[January-20-2026] Daily Cybersecurity Threat Report

1. Executive Summary

On January 20, 2026, a massive wave of cyber activity was detected across the global digital landscape. The incidents recorded involve a diverse array of threat actors, ranging from financially motivated ransomware groups like PLAY, Everest, and Qilin to hacktivist collectives such as Pharaohs Team Channel and HellR00ters Team. The scope of victims is equally broad, affecting critical infrastructure in the Czech Republic, major telecommunications firms in the UK and Algeria, government bodies in Indonesia and the UAE, and healthcare providers in the USA.

The data indicates a significant commodification of cybercrime, with numerous “Initial Access” listings for sale, alongside the dumping of millions of personally identifiable information (PII) records. This report categorizes these incidents by threat type and geography to provide a detailed assessment of the situation.

2. Critical Infrastructure and Operational Technology (OT) Attacks

One of the most concerning trends observed in this dataset is the direct targeting of Operational Technology (OT) and critical infrastructure, particularly in Eastern Europe.

Czech Republic Infrastructure Wave

A coordinated series of attacks targeting utility systems in the Czech Republic was claimed by the Z-PENTEST ALLIANCE and NoName057(16).

Hydroelectric Power: The group Z-PENTEST ALLIANCE claimed unauthorized access to the MVE Poděbaby small hydroelectric power plant. The threat actors asserted they gained full control over critical operational functions, enabling them to manipulate turbine output, water levels, cleaning intervals, and unit startup/shutdown procedures. They further claimed to have modified remote access credentials via VNC, potentially locking out licensed operators and causing power grid disruptions.
Water Treatment Systems: The same group, Z-PENTEST ALLIANCE, claimed unauthorized access to a Czech water treatment system. They reported that the compromised system allowed for the control of pumps, valves, and filters, as well as the monitoring of water chemistry, posing a potential risk to public health and safety.
Boiler Control Systems: A separate entity, NoName057(16), claimed access to a boiler control system in the Czech Republic. This access allegedly permitted the manipulation of key parameters such as temperature, pressure, pump operation, and biomass supply, which could lead to physical damage or service interruption.

Other Infrastructure Targets

Moldova CCTV: The threat actor MORNING STAR claimed to have gained unauthorized access to multiple CCTV surveillance systems across Moldova, compromising physical security monitoring capabilities.
South Korea Manufacturing: The Infrastructure Destruction Squad claimed unauthorized access to systems belonging to Hyosung Corporation (Hybusung Tech). The actors described having full control over technological operations, including drilling, thread cutting, and synchronization of axis drive movements, which could sabotage manufacturing precision.

3. The Ransomware Crisis: Major Groups and Victims

Ransomware continues to be a dominant threat, with multiple groups listing new victims and threatening data publication.

PLAY Ransomware Group

The PLAY ransomware group was highly active, listing multiple US-based victims across various sectors. In all cases, the group claimed to possess private confidential data, client documents, budgets, payroll, IDs, and tax information, with a threat to publish within 5 days.

Raymundos Food Group, LLC: A US manufacturing entity.
Eastern Ice Company Inc.: A US-based company in the restaurant/food service sector.
Release Marine, Inc.: A US design company.
Riverwood Golf Club: A recreational facility in the USA.

Everest Ransomware Group

Everest targeted high-profile organizations with significant data exfiltration claims.

McDonalds India: In a major escalation, Everest claimed to have obtained 861 GB of data from McDonalds India, including personal documents and client information. They set a publication deadline of 9-10 days.
Ciena: The group claimed to have stolen 11 GB of sensitive technical data from Ciena, a US telecommunications giant. The exfiltrated data reportedly includes electrical schematics, power distribution diagrams, and printed circuit board (PCB) layout files, representing a significant loss of intellectual property.
All4You: An organization in the business development sector fell victim, with data held for ransom.

Sinobi Ransomware Group

The Sinobi group focused on healthcare, energy, and public safety, threatening publication within 6-7 days.

Geoplin d.o.o.: A Slovenian oil and gas company saw 350 GB of data compromised, including contracts and financial records.
Pivotal Healthcare: A US healthcare provider had 130 GB of confidential customer and financial data exfiltrated.
Talleyville Fire: A US public safety organization lost 40 GB of data, including contracts.

Other Notable Ransomware Activity

Qilin: This group claimed attacks on Kontena Nasional Berhad (Malaysia, Transportation) and Altius Geotechnics & Special Works (Spain, Construction).
Sarcoma: Targeted MecMatica Srl (Italy, Software), stealing 74 GB of data , and an unidentified US organization, stealing 1 TB of data.
Inc Ransom: Claimed to have obtained 100 GB of data from Sandberg, a UK construction firm.
LockBit 5.0: Targeted the Veenkoloniaal Museum in the Netherlands, threatening publication in two weeks.
NightSpire: Claimed 80 GB of data from TriApex Laboratories Co., Ltd. (USA, Biotechnology).
TENGU: Targeted the Coconut Development Board (India, Government), with a 10-day publication window.

4. Major Data Breaches by Region

Europe: The French and Russian Data Dump

A significant volume of data breaches targeted French and Russian organizations.

France:
- The “Solonik” & “Chipolata” Leaks: Threat actors Solonik and chipolata were responsible for a deluge of French data. Victims included La Poste Groupe (Logistics) , Leroy Merlin (Retail) , All-Batteries , BatterieSUS , AXESS (IT Services) , and JASSUME (Legal Services).
- Fédération Française d’Escrime (FFE): The threat actor Kayo leaked PII of athletes, coaches, and officials.
- Combined Collections: Chipolata released a “French Collection” containing 15 databases from various organizations.
Russia:
- Microfinance Organizations: A massive breach involving Russian Microfinance Organizations (MFO) was reported by X0Frankenstein, exposing over 51 million records. The data includes full names, birth dates, phone numbers, addresses, tax IDs (INN), and passwords.
- Grastin: Threat actor thelastwhitehat leaked 1.58 million records from this logistics company, including physical addresses and phone numbers.
- VimeWorld: Kayo leaked the player database, including password hashes and IP addresses.
- Bright Park: An automotive sector breach exposing company IDs and addresses.
Other European Breaches:
- Spain: PCComponentes allegedly had 16.3 million user records leaked, including purchase history and invoices . The National Association of Driving Schools (ANAES) also suffered a breach of administrative credentials and medical data.
- Serbia: The Ministry of Defence had internal records and personnel data leaked by dpbruce.
- UK: BT Group plc saw 49,999 records exposed , and Meloncraft (Gaming) had player data leaked.
- Netherlands: Max Code & Games was targeted by Pharaohs Team Channel.

The Americas: Identity Theft and Corporate Access

USA:
- Social Security & Identity Data: A threat actor offered a database of US Full Info including SSNs , while another leak dubbed “Fullz Data” included government ID images, selfies, and SSNs.
- Automotive: MacMulkin Chevrolet Cadillac suffered a breach of 1.45 million user records.
- LinkedIn: A repost of a 2021 scrape containing data on 500 million users appeared.
- Biden Family Leak: Threat actor 0BITS claimed to leak email data, including encryption keys and messages, from Hunter Biden.
- Gambling: BodogLife had nearly 25,000 user records leaked.
- Maritime: The California Cooperative Oceanic Fisheries Investigations (CalCOFI) had a 1.4 GB database leaked.
Latin America:
- Venezuela: CICPC (Scientific, Criminal and Forensic Investigations Corps) had sensitive records regarding criminal investigations exposed.
- Bolivia: A database of 10 million citizens was offered for sale.
- Dominican Republic: A leak containing citizen health and vaccination records was published.
- Brazil: Administrative access to the Municipal Government of Fortaleza was sold.
- Mexico: Aeroméxico data was claimed to be leaked.

Asia-Pacific: High-Volume Government and Commercial Leaks

Vietnam:
- National Credit Information Center: A massive claim of 100 million leaked records including loan data, debt info, and tax IDs was made by BFRepoV4Files.
- Vietnam Airlines: Data from the national carrier was leaked by CY8ER_N4TI0N.
- Gia Đình Lê Bảo Tịnh Ban Mê Thuột: Targeted by Z-BL4CX-H4T.
Indonesia:
- Government & Education: The DPR Indonesia (House of Representatives) was breached. Educational institutions like State Vocational School 5 Batam and SMA Trensains Muhammadiyah Sragen were also compromised.
- Integrity Assessment Survey: The website spi.kpk.go.id was defaced by GARUDA CYBER TEAM.
- West Java Provincial Education Office: A database breach exposed PII including National ID numbers.
China:
- Guangdong Medical University: Hospital data including tenant and hospital IDs was put up for sale.
- Veloxbay: The logistics company’s site was defaced.
Thailand:
- Hopeful Co. Ltd: A health supplement company had customer IDs, orders, and payment methods leaked.

Middle East & Africa: Telecom and Government Targets

Algeria:
- Algeria Telecom: Threat actor DARK 07x claimed to have breached the main website and email infrastructure, selling the database.
- National Agency for Auto‑Entrepreneurs (ANAE): Identity documents and passports were leaked.
- Inter Partner Assistance Algeria: Insurance data including portal access was leaked.
UAE:
- Government Documents: Buscador leaked documents related to the UAE government.
- Property Data: jrintel leaked data on property owners, including valuation metadata and Golden Visa eligibility.
- Crypto Investors: Solonik leaked a list of 104 high-net-worth crypto investors, explicitly marketing it for fraud and phishing.
Israel:
- Flight Information: A database of passenger flight info, including passport numbers and emergency contacts, was sold by 5gbstoragevpn.
North Korea:
- Db North Korea: A database leak was claimed by CY8ER N4TI0N.

5. The Market for Initial Access

A thriving underground market for “Initial Access” to corporate networks was observed, primarily involving US-based companies. These sales often facilitate future ransomware attacks.

Telecommunications: Access to an unidentified Dominican Republic telecom company ($16M revenue) was sold.
Construction: Access to multiple US construction management companies was offered by actor Big-Bro, citing SonicWall vulnerabilities as the entry point.
Logistics: Access to a US freight logistics company ($7M revenue) was sold, also via SonicWall compromise.
Legal & IT: Access to a US law firm and various IT/Business service companies was listed for sale.
Azerbaijan: Shell access to Sumgait State University was claimed.

6. Hacktivism and Website Defacement

Several groups engaged in website defacement, often motivated by political or reputation-building goals.

Pharaohs Team Channel: This group was prolific, defacing websites across multiple industries and countries. Targets included Traction Toolbox , Stocks Option Blaster , F-Bomb Fotolab (Canada) , Anomoz Softwares (Pakistan) , Port SAC Logistics (Australia) , Octave Stocks FX , and Sabreworks Services.
HellR00ters Team: Focused heavily on gambling websites, defacing WBO88, HomeBet77, Gaspoll888, and Tuan168.
Z-BL4CX-H4T: Defaced Pike Aviation (USA) and display.gigaav.com (Brazil).
Other Actors: NotraSec (UAE) , Alpha wolf (India) , Global Error System (Indonesia) , and BontenSec (India) all claimed defacements.

7. Malware and Vulnerability Sales

The report identifies the sale of tools designed to facilitate cyberattacks.

TRON Drainer Bot: Threat actor KOLLEKTOR sold a bot designed to drain cryptocurrency wallets (Trust Wallet, Binance Web3) by detecting token approvals and executing smart contract interactions.
WordPress 0-Day: A zero-day exploit for a WordPress plugin affecting 4,000 installations was offered for sale, enabling unauthorized mass email campaigns.
Syslogger Builder: A tool for configuring log exfiltration via SMTP or FTP was listed by Starip.

8. Conclusion

The cyber incidents recorded on January 20, 2026, illustrate a volatile and highly active threat landscape. Three key trends emerge from this data:

Critical Infrastructure Fragility: The successful manipulation of hydroelectric, water, and boiler systems in the Czech Republic demonstrates that threat actors are increasingly moving beyond data theft to physical operational disruption. This poses a direct threat to public safety and essential services.
Global Ransomware Proliferation: Major ransomware groups like PLAY, Everest, and Sinobi are operating with impunity, targeting organizations globally—from Indian fast-food chains to US defense contractors. The volume of data being exfiltrated (terabytes in some cases) indicates that “double extortion” (encrypting and leaking) remains the standard operating procedure.
The Industrialization of Cybercrime: The distinct separation of labor is evident. “Initial Access Brokers” (like Big-Bro) compromise networks via vulnerabilities (e.g., SonicWall) and sell this access to other criminals. Meanwhile, specialized malware (drainers, loggers) is sold as a commodity. This ecosystem lowers the barrier to entry for sophisticated attacks.

In summary, the sheer volume of PII leaked—impacting hundreds of millions of individuals across Russia, Vietnam, the USA, and Europe—combined with the direct targeting of industrial control systems, highlights a critical need for enhanced cybersecurity resilience in both the public and private sectors.

Alleged data breach of Grastin
Category: Data Breach
Content: The threat actor claims to have leaked data belonging to Grastin from 2022. The compromised data reportedly contain 1.58 million records including full names, email addresses, phone numbers, physical addresses.
Date: 2026-01-20T23:55:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Grastin-grastin-ru-2022-1-58M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54a21c89-dbbd-4dce-8e67-16658a999ccf.png
Threat Actors: thelastwhitehat
Victim Country: Russia
Victim Industry: Transportation & Logistics
Victim Organization: grastin
Victim Site: grastin.ru
Alleged data breach of Vietnam Airlines
Category: Data Breach
Content: The threat actor claims to be leaked data from Vietnam Airlines
Date: 2026-01-20T23:29:33Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Vietnam-airlines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d847d2dc-9023-42de-839b-c515a252f00e.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Vietnam
Victim Industry: Airlines & Aviation
Victim Organization: vietnam airlines
Victim Site: vietnamairlines.com.vn
Alleged data breach of Aeroméxico
Category: Data Breach
Content: The threat actor claims to be leaked data from Aeroméxico
Date: 2026-01-20T23:23:22Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Aeroxmexico
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2911187b-a1e5-4720-bdc6-b29ae0168f1c.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Mexico
Victim Industry: Airlines & Aviation
Victim Organization: aeroméxico
Victim Site: aeromexico.com
Alleged data breach of Cuerpo de Investigaciones Científicas, Penales y Criminalísticas (CICPC)
Category: Data Breach
Content: A threat actor claims to have leaked internal data belonging to Venezuela’s Scientific, Criminal and Forensic Investigations Corps (CICPC). the exposed material includes sensitive records associated with criminal investigations and law-enforcement operations.
Date: 2026-01-20T23:02:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-VENEZUELA%C2%A0-CICPC-%C2%A0-Scientific-Criminal-and-Forensic-Investigations-Corps-20-01-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c0e8ac2-9e6b-4e40-b881-6c764fbce30e.png
https://d34iuop8pidsy8.cloudfront.net/0cb77fbb-d941-440a-88c6-57e9491d27c3.png
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Law Enforcement
Victim Organization: cuerpo de investigaciones científicas, penales y criminalísticas (cicpc)
Victim Site: cicpc.gob.ve
Alleged Sale of TRON Drainer Bot
Category: Malware
Content: Threat Actor claims to be selling a TRON-based drainer bot allegedly designed to facilitate the unauthorized draining of cryptocurrency wallets. The tool supports manual and automated draining operations, including checking wallet balances (TRX, USDT), detecting token approvals, and executing smart contract interactions to drain partial or full balances. Also the bot can activate inactive wallets using small TRX transfers and utilizes energy-based contract signing, allowing transactions to be signed without the victim holding native TRX. The tool is claimed to support multiple wallets, including Trust Wallet, Binance Web3, Bybit Web3, and TronLink.
Date: 2026-01-20T22:32:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274182/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0621e2a8-4132-46eb-8be9-8c43201aa95c.png
Threat Actors: KOLLEKTOR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fédération Française d’Escrime (FFE)
Category: Data Breach
Content: A threat actor claims to have leaked database belonging to the Fédération Française d’Escrime . The leaked dataset includes extensive personally identifiable information (PII) related to athletes, coaches, and officials associated with the federation.
Date: 2026-01-20T22:30:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FFESCRIME-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6067bb8a-38eb-4ec6-9a82-39267406471d.png
https://d34iuop8pidsy8.cloudfront.net/b232febf-2adc-4827-bb65-f9e894611be3.png
Threat Actors: Kayo
Victim Country: France
Victim Industry: Sports
Victim Organization: fédération française d’escrime (ffe)
Victim Site: ffescrime.fr
Alleged unauthorized access to multiple CCTV surveillance systems in Moldova
Category: Initial Access
Content: The group claims to have gained unauthorized access to multiple CCTV surveillance systems in Moldova
Date: 2026-01-20T22:21:06Z
Network: telegram
Published URL: https://t.me/op_morningstar/245
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bddcd134-57ea-451a-a93b-59c4a9c3e83c.jpg
Threat Actors: MORNING STAR
Victim Country: Moldova
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Db North Korea
Category: Data Breach
Content: A threat actor claims to be sharing a database to Db North Korea.
Date: 2026-01-20T22:09:45Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Db-North-Korea
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/acd75280-c862-40cf-81d8-163a7f0d347a.png
Threat Actors: CY8ER N4TI0N
Victim Country: North Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of US Full Info, SSN database
Category: Data Breach
Content: A threat actor claims to be sharing a database containing full personal information of individuals in the United States, including Social Security Numbers (SSNs).
Date: 2026-01-20T22:07:06Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Full-Info-SSN-United-States
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8a194f7-e262-41c7-836d-b8ba9663c5f1.png
Threat Actors: CY8ER N4TI0N
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Algeria Telecom
Category: Data Breach
Content: The group claims to have breached the systems of Algeria Telecom, allegedly compromising the main website, multiple subdomains, and the company’s email infrastructure. According to the post, the actor claims to be selling the extracted database on dark web forums.
Date: 2026-01-20T21:56:14Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1022?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b944b76a-1a72-487a-93bf-6100be1451c2.png
https://d34iuop8pidsy8.cloudfront.net/791eb193-cfdd-4eb0-b685-711abbf26cc0.png
https://d34iuop8pidsy8.cloudfront.net/f0a69680-8cdf-45af-9cd1-2c531d0232a5.png
https://d34iuop8pidsy8.cloudfront.net/ce365a9c-47bc-4213-ac81-56c80f99d61f.png
https://d34iuop8pidsy8.cloudfront.net/e066b52c-c050-4344-9067-0a4d20625b41.png
https://d34iuop8pidsy8.cloudfront.net/d4cd5a0d-f01d-48ee-8cfe-c532e111d72b.png
https://d34iuop8pidsy8.cloudfront.net/83b2dd71-952f-4ede-b960-50fc34d94fb5.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Network & Telecommunications
Victim Organization: algeria telecom
Victim Site: algerietelecom.dz
Alleged data breach of Meloncraft
Category: Data Breach
Content: A threat actor claims to have leaked the Meloncraft database. The leaked database reportedly contains player account informations, Usernames ,IP addresses ,Password hashes.
Date: 2026-01-20T21:45:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Meloncraft-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4721d106-8482-4f92-a30f-a14696cc40ce.png
https://d34iuop8pidsy8.cloudfront.net/51bfe5ac-a3ab-4446-bba3-f34a967d1bba.png
Threat Actors: Kayo
Victim Country: UK
Victim Industry: Gaming
Victim Organization: meloncraft
Victim Site: meloncraft.net
Alleged data breach of LinkedIn
Category: Data Breach
Content: https://breachforums.bf/Thread-COLLECTION-LinkedIn-2021-scraped-data-for-500million-users. Allegedly exposed data includes ,Full names ,LinkedIn profile URLs,Usernames and internal profile IDs,Job titles and roles,Industry and employment information,Company names and locations.
Date: 2026-01-20T21:39:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-LinkedIn-2021-scraped-data-for-500million-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dcda9e60-6fa6-4bf7-9d90-ce8c9bdf1b0c.png
Threat Actors: qoqo1998
Victim Country: USA
Victim Industry: Software Development
Victim Organization: linkedin
Victim Site: linkedin.com
Alleged Data Leak of Property Owner Data in UAE
Category: Data Breach
Content: Threat Actor claims to have leaked the property owner data in UAE. The compromised data allegedly includes flat number, name, phone number, etc.
Date: 2026-01-20T21:29:53Z
Network: openweb
Published URL: https://fuckforums.lol/showthread.php?tid=111
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23ccddab-7128-4cac-b5f4-686fdfdaa470.png
https://d34iuop8pidsy8.cloudfront.net/87721dcb-1e5b-4769-8b0b-f487c8893afa.png
Threat Actors: jrintel
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VimeWorld
Category: Data Breach
Content: A threat actor claims to have leaked the VimeWorld player database.the leaked database allegedly contains all player-related information, including ,Usernames,IP addresses,Password hashes.
Date: 2026-01-20T21:28:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-VimeWorld-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b29060ef-bc15-4d93-bdd9-a09d0ce4f909.png
https://d34iuop8pidsy8.cloudfront.net/5f182f1c-c7b6-46f5-866f-8e17ed876d4c.png
Threat Actors: Kayo
Victim Country: Russia
Victim Industry: Gaming
Victim Organization: vimeworld
Victim Site: vimeworld.com
Alleged data leak of UAE documents
Category: Data Breach
Content: The group claims to have leaked documents related to UAE government
Date: 2026-01-20T21:28:03Z
Network: telegram
Published URL: https://t.me/c/2451084701/491201
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84e3ed12-0e82-4b75-b41b-741c4faaf2b5.png
Threat Actors: Buscador
Victim Country: UAE
Victim Industry: Government Administration
Victim Organization: uae government
Victim Site: gov.ae
Alleged data breach of MIGHT ELECTRONIC CO., LTD.
Category: Data Breach
Content: Group claims to have obtained organizations data and intent to publish it within 1-2 days.
Date: 2026-01-20T21:25:29Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/6990759279/overview
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb8ddb9f-0bc0-40f6-9ffe-599ede510787.png
https://d34iuop8pidsy8.cloudfront.net/283367d2-9518-4986-ae65-c0a389247915.png
Threat Actors: Worldleaks
Victim Country: Taiwan
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: might electronic co., ltd.
Victim Site: might.com.tw
Alleged data breach of Britain International Academy (BIA)
Category: Data Breach
Content: A threat actor claims to have leaked full source code, exposed secrets, database backups, and a GitHub Personal Access Token (PAT),allegedly belonging to the Britain International Academy Portal. Allegedly exposed data includes,Complete application source code,Configuration files,Embedded credentials and sensitive secrets,Database backups.
Date: 2026-01-20T21:20:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-biakw-com-full-source-code-secrets-database-backup-Github-PAT
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e175483d-bc61-489c-ae99-0a8ebfceefef.png
https://d34iuop8pidsy8.cloudfront.net/2c79f2ab-406e-4448-90fc-cbaafb856737.png
Threat Actors: hexvior
Victim Country: UK
Victim Industry: E-Learning
Victim Organization: britain international academy (bia)
Victim Site: portal.biakw.com
Alleged Sale of Unauthorized Access to Unidentified Telecommunications Company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized Remote Code Execution (RCE) access to an unidentified telecommunications company based in Dominican Republic. The compromised company reportedly have revenue of $16 Million.
Date: 2026-01-20T21:16:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Telecommunications-Company
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a15aeb2-7551-4554-b755-7eb565e79e4a.png
Threat Actors: dead
Victim Country: Dominican Republic
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Karachi Cooperative Housing Authority (KCAA)
Category: Data Breach
Content: A threat actor claims to have leaked a full database dump along with administrator-level access allegedly belonging to KCAA Pakistan. exposed data includes ,Admin panel and administrator account data,Customer and member profiles,Contact directories and inquiry records,Orders, invoices, and subscription data,CMS content,Inbox messages and session data,Events, seminars, tenders, and job postings,Documents and uploaded files,Visitor and activity logs.
Date: 2026-01-20T21:12:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-KCAA-Pakistan-Full-database-dump-Adminer-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/62555b61-7d42-46c3-8f06-726e239d866b.png
https://d34iuop8pidsy8.cloudfront.net/ce087762-d703-4abb-b0dc-51e386149562.png
Threat Actors: hexvior
Victim Country: Pakistan
Victim Industry: Government & Public Sector
Victim Organization: karachi cooperative housing authority (kcaa)
Victim Site: kcaa.pk
Kontena Nasional Berhad falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.NB: The organization previously fell victim to The Gentlemen Ransomware on Mon Jan 19 2026
Date: 2026-01-20T21:11:28Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6a431ff5-ee0c-3f5e-adad-65ff8b96e3d5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b9a31b2-55ba-49a4-981e-20e5c029e3c1.png
Threat Actors: Qilin
Victim Country: Malaysia
Victim Industry: Transportation & Logistics
Victim Organization: kontena nasional berhad
Victim Site: kn.com.my
Alleged sale of UAE Property Owners Data
Category: Data Breach
Content: The threat actor claims to have dumped a dataset allegedly containing property owner information from the United Arab Emirates (UAE). The exposed dataset reportedly contains ,Property owner names, Nationality and residency indicators ,Property identifiers and registration numbers,Property location details,Ownership and registration records,Property classification or valuation metadata,Possible associations with residency or Golden Visa eligibility.
Date: 2026-01-20T21:09:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-UAE-Property-Owner-Data-DUMPED
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e9d9689-2e1a-4055-9b39-79ab44a92918.png
Threat Actors: jrintel
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
GARUDA CYBER TEAM targets the website of Indonesias Integrity Assessment Survey
Category: Defacement
Content: The group claims to have defaced the website of Indonesias Integrity Assessment Survey
Date: 2026-01-20T20:51:38Z
Network: telegram
Published URL: https://t.me/xlx77cyber/10
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00a5066f-dbac-495e-a97c-515f1580ffb2.jpg
Threat Actors: GARUDA CYBER TEAM
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: indonesias integrity assessment survey
Victim Site: spi.kpk.go.id
Alleged data breach of Hopeful Co. Ltd
Category: Data Breach
Content: The threat actor claims to have obtained and leaked a database allegedly belonging to Hopeful.co.th, a Thailand-based health supplement company. The leaked data reportedly includes Customer names,Customer IDs,Phone numbers,Shipping and delivery addresses,Order information and order IDs,Transaction dates,Payment methods,Product details and order status records.
Date: 2026-01-20T20:50:48Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Hopeful-co-th-Database-Leaked-Download–185015
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/afdf9ec5-bf8e-4e0e-9fa2-e583c4827bb4.png
Threat Actors: 888
Victim Country: Thailand
Victim Industry: Health & Fitness
Victim Organization: hopeful co. ltd
Victim Site: hopeful.co.th
Alleged Sale of Unauthorized Admin Access to a Municipal Government of Fortaleza
Category: Initial Access
Content: The threat actor claims to have obtained full database dumps and phpMyAdmin access allegedly belonging to the Municipal Government of Fortaleza.
Date: 2026-01-20T20:05:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-fortaleza-ce-gov-br-full-database-dump-phpmyadmin-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10371c67-d780-462f-9733-cefa972c85f8.png
Threat Actors: hexvior
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Fullz Data in USA
Category: Data Breach
Content: Threat Actor claims to have leaked the Fullz datasets allegedly containing sensitive US personal identity information. The data reportedly includes government ID front and back images, selfies, Social Security Numbers (SSNs), and personal disclosure details.
Date: 2026-01-20T19:55:26Z
Network: openweb
Published URL: https://leakbase.la/threads/fullz-usa-id-front-id-back-selfie-ssn-personal-disclosure.48324/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d49a3aa4-296c-46f7-8af4-68495549edb4.png
Threat Actors: ezrafulton
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of MacMulkin Chevrolet Cadillac
Category: Data Breach
Content: Threat Actor claims to have breached the database of MacMulkin Chevrolet Cadillac in USA. The compromised database allegedly contains approximately 1.45 million user records, including personal information such as first and last names, addresses, city, state, postal codes, email addresses, and phone numbers.
Date: 2026-01-20T19:52:39Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274180/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9d59e5b-f71b-45fd-9a42-3e1d5859bdf4.png
Threat Actors: renn
Victim Country: USA
Victim Industry: Automotive
Victim Organization: macmulkin chevrolet cadillac
Victim Site: macmulkin.net
Alleged Sale of Unauthorized Admin Access to a WordPress Shop in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access with full rights to a WordPress shop in USA.
Date: 2026-01-20T19:20:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274169/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bc4bfbd-bc7e-4450-97c5-9e499f2abc28.png
Threat Actors: intost1n
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to a Legal Services Company in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a legal services company in USA. The access reportedly includes domain user credentials and exposure through SonicWall network infrastructure.
Date: 2026-01-20T18:53:25Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274147/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7618ac2-73d6-48a0-9677-36fc79309d6a.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Indonesias West Java Provincial Education Office
Category: Data Breach
Content: The group claims to have breached the database of Indonesias West Java Provincial Education Office. The breach includes PII like full name, national identification number, occupation, phone number, and full residential address
Date: 2026-01-20T18:39:05Z
Network: telegram
Published URL: https://t.me/maul1337anon/627
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90e49e64-49b5-4109-9933-9cc834c8df0b.jpg
Threat Actors: maul1337
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: west java provincial education office
Victim Site: disdik.jabarprov.go.id
Alleged Sale of Unauthorized Domain Admin and Forti Access to an IT & Business Company in USA
Category: Initial Access
Content: Threat Actor claims to be selling Unauthorized Domain Admin Access and Forti Access to an IT & Business Company in USA.
Date: 2026-01-20T18:37:13Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274161/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2395451-5f72-47d2-83d8-3ca56a2f0f1a.png
Threat Actors: segvec1
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach PCComponentes
Category: Data Breach
Content: The threat actor claims to have obtained and is offering for sale a large database allegedly belonging to PCComponentes. The exposed dataset reportedly contains data of more than 16.3 million registered user. The leaked information includes ,Customer personal details ,Email addresses,Phone numbers,Full postal addresses ,Order and purchase history,Invoices and billing records,Order IDs and transaction details.
Date: 2026-01-20T18:27:35Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Database-PCComponentes-com-16-384-11-million
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c13bc02-d5a8-4738-ba0f-2881c72c4828.png
Threat Actors: daghetiaw
Victim Country: Spain
Victim Industry: Retail Industry
Victim Organization: pccomponentes
Victim Site: pccomponentes.com
Alleged data breach of IQURI Tech
Category: Data Breach
Content: The threat actor claims to have released a collection of source code allegedly stolen from IQURI Tech. the compromised data consists entirely of proprietary source code, rather than customer or employee personal data . which includes ,Application source code repositories,Internal project files,Software logic and implementation details,Directory and tree structure files
Date: 2026-01-20T18:19:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOURCE-CODE-IQURI-Tech-Data-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3b28f789-3c9d-4f80-ab66-9cfb032c99ce.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: iquri tech
Victim Site: iquri.tech
Alleged data breach of Algerias National Agency for Auto‑Entrepreneurs (ANAE)
Category: Data Breach
Content: The group claims to have breached the systems of Algerias National Agency for Auto‑Entrepreneurs (ANAE) and leaked a dataset containing identity documents, passports, auto‑entrepreneur cards, and contractor information.
Date: 2026-01-20T18:12:00Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/894
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd14b0e0-fcc4-480d-bac2-aaba2ba33b05.png
https://d34iuop8pidsy8.cloudfront.net/3df1069f-7b3b-472c-bfc3-4c4b42e3c77a.png
https://d34iuop8pidsy8.cloudfront.net/a257703a-7d92-49ca-8b7d-e4f5ca6b9105.png
https://d34iuop8pidsy8.cloudfront.net/6d6fd96c-1b82-454a-934c-39fb997c655f.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Government Administration
Victim Organization: national agency for auto‑entrepreneurs (anae)
Victim Site: anae.dz
Alleged data breach of BatterieSUS
Category: Data Breach
Content: The threat actor claims to have obtained and leaked a database allegedly belonging to BatterieSUS, a France-based automotive battery retailer.The exposed data reportedly includes customer order information, account details, and contact data such as names, email addresses, phone numbers, and billing-related records.
Date: 2026-01-20T17:57:51Z
Network: openweb
Published URL: https://breachforums.bf/Thread-French-Collection-15-Databases-LDLC-LaPoste-Justice-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6bedde4-e743-409c-9fac-6f385991503a.png
Threat Actors: chipolata
Victim Country: France
Victim Industry: Automotive
Victim Organization: batteriesus
Victim Site: batteriesus.com
Alleged data breach of Ministry of defence Republic of Serbia
Category: Data Breach
Content: The threat actor claims to have obtained and leaked a database allegedly belonging to the Serbian Ministry of Defence, the government body responsible for national defense and military administration in Serbia.The exposed data reportedly includes internal records, administrative information, and potentially personnel-related data associated with the ministry’s systems.
Date: 2026-01-20T17:54:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Serbia-National-Public-of-Defence-leak-db
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c67caf3-4c91-4662-a5ba-4ed73ef4ae18.png
Threat Actors: dpbruce
Victim Country: Serbia
Victim Industry: Military Industry
Victim Organization: ministry of defence republic of serbia
Victim Site: mod.gov.rs
Alleged data breach of JASSUME
Category: Data Breach
Content: The threat actor claims to have obtained and leaked a database allegedly belonging to JASSUME, a French digital legal services platform. The exposed data reportedly includes user account information, such as email addresses, user identifiers, and legal-related user data associated with the platform’s services.
Date: 2026-01-20T17:42:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-French-Collection-15-Databases-LDLC-LaPoste-Justice-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a868cacf-a525-4da6-8818-b1aae04e9117.png
Threat Actors: chipolata
Victim Country: France
Victim Industry: Legal Services
Victim Organization: jassume
Victim Site: jassume.com
Raymundos Food Group, LLC falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
Date: 2026-01-20T17:21:56Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=BViiC08EGtvIR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5267ee85-6237-4ff0-b365-3a82449dfb64.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: raymundos food group, llc
Victim Site: raymundosfoodgroup.com
Alleged data breach of AXESS
Category: Data Breach
Content: The threat actor claims to have accessed and leaked a database allegedly belonging to AXESS, a French IT services and digital solutions provider.The exposed dataset reportedly contains client records, including contact details such as names, email addresses, phone numbers, as well as internal system data linked to AXESS’s digital infrastructure.
Date: 2026-01-20T17:19:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-French-Collection-15-Databases-LDLC-LaPoste-Justice-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff128e4c-d5c2-40d7-9020-03cf3d7013e5.png
Threat Actors: chipolata
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: axess
Victim Site: axess.fr
EASTERN ICE COMPANY INC. falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
Date: 2026-01-20T17:16:22Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=9TUQ8S9lFX31Vv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a349c0d2-2be7-471d-8a20-6628825bdc70.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Restaurants
Victim Organization: eastern ice company inc.
Victim Site: easternice.net
Release Marine, Inc falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
Date: 2026-01-20T17:02:55Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=MetL6ABqamY46f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56859a06-ce20-4d00-8b1c-8f5f69ff630d.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Design
Victim Organization: release marine, inc
Victim Site: releasemarine.com
Alleged data leak of Biden Family
Category: Data Breach
Content: The threat actor claims to have leaked email data from Hunter Biden’s email accounts. The compromised dataset reportedly includes ,Full names,Email addresses,IP addresses,Email domains,Encryption keys,Email message files.
Date: 2026-01-20T16:56:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-The-Biden-Leak-Download-Partial
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cf0e7c3-6178-403c-bc16-3b7cfe1b4143.png
Threat Actors: 0BITS
Victim Country: USA
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Riverwood Golf Club falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
Date: 2026-01-20T16:55:21Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=RTyjCBeiwnxv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e99004fd-9840-49d2-83f2-4df7f859c484.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Recreational Facilities & Services
Victim Organization: riverwood golf club
Victim Site: riverwoodgc.com
Alleged data leak of Russian Microfinance Organizations (MFO)
Category: Data Breach
Content: The threat actor claims to have leaked a large database associated with Russian Microfinance Organizations (MFO). The exposed dataset reportedly contains over 51 million records, including sensitive personal information such as full names, dates of birth, phone numbers, residential addresses, tax identification numbers (INN), and account passwords.
Date: 2026-01-20T15:18:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-RU-Database-MFO-51M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e3acdf2a-05be-48e6-9a2a-20821c87f1e0.png
Threat Actors: X0Frankenstein
Victim Country: Russia
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to MVE PODĚBABY
Category: Initial Access
Content: The group claims that they have gained unauthorized access to the control system of the MVE Poděbaby small hydroelectric power plant in the Czech Republic, allegedly obtaining full control over critical operational functions. According to the claim, the access enabled manipulation of turbine output, water levels, cleaning intervals, and unit startup and shutdown, as well as modification of remote access credentials via VNC, granting control over an interface intended only for licensed operators. The actor alleges that this activity resulted in operational disruptions, recorded incidents, and impacts to the power grid, potentially causing outages.
Date: 2026-01-20T15:09:08Z
Network: telegram
Published URL: https://t.me/zpentestalliance/979
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c5851b2-92c4-4378-8a13-088560bd9bbc.jpg
https://d34iuop8pidsy8.cloudfront.net/fb4bea4d-8d3d-4c91-8463-1ee0501d3263.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Czech Republic
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Ciena falls victim to Everest Ransomware
Category: Ransomware
Content: The group claims to have obtained 11 GB of the organization data. The data includes PDF files with electrical schematics, block and power distribution diagrams, interface and synchronization designs, service subsystem details, printed circuit board layout files containing component placement, routing, layer definitions and manufacturing-critical hardware design information. They intend to publish it within 9-10 days.
Date: 2026-01-20T15:03:52Z
Network: tor
Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Ciena/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8ff995f3-e368-4ff6-92eb-821f9c5fc0cb.png
Threat Actors: Everest
Victim Country: USA
Victim Industry: Network & Telecommunications
Victim Organization: ciena
Victim Site: ciena.com
Alleged sale of access to an unidentified U.S.-based construction management company.
Category: Initial Access
Content: A threat actor is offering to sell access to a U.S.-based construction management company.
Date: 2026-01-20T14:49:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274149/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/446241ae-3dae-48f0-9e59-54de02545ba8.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of micro financial organisations
Category: Data Breach
Content: The threat actor claims to have leaked 51 million plus lines of data of the organisation, allegedly including fio, birth date, password, address, inn, phone
Date: 2026-01-20T14:39:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-RU-Database-MFO-51M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/357119a5-b3e3-4fc6-8ad5-d24d1fc19f3d.JPG
Threat Actors: X0Frankenstein
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access sale to an unidentified US-based IT & Business service company
Category: Initial Access
Content: The threat actor claims to be selling access to an unidentified US-based IT & Business service company
Date: 2026-01-20T14:25:22Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274161/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1d333044-4924-4d30-bb9c-41a089bfb6ff.png
Threat Actors: segvec1
Victim Country: USA
Victim Industry: Information Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of California Cooperative Oceanic Fisheries Investigations
Category: Data Breach
Content: The threat actor claims to have successfully breached and leaked a database belonging to the California Cooperative Oceanic Fisheries Investigations (CalCOFI). The leaked data is approximately 1.4 GB in size and reportedly covers a data period from 2021 to 2023. The actor specifies that the archive contains various file formats, including .xls, .sql, and .xml, and has provided a screenshot of a file directory listing several database files
Date: 2026-01-20T14:04:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-1-4-GB-Calcofi-Database-Breached-Free-Download-Sample
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0980cd30-1bd8-4fc1-a911-fd2c7098201f.jpg
Threat Actors: AiriHoshino
Victim Country: USA
Victim Industry: Maritime
Victim Organization: california cooperative oceanic fisheries investigations
Victim Site: calcofi.org
Alleged Unauthorised Access to a water treatment system in the Czech Republic
Category: Initial Access
Content: The group claims to have gained alleged unauthorised access to a water treatment system in the Czech Republic. The compromised system reportedly provides control of pumps, valves, filters, and monitoring of water chemistry.
Date: 2026-01-20T13:30:46Z
Network: telegram
Published URL: https://t.me/zpentestalliance/978
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15c9d04f-cafb-482a-a7ab-d5bf59ec4db9.JPG
https://d34iuop8pidsy8.cloudfront.net/c67e4081-7547-454c-8003-b07019afa4a2.JPG
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of State Vocational School 5 Batam
Category: Data Breach
Content: The group claims to have breached the organisations data.
Date: 2026-01-20T13:19:24Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/475
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/48082f2c-ba05-4db0-8620-35c438db3e71.jpg
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: state vocational school 5 batam
Victim Site: smkn5batam.sch.id
Alleged Data sale of Guangdong Medical University
Category: Data Breach
Content: The threat actor claims to be selling data from the Affiliated Hospital of Guangdong Medical University. The compromised data reportedly includes tenant ID, hospital ID, database backup date, and additional information.
Date: 2026-01-20T13:16:22Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-A-database-of-a-hospital-in-Guangzhou-China
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/be2060cb-ccfb-466e-b297-f8c954f26ee0.png
https://d34iuop8pidsy8.cloudfront.net/1ca9b52e-ffe4-4723-8044-240c4c3800bf.png
https://d34iuop8pidsy8.cloudfront.net/70c274a6-9cc9-4555-a83c-acf0aa06c204.png
https://d34iuop8pidsy8.cloudfront.net/ed31639c-5cf4-4e3b-82b9-433f89216c41.png
https://d34iuop8pidsy8.cloudfront.net/1be4f448-d6e6-4228-a61b-2c8eba10789c.png
Threat Actors: aming
Victim Country: China
Victim Industry: Education
Victim Organization: affiliated hospital of guangdong medical university.
Victim Site: en.gdmu.edu.cn
Alleged unauthorized access to an unidentified boiler control system in Czech Republic
Category: Initial Access
Content: The group claims to have gained unauthorized access to an boiler control system in Czech Republic, allegedly enabling direct manipulation of operational parameters. According to the claim, the access allows modification of access to key parameters: temperature, pressure, pump operation, and biomass supply.
Date: 2026-01-20T13:11:24Z
Network: telegram
Published URL: https://t.me/c/2787466017/1724
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4ce9013d-6d97-420e-88be-227d287eaa46.jpg
https://d34iuop8pidsy8.cloudfront.net/745cbea0-3f84-4ad8-88c0-15c0f6caeceb.jpg
Threat Actors: NoName057(16)
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of National Association of Driving Schools
Category: Data Breach
Content: The threat actor claims to have breached 532.3 KB of data from the National Association of Driving Schools, allegedly containing personal data, patient data, medical data, and system access information.
Date: 2026-01-20T13:10:57Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-SPAIN-Asociaci%C3%B3n-Nacional-de-Autoescuelas-ANAES-FULL-DB-DUMP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b363eecf-c226-4cfd-ae83-23a9000195ee.png
https://d34iuop8pidsy8.cloudfront.net/ccc4940f-c0c5-498d-84d9-5dc3f3ab3116.png
Threat Actors: Evorax
Victim Country: Spain
Victim Industry: Automotive
Victim Organization: national association of driving schools
Victim Site: anaesautoescuelas.es
Alleged data breach of SMA Trensains Muhammadiyah Sragen
Category: Data Breach
Content: The group claims to have breached the organisations data.
Date: 2026-01-20T13:06:37Z
Network: telegram
Published URL: https://t.me/TEAMRPLAX/474
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f867252e-07c9-4e80-9019-108415e90e49.jpg
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sma trensains muhammadiyah sragen
Victim Site: trensains.sch.id
Coconut Development Board falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data. They intend to publish in 9 – 10 days.
Date: 2026-01-20T13:05:40Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/c0b63c60d94025eff1accba59f0f42fd8a932576faf925c2cd5044201bd98676/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7381133-61b4-4d96-bca7-6c32f69356bb.jpg
https://d34iuop8pidsy8.cloudfront.net/110a167e-6d44-4787-aa9e-c1344a6ebab1.jpg
Threat Actors: TENGU
Victim Country: India
Victim Industry: Government Administration
Victim Organization: coconut development board
Victim Site: coconutboard.gov.in
Alleged data breach of ALL-BATTERIES
Category: Data Breach
Content: The threat actor claims to have breached data from ALL-BATTERIES.
Date: 2026-01-20T12:40:59Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BTCONNECT-COM-%E2%80%94-49-9K-UK-CRYPTO-CLIENT-RECORDS-2025-DATABASE-LEAK-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47cad537-27ed-43d0-8b13-47596d823859.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: all-batteries
Victim Site: batterieasus.com
Alleged leak of passenger flight information from israel
Category: Data Breach
Content: The threat actor claims to have leaked database of passenger flight information from israel. The compromised data includes firstname, middlename, lastname, nationalities, date of birth, email, phone number, passport number, gender, flight number, departure from, enter Type, port of arrival, flight seat, purpose, vehicle type, hotel address, address, arrival Date, province, emergency Contact name, emergency Contact phone, previous Visit etc.
Date: 2026-01-20T12:22:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Global-Flight-Information
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e432d8ee-beb4-47d3-9558-b1db38e24eff.png
https://d34iuop8pidsy8.cloudfront.net/20716d3b-806b-4012-a2db-ed2934415658.png
https://d34iuop8pidsy8.cloudfront.net/8bc77e22-8c4c-49ff-b02b-bfe5ff735cbe.png
Threat Actors: 5gbstoragevpn
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to the system belonging to the HYBUSUNG TECH company in the Republic of Korea
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to the system belonging to the HYBUSUNG TECH company in the Republic of Korea, The compromised system reportedly provides full control over the sequence of technological operations through independent stations, including drilling, thread cutting, surface turning, side cutting, threading, and finishing processing, with precise synchronization of axis and drive movements at each stage.
Date: 2026-01-20T12:21:43Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3399
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f58b34e8-eb65-4a7a-90d3-171fa9889142.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: South Korea
Victim Industry: International Trade & Development
Victim Organization: hyosung corporation
Victim Site: hyosung.com
Alleged data breach of Leroy Merlin
Category: Data Breach
Content: The threat actor claims to have breached data from Leroy Merlin.
Date: 2026-01-20T12:12:52Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BTCONNECT-COM-%E2%80%94-49-9K-UK-CRYPTO-CLIENT-RECORDS-2025-DATABASE-LEAK-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/afd19ce9-ccda-492f-b4ea-93a2db6d1d2b.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: leroy merlin
Victim Site: leroymerlin.fr
Alleged data breach of La Poste Groupe
Category: Data Breach
Content: The threat actor claims to have breached data from La Poste Groupe.
Date: 2026-01-20T12:06:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BTCONNECT-COM-%E2%80%94-49-9K-UK-CRYPTO-CLIENT-RECORDS-2025-DATABASE-LEAK-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/28c6bf82-cc9c-4f35-871c-dd4932b8d58e.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: la poste groupe
Victim Site: lapostegroupe.com
Veenkoloniaal Museum falls victim to LOCKBIT 5.0 ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data and intend to publish within 14-15 days.
Date: 2026-01-20T12:04:51Z
Network: tor
Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/a5b9a007271ae8448d911572bb35952c
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d5c3896f-5da5-45b5-b6d5-c051ea56ac90.jpg
Threat Actors: LOCKBIT 5.0
Victim Country: Netherlands
Victim Industry: Museums & Institutions
Victim Organization: veenkoloniaal museum
Victim Site: veenkoloniaalmuseum.nl
Alleged data breach of B2C Office Control Certification
Category: Data Breach
Content: The threat actor claims to have breached data from B2C Office Control Certification.
Date: 2026-01-20T11:49:41Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BTCONNECT-COM-%E2%80%94-49-9K-UK-CRYPTO-CLIENT-RECORDS-2025-DATABASE-LEAK-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc0e0881-4eab-47d9-ac45-c82404783622.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: Real Estate
Victim Organization: b2c office control certification
Victim Site: b2c-france.com
NotraSec targets the website of Phoenix optimizer Digital Branding Agency
Category: Defacement
Content: The group claims to have defaced the website of Phoenix optimizer Digital Branding Agency.
Date: 2026-01-20T11:48:20Z
Network: openweb
Published URL: https://defacer.id/mirror/id/230659
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/38195ec7-7fed-4591-851f-0ec6ad4b9255.png
Threat Actors: NotraSec
Victim Country: UAE
Victim Industry: Marketing, Advertising & Sales
Victim Organization: phoenix optimizer digital branding agency
Victim Site: phoenixoptimizer.com
Alleged data sale of Randivonal
Category: Data Breach
Content: The threat actor claims to be selling 186.4k records from Randivonal, allegedly containing full names, confirmation status, phone numbers, email addresses, and street addresses.
Date: 2026-01-20T11:17:58Z
Network: openweb
Published URL: https://breachstars.io/topic/randivonalhu-1864k-qmts0w8el4rv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1636e552-fe4a-4928-9435-97c0159c23f5.png
Threat Actors: ren
Victim Country: Hungary
Victim Industry: Social Media & Online Social Networking
Victim Organization: randivonal
Victim Site: randivonal.hu
Alleged data breach of BT Group plc
Category: Data Breach
Content: The threat actor claims to have breached 49,999 records of data from the organization, allegedly including email addresses, full addresses, city, county/state, and country.
Date: 2026-01-20T11:00:09Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BTCONNECT-COM-%E2%80%94-49-9K-UK-CRYPTO-CLIENT-RECORDS-2025-DATABASE-LEAK-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d1fef1be-f8ef-422d-963e-b8068dc4187b.png
Threat Actors: Solonik
Victim Country: UK
Victim Industry: Network & Telecommunications
Victim Organization: bt group plc
Victim Site: btconnect.com
Alleged data breach of Bright Park
Category: Data Breach
Content: The threat actor claims to have breached data from Bright Park.The compromised data includes company id, post, address, birth date and more
Date: 2026-01-20T10:56:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-BRIGHTPARK-RU-LADA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39ab02b0-9248-4ec1-ab18-a52e8f25955a.jpeg
Threat Actors: yukibmbb
Victim Country: Russia
Victim Industry: Automotive
Victim Organization: bright park
Victim Site: brightpark.ru
Sarcoma Ransomware group has added an unidentified victim
Category: Ransomware
Content: The group claims to have obtained 1 TB of the organizations data and plans to publish it within the next 2-3 days.
Date: 2026-01-20T10:48:13Z
Network: tor
Published URL: http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15c5ec78-f6a5-4ccd-950f-6c17cb32f6f5.jpg
https://d34iuop8pidsy8.cloudfront.net/f563b2c0-daf7-4968-8aa2-731092ec4b75.jpg
Threat Actors: Sarcoma
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Dubai-Based High Net-Worth Crypto Investor Data
Category: Data Breach
Content: The threat actor claims to have leaked a verified database containing the personal information of 104 high net-worth individuals and legal entities tied to cryptocurrency investments in Dubai, UAE. The data dump includes full legal names, spouse or partner details, and a mix of professional and personal email addresses. The actor explicitly suggests that this information is formatted for malicious use, specifically highlighting its utility for phishing, token fraud, and AML mirroring schemes. The sample data provided indicates the inclusion of individuals with foreign passports and business-linked wallets, often utilizing specific regional domains like .ae and .eim.ae.
Date: 2026-01-20T10:36:02Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DUBAI-CRYPTO-%E2%80%94-104-UAE-HNW-INVESTORS-FULL-EMAIL-LIST-2025-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f1d7156-370e-4ba9-b301-eddd0ad26836.jpg
Threat Actors: Solonik
Victim Country: UAE
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alpha wolf targets the website of Dr. Chandrashekar Raman
Category: Defacement
Content: The group claims to have defaced the website of Dr. Chandrashekar Raman.
Date: 2026-01-20T10:30:20Z
Network: openweb
Published URL: https://defacer.id/mirror/id/230658
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f8bdf984-cba1-4bc8-a198-046494cca99c.png
Threat Actors: Alpha wolf
Victim Country: India
Victim Industry: Hospital & Health Care
Victim Organization: dr. chandrashekar raman
Victim Site: puneneurosurgeon.in
MecMatica Srl falls victim to Sarcoma Ransomware
Category: Ransomware
Content: The group claims to have obtained 74 GB of organizations data.
Date: 2026-01-20T10:02:50Z
Network: tor
Published URL: http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a080d0e0-97fa-4828-9fe3-17b55464dcf9.png
https://d34iuop8pidsy8.cloudfront.net/5d7548bc-4685-4bef-8b45-bc5704e874a9.png
https://d34iuop8pidsy8.cloudfront.net/70dceaac-715f-40c9-a257-f96cfab2f61a.png
https://d34iuop8pidsy8.cloudfront.net/dc467b2c-228c-4e93-a3a4-0a5b17ffc52a.png
Threat Actors: Sarcoma
Victim Country: Italy
Victim Industry: Software Development
Victim Organization: mecmatica srl
Victim Site: mecmatica.it
Alleged sale of a 0-day exploit targeting a WordPress plugin
Category: Vulnerability
Content: The threat actor claims to be selling the source code for a 0-day exploit targeting a WordPress plugin with over 4,000 installations, allegedly affecting more than 3,800 vulnerable sites. According to the actor, the flaw enables unauthorized email sending from compromised websites to arbitrary recipients, supporting both mass and individual mail campaigns via configurable templates.
Date: 2026-01-20T09:59:49Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274152/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/996d385b-c308-43f5-bb05-bd87fc4dd9b0.png
Threat Actors: Biden
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chainlink Labs
Category: Data Breach
Content: the threat actor claims to have breached 6,057 records of data from the organisation, allegedly including ETH wallet address, Email, USD investment value
Date: 2026-01-20T09:58:51Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-CHAINLINK-ORG-%E2%80%94-6K-WEB3-INVESTORS-W-EMAIL-ETH-WALLETS-AMOUNTS-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3d23eeb-c05b-465d-82e6-4a622648142e.JPG
https://d34iuop8pidsy8.cloudfront.net/118f17bd-4df8-40b4-acee-ec48b01524b0.JPG
Threat Actors: Solonik
Victim Country: Cayman Islands
Victim Industry: Information Technology (IT) Services
Victim Organization: chainlink labs
Victim Site: chainlink.org
Z-BL4CX-H4T targets the website of Pike Aviation
Category: Defacement
Content: The group claims to have defaced the website of Pike Aviation
Date: 2026-01-20T09:35:28Z
Network: telegram
Published URL: https://t.me/c/3027611821/323
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f0170c0-0f45-429a-9726-e7049445bc42.JPG
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Airlines & Aviation
Victim Organization: pike aviation
Victim Site: pike-aviation.com
Alleged Leak of French Databases
Category: Data Breach
Content: The threat actor claims to have leaked a combined collection of 15 databases allegedly originating from multiple French organizations.
Date: 2026-01-20T09:21:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-French-Collection-15-Databases-LDLC-LaPoste-Justice-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c6752a89-007a-4b12-ad8b-a60843e3725a.png
Threat Actors: chipolata
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: jassume.com
Victim Site: jassume.com
HellR00ters Team targets the website of WBO88
Category: Defacement
Content: The group claims to have defaced the website of WBO88
Date: 2026-01-20T09:18:06Z
Network: telegram
Published URL: https://t.me/c/2758066065/888
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9a65e8a-2b76-44d1-b2cd-38085e90ef84.jpeg
Threat Actors: HellR00ters Team
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: wbo88
Victim Site: wbo88.co
HellR00ters Team targets the website of HomeBet77
Category: Defacement
Content: The group claims to have defaced the website of HomeBet77
Date: 2026-01-20T09:08:36Z
Network: telegram
Published URL: https://t.me/c/2758066065/888
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff5c90af-c376-4c6c-bb24-883748fd9419.JPG
Threat Actors: HellR00ters Team
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: homebet77
Victim Site: rumahbet77.co
HellR00ters Team targets the website of Gaspoll888
Category: Defacement
Content: The group claims to have defaced the website of Gaspoll888
Date: 2026-01-20T09:01:35Z
Network: telegram
Published URL: https://t.me/c/2758066065/888
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9efd98bd-3964-4298-86fe-1727a7937aaf.JPG
Threat Actors: HellR00ters Team
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: gaspoll888
Victim Site: gaspoll888.com
Alleged sale of access to an unidentified US-based construction management company
Category: Initial Access
Content: The threat actor claims to be selling access to a U.S.-based construction management company with an estimated annual revenue of approximately $6 million. According to the actor, the compromise involves SonicWall infrastructure and provides domain user–level access.
Date: 2026-01-20T09:01:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274149/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4307b0e-e821-4c48-8f05-378cdc81df50.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to an unidentified US-based freight logistics and transportation services company
Category: Initial Access
Content: The threat actor claims to be selling access to a U.S.-based freight logistics and transportation services company with an estimated annual revenue of around $7 million. The listing alleges the compromise involves SonicWall infrastructure and includes domain user–level access.
Date: 2026-01-20T08:57:35Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274148/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c94ff0b4-bbda-4f61-a2a6-07f91b82ac76.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
HellR00ters Team targets the website of Tuan168
Category: Defacement
Content: The group claims to have defaced the website of Tuan168
Date: 2026-01-20T08:55:29Z
Network: telegram
Published URL: https://t.me/c/2758066065/888
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8419cfc2-5326-4159-8a96-0b84a4d23f0e.jpeg
Threat Actors: HellR00ters Team
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: tuan168
Victim Site: tuan168login.com
Alleged sale of access to an unidentified US-based law firm
Category: Initial Access
Content: The threat actor claims to be selling access to a U.S.-based law firm operating in the legal services sector, with an estimated annual revenue of approximately $6 million. According to the listing, the compromise allegedly involves SonicWall infrastructure and provides domain user–level access.
Date: 2026-01-20T08:54:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274147/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/363a2397-30df-4a9c-8e3d-174997e1ad58.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of display.gigaav.com
Category: Defacement
Content: The group claims to have defaced the website of display.gigaav.com
Date: 2026-01-20T07:32:20Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/22
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e94ab08-1144-4eca-be01-02a1543783b0.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: display.gigaav.com
Alleged Data Leak of Dominican Republic Citizen Data
Category: Data Breach
Content: The threat actor claims to have leaked Republic of Dominican Republic Citizen Data, the dataset contains highly sensitive personal and health-related information, including vaccination records. Sample screenshots show structured government-style records with demographic, geographic, and medical fields.
Date: 2026-01-20T06:48:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-820-000-Republic-Dominican-leak-repost
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2d2c91fc-3231-4048-bedf-6d5e2614c6ae.png
Threat Actors: Tanaka
Victim Country: Dominican Republic
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
All4You falls victim to Everest ransomware
Category: Ransomware
Content: The group claims to have obtained the organization data.
Date: 2026-01-20T06:09:21Z
Network: tor
Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Warning_about_the_negotiator__All4you/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/250e8c6c-9b15-4ab2-8d99-9f4b200eac85.png
https://d34iuop8pidsy8.cloudfront.net/c480395f-2bf0-4b04-a6ee-fe54fc7a74f8.png
Threat Actors: Everest
Victim Country: Unknown
Victim Industry: Business and Economic Development
Victim Organization: all4you
Victim Site: all4you-inc.com
Sandberg falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of the organization data.
Date: 2026-01-20T05:26:29Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696f04578f1d14b743278cb2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a0229a0c-89d1-4d85-ab70-686dca7d7ba0.png
Threat Actors: INC RANSOM
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: sandberg
Victim Site: sandberg.co.uk
Global Error System targets the website of MTs Fajrul Islam
Category: Defacement
Content: The group claims to have defaced the website of MTs Fajrul Islam
Date: 2026-01-20T05:13:16Z
Network: openweb
Published URL: https://defacer.id/mirror/id/230646
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc4b5219-08a5-4e1f-9453-5cc41d66786c.png
Threat Actors: Global Error System
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mts fajrul islam
Victim Site: ppdb2023.mtsfajrulislam.sch.id
Pharaohs Team Channel targets the websites of Traction Toolbox
Category: Defacement
Content: The group claims to have defaced the websites of Traction Toolbox.
Date: 2026-01-20T05:10:54Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e4e755d-ad09-40a8-98eb-63db9e8dcb0c.png
https://d34iuop8pidsy8.cloudfront.net/53e42ea6-768c-41c6-ad2c-4f762bd49620.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Management Consulting
Victim Organization: traction toolbox
Victim Site: tractiontoolbox.ca
Alleged Sale of Bolivia Citizens Database
Category: Data Breach
Content: The threat actor claims to be selling an alleged Bolivia citizens database containing over 10 million records.
Date: 2026-01-20T04:43:29Z
Network: openweb
Published URL: https://darkforums.io/Thread-Bolivia-Citizens-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54624709-ee93-465a-b91b-3dce2956ca4a.png
Threat Actors: ExploitBolivia
Victim Country: Bolivia
Victim Industry: Government Relations
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of Stocks Option Blaster
Category: Defacement
Content: The group claims to have defaced the website of Stocks Option Blaster
Date: 2026-01-20T04:39:42Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cf98b6b-47e4-417e-b095-73068f673d3d.png
https://d34iuop8pidsy8.cloudfront.net/119d40dc-55e1-433d-9de8-bdd3d6c76295.png
Threat Actors: Pharaohs Team Channel
Victim Country: India
Victim Industry: Financial Services
Victim Organization: stocks option blaster
Victim Site: sobtrading.com
Pharaohs Team Channel targets the website of F-Bomb Fotolab
Category: Defacement
Content: The group claims to have defaced the website of F-Bomb Fotolab.
Date: 2026-01-20T04:29:29Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f7da49b-0806-4831-b588-2e0918ec4917.png
https://d34iuop8pidsy8.cloudfront.net/e65f17de-0eed-4a65-87e2-1955ea64dbe1.png
Threat Actors: Pharaohs Team Channel
Victim Country: Canada
Victim Industry: Photography
Victim Organization: f-bomb fotolab
Victim Site: f-bombfoto.com
Alleged data leak of Inter Partner Assistance Algeria
Category: Data Breach
Content: The threat actor claims to be leaked data from Inter Partner Assistance Algeria. The Compromised Data including internal portal access, user and partner account information, and citizen/customer data.
Date: 2026-01-20T04:28:50Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-The-official-website-of-Inter-Partner-Assistance-Algeria-was-hacked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f73595a-b1ab-40fc-a195-10b37b3ee2ae.png
https://d34iuop8pidsy8.cloudfront.net/7a2b8042-acab-409f-a06a-f6845656747a.png
https://d34iuop8pidsy8.cloudfront.net/62cfd557-5b73-4a12-b8a0-6eae92812751.png
Threat Actors: darrk07x
Victim Country: Algeria
Victim Industry: Insurance
Victim Organization: inter partner assistance algeria
Victim Site: ipassistance-dz.com
Altius Geotechnics & Special Works falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-20T04:11:52Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=655fa133-5c0f-3964-af4e-2ad2398329f0
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63a01b84-6018-429b-a728-a3f73d51acbc.png
https://d34iuop8pidsy8.cloudfront.net/4e03be9c-21ff-4f04-b3ae-0b96dc8a5ad8.png
Threat Actors: Qilin
Victim Country: Spain
Victim Industry: Building and construction
Victim Organization: altius geotechnics & special works
Victim Site: altiusvertical.com
Pharaohs Team Channel targets the websites of Anomoz Softwares
Category: Defacement
Content: The group claims to have defaced the websites of Anomoz Softwares.
Date: 2026-01-20T04:00:46Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04ba8819-0cbc-4e68-80ad-cf91ceed299d.png
https://d34iuop8pidsy8.cloudfront.net/d41e1abc-8394-404f-ba0d-627421d75e70.png
Threat Actors: Pharaohs Team Channel
Victim Country: Pakistan
Victim Industry: Software
Victim Organization: anomoz softwares
Victim Site: anomoz.com
Alleged data leak of Gia Đình Lê Bảo Tịnh Ban Mê Thuột
Category: Data Breach
Content: Group claims to have leaked data from Gia Đình Lê Bảo Tịnh Ban Mê Thuột.
Date: 2026-01-20T03:41:03Z
Network: telegram
Published URL: https://t.me/c/3027611821/320
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1dbffb2-5a2b-438f-971e-0f10962ec954.png
Threat Actors: Z-BL4CX-H4T
Victim Country: Vietnam
Victim Industry: Non-profit & Social Organizations
Victim Organization: gia đình lê bảo tịnh ban mê thuột
Victim Site: lebaotinhbmt.com
McDonalds India falls victim to Everest Ransomware
Category: Ransomware
Content: The group claims to have obtained 861 GB of the organization personal documents and information of clients and they intend to publish it within 9-10 days.
Date: 2026-01-20T03:40:15Z
Network: tor
Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/McDonalds_India/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3bad874f-c88f-4ac6-9c21-334378ad72d0.png
Threat Actors: Everest
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: mcdonalds india
Victim Site: mcdindia.com
Pharaohs Team Channel targets the website of Port SAC Logistics
Category: Defacement
Content: The group claims to have defaced the website of Port SAC Logistics
Date: 2026-01-20T03:20:21Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e3e0ee4-ccda-4972-8d73-cec0ef447af1.png
https://d34iuop8pidsy8.cloudfront.net/044d1ddc-f7b8-40e6-9e45-090945ba8474.png
Threat Actors: Pharaohs Team Channel
Victim Country: Australia
Victim Industry: Transportation & Logistics
Victim Organization: port sac logistics
Victim Site: portsaclogistic.com
Pharaohs Team Channel targets the website of Octave Stocks FX
Category: Defacement
Content: The group claims to have defaced the website of Octave Stocks FX
Date: 2026-01-20T03:14:39Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2012e6de-a484-4952-8c22-a010e5322036.png
https://d34iuop8pidsy8.cloudfront.net/7c7643be-9c9a-42c2-bc68-8abce6044709.png
Threat Actors: Pharaohs Team Channel
Victim Country: Saint Vincent and the Grenadines
Victim Industry: Financial Services
Victim Organization: octave stocks fx
Victim Site: octavestocksfx.com
Alleged data breach of BodogLife
Category: Data Breach
Content: The threat actor claims to be leaked data from BodogLife. The compromised data reportedly contain 24,999 records including Full name, address, state, ZIP, email, phone, IP.
Date: 2026-01-20T03:02:56Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-BODOGLIFE-COM-%E2%80%94-24-9K-US-GAMBLING-USERS-FULL-DATABASE-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f73cb71-9182-4c03-97a3-062a5778b66f.png
Threat Actors: Solonik
Victim Country: USA
Victim Industry: Gambling & Casinos
Victim Organization: bodoglife
Victim Site: bodoglife.com
Alleged data breach of Asociación Nacional de Autoescuelas
Category: Data Breach
Content: The threat actor claims to leaked data from Asociación Nacional de Autoescuelas. The The compromised data reportedly includes administrative credentials, personal data of staff, operational and system data, access and audit logs, and institutional website content.
Date: 2026-01-20T02:54:10Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-SPAIN-Asociaci%C3%B3n-Nacional-de-Autoescuelas-ANAES-FULL-DB-DUMP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b1e397d-bb01-41d6-a275-5bcd9323dc35.png
https://d34iuop8pidsy8.cloudfront.net/01975d39-2cbf-4e8e-84da-841d28ee16a1.png
Threat Actors: Evorax
Victim Country: Spain
Victim Industry: Education
Victim Organization: asociación nacional de autoescuelas
Victim Site: anaes.es
Allegedly purchasing email addresses and phone numbers from the UAE and other countries
Category: Alert
Content: An Exploit forum user claims to be purchasing email addresses and phone numbers from the UAE and other countries, including USA, Canada, UK, Ireland, UAE, Czech Republic, New Zealand, Australia and Spain.
Date: 2026-01-20T02:48:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274144/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/222613c5-d164-407c-a0db-ebae921020a8.png
Threat Actors: Sir-Belfort
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of Max Code & Games
Category: Defacement
Content: The group claims to have defaced the website of Max Code & Games
Date: 2026-01-20T02:37:42Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e50a5daa-2655-4687-a04a-3f878b89fe6c.png
https://d34iuop8pidsy8.cloudfront.net/ea3fdfc6-7e90-47aa-a6b4-7f0698632bff.png
Threat Actors: Pharaohs Team Channel
Victim Country: Netherlands
Victim Industry: Software Development
Victim Organization: max code & games
Victim Site: maxcodeandgames.nl
Pharaohs Team Channel targets the website of Expert Pip Trades
Category: Defacement
Content: The group claims to have defaced the website of Expert Pip Trades
Date: 2026-01-20T02:32:30Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4520ee99-c7b3-47c8-8ecb-10ba5a0bff38.png
https://d34iuop8pidsy8.cloudfront.net/97d6972c-b133-491b-acf9-858ff006047d.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: expert pip trades
Victim Site: expertpiptrades.com
Alleged Sale of Syslogger Builder
Category: Malware
Content: The threat actor claims to be selling Syslogger Builder, a logging builder tool. The tool allows users to configure how logs are sent using SMTP email or FTP servers.
Date: 2026-01-20T02:30:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-Syslogger-Builder–189615
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f92bae24-f579-4b6e-b2e7-84c7bbf6ae88.png
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of Sabreworks Services
Category: Defacement
Content: The group claims to have defaced the website of Sabreworks Services
Date: 2026-01-20T02:25:01Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d4c75041-2d23-488b-aee0-2a80971fd434.png
https://d34iuop8pidsy8.cloudfront.net/b570f487-8c40-4249-b4e3-6057e5f7a74e.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: sabreworks services
Victim Site: portal.sabreworksservices.com
Geoplin d.o.o. falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 350 GB of organizations data. The compromised data includes contracts, confidential and financial data. They intend to publish it within 6 – 7 days.
Date: 2026-01-20T02:01:24Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/696d497a6387a4c9a26eb4ed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e72f0e3-7ce6-42cc-ab8a-d5c338efa736.png
https://d34iuop8pidsy8.cloudfront.net/1b234231-6bfb-4f82-b760-3af24f9c3dc0.png
Threat Actors: Sinobi
Victim Country: Slovenia
Victim Industry: Oil & Gas
Victim Organization: geoplin d.o.o.
Victim Site: geoplin.si
Pharaohs Team Channel targets the website of Veloxbay
Category: Defacement
Content: The group claims to have defaced the website of Veloxbay
Date: 2026-01-20T01:49:04Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f1ede5bf-f3e7-4e0a-a1e0-3052c7e76f4c.png
https://d34iuop8pidsy8.cloudfront.net/c2a5922b-9447-4aa2-a99d-59a3bf205a3f.png
Threat Actors: Pharaohs Team Channel
Victim Country: China
Victim Industry: Transportation & Logistics
Victim Organization: veloxbay
Victim Site: veloxbay.com
Pivotal Healthcare falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 130 GB of organizations data. The compromised data includes confidential, customers data and financial data. They intend to publish it within 6 – 7 days.
Date: 2026-01-20T01:35:00Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/696d45556387a4c9a26e95d8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e57d462-10bd-4257-8aff-e8ada1e39f12.png
https://d34iuop8pidsy8.cloudfront.net/cdf631bd-e84d-4b4f-8a74-21343f0e095c.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: pivotal healthcare
Victim Site: pivotalhealth.care
BontenSec targets the website of JKA HOMZ
Category: Defacement
Content: The group claims to have defaced the website of JKA HOMZ
Date: 2026-01-20T01:31:43Z
Network: openweb
Published URL: https://defacer.id/mirror/id/230537
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/764bb806-f75c-426f-b9cd-53d4143d3c06.png
Threat Actors: BontenSec
Victim Country: India
Victim Industry: Design
Victim Organization: jka homz
Victim Site: jkahomz.in
Talleyville Fire falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 40 GB of organizations data. The compromised data includes contracts and confidential data. They intend to publish it within 6 – 7 days.
Date: 2026-01-20T01:30:52Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/696d3fa56387a4c9a26e59ce
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf5ed17b-1e63-4af4-a12d-a939cf3b2daa.png
https://d34iuop8pidsy8.cloudfront.net/84a3eb3c-29b7-43e1-9158-5b5b8db7968e.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Public Safety
Victim Organization: talleyville fire
Victim Site: talleyvillefireco.org
TriApex Laboratories Co., Ltd. falls victim to NightSpire ransomware
Category: Ransomware
Content: The group claims to have obtained 80 GB of the organizations data.
Date: 2026-01-20T00:42:48Z
Network: tor
Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e3c8476a-db08-49e6-870f-02603dcddab5.png
Threat Actors: NightSpire
Victim Country: USA
Victim Industry: Biotechnology
Victim Organization: triapex laboratories co., ltd.
Victim Site: tri-apex.com
Alleged data breach of National Credit Information Center of Vietnam
Category: Data Breach
Content: The group claims to have leaked 100M data of National Credit Information Center of Vietnam. The compromised data reportedly includes Full name, CCCD, CMND, passport, loan data, balances, debt, tax ID, company info, audit logs and address.NB: Authenticity of claim is yet to be verified
Date: 2026-01-20T00:27:40Z
Network: telegram
Published URL: https://t.me/c/3667951656/2123
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7aff5914-f1f6-4f70-b88c-6081504eb6ea.png
https://d34iuop8pidsy8.cloudfront.net/edb0f210-850b-4c81-8d56-4077eed75c0d.png
Threat Actors: BFRepoV4Files
Victim Country: Vietnam
Victim Industry: Financial Services
Victim Organization: national credit information center of vietnam
Victim Site: cic.gov.vn
Alleged data leak of a Pest-Control brand in USA
Category: Data Breach
Content: Threat actor claims to have leaked data from a Pest-Control brand in USA.
Date: 2026-01-20T00:20:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274100/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1c1a63b-3798-48a6-926b-4315f75e06bf.png
https://d34iuop8pidsy8.cloudfront.net/47c8964f-d144-41aa-88a7-6fa0749f92ee.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Agriculture & Farming
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of shell access to Sumgait State University
Category: Initial Access
Content: The group claims to have gained unauthorized shell access to the website of Sumgait State University
Date: 2026-01-20T00:13:46Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/648
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e84ae4b-ffa7-425b-a7b4-d1eed0008d9d.png
Threat Actors: Pharaohs Team Channel
Victim Country: Azerbaijan
Victim Industry: Higher Education/Acadamia
Victim Organization: sumgait state university
Victim Site: sdu.edu.az
Alleged Data Leak of Google AdSense Account
Category: Data Breach
Content: The threat actor claims to have leaked data related to Google AdSense accounts.
Date: 2026-01-20T00:12:25Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Google-Adsense
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ddf9501f-e44e-4c0b-a57f-3d8715598b50.png
Threat Actors: CY8ER N4TI0N
Victim Country: Unknown
Victim Industry: Marketing, Advertising & Sales
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of DPR Indonesia
Category: Data Breach
Content: The threat actor claims to have leaked data associated with DPR Indonesia.
Date: 2026-01-20T00:01:06Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DPR-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/501a94ed-55d8-443f-860b-45fa3adc8b35.png
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: dewan perwakilan rakyat
Victim Site: dpr.go.id