[January-19-2026] Daily Cybersecurity Threat Report

Posted on

Executive Summary

The provided data highlights a significant surge in cyber activity occurring primarily on January 19, 2026. A total of 108 incidents were recorded, ranging from high-stakes ransomware attacks targeting the manufacturing and legal sectors to mass-volume data breaches affecting millions of users in the gambling and insurance industries. Geographically, the attacks are widespread, with significant concentrations in Indonesia, Taiwan, the USA, and Germany. Threat actors such as Everest, Solonik, and TEAM MR PLAX were particularly active during this period.

1. Major Data Breaches

This category represents the highest volume of compromised data, with actors claiming possession of millions of records containing PII (Personally Identifiable Information) and sensitive government data.

High-Volume & Critical Infrastructure Leaks

  • Government & Social Security:
    • USA: A threat actor named hexvior claims to have leaked a database from the Social Security Administration (SSA) containing approximately 85 million records, including SSNs, full names, and dates of birth.
    • France: Actor Mihiyo claims to have breached Assurance Maladie, exposing 20 million records including genders, names, and addresses.
    • India: A massive leak affecting Indian citizens (primarily Delhi) was reported by hisen8461, involving 33.4 million records of names and phone numbers.
    • Thailand: A leak of highly confidential military documents was reported, including over 4,000 files regarding strategic briefings and intelligence.
  • Corporate & Big Tech:
    • Google Salesforce: The group BFRepoV4Files claims to have leaked 3TB of data.
    • Gambling Industry: Massive breaches were reported against 1win (96 million records) , Bodog Life (24,900 records) , and CrashGambler.+2
    • Insurance: A breach of Acuity Insurance allegedly exposed 9 million records, including details on homeownership and marital status.

Regional & Specific Sector Breaches

  • Indonesia: A wave of breaches targeted government and education sectors, including the Regional Development Planning Agency of North Sulawesi , West Sumatra Provincial Government (population data) , and Universitas Kristen Immanuel.+2
  • Japan & China (The “Solonik” Campaign): The threat actor Solonik was highly active, releasing databases for Flippa Japan, GuitarMe, KSource, MHR, and Prepass.+4
  • Education: Breaches affected Hendon College (Nigeria) , Behrman House (USA) , and a Vietnamese education platform.+2

2. Ransomware Campaigns

Ransomware groups were aggressive, particularly targeting the manufacturing and industrial sectors. The Everest and GENESIS groups were notably active.

The Everest Group Campaign

The Everest group targeted multiple organizations, threatening to publish data within 9-10 days:

  • Taiwan: Targeted ASRock Rack Inc. (509 GB stolen) , Wanchi Steel Industrial Co Ltd. (56 GB) , and GIBSIN Engineers (65 GB).+2
  • Germany: Breached DESY (Research Industry), claiming to have 5 TB of data.
  • UK & USA: Hit GC Accounting Ltd and Reeves Information Technology.+1

Other Active Ransomware Groups

  • SAFEPAY: Targeted Wohnverbund St. Gertrud (Germany) , ABC Seamless (USA) , and IPU Industries (Israel).+2
  • Nitrogen: Claimed victims include Shiloh Industries (USA) and Whitfield Welding Inc. (Canada).+1
  • GENESIS: Breached Mid-Park, Inc. (USA) taking 1.6 TB of data and QFloors (USA) taking 600 GB.+1
  • Qilin: Targeted Yumark Enterprises (Taiwan) and Calzaturificio Casadei s.p.a. (Italy).+1
  • Sinobi: Breached Bray Whaler (Hospitality, USA) taking 400 GB.
  • The Gentlemen: Targeted PAO HWA TRADING CO, LTD (Taiwan).

3. Website Defacement & Hacktivism

A significant number of incidents involved website defacements, primarily driven by actors targeting specific regions.

  • TEAM MR PLAX: This group executed a mass defacement campaign, specifically targeting Indonesian government and judicial sites (e.g., Pengadilan Agama Malili, Pengadilan Agama Kota Banjar, District Court of Kutacane). They also targeted educational institutions in India and Moldova.+4
  • BROTHERHOOD CAPUNG INDONESIA: Targeted Canadian and US infrastructure, defacing sites for Photonium, Aurios Medical Canada, and Grand Falls LLC.+2
  • Other Actors:
    • BontenSec: Defaced sites in India (Sagar Micronics, Furnifry).+1
    • Ghost-RZ: Targeted French websites (Wally Erotic, Qualiformation).+1
    • Z-BL4CX-H4T: Targeted sites in Israel (Howazit, Embroidery with Love).+1

4. Initial Access & Infrastructure Control

Several threat actors listed unauthorized access to critical systems for sale or as proof of compromise.

  • Critical Infrastructure & OT:
    • Czech Republic: Unauthorized access to a hydroelectric power station (MVE BŘEZÍ) allowing control of turbogenerators , and access to multiple CCTV surveillance systems.+1
    • Poland: Access to industrial dosing equipment, allowing manipulation of weight and feed rates.
    • USA & Denmark: Access to unidentified camera systems.+1
  • Corporate Network Access:
    • Ghana Postal Service: Shell access and database backup for sale.
    • USA Retail: RDP access to a grocery retail corporate network valued at $1.1B.
    • Maritime/Logistics: Access to a US maritime company and an Australian OpenCart shop.+1

Conclusion

The intelligence report indicates a highly volatile cyber threat landscape characterized by three distinct trends:

  1. Geolocation-Specific Targeting: Indonesia is facing a coordinated wave of defacements and government data breaches. Taiwan is currently a primary target for ransomware groups (specifically Everest and Qilin) focusing on the manufacturing and technology sectors.
  2. Scale of Data Exposure: The volume of data allegedly exposed in just 24 hours is immense, potentially exceeding 150 million records when combining the SSA, Assurance Maladie, and 1win breaches. This suggests a high risk of follow-on identity theft and phishing campaigns.
  3. Critical Infrastructure Risk: The compromise of hydroelectric controls in the Czech Republic and industrial equipment in Poland signifies a dangerous shift from data theft to Operational Technology (OT) interference, posing physical safety risks.

Detected Incidents Draft Data

  1. Alleged data leak of Google Salesforce
    Category: Data Breach
    Content: The group claims to have leaked 3TB of Google Salesforce data.
    Date: 2026-01-19T23:53:16Z
    Network: telegram
    Published URL: https://t.me/c/3667951656/2140
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/04ddf87e-02fa-4293-b5c1-fdc0e9d26f80.png
    Threat Actors: BFRepoV4Files
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  2. Alleged Data Leak of Universitas Kristen Immanuel
    Category: Data Breach
    Content: The threat actor claims to have leaked data associated with Universitas Kristen Immanuel.
    Date: 2026-01-19T23:45:13Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-Data-Univ-Kristen-Immanuel-Prodi-Informatika
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6e54102c-361f-479d-b36c-359afd057148.png
    Threat Actors: CY8ER N4TI0N
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: universitas kristen immanuel
    Victim Site: ukrim.ac.id
  3. Alleged data breach of General Electric Algeria Turbines (GEAT)
    Category: Data Breach
    Content: The group claims to have breached the database of General Electric Algeria Turbines (GEAT)
    Date: 2026-01-19T23:43:16Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/882?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/349a1f49-9c46-46b7-8a03-cfe873926bbc.png
    https://d34iuop8pidsy8.cloudfront.net/25f87a88-b3a1-4697-93da-aebe839dcbb0.png
    https://d34iuop8pidsy8.cloudfront.net/d9e7b412-c27f-4405-9c2d-95f760bf1b7c.png
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Energy & Utilities
    Victim Organization: general electric algeria turbines (geat)
    Victim Site: dms.geat.dz
  4. Alleged access to unidentified camera system in USA
    Category: Initial Access
    Content: The group claims to have gained access to an unidentified camera system in USA
    Date: 2026-01-19T23:33:08Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3398
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/44b292ec-7db7-4481-a5a6-dfb2694e15e6.png
    https://d34iuop8pidsy8.cloudfront.net/b2e4b139-cc0a-4400-a54e-1b40e166cb70.png
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  5. BontenSec targets the website of Sagar Micronics Private Limited
    Category: Defacement
    Content: The group claims to have defaced the website of Sagar Micronics Private Limited
    Date: 2026-01-19T23:04:25Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/230527
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e07097a0-f141-4640-8b46-0a99b15302d9.png
    Threat Actors: BontenSec
    Victim Country: India
    Victim Industry: Human Resources
    Victim Organization: sagar micronics private limited
    Victim Site: sagarmicronics.in
  6. TEAM_HAZARDOUS_PAK targets the website of Kalam Institute of Technology
    Category: Defacement
    Content: The group claims to have defaced the website of Kalam Institute of Technology
    Date: 2026-01-19T22:52:22Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/230644
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b7f2ab9-40d3-4384-9bbf-128ede160cb7.png
    Threat Actors: TEAM_HAZARDOUS_PAK
    Victim Country: India
    Victim Industry: Education
    Victim Organization: kalam institute of technology
    Victim Site: kit.edu.in
  7. PAO HWA TRADING CO, LTD falls victim to The Gentlemen
    Category: Ransomware
    Content: The group claims to have obtained the organizations data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T22:06:58Z
    Network: tor
    Published URL: http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/92e63cd6-d3fc-4eab-9d0d-b0de38199a3b.png
    Threat Actors: The Gentlemen
    Victim Country: Taiwan
    Victim Industry: Machinery
    Victim Organization: pao hwa trading co, ltd
    Victim Site: paohwa.com
  8. Alleged data leak of Confidential military documents from Thailand
    Category: Data Breach
    Content: The threat actor claims to have leaked data containing highly confidential military documents from Thailand. The leaked material reportedly includes more than 4,000 newly downloaded files, consisting of internal military plans, strategic briefings, operational records, and intelligence-related documents involving key military and political figures.
    Date: 2026-01-19T22:01:50Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Confidential-military-documents-from-Thailand
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f9fa7632-20c1-41a0-aa1f-e168fa2bcb72.png
    Threat Actors: taking0ver
    Victim Country: Thailand
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  9. Alleged data breach of GrassLife
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly belonging to GrassLife, a Canada-based lawn and garden e-commerce platform. the exposed data includes extensive customer and order-related information ,User and customer IDs,First and last names,Email addresses,Telephone numbers,Physical addresses,Order details and product descriptions,Wishlist and cart data,Newsletter subscription status,Password reset tokens and password hashes,Payment-related email fields,Account metadata and timestamps.
    Date: 2026-01-19T21:57:12Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-Canada-GrassLife-133-2k
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0afc019a-2726-4235-85a3-1cdedf3134c8.png
    Threat Actors: mercko
    Victim Country: Canada
    Victim Industry: E-commerce & Online Stores
    Victim Organization: grasslife
    Victim Site: grasslife.ca
  10. BROTHERHOOD CAPUNG INDONESIA targets the website of Photonium
    Category: Defacement
    Content: The group claims to have defaced the website of Photonium
    Date: 2026-01-19T21:54:00Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/341
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2387c902-6236-48cc-a729-8eea562a964f.png
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: Canada
    Victim Industry: Manufacturing
    Victim Organization: photonium
    Victim Site: photonium.ca
  11. Alleged access to multiple CCTV Surveillance systems in Czech Republic
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to multiple CCTV surveillance systems in Czech Republic
    Date: 2026-01-19T21:50:30Z
    Network: telegram
    Published URL: https://t.me/op_morningstar/233
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cbd61480-7a19-4d2f-8571-7b5713c5c4a5.png
    https://d34iuop8pidsy8.cloudfront.net/d59652d4-3e9a-4afe-a5ce-e7b1ffe017cd.png
    Threat Actors: MORNING STAR
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  12. Alleged data breach of Behrman House
    Category: Data Breach
    Content: A threat actor claims that Behrman House was breached, resulting in the exposure of approximately 298,000 user records. The leaked database allegedly contains email addresses, usernames, and hashed passwords.
    Date: 2026-01-19T21:49:03Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-BehrmanHouse-2025-300k
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f934a576-6c2e-4c53-909e-86e1c1ba12cf.png
    Threat Actors: Sphere
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: behrman house
    Victim Site: behrmanhouse.com
  13. Alleged data breach of Plus Ultra Líneas Aéreas
    Category: Data Breach
    Content: A threat actor claims to be distributing documents related to Plus Ultra Líneas Aéreas for free. The leaked materials are described as airline-related documents connected to operations in Venezuela, Spain, and Latin America.
    Date: 2026-01-19T21:38:28Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Document-FREE-Plus-Ultra-Airlines-Venezuela-Spain-and-Latin-America
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6e44b5e0-e682-49ff-b9c5-3c05fea7343d.png
    Threat Actors: malconguerra2
    Victim Country: Spain
    Victim Industry: Airlines & Aviation
    Victim Organization: plus ultra líneas aéreas
    Victim Site: plusultra.com
  14. Alleged data breach of Regional Development Planning Agency of the North Sulawesi
    Category: Data Breach
    Content: The group claims to have breached the database of Regional Development Planning Agency of the North Sulawesi which include their database tables and schema
    Date: 2026-01-19T21:27:27Z
    Network: telegram
    Published URL: https://t.me/BabayoErorSystem/173
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a9468e23-1ced-427f-b3fc-c11ea2731cd8.jpg
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: regional development planning agency of the north sulawesi
    Victim Site: bappeda.sulutprov.go.id
  15. Alleged unauthorized access to PSPAVT EURL
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to PSPAVT EURL and defaced their website
    Date: 2026-01-19T21:26:37Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/881
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/64ffd829-369f-47c7-a04a-a52d799638f9.jpg
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Computer & Network Security
    Victim Organization: pspavt eurl
    Victim Site: pspavt.dz
  16. BROTHERHOOD CAPUNG INDONESIA targets the website of Aurios Medical Canada, Inc.
    Category: Defacement
    Content: The group claims to have defaced the website of Aurios Medical Canada, Inc. and its branch, Seido Photonics, Inc.The subdomains include:seido.caseido.usseidophotonics.comsandbox.seido.caauriosmedical.casnipeit.auriosmedical.ca
    Date: 2026-01-19T21:19:25Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/341
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ae7a0c32-7e79-498a-893a-406b428b196b.png
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: Canada
    Victim Industry: Medical Equipment Manufacturing
    Victim Organization: aurios medical canada, inc.
    Victim Site: seido.ca
  17. Alleged data breach of Himpunan Ahli Teknik Hidraulik Indonesia (HATTI)
    Category: Data Breach
    Content: A threat actor claims to have leaked the member database of HATTI . The exposed information appears to include full names, academic and professional titles, phone numbers, email addresses, institution or company affiliations, and residential or office addresses, with many entries referencing locations in Jakarta and other regions of Indonesia.
    Date: 2026-01-19T21:04:35Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-2154-hatti-or-id-members-data-leaked-free-download-%E2%80%BC%EF%B8%8F%E2%80%BC%EF%B8%8F
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/50324786-a492-4d0d-b723-693058b4ca5c.png
    Threat Actors: AYYUBI
    Victim Country: Indonesia
    Victim Industry: Professional Services
    Victim Organization: himpunan ahli teknik hidraulik indonesia (hatti)
    Victim Site: hatti.or.id
  18. Alleged data leak of French-related datasets
    Category: Data Breach
    Content: A threat actor claims to have leaked a large collection of French-related datasets. The exposed files appear to be aggregated lead-generation and contact databases rather than data from a single organization. the data includes personal and professional information such as full names, phone numbers, email addresses, LinkedIn profile URLs, job titles, company names, industry, company size and revenue, company addresses, and social media links.
    Date: 2026-01-19T20:52:42Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-A-bunch-of-French-files-with-phones-emails-linkedin-etc
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1267b090-bf85-43b5-b7eb-e3e5983f7109.png
    https://d34iuop8pidsy8.cloudfront.net/694e1164-62db-414f-b076-ea244ff79941.png
    Threat Actors: OriginalCrazyOldFart
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  19. Alleged data breach of Hendon College
    Category: Data Breach
    Content: A threat actor claims to have leaked the database associated with Hendon College. The exposed data reportedly includes full names, email addresses, phone numbers, home and office addresses, occupations, states of origin, religion, local government areas, dates of birth, and account-related credentials.
    Date: 2026-01-19T20:50:03Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-HENDON-COLLEGE-ABUJA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/07fc91b7-4cad-408b-9077-44aa0c921de0.png
    https://d34iuop8pidsy8.cloudfront.net/21655bb3-c90e-41f9-976b-b1bced16cc43.png
    https://d34iuop8pidsy8.cloudfront.net/1dd7e085-1e69-4d94-822c-0bde91262705.png
    Threat Actors: CYCLONE_ADMIN
    Victim Country: Nigeria
    Victim Industry: Education
    Victim Organization: hendon college
    Victim Site: hendoncollege.edu.ng
  20. Alleged unauthorized access to CCTV Systems in Denmark
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to multiple CCTV Systems in Denmark
    Date: 2026-01-19T20:42:13Z
    Network: telegram
    Published URL: https://t.me/op_morningstar/226
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/97f7990d-47f0-4aee-9496-7f2089bf909f.jpg
    Threat Actors: MORNING STAR
    Victim Country: Denmark
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  21. BROTHERHOOD CAPUNG INDONESIA targets the website of GRAND FALLS LLC
    Category: Defacement
    Content: The group claims to have defaced the subdomains of Grand Falls LLC. The subdomains include labplasticware.grandfallsllc.com, sandbox.grandfallsllc.com, and seido.us.grandfallsllc.com.
    Date: 2026-01-19T20:39:38Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/341
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7da51f14-7503-497d-a362-1d18d5c13c05.png
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: USA
    Victim Industry: Professional Services
    Victim Organization: grand falls llc
    Victim Site: seido.us.grandfallsllc.com
  22. Alleged data breach of Kleinanzeigen
    Category: Data Breach
    Content: A threat actor claims to be selling approximately 1,000 Kleinanzeigen.de user accounts, with indications that up to 100,000 valid German email account records.
    Date: 2026-01-19T20:25:06Z
    Network: openweb
    Published URL: https://xss.pro/threads/145480/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fd69eab4-58a9-4fb5-b473-4f2c5c526381.png
    Threat Actors: MailPassFucker
    Victim Country: Germany
    Victim Industry: E-commerce & Online Stores
    Victim Organization: kleinanzeigen
    Victim Site: kleinanzeigen.de
  23. TEAM MR PLAX targets the website of Salefolkclub
    Category: Defacement
    Content: The Group claims to have defaced the website of Salefolkclub in UK.
    Date: 2026-01-19T20:18:07Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b4e410c-a340-4291-9a59-df4e5daf3fad.png
    https://d34iuop8pidsy8.cloudfront.net/b58d1f4a-b334-4acd-b208-bbdd482a2236.png
    Threat Actors: TEAM MR PLAX
    Victim Country: UK
    Victim Industry: Music
    Victim Organization: salefolkclub
    Victim Site: salefolkclub.co.uk
  24. Alleged Data Breach of ParkWhiz
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of ParkWhiz in USA. The compromised database allegedly contains approximately 1.67 million user records, including personal information such as first and last names, gender, date of birth, mobile numbers, email addresses, and address details.
    Date: 2026-01-19T20:06:55Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274129/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1deeaa85-6d27-4b25-a55a-9ba35766b4b3.png
    Threat Actors: renn
    Victim Country: USA
    Victim Industry: Transportation & Logistics
    Victim Organization: parkwhiz
    Victim Site: parkwhiz.com
  25. Alleged Sale of Personal Identity Databases
    Category: Data Breach
    Content: Threat Actor claims to have leaked personal identity datasets allegedly containing sensitive information such as driver’s licenses, Social Security Numbers (SSNs), passports, and business-related records including LLC, EIN, and LTD details.
    Date: 2026-01-19T20:06:52Z
    Network: openweb
    Published URL: https://leakbase.la/threads/driver-license-ssn-passports-llc-ein-ltd-i-have.48304/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0cc25f28-660a-43bd-8965-536eb4e0851e.png
    Threat Actors: jaann2
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  26. HaxChipper claims to target Albania
    Category: Alert
    Content: A recent post by the group indicates that theyre targeting Albania
    Date: 2026-01-19T20:05:32Z
    Network: telegram
    Published URL: https://t.me/undersolfidbyte/93
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5776ee7b-5f2d-4c34-a772-e457bd2dec8f.jpg
    Threat Actors: HaxChipper
    Victim Country: Albania
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  27. Alleged Sale of Unauthorized Shell Access to an Opencart Shop in Australia
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized shell access to an OpenCart shop in Australia.
    Date: 2026-01-19T19:50:30Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274127/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2cb7e771-9213-407f-ac2d-86ac7e5f088f.png
    Threat Actors: charley88
    Victim Country: Australia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  28. Wohnverbund St. Gertrud falls victim to SAFEPAY ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data and intends to publish them within 2-3 days.
    Date: 2026-01-19T19:17:10Z
    Network: tor
    Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/wohnverbund-st-gertrudde/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/447785d5-7154-4da0-b945-68442de943b6.png
    Threat Actors: SAFEPAY
    Victim Country: Germany
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: wohnverbund st. gertrud
    Victim Site: wohnverbund-st-gertrud.de
  29. ABC Seamless falls victim to SAFEPAY ransomware
    Category: Ransomware
    Content: The group claims to have obtained organisations data and intends to publish them within 2-3 days.
    Date: 2026-01-19T19:12:06Z
    Network: tor
    Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/abcseamlesscom/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c07b6aa2-e2b4-480d-bf81-eb8a3e691ce7.png
    Threat Actors: SAFEPAY
    Victim Country: USA
    Victim Industry: Building and construction
    Victim Organization: abc seamless
    Victim Site: abcseamless.com
  30. Alleged admin access to Howazit
    Category: Initial Access
    Content: The group claims to have gained admin access to Howazit.
    Date: 2026-01-19T19:05:37Z
    Network: telegram
    Published URL: https://t.me/c/3027611821/315
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f31eccda-6851-45af-949f-c16c18cfc71b.jpg
    Threat Actors: Z-BL4CX-H4T
    Victim Country: Israel
    Victim Industry: Computer Software/Engineering
    Victim Organization: howazit
    Victim Site: howazit.com
  31. IPU Industries falls victim to SAFEPAY ransomware
    Category: Ransomware
    Content: The group claims to have obtained organisations data and intends to publish them within 2-3 days.
    Date: 2026-01-19T18:53:50Z
    Network: tor
    Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/ipucoil/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aee7f3a7-ae87-49ad-9fd7-a18c91b7d631.png
    Threat Actors: SAFEPAY
    Victim Country: Israel
    Victim Industry: Manufacturing
    Victim Organization: ipu industries
    Victim Site: ipu.co.il
  32. TEAM MR PLAX targets the website of Pengadilan Agama Malili
    Category: Defacement
    Content: The group claims to have defaced the website of Pengadilan Agama Malili
    Date: 2026-01-19T18:44:15Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3a9247cd-d482-47fe-b019-0b7a4c420f46.png
    https://d34iuop8pidsy8.cloudfront.net/0e0b979a-9eef-4295-a5ef-293ba9fc7b50.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: pengadilan agama malili
    Victim Site: pa-malili.go.id
  33. TEAM MR PLAX targets the website of Flex-Cable
    Category: Defacement
    Content: The group claims to have defaced the website of Flex-Cable, USA.
    Date: 2026-01-19T18:39:58Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/84761873-24ba-454c-b3e5-05e85c4ab019.png
    Threat Actors: TEAM MR PLAX
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: flex-cable
    Victim Site: flexcable.com
  34. Alleged data breach of Meissner Bolte
    Category: Data Breach
    Content: Group claims to have obtained organizations data and intent to publish it within 1-2 days.
    Date: 2026-01-19T18:37:19Z
    Network: tor
    Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/5128625549/overview
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/493a53f7-b139-44de-b59f-c9b21219de1a.png
    https://d34iuop8pidsy8.cloudfront.net/81d8ff97-c81e-49ab-8d0a-5edee21a07b1.png
    Threat Actors: Worldleaks
    Victim Country: Germany
    Victim Industry: Legal Services
    Victim Organization: meissner bolte
    Victim Site: meissnerbolte.com
  35. TEAM MR PLAX targets the website of SMAN Sumatera Selatan
    Category: Defacement
    Content: The group claims to have defaced the website of SMAN Sumatera Selatan
    Date: 2026-01-19T18:31:49Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9a24cbd0-9ca3-4f03-9d2a-1fadea5c47f3.png
    https://d34iuop8pidsy8.cloudfront.net/0a7a007c-4aca-457d-bccd-ac55efadebe6.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: sman sumatera selatan
    Victim Site: smansumsel.sch.id
  36. TEAM MR PLAX targets the website of Universitatea Cooperatist-Comerciala din Moldova
    Category: Defacement
    Content: The group claims to have defaced the organizations website.
    Date: 2026-01-19T18:27:18Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/89e84654-d6d8-48e2-a884-0353c5b69977.png
    https://d34iuop8pidsy8.cloudfront.net/96cd245f-1911-498a-8af4-44265c93e459.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Moldova
    Victim Industry: Education
    Victim Organization: universitatea cooperatist-comerciala din moldova
    Victim Site: old.uccm.md
  37. GC Accounting Ltd falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 34 GB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T18:26:42Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/GC_Accounting/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a31d5ca4-e264-4a17-94ea-461cb3b8d85b.png
    Threat Actors: Everest
    Victim Country: UK
    Victim Industry: Accounting
    Victim Organization: gc accounting ltd
    Victim Site: gcaccounting.co.uk
  38. ASRock Rack Inc. falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 509 GB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T18:24:13Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/ASRock_Rack/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/35907300-6bc3-450e-ab60-5eab57792fbd.png
    https://d34iuop8pidsy8.cloudfront.net/d57e868f-b482-476b-8379-47781f7b2557.png
    https://d34iuop8pidsy8.cloudfront.net/08dd523e-c09b-40c4-bc41-559bc1d8f457.png
    Threat Actors: Everest
    Victim Country: Taiwan
    Victim Industry: Computer Hardware
    Victim Organization: asrock rack inc.
    Victim Site: asrockrack.com
  39. RED EYES targets the website of Marshal Road Contracting
    Category: Defacement
    Content: The group claims to have defaced the website of Marshal Road Contracting
    Date: 2026-01-19T18:20:24Z
    Network: telegram
    Published URL: https://t.me/c/3470684086/370
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7202c5c6-e59b-4c4f-a267-5ab672d5210d.jpg
    Threat Actors: RED EYES
    Victim Country: UAE
    Victim Industry: Building and construction
    Victim Organization: marshal road contracting
    Victim Site: marshalgroup.ae
  40. TEAM MR PLAX targets the website of Pengadilan Agama Kota Banjar
    Category: Defacement
    Content: The group claims to have defaced the website of Pengadilan Agama Kota Banjar
    Date: 2026-01-19T18:20:04Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eee37524-0d82-4bc4-922a-d069a31a4d99.png
    https://d34iuop8pidsy8.cloudfront.net/b9afe04e-12a3-4e4d-b71c-59d91f30c3ca.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: pengadilan agama kota banjar
    Victim Site: pa-banjarkota.go.id
  41. WANCHI STEEL INDUSTRIAL CO LTD. falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 56 GB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T18:19:24Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/WANCHI_STEEL_INDUSTRIAL/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9baec519-6196-45c3-bb7f-208b2d2f4c20.png
    https://d34iuop8pidsy8.cloudfront.net/f4894325-e68c-4e85-bfd9-37bf2f59b2a5.png
    Threat Actors: Everest
    Victim Country: Taiwan
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: wanchi steel industrial co ltd.
    Victim Site: wanchi.com.tw
  42. Reeves Information Technology falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 56 GB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T18:06:06Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Reeves_Information_Technology/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8c68d0b4-fb52-4c13-a48c-8b97bf2f87cc.png
    Threat Actors: Everest
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: reeves information technology
    Victim Site: reevesinfotech.com
  43. Alleged data breach of Marshal Road Contracting
    Category: Data Breach
    Content: The group claims to have breached the database of Marshal Road Contracting including administrative account data, email configuration settings, system settings, project and product records, galleries and listing images, news and blog content, and customer enquiry data, as well as backup copies of admin tables
    Date: 2026-01-19T18:01:47Z
    Network: telegram
    Published URL: https://t.me/c/3470684086/369
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c49dca69-2f8a-48da-b6d9-8e1e5d259ccf.jpg
    Threat Actors: RED EYES
    Victim Country: UAE
    Victim Industry: Building and construction
    Victim Organization: marshal road contracting
    Victim Site: marshalgroup.ae
  44. TEAM MR PLAX targets the website of Africa Leather and Leather Products Institute
    Category: Defacement
    Content: The group claims to have defaced the website of Africa Leather and Leather Products Institute (ALLPI).
    Date: 2026-01-19T17:57:20Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/657b5104-b830-4013-bb54-aef7eb5631b8.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Ethiopia
    Victim Industry: Higher Education/Acadamia
    Victim Organization: africa leather and leather products institute
    Victim Site: allpi.int
  45. DESY falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 5 TB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T17:56:21Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/DESY/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c9246747-9dc3-4c15-b7e3-107ddda3e8c0.png
    Threat Actors: Everest
    Victim Country: Germany
    Victim Industry: Research Industry
    Victim Organization: desy
    Victim Site: desy.de
  46. GIBSIN Engineers falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 65 GB of the organization internal data and they intend to publish it within 9-10 days.
    Date: 2026-01-19T17:54:05Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/GIBSIN_Engineers/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e0e1e785-aa1c-4c11-8de6-94fe8c7e1f3f.png
    https://d34iuop8pidsy8.cloudfront.net/2d879a3f-ca99-42ac-ae3d-b1cc5b10c78f.png
    Threat Actors: Everest
    Victim Country: Taiwan
    Victim Industry: Architecture & Planning
    Victim Organization: gibsin engineers
    Victim Site: gibsin.com.tw
  47. TEAM MR PLAX targets the website of Pengadilan Agama Kabupaten Madiun
    Category: Defacement
    Content: The group claims to have defaced the website of Pengadilan Agama Kabupaten Madiun.
    Date: 2026-01-19T17:52:23Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ff275014-67b9-4951-ae68-d5791d71d714.png
    https://d34iuop8pidsy8.cloudfront.net/0df52a36-48da-490c-9b19-ea95c859b76e.png
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: pengadilan agama kabupaten madiun
    Victim Site: pa-kabmadiun.go.id
  48. TEAM MR PLAX targets the website of District Court of Kutacane
    Category: Defacement
    Content: The group claims to have defaced the website of District Court of Kutacane
    Date: 2026-01-19T17:51:22Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fa2f2916-36dd-438b-b66e-31ce1da3dd50.jpg
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: district court of kutacane
    Victim Site: pn-kutacane.go.id
  49. TEAM MR PLAX targets the website of Lees Wood Products Inc
    Category: Defacement
    Content: The group claims to have defaced the website of Lees Wood Products Inc
    Date: 2026-01-19T17:40:36Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b0239ba5-a7ad-4768-8a81-cfde7b45b263.jpg
    Threat Actors: TEAM MR PLAX
    Victim Country: USA
    Victim Industry: Arts & Crafts
    Victim Organization: lees wood products inc
    Victim Site: eeswoodproducts.com
  50. TEAM MR PLAX targets the website of Gresik Religious Court
    Category: Defacement
    Content: The group claims to have defaced the website of Gresik Religious Court
    Date: 2026-01-19T17:24:10Z
    Network: telegram
    Published URL: https://t.me/TEAMRPLAX/462
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e9966094-821c-49db-b175-f167e4e44484.jpg
    Threat Actors: TEAM MR PLAX
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: gresik religious court
    Victim Site: pa-gresik.go.id
  51. Alleged data breach of CrashGambler
    Category: Data Breach
    Content: A threat actor claims to have breached the database of CrashGambler.io .The leaked data reportedly includes user IDs, usernames, hashed passwords, display names, email addresses, profile URLs, account registration dates, activation keys, and account status information.
    Date: 2026-01-19T17:17:19Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-crashgambler-io-2025
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0fdd9417-dcbf-458f-803b-920d0a73d096.png
    Threat Actors: amelgarg
    Victim Country: Canada
    Victim Industry: Gambling & Casinos
    Victim Organization: crashgambler
    Victim Site: crashgambler.io
  52. Alleged Sale of Unauthorized Admin Access to a Shop in France
    Category: Initial Access
    Content: Threat Actor claims to be sellling unauthorized Admin Access to a shop in France.
    Date: 2026-01-19T17:16:36Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274120/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/43163e7b-b3ac-474b-8b79-8207fd9d48b6.png
    Threat Actors: CMPunk
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  53. Alleged data breach of West Sumatra Provincial Government
    Category: Data Breach
    Content: A threat actor claims to have leaked population data from West Sumatra Province (Sumatera Barat), Indonesia. the leaked dataset contains approximately 3,887 records and is provided in CSV format. The exposed information reportedly includes family card numbers, full names, dates of birth, gender, addresses, and regional location details.
    Date: 2026-01-19T17:07:14Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-Leaked-3887-population-data-of-West-Sumatra-province-Indonesia-free-download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/842d10ca-37ea-4192-aa34-960caba5d3f3.png
    Threat Actors: AiriHoshino
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: west sumatra provincial government
    Victim Site: sumbarprov.go.id
  54. Alleged data breach of Fascist Forge
    Category: Data Breach
    Content: A threat actor claims to have leaked the database of FascistForge.com . The compromised dataset reportedly includes usernames, email addresses, passwords, IP addresses, social media accounts, phone numbers, attachments, private messages, and other internal forum data.
    Date: 2026-01-19T16:48:52Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-ANTIFA-Fascist-Neo-Nazi-FascistForge-com-Database-Leak-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/54b76f01-d94e-4b53-b6cd-0fbd628434ef.png
    Threat Actors: 0BITS
    Victim Country: USA
    Victim Industry: Social Media & Online Social Networking
    Victim Organization: fascist forge
    Victim Site: fascistforge.com
  55. Alleged unauthorized access to an unidentified industrial dosing equipment in Poland
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to an industrial dosing equipment control system in Poland, allegedly enabling direct manipulation of operational parameters. According to the claim, the access allows modification of dosing settings such as weight, feed rate, and timing, starting and stopping equipment, monitoring and clearing alarm and error logs, and viewing real-time process data.
    Date: 2026-01-19T16:27:12Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/975
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9593e5cd-8a3a-44a2-9471-b7212e0b7899.jpg
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Poland
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  56. Z-BL4CX-H4T targets the website of Embroidery with Love
    Category: Defacement
    Content: The group claims to have defaced the website of Embroidery with Love
    Date: 2026-01-19T16:20:05Z
    Network: telegram
    Published URL: https://t.me/c/3027611821/317
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f0ffd4fc-94ad-4642-ab2c-af76fa151b4e.jpg
    Threat Actors: Z-BL4CX-H4T
    Victim Country: Israel
    Victim Industry: Arts & Crafts
    Victim Organization: embroidery with love
    Victim Site: rikmabeahava.co.il
  57. Alleged Sale of Jomla Admin Panel Access to a Maritime Company in USA
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized Jomla Admin Panel Access to a Maritime Company in USA.
    Date: 2026-01-19T16:05:11Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274103/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ab711c91-fb97-4646-8b2f-c40c31184285.png
    Threat Actors: raymond
    Victim Country: USA
    Victim Industry: Maritime
    Victim Organization: Unknown
    Victim Site: Unknown
  58. Alleged data breach of Prepass
    Category: Data Breach
    Content: The threat actor claims to have leaked a database allegedly belonging to Prepass, a Japan-based private collaboration and creative project platform. The exposed data reportedly includes user account information, email addresses, project-related records, media links, metadata, and internal tables associated with collaborative workspaces.
    Date: 2026-01-19T16:02:55Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f7b86caf-f9ca-403e-bcd4-00677a3e9521.png
    Threat Actors: Solonik
    Victim Country: Japan
    Victim Industry: Social Media & Online Social Networking
    Victim Organization: prepass
    Victim Site: prepass.jp
  59. Alleged data breach of Social Security Administration (SSA)
    Category: Data Breach
    Content: A threat actor claims to have leaked a database allegedly associated with the U.S. Social Security Administration (ssa.gov). the dataset contains approximately 85 million records and is distributed in CSV format, with an estimated size of over 4 GB. The leaked data reportedly includes highly sensitive personal information such as Social Security Numbers (SSNs), first, middle, and last names, suffixes, and dates of birth.
    Date: 2026-01-19T16:00:12Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-85M-SSN-details-Social-Security-Administration-ssa-gov-by-hexvior
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/29946655-ec2c-45fd-af84-b52e6ea9bfff.png
    Threat Actors: hexvior
    Victim Country: USA
    Victim Industry: Government Administration
    Victim Organization: social security administration (ssa)
    Victim Site: ssa.gov
  60. Yumark Enterprises falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data.
    Date: 2026-01-19T15:59:20Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=8aa9df10-680c-3a2d-b5f0-53b159e4174f
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f6bba9e6-f267-4418-a7f9-8142a55cb480.png
    Threat Actors: Qilin
    Victim Country: Taiwan
    Victim Industry: International Trade & Development
    Victim Organization: yumark enterprises
    Victim Site: yumark.com
  61. Alleged data breach of MHR
    Category: Data Breach
    Content: The threat actor claims to have leaked multiple databases allegedly associated with MHR, a Japan-based WordPress multisite network. The exposed data reportedly includes user accounts, BuddyPress profiles, private messages, notifications, form submissions (WPForms), uploads, and plugin-related content.
    Date: 2026-01-19T15:48:36Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/06e2550f-d791-43e9-b2fe-e10d39cd9c97.png
    Threat Actors: Solonik
    Victim Country: Japan
    Victim Industry: Social Media & Online Social Networking
    Victim Organization: mhr
    Victim Site: mh.rsv.jp
  62. CinCauGhast targets multiple subdomains of AGX Software
    Category: Defacement
    Content: The group claims to have defaced multiple subdomains of AGX Software which include: afiliados.agxsoftware.comagenda.agxsoftware.comagxsoftware.comapi.homologacao-indiqueopan.agxsoftware.combeneficios.agxsoftware.comcadastro.agxsoftware.comcall.agxsoftware.comcdc.rodobens.agxsoftware.comcontratesim.agxsoftware.comfedora.agxsoftware.comindica.agxsoftware.comindicacoes.agxsoftware.comlpindiky.agxsoftware.comlpindiky.com.agxsoftware.comlpteste.agxsoftware.commocaccino.agxsoftware.comnio.landing.agxsoftware.com
    Date: 2026-01-19T15:47:51Z
    Network: telegram
    Published URL: https://t.me/CinCauGhast3/183
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1db39719-3652-4b79-8975-0d9546942e39.jpg
    Threat Actors: CinCauGhast
    Victim Country: Brazil
    Victim Industry: Computer Software/Engineering
    Victim Organization: agx software
    Victim Site: afiliados.agxsoftware.com
  63. Alleged data breach of Flippa Japan
    Category: Data Breach
    Content: A threat actor claims to have leaked a SQL databases from Japanese platforms. Allegedly exposed information includes ,WordPress user accounts,Email addresses,Password hashe,Private messages,Posts, comments, and metadata,Admin and login logs,Uploaded media and CMS configuration data.
    Date: 2026-01-19T15:45:49Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/57f407b2-a25e-47c4-ae89-f6f77903b093.png
    Threat Actors: Solonik
    Victim Country: Japan
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: flippa japan
    Victim Site: flippa.jp
  64. Shiloh Industries falls victim to Nitrogen Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes employee CAD drawings, accounts payable / Receivable, invoice s and balance sheet.
    Date: 2026-01-19T15:35:51Z
    Network: tor
    Published URL: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/696e463fc0a01acfe88de666
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cbcf1e31-8116-4a03-bb03-ba826a781eb7.png
    Threat Actors: Nitrogen
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: shiloh industries
    Victim Site: durashiloh.com
  65. Alleged data breach of KSource
    Category: Data Breach
    Content: The threat actor claims to have leaked a database allegedly associated with KSource, a developer-focused platform. The exposed data reportedly includes user accounts, email addresses, password hashes, developer forum content, support tickets, and backend administrative logs.
    Date: 2026-01-19T15:34:31Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7fedb588-960f-4f5c-bacb-dc4ce99f05a9.png
    Threat Actors: Solonik
    Victim Country: China
    Victim Industry: Software Development
    Victim Organization: ksource
    Victim Site: ksource.com.cn
  66. Alleged data breach of GuitarMe
    Category: Data Breach
    Content: The threat actor claims to have leaked a database allegedly belonging to a music-focused online community platform built on WordPress. The exposed data reportedly includes user account information such as email addresses, avatars, posts, comments, and private messages.
    Date: 2026-01-19T15:31:37Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f414db00-6028-427c-b5db-efc5a4e5a251.png
    Threat Actors: Solonik
    Victim Country: China
    Victim Industry: Music
    Victim Organization: guitarme
    Victim Site: guitarme.cn
  67. Ghost-RZ targets the website of Wally Erotic
    Category: Defacement
    Content: The group claims to have defaced the organizations website.
    Date: 2026-01-19T14:53:24Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220069
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c080968c-03ac-45d5-b00a-52bba13879ad.png
    Threat Actors: Ghost-RZ
    Victim Country: France
    Victim Industry: Arts & Crafts
    Victim Organization: wally erotic
    Victim Site: wallyerotic.fr
  68. Alleged Leak of Japanese and Chinese Web Databases
    Category: Data Breach
    Content: The threat actor claims to have leaked a combined collection of six databases allegedly originating from multiple Japanese and Chinese organizations. The compromised data reportedly includes raw SQL dumps containing millions of records, such as WordPress user accounts, email addresses, password hashes, posts, admin logs, private messages, media uploads, metadata, and CMS content. The actor further states that the datasets include affiliate data, tokens, login logs, business and community forum records, and private project data.
    Date: 2026-01-19T14:24:35Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-JAPAN-CHINA-WEB-CORE-%E2%80%94-FLIPPA-JP-GUITARME-CN-KSOURCE-MHR-PREPASS-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/516b3abb-b2ff-42a8-b145-b0e0cecc7d49.png
    Threat Actors: Solonik
    Victim Country: China
    Victim Industry: Automotive
    Victim Organization: xiamen jianxiu mirror industry
    Victim Site: flippa.jp
  69. Ghost-RZ targets the website of QUALIFORMATION
    Category: Defacement
    Content: The group claims to have defaced the organizations website.
    Date: 2026-01-19T14:23:55Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/220044
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4c00852d-d95f-49ba-92d2-9325eb8614b9.png
    Threat Actors: Ghost-RZ
    Victim Country: France
    Victim Industry: Education
    Victim Organization: qualiformation
    Victim Site: qualiformation.fr
  70. Alleged data leak of Chuyên gia công đóng gói các loại túi
    Category: Data Breach
    Content: Group claims to have leaked 502.8 KB of data from Chuyên gia công đóng gói các loại túi.
    Date: 2026-01-19T14:18:54Z
    Network: telegram
    Published URL: https://t.me/c/3027611821/313
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/74ce80a4-3746-4801-8fc2-3f8e526527fa.png
    Threat Actors: Z-BL4CX-H4T
    Victim Country: Vietnam
    Victim Industry: Packaging & Containers
    Victim Organization: chuyên gia công đóng gói các loại túi
    Victim Site: giacongdonggoi.com
  71. Alleged Data Leak of Indonesian Taxpayer Identification Numbers
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Indonesian taxpayers. The compromised data reportedly includes names, addresses, district information, and additional details.
    Date: 2026-01-19T14:13:53Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-NPWP-INDONESIA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dcba8ba3-f00d-44ec-8819-fce583296a11.png
    Threat Actors: CY8ER N4TI0N
    Victim Country: Indonesia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  72. Alleged data breach of First Choice Business Brokers
    Category: Data Breach
    Content: The threat actor claims to have leaked the organization’s complete internal dataset. The compromised data reportedly includes thousands of enriched business leads and documents in XLSX and PDF formats, including signed NDAs and LOIs, listing agreements, business valuations, pricing details, financial disclosures, contracts, contact information such as names, email addresses, phone numbers, physical addresses, LinkedIn profiles, and geolocation data.
    Date: 2026-01-19T13:53:12Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-FCBB-COM-%E2%80%94-USA-BROKERAGE-DATABASE-NDA-LOI-LISTING-DOCS-FULL-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/69ef06ce-a685-4ec2-afbc-90db1f47f3da.png
    Threat Actors: Solonik
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: first choice business brokers
    Victim Site: fcbb.com
  73. Alleged unauthorized access to an unidentified control system of hydroelectric power station in Czech Republic
    Category: Initial Access
    Content: The group claims to have gained alleged unauthorized access to an unidentified control system of the small hydroelectric power station MVE BŘEZÍ, located in the Czech Republic. The compromised system reportedly provides Control two turbogenerators TG1 and TG2, including their start-up, shutdown, and power adjustment, adjust the position of valves and the water level in the reservoir.
    Date: 2026-01-19T13:47:25Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/1713
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/396a0dd4-9de9-42ec-b125-ac69b0522865.JPG
    Threat Actors: NoName057(16)
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  74. Alleged data breach of Russian non-commercial gardening entities
    Category: Data Breach
    Content: The threat actor claims to have breached a database containing over 9.9K records from Russian non-commercial gardening entities, including Name, Address, OGRN, INN, Phone, Email, Registration date, Activity, Org form, Finance.
    Date: 2026-01-19T13:45:48Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-SNT-RF-RU-%E2%80%94-9-9K-RUSSIAN-NON-COMMERCIAL-GARDENING-ENTITIES-FULL-CORP-DUMP
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/80ab0288-2a65-487e-b752-c6d1a26a82bb.jpg
    Threat Actors: Solonik
    Victim Country: Russia
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: russian non-commercial gardening entities
    Victim Site: snt-rf.ru
  75. Alleged sale of of Bodog Life
    Category: Data Breach
    Content: The threat actor clams to have breached 24.9k data from Bodog Life.the compromised The threat actor claims to have breached 24,900 records from Bodog Life. The compromised data reportedly includes full name, address, state, ZIP code, email address, phone number, and additional information.
    Date: 2026-01-19T13:37:55Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-BODOGLIFE-COM-%E2%80%94-24-9K-US-GAMBLING-USERS-FULL-DATABASE-2026
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/47fcc46f-75a7-4b08-a312-3c1c513c77a8.png
    Threat Actors: Solonik
    Victim Country: Curaçao
    Victim Industry: Gambling & Casinos
    Victim Organization: bodog life
    Victim Site: bodoglife.com
  76. Whitfield Welding Inc. falls victim to Nitrogen Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes employee personal data, engineering drawings, production instructions, and contracts.
    Date: 2026-01-19T13:17:33Z
    Network: tor
    Published URL: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/696e24c6d0070f8c678de668
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2cda835e-2d61-44ab-85c8-8a890cd4be0e.png
    Threat Actors: Nitrogen
    Victim Country: Canada
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: whitfield welding inc.
    Victim Site: whitfieldwelding.com
  77. Acuity Insurance
    Category: Data Breach
    Content: The threat actor claims to have leaked a database containing over 9 million records belonging to Acuity insurance customers. This massive dataset allegedly includes sensitive information such as full names, physical addresses, phone numbers, and dates of birth. The post suggests the data is highly detailed, featuring demographic insights like marital status, number of children, and homeownership status. According to the actor, the information is intended for malicious use, including identity profiling and fraud simulation.
    Date: 2026-01-19T13:10:29Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-ACUITY-COM-%E2%80%94-9M-ILLINOIS-INSURANCE-CUSTOMERS-FULL-US-HEALTH-DEMOE-Solonik-BF
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eefc9c05-3d08-4aa1-aab3-47ec8cb4336f.jpg
    Threat Actors: Solonik
    Victim Country: USA
    Victim Industry: Insurance
    Victim Organization: acuity insurance
    Victim Site: acuity.com
  78. Alleged leak of IBAN data from Germany
    Category: Data Breach
    Content: The threat actor claims to be leaking IBAN data from Germany
    Date: 2026-01-19T12:41:57Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274097/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f0489afb-fe13-45a4-8a9f-d82f1358c874.png
    Threat Actors: daren563
    Victim Country: Germany
    Victim Industry: Banking & Mortgage
    Victim Organization: Unknown
    Victim Site: Unknown
  79. Alleged data breach of 1win
    Category: Data Breach
    Content: The threat actor claims to have breached 96 million records of data from 1win. The compromised data reportedly includes email addresses, phone numbers, names, country information, and additional details.
    Date: 2026-01-19T11:39:39Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-1win-com-96M-online-casino
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/00a57c10-9d5a-4441-830e-df9c4c84313a.jpeg
    Threat Actors: jacksparrow874
    Victim Country: Curaçao
    Victim Industry: Gambling & Casinos
    Victim Organization: 1win
    Victim Site: 1win.com
  80. Alleged data leak of Legislative Assembly of Alberta
    Category: Data Breach
    Content: The threat actor claims to have leaked 88 records from the Legislative Assembly of Alberta, allegedly containing phone numbers, names, addresses, postal codes, email addresses, and other information.
    Date: 2026-01-19T10:50:01Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-CANADA-Legislative-Assembly-of-Alberta-Leaked
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/542eb53a-ce2b-447b-9760-2fdb4c1ce7b8.png
    https://d34iuop8pidsy8.cloudfront.net/19617f78-ad9c-4ca1-a010-1496ec9f4b30.png
    Threat Actors: RuskiNet
    Victim Country: Canada
    Victim Industry: Government Administration
    Victim Organization: legislative assembly of alberta
    Victim Site: assembly.ab.ca
  81. Alleged access sale of an unidentified shop in the uK
    Category: Initial Access
    Content: The threat actor claims to be selling access of unidentified shop in UK
    Date: 2026-01-19T10:00:05Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274095/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9e4d6b7b-9402-4122-93f6-3e80617be35b.png
    Threat Actors: room
    Victim Country: UK
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  82. Z-BL4CX-H4T.ID targets the website of Mancera
    Category: Defacement
    Content: The group claims to have defaced the website of Mancera.
    Date: 2026-01-19T09:52:52Z
    Network: telegram
    Published URL: https://t.me/z_bl4cx_h4t_id/19
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/545c4ebd-c1a5-48cc-8abb-901e6b9024e7.png
    Threat Actors: Z-BL4CX-H4T.ID
    Victim Country: Vietnam
    Victim Industry: Cosmetics
    Victim Organization: mancera
    Victim Site: student35.websitechuan.com
  83. Alleged data breach of Assurance Maladie.
    Category: Data Breach
    Content: The threat actor claims to have breached 20 million records from Assurance Maladie. The compromised data reportedly includes gender, name, full address, and additional information.
    Date: 2026-01-19T08:43:12Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-AMELI-FR-20M-Total-Lines-Healthcare-Professionals-Users-High-Quality
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8cf18dfc-b185-44b9-be4e-c7b4292ac6a6.jpeg
    Threat Actors: Mihiyo
    Victim Country: France
    Victim Industry: Insurance
    Victim Organization: assurance maladie
    Victim Site: ameli.fr
  84. Alleged Data Leak of Hong Kong Order Processing Data
    Category: Data Breach
    Content: The threat actor shared an allegedly leaked dataset containing order-related and customer information from dot-st.hk-order, the dataset contains order processing and delivery records, including personal identifiers and contact details.
    Date: 2026-01-19T06:32:03Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Data-from-www-dot-st-hk-order
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a41be01b-5755-43ed-a614-507595a9d1fa.png
    Threat Actors: yayayakeli
    Victim Country: China
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: dot-st.hk-order
  85. Alleged Leak of Indian citizens data
    Category: Data Breach
    Content: Threat actor claims to be leaking a large database containing approximately 33.4 million records related to Indian cities, primarily Delhi and nearby counties/cities. The dataset allegedly includes personal information such as names, phone numbers, and physical addresses.
    Date: 2026-01-19T06:21:27Z
    Network: openweb
    Published URL: https://leakbase.la/threads/indian-cities-delhi-and-its-nearby-counties-cities.48291/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5064f9ae-5494-4425-abd0-cd4b54a8ba3e.png
    Threat Actors: hisen8461
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  86. Alleged Data Breach of Mastertech International Co., Ltd.
    Category: Data Breach
    Content: The threat actor claims an alleged data breach Mastertech International Co., Ltd, the dataset contains structured records associated with attendance systems, including employee identifiers, personal details, and operational metadata.
    Date: 2026-01-19T06:07:54Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Thailand-mastertech-co-th-Attendance-Recorder-Manufacturer-Data-Updated-Dec-2025
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/de1aee73-2f9b-4559-a16d-68baf87858c7.png
    Threat Actors: aiyewumi
    Victim Country: Thailand
    Victim Industry: Manufacturing
    Victim Organization: mastertech international co., ltd.
    Victim Site: mastertech.co.th
  87. BontenSec targets the website of
    Category: Defacement
    Content: The group claims to have defaced the website of Furnifry
    Date: 2026-01-19T05:27:05Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/230552
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aac513da-3c8b-4d68-898e-ed3d70b4c68e.png
    Threat Actors: BontenSec
    Victim Country: India
    Victim Industry: Furniture
    Victim Organization: furnifry
    Victim Site: furnifry.com
  88. Alleged data breach of TurkCell
    Category: Data Breach
    Content: The group claims to have breached data of TurkCell, The dataset allegedly contains personally identifiable information (PII) of subscribers and is publicly distributed as a compressed archive.
    Date: 2026-01-19T05:08:33Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-TurkCell-Turkish-ISP
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/96c896db-8f78-4353-ac20-846e67c70fc2.png
    Threat Actors: 3vILBrokers
    Victim Country: Turkey
    Victim Industry: Network & Telecommunications
    Victim Organization: turkcell
    Victim Site: turkcell.com.tr
  89. Alleged Leak of Norway Consumer Buyer Data
    Category: Data Breach
    Content: The threat actor claims to be leaked Norway Consumer Buyer Data. The Compromised Data Reportedly contain 76,250 records including Full names, Physical street addresses, Postal codes.
    Date: 2026-01-19T04:32:35Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Exclusive-Norway-Buyer-Records-76-250-Entries
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/44eadaaa-c06b-4eaf-a303-62f7a042d0c2.png
    Threat Actors: r57
    Victim Country: Norway
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  90. Calzaturificio Casadei s.p.a. falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data.
    Date: 2026-01-19T04:18:55Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8f0af8b4-555b-401a-960f-b077801d3796.png
    https://d34iuop8pidsy8.cloudfront.net/21f56de3-e008-4dc8-ab04-a68e1ee0dff8.png
    Threat Actors: Qilin
    Victim Country: Italy
    Victim Industry: Fashion & Apparel
    Victim Organization: calzaturificio casadei s.p.a.
    Victim Site: casadei.com
  91. Alleged Sale of Pakistan Caller Provider Customer Database
    Category: Data Breach
    Content: The threat actor claims to be selling Pakistan Caller Provider Customer Database.
    Date: 2026-01-19T04:16:59Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Pakistan-Caller-Provider-Big-Leak
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f74d9dc1-8696-476a-b691-60ba6972839d.png
    Threat Actors: r57
    Victim Country: Pakistan
    Victim Industry: Network & Telecommunications
    Victim Organization: Unknown
    Victim Site: Unknown
  92. Alleged data breach of Indian Farmers Fertiliser Cooperative Limited
    Category: Data Breach
    Content: The group claims to have breached data of Indian Farmers Fertiliser Cooperative Limited. The compromised data reportedly includes details of female employees, emails, and payroll documents.
    Date: 2026-01-19T03:45:15Z
    Network: telegram
    Published URL: https://t.me/LulzSecHackers/206
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dd7aa6b9-d0a1-41b6-9efb-6ab74390645d.png
    https://d34iuop8pidsy8.cloudfront.net/5db78b8a-0b97-4026-a310-9698c4404b0a.png
    https://d34iuop8pidsy8.cloudfront.net/d2641c75-7f81-4102-b44b-f388ed378bb3.png
    https://d34iuop8pidsy8.cloudfront.net/629afa4b-75fb-4cb2-b81f-c507fcc75fb2.png
    Threat Actors: LulzSec Hackers
    Victim Country: India
    Victim Industry: Chemical Manufacturing
    Victim Organization: indian farmers fertiliser cooperative limited
    Victim Site: eis.iffco.coop
  93. Alleged Sale of Norway
    Category: Data Breach
    Content: The threat actor claims to be selling consumer Luxury Shop Customer Database
    Date: 2026-01-19T03:40:42Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Norway-Consumer-Luxury-Shop-25-708-Records
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c82e1d53-6543-4303-9a62-1b326dea59e4.png
    Threat Actors: r57
    Victim Country: Norway
    Victim Industry: Luxury Goods & Jewelry
    Victim Organization: Unknown
    Victim Site: Unknown
  94. Alleged Sale of Norway B2B/B2C Contact Database
    Category: Initial Access
    Content: The threat actor claims to be selling Norwegian B2B/B2C contact database, the dataset contains 109,000 full contact records.
    Date: 2026-01-19T03:38:35Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Exclusive-Norway-B2B-B2C-Data-109K-Full-Contacts
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cdc060cd-fcbe-46c0-b451-dc36b039ab72.png
    Threat Actors: r57
    Victim Country: Norway
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  95. Alleged Data Breach of TrendyWash
    Category: Data Breach
    Content: The threat actor claims an alleged data breach of TrendyWash, The dataset contains approximately 192,000 customer records.
    Date: 2026-01-19T03:24:08Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-trendywash-net-Thailand-192K
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/837cbdf9-156f-4aad-aad6-7b2b4ce3c288.png
    Threat Actors: r57
    Victim Country: Thailand
    Victim Industry: Consumer Services
    Victim Organization: trendywash
    Victim Site: trendywash.net
  96. Alleged sale of shell access to unidentified organization in Switzerland
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized shell access to an unidentified organization in Switzerland.
    Date: 2026-01-19T03:03:40Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274045/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7ab66f07-0bc9-4198-a308-50d29c0e34bf.png
    Threat Actors: Saturned33
    Victim Country: Switzerland
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: Unknown
    Victim Site: Unknown
  97. Alleged Sale of Unauthorized Access to Ghana Postal Service
    Category: Initial Access
    Content: The threat actor claims to be selling unauthorized access to systems belonging to the Ghana Postal Service, including webshell access and a full database backup.
    Date: 2026-01-19T02:57:30Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Ghana-Postal-Service-DB-ACCESS
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9cf5e3fb-bce7-485b-a9cc-708c73dbf678.png
    https://d34iuop8pidsy8.cloudfront.net/bb063c13-7599-4e52-9b4a-32b74900d752.png
    Threat Actors: r57
    Victim Country: Ghana
    Victim Industry: Government Administration
    Victim Organization: ghana postal service
    Victim Site: Unknown
  98. Alleged sale of RDP access to an unidentified retail shop in the USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized RDP access to a large U.S.-based grocery retail corporate network with an estimated business valuation of $1.1B. The listing advertises local administrator privileges within the corporate domain, access to multiple computer domains, and internal network infrastructure including subnets, trunks, and switches.
    Date: 2026-01-19T02:53:51Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274079/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8199b1f2-c704-4c8b-b31b-d3c4bfb0946a.png
    Threat Actors: shadowwss
    Victim Country: USA
    Victim Industry: Retail Industry
    Victim Organization: Unknown
    Victim Site: Unknown
  99. Alleged Data Breach of Luawhitelist
    Category: Data Breach
    Content: The threat actor claims an alleged data breach of Luawhitelis, The leaked database contains account-related information, including email addresses and password hashes.
    Date: 2026-01-19T02:52:55Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Luawhitelist-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/49cafea2-8153-471a-89e6-ae6d70972290.png
    Threat Actors: Glowie
    Victim Country: Unknown
    Victim Industry: Software
    Victim Organization: luawhitelist
    Victim Site: luawhitelist.com
  100. Alleged sale of shell access to unidentified Financial organization in Italy
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized shell access to an unidentified Financial organization in Italy.
    Date: 2026-01-19T02:52:26Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274043/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/65b1d73c-eb86-4b19-ac3a-30b491b3a7eb.png
    Threat Actors: Saturned33
    Victim Country: Italy
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
  101. Alleged Data Breach of Data4Marketers
    Category: Data Breach
    Content: The threat actor claims to have leaked a database of Data4Marketers.
    Date: 2026-01-19T02:32:16Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-COLLECTION-Thunderbird-Feed-List-data4marketers-com-2022-11-25-6-29M-People
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a0bfa192-a0ea-4e5e-a972-cf1f340ec8d9.png
    Threat Actors: thelastwhitehat
    Victim Country: Unknown
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: data4marketers
    Victim Site: data4marketers.com
  102. Alleged data leak of Samaritan Münsingen
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Samaritan Münsingen. The compromised data reportedly includes address id, ort, phone number, photo, info, mail etc.
    Date: 2026-01-19T02:07:42Z
    Network: openweb
    Published URL: https://leakbase.la/threads/source-samaritermuensingen-ch.48284/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e25feda4-714e-46d8-8b51-bbdde4dea93c.png
    Threat Actors: Cod3xx
    Victim Country: Switzerland
    Victim Industry: Hospital & Health Care
    Victim Organization: samaritan münsingen
    Victim Site: samaritermuensingen.ch
  103. Alleged Data Leak of Multiple Account Credentials
    Category: Data Breach
    Content: The threat actor claims to have leaked data related to account credentials for Hotmail, Netflix, PayPal, and Amazon. The compromised data reportedly including email addresses and plaintext passwords.
    Date: 2026-01-19T02:07:16Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-login-Hotmail-login-Netflix-login-PayPal-login-Amazon-2026-01-17
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1d7434bf-8772-40f6-adb8-ce55040906ef.png
    Threat Actors: KX7
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  104. Alleged Sale of Vietnam Education Database
    Category: Data Breach
    Content: Threat actor claims to be selling a database associated with a Vietnamese education platform.
    Date: 2026-01-19T02:00:48Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Vietname-Database-Education
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/286ee0f3-ce7b-4d6c-931c-7f07714f0171.png
    https://d34iuop8pidsy8.cloudfront.net/028255b7-c18b-4d18-b292-e7cf770b57a1.png
    Threat Actors: r57
    Victim Country: Vietnam
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
  105. Bray Whaler falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 400 GB of organizations data. The compromised data includes confidential and financial data. They intend to publish it within 6 – 7 days.NB: Bray Whaler now often operating as R-W Purchasing Partners
    Date: 2026-01-19T01:54:56Z
    Network: tor
    Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/696d42276387a4c9a26e6fef
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/711befe0-0c81-4564-9925-c21744c2669a.png
    https://d34iuop8pidsy8.cloudfront.net/90d4ca33-14eb-4bd5-b0f3-901d7634c3ae.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Hospitality & Tourism
    Victim Organization: bray whaler
    Victim Site: rwpurchasing.com
  106. Deck India Engineering Pvt. Ltd falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 154 GB of organizations data. They intend to publish in 9 – 10 days.
    Date: 2026-01-19T00:58:59Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/0efa3457c1f79c49a71d5eb75be4b1f4a3a71a897a36fca52f74dde407005433/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/089054b5-eb0b-43fd-8812-b8821ecb8ca6.png
    https://d34iuop8pidsy8.cloudfront.net/530a52e5-62b7-415c-833d-ec15043b82ec.png
    Threat Actors: TENGU
    Victim Country: India
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: deck india engineering pvt. ltd
    Victim Site: deckindia.com
  107. QFloors Falls Victim for GENESIS Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 600 GB of organizations data. The compromised data includes customers internal projects, customers sales, customers building and flooring plans, customers job costing, inventory management and accounting and data from company fileserver. They intend to publish it within 4 – 5 days.
    Date: 2026-01-19T00:58:32Z
    Network: tor
    Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/cce17aec4f3cbc4d7db/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1e7cfd9d-250d-4004-b8c4-2b3c0b4a274f.png
    https://d34iuop8pidsy8.cloudfront.net/9126a48e-96ce-4471-92a8-dba2ebe2f2d9.png
    Threat Actors: GENESIS
    Victim Country: USA
    Victim Industry: Software Development
    Victim Organization: qfloors
    Victim Site: qfloors.com
  108. Mid-Park, Inc. Falls Victim for GENESIS Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 1.6 TB of organizations data. The compromised data includes project data, operational data, holdings financial data, payroll data, construction data, contracts and NDAs, users folders and data from company fileserver. They intend to publish it within 4 – 5 Days.
    Date: 2026-01-19T00:50:38Z
    Network: tor
    Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/d503a05beb1788a3eda0/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dea8e087-13a8-4e10-b699-539b45f29f67.png
    https://d34iuop8pidsy8.cloudfront.net/418ebde8-0dbd-42eb-ae8b-268e6a88d30a.png
    Threat Actors: GENESIS
    Victim Country: USA
    Victim Industry: Manufacturing
    Victim Organization: mid-park, inc.
    Victim Site: mid-park.com

Related Posts