This detailed cyber threat intelligence report analyzes the 133 detected incidents from January 15, 2026. The data indicates a highly active threat landscape characterized by simultaneous critical infrastructure targeting, massive data breaches affecting millions of users, and aggressive ransomware campaigns.
Cyber Threat Intelligence Report: January 15, 2026
1. Executive Summary
On January 15, 2026, a surge of cyber activity was detected across multiple vectors. The most alarming trend is the direct targeting of Operational Technology (OT) and Industrial Control Systems (ICS) in Canada and Europe. simultaneously, major corporations (TotalEnergies, Linktree) and government bodies (Indonesia, Turkey, France) suffered significant data breaches. Ransomware groups, particularly Qilin, conducted a coordinated high-volume campaign against global targets.
2. Critical Infrastructure and OT Targeting
A distinct and dangerous trend observed in this dataset is the unauthorized access to industrial control systems. These incidents move beyond data theft to potential physical disruption.
- Poland: The “Infrastructure Destruction Squad” claimed access to a water treatment station, allegedly viewing real-time water levels and pressure readings111. Another group, NoName057(16), accessed a boiler management system2.+3
- Canada: The “Z-PENTEST ALLIANCE” claimed access to a High-Power RF Amplifier/Antenna Tuning System 333and an industrial inverter/battery management system4.+3
- Czech Republic: Unauthorized access was reported regarding a Carrier industrial HVAC control system used for large-scale cooling555.+2
3. Major Data Breaches (High Impact)
Data brokers and threat actors leaked massive databases affecting both the private and public sectors.
Corporate Giants:
- TotalEnergies (France): A threat actor “HawkSec” is selling a database allegedly containing 183 million records, including IBANs and physical addresses6.
- Mail.ru Group (Russia): A massive dataset from 2023 containing 242 million records was leaked by actor “GGarolD”7.
- Linktree (Australia): 19.6 million user profiles were scraped and offered for sale8.
- Relais Colis (France): 9.5 million logistics and shipping records were exposed9.
Government & Public Sector:
- Indonesia: A severe breach of the National Police (Polri) exposed 500,000 personnel records101010. Additionally, ID cards and student assistance program (KIP) data were leaked1111111111.+4
- Turkey: 2 million COVID-19 vaccination records, including national IDs and dose details, were leaked12.
- China: A database of government employees from 2025 was leaked13.
4. Ransomware Campaigns
Ransomware activity was extremely high, with the Qilin group executing a widespread campaign on this specific date.
- Qilin Campaign: This group targeted a diverse range of industries globally on Jan 15:
- USA: MOEN (Wholesale) 14, Texas State Utilities 15, and law firm Krez & Flores16.+2
- Germany: Aero-Coating GmbH (Aviation)17.
- Singapore: Neo Group Limited (Food & Beverage)18.
- Canada: Bergmanis Preyra LLP (Legal)19.
- South Korea: P.S. Technology (Manufacturing)20.
- Other Notable Ransomware Activity:
- Akira: Targeted US law firms and insurance companies, leaking sensitive legal and client files212121212121212121.+2
- LockBit 5.0: Claimed the Italian organization Depot Napoli22.
- INC RANSOM: Breached TruStar Holdings, obtaining 1.4 TB of data23.
- DragonForce: Targeted Soteck-clauger in Canada24.
5. Regional Analysis
| Region | Key Observations |
| France | heavily targeted. Aside from the massive TotalEnergies breach, threat actors targeted logistics (Relais Colis), unions (Force Ouvrière) 25, and sports federations (Volleyball, Auto Sport)26262626.+2 |
| Indonesia | Suffered a barrage of attacks including government data leaks (Police, KIP) and widespread website defacements by groups like GHOSTNET-X27272727272727272727.+4 |
| USA | Primary target for ransomware (Qilin, Akira, Tengu) and corporate breaches (Habit Burger & Grill, Compass Inc.)28282828.+1 |
| Russia | Significant data leaks involving Mail.ru 29and e-commerce platforms like Medvenica and Peredvizhnik30303030.+2 |
6. Threat Actor Spotlight
- DARK 07x: Issued specific alerts claiming to target the country of France and the organization “Foot’Up”31313131.+1
- Z-PENTEST ALLIANCE & Infrastructure Destruction Squad: Focused on accessing physical control systems (OT/ICS) rather than just data theft323232323232323232.+2
- GHOSTNET-X: Highly active in defacing educational and religious websites in Indonesia33333333333333333333333333333333.+3
- Inverter: Promoting “Gunra RaaS” (Ransomware-as-a-Service), actively recruiting affiliates for a new ransomware operation targeting Windows, Linux, and ESXi systems34.
Conclusion
The intelligence from January 15, 2026, reveals a volatile cyber environment. The most critical risk identified is the convergence of IT and OT attacks, where threat actors are successfully breaching industrial control systems in Canada and Europe. If validated, these breaches represent a physical safety risk.
Simultaneously, the sheer volume of PII (Personally Identifiable Information) exposed via the TotalEnergies, Mail.ru, and Linktree breaches will likely fuel secondary attacks such as phishing and identity theft for months to come. The Qilin ransomware group is operating at peak efficiency, striking targets across three continents in a single day, indicating a highly automated or large-scale operation.
Detected Incidents Draft Data
- DARK 07x claims to target France
Category: Alert
Content: A recent post by the group indicates that they’re targeting France.
Date: 2026-01-15T23:56:00Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/580
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3cfd4501-036f-4a6f-99ba-f4b7ffa352c9.png
https://d34iuop8pidsy8.cloudfront.net/c7a32742-2f1d-414c-ae29-e1059c8cca5b.png
Threat Actors: DARK 07x
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to a High-Power RF Amplifier and Antenna Tuning System in Canada
Category: Initial Access
Content: The group claims to have gained unauthorized access to a High-Power RF Amplifier and Antenna Tuning System in Canada
Date: 2026-01-15T23:27:26Z
Network: telegram
Published URL: https://t.me/zpentestalliance/968
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39a81c0f-0b29-4506-bafd-672c2220a2a9.png
https://d34iuop8pidsy8.cloudfront.net/d4fcac78-c57a-476d-95c8-62500d0f3069.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Canada
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown - DARK 07x claims to target Foot’Up
Category: Alert
Content: A recent post by the group indicates that they’re targeting Foot’Up.
Date: 2026-01-15T23:20:06Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/575
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8ab8082-0ca8-4f3c-8da1-7e4b7c2aeb51.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Sports
Victim Organization: foot’up
Victim Site: Unknown - GHOSTNET-X targets the website of Universitas Widya Kartika
Category: Defacement
Content: The Group claims to have defaced the website of Universitas Widya Kartika in Indonesia.
Date: 2026-01-15T22:45:00Z
Network: telegram
Published URL: https://t.me/c/3560880038/131
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cdd42c46-ad51-48d9-8cad-616da07fbdcf.png
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: universitas widya kartika
Victim Site: pustaka.widyakartika.ac.id - SJL JIMENEZ LUNZ falls victim to MS13-089 Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s internal data.
Date: 2026-01-15T22:36:03Z
Network: tor
Published URL: http://msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/31d5c0cb-a27d-4810-b1e8-98ebe13668ef.png
Threat Actors: MS13-089
Victim Country: Luxembourg
Victim Industry: Law Practice & Law Firms
Victim Organization: sjl jimenez lunz
Victim Site: sjl-legal.com - Alleged data breach of BotFactor
Category: Data Breach
Content: The threat actor claims to have leaked data from BotFactor. The leaked data reportedly includes a user database containing approximately 12,000 records with user IDs, email addresses, phone numbers, and Telegram (TG) handles associated with the BotFactor bot and click-fraud protection service.
Date: 2026-01-15T22:34:47Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BotFaqtor-ru-Users-Leaked-Download-RU
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/114462c8-e737-444b-b365-be017b6b90d4.png
Threat Actors: xjpg
Victim Country: Russia
Victim Industry: Computer & Network Security
Victim Organization: botfactor
Victim Site: botfaqr.ru - Alleged data breach of Kepolisian Negara Republik Indonesia
Category: Data Breach
Content: The threat actor claims to have leaked data from Kepolisian Negara Republik Indonesia. The leaked database reportedly contains around 500,000 records linked to Indonesian police personnel, exposing internal data fields such as identification numbers, ranks, names, job positions, unit assignments, addresses, phone numbers, and status information.
Date: 2026-01-15T22:29:58Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DATA-BASE-POLICE-INDONESIA-500-THOUSAND
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/caebd1dd-84d9-4167-a735-b8e516395c50.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: kepolisian negara republik indonesia
Victim Site: polri.go.id - GHOSTNET-X targets the website of STIE Pembangunan Tanjungpinang Library
Category: Defacement
Content: The group claims to have defaced the website of STIE Pembangunan Tanjungpinang
Date: 2026-01-15T22:29:40Z
Network: telegram
Published URL: https://t.me/c/3560880038/131
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc8d6b3f-b00d-410a-8286-103db5d43542.png
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: stie pembangunan tanjungpinang
Victim Site: pustaka.stie-pembangunan.ac.id - Alleged data leak of BreachForums
Category: Data Breach
Content: The threat actor claiming to have leaked data of BreachForums. its contaning approximately 324,000 user accounts were exposed.
Date: 2026-01-15T22:28:08Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BreachForums
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25eb9d5d-e901-49dd-bf20-0a8f1046ba78.png
Threat Actors: mnull
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - BABAYO EROR SYSTEM claims to target Israel and India
Category: Alert
Content: A recent post by BABAYO EROR SYSTEM, in collaboration with PetrusNism, indicates that they’re targeting Israel and India.
Date: 2026-01-15T22:24:54Z
Network: telegram
Published URL: https://t.me/BabayoErorSystem/151?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/491a602a-b63e-4930-8e58-d1d2149c72e1.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Periyar Maniammai Institute of Science & Technology (PMIST)
Category: Data Breach
Content: The threat actor claims to have leaked data from Periyar Maniammai Institute of Science & Technology (PMIST). The leaked database reportedly contains sensitive personal and academic information of PMIST faculty members, including names, contact details, qualifications, job positions, and departmental affiliations.
Date: 2026-01-15T22:20:08Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-India-PMIST-Database-Leak-pmu-edu
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/09b11fdb-462b-4bf1-a795-55b6415e3944.png
Threat Actors: hhhhhaplus
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: periyar maniammai institute of science & technology (pmist)
Victim Site: pmu.edu - Alleged data sale of SIP Calling Service
Category: Data Breach
Content: The post advertises a SIP-based VoIP calling service offering global coverage, competitive calling rates, caller ID modification, call logs, and flexible authentication methods. The service is marketed toward VoIP users, developers, and businesses, with access and management handled through Telegram channels and bots, and technical details such as SIP server, ports, and account credentials shown as part of the service interface.
Date: 2026-01-15T21:58:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-BigNigga-SIP-Calling-Service-%E2%80%93-High-Quality-Global-Reach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f811012-2735-4660-b104-fed1ffaea68d.png
Threat Actors: bigniggap1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Relais Colis
Category: Data Breach
Content: The actor claims to leaking a large database allegedly associated with Relais Colis, stating that it contains over 9.5 million records. The exposed data reportedly includes personal and contact information such as names, first names, company names, physical addresses, phone numbers, and email addresses of users.
Date: 2026-01-15T21:52:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-10M-RELAISCOLIS-COM-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5e2593b-5e79-48d4-b323-c30751a3194c.png
Threat Actors: NPRS
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: relais colis
Victim Site: relaiscolis.com - Alleged data leak of Japan Companies
Category: Data Breach
Content: The actor claims to have leaked a database containing approximately 22,000 records related to Japanese users. The leaked data allegedly includes personal and demographic information such as user names, member or mobile IDs, registration and visit dates, loyalty points or stamp counts, gender, age range, city or area, occupation, and preferred or associated stores.
Date: 2026-01-15T21:21:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-JAPAN-COMPANIES-DUMP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23642807-56c3-4039-b73c-c60297389014.png
https://d34iuop8pidsy8.cloudfront.net/8e366b99-ce50-471d-9749-08e692dffc48.png
Threat Actors: breach3d
Victim Country: Japan
Victim Industry: Consumer Services
Victim Organization: Unknown
Victim Site: Unknown - GHOSTNET-X targets the website of SMAN 2 Metro
Category: Defacement
Content: The group claims to have defaced the website of SMAN 2 Metro
Date: 2026-01-15T21:17:14Z
Network: telegram
Published URL: https://t.me/c/3560880038/131
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d778c2b9-a004-4167-aea3-612881a6f4fb.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sman 2 metro
Victim Site: laboratorium.sman2metro.sch.id - Alleged data breach of Pixpay Senegal
Category: Data Breach
Content: The actor claims to have leaked a database allegedly associated with Pixpay Senegal. The leaked data contains sensitive payment-related technical data, including API keys, JWT tokens, access tokens, and database access credentials.
Date: 2026-01-15T21:14:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-PIXPAY-SENEGAL
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d0287af0-8f89-4570-bc27-bb1ce9acb15f.png
Threat Actors: breach3d
Victim Country: Senegal
Victim Industry: Financial Services
Victim Organization: pixpay senegal
Victim Site: pixpay.sn - Alleged sale of access to Compass Inc.
Category: Initial Access
Content: The group claims to be selling unauthorized access to the systems of Compass Inc., a major U.S. real estate technology company. The actor claims the access includes admin panel controls, user accounts, Okta, Stripe, Zendesk, Salesforce, GitHub, and internal network assets, along with billions of data points.
Date: 2026-01-15T21:13:12Z
Network: telegram
Published URL: https://t.me/c/3666474519/6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5fcda00a-91cf-4623-90e8-17cec955aa0a.png
Threat Actors: ShinyMontana Exploit
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: compass inc.
Victim Site: compass.com - Alleged data leak of Oketz Systems
Category: Data Breach
Content: The actor claims to have leaked personal data belonging to an employee of Oketz Systems, alleging exposure of sensitive identification and civil record information related to the Israel-based defense technology company.
Date: 2026-01-15T21:09:28Z
Network: openweb
Published URL: https://darkforums.io/Thread-Doxing-data-of-one-of-the-employees-of-Oketz-Systems-%D7%A2%D7%95%D7%A7%D7%A5-%D7%9E%D7%A2%D7%A8%D7%9B%D7%95%D7%AA-company-in-Israel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6451d22-368a-4ed0-8b86-5396501ac5a2.png
Threat Actors: UNDERSOLFIDBYTE
Victim Country: Israel
Victim Industry: Defense & Space
Victim Organization: Unknown
Victim Site: Unknown - GHOSTNET-X targets the website ofLibrary of the Faculty of Islamic Education and Teacher Training
Category: Defacement
Content: The group claims to have defaced the website of Library of the Faculty of Islamic Education and Teacher Training
Date: 2026-01-15T21:06:42Z
Network: telegram
Published URL: https://t.me/c/3560880038/131
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd73180a-e689-4e0b-931c-e88764ecbb25.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Religious Institutions
Victim Organization: library of the faculty of islamic education and teacher training
Victim Site: perpusfit.uinsaid.ac.id - GHOSTNET-X targets the website of Islamic Education and Teacher Training
Category: Defacement
Content: The group claims to have defaced the website of Islamic Education and Teacher Training
Date: 2026-01-15T21:04:53Z
Network: telegram
Published URL: https://t.me/c/3560880038/131
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd73180a-e689-4e0b-931c-e88764ecbb25.jpg
Threat Actors: GHOSTNET-X
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: islamic education and teacher training
Victim Site: perpusfit.uinsaid.ac.id - Alleged Data Leak of DedicatedMC NJ-2690-1 Server Data
Category: Data Breach
Content: Threat Actor claims to have leaked data from a DedicatedMC server node identified as NJ-2690-1. The exposed dataset is reported to be approximately 83 GB in size and allegedly includes IP addresses, usernames, world data, and other server-related information.
Date: 2026-01-15T20:54:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DedicatedMC-NJ-2690-1-data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f07bb131-0cb0-4808-9cc2-7ff9d71cb3fb.png
Threat Actors: bernd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of 2 Million COVID-19 Vaccination Records in Turkey
Category: Data Breach
Content: Threat Actor claims to have leaked a database containing approximately 2 million COVID-19 vaccination records allegedly originating from Ministry of Health systems in Turkey. The exposed data is reported to include full names, national ID numbers, dates of birth, vaccine types, dose information, vaccination dates, and hospital details.
Date: 2026-01-15T20:53:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Turkey-2M-COVID-19-Vaccination-Records
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4764014b-5e9d-42e5-b8eb-1799e8d53c3b.png
Threat Actors: Highlo
Victim Country: Turkey
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - P.S. Technology falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T20:44:50Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d27924ef-b66c-3b1d-96e6-0db80427551e
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6d56167-a65a-4dcf-9e7f-40da839139b2.png
https://d34iuop8pidsy8.cloudfront.net/a1539e74-16cf-4376-ac34-adc089266009.png
Threat Actors: Qilin
Victim Country: South Korea
Victim Industry: Manufacturing & Industrial Products
Victim Organization: p.s. technology
Victim Site: pstechltd.com - Alleged data sale of 58K TAIWAN Good Combolist
Category: Combo List
Content: The actor claims to be distributing a Taiwan-focused credential compilation, advertising a combo list containing approximately 58,000 account records and promoting access.
Date: 2026-01-15T20:42:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-58K-TAIWAN-Good-Combolist
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb902e97-5188-4d3b-bad8-9c530e1adac8.png
Threat Actors: el_capitan
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Access to Greek and Italian Police Email Systems
Category: Initial Access
Content: The actor claims to have obtained unauthorized access to Greek and Italian law enforcement email systems, reportedly gaining visibility into internal police mailboxes, official communications, and account-level email activity associated with government domains.
Date: 2026-01-15T20:40:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-LE-Access-to-Greek-and-Italian-police-mails
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c7eab81-2d19-429b-b2e5-c3918dae9880.png
Threat Actors: worldweknew7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of CoinTelegraph
Category: Data Breach
Content: Threat Actor actor claims to have leaked the database of CoinTelegraph.
Date: 2026-01-15T20:30:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273883/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6f18e95-b2a3-4381-85ba-b87c6a183465.png
Threat Actors: iwillneverlose
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Soteck-clauger falls victim to DragonForce Ransomware
Category: Ransomware
Content: The group claims to have obtained 1.52 TB of the organization’s data and intends to publish within 0 to 1 days.
Date: 2026-01-15T20:28:14Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0d2b2dbd-7fbe-4728-aed4-3a595a561c4a.png
Threat Actors: DragonForce
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: soteck-clauger
Victim Site: soteck.com - Alleged Data Leak of Moonpay Email List
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Moonpay Email List.
Date: 2026-01-15T20:23:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273882/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6f87609-c853-4d9d-8ae2-691115a339bb.png
Threat Actors: iwillneverlose
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Agora Financial
Category: Data Breach
Content: Threat Actor claims to have breached the database of Agora Financial in USA.
Date: 2026-01-15T20:21:36Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273885/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6ea258d-45e4-444b-b0e0-9ae015e1f5a5.png
Threat Actors: iwillneverlose
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: agora financial
Victim Site: agorafinancial.com - Alleged data breach of Force Ouvrière (FO)
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly associated with the French trade union Force Ouvrière (FO). the exposed data contains personal and account-related information of individuals linked to the organization.
Date: 2026-01-15T20:21:16Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-Force-Ouvriere-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7831ef22-bbbb-4da8-b87a-ef74de65addf.png
Threat Actors: breach3d
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: force ouvrière (fo)
Victim Site: force-ouvriere.fr - Alleged Data Leak of Italian Public Administration Email Contacts
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Italian public administration entities, containing over 30,000 email contacts. The exposed data allegedly includes email addresses, physical addresses, and links to Facebook and LinkedIn profiles.
Date: 2026-01-15T20:12:46Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273884/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/857f283a-c7f3-4272-9994-996fd0fcbaba.png
Threat Actors: Hanto
Victim Country: Italy
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Coingecko CRM Database
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Coingecko CRM.
Date: 2026-01-15T20:10:27Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273878/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93c5f85c-624b-4bdb-8d09-f8d9358f6716.png
Threat Actors: iwillneverlose
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Celsius Mailchimp Database
Category: Data Breach
Content: Threat Actor claims to have leaked the Celsius Mailchimp Database.
Date: 2026-01-15T19:57:02Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273880/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db685bf2-3d4f-489d-bcc3-1211f81b8f3f.png
Threat Actors: iwillneverlose
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Singapore citizens
Category: Data Breach
Content: The threat actor claims to have leaked a database containing information on approximately 10,000 individuals from Singapore. The dataset is reportedly shared in CSV format and contains personally identifiable information (PII).
Date: 2026-01-15T19:38:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Singapore-Citizen-10K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f174fb9c-3139-40a0-9eb9-3a3d94dc283d.png
Threat Actors: HACKCN
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - INDRAMAYU CHAOS SYSTEM targets the website of Government Graduate College for Women, Bhakkar
Category: Defacement
Content: The group claims to have defaced the website of Government Graduate College for Women, Bhakkar
Date: 2026-01-15T19:23:51Z
Network: telegram
Published URL: https://t.me/c/3427600175/287
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bb0ed5df-a6cd-4202-af3b-000a68ee2830.jpg
Threat Actors: INDRAMAYU CHAOS SYSTEM
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: government graduate college for women, bhakkar
Victim Site: gacwbhk.edu.pk/wp-content/uploads/2026/01/root.htm - Alleged data breach of Frontier Courier
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly belonging to Frontier Courier, a Canadian logistics company providing local, national, and cross-border parcel and freight delivery services.The leaked dataset reportedly contains personal and contact-related information, including full names, phone numbers, email addresses, physical addresses, postal codes, cities, counties, landmarks, address types (residential or business), internal user IDs, and customer or account identifiers.
Date: 2026-01-15T19:23:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Frontier-Courier-Leaked-236k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f9db892-fdd9-47e2-9e01-541f28b8bb9f.png
Threat Actors: lemonhazed
Victim Country: Canada
Victim Industry: Package & Freight Delivery
Victim Organization: frontier courier
Victim Site: frontiercourier.ca - Alleged data breach of Bazarchic
Category: Data Breach
Content: A threat actor claims to be selling a user database allegedly belonging to fr.bazarchic.com. The leaked dataset reportedly contains a wide range of user and account-related information, including user IDs, VIP status indicators, email addresses, first and last names, phone numbers, age, account status, registration timestamps, order activity metrics, last order timestamps, opt-in preferences, order counts, birthdates, hashed email values, civility or title, gender, voucher informations.
Date: 2026-01-15T19:17:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-fr-bazarchic-com-2-79M-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f67ed10-0a0c-4e81-ac89-3750d520fb15.png
Threat Actors: rennn
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: bazarchic
Victim Site: fr.bazarchic.com - Alleged data breach of Algerian Professional Football League (LFP)
Category: Data Breach
Content: A threat actor claims to have compromised the official website of the Algerian Professional Football League (LFP). the compromised data appears to include football license records, player and staff names, dates of birth, places of birth, nationality-related details, contract durations, age, player photos, and internal registration or license identifiers.
Date: 2026-01-15T19:16:21Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-official-website-of-the-Algerian-Professional-Football-League-LFP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da30d884-ffe2-4182-bee4-14cfd8955348.png
https://d34iuop8pidsy8.cloudfront.net/c7ef2a1b-20e9-461a-a2b4-bc85bfe8a397.png
Threat Actors: darrk07x
Victim Country: Algeria
Victim Industry: Sports
Victim Organization: algerian professional football league (lfp)
Victim Site: lfp.dz - Bergmanis Preyra LLP falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T19:14:41Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=784ba1c7-b880-3042-8c04-5373bb399723
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66d924e3-1a77-4cce-8521-dc18c639db9f.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Legal Services
Victim Organization: bergmanis preyra llp
Victim Site: bplawyers.ca - Alleged Unauthorized Access to Carrier Industrial HVAC Control System in Czech Republic
Category: Initial Access
Content: Threat Actor claims to have obtained unauthorized access to a Carrier industrial control system (61AF 105) in the Czech Republic. The system is used to monitor and control large-scale central cooling and air-conditioning operations in industrial and commercial facilities. The actor states the system was in a shutdown state at the time of access and that interface footage was recorded.
Date: 2026-01-15T19:10:44Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3337
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8306d59-4b1f-422e-b4ed-a5fed3810790.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Neo Group Limited falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T19:05:30Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=82267cc3-a51d-3041-9a95-53ade873b660
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b397ea8-e9ae-4e9e-a1f2-5d7bb87bb3ea.png
Threat Actors: Qilin
Victim Country: Singapore
Victim Industry: Food & Beverages
Victim Organization: neo group limited
Victim Site: neogroup.com.sg - Aero-Coating GmbH falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T19:03:31Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=76d39630-8a9b-3e2a-b18d-46aa47f9a9ed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b2c73cc-2a72-455f-a733-89877b75a111.png
Threat Actors: Qilin
Victim Country: Germany
Victim Industry: Aviation & Aerospace
Victim Organization: aero-coating gmbh
Victim Site: aero-coating.de - MOEN falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T19:03:06Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=2795747b-e19f-3de7-a4d8-41fe1d9bd8b9
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/95571f9c-9a42-46e5-acde-208d0e0ec5f0.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Wholesale
Victim Organization: moen
Victim Site: moen.com - Alleged Data Leak of Ambulatory Surgery Center in Chile
Category: Data Breach
Content: A threat actor claims to have leaked the customer database of an ambulatory surgery center in Chile. The exposed dataset is reported to contain over 64,000 user records. According to the actor, the data includes personal information such as full names, email addresses, phone numbers, work contact details, and account creation and update timestamps. The database is further alleged to contain approximately 52,000 unique phone numbers and 22,000 unique email addresses.
Date: 2026-01-15T19:02:51Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273849/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6972b37-a6b9-45da-ad5d-4677a5a7d8e6.png
Threat Actors: GeeksforGeeks
Victim Country: Chile
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown - DEFACER INDONESIAN TEAM targets the website of Qingdao Longda Jinxin Supply Chain Management Co., Ltd
Category: Defacement
Content: The group claims to have defaced the website of Qingdao Longda Jinxin Supply Chain Management Co., Ltd
Date: 2026-01-15T18:46:59Z
Network: telegram
Published URL: https://t.me/c/2433981896/706
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/905f436e-00da-40e2-ba12-b0226ae65f3b.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: China
Victim Industry: Transportation & Logistics
Victim Organization: qingdao longda jinxin supply chain management co., ltd
Victim Site: seagolden.net - Alleged Data Leak of Training Plans Golfer
Category: Data Breach
Content: Threat Actor claims to have leaked the customer database of Training Plans Golfer. The exposed dataset is reported to contain approximately 1.2 million records, including customer names, email addresses, phone numbers, city, state, country, campaign and subscription details, purchase amounts, timestamps, and partial payment card information. The database is further alleged to contain hundreds of thousands of unique email addresses and phone numbers.
Date: 2026-01-15T18:44:50Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273844/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e3b6bdb-9782-490d-a2ff-02f756df50f9.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Krez & Flores, LLP falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T18:36:36Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=a904de71-d00b-3ad9-9e33-156a15c811f9
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d88863d4-d4ad-4562-9b93-9c84ba35fba5.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: krez & flores, llp
Victim Site: krezflores.com - Texas State Utilities, Inc. falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-15T18:35:33Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4ed8f372-3c9c-361a-a038-318fcc95da7f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f2bfca5-9b02-4d7e-ac6a-58912b82a294.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Energy & Utilities
Victim Organization: texas state utilities, inc.
Victim Site: tsu1.com - UNDERSOLFIDBYTE targets the website of Chansen Engsuwan Anusorn School
Category: Defacement
Content: The group claims to have defaced the website of Chansen Engsuwan Anusorn School
Date: 2026-01-15T18:32:40Z
Network: telegram
Published URL: https://t.me/undersolfidbyte/81
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/51428197-30be-4335-9a60-834d283a6d50.jpg
Threat Actors: UNDERSOLFIDBYTE
Victim Country: Thailand
Victim Industry: Education
Victim Organization: chansen engsuwan anusorn school
Victim Site: cse.ac.th - Alleged data breach of General Authority for Military Industries (GAMI)
Category: Data Breach
Content: A threat actor claims to be selling database allegedly associated with the official website of the General Authority for Military Industries (gami.gov.sa).
Date: 2026-01-15T18:31:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-gami-gov-sa-The-General-Authority-For-Military-Industries
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3982ccf7-ae63-40d9-a6f1-b5aef188c825.png
Threat Actors: zer0sintt
Victim Country: Saudi Arabia
Victim Industry: Defense & Space
Victim Organization: general authority for military industries (gami)
Victim Site: gami.gov.sa - Alleged data breach of UIN Maulana Malik Ibrahim Malang
Category: Data Breach
Content: A threat actor claims to be selling email account credentials of students from UIN Maulana Malik Ibrahim Malang. The data is reportedly distributed in CSV format and contains 10,000+ records.The leaked dataset reportedly contains students’ email addresses, full names, phone numbers (including WhatsApp), university affiliations, selected courses, city and country details, residential addresses, and account or status information.
Date: 2026-01-15T18:27:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Email-password-for-students-of-Brawijaya-University-UIN-Malang
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92d11213-cd73-44bf-80cf-83aeead47f51.png
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: uin maulana malik ibrahim malang
Victim Site: uin-malang.ac.id - Alleged data breach of Beliani
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly belonging to Beliani.fr. The database reportedly contains 536,724 records.The leaked database reportedly contains customer-related information, including Customer title,Full name,Email address,Shipping address,Shipping city,Phone number.
Date: 2026-01-15T18:25:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOLD-OUT-Beliani-fr-Leaked-536k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d6b83f67-6de0-4114-944e-343efb604c08.png
Threat Actors: lemonhazed
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: beliani
Victim Site: beliani.fr - Alleged data breach of Sword Fantasy
Category: Data Breach
Content: A threat actor has reposted a large dataset allegedly associated with swordfantasy.com. The database reportedly contains approximately 2,098,554 records. The leaked data appears to contain user account–related information such as email addresses, usernames or character names, IP addresses, internal identifiers, and other account or system-related fields.
Date: 2026-01-15T18:22:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-REPOST-swordfantasy-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/06a47635-5541-42f7-92ed-fecc21fab932.png
Threat Actors: oef50655
Victim Country: China
Victim Industry: Gaming
Victim Organization: sword fantasy
Victim Site: swordfantasy.com - Alleged leak of Kartu Indonesia Pintar (KIP) records
Category: Data Breach
Content: The group claims to have leaked multiple records from the Kartu Indonesia Pintar (KIP) student assistance program, allegedly exposing KIP numbers, student names, National Student Identification Numbers (NISN), National Identification Numbers (NIK), and year of issuance.
Date: 2026-01-15T18:18:34Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/343
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/423693a3-a812-45ab-a443-abe5dae6fa0a.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Universitas Brawijaya
Category: Data Breach
Content: A threat actor claims to be selling email account credentials of students from Universitas Brawijaya. The data is reportedly distributed in CSV format and contains 10,000+ records.The leaked dataset reportedly contains students’ email addresses, full names, phone numbers (including WhatsApp), university affiliations, selected courses, city and country details, residential addresses, and account or status information.
Date: 2026-01-15T17:57:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Email-password-for-students-of-Brawijaya-University-UIN-Malang
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb0b80ee-0593-4e10-a7df-99a31bf6bfaf.png
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: universitas brawijaya
Victim Site: ub.ac.id - Alleged leak of an online gambling platform database
Category: Data Breach
Content: The group claims to have leaked a database allegedly belonging to an unidentified online gambling platform, containing usernames, user IDs, names, balances, phone numbers, and associated bank information.
Date: 2026-01-15T17:56:38Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/116
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/67002f90-1d1a-4f1b-a1ec-a17d7d955115.png
Threat Actors: CinCauGhast
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Quincy Eats
Category: Data Breach
Content: The group claims to have breached the database of Quincy Eats which include customer identifiers, card details, transaction information, payment status, pricing, and full billing contact and address data
Date: 2026-01-15T17:55:17Z
Network: telegram
Published URL: https://t.me/c/3421269527/78
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e0de505-08c7-4877-a989-5f673bb2c902.jpg
Threat Actors: CyberOprationCulture
Victim Country: USA
Victim Industry: Restaurants
Victim Organization: quincy eats
Victim Site: quincyeats.com - Alleged data breach of TotalEnergies
Category: Data Breach
Content: A threat actor claims to be selling a database associated with TotalEnergies. the exposed dataset reportedly contains over 183 million records and includes sensitive customer and account-related information such as email addresses, customer reference numbers, account holder names, IBAN details, physical addresses, household status information, and telephone numbers.
Date: 2026-01-15T17:44:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-TotalEnergies-Database-HawkSec
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/252e17dc-6ca3-4846-8dd4-ec3d3f0e3aa0.png
Threat Actors: HawkSec
Victim Country: France
Victim Industry: Oil & Gas
Victim Organization: totalenergies
Victim Site: totalenergies.com - Alleged data leak of Multiple Turkish Databases
Category: Data Breach
Content: The threat actor claims to leaked multiple Turkish databases, reportedly resulting in the exposure of citizen records containing sensitive information such as national identity numbers, full names, residential addresses, telephone numbers, and other personal and demographic data.
Date: 2026-01-15T17:38:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Regarding-the-Turkish-database-leaks
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/19347243-dfec-4aab-b049-679210e2c36b.png
Threat Actors: anonymous249942
Victim Country: Turkey
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Fédération Française de Volley-Ball
Category: Data Breach
Content: The threat actor claims to have breached the database of the Fédération Française de Volley-Ball (FFVB), allegedly exposing member records containing personal details such as unique IDs, first and last names, dates of birth, email addresses, phone numbers, physical addresses, and sport affiliation data.
Date: 2026-01-15T17:37:36Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FFVB-F%C3%A9d%C3%A9ration-Fran%C3%A7aise-de-VolleyBall
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0fc15e59-28d6-44e1-aed1-6089e820a328.png
Threat Actors: stktlg
Victim Country: France
Victim Industry: Sports
Victim Organization: fédération française de volley-ball
Victim Site: ffvb.org - Alleged access to an unidentified router
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified router.
Date: 2026-01-15T17:37:18Z
Network: telegram
Published URL: https://t.me/privetOTof223/473
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6318206-f9a2-4303-859f-d3f47473072a.jpg
Threat Actors: OverFlame
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Fédération Française du Sport Automobile
Category: Data Breach
Content: A threat actor claims to have compromised systems associated with FFSA.org. allegedly exploiting server-side misconfigurations that enabled elevated privileges, administrative control, and temporary system compromise, including defacement and access to internal data.
Date: 2026-01-15T17:31:44Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FFSA-ORG-356-410-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d145c45-afb3-4b12-aefe-da6bee2b4bcc.png
https://d34iuop8pidsy8.cloudfront.net/1a7c09dc-af4e-4f75-86a0-c0015b92aedd.png
Threat Actors: Egorgeur2Pedo
Victim Country: France
Victim Industry: Sports
Victim Organization: fédération française du sport automobile
Victim Site: ffsa.org - Alleged data sale of SWEDEN COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling SWEDEN COMBOLIST .
Date: 2026-01-15T16:35:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SWEDEN-COMBOLIST-SHROUDZERO-txt
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47885f6c-b9e9-43ec-a85f-9eb7f9b41d6a.png
Threat Actors: ShroudX
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of ITALY COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling ITALY COMBOLIST.
Date: 2026-01-15T16:14:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-ITALY-COMBOLIST-SHROUDZERO-txt–184432
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/89f00e24-90f2-4cfa-9941-82ab8a11012d.png
Threat Actors: ShroudX
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of JAPAN COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling JAPAN COMBOLIST .
Date: 2026-01-15T16:13:04Z
Network: openweb
Published URL: https://breachforums.bf/Thread-JAPAN-COMBOLIST-SHROUDZERO-txt–184433
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/301c4bd9-a50f-4b05-a6f1-fdd592d483dc.png
Threat Actors: ShroudX
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of HOTMAIL COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling hotmail combolist.
Date: 2026-01-15T16:06:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-HOTMAIL-COMBOLIST-SHROUDZERO-txt–184431
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7c95c72-c992-40fc-a980-fa08b42e0e37.png
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of CANADA COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling combolists from canada.
Date: 2026-01-15T16:04:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-CANADA-COMBOLIST-SHROUDZERO-txt–184429
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0786cd96-de00-43de-af60-00cd559763a7.png
Threat Actors: ShroudX
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of GERMANY COMBOLIST
Category: Combo List
Content: The threat actor claims to be selling combolists from germany.
Date: 2026-01-15T15:56:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-GERMANY-COMBOLIST-SHROUDZERO-txt–184430
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e8b5fab-d0e8-4191-b01d-ba2de0a61237.png
Threat Actors: ShroudX
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Gorlick, Kravitz & Listhaus, P.C. falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 22 GB of the organization’s data. The data includes employee personal information, client data, numerous project files, accounting and financial records, and other internal operational documents.
Date: 2026-01-15T15:29:27Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d4a5c69-b10f-4c82-b2b9-80b81ead3942.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: gorlick, kravitz & listhaus, p.c.
Victim Site: gkllaw.com - Alleged unauthorized access to an unidentified water treatment station control system in Poland
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified water treatment station control system in Poland, reportedly used to monitor and manage critical water infrastructure parameters. According to the claim, the system displays real-time measurements of water level (reported at 814 cm with an alarm threshold of 550 cm), tank volume (325 cubic meters), and pressure levels (reported at 4.14 atm with an alarm threshold of 2.90 atm), along with interfaces for viewing instant pressure readings, historical graphs, and continuous data collection
Date: 2026-01-15T15:25:46Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3339
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04f03bdd-9ca6-4383-b2b4-f82919302da5.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of NuevoLoquo
Category: Data Breach
Content: The threat actor claims to have breached the data of NuevoLoquo, allegedly including id, bill_customer_id, username, alias, password and more.
Date: 2026-01-15T14:31:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-In-honor-of-the-return-of-the-forum-DB-Escorts-ES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec6cabfb-f1e7-4504-ba93-c0c43872d45a.JPG
https://d34iuop8pidsy8.cloudfront.net/400092f4-1def-4941-aa80-9e864bb00230.JPG
https://d34iuop8pidsy8.cloudfront.net/4f3f6b16-1a57-4839-b018-5588071a1e96.JPG
Threat Actors: Sorb
Victim Country: Spain
Victim Industry: Other Industry
Victim Organization: nuevoloquo
Victim Site: nuevoloquo.ch - Gunra RaaS
Category: Malware
Content: The threat actor claims to be promoting an affiliate program for the Gunra ransomware operation, offering access to a ransomware locker and operational support. The post advertises multi-platform targeting, including Windows, Linux, ESXi, and NAS systems, along with encryption using ChaCha20 and RSA-4096. A revenue-sharing model is described, requiring affiliates to pay a percentage of profits, with negotiation tools and live victim communication provided through a dedicated panel. The actor also claims to offer 24/7 support and states that operations exclude CIS countries.
Date: 2026-01-15T14:28:41Z
Network: openweb
Published URL: https://ramp4u.io/threads/gunra-ransomware-affiliate-program-2026.3797/#post-19701
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0eda6bf5-c9c3-460b-af14-4b896ddbf45d.png
Threat Actors: inverter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - chinafans targets the website of The Greater Knysna Business Chamber
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-15T14:24:32Z
Network: openweb
Published URL: https://defacer.id/mirror/id/228424
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b07c5db-34b8-4fc5-af6d-123622b70cf9.png
Threat Actors: chinafans
Victim Country: South Africa
Victim Industry: Non-profit & Social Organizations
Victim Organization: the greater knysna business chamber
Victim Site: gkbc.co.za - Paylogix Paylogixfalls victim to akira ransomware
Category: Ransomware
Content: The group claims to have obtained 185 GB of the organization’s data. The compromised data reportedly includes employee personal information, including complete records for approximately 130 employees with details such as Social Security numbers, passport information, and driver’s license data, as well as client information, detailed financial records, internal confidential files, and non-disclosure agreements.
Date: 2026-01-15T14:19:37Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43d5f9e1-4efa-4045-9427-cbbc9e8b278e.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Insurance
Victim Organization: paylogix
Victim Site: paylogix.com - chinafans targets the website of Reza Al Karim
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-15T14:18:20Z
Network: openweb
Published URL: https://defacer.id/mirror/id/228364
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4026c595-f16e-47b4-8b5d-37642e41f19f.png
Threat Actors: chinafans
Victim Country: UAE
Victim Industry: Professional Services
Victim Organization: reza al karim
Victim Site: rezamaintenance.ae - Alleged data breach of Zenith Bank Plc
Category: Data Breach
Content: The threat actor claims to have leaked 1,000,000 records from Zenith Bank Plc. The compromised data reportedly includes account numbers, full names, addresses, state names, holding details, email addresses, and mobile numbers.
Date: 2026-01-15T14:17:06Z
Network: telegram
Published URL: https://t.me/c/3592149958/552
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7be2256d-3fcf-4350-b779-ad17d71225a8.png
Threat Actors: Solonik
Victim Country: Nigeria
Victim Industry: Financial Services
Victim Organization: zenith bank plc
Victim Site: zenithbank.com - Alleged data breach of Linktree Pty Ltd
Category: Data Breach
Content: The threat actor claims to have leaked 19.6 million records from Linktree Pty Ltd. The compromised data reportedly includes email addresses, profile information, and additional data.
Date: 2026-01-15T14:11:16Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-19-6M-Profiles-Linktr-ee-scrape
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/96cd5de1-1f97-40e5-a767-2658691d75a8.png
https://d34iuop8pidsy8.cloudfront.net/cc79b990-69f6-45a9-ad37-48e85736ec6d.png
Threat Actors: tree_lover
Victim Country: Australia
Victim Industry: Information Technology (IT) Services
Victim Organization: linktree pty ltd
Victim Site: linktr.ee - McAloon & Friedman, P.C. falls victim to Akira ransomware
Category: Ransomware
Content: The group claims to have obtained 627 GB of corporate documents including legal files such as hearings, investigation reports, police reports, client files like SSNs, passports, DLs, death\birth certificates, and employee files, financials.
Date: 2026-01-15T14:02:22Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc4fe7ba-3c0f-4d3c-b9b7-c2e69f50610d.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: mcaloon & friedman, p.c.
Victim Site: mcf-esq.com - Alleged data breach of Ministry of Culture
Category: Data Breach
Content: The group claims to have breached 590,000 records of data from the organisation, allegedly including CNO Codes, ID Numbers, Usernames, Organisation Codes, Job Numbers, Job Titles, CRT Logins, CRT Data & Timestamps.
Date: 2026-01-15T13:54:44Z
Network: telegram
Published URL: https://t.me/c/3592149958/556
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5deb573-805d-41c4-bd98-8b7dc304c08d.JPG
Threat Actors: Solonik
Victim Country: Taiwan
Victim Industry: Government Administration
Victim Organization: ministry of culture
Victim Site: moc.gov.tw - Alleged Unauthorized Access to an Industrial Inverter and Battery Management System in Canada
Category: Initial Access
Content: The group claims to have accessed an industrial inverter and battery charge management system in Canada, reportedly gaining visibility into power control parameters, cooling systems, and operational logs.
Date: 2026-01-15T13:53:50Z
Network: telegram
Published URL: https://t.me/zpentestalliance/967
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a20ff235-b2eb-4d16-8201-0be9103e0ef1.png
https://d34iuop8pidsy8.cloudfront.net/2f757976-d568-4e83-8f55-5a199bc53b60.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of JSPStudy
Category: Data Breach
Content: The group claims to have leaked data belonging to JSPStudy.
Date: 2026-01-15T13:52:39Z
Network: telegram
Published URL: https://t.me/c/3667951656/1645
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f029527-e296-4d93-b71f-45defe968524.jpg
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: South Korea
Victim Industry: Education
Victim Organization: jspstudy
Victim Site: jspstudy.co.kr - Database leak of Samsung Neo Information Co., Ltd.
Category: Data Breach
Content: The threat actor claims to have shared a database belonging to Samsung Neo Information Co., Ltd. The exposed database reportedly contains MemberID, MemberPW, MemberGubun, name, email address, zip code, physical address, phone number, mobile number, auto-mail preferences, member level, CEO name, company number, company type, company category, affiliation, approval status, and reserve information.
Date: 2026-01-15T13:46:32Z
Network: telegram
Published URL: https://t.me/c/3667951656/1640
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd6d697d-7143-4c99-8504-f2f8874b6634.png
Threat Actors: BFRepoV4Files
Victim Country: South Korea
Victim Industry: E-commerce & Online Stores
Victim Organization: samsung neo information co., ltd.
Victim Site: neob2b.co.kr - Alleged leak of PII data from Belgium
Category: Data Breach
Content: Group claims to have leaked PII data from Belgium. The compromised data reportedly 1,000,000 records including name, address, email, phone number, etc.
Date: 2026-01-15T13:39:57Z
Network: telegram
Published URL: https://t.me/c/3592149958/553
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bef426ec-e961-40ff-9b9b-a52968ea5b0c.png
Threat Actors: Solonik
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of web shell access to Siginews.com
Category: Initial Access
Content: The group claims to be selling web shell access to Siginews.com
Date: 2026-01-15T13:29:06Z
Network: telegram
Published URL: https://t.me/c/3027611821/279
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a34fc15-db07-40a7-a83f-07944e1c33d4.png
Threat Actors: Z-BL4CX-H4T
Victim Country: Indonesia
Victim Industry: Newspapers & Journalism
Victim Organization: siginews.com
Victim Site: siginews.com - DEPOT NAPOLI falls victim to LOCKBIT 5.0 ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data and intend to publish within 14-15 days.
Date: 2026-01-15T13:28:35Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/f73e2cce2ece3edc9ff58985850e95a0
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7eb0c7b-9059-4cc0-a2cf-fe559b7bb665.png
Threat Actors: LOCKBIT 5.0
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: depot napoli
Victim Site: depotnapoli.com - PRIMZX targets the website of CRAFT
Category: Defacement
Content: The group claims to have defaced the website of CRAFT
Date: 2026-01-15T13:14:42Z
Network: telegram
Published URL: https://t.me/PRIMZX/23
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/adef6933-4a68-4382-bcf2-cbb9388a3cbb.JPG
Threat Actors: PRIMZX
Victim Country: Bangladesh
Victim Industry: Non-profit & Social Organizations
Victim Organization: craft
Victim Site: craftbd.org - Alleged sale of Harel Yedidim database
Category: Data Breach
Content: The group claims to be selling 230,000 records of data of Harel Yedidim, compromised data includes Full Name, Phone Number, Email, Address.
Date: 2026-01-15T13:13:31Z
Network: telegram
Published URL: https://t.me/c/3667951656/1524
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a9c137c2-5ad6-4990-8301-27aef7d64e29.png
Threat Actors: BFRepoV4Files
Victim Country: Israel
Victim Industry: Insurance
Victim Organization: harel yedidim
Victim Site: yedidim-health.co.il - Alleged sale of 11K corporate email access in the USA and Europe
Category: Combo List
Content: The threat actor claims to be selling 11,000 corporate email accounts with passwords from organizations in the United States and Europe.
NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-15T13:04:08Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273836/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3466eea0-48c8-4c5e-85c4-374f1f27c4ad.png
Threat Actors: Kay
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
- Alleged data breach of Daou Trading Co Ltd
Category: Data Breach
Content: The group claims to have leaked data belonging to Daou Trading Co Ltd. The compromised data reportedly includes full names, full addresses, phone numbers, email addresses, and additional information.
Date: 2026-01-15T12:52:38Z
Network: telegram
Published URL: https://t.me/c/3667951656/1624
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d8271d4-7b3b-418c-befb-d77de61c5aca.jpg
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: South Korea
Victim Industry: Retail Industry
Victim Organization: daou trading co ltd
Victim Site: daouwood.co.kr - Alleged Unauthorized Access to a Boiler Management System in Poland
Category: Initial Access
Content: The group claims to have accessed a boiler management system in Poland developed by JM Infotel, reportedly gaining visibility into and control over system pressure, pump and valve status, and supply and return temperature settings.
Date: 2026-01-15T12:13:59Z
Network: telegram
Published URL: https://t.me/c/2787466017/1643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7984e5e-da57-49cc-9b84-8d4348d11515.png
Threat Actors: NoName057(16)
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of LBP Granville
Category: Data Breach
Content: The threat actor claims to have leaked 3,691,752 records of data belonging to LBP Granville. The compromised data reportedly includes full names, full addresses, phone numbers, email addresses, and additional information.
Date: 2026-01-15T12:12:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-France-www-lbp-tm-fr-3-690-000-clients
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/32821e0a-e44d-4a51-af68-e904a9cb0d57.png
https://d34iuop8pidsy8.cloudfront.net/d7e223c9-5df1-416f-a233-7195af77181c.png
https://d34iuop8pidsy8.cloudfront.net/c9d18cc8-8239-4cd5-937d-537918fe37e3.png
https://d34iuop8pidsy8.cloudfront.net/73629ca6-eaaf-4570-b2fd-2da1233524bc.png
Threat Actors: Sorb
Victim Country: France
Victim Industry: Business and Economic Development
Victim Organization: lbp granville
Victim Site: lbp-tm.fr - AN0M949_GHOST_TRACK targets the website of CRAFT
Category: Defacement
Content: The group claims to have defaced the website of CRAFT
Date: 2026-01-15T11:48:43Z
Network: telegram
Published URL: https://t.me/c/3543749851/196
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4a1d7d0-8294-4798-b7f8-5a989e637b31.jpg
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: Bangladesh
Victim Industry: Non-profit & Social Organizations
Victim Organization: craft
Victim Site: craftbd.org - Alleged data breach of Agricultural University of Athens
Category: Data Breach
Content: The threat actor claims to have leaked 16,000 records from the Agricultural University of Athens student database. The compromised data reportedly includes full names and email addresses.
Date: 2026-01-15T11:30:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-AUA-GR-16k-students-Agricultural-University-of-Athens-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5bafc1d7-7f01-4902-92f2-a483686adf6c.png
Threat Actors: worldweknew7
Victim Country: Greece
Victim Industry: Education
Victim Organization: agricultural university of athens
Victim Site: aur.gr - AN0M949_GHOST_TRACK targets the website of Ministry of Religion of the Republic of Indonesia
Category: Defacement
Content: The group claims to have defaced the website of Ministry of Religion of the Republic of Indonesia.
Date: 2026-01-15T11:28:13Z
Network: telegram
Published URL: https://t.me/c/3543749851/196
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6aea4404-e81e-4ded-83db-566ba4486c95.png
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: Indonesia
Victim Industry: E-Learning
Victim Organization: ministry of religion of the republic of indonesia
Victim Site: elearning.mtsntambakberas.sch.id - Alleged data leak of Greek and Italian police mails
Category: Data Breach
Content: The threat actor claims to be selling few Greek police mails and a few Italian police mails.
Date: 2026-01-15T11:10:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-LE-Access-to-Greek-and-Italian-police-mails
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d2ed809c-eb17-4096-9099-49f23627b27a.JPG
Threat Actors: worldweknew7
Victim Country: Greece
Victim Industry: Law Enforcement
Victim Organization: italian state police
Victim Site: police.gr - AN0M949_GHOST_TRACK targets the website of Koyande’s Institute of Fashion Studies
Category: Defacement
Content: The group claims to have defaced the website of Koyande’s Institute of Fashion Studies.
Date: 2026-01-15T10:43:00Z
Network: telegram
Published URL: https://t.me/c/3543749851/195
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a32efea4-7665-4140-abf3-e61b7fdc3b5c.png
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: India
Victim Industry: Education
Victim Organization: koyande’s institute of fashion studies
Victim Site: koyandesfashion.in - Alleged data breach of Amarillo College Panhandle Regional Law Enforcement Academy
Category: Data Breach
Content: The threat actor claims to have breached 11,253 records belonging to the Amarillo College Panhandle Regional Law Enforcement Academy. The compromised data reportedly includes full names, ranks, phone numbers, and additional information.
Date: 2026-01-15T10:10:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Amarillo-College-Panhandle-Regional-Law-Enforcement-Academy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/62ab2604-d95d-475a-990f-0f41e33405a5.png
https://d34iuop8pidsy8.cloudfront.net/d6e0507f-b7c9-4b74-b391-1d828180056b.png
Threat Actors: zvezdanwastaken
Victim Country: USA
Victim Industry: Education
Victim Organization: amarillo college panhandle regional law enforcement academy
Victim Site: acprlea.org - Alleged leak of login access to Metix Co
Category: Initial Access
Content: The group claims to have leaked login access belonging to Metix Co.
Date: 2026-01-15T10:07:04Z
Network: telegram
Published URL: https://t.me/c/2622575053/1279
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a6ee3da-92db-442f-84b3-5fec42bd0799.png
Threat Actors: NOTRASEC TEAM
Victim Country: USA
Victim Industry: Software Development
Victim Organization: metix co
Victim Site: metix.co - AN0M949_GHOST_TRACK targets the website of Benz NK
Category: Defacement
Content: The group claims to have defaced the website of Benz NK.
Date: 2026-01-15T10:05:01Z
Network: telegram
Published URL: https://t.me/c/3543749851/194
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/937c7fb3-2c07-4806-810b-f2ef54d31644.png
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: Thailand
Victim Industry: Automotive
Victim Organization: benz nk
Victim Site: benznk.com - Alleged unauthorized access to Baoji Langxuan Industry and Trade Co., Ltd.
Category: Initial Access
Content: The group claims to have gained unauthorized access to Baoji Langxuan Industry and Trade Co., Ltd.
Date: 2026-01-15T10:04:13Z
Network: telegram
Published URL: https://t.me/c/2622575053/1280
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/035d1c4e-c53e-40aa-8ea3-7c8d5cb7d1b0.png
Threat Actors: NOTRASEC TEAM
Victim Country: China
Victim Industry: Retail Industry
Victim Organization: baoji langxuan industry and trade co., ltd.
Victim Site: zcwindow.com - Alleged data breach of DMORA
Category: Data Breach
Content: The threat actor claims to have breached 430,794 lines of data from the organisation, allegedly including uuid, customer_title, customer_full_name, customer_email, shipping_address, shipping_city, shipping_country, customer_phone
Date: 2026-01-15T08:49:44Z
Network: openweb
Published URL: https://breachstars.io/topic/selling-dmorait-users-db-p0smq3boc5rh
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c4884bf-2c36-4b55-a91b-649be3fea8f0.JPG
https://d34iuop8pidsy8.cloudfront.net/4c76c300-f9cf-4dc2-92af-33f5880f1bc8.JPG
Threat Actors: ren
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: dmora
Victim Site: dmora.it - BROTHERHOOD CAPUNG INDONESIA targets the website of Dcl Express
Category: Defacement
Content: The group claims to have defaced the website of Dcl Express.
Date: 2026-01-15T08:29:10Z
Network: telegram
Published URL: https://t.me/c/3054021775/324
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6632e3fc-d733-4d60-83ee-0640e01f84af.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: India
Victim Industry: Transportation & Logistics
Victim Organization: dcl express
Victim Site: serviceondoor.in.dclexpress.in - Alleged data leak of Chinese government employees
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to Chinese government employees from 2025. Sample screenshots are provided on their forum.
Date: 2026-01-15T07:43:14Z
Network: openweb
Published URL: https://leakbase.la/threads/chinese-employees.48207/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a20a7edd-3c7b-4291-94bd-351703bcb76c.png
https://d34iuop8pidsy8.cloudfront.net/1a01846f-7af4-4633-80eb-550245d367d3.png
https://d34iuop8pidsy8.cloudfront.net/d69a50c8-db47-478b-a8f7-f6f7f4418987.png
Threat Actors: Shark_vf
Victim Country: China
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login access to Jember Regency Library and Archives services
Category: Initial Access
Content: The group claims to have leaked unauthorized login access to Jember Regency Library and Archives services.
Date: 2026-01-15T07:05:58Z
Network: telegram
Published URL: https://t.me/RaiderGhost2/13
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c54afc2d-c37b-4940-bfb1-cbe8bad20273.png
Threat Actors: RaiderGhost
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: jember regency library and archives services
Victim Site: superkom.jemberkab.go.id - Alleged leak of Indonesian ID cards
Category: Data Breach
Content: The group claims to have leaked Indonesian ID cards
Date: 2026-01-15T07:04:03Z
Network: telegram
Published URL: https://t.me/RaiderGhost2/16
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c926264-89ec-473c-bb57-49e8ba8850d3.jpg
Threat Actors: RaiderGhost
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged login access to Sitenger Kabupaten Cirebon
Category: Initial Access
Content: he group claims to have leaked login credentials to the Sitenger Kabupaten Cirebon
Date: 2026-01-15T06:49:58Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/79
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da91203b-c175-4461-a1f0-4997958f2a8f.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: sitenger kabupaten cirebon
Victim Site: sitenger.cirebonkab.go.id - Alleged sale of unauthorized access to unidentified pharma manufacturer in Sweden
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to Fortigate web dashboards and SSL VPN systems of a Sweden Pharmaceuticals Manufacturer.
Date: 2026-01-15T06:34:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Swedish-pharma-manufacturer
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6cb38178-4448-4c62-a03c-84079862269b.png
Threat Actors: sheenkoo
Victim Country: Sweden
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of KS Academy
Category: Data Breach
Content: The threat actor claims an alleged data breach of KS Academy, the dataset includes student and staff records such as full names, email addresses, usernames, gender, dates of birth, course details, account metadata, login timestamps, and authentication-related fields.
Date: 2026-01-15T06:16:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-ksacademy-co-in-1-CA-Coaching-Institute-in-Chennai-India
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/57caa2e3-cc05-4e2e-a2ac-49d7fdfe8998.png
Threat Actors: aiyewumi
Victim Country: India
Victim Industry: Education
Victim Organization: ks academy
Victim Site: ksacademy.co.in - Alleged Data Breach of Habit Burger & Grill
Category: Data Breach
Content: The threat actor claims an alleged data breach of Habit Burger & Grill, The dataset includes employee-related records such as full names, corporate email addresses, job titles, and physical work locations.
Date: 2026-01-15T06:08:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Free-Habit-Burger-Grill-Official-Website
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2dc0d50d-af36-412d-91b3-c165eb7a446d.png
Threat Actors: aiyewumi
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: habit burger & grill
Victim Site: habitburger.com - Alleged Data Breach of Vitlog
Category: Data Breach
Content: The threat actor claims an alleged data breach of Vitlog, exposing employee and contractor data including names, job titles, contact details, locations, work history, and logistics-related records.
Date: 2026-01-15T05:58:25Z
Network: openweb
Published URL: http://breachforums.bf/Thread-DATABASE-vitlog-com-br-Database-Brazil
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1982b91a-24e5-4021-b208-2a4bf09e70df.png
Threat Actors: aiyewumi
Victim Country: Brazil
Victim Industry: Transportation & Logistics
Victim Organization: vitlog
Victim Site: vitlog.com.br - Alleged Data Breach of Medvenica
Category: Data Breach
Content: The threat actor claims an alleged data breach of medvenica, the dataset includes customer IDs, first and last names, email addresses, phone numbers, IP addresses.
Date: 2026-01-15T05:40:01Z
Network: openweb
Published URL: http://breachforums.bf/Thread-DATABASE-medvenica-ru-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0bfc6fc5-1206-4548-aa9e-38f00806fbbf.png
Threat Actors: GGarolD
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: medvenica
Victim Site: medvenica.ru - Alleged Data Breach of Peredvizhnik
Category: Data Breach
Content: The threat actor claims an alleged data breach of peredvizhnik, The leaked database contains approximately 280,000 user records from 2025.
Date: 2026-01-15T05:30:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-peredvizhnik-ru-280k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/908a60f4-f0b9-40b7-8c9d-07a6d6b9982f.png
Threat Actors: GGarolD
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: peredvizhnik
Victim Site: peredvizhnik.ru - Alleged Data Breach of CAP Emploi Database
Category: Data Breach
Content: Threat actor claims to be selling a CAP Emploi database from France. The dataset reportedly contains over 2.2 million records from 2025, including NiR (French national identification numbers) and other sensitive personal information.
Date: 2026-01-15T05:13:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FR-CAP-Emploi-info
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d641290c-c41e-48f6-a2c3-e889521b7de1.png
https://d34iuop8pidsy8.cloudfront.net/dda50cfe-c261-414a-a63c-8bb2504fbc01.png
Threat Actors: 0x0x0x
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: cap emploi
Victim Site: capemploi.fr - PhantomSec1337 targets the website of Dhruv Global School
Category: Defacement
Content: The group claims to have defaced the website of Dhruv Global School
Date: 2026-01-15T05:08:58Z
Network: openweb
Published URL: https://defacer.id/mirror/id/228272
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91d2e27f-6415-4cb3-b00a-908fa86c86a7.png
Threat Actors: PhantomSec1337
Victim Country: India
Victim Industry: Education
Victim Organization: dhruv global school
Victim Site: dhruv.edu.in - Alleged Data Breach of Mail.ru Group
Category: Data Breach
Content: The threat actor claims an alleged data leak of Mail.ru group, the dataset is associated with the year 2023 and reportedly contains approximately 242 million records.
Date: 2026-01-15T05:07:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-mail-ru-2023-242m
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/acba2e43-6d8d-470c-8c8f-51b73432350d.png
Threat Actors: GGarolD
Victim Country: Russia
Victim Industry: Information Technology (IT) Services
Victim Organization: mail.ru group
Victim Site: mail.ru - Alleged data breach of multiple French websites
Category: Data Breach
Content: The threat actor claims to have leaked four small SQL databases originating from French websites. The dataset includes 8,000 uncleaned records.
Date: 2026-01-15T05:06:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-Small-databases
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01580bb1-e44e-4836-81f9-94bcdfcc1c9c.png
Threat Actors: MoNkEySdAnCiNiNg
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: antoine.shop.tv - Alleged Data Breach of Groupe Fondasol
Category: Data Breach
Content: The threat actor claims an alleged data breach of Groupe Fondasol, The leaked data is reportedly approximately 888 employees.
Date: 2026-01-15T04:34:04Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-Groupe-Fondasol-Employees-Informations
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d2c775e8-c627-4e86-98c0-7eaab2a26ac2.png
Threat Actors: 0xR3qu1em
Victim Country: France
Victim Industry: Building and construction
Victim Organization: groupe fondasol
Victim Site: groupefondasol.com - Alleged Data Leak of Multiple French Sports Federations
Category: Data Breach
Content: The threat actor claims an alleged data leak involving multiple French sports federations.
Date: 2026-01-15T04:28:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-lots-of-French-federation
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd176d40-dfff-4f73-a410-727553b90273.png
Threat Actors: azerty93200
Victim Country: France
Victim Industry: Sports
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Cryptocurrency Checkout Payment Database
Category: Data Breach
Content: The threat actor claims an alleged leak of a database containing records of users who completed checkouts using cryptocurrency payments.
Date: 2026-01-15T04:04:53Z
Network: tor
Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/145388/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29ea151c-5cd5-4a08-86dc-f015e6441e40.png
Threat Actors: Youzuf BG
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged Leak of Cryptocurrency Gambling User Database
Category: Data Breach
Content: The threat actor claims an alleged data leak involving approximately 60,000 records related to users of cryptocurrency-based gambling platforms.
Date: 2026-01-15T04:04:00Z
Network: tor
Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/145387/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75ac21d1-ed42-4eba-8490-538a0d5f3d92.png
Threat Actors: Youzuf BG
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Norway Business Database
Category: Data Breach
Content: The threat actor claims an alleged leak of a Norway Business Database containing information over 90,000 business records.
Date: 2026-01-15T03:42:45Z
Network: tor
Published URL: https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/145389/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63d00302-4f7b-4b37-bc6f-81cc18c32369.png
Threat Actors: Youzuf BG
Victim Country: Norway
Victim Industry: Government Administration
Victim Organization: norwegian business entities
Victim Site: Unknown - CyberOprationCulture targets the website of propese.com
Category: Defacement
Content: The group claims to have defaced the website of propese.com
Date: 2026-01-15T03:40:10Z
Network: telegram
Published URL: https://t.me/c/3421269527/70
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b3e43cb8-dcb9-4de4-8b4e-fd7a067d9dbc.png
Threat Actors: CyberOprationCulture
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: propese.com - Alleged Leak of Instagram Influencer Database
Category: Data Breach
Content: Threat actor claims to be leaking a large Instagram influencer database from 2024. The dataset reportedly contains hundreds of thousands of records, including usernames, full names, email addresses, biographies, websites, location details, verification status, follower counts, and engagement metrics.
Date: 2026-01-15T03:14:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-reupload-aws-auditor-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/152e58ff-2cdb-4998-bf22-47d476844006.png
https://d34iuop8pidsy8.cloudfront.net/452b0f19-c06c-45a6-801a-8a6bb7e2ec5e.png
https://d34iuop8pidsy8.cloudfront.net/252afe8b-ce31-46b0-8e85-83b4e5797a83.png
Threat Actors: Wadjet
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Dmora
Category: Data Breach
Content: The threat actor claims an alleged data breach of Dmora, the customer database containing over 430,000 records was extracted and offered for sale.
Date: 2026-01-15T03:01:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOLD-OUT-dmora-it-430-7K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ad5d29b-d828-4f95-a9da-24d23a388cc3.png
Threat Actors: rennn
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: dmora
Victim Site: dmora.it - TruStar Holdings, LLC falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: Group Claims to have Obtained 1.4 TB of the Organization’s Data.
Date: 2026-01-15T02:34:58Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696842f08f1d14b743b7c396
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/73f5bf8d-c792-4e52-a299-db7a614dbcf4.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Warehousing
Victim Organization: trustar holdings, llc
Victim Site: trustarholdingsllc.com - Alleged data leak of 5 Billion Email Password Credential Records
Category: Data Breach
Content: Threat actor claims to be selling a large credential compilation consisting of approximately 5 billion unique email password records. The dataset is reportedly cleaned, with duplicate entries, trash domains, short passwords, and non email credential formats removed, and is distributed as a 180GB archive.
Date: 2026-01-15T01:52:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Selling-5-billion-unique-EMAIL-PASS-collection-for-any-requests
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34fde72e-0ddd-4377-962d-b38fc17a3fc9.png
Threat Actors: RatBridge
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Global KYC and Identity Verification Records
Category: Data Breach
Content: Threat actor claims to be selling a large collection of identity verification (KYC) datasets totaling over 10,000 records, including country sorted and unsorted sets. The data reportedly contains front and back ID images, passport scans, selfies, and video selfie verifications, with approximately 450 individuals included with video based verification.
Sorted country sets available individually Example: USA, UK, Germany, France, Canada, Japan, Australia, Israel and Unsorted multi-country data also offered
Date: 2026-01-15T01:36:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-33gb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a848a64c-4a5e-4f85-8edf-92e8b9321883.png
https://d34iuop8pidsy8.cloudfront.net/1b48379c-0e16-4895-8b27-2870e6832311.png
Threat Actors: DocLite
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Nordstrom rack falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 50.6GB of the organization’s data and they intend to publish it within 7-8 days.
Date: 2026-01-15T00:50:36Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/9ed049f13a6c03647605778e699066649aea5265c7351bff6fd5e509a294ba2e/g
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f5a10fd-994c-4b63-a84e-329536c9345e.png
Threat Actors: TENGU
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: nordstrom rack
Victim Site: nordstromrack.com - KAN AND KRISHME Falls Victim for Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 500GB of the organization’s data. They intend to publish it within 13-14 days.
Date: 2026-01-15T00:46:29Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6964034c6387a4c9a21c7123
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/017414bc-d29d-497c-9d99-6a9c0fb103ef.png
https://d34iuop8pidsy8.cloudfront.net/e8877388-2349-4134-9a2f-3fd3ceb71da3.png
Threat Actors: Sinobi
Victim Country: India
Victim Industry: Law Practice & Law Firms
Victim Organization: kan and krishme
Victim Site: kankrishme.com - Alleged Data leak of Liquid
Category: Data Breach
Content: Threat actor claims to be leaking Liquid database.
Date: 2026-01-15T00:33:23Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273826/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b1e365d6-cec6-4d9d-b0ad-91dddcc7caa7.png
Threat Actors: iwillneverlose
Victim Country: Singapore
Victim Industry: Financial Services
Victim Organization: liquid
Victim Site: liquid.com - Alleged data leak
Category: Data Breach
Content: The threat actor claims a large-scale data dump of multiple AI-related websites, the dataset contains 15 GB of data.
Date: 2026-01-15T00:28:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-2026-BADVIBES-15gb-across-100-Sites
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5989f219-bb22-4974-8926-78baeb6acb88.png
https://d34iuop8pidsy8.cloudfront.net/55ee70a4-ad39-4d8d-907f-93d79b83c308.png
Threat Actors: p0ppin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data leak of Nansen
Category: Data Breach
Content: Threat actor claims to be leaking a Nansen.ai database.
Date: 2026-01-15T00:27:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273825/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3eb68db4-7ccd-4f4d-9c5a-f0ed54b68f7a.png
Threat Actors: iwillneverlose
Victim Country: Singapore
Victim Industry: International Trade & Development
Victim Organization: nansen
Victim Site: nansen.ai - Alleged Data leak of Ripple
Category: Data Breach
Content: Threat actor claims to be leaking a Ripple email database via a download link.
NB: Authenticity of claim is yet to be verified
Date: 2026-01-15T00:19:10Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273824/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab400c5c-1ca0-4d1c-8f96-0ae9c021bf22.png
Threat Actors: iwillneverlose
Victim Country: Canada
Victim Industry: Information Technology (IT) Services
Victim Organization: ripple
Victim Site: ripple.com