[January-16-2026] Daily Cybersecurity Threat Report

1. Executive Summary

The provided dataset indicates a high volume of cyber activity occurring within a single 24-hour window. The incidents range from politically motivated website defacements and low-level hacktivism to high-impact ransomware attacks and large-scale data breaches. A significant portion of the data breaches targets the cryptocurrency and financial sectors, while ransomware groups are heavily targeting US-based infrastructure and commercial entities.

---

2. Major Ransomware Campaigns

Several organized ransomware groups were active, posting victims to leak sites. The akira ransomware group was particularly aggressive against US targets.

• akira Ransomware:
  • Targeted La Macchia Group (Architecture, USA), compromising 12 GB of data including HR files and passport info.
  • Targeted Commenco (Telecommunications, USA) and Micro Precision (Legal/Calibration, USA).+1
  • Targeted DigiCOURSE LLC (Oil & Gas, USA) and Industrial Rivet & Fastener Co. (Wholesale, USA), leaking employee SSNs and passports.+1
• GENESIS:
  • Claimed an attack on Upper Township (Government, USA), stealing 400 GB of data.
  • Targeted Dedman Gray Property Consultants Ltd (Real Estate, UK), exfiltrating 300 GB of property and financial data.
• Other Notable Ransomware Activity:
  • INC RANSOM: Targeted the Electric Cooperatives of South Carolina and Cirrus Aviation (USA).+1
  • DragonForce: Targeted NWIMS IT Group (UK) and JR Advertising Specialties (USA).+1
  • TENGU: Claimed attacks on CAUT Comercial Automotriz and Grupo ROA in Mexico, threatening to publish data within days.+1

---

3. Data Breaches and Leaks

Data breaches were widespread, with a specific focus on cryptocurrency platforms, government databases, and major corporations.

A. Cryptocurrency & Financial Sector (Actor: iwillneverlose)

A threat actor named iwillneverlose claimed a massive series of breaches against crypto and fintech entities on this date:

• Ethereum Foundation (Switzerland): Blog email database.
• Exchanges & Services: Breaches claimed against Crypto Tax Calculator, Coinsquare, Blockfills VC, Accointing, Blockstream, Bitoasis, Securitize, Inc., Etana, Ndax Exchange (Canada), Paradigm Research, Hedera, and Bitsgap.+4

B. Government and National Infrastructure

• USA: A group named HawkSec claims to have breached The White House, releasing an initial batch of 11,409 confidential emails.
• Venezuela: malconguerra2 claimed a leak of INTT (National Institute of Land Transportation) data, including driver’s licenses and official forms.
• Australia: Actor USDT claimed a leak of the National Personal Data database, affecting ~438,000 records.
• Ukraine: A dataset of 400,000 passports allegedly belonging to Ukrainian citizens was leaked by Perun Svaroga.
• China: Actor mr_x1 claimed to leak data from the Chinese army, including IDs and mobile numbers.
• Indonesia: Multiple regional governments (West Sumatra, Tanjungpinang, Riau Islands) saw data leaked by CY8ER N4TI0N.+2

C. Corporate & Commercial Breaches

• Hertz: Actor Sphere claimed to share a large customer dataset (3.6m records) regarding vehicle reservations.+1
• FedEx: Actor perla claimed a leak of Salesforce data including agent and owner IDs.
• Zomato: Actor czapla claimed a 10 GB data leak from the food delivery platform.

---

4. Hacktivism and Defacement

Political and social tensions appear to be driving high volumes of website defacements.

• Targeting Israel: The HellR00ters Team conducted a coordinated wave of defacements against Israeli cultural and arts websites, including Magic Colours, Shalom Hanoch, Hi Fiber Productions, and Daniel Chen.+2
• Targeting India:
  • Hazardous Cyber Team targeted educational institutions (EIITS, Santiniketan Polytechnic).
  • DEFACER INDONESIAN TEAM targeted multiple Indian commercial sites (Darshanam Trading, Indias Free Classified).+1
• Targeting Indonesia: Local groups like GHOSTNET-X targeted various Indonesian educational institutions (MIN 1 Ciamis, MAN 2 Semarang).+1

---

5. Initial Access and Underground Sales

Threat actors are actively selling unauthorized access and malware tools, facilitating future attacks.

• Access Sales:
  • WordPress Access: Multiple actors are selling admin access to WordPress shops in the USA, Spain, and Israel.+2
  • Industrial Control Systems: Z-PENTEST ALLIANCE claimed access to an industrial boiler control system in Canada.
  • Government Access: Actor RaiderGhost is selling webshell access to Indonesian government sites (JDIH DPRD).+1
• Malware Tools:
  • Neurosis RAT: A remote access trojan for Windows/Linux is being sold by DARK 07x.
  • STARKILLER: A phishing tool with 2FA/MFA bypass capabilities is being sold by jinkusu01.

---

6. Conclusion

The intelligence data from January 16, 2026, reveals a volatile cyber threat landscape.

1. Ransomware is highly sector-specific: Manufacturing, Construction, and Infrastructure in the US and UK are the primary targets for groups like akira and GENESIS.
2. Cryptocurrency platforms are under siege: The actor iwillneverlose executed a massive campaign against nearly a dozen crypto-related entities in a single day.
3. Critical Government Data is Exposed: Claims regarding The White House emails, if verified, represent a top-tier national security breach. Simultaneously, large-scale citizen data leaks in Australia, Venezuela, and Ukraine indicate a global failure in securing government-held PII.
4. Hacktivism remains persistent: The volume of defacements suggests coordinated campaigns by groups like HellR00ters (Anti-Israel) and DEFACER INDONESIAN TEAM, utilizing low-sophistication attacks to cause reputational damage.

Detected Incidents Draft Data

1. Hazardous Cyber Team targets the website of EIITS
   Category: Defacement
   Content: The group claims to have defaced the website of EIITS
   Date: 2026-01-16T23:47:43Z
   Network: openweb
   Published URL: https://defacer.id/cyber-attack-report/228924
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/7a449a03-e755-4485-963f-433b999f0c95.png
   https://d34iuop8pidsy8.cloudfront.net/bd7886d4-1a3b-4bcd-aeaf-103f1d5ed763.png
   Threat Actors: Hazardous Cyber Team
   Victim Country: India
   Victim Industry: Education
   Victim Organization: eiits
   Victim Site: erp.eiits.in
2. Hazardous Cyber Team targets the website of Santiniketan Polytechnic
   Category: Defacement
   Content: The group claims to have defaced the website of Santiniketan Polytechnic
   Date: 2026-01-16T23:37:15Z
   Network: openweb
   Published URL: https://defacer.id/cyber-attack-report/228908
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/949a3c10-8486-4f9d-80ce-5e9fb28dcce9.png
   https://d34iuop8pidsy8.cloudfront.net/0289bf2e-8a04-45cb-aef0-058f61e75b71.png
   Threat Actors: Hazardous Cyber Team
   Victim Country: India
   Victim Industry: Education
   Victim Organization: santiniketan polytechnic
   Victim Site: santiniketanpolytechnic.in
3. Hazardous Cyber Team targets the website of pbnia.com
   Category: Defacement
   Content: The group claims to have defaced the website of pbnia.com
   Date: 2026-01-16T23:19:06Z
   Network: openweb
   Published URL: https://defacer.id/cyber-attack-report/228904
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/691e1fce-315b-4014-a33f-7acaa207e1a6.png
   https://d34iuop8pidsy8.cloudfront.net/29a95699-4a27-4ac3-9c11-57cac241d5cb.png
   Threat Actors: Hazardous Cyber Team
   Victim Country: India
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: pbnia.com
4. Alleged Sale of Unauthorized Admin Access to a WordPress Shop in USA
   Category: Initial Access
   Content: Threat Actor claims to be selling unauthorized admin access with full rights to a WordPress shop in USA.
   Date: 2026-01-16T22:40:34Z
   Network: openweb
   Published URL: https://forum.exploit.biz/topic/273973/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/5456a5b3-6f7b-4a52-828c-56b00fcc683b.png
   Threat Actors: cosmodrome
   Victim Country: USA
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
5. Alleged data breach of Instituto Nacional de Transporte Terrestre (INTT)
   Category: Data Breach
   Content: The threat actor claims to have leaked a large collection of confidential documents allegedly belonging to Venezuela’s National Institute of Land Transportation (INTT).the exposed material reportedly includes sensitive documentation related to Venezuelan driver’s licenses,Personal identification details of license holders,Driver’s license records and related administrative documents,Official forms, internal files, and scanned documents,Government-issued transportation and licensing records.
   Date: 2026-01-16T22:26:48Z
   Network: openweb
   Published URL: https://darkforums.io/Thread-Document-VENEZUELA-INTT-500GB-National-Institute-of-Land-Transportation-16-01-2026
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/fc41b86e-1cac-474c-9446-e5f4737017ef.png
   Threat Actors: malconguerra2
   Victim Country: Venezuela
   Victim Industry: Government & Public Sector
   Victim Organization: instituto nacional de transporte terrestre (intt)
   Victim Site: intt.gob.ve
6. Alleged Sale of Unauthorized Admin Access to an Unidentified WordPress Shop in Spain
   Category: Initial Access
   Content: Threat Actor claims to be selling unauthorized admin access to an unidentified WordPress shop in Spain.
   Date: 2026-01-16T22:22:04Z
   Network: openweb
   Published URL: https://forum.exploit.biz/topic/273972/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/76a3af49-c031-4500-9b55-8c23697a12a6.png
   Threat Actors: UnitT
   Victim Country: Spain
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
7. Alleged Sale of Unauthorized Access to a WordPress Shop in Israel
   Category: Initial Access
   Content: Threat Actor claims to be selling unauthorized access to a WordPress shop in Israel.
   Date: 2026-01-16T22:21:35Z
   Network: openweb
   Published URL: https://forum.exploit.biz/topic/273974/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/e55f21d9-0d4d-4d5a-9169-1d807893619a.png
   Threat Actors: ed1n1ca
   Victim Country: Israel
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
8. Allleged data leak of large compilation of Turkish databases
   Category: Data Breach
   Content: A threat actor claims to be offering a large compilation of Turkish databases, aggregating data from multiple sources across the country.
   Date: 2026-01-16T22:13:59Z
   Network: openweb
   Published URL: https://hydraforums.io/Threads-7-big-turkish-databases-compilation
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/bf08bd0e-04dc-4a07-97f3-5680ef2f52d7.png
   Threat Actors: wht
   Victim Country: Turkey
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
9. Alleged Data Breach of Ethereum Foundation
   Category: Data Breach
   Content: Threat Actor claims to have breached the blog email database of Ethereum Foundation in Switzerland.
   Date: 2026-01-16T22:05:09Z
   Network: openweb
   Published URL: https://forum.exploit.biz/topic/273969/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/fdf98830-3006-4514-b9f0-db0efb89f205.png
   Threat Actors: iwillneverlose
   Victim Country: Switzerland
   Victim Industry: Information Technology (IT) Services
   Victim Organization: ethereum foundation
   Victim Site: ethereum.com
10. Alleged sale of unauthorized access to unidentified company from Pakistan
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized domain admin access to an unidentified manufacturing company based in Pakistan. The compromised organization reportedly contains 752 host in domain and revenue of 22.4 Million.
    Date: 2026-01-16T22:03:23Z
    Network: openweb
    Published URL: https://ramp4u.io/threads/%D0%9F%D1%80%D0%BE%D0%B4%D0%B0%D0%BC-%D0%B4%D0%BE%D1%81%D1%82%D1%83%D0%BF%D1%8B.3796/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/35a0175d-fe3b-4ff8-85f6-30602be4e340.png
    Threat Actors: walker
    Victim Country: Pakistan
    Victim Industry: Manufacturing
    Victim Organization: Unknown
    Victim Site: Unknown
11. Alleged Data Leak of National Personal Data in Australia
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of National Personal Data in Australia. The exposed dataset includes approximately 438,522 records, which contains first and last names, full names, gender, email addresses, dates of birth, phone numbers, and detailed address information such as street names, cities, and ZIP/postal codes.
    Date: 2026-01-16T22:00:59Z
    Network: openweb
    Published URL: https://leakbase.la/threads/australia-national-personal-data-leak.48246/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fc34f286-f977-4fbc-8972-f79c644c7051.png
    Threat Actors: USDT
    Victim Country: Australia
    Victim Industry: Government Administration
    Victim Organization: Unknown
    Victim Site: Unknown
12. Cloak ransomware group adds an unknown victim (l.us)
    Category: Ransomware
    Content: The group claims to have obtained 2.5 TB of organization’s data.
    Date: 2026-01-16T21:29:04Z
    Network: tor
    Published URL: http://cloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d7a23eab-83da-40a4-9025-cc1e9fd672c6.png
    Threat Actors: Cloak
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
13. Alleged sale of Unauthorized Access to French federation of social centers
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized access to an internal administrative portal used by a French federation of social centers and credentials for multiple social centers.
    Date: 2026-01-16T21:15:55Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-Social-Center-Access
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f945fd0d-4067-4c88-80af-45def48f45aa.png
    Threat Actors: breach3d
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: centres-sociaux.fr
14. Alleged data breach of Hertz
    Category: Data Breach
    Content: The threat actor claims to have shared a large customer dataset allegedly originating from Hertz. The exposed data appears to relate to vehicle rental reservations and customer profiles. which include personal and transactional information such as customer names, email addresses, reservation and booking identifiers, pickup and drop-off locations, address details, and internal reference codes.
    Date: 2026-01-16T21:00:28Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Hertz-2025-3-6m
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/759f7c14-69d9-4b3c-aaff-6b1a530ae7a1.png
    Threat Actors: Sphere
    Victim Country: USA
    Victim Industry: Transportation & Logistics
    Victim Organization: hertz
    Victim Site: hertz.com
15. Hargreaves Lansdown falls victim to BASHE Ransomware
    Category: Ransomware
    Content: Group claims to have obtained organization data and intent to publish it within 9-10 days.
    Date: 2026-01-16T20:53:51Z
    Network: tor
    Published URL: http://basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion/page_company.php?id=125
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/df46368c-a442-4b96-a47c-08e6796ff2ed.png
    Threat Actors: Eraleig (APT73)
    Victim Country: UK
    Victim Industry: Financial Services
    Victim Organization: hargreaves lansdown
    Victim Site: hl.co.uk
16. Alleged data breach of Customer Alliance
    Category: Data Breach
    Content: The threat actor claims to have leaked customer feedback and contact records allegedly belonging to Customer Alliance. The leaked records include personal details such as customer names, email addresses, departure dates, language preferences, data collection source, associated customer portals, and feedback or comment status.
    Date: 2026-01-16T20:39:37Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-FR-Go-Customers-alliance-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3b80152f-a5cf-46c1-a4f3-d35cec3d0618.png
    Threat Actors: Sahquelfou
    Victim Country: Germany
    Victim Industry: Software Development
    Victim Organization: customer alliance
    Victim Site: customer-alliance.com
17. SYLHET GANG-SG claims to target Telecom Egypt
    Category: Alert
    Content: A recent post by the group indicates that they’re targeting Telecom Egypt
    Date: 2026-01-16T20:09:05Z
    Network: telegram
    Published URL: https://t.me/SylhetGangSG1/7325
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/631985d4-ed2e-4eab-8938-60f8a31e2085.jpg
    Threat Actors: SYLHET GANG-SG
    Victim Country: Egypt
    Victim Industry: Network & Telecommunications
    Victim Organization: telecom egypt
    Victim Site: te.eg
18. Alleged Data Leak of Crypto Tax Calculator
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Crypto Tax Calculator.
    Date: 2026-01-16T19:21:22Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273966/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/60c3f21c-ec70-4ad4-a633-8f3770627ca1.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
19. Alleged Data Breach of Decrypt, Inc
    Category: Data Breach
    Content: Threat Actor claims to have breached the CRM database of Decrypt, Inc in USA.
    Date: 2026-01-16T19:04:24Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273964/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5f654775-f4f3-4162-b5f5-03a44d30d4df.png
    Threat Actors: iwillneverlose
    Victim Country: USA
    Victim Industry: Media Production
    Victim Organization: decrypt, inc
    Victim Site: decrypt.co
20. Alleged Data Leak of Coinsquare Email List
    Category: Data Breach
    Content: Threat Actor claims to have leaked the email database of Coinsquare.
    Date: 2026-01-16T19:02:38Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273954/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3bf183f8-e184-45c0-9979-85c7a6677a5b.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
21. CAUT Comercial Automotriz falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 12.2 GB of the organization’s data and they intend to publish it within 5-6 days.
    Date: 2026-01-16T18:59:16Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/56d5ba2b78a185c8232a69cf3e5be18f67f5ee8704a61dd0556b672b5a92e83c/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/61830a1d-2dd3-4101-ae6f-3c92c31f148b.png
    https://d34iuop8pidsy8.cloudfront.net/bc88334d-0d61-4d41-b7dc-0835c77fd216.png
    Threat Actors: TENGU
    Victim Country: Mexico
    Victim Industry: Retail Industry
    Victim Organization: caut comercial automotriz
    Victim Site: comercialautomotriz.com
22. 404 CREW CYBER TEAM targets the website of Joshi Consultancy Services
    Category: Defacement
    Content: The group claims to have defaced the website of Joshi Consultancy Services.
    Date: 2026-01-16T18:55:59Z
    Network: telegram
    Published URL: https://t.me/crewcyber/555
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/92671ac4-d5df-4998-965b-2599b2dd13a5.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: India
    Victim Industry: Information Technology (IT) Services
    Victim Organization: joshi consultancy services
    Victim Site: joshics.in
23. Alleged Data Leak of Marketbeat
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Marketbeat.
    Date: 2026-01-16T18:54:26Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273961/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ff982a61-5037-43ec-99b6-cf0976130ee4.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
24. Alleged Data Leak of Blockfills VC
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Blockfills VC.
    Date: 2026-01-16T18:49:51Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273958/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7449c2dc-cb08-427a-8a39-6b46aa1e6be7.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
25. Alleged Access to ELTECH Ukraine
    Category: Initial Access
    Content: The group claims to have gained unauthorized Ventilation, Compressor, and Climate-Control System access to ELTECH Ukraine.
    Date: 2026-01-16T18:47:15Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/971
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e6ddf333-7dba-4699-b878-5c23fb96146f.png
    https://d34iuop8pidsy8.cloudfront.net/3021e69d-fe7f-4d79-88d9-7bd489ec7ca5.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Ukraine
    Victim Industry: Machinery
    Victim Organization: eltech ukraine
    Victim Site: eltech.kiev.ua
26. Alleged Data Leak of Accointing
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Accointing.
    Date: 2026-01-16T18:45:45Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273952/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/72dbb689-888e-4173-86b1-1d72109eba98.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
27. Alleged Data Leak of Blockstream
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Blockstream.
    Date: 2026-01-16T18:45:04Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273957/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aeaeb3eb-7211-45b8-9580-17ebf838b892.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
28. Alleged Data Leak of Bitoasis
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Bitoasis.
    Date: 2026-01-16T18:41:12Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273955/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/51c3474b-393d-4c9a-9361-971aee9939e7.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
29. Alleged Data Breach of Securitize, Inc
    Category: Data Breach
    Content: Threat Actor claims to have breached the email database of Securitize, Inc in USA.
    Date: 2026-01-16T18:40:11Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273951/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/efa36dea-5951-4d0d-925c-ca1ec86a6f33.png
    Threat Actors: iwillneverlose
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: securitize, inc
    Victim Site: securitize.com
30. Alleged Data Leak of Exodus Newsletter
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Exodus Newsletter.
    Date: 2026-01-16T18:36:51Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273950/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3b03c84c-54ab-42bd-bdd7-9f4ce7eaafa9.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
31. Alleged Data Leak of Etana
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Etana.
    Date: 2026-01-16T18:26:24Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273947/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/694ac908-65ac-424a-bb41-e7ce624afa29.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
32. InDoM1nu’s targets the website of Victor Vidal Estudio
    Category: Defacement
    Content: The group claims to have defaced the website of Victor Vidal Estudio
    Date: 2026-01-16T18:26:11Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/55
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/395e8798-4cd0-4ae5-bbcf-3b4538d4ceec.jpg
    Threat Actors: InDoM1nu’s
    Victim Country: Spain
    Victim Industry: Graphic & Web Design
    Victim Organization: victor vidal estudio
    Victim Site: victorvidal.es
33. Alleged Data Leak of Ndax Exchange in Canada
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Ndax Exchange in Canada.
    Date: 2026-01-16T18:22:38Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273946/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/46d06f99-ca9a-4681-a922-8b64cf424e70.png
    Threat Actors: iwillneverlose
    Victim Country: Canada
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
34. Alleged Data Leak of Paradigm Research
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Paradigm Research.
    Date: 2026-01-16T18:15:29Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273949/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bec75e1c-4936-44df-a048-d478b07a068c.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
35. Alleged Data Leak of Hedera
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Hedera.
    Date: 2026-01-16T18:15:01Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273945/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b50c3712-2fee-4008-8b4b-db353c891208.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
36. Alleged Data Leak of Bitsgap
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of Bitsgap.
    Date: 2026-01-16T18:12:13Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273948/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a9993327-110b-44a7-8f9e-ea4912c26597.png
    Threat Actors: iwillneverlose
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
37. Alleged data breach of Bazooka Egypt
    Category: Data Breach
    Content: The threat actor claims to have leaked a customer database allegedly belonging to Bazooka Egypt. The exposed data reportedly includes customer registration and contact information, such as first and last names, email addresses, mobile phone numbers, registration sources, and internal user or customer IDs.
    Date: 2026-01-16T17:40:08Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-REPOST-BazookaEgy-2024-1m
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e97b7109-056d-442f-a949-6c756e4536ad.png
    Threat Actors: Sphere
    Victim Country: Egypt
    Victim Industry: Restaurants
    Victim Organization: bazooka egypt
    Victim Site: bazookaegy.com
38. Alleged data breach of Recurpay
    Category: Data Breach
    Content: The threat actor claims to have exposed sensitive order, subscription, and personally identifiable information (PII) linked to Recurpay’s platform. The leaked data allegedly includes Order details,Customer email addresses,Full billing and shipping information,Subscription IDs,Payment gateway–related data,Transaction amounts and currency,Order and subscription timestamps.
    NB:Recurpay was previously breached on Wed Jul 02 2025.
    Date: 2026-01-16T17:28:33Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-RECURPAY-COM-%E2%80%94-SaaS-Subscription-Platform-Data-Breach
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3dd87ecd-5abd-4547-9827-c7f6c2ebf5fe.png
    Threat Actors: aiyewumi
    Victim Country: India
    Victim Industry: E-commerce & Online Stores
    Victim Organization: recurpay
    Victim Site: recurpay.com
39. Alleged sale of RAT Framework
    Category: Malware
    Content: Threat actor claims to be selling “Neurosis RAT Framework”, an advanced Remote Access Trojan for Windows & Linux with fully undetectable builder and encrypted C2 server.
    Date: 2026-01-16T17:16:00Z
    Network: tor
    Published URL: http://zwziyr6hbbqmtm7x5peu4dxyrm6wqvw7sdulvcgwcs2yvbx77cjesaad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/99facdc0-a9c6-4324-9fda-ebfe2eb96165.png
    Threat Actors: DARK 07x
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
40. Alleged Data Breach of Maad International Co
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Maad International Co in Saudi Arabia.
    Date: 2026-01-16T17:04:42Z
    Network: telegram
    Published URL: https://t.me/c/3470684086/350
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/701bfee4-6249-493f-8e5d-3aba66966dce.png
    https://d34iuop8pidsy8.cloudfront.net/9fb4f293-b056-4ce0-bd68-d1ce8ce6852a.png
    Threat Actors: RED EYES
    Victim Country: Saudi Arabia
    Victim Industry: Commercial Real Estate
    Victim Organization: maad international co
    Victim Site: maad.com.sa
41. 404 crew cyber team targets the website of Codd Automation Systems and Energy
    Category: Defacement
    Content: The group claims to have defaced the website of Codd Automation Systems and Energy.
    Date: 2026-01-16T16:58:15Z
    Network: telegram
    Published URL: https://t.me/crewcyber/557
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/43b0d3d3-69d3-48ff-86cd-179fdeb5bb94.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: Brazil
    Victim Industry: Machinery Manufacturing
    Victim Organization: codd automation systems and energy
    Victim Site: hub.codd.com.br
42. Alleged data breach MAKS-M JSC (Medical Joint-Stock Insurance Company)
    Category: Data Breach
    Content: The threat actor claims to have leaked a large database belonging to MAKS-M JSC (Medical Joint-Stock Insurance Company “MAKS-M”). The exposed data reportedly includes highly sensitive personal and insurance-related information such as full names, dates of birth, citizenship details, passport and identification numbers, insurance policy information, residential addresses, phone numbers, and regional medical insurance records.
    Date: 2026-01-16T16:55:57Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-makcm-ru-10M
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a9abc474-1c1b-41e7-8ad0-d3ade55deb7f.png
    Threat Actors: X0Frankenstein
    Victim Country: Russia
    Victim Industry: Insurance
    Victim Organization: maks-m jsc (medical joint-stock insurance company)
    Victim Site: makcm.ru
43. WOLF CYBER ARMY targets the website of Tarbiyah Science High School
    Category: Defacement
    Content: The group claims to have defaced the website of Tarbiyah Science High School
    Date: 2026-01-16T16:46:56Z
    Network: telegram
    Published URL: https://t.me/c/2670088117/423
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/04c6511e-12aa-444e-a672-18afc099d79d.jpg
    Threat Actors: WOLF CYBER ARMY
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: tarbiyah science high school
    Victim Site: stitlakbok.ac.id
44. The Electric Cooperatives of South Carolina, Inc.
    Category: Ransomware
    Content: The group Claims to have Obtained Organization’s Data.
    Date: 2026-01-16T16:44:28Z
    Network: tor
    Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696a62638f1d14b743dd523b
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8eb10790-1c91-4ebb-b86a-88179d0dcb30.png
    Threat Actors: INC RANSOM
    Victim Country: USA
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: the electric cooperatives of south carolina, inc.
    Victim Site: ecsc.org
45. MAD GHOST claims to target Ken-Hator
    Category: Ransomware
    Content: “Those who bought tickets for the Ben Gvir real estate conference in September 2025.” A Telegram post is circulating that publicly lists company websites and makes unverified political claims. Listed organizations maybe targeted by cyber attacks.
    Date: 2026-01-16T16:33:49Z
    Network: telegram
    Published URL: https://t.me/ARABIAN_GHOSTS/1687
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1ee5a43e-ecf6-49c5-a096-4a49994c58a2.png
    https://d34iuop8pidsy8.cloudfront.net/de6c33bc-2c0b-42a4-9c3a-d58be8676bd3.png
    https://d34iuop8pidsy8.cloudfront.net/170b1707-9212-4cbd-a661-04c83fc3b4ac.png
    Threat Actors: MAD GHOST
    Victim Country: Israel
    Victim Industry: Building and construction
    Victim Organization: ken-hator
    Victim Site: ken-hator.com
46. DARK 07x targets the website of Tizi-Ouzou Wilaya Football League
    Category: Defacement
    Content: The group claims to have defaced the website of Tizi-Ouzou Wilaya Football League
    Date: 2026-01-16T15:37:14Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/634
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/544e4bb6-cff0-4dd2-9c82-31562e2200fd.jpg
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Sports
    Victim Organization: tizi-ouzou wilaya football league
    Victim Site: lfwto.dz
47. Alleged data leak of Ukrainian passports
    Category: Data Breach
    Content: The threat actor claims to have obtained a dataset containing records of approximately 400,000 passports allegedly belonging to citizens of Ukraine. According to the statement, the exposed information reportedly includes passport issuance location, place of residence, full names, phone numbers, some email addresses, and additional unspecified personal data.
    Date: 2026-01-16T15:12:31Z
    Network: telegram
    Published URL: https://t.me/perunswaroga/1043
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e9fcde0c-fadc-420b-87d9-47123ec117fb.jpg
    Threat Actors: Perun Svaroga
    Victim Country: Ukraine
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
48. Alleged data leak of Government of West Sumatra Province
    Category: Data Breach
    Content: The group claims to have leaked the data of Government of West Sumatra Province.
    Date: 2026-01-16T14:40:18Z
    Network: telegram
    Published URL: https://t.me/Team_Cy8er_N4ti0n/34
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e1507918-168c-4c5f-9b86-2910ce9cd517.jpg
    Threat Actors: CY8ER N4TI0N
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: government of west sumatra province
    Victim Site: sumbarprov.go.id
49. Alleged data leak of Tanjungpinang City Administration
    Category: Data Breach
    Content: The group claims to have leaked the data of Tanjungpinang City Administration.
    Date: 2026-01-16T14:39:33Z
    Network: telegram
    Published URL: https://t.me/Team_Cy8er_N4ti0n/34
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/93907463-5a58-4b3b-83d4-18c19b5c1528.jpg
    Threat Actors: CY8ER N4TI0N
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: tanjungpinang city administration
    Victim Site: tanjungpinangkota.go.id
50. Alleged data breach of Domashnie Dengi.
    Category: Data Breach
    Content: The threat actor claims to have leaked 304,000 records from Domashnie Dengi. The data was allegedly leaked in 2013.
    Date: 2026-01-16T14:38:55Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-MFO-%E2%80%98Domashnie-Dengi%E2%80%99-domadengi-ru
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/07d80f2f-586e-44b6-ad44-84c2ffca4549.png
    Threat Actors: X0Frankenstein
    Victim Country: Russia
    Victim Industry: Financial Services
    Victim Organization: domashnie dengi
    Victim Site: domadengi.ru
51. Alleged leak of Balagarh Bijoy krishna Mahavidyalaya
    Category: Data Breach
    Content: The group claims to have leaked database of Balagarh Bijoy krishna Mahavidyalaya.
    Date: 2026-01-16T14:23:42Z
    Network: telegram
    Published URL: https://t.me/eightsixroot/335
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/73c9070f-999d-4bd3-b67d-92aaf07174ac.png
    Threat Actors: EIGHT-SIX ROOT
    Victim Country: India
    Victim Industry: Education
    Victim Organization: balagarh bijoy krishna mahavidyalaya
    Victim Site: bbkm.ac.in
52. Alleged data leak of Government of Riau Islands Province
    Category: Data Breach
    Content: The group claims to have leaked the data of Government of Riau Islands Province.
    Date: 2026-01-16T14:18:26Z
    Network: telegram
    Published URL: https://t.me/Team_Cy8er_N4ti0n/34
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9026af96-460e-4055-badc-87d4baafab4f.jpg
    Threat Actors: CY8ER N4TI0N
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: government of riau islands province
    Victim Site: kepriprov.go.id
53. Team Azrael Angel Of Death targets the website of Nanded Police Department
    Category: Defacement
    Content: The group claims to have defaced the website of Nanded Police Department.
    Date: 2026-01-16T14:15:17Z
    Network: telegram
    Published URL: https://t.me/anonymous_Cr02x/1269
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/929be051-4cac-4923-9335-5a4146fd51ff.jpg
    Threat Actors: Team Azrael Angel Of Death
    Victim Country: India
    Victim Industry: Law Enforcement
    Victim Organization: nanded police department
    Victim Site: nandedpolice.gov.in
54. La Macchia Group falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 12 GB of the organization’s data. The compromised data reportedly includes employee passport and driver’s license information, HR files, drawings and specifications, and project-related data.
    Date: 2026-01-16T14:07:50Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1c5567e8-1687-4a91-9e23-6e5fd68b3a5d.png
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Architecture & Planning
    Victim Organization: la macchia group
    Victim Site: lamacchiagroup.com
55. Alleged data breach of Algiers Regional Football League (LRFA)
    Category: Data Breach
    Content: The group claims to have leaked data belonging to the Ligue Régionale de Football d’Alger (LRFA), a regional football governing body in Algeria. The compromised database reportedly includes the names of players, coaches, and doctors, as well as personal information such as emails, usernames, passwords, phone numbers, national identity card details, and other sensitive data. As proof of access, they mentioned data related to Omar Ansar Club, Wifaq Sour El Ghozlane, and Chabab Amel Kouba on a dark web portal.

NB: The authenticity of the claim is yet to be verified
Date: 2026-01-16T13:52:50Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/582
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b262f9cb-3117-462c-9ebc-db21c6e14fb3.jpg
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Sports
Victim Organization: fédration algérienne de football
Victim Site: lrfa.org.dz

56. Commenco falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes client data, payment details, some personal files, financial records, non-disclosure agreements, and numerous contracts and agreements.
    Date: 2026-01-16T13:43:32Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3710474c-0894-4ad2-824d-9a64abd499e1.png
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Network & Telecommunications
    Victim Organization: commenco
    Victim Site: commenco.com
57. Micro Precision falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes customer data ,employee files and operational files.
    Date: 2026-01-16T13:32:02Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/af1829c3-ebd1-47ed-802d-f808715d5c69.png
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Legal Services
    Victim Organization: micro precision
    Victim Site: microprecision.com
58. Alleged sale of unauthorized webshell access to jdihdprd.pesisirselatankb.go.id
    Category: Initial Access
    Content: Group claims to be selling unauthorized webshell access to jdihdprd.pesisirselatankb.go.id
    Date: 2026-01-16T13:26:15Z
    Network: telegram
    Published URL: https://t.me/RaiderGhost2/50
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ca8c4d8a-f8f9-426f-aa8c-465a66d06857.png
    Threat Actors: RaiderGhost
    Victim Country: Indonesia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: jdihdprd.pesisirselatankb.go.id
59. Alleged data breach of Kementerian Lingkungan Hidup
    Category: Data Breach
    Content: The group claims to have leaked the data from Kementerian Lingkungan Hidup
    Date: 2026-01-16T13:18:55Z
    Network: telegram
    Published URL: https://t.me/databasepetrus/314
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9f7b7a7c-140c-4a22-a823-61676691aa68.jpg
    Threat Actors: Petrusnism
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: kementerian lingkungan hidup
    Victim Site: kemenlh.go.id
60. Alleged data breach of MINASBET.COM
    Category: Data Breach
    Content: The group claims to have breached 110,919 records of data from minasbet.com, a Brazilian Gambling Platform. The compromised data includes External ID, Full Name, Email, Access Level, Balance Withdrawal, Bonus Balance, Affiliate, CPF, Phone Number.
    Date: 2026-01-16T12:59:27Z
    Network: telegram
    Published URL: https://t.me/c/3592149958/583
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/41717189-0101-4f25-95c2-6f532aed2933.png
    Threat Actors: Solonik
    Victim Country: Brazil
    Victim Industry: Gambling & Casinos
    Victim Organization: minasbet.com
    Victim Site: minasbet.com
61. Grupo ROA falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 100 GB of the organization’s data and they intend to publish it within 9-10 days.
    Date: 2026-01-16T12:58:38Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/c080d02876ae0fd24190edd17c6140ca44b1626050eb86fab1a0a277a116bf3b/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/67d38ad1-5025-4fb3-82f8-1b22582d6925.png
    https://d34iuop8pidsy8.cloudfront.net/042fa6e5-199a-4529-9499-d798053c203d.png
    Threat Actors: TENGU
    Victim Country: Mexico
    Victim Industry: Building and construction
    Victim Organization: grupo roa
    Victim Site: gruporoa.mx
62. Alleged Unauthorized Access to an Industrial Boiler Control System in Canada
    Category: Initial Access
    Content: The group claims to have accessed an industrial boiler control system in Canada, reportedly monitoring combustion parameters, pressure conditions, and fuel and air supply components.
    Date: 2026-01-16T12:53:11Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/969
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b3d7dc8d-54ef-498d-97c5-d29fba7f0069.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Canada
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
63. CyberOprationCulture targets the website of Edublogs
    Category: Defacement
    Content: The group claims to have defaced the website of Edublogs.
    Date: 2026-01-16T12:48:46Z
    Network: telegram
    Published URL: https://t.me/c/3421269527/79
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/57ea0183-cce5-4982-9039-0198654327eb.png
    Threat Actors: CyberOprationCulture
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: edublogs
    Victim Site: ezkhan121.edublogs.org
64. DigiCOURSE LLC falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Employee personal information such as passport, IDs, client information, detailed financials, NDAs, etc.
    Date: 2026-01-16T12:39:15Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2a869aaa-7742-4bc0-8653-794aad7f1e4c.jpeg
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Oil & Gas
    Victim Organization: digicourse llc
    Victim Site: digicourse-llc.com
65. Alleged data breach of Eventing South Africa
    Category: Data Breach
    Content: The threat actor claims to be breached data from Eventing South Africa.
    Date: 2026-01-16T12:22:50Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-eventingsa-co-za-South-Africa-Breached
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2091e4ab-2f20-4a24-84ce-9cac84accea0.png
    Threat Actors: xNov
    Victim Country: South Africa
    Victim Industry: Sports
    Victim Organization: eventing south africa
    Victim Site: eventingsa.co.za
66. CFM – Ports and Railways of Mozambique falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 120 GB of organization’s data.
    Date: 2026-01-16T12:17:29Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=9c5f4997-a7f0-33db-8dc5-6bffbe7f3a41
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5d0f304b-0f9e-499c-b435-abe352d09c26.png
    Threat Actors: Qilin
    Victim Country: Mozambique
    Victim Industry: Transportation & Logistics
    Victim Organization: cfm – ports and railways of mozambique
    Victim Site: cfm.co.mz
67. Alleged data breach of Arabian Health Care
    Category: Data Breach
    Content: The threat actor claims to have breached data from Arabian Health Care (AHC).
    Date: 2026-01-16T12:09:50Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Arabian-Health-Care-Supply-Saudi-Arabia-ahc-sa-Data-Breached
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3b71c1fd-25d3-489b-9e9a-4a317b113e86.png
    Threat Actors: B4baYega
    Victim Country: Saudi Arabia
    Victim Industry: Hospital & Health Care
    Victim Organization: arabian health care
    Victim Site: ahc.sa
68. Industrial Rivet & Fastener Co. falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 36 GB of the organization’s data. The data includes employee personal information such as SSNs, passports, IDs, HR files, client information, detailed financials, NDAs, etc.
    Date: 2026-01-16T12:08:39Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e697a0ba-043e-4062-ad3b-0a26d71472d2.jpg
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Wholesale
    Victim Organization: industrial rivet & fastener co.
    Victim Site: rivet.com
69. Alleged leak of Indonesian bank deposit data
    Category: Data Breach
    Content: The threat actor claims to be selling data related to 2.3 billion in bank deposits from Indonesia, allegedly containing full names, mobile numbers, home and office addresses, banking details, and more.
    Date: 2026-01-16T12:05:17Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-10-MILLION-INDONESIA-DEPOSITO
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e498f80a-a59b-4ecd-ae02-7cc2fa3f011f.png
    Threat Actors: shinymontanna
    Victim Country: Indonesia
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
70. DEFACER INDONESIAN TEAM targets the website of Darshanam Trading
    Category: Defacement
    Content: The group claims to have defaced the website of Darshanam Trading.
    Date: 2026-01-16T11:52:19Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/717
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dd197016-031d-4081-828a-fb413ed609f8.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Import & Export
    Victim Organization: darshanam trading
    Victim Site: darshanamtrading.com
71. DEFACER INDONESIAN TEAM targets the website of Indias Free Classified
    Category: Defacement
    Content: The group claims to have defaced the website of Indias Free Classified.
    Date: 2026-01-16T11:47:14Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/717
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/13735038-7540-451c-870b-646e92609f77.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: indias free classified
    Victim Site: indiasfreeclassified.com
72. Alleged data breach of Legilog
    Category: Data Breach
    Content: The threat actor claims to have breached 81,599 records of data from Legilog.

Note: Legilog was previously breached by the threat actor Eraleig (APT73) on October 29, 2024.
Date: 2026-01-16T11:35:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Legilog-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97d1183c-ba4a-402b-b531-584b051a5ad2.png
Threat Actors: runeb2bz
Victim Country: France
Victim Industry: Software Development
Victim Organization: legilog
Victim Site: legilog.fr

73. Alleged data leak of mediaperpetualschoolnavelim.edu.in
    Category: Data Breach
    Content: The group claims to have leaked databases of mediaperpetualschoolnavelim.edu.in
    Date: 2026-01-16T11:33:04Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/330
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/70dc7bdb-e8d9-4d26-b18e-a58a14fb0843.jpg
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: Indonesia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: mediaperpetualschoolnavelim.edu.in
74. DEFACER INDONESIAN TEAM targets the website of Fragrance And Fashion
    Category: Defacement
    Content: The group claims to have defaced the website of Fragrance And Fashion.
    Date: 2026-01-16T11:27:45Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/717
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2d98d001-edb7-40d0-8e62-2c872227cedc.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Cosmetics
    Victim Organization: fragrance and fashion
    Victim Site: fragranceandfashion.co.in
75. DEFACER INDONESIAN TEAM targets the website of IJICR
    Category: Defacement
    Content: The group claims to have defaced the website of Indian Journal of Innovative Clinical Research (IJICR).
    Date: 2026-01-16T11:26:46Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/717
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b49c8197-2ec3-4d17-ac21-337cc05e39e5.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Research Industry
    Victim Organization: indian journal of innovative clinical research
    Victim Site: ijicr.com
76. DEFACER INDONESIAN TEAM targets the website of Play Online Games
    Category: Defacement
    Content: Group claims to have defaced the website of Play Online Games
    Date: 2026-01-16T11:13:54Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/717
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9ca1883e-1e73-4928-91ae-9cbca3b6a697.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Gaming
    Victim Organization: play online games
    Victim Site: playonlinegame.co.in
77. GHOSTNET-X targets the website of hipocbt.mtsdarunnajahbwi.sch.id
    Category: Defacement
    Content: The Group claims to have defaced the website of hipocbt.mtsdarunnajahbwi.sch.id.
    Date: 2026-01-16T10:44:55Z
    Network: telegram
    Published URL: https://t.me/c/3560880038/133
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1d45c5c6-579e-4476-8bea-0fa00d90e9c1.jpg
    Threat Actors: GHOSTNET-X
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: hipocbt.mtsdarunnajahbwi.sch.id
78. GHOSTNET-X targets the website of MIN 1 Ciamis
    Category: Defacement
    Content: The Group claims to have defaced the website of MIN 1 Ciamis.
    Date: 2026-01-16T10:41:34Z
    Network: telegram
    Published URL: https://t.me/c/3560880038/133
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6fb5bb48-905d-42df-852e-892882b01bce.jpg
    Threat Actors: GHOSTNET-X
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: min 1 ciamis
    Victim Site: cbt2.min1ciamis.sch.id
79. Alleged unauthorized access to an unidentified system belonging to an individual in Germany
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to a student-specific academic management system belonging to an individual in Germany. According to the claim, the compromised system is used to manage personal academic affairs and track education-related data, providing visibility into student records and educational information associated with the individual.
    Date: 2026-01-16T10:04:44Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3343
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3d97899e-5336-4bf9-8d10-935ab29959da.png
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
80. Alleged data breach of Try Merry
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Try Merry, allegedly containing sensitive user information such as account details, contact information, addresses, and authentication-related data of customers.
    Date: 2026-01-16T09:57:02Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Trymerry-com-RU-Data-Updated-through-Dec-2025
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b506b75a-8157-4d86-a7b4-95acc6b936df.png
    https://d34iuop8pidsy8.cloudfront.net/041f9e09-7e76-4d94-89d4-45c8d6150be7.png
    Threat Actors: aiyewumi
    Victim Country: Russia
    Victim Industry: Fashion & Apparel
    Victim Organization: try merry
    Victim Site: trymerry.com
81. Alleged data breach of Cidesa
    Category: Data Breach
    Content: The group claims to have obtained data from Cidesa, which they intend to publish within one day.
    Date: 2026-01-16T09:54:15Z
    Network: tor
    Published URL: http://nleakk6sejx45jxtk7x6iyt65hwvfrkifc5v7ertdlwm3gttbpvlvxqd.onion/view_article.php?article=MPhxetFcpRsc7wpgxP5mH68x1Nk8i8Ohh61bAoXre1j2c7q2QP1nvVLMsBcaV5sE
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9542f2b5-e99b-4555-a278-b87911fa95a5.jpg
    Threat Actors: Leaknet
    Victim Country: Paraguay
    Victim Industry: Professional Services
    Victim Organization: cidesa
    Victim Site: cidesa.com.py
82. EIGHT-SIX ROOT targets the website of BERKAH BAROKAH ONLINE STORE
    Category: Defacement
    Content: The group claims to have defaced the website of BERKAH BAROKAH ONLINE STORE.
    Date: 2026-01-16T09:42:39Z
    Network: telegram
    Published URL: https://t.me/eightsixroot/299
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/32482061-03d4-46cd-bb6b-face6220fdab.png
    Threat Actors: EIGHT-SIX ROOT
    Victim Country: Unknown
    Victim Industry: E-commerce & Online Stores
    Victim Organization: berkah barokah online store
    Victim Site: bb-bayamcrispy.com
83. GHOSTNET-X targets the website of cbt.blkbojonegoro.com
    Category: Defacement
    Content: The Group claims to have defaced the website of cbt.blkbojonegoro.com
    Date: 2026-01-16T09:35:48Z
    Network: telegram
    Published URL: https://t.me/c/3560880038/133
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8c45af95-52da-428d-b40d-8d817b286bd6.png
    Threat Actors: GHOSTNET-X
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: cbt.blkbojonegoro.com
84. Z-BL4CX-H4T.ID targets the website of Linh Lucky Bird’s Nest
    Category: Defacement
    Content: The group claims to have defaced the website of Linh Lucky Bird’s Nest.
    Date: 2026-01-16T09:32:56Z
    Network: telegram
    Published URL: https://t.me/z_bl4cx_h4t_id/7
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2d235fc4-e774-4264-b058-a5de859feb52.png
    Threat Actors: Z-BL4CX-H4T.ID
    Victim Country: Vietnam
    Victim Industry: Agriculture & Farming
    Victim Organization: linh lucky bird’s nest
    Victim Site: yensaolinhlucky.vn
85. D4RKD3MON targets the website of Liv ERP
    Category: Defacement
    Content: The group claims to have defaced the organization’s website.
    Date: 2026-01-16T09:30:40Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/782391
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/353e8a94-2c80-4279-942f-7995ec41bf30.png
    Threat Actors: D4RKD3MON
    Victim Country: UAE
    Victim Industry: Software Development
    Victim Organization: liv erp
    Victim Site: liverp.ae
86. JR Advertising Specialties Inc. falls victim to DragonForce Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 100.84 GB of the organization’s data.
    Date: 2026-01-16T09:30:30Z
    Network: tor
    Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/39e87449-964d-4e85-b96d-b2e2b5013d96.jpg
    Threat Actors: DragonForce
    Victim Country: USA
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: jr advertising specialties inc.
    Victim Site: jradspec.com
87. Alleged Unauthorized Access to Shopping Zone BD
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to Shopping Zone BD.
    Date: 2026-01-16T09:11:25Z
    Network: telegram
    Published URL: https://t.me/r0gue77/41
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8cba2ed7-c51c-4cf7-a2e8-f40fe673130a.png
    Threat Actors: Rogue77
    Victim Country: Bangladesh
    Victim Industry: E-commerce & Online Stores
    Victim Organization: shopping zone bd
    Victim Site: shoppingzonebd.com.bd
88. GHOSTNET-X targets the website of cbt.man2semarang.sch.id
    Category: Defacement
    Content: The Group claims to have defaced the website of cbt.man2semarang.sch.id
    Date: 2026-01-16T09:09:02Z
    Network: telegram
    Published URL: https://t.me/c/3560880038/133
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6fd2ee39-4f47-429b-9dd4-04096bf2f486.png
    Threat Actors: GHOSTNET-X
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: cbt.man2semarang.sch.id
89. UNDERSOLFIDBYTE targets the website of Drone Protect
    Category: Defacement
    Content: he group claims to have defaced the website of Drone Protect.
    Date: 2026-01-16T08:46:42Z
    Network: telegram
    Published URL: https://t.me/undersolfidbyte/85
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/406b6df7-917f-486e-a75b-7ca94d286a18.png
    Threat Actors: UNDERSOLFIDBYTE
    Victim Country: Russia
    Victim Industry: Security & Investigations
    Victim Organization: drone protect
    Victim Site: droneprotect.ru
90. Dedman Gray Property Consultants Ltd falls victim to GENESIS ransomware
    Category: Ransomware
    Content: The group claims to have obtained 300 GB of the organization’s data. The compromised data reportedly includes project data, contracts and non-disclosure agreements, financial and tax data, property management and real estate data, network user folders, management folders, and data exfiltrated from the company’s file servers. The group intends to publish the data within 4–5 days.
    Date: 2026-01-16T08:37:56Z
    Network: tor
    Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/d19fd82c34beb881a17a/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/30619095-7815-412c-be2d-62990a3c9823.png
    Threat Actors: GENESIS
    Victim Country: UK
    Victim Industry: Real Estate
    Victim Organization: dedman gray property consultants ltd
    Victim Site: dedmangray.co.uk
91. Upper Township falls victim to GENESIS ransomware
    Category: Ransomware
    Content: The group claims to have obtained 400 GB of the organization’s data. The compromised data reportedly includes financial data, personal data, user folders, and file server data. The group intends to publish the data within 4–5 days.
    Date: 2026-01-16T08:31:03Z
    Network: tor
    Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/31a696c2ccd7ef9a1b02/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/406f917c-38d8-4691-9f30-2c64e28172ad.png
    https://d34iuop8pidsy8.cloudfront.net/51baffd7-4298-475e-bf25-467f054cb85e.png
    Threat Actors: GENESIS
    Victim Country: USA
    Victim Industry: Government Administration
    Victim Organization: upper township
    Victim Site: uppertownship.com
92. DEFACER INDONESIAN TEAM targets the website of dulichdaklak.vtcnetviet.com
    Category: Defacement
    Content: Group claims to have defaced the website of dulichdaklak.vtcnetviet.com.
    Date: 2026-01-16T08:09:53Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/713
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7b1db757-c899-4689-b3a2-0aa37ee33720.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Vietnam
    Victim Industry: Leisure & Travel
    Victim Organization: dulichdaklak.vtcnetviet.com
    Victim Site: dulichdaklak.vtcnetviet.com
93. Alleged sale of admin access to unidentified store in USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in USA.
    Date: 2026-01-16T06:17:21Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273854/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bce0868f-c964-492d-8afd-ef6b6ba48768.png
    Threat Actors: bonafire
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
94. Alleged sale of corporate email credentials
    Category: Initial Access
    Content: Threat actor claims to be selling approximately 11,000 unverified corporate email and password combinations linked to organizations in the United States and the European Union.
    Date: 2026-01-16T06:05:59Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273836/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b38c09e3-e67c-46cc-a42e-37cbbe99145c.png
    Threat Actors: Kay
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
95. DEFACER INDONESIAN TEAM targets the website of DMB Technics AG
    Category: Defacement
    Content: Group claims to have defaced the website of DMB Technics AG
    Date: 2026-01-16T06:02:04Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/712
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ceba07b2-658f-4578-99af-c19fcb82b3e7.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Switzerland
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: dmb technics ag
    Victim Site: dmbtechnics.com
96. PRIMZX targets the website of cyberneeds.ct.ws
    Category: Defacement
    Content: Group claims to have defaced the website of cyberneeds.ct.ws
    Date: 2026-01-16T05:52:59Z
    Network: telegram
    Published URL: https://t.me/PRIMZX/49
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3cf76214-4cc7-4142-8ce3-5875ecb35644.png
    Threat Actors: PRIMZX
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: cyberneeds.ct.ws
    Victim Site: cyberneeds.ct.ws
97. Alleged sale of admin and shell access to unidentified store in Switzerland
    Category: Vulnerability
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Switzerland.
    Date: 2026-01-16T05:47:38Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273916/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bbeb4795-c546-4a48-b43e-85963691ba56.png
    Threat Actors: JustAnon69
    Victim Country: Switzerland
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
98. Alleged Leak of Unidentified Gaming Site Data
    Category: Data Breach
    Content: The treat actor claims to leaked unidentified gaming site data. The compromised data reportedly contain 190,000 records including Email addresses, Passwords, User account credentials
    Date: 2026-01-16T05:29:09Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Online-Virtual-Pet-Gaming-Site-DB
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9cd068e3-8dee-435f-b002-5cf4f730f434.png
    Threat Actors: HYBP
    Victim Country: Unknown
    Victim Industry: Gaming
    Victim Organization: Unknown
    Victim Site: Unknown
99. Alleged sale of unauthorized webshell access to JDIH DPRD of South Pesisir Regency
    Category: Initial Access
    Content: Group claims to be selling unauthorized webshell access to JDIH DPRD of South Pesisir Regency.
    Date: 2026-01-16T05:13:28Z
    Network: telegram
    Published URL: https://t.me/RaiderGhost2/49
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d929b60e-cf78-4904-84dd-b61cb233a70f.png
    Threat Actors: RaiderGhost
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: jdih dprd of south pesisir regency
    Victim Site: jdihdprd.pesisirselatankab.go.id
100. Alleged Leak of French Online Web Game User Database
     Category: Data Breach
     Content: The treat actor claims to leaked French Online Web Game User Database. The compromised data reportedly contain 230,000 records including Email addresses, Plain text passwords, User account credentials
     Date: 2026-01-16T05:11:00Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-SELLING-France-Romantic-WEB-Game-Database
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/b4f21c0c-4bcd-4d17-af81-b3beb4cf145d.png
     Threat Actors: HYBP
     Victim Country: France
     Victim Industry: Gaming
     Victim Organization: Unknown
     Victim Site: Unknown
101. Alleged data leak of DiwiS
     Category: Data Breach
     Content: The treat claims to be leaked data of DIwis a russian website for women’s magazine from 2020. The Compromised Data Reportedly Includes Usernames, Email addresses, Password hashes, Account IDs, Account creation timestamps, Login.
     Date: 2026-01-16T04:59:35Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-diwis-ru
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/5e342bbd-0b7c-409c-9c18-b4d7dbcf8a1e.png
     Threat Actors: GGarolD
     Victim Country: Russia
     Victim Industry: Online Publishing
     Victim Organization: diwis
     Victim Site: diwis.ru
102. NWIMS IT Group falls victim to DragonForce Ransomware
     Category: Ransomware
     Content: The group claims to have obtained 326.58 GB of the organization’s data and intends to publish within 0 to 1 days.
     Date: 2026-01-16T04:55:27Z
     Network: tor
     Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/c156efa1-a84c-48a5-becc-dce10ac40bd0.png
     Threat Actors: DragonForce
     Victim Country: UK
     Victim Industry: Information Technology (IT) Services
     Victim Organization: nwims it group
     Victim Site: nwims.com
103. Cirrus Aviation falls victim to INC RANSOM Ransomware
     Category: Ransomware
     Content: Group Claims to have Obtained 100GB of the Organization’s Data.
     Date: 2026-01-16T04:43:24Z
     Network: tor
     Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6965055b8f1d14b7437aec6e
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/8f3b853b-777a-4445-bb4b-779cc78947c8.png
     Threat Actors: INC RANSOM
     Victim Country: USA
     Victim Industry: Aviation & Aerospace
     Victim Organization: cirrus aviation
     Victim Site: cirrusav.com
104. HellR00ters Team targets the website of Magic Colours
     Category: Defacement
     Content: The group claims to have defaced the website of Magic Colours.
     Date: 2026-01-16T04:11:50Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/5ac7a255-c6e1-4c3b-b706-562d9fb8b393.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Food Production
     Victim Organization: magic colours
     Victim Site: magic-alma.co.il
105. HellR00ters Team targets the website of Shalom Hanoch
     Category: Defacement
     Content: Group claims to have defaced the website of Shalom Hanoch
     Date: 2026-01-16T04:09:38Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/40bdd416-b595-4c46-9ac8-131358a5f99d.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Fine Art
     Victim Organization: shalom hanoch
     Victim Site: shalomhanoch.co.il
106. HellR00ters Team targets the website of Hi Fiber Productions
     Category: Defacement
     Content: The group claims to have defaced the website of Hi Fiber Productions.
     Date: 2026-01-16T04:07:00Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/74ab0a18-0301-4b25-9062-5eb18cd43f13.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Music
     Victim Organization: hi fiber productions
     Victim Site: high-fiber.com
107. HellR00ters Team targets the website of Nimrod Dweck
     Category: Defacement
     Content: Group claims to have defaced the website of Nimrod Dweck
     Date: 2026-01-16T03:59:50Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/041bdbff-b5fe-4aec-abc0-bbf2fc0e3339.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Performing Arts
     Victim Organization: nimrod dweck
     Victim Site: dweck.co.il
108. HellR00ters Team targets the website of Daniel Chen
     Category: Defacement
     Content: Group claims to have defaced the website of Daniel Chen
     Date: 2026-01-16T03:53:44Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/71249310-f875-4df9-a620-7984e8a175cc.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Entertainment & Movie Production
     Victim Organization: daniel chen
     Victim Site: daniel-chen.co.il
109. Alleged Leak of Phone Numbers From Multiple countries
     Category: Data Breach
     Content: The threat actor claims to have leaked phone numbers of individuals from Kenya, Uganda, Tanzania, Malawi, Zambia, Benin Republic, India, Mozambique, and Myanmar from 2025. The compromised data reportedly includes full names, phone numbers, cities, and account related information.
     Date: 2026-01-16T03:50:32Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-Kenya-other-countries-Phones-7z%C2%A0-FREE-has-their-names-cities-too
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/f223bbef-c0ff-48fe-b345-bcf740c7de84.png
     Threat Actors: OriginalCrazyOldFart
     Victim Country: Unknown
     Victim Industry: Network & Telecommunications
     Victim Organization: Unknown
     Victim Site: Unknown
110. HellR00ters Team targets the website of Hamama Matnasim
     Category: Defacement
     Content: The group claims to have defaced the website of Hamama Matnasim.
     Date: 2026-01-16T03:49:34Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/f3fa1ca8-cc64-4336-b1f3-e4806a984cb4.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Non-profit & Social Organizations
     Victim Organization: hamama matnasim
     Victim Site: hamama-matnasim.co.il
111. Alleged data leak of Chinese army
     Category: Data Breach
     Content: Threat actor claims to have leaked data from Chinese army. The compromised data reportedly includes uuid, id number, mobile number, name, gender, date of birth etc.
     Date: 2026-01-16T03:46:36Z
     Network: openweb
     Published URL: https://leakbase.la/threads/48228/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/59056608-26a1-42ee-bb41-4601beb0ce8b.png
     https://d34iuop8pidsy8.cloudfront.net/40b2f64a-a4c6-42fc-9e56-86d801181d93.png
     Threat Actors: mr_x1
     Victim Country: China
     Victim Industry: Military Industry
     Victim Organization: Unknown
     Victim Site: Unknown
112. HellR00ters Team targets the website of Eyal Basson
     Category: Defacement
     Content: Group claims to have defaced the website of Eyal Basson
     Date: 2026-01-16T03:45:03Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/363f470e-34ff-4478-9fcb-a03c2dc89fe1.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Government & Public Sector
     Victim Organization: eyal basson
     Victim Site: eyalbasson.co.il
113. HellR00ters Team targets the website of Rimon Studio
     Category: Defacement
     Content: Group claims to have defaced the website of Rimon Studio
     Date: 2026-01-16T03:44:50Z
     Network: telegram
     Published URL: https://t.me/c/2758066065/872
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/fcb21d6a-a074-4971-98b3-66d9fe9c886a.png
     Threat Actors: HellR00ters Team
     Victim Country: Israel
     Victim Industry: Broadcast Media
     Victim Organization: rimon studio
     Victim Site: rimon.studio
114. Alleged Data Breach of Zomato
     Category: Data Breach
     Content: The threat actor claims to be leaked 10 GB data from Zomato
     Date: 2026-01-16T03:37:16Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-Zomato-com-Biggest-Data-Breach-10gb
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7962c330-b4d9-411f-a188-729be47a1756.png
     Threat Actors: czapla
     Victim Country: India
     Victim Industry: Food & Beverages
     Victim Organization: zomato
     Victim Site: zomato.com
115. Alleged sale of STARKILLER phishing tool with 2FA/MFA bypass
     Category: Malware
     Content: Threat actor claims to be selling STARKILLER, a phishing-as-a-service tool designed to harvest credentials and hijack sessions in real time, including bypassing 2FA/MFA protections.
     Date: 2026-01-16T03:15:49Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/273803/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/db4758b7-51f5-4ab4-9427-a7f3176c98c7.png
     https://d34iuop8pidsy8.cloudfront.net/8936b881-0ad5-425e-95f8-74bf85613823.png
     Threat Actors: jinkusu01
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
116. Alleged sale of admin access to unidentified shop in France
     Category: Initial Access
     Content: Threat actor claims to be selling unauthorized admin access to an unidentified shop in France.
     Date: 2026-01-16T02:54:38Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/273909/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0b7b9d05-8123-4145-a7c3-d72fb48d559e.png
     https://d34iuop8pidsy8.cloudfront.net/2f7b4062-7e7d-41b1-b160-c23e054b3ba1.png
     Threat Actors: youraverageboi
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
117. Alleged data breach of Algerian Football Federation
     Category: Data Breach
     Content: Group claims to have leaked the data of Algerian Football Federation.
     Date: 2026-01-16T02:02:06Z
     Network: telegram
     Published URL: https://t.me/LulzSecHackers/145
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/2de71f9f-83e4-4eb5-8c59-1e145ef95cfc.png
     https://d34iuop8pidsy8.cloudfront.net/bba697b8-002c-48f4-8140-072edf3f8385.png
     https://d34iuop8pidsy8.cloudfront.net/20a8af08-d426-40d4-99b9-57e45eb65749.png
     https://d34iuop8pidsy8.cloudfront.net/50a5e63c-f45e-4d1d-856a-96554d11d82a.png
     https://d34iuop8pidsy8.cloudfront.net/713c901f-737a-4973-aef9-b3d23de4b21a.png
     Threat Actors: LulzSec Hackers
     Victim Country: Algeria
     Victim Industry: Sports
     Victim Organization: algerian football federation
     Victim Site: faf.dz
118. Alleged sale of unauthorized Google Ads (Samoregi Farm) accounts
     Category: Alert
     Content: Threat actor claims to be selling 300 Google accounts generated via manual “Samoregi farm” methods, allegedly bundled with linked phone numbers, 2FA keys, backup codes, and residential proxies.
     Date: 2026-01-16T01:58:12Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/273905/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/b2399074-9ce3-4180-892a-bcb67fadf7ed.png
     Threat Actors: levbrayt
     Victim Country: Saudi Arabia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
119. Alleged Sale of Unauthorized ATX Tax Software and RDP Access
     Category: Initial Access
     Content: Threat actor claims to be selling unauthorized access to ATX tax software alongside Splashtop RDP credentials, allegedly exposing tax records linked to hundreds of clients and thousands of tax returns.
     Date: 2026-01-16T01:31:48Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/273904/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9febfca9-c31d-477b-bdbf-d235c4026a1b.png
     https://d34iuop8pidsy8.cloudfront.net/5b1a6dfc-a57c-4761-8fa3-0d046f40996b.png
     Threat Actors: test_mobi
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
120. Alleged Data Leak of FedEx Salesforce Data
     Category: Data Breach
     Content: The threat actor claims to be leaked FedEx Salesforce Data. The compromised data reportedly includes Agent IDs, owner IDs, Login time, logout times
     Date: 2026-01-16T01:29:06Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-Fedex-salesforce
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/871d7f18-8286-4b37-85b2-43d3411188c8.png
     Threat Actors: perla
     Victim Country: USA
     Victim Industry: Transportation & Logistics
     Victim Organization: fedex
     Victim Site: fedex.com
121. DEFACER INDONESIAN TEAM targets the website of VTC NETVIET
     Category: Defacement
     Content: Group claims to have defaced the website of VTC NETVIET.
     Date: 2026-01-16T01:20:27Z
     Network: telegram
     Published URL: https://t.me/c/2433981896/710
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/3381a4dd-d27b-4857-a26d-48f24f00998b.png
     Threat Actors: DEFACER INDONESIAN TEAM
     Victim Country: Vietnam
     Victim Industry: Network & Telecommunications
     Victim Organization: vtc netviet
     Victim Site: baichay.vtcnetviet.com
122. Alleged data breach of StorePasCher
     Category: Data Breach
     Content: The threat actor claims to be leaked data from StorePasCher. The compromised data reportedly contain 70,000 records including name, phone, email, IP, physical address
     Date: 2026-01-16T00:49:09Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-StorePasCher-fr-french-window-seller-breached
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0402ea77-6658-4a23-9233-ae2579279ba1.png
     Threat Actors: User8236934
     Victim Country: France
     Victim Industry: E-commerce & Online Stores
     Victim Organization: storepascher
     Victim Site: storepascher.com
123. Alleged Data Leak of Indian Telecom Data
     Category: Data Breach
     Content: A threat actor claims to have leaked a database containing Indian Aadhaar and ration card information, allegedly exceeding 100 GB in size and exposing sensitive personal details including names, addresses, and associated identity records.
     Date: 2026-01-16T00:21:24Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-All-India-Telecom-Hitek-Services-database-100-Gb
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7c3ec960-1e0e-481b-a0c3-0e62131ab287.png
     Threat Actors: zuteri
     Victim Country: India
     Victim Industry: Government Administration
     Victim Organization: Unknown
     Victim Site: Unknown
124. Alleged breach of The White House email data
     Category: Data Breach
     Content: The threat group claims to have breached the White House, US government, alleging the release of an initial batch of 11,409 confidential emails, including both incoming and outgoing communications.
     Date: 2026-01-16T00:07:10Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-United-States-Government-Database-HawkSec-EMAIL-FIRST-PART
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/1f228b80-a4c7-497a-bf8d-0bb70f4c0c3a.png
     Threat Actors: HawkSec
     Victim Country: USA
     Victim Industry: Government Administration
     Victim Organization: the white house
     Victim Site: whitehouse.gov