131ed3.png
Threat Actors: Dire Wolf
Victim Country: Malaysia
Victim Industry: Maritime
Victim Organization: perdana petroleum berhad
Victim Site: perdana.my - DARK 07x targets the website of Cabinet Dr. OUAKKEL
Category: Defacement
Content: The group claims to have defaced the website of Cabinet Dr. OUAKKEL
Date: 2026-01-13T16:55:36Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8dffb65e-9910-4df3-9f80-0eca3bc4c381.png
https://d34iuop8pidsy8.cloudfront.net/3447b75b-c9f8-4fc7-a60d-690222fccbfc.png
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Medical Practice
Victim Organization: cabinet dr. ouakkel
Victim Site: dr-ouakkel.com - Alleged data breach of Jenderal Soedirman University
Category: Data Breach
Content: A threat actor claims to have leaked a student directory database associated with Jenderal Soedirman University (UNSOED). The dataset reportedly contains approximately 42,000 student records and is distributed in CSV format. The exposed information allegedly includes full names, student identification numbers, faculty details, university-issued email addresses, and mobile phone numbers.
Date: 2026-01-13T16:52:35Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-UNSOED-AC-ID-%E2%80%94-42K-INDONESIAN-UNIVERSITY-STUDENT-RECORDS-EMAIL-PHONE-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/94b62a3e-d024-4f69-be0c-5b4aa027f025.png
https://d34iuop8pidsy8.cloudfront.net/b8210d63-d0e5-4b91-987a-e74cdd6d5876.png
Threat Actors: Solonik
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: jenderal soedirman university
Victim Site: unsoed.ac.id - Chemsain Konsultant Sdn Bhd falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 60 GB of the organization’s data. The data includes
Internal Documents and Financial Documents.
Date: 2026-01-13T16:45:13Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ed16d0ba-163e-466e-b700-78237f4c27e0.png
Threat Actors: Dire Wolf
Victim Country: Malaysia
Victim Industry: Environmental Services
Victim Organization: chemsain konsultant sdn bhd
Victim Site: chemsain.com - Alleged data leak of Indonesia’s Regional Agency for Personnel and Human Resources Development
Category: Data Breach
Content: The group claims to have leaked the data of Regional Human Resources Development and Personnel Agency of Bangka Regency which include identification numbers, educational backgrounds, assigned government units, and operational positions
Date: 2026-01-13T16:44:26Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec61270f-dbe6-4989-a9ca-c05e1b65dd13.jpg
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: regional agency for personnel and human resources development
Victim Site: bkpsdm.medan.go.id - Tepco-Group falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 300 GB of the organization’s data. The data includes Internal Documents, Financial Documents, Legal Documents, Design Drawings, Audit Documents, Internal Agreements, Customer Data, Financial Records, Personal Information and they intend to publish it within 27-28 days.
Date: 2026-01-13T16:42:05Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/05c668a3-8099-4739-a9c8-ae20cb18db70.png
Threat Actors: Dire Wolf
Victim Country: Egypt
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: tepco-group
Victim Site: tepco-group.com - Alleged data breach of Italian Public Administration
Category: Data Breach
Content: A threat actor shared a dataset containing over 30,000 email contact records linked to Italian public administration entities. The data was distributed in CSV format and appears to consist of official government and public-sector email addresses.
Date: 2026-01-13T16:41:12Z
Network: openweb
Published URL: https://darkforums.io/Thread-Document-30K-Italian-public-administration-email-contacts
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c179ce14-425e-43c9-8a46-28af23a24ec4.png
Threat Actors: Valectio
Victim Country: Italy
Victim Industry: Government & Public Sector
Victim Organization: italian public administration
Victim Site: gov.it - DARK 07x targets the website of Architect Tunisia
Category: Defacement
Content: The group claims to have defaced the website of Architect Tunisia
Date: 2026-01-13T16:40:25Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7209e994-737f-433a-b297-9919a7b527e0.png
https://d34iuop8pidsy8.cloudfront.net/b336dfa5-6a77-4046-b9e3-404ec3304285.png
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Architecture & Planning
Victim Organization: architect tunisia
Victim Site: architectetunisie.com - DARK 07x taregst the website of Music Universe
Category: Defacement
Content: The group claims to have defaced the website of Music Universe
Date: 2026-01-13T16:18:41Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/570ce182-9731-49f3-82c7-646267ef1cc5.png
https://d34iuop8pidsy8.cloudfront.net/c6f5d1b1-40d3-46bf-907c-068643c74c06.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Music
Victim Organization: music universe
Victim Site: musique-univers.fr - Alleged data breach of SMKN 1 Luragung
Category: Data Breach
Content: The threat actor leaked data belonging to SMK Negeri 1 Luragung (Indonesia). The exposed dataset reportedly contains personally identifiable information of students and teachers, including full names, contact email addresses, telephone numbers, and residential address details.
Date: 2026-01-13T16:14:51Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-FREE-SMKN-1-Luragung-Indonesia-637-Fresh-Teacher-Student-Records-PII
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/696ea210-772a-4d32-a679-440bf1a6fec6.png
https://d34iuop8pidsy8.cloudfront.net/496fc0cf-d72e-492c-ab20-d85a8d596ee4.png
Threat Actors: WhoLoveMe
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smkn 1 luragung
Victim Site: smkn1luragung.sch.id - DARK 07x targets the website of Para Bio
Category: Defacement
Content: The group claims to have defaced the website of Para Bio
Date: 2026-01-13T16:14:02Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a36854f1-2530-40e2-8f8e-d508a87834c3.png
https://d34iuop8pidsy8.cloudfront.net/2eb566ca-c9e2-4b3e-8dca-38a03f860240.png
Threat Actors: DARK 07x
Victim Country: Unknown
Victim Industry: Health & Fitness
Victim Organization: para bio
Victim Site: para-bio.com - DARK 07x targets the website of Vinologue
Category: Defacement
Content: The group claims to have defaced the website of Vinologue
Date: 2026-01-13T15:48:16Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd9aaf33-35d8-4594-ac62-3e878cba5f6f.jpg
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Publishing Industry
Victim Organization: vinologue
Victim Site: vinologue.fr - DARK 07x targets the website of Dhomda
Category: Defacement
Content: The group claims to have defaced the website of Dhomda
Date: 2026-01-13T15:38:07Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3dd5d9a-8789-411f-a6d5-68df70a76487.jpg
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Agriculture & Farming
Victim Organization: dhomda
Victim Site: dhomda.tn - DARK 07x targets the website of SERS INGENIERIE
Category: Defacement
Content: The group claims to have defaced the website of SERS INGENIERIE
Date: 2026-01-13T15:28:16Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/afabfa1b-7d43-4e8a-862d-b10eadb20990.png
https://d34iuop8pidsy8.cloudfront.net/774e7a22-2ce1-4903-9473-0590b63aecc7.png
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Civil Engineering
Victim Organization: sers ingenierie
Victim Site: rh.sers-ingenierie.com - Bulk Handling Systems falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 24 GB of the organization’s data. The compromised data reportedly includes detailed employee personal information (addresses, phones, emails, scans of personal documents and so on), projects, client information, lots of internal confidential files, financials, credit cards, NDAs and so on.
Date: 2026-01-13T15:27:43Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b2c8227a-04da-4691-9909-5e5097be6ea5.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: bulk handling systems
Victim Site: bulkhandlingsystems.com - DARK 07x targets the website of Penta Services
Category: Defacement
Content: The group claims to have defaced the website of Penta Services
Date: 2026-01-13T15:26:11Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b47ef206-3d22-4860-af06-08c403334bc5.jpg
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: E-commerce & Online Stores
Victim Organization: penta services
Victim Site: pentaservices.tn - DARK 07x targets the website of Cinema Zone
Category: Defacement
Content: The group claims to have defaced the website of Cinema Zone
Date: 2026-01-13T15:25:25Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e60d548-0348-4792-9aef-0915fad44aab.jpg
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Entertainment & Movie Production
Victim Organization: cinema zone
Victim Site: zone-cine.fr - DARK 07x targets the website of Chikhaoui Group
Category: Defacement
Content: The group claims to have defaced the website of Chikhaoui Group
Date: 2026-01-13T15:11:19Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/407?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17c1ba54-0a49-454c-b857-738564986462.jpg
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Agriculture & Farming
Victim Organization: chikhaoui group
Victim Site: groupechikhaoui.tn - Alleged data breach of IPTV
Category: Data Breach
Content: The threat actor claims to have leaked source code of IPTV.
Date: 2026-01-13T14:33:38Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Syria-ProTVBYPROTECH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df391c77-ba9e-4460-bca8-3a161e51aa9b.png
Threat Actors: MR3B1915KURD
Victim Country: Syria
Victim Industry: Entertainment & Movie Production
Victim Organization: iptv
Victim Site: iptv.sy - Alleged unauthorized access to Pause Factory
Category: Initial Access
Content: Threat actor claims to have leaked unauthorized admin access to Pause Factory.
Date: 2026-01-13T14:26:07Z
Network: openweb
Published URL: https://xforums.st/threads/pausefactory-org-admin-wp-login.478652/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1395f25b-685e-4c40-ba1e-1386ef06d0f5.png
Threat Actors: X Forum Bot
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: pause factory
Victim Site: pausefactory.org - Itasca Consulting Group, Inc. falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 20 GB of the the organization’s data. The compromised data reportedly includes employee personal information such as addresses, phones, emails, scans of personal documents, projects, client information, internal confidential files, financials, credit cards, NDAs etc.
Date: 2026-01-13T14:15:35Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b58954c9-0ab6-465d-b691-d5b0abbcaff5.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Software
Victim Organization: itasca consulting group, inc.
Victim Site: itascacg.com - Alleged data breach of plus shopping mall
Category: Data Breach
Content: The group claims to have breached the organisations data.
Date: 2026-01-13T14:09:42Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-ddsign-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2034d119-49a5-4328-9310-19015282bb55.JPG
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: E-commerce & Online Stores
Victim Organization: plus shopping mall
Victim Site: ddsign.co.kr - maul1337 targets the website of Cooch Behar Municipality
Category: Defacement
Content: The group claims to have defaced the website of Cooch Behar Municipality.
Date: 2026-01-13T14:04:51Z
Network: telegram
Published URL: https://t.me/maul1337anon/445
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a75155b-74b2-49d2-8630-0bf64d481b86.jpg
Threat Actors: maul1337
Victim Country: India
Victim Industry: Government Administration
Victim Organization: cooch behar municipality
Victim Site: coochbeharmunicipality.guilditsolutions.com - Pinoy XploitSec targets the website of PeopleOnBench
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-13T13:48:10Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226191
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a64a4ce7-4daf-4490-883d-eef64e2cf4a3.png
Threat Actors: Pinoy XploitSec
Victim Country: UAE
Victim Industry: Human Resources
Victim Organization: peopleonbench
Victim Site: peopleonbench.com - Alleged leak of login access to PEMERINTAH KABUPATEN BANYUWANGI
Category: Initial Access
Content: The group claims to have leaked login access to PEMERINTAH KABUPATEN BANYUWANGI
Date: 2026-01-13T13:33:54Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/27
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/719d7b30-ad50-4efd-b072-1bae54de363d.jpg
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: pemerintah kabupaten banyuwangi
Victim Site: dasawisma.banyuwangikab.go.id - YIIX103 targets the website of kuwaitgreenenergy.net
Category: Defacement
Content: The group claims to have defaced the website of kuwaitgreenenergy.net
Date: 2026-01-13T13:28:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777474
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/07b807f6-ad74-46bd-8b40-4fba5a1e8782.JPG
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kuwaitgreenenergy.net - ZenXPloit targets the website of SMA Negeri 1 Tual
Category: Defacement
Content: The group claims to have defaced the website of SMA Negeri 1 Tual
Date: 2026-01-13T12:58:18Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/790
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f73937dc-d24a-4ab4-a74a-10c589d44e84.JPG
Threat Actors: ZenXPloit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sma negeri 1 tual
Victim Site: sman1tual.sch.id - Alleged data breach of IWINV
Category: Data Breach
Content: The threat actor claims to have breached 144,000 user records from IWINV, allegedly containing customer details, admin accounts, login credentials, hashed passwords, and more.
Date: 2026-01-13T12:52:59Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-IWINV-KR-%E2%80%94-144K-KOREAN-VPS-HOSTING-USERS-LOGIN-FULL-SQL-DUMP-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e6ae87c-5ec9-4c37-a346-3a42dc7a585a.png
https://d34iuop8pidsy8.cloudfront.net/3954d8f2-2c95-417c-94a6-c05b761615a6.png
Threat Actors: Solonik
Victim Country: South Korea
Victim Industry: Network & Telecommunications
Victim Organization: iwinv
Victim Site: iwinv.kr - Alleged data breach of Universitas Raharja
Category: Data Breach
Content: The group claims to have leaked databases of Universitas Raharja in Indonesia.
Date: 2026-01-13T12:50:24Z
Network: telegram
Published URL: https://t.me/c/3054021775/313
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bddb41c2-3184-4272-a389-70a996963e41.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: universitas raharja
Victim Site: raharja.ac.id - BROTHERHOOD CAPUNG INDONESIA targets the website of Respiratory Journals
Category: Defacement
Content: The group claims to have defaced the website of Respiratory Journals
Date: 2026-01-13T12:43:56Z
Network: telegram
Published URL: https://t.me/c/3054021775/315
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c5a7608e-b5a6-4f5c-b2e6-b538a0b11a04.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: India
Victim Industry: Hospital & Health Care
Victim Organization: respiratory journals
Victim Site: respiratoryjournals.com - THSEC targets the website of Teesside University
Category: Defacement
Content: The group claims to have defaced the website of Teesside University
Date: 2026-01-13T12:37:05Z
Network: telegram
Published URL: https://t.me/thsecthailand/258
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/143f4015-235d-4ed0-8ef3-b2f0cae34ac0.jpg
Threat Actors: THSEC
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: teesside university
Victim Site: tucambodia.com - Dubai Aviation Engineering Projects falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data and intend to publish within 12 to 13 days.
Date: 2026-01-13T12:28:23Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70c91965-6ba3-4c35-9fdb-defb4aaaabad.png
Threat Actors: Nova
Victim Country: UAE
Victim Industry: Airlines & Aviation
Victim Organization: dubai aviation engineering projects
Victim Site: airwing.govu.ae - KW Living Realty falls victim to SECUROTROP ransomware
Category: Ransomware
Content: The threat actor claims to have obtained 2105 GB of the organisations data, they intend to publish it within 7 days.
Date: 2026-01-13T12:28:02Z
Network: tor
Published URL: http://securo45z554mw7rgrt7wcgv5eenj2xmxyrsdj3fcjsvindu63s4bsid.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd81d623-cedb-4814-980e-60b71f47cbec.JPG
Threat Actors: SECUROTROP
Victim Country: Canada
Victim Industry: Real Estate
Victim Organization: kw living realty
Victim Site: livingrealtykw.com - Gulf Business Machines Falls Victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained 200 GB of the organization’s data. The compromised data reportedly includes fiscal data, internal emails, budgets, and other sensitive information, and the group intends to publish it within 1–2 days.
Date: 2026-01-13T12:24:07Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69657e3e8f1d14b7437febc5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ddeeba8a-e94d-4078-8c07-abb613eb9cf8.png
Threat Actors: INC RANSOM
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: gulf business machines
Victim Site: gbmme.com - Alleged sale of Thai Military Intelligence Server
Category: Data Breach
Content: The threat actor claims to be selling 27000 documents from Thai Military Intelligence Server.
Date: 2026-01-13T11:45:40Z
Network: openweb
Published URL: https://breachstars.io/topic/27000-documents-from-thai-military-intelligence-server-nape2cu5h1k6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ffc1e108-242f-45a1-bb27-f489007945d1.png
Threat Actors: LeakedMilitary
Victim Country: Thailand
Victim Industry: Military Industry
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of European Historic Houses
Category: Data Breach
Content: The threat actor claims to have breached 6,996 rows of data belonging to European Historic Houses.
Date: 2026-01-13T11:11:57Z
Network: openweb
Published URL: https://leakbase.la/threads/full-sql-db-users-from-a-p3d0-forum.48157/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c4f7d63-421d-4af5-8bf8-943a7b8ca294.png
Threat Actors: DeedSe_VII
Victim Country: Belgium
Victim Industry: Legal Services
Victim Organization: european historic houses
Victim Site: europeanhistorichouses.eu - Alleged data breach of 2nd Army Region
Category: Data Breach
Content: The group claims to have breached 461,346 lines of data of the organisation, allegedly including id, x, y, gun type, brand, type G, gun number, place attack and more.
Date: 2026-01-13T10:55:19Z
Network: telegram
Published URL: https://t.me/H3c4kedzHacker/278
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5c9299a-17bd-4df3-b9d2-28a84915730c.JPG
Threat Actors: H3C4KEDZ
Victim Country: Thailand
Victim Industry: Military Industry
Victim Organization: 2nd army region
Victim Site: web.army2.mi.th - Alleged leak of Bayraktar TB2
Category: Data Breach
Content: The group claims to have leaked data of Bayraktar TB2 UAV.
Date: 2026-01-13T10:36:55Z
Network: telegram
Published URL: https://t.me/hackberegini/3156
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33ee98b0-a8b7-4cad-8033-173a39a8e67e.png
Threat Actors: Beregini
Victim Country: Turkey
Victim Industry: Defense & Space
Victim Organization: baykar tech
Victim Site: baykartech.com - Alleged data breach of Prabharani Institute of Education
Category: Data Breach
Content: The group claims to have breached the data of Prabharani Institute of Education
Date: 2026-01-13T10:02:37Z
Network: telegram
Published URL: https://t.me/c/3054021775/310
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f7fdc98f-000f-49fa-a160-4192e9c8b1cd.JPG
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: India
Victim Industry: Education
Victim Organization: prabharani institute of education
Victim Site: prabharaniinstitutebed.in - Commercial Paving Ltd. falls victim to BEAST Ransomware
Category: Ransomware
Content: The group claims to have obtained 150 GB of the organization’s data and intends to publish it within 13–14 days.
Date: 2026-01-13T09:36:06Z
Network: tor
Published URL: http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/commercial_paving_ltd_
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a64f1850-dbd6-439f-b28f-bc64d91eb36a.png
Threat Actors: BEAST
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: commercial paving ltd.
Victim Site: commercialpaving.ca - Alleged data leak of Wonogiri Regency Public Order Agency
Category: Data Breach
Content: The group claims to have leaked data of Wonogiri Regency Public Order Agency.
Date: 2026-01-13T09:15:10Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/245
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ac924a2-b299-4688-af94-bc0e4d7d2b6f.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: wonogiri regency public order agency
Victim Site: satpolpp.wonogirikab.go.id - Alleged data leak of PPG FKIP UNTIDAR
Category: Data Breach
Content: The group claims to have leaked data of PPG FKIP UNTIDAR, containing name, register numbers, course name etc.
Date: 2026-01-13T09:14:23Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/248
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2d03ed5d-0d5e-4a72-a3d6-a9df7bac852f.jpg
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: ppg fkip untidar
Victim Site: ppg-fkip.untidar.ac.id’ - Alleged data leak of REGIONAL FINANCIAL AND REVENUE MANAGEMENT AGENCY
Category: Data Breach
Content: The group claims to have leaked data of REGIONAL FINANCIAL AND REVENUE MANAGEMENT AGENCY.
Date: 2026-01-13T09:05:10Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6e78758-530c-4a02-ade9-e1b7bb84fe3c.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of all India telecom services database
Category: Data Breach
Content: The group claims to have breached 120 GB of all India telecom services database including Jio, Vi, Airtell.
Date: 2026-01-13T08:33:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-All-India-Telecom-Services-database-120-Gb-Jio-Vi-Airtell
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f003476b-dae6-4e6c-8a1b-25d269a2ad29.JPG
Threat Actors: ElectronCursed
Victim Country: India
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: jio.com - t0 targets the website of Auspicious Design
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-13T08:32:10Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226129
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/917ad5cc-57b9-40a0-a398-db3834a0d936.png
Threat Actors: t0
Victim Country: UAE
Victim Industry: Furniture
Victim Organization: auspicious design
Victim Site: auspicious.ae - PhantomSec1337 targets the website of Home Craft Real Estate Dubai
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-13T08:29:49Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226190
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0eabab7-d38b-4e0a-bb58-e324000e42ea.png
Threat Actors: PhantomSec1337
Victim Country: UAE
Victim Industry: Real Estate
Victim Organization: home craft real estate dubai
Victim Site: homecraftdubai.com - MR-4PEAJE targets the website of hdcdubai.com
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-13T08:28:56Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226045
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c135781-6de5-4a08-93cd-000b974828f4.png
Threat Actors: MR-4PEAJE
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hdcdubai.com - Alleged leak of login access to EOS OSMYS
Category: Initial Access
Content: The group claims to have leaked login access to EOS OSMYS.
Date: 2026-01-13T08:23:03Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/19
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1ebeef1-7b7e-4884-b468-c3947941f461.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: eos osmys
Victim Site: eosmosys.jabarprov.go.id - Alleged data leak of employees of west java province
Category: Data Breach
Content: The group claims to have leaked the data of employees of west java province.
Date: 2026-01-13T08:16:42Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/18
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d4648a08-2d2f-49e2-bb5b-b439e4308404.JPG
Threat Actors: CinCauGhast
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - BontenSec targets the website of Almas Stitching & Embroidery Materials Trading
Category: Defacement
Content: The group claims to have defaced the website of Almas Stitching & Embroidery Materials Trading.
Date: 2026-01-13T07:33:53Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226134
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c66c0948-3e55-4f6d-958c-2cc0b63d03d8.png
Threat Actors: BontenSec
Victim Country: UAE
Victim Industry: Textiles
Victim Organization: almas stitching & embroidery materials trading
Victim Site: almasdubai.ae - chinafans targets the website of Apure State Attorney General’s Office
Category: Defacement
Content: Group claims to have defaced the website of Apure State Attorney General’s Office.
Date: 2026-01-13T07:30:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777618
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36567bc4-df90-4a6f-813f-6f169377d8c2.png
Threat Actors: chinafans
Victim Country: Venezuela
Victim Industry: Government Administration
Victim Organization: apure state attorney general’s office
Victim Site: procuraduria.apure.gob.ve - CyberOprationCulture targets the website of Rental Telescope
Category: Defacement
Content: The group claims to have defaced the website of Rental Telescope
Mirror: https://haxor.id/archive/mirror/242756
Date: 2026-01-13T07:22:55Z
Network: telegram
Published URL: https://t.me/c/3421269527/65
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c125c482-7e51-4f0b-94a0-b8892f6176c5.png
Threat Actors: CyberOprationCulture
Victim Country: Italy
Victim Industry: Real Estate
Victim Organization: rental telescope
Victim Site: rentalscope.it - YIIX103 targets the website of Saudi Invest
Category: Defacement
Content: Group claims to have defaced the website of Saudi Invest.
Date: 2026-01-13T07:21:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777479
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8958476a-e7e5-41a2-8dac-c6110d33de36.png
Threat Actors: YIIX103
Victim Country: Saudi Arabia
Victim Industry: Business and Economic Development
Victim Organization: saudi invest
Victim Site: saudiinvest.net - Alleged Sale of unauthorized webshell access to multiple websites
Category: Initial Access
Content: The threat actor claims to be selling 10,000 webshell accesses, 5,000 WHMCS host server accesses, and over 5,400 cPanel accesses, allegedly linked to more than 50,000 compromised domains across multiple TLDs (.edu, .gov, .com, .org, etc.).
Date: 2026-01-13T07:19:20Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-10K-Webshell-Access-5K-WHMCS-Access-with-more-than-50k-Domains-on-cPanel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9274bd1e-4af2-428c-9129-e95c580297a1.png
Threat Actors: timcookapple
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - YIIX103 targets the website of British Neurology Psychiatry Center
Category: Defacement
Content: The group claims to defaced the webiste of British Neurology Psychiatry Center
Date: 2026-01-13T07:01:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777455
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf386c68-baf0-4ac3-a232-d7c65fcd73b3.png
Threat Actors: YIIX103
Victim Country: UAE
Victim Industry: Mental Health Care
Victim Organization: british neurology psychiatry center
Victim Site: britishcenteruae.com - YIIX103 targets the website of AIK Investment Co
Category: Defacement
Content: Group claims to have defaced the website of AIK Investment Co.
Date: 2026-01-13T06:51:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777436
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b74a091b-8c59-4306-8396-3d28fd444ae7.png
Threat Actors: YIIX103
Victim Country: Saudi Arabia
Victim Industry: Financial Services
Victim Organization: aik investment co
Victim Site: aik.com.sa - YIIX103 targets the website of auzfz.ae
Category: Defacement
Content: Group claims to have defaced the website of auzfz.ae.
Date: 2026-01-13T06:48:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777451
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bcfdb562-6131-4c86-a843-88ff12afa9d0.png
Threat Actors: YIIX103
Victim Country: UAE
Victim Industry: E-commerce & Online Stores
Victim Organization: auzfz.ae
Victim Site: auzfz.ae - Alleged Data Breach of Nazdika
Category: Data Breach
Content: The threat actor claims to be leaked 150 GB of data from Nazdika. The compromised data reportedly includes Private chat messages, Message metadata, Sender IDs and target IDs, Message timestamps
Date: 2026-01-13T06:18:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-IRAN-Iran-s-biggest-chatting-service-NAZDIKA-All-Private-messages
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/941d1997-0cf3-4c29-90b0-46ed8917e384.png
https://d34iuop8pidsy8.cloudfront.net/3d4b8754-0850-4f0e-b353-b1781d163e46.png
https://d34iuop8pidsy8.cloudfront.net/67622bdc-b28c-4aba-ad3b-0623726492b3.png
Threat Actors: xploitleaks
Victim Country: Iran
Victim Industry: Social Media & Online Social Networking
Victim Organization: nazdika
Victim Site: nazdika.com - Alleged sale of 0day vulnerability to unidentified ecommerce platform
Category: Vulnerability
Content: Threat actor claims to be selling 0day ssrf vulnerability to unidentified ecommerce platform.
Date: 2026-01-13T06:17:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0day-exploit-on-popular-ecommerce-platform
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/617e75bd-0f34-424e-a12e-17c5a5264c34.png
Threat Actors: asfkdj3229tg43ejg
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of Condé Nast
Category: Data Breach
Content: The threat actor claims to be leaked data from Condé Nast. The compromised data reportedly including Email, Phone, First name, Last name, Gender, Birthday, Address, Username
Date: 2026-01-13T05:34:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-40M-Cond%C3%A9-Nast-Database-VOGUE-NEW-YORKER-GQ-GLAMOUR-WIRED-30-other
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d268d26-f58d-4266-a6f4-2bb1308b28b8.png
Threat Actors: lovelycorp
Victim Country: USA
Victim Industry: Media Production
Victim Organization: condé nast
Victim Site: condenast.com - Alleged login access to Sindicato de Choferes 4 de Octubre de Penipe
Category: Initial Access
Content: The group claims to have gained login access to Sindicato de Choferes 4 de Octubre de Penipe
Date: 2026-01-13T05:33:31Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/231
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4b23cfc-698e-487b-85b1-e9505cec7e0b.png
Threat Actors: TEAM MR PLAX
Victim Country: Ecuador
Victim Industry: Education
Victim Organization: sindicato de choferes 4 de octubre de penipe
Victim Site: evirtual.sindicatopenipe.com - Alleged leak of shell access to Royal University of Phnom Penh
Category: Initial Access
Content: The group claims to have gained unauthorized shell access to the website of Royal University of Phnom Penh
Date: 2026-01-13T05:29:30Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/628
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d3a6c751-db0c-4e56-9bab-614ef25ff891.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: royal university of phnom penh
Victim Site: fed.rupp.edu.kh - Alleged leak of shell access to Brand Practitioners Bangladesh
Category: Initial Access
Content: The group claims to have gained unauthorized shell access to the website of Brand Practitioners Bangladesh
Date: 2026-01-13T05:20:00Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/629
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cb461e8-facb-476d-b197-548436a8e6f2.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Bangladesh
Victim Industry: Marketing, Advertising & Sales
Victim Organization: brand practitioners bangladesh
Victim Site: brandpractitioners.com - Alleged leak of Telecommunication data from India
Category: Data Breach
Content: The threat actor claims to be leaked Telecommunication data from India
Date: 2026-01-13T05:07:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Hitek-All-Over-Indian-Database-Fully
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f38cf7f-712d-4c3b-b25b-4217771c7a37.png
Threat Actors: ElectronCursed
Victim Country: India
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Amazon Account Credentials
Category: Data Breach
Content: The threat actor claims to be leaked Amazon Account Credentials
Date: 2026-01-13T04:53:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-CLOUD-Amazon-com-Email-Pass-Logs-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/291bb90e-726e-4f07-945b-55e8c135d5d0.png
Threat Actors: Nerius
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: amazon
Victim Site: amazon.com - STIM GROUP Falls Victim to INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 100 GB of Organization’s Data.
Note: STIM previously fell victim to LOCKBIT ransomware on FEB 10 2024.
Date: 2026-01-13T04:52:06Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69620d758f1d14b7436965ea
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36e526a9-fef1-42ba-af6e-525f2e500a68.png
Threat Actors: INC RANSOM
Victim Country: Italy
Victim Industry: Machinery Manufacturing
Victim Organization: stim group
Victim Site: stimgroup.it - Alleged Data Leak of Google Account Credentials
Category: Data Breach
Content: The threat actor claims to be leaked Google Account Credentials
Date: 2026-01-13T04:44:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-CLOUD-Google-com-Email-Pass-Logs-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1b567606-c2d9-4c08-bc87-02cbe125fb1c.png
Threat Actors: Nerius
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: google
Victim Site: google.com - Alleged data leak of French Business Records
Category: Data Breach
Content: Threat actor claims to be sharing a France-based B2B dataset distributed as a JSON/cloud-hosted file, allegedly containing French company contact details, emails, phone numbers, legal and establishment data, and associated person records such as names, roles, addresses, capital, employee counts, and signatories.
Date: 2026-01-13T04:32:39Z
Network: openweb
Published URL: https://leakbase.la/threads/fr-b2b-dataset.48152/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c30844d-6d29-4feb-b194-18bb795cf589.png
Threat Actors: Fuk_trump
Victim Country: France
Victim Industry: Business and Economic Development
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Oman Football Association
Category: Ransomware
Content: The threat actor claims to be leaked 3 GB data from Oman Football Association. The compromised data reportedly includes Full access to player records, staff IDs, coaching contracts, referee documents, legal cases, and all official authorizations within Omani football clubs.
Date: 2026-01-13T04:21:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-WARNING-Oman-Football-Association-OFA-Massive-3GB-Breach-Ransom-Demand–183938
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9524489d-74cb-449f-b54c-310065c4bb20.png
Threat Actors: DragonTeamRaaS
Victim Country: Oman
Victim Industry: Sports
Victim Organization: oman football association
Victim Site: ofa.om - Alleged Data Leak of Binance
Category: Data Breach
Content: Threat actor claims to be sharing a Binance UK database allegedly containing UK user personal data, distributed as a CSV/cloud-hosted file and categorized as a large-scale personal data leak.
Date: 2026-01-13T04:11:49Z
Network: openweb
Published URL: https://leakbase.la/threads/binance-uk-db.48151/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/49de0875-19d0-4b26-9be5-5187665e735f.png
Threat Actors: Fuk_trump
Victim Country: UK
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Compact Industries Fall Victim for INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 100 GB of Organization’s Data.
Date: 2026-01-13T04:11:11Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/695a7a3e8f1d14b743fb8c9b
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cba24c4-9fc7-43c5-8b50-7c946229318d.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Food Production
Victim Organization: compact industries
Victim Site: compactind.com - Rodney’s Sign Company Falls Victim for INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 100 GB of Organization’s Data.
Date: 2026-01-13T04:10:39Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696215908f1d14b743699a5a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce49b7c9-aaa7-4ab1-821c-a9ddaf4b5205.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: rodney’s sign company
Victim Site: rodneysign.com - BABAYO EROR SYSTEM targets the website of Data Logics India Private Limited
Category: Defacement
Content: The group claims to have defaced the website of Data Logics India Private Limited
Date: 2026-01-13T03:24:50Z
Network: telegram
Published URL: https://t.me/c/3487552490/196
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0234350d-0510-44d2-b660-f0765b25c0a8.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: data logics india private limited
Victim Site: shop.datalogics.in - BABAYO EROR SYSTEM targets the website of KNMA Associates
Category: Defacement
Content: The group claims to have defaced the website of KNMA Associates
Date: 2026-01-13T03:23:19Z
Network: telegram
Published URL: https://t.me/c/3487552490/199
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/969830d0-e78f-44b6-95f7-faf31d90f530.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Financial Services
Victim Organization: knma associates
Victim Site: knmaassociates.org - Alleged Data Breach of Delhi Police
Category: Data Breach
Content: The group claims to have breached data of Delhi Police. The compromised data reportedly includes email, files, and phone number.
Date: 2026-01-13T02:46:17Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/119
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21590f38-160d-4c6b-b2e1-7ce60b466ab7.png
https://d34iuop8pidsy8.cloudfront.net/a04f944b-f7e9-4da2-96cd-dcad9cb1ead6.png
https://d34iuop8pidsy8.cloudfront.net/dbb0b1d7-3fa1-49ca-b899-014556c0341f.png
Threat Actors: LulzSec Hackers
Victim Country: India
Victim Industry: Government Administration
Victim Organization: delhi police
Victim Site: delhipolice.gov.in - Alleged sale of Spanish insurance customer database
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a Spanish insurance database containing over 450,000 records.
Date: 2026-01-13T02:42:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273627/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c74b46c-3e75-4f86-b15e-a35e6d2b85d3.png
Threat Actors: darks001
Victim Country: France
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown - Pinoy XploitSec targets the website of Life Set Computer Training Institute
Category: Defacement
Content: The group claims to have defaced the website of Life Set Computer Training Institute
Date: 2026-01-13T02:09:49Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226188
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/336943df-93ce-491d-8430-3fddfa750626.png
Threat Actors: Pinoy XploitSec
Victim Country: India
Victim Industry: Education
Victim Organization: life set computer training institute
Victim Site: lscti.com - Alleged Data Breach of iwin
Category: Data Breach
Content: The threat actor claims to be leaked data from iwin. The compromised data reportedly contain 144,000 user records including emails, usernames, full names, hashed passwords, IPs, login logs, shop orders, training content, customer records, internal admin accounts.
Date: 2026-01-13T01:49:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-IWINV-KR-%E2%80%94-144K-KOREAN-VPS-HOSTING-USERS-LOGIN-FULL-SQL-DUMP-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4c837be-e4a2-411b-82e9-6ef9c76283ab.png
Threat Actors: Solonik
Victim Country: South Korea
Victim Industry: Information Technology (IT) Services
Victim Organization: iwin
Victim Site: iwin.kr - PhantomSec1337 targets the website of Kangen Water Machine Malaysia
Category: Defacement
Content: Group claims to have defaced the website of Kangen Water Machine Malaysia.
Date: 2026-01-13T01:47:32Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226189
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df46cfcc-36b6-4834-9afc-527d23ef7976.png
Threat Actors: PhantomSec1337
Victim Country: Malaysia
Victim Industry: Health & Fitness
Victim Organization: kangen water machine malaysia
Victim Site: kangenwatermachinemalaysia.com - Alleged Data Sale of Vincitu
Category: Data Breach
Content: The threat actor claims to be selling Vincitu user data. The compromised data reportedly contain 18,728 records including First and last names, Full names, Usernames, Codice Fiscale (Italian tax identification number), Email addresses, Mobile phone numbers,
Date: 2026-01-13T01:47:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-vincitu-it-Italy-Casino-18-7K-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75527c4d-5cb0-4f90-9dad-8fda0e103e42.png
Threat Actors: rennn
Victim Country: Italy
Victim Industry: Gambling & Casinos
Victim Organization: vincitu
Victim Site: vincitu.it - Honksec targets the website of San Juan City Business Permit and Licensing Office (BPLO)
Category: Defacement
Content: Group claims to have defaced the website of San Juan City Business Permit and Licensing Office (BPLO)
Date: 2026-01-13T01:40:44Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226192
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ad0cc9c-95e0-4b2a-bc49-0bd80ba7fe8d.png
Threat Actors: HonkSec
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: san juan city business permit and licensing office (bplo)
Victim Site: e-bplo.sanjuancity.gov.ph - Hazardous Cyber Team targets the website of TEP Pvt Ltd.
Category: Defacement
Content: Group claims to have defaced the website of TEP Pvt Ltd.
Date: 2026-01-13T01:29:49Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226187
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a747d403-7bce-4f58-b768-f66e8ca6f705.png
Threat Actors: Hazardous Cyber Team
Victim Country: Pakistan
Victim Industry: Textiles
Victim Organization: tep pvt ltd.
Victim Site: tep.com.pk - Pilot Automotive Falls Victim for Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 2,600GB of the organization’s data. They intend to publish it within 14-15 days.
Date: 2026-01-13T01:19:24Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6963f3326387a4c9a21bd741
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c0ddf3e-3e82-46af-bffb-e8e14f687ccb.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Automotive
Victim Organization: pilot automotive
Victim Site: pilotautomotive.com - Alleged Sale of Admin Access to unidentified online store in Greece
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online clothing store in Greece.
Date: 2026-01-13T01:11:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273515/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d73fa92c-82a6-40db-a2af-c4ece4232619.png
Threat Actors: Fancy.Bear
Victim Country: Greece
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Alleged Leak of Microsoft Email credentials
Category: Data Breach
Content: Threat actor claims that two files containing Microsoft email and password data have been leaked. The actor says new credentials are available for download, exposing email and password combinations linked to Microsoft accounts.
Date: 2026-01-13T01:08:34Z
Network: openweb
Published URL: https://leakbase.la/threads/two-key-files-related-to-microsoft-email-and-password-have-been-leaked.48141/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9ff0d62-54b5-49b8-88fd-82d4ffc1583d.png
Threat Actors: Codeslinger675
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Cape Fear Country Club Falls Victim for INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have obtained the Organization’s Data. They intend to publish it within 2-3 days.
Date: 2026-01-13T01:07:16Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696162068f1d14b743656303
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2bcd37cf-a145-4125-b1f6-55616265c3fb.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Recreational Facilities & Services
Victim Organization: cape fear country club
Victim Site: capefearcountryclub.net - Alleged sale of FTP access to unidentified Manufacturing organization in France
Category: Initial Access
Content: Threat actor claims to be selling unauthorized FTP access to an unidentified manufacturing organization in France.
Date: 2026-01-13T01:06:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273641/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/edcf45cf-f170-4c50-9e24-6e6ce3477207.png
Threat Actors: Anon-WMG
Victim Country: France
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown - Fit-Line Global Falls Victim for INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have obtained the Organization’s Data.
Date: 2026-01-13T00:49:41Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6960ed1d8f1d14b743621cad
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f74fffa-5810-46bd-a87b-346df1208875.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: fit-line global
Victim Site: fit-lineglobal.com - Alleged sale of Military Documents From US Government
Category: Data Breach
Content: The threat actor claims to be selling military Documents from US government
Date: 2026-01-13T00:42:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FRESH-TOP-SECRET-US-GOV-MILITARY-DOCS-SALE–184093
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55fae6a8-03c5-495a-b410-2af72e536610.png
Threat Actors: jrintel
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Ministry of Marine Affairs and Fisheries
Category: Data Breach
Content: The threat actor claims to be leaked data from Ministry of Marine Affairs and Fisheries. The compromised data reportedly includes Ship names, owner addresses, owner names, Phone numbers (TLP/HP), registration numbers (BKP), National ID numbers.
Date: 2026-01-13T00:10:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Indonesian-Ministry-of-Marine-Affairs-and-Fishe-REUPLOAD
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c2467391-a869-4645-a8c8-f5194950911b.png
Threat Actors: Rennn
Victim Country: Indonesia
Victim Industry: Fishery
Victim Organization: ministry of marine affairs and fisheries
Victim Site: kkp.go.id - Alleged sale of unauthorized WEX corporate payment API access
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a WEX corporate payment system, allegedly providing valid SOAP API keys linked to a merchant account.
Date: 2026-01-13T00:07:56Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273576/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a0689c3-9d4e-4e8e-9f59-e6debfa00935.png
Threat Actors: bigbandz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of 155 credit card records in USA
Category: Data Breach
Content: Threat actor claims to be selling 155 credit card records from USA.
Date: 2026-01-13T00:05:57Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273610/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff6ee66d-1d3c-4e81-9024-a60e63376b08.png
Threat Actors: kele51881
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Forti VPN access to unidentified store in France
Category: Initial Access
Content: Threat actor claims to be selling unauthorized Forti VPN access to an unidentified store in France.
Date: 2026-01-13T00:03:39Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273573/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/164df2a1-9a08-4e32-ba14-a06370372da6.png
Threat Actors: Big-Bro
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown