[January-22-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of 124 distinct cybersecurity incidents recorded on January 22, 2026. The intelligence data indicates a highly volatile threat landscape characterized by a synchronized surge in ransomware campaigns, massive unauthorized data disclosures, and targeted attacks on critical infrastructure and operational technology (OT) systems.

The reporting period was dominated by three primary vectors of activity:

Ransomware Resurgence: A coordinated or coincidental spike in activity from major ransomware groups, specifically CL0P, Akira, Qilin, and Brain Cipher. The CL0P group, in particular, demonstrated a distinct targeting pattern focused on the architecture, engineering, and construction (AEC) sectors in North America and Europe.
Mega-Breaches and Data Brokers: High-value corporate and government entities faced alleged data compromise. Significant claims involve Nike, Inc., Squarespace, Binance (Brazil), and the Japanese Government (specifically regarding rare earth metal mining). The scale of data exposure ranges from thousands of sensitive medical records to datasets exceeding 30 million entries.
OT and Critical Infrastructure Targeting: A disturbing trend of “Infrastructure Destruction” actors targeting building automation and heating systems in France and the USA, moving beyond data theft to potential physical disruption.

This report dissects these incidents by category, threat actor, and geopolitical impact to provide an operational picture of the current cyber threat environment.

2. Threat Landscape Overview

2.1. Operational Metrics

Total Events: 124
Dominant Attack Type: Data Breach (approx. 55%), followed closely by Ransomware (approx. 25%) and Website Defacement (approx. 10%).
Key Threat Actors: CL0P, Akira, Qilin, Brain Cipher, 0xy0um0m (prolific data broker), and hacktivist groups like chinafans and ZenXPloit.

2.2. Geographic Heatmap Analysis

The incidents recorded on January 22 display a global distribution with intense concentrations in specific regions:

North America (USA/Canada): Heavily targeted by ransomware groups (CL0P, Akira) and financial data breaches. The focus on architectural and environmental firms is notable.
Europe (France/Germany/UK/Belgium): High volume of diverse attacks. France faced significant data leaks (education, logistics) and OT attacks. Germany suffered multiple cyberattacks disrupting public transport (VGMT) and audit institutions (IDW).
Asia-Pacific (China/India/Japan/Bangladesh): dominated by large-scale personal data leaks (consumer data, app user bases) and strategic government leaks (Japan).
Middle East (UAE/Israel/Syria): A mix of financial fraud (UAE bank accounts), government data leaks (Abu Dhabi Mobility), and hacktivist defacements targeting Israeli businesses.
South America (Brazil/Argentina/Chile/Colombia): Persistent ransomware activity (Qilin targeting Argentina) and municipal data breaches.

3. Deep Dive: The Ransomware Offensive

January 22, 2026, marked a significant escalation in ransomware activity. The data suggests that several major Ransomware-as-a-Service (RaaS) groups were conducting simultaneous campaigns.

3.1. The CL0P Group: Targeted Campaign Against the AEC Sector

The CL0P ransomware group was the most prolific threat actor in this category during the reporting period, executing what appears to be a sector-specific campaign targeting Architecture, Engineering, and Construction (AEC) firms.

Victim Profile: The group claimed victims including Elk Air Conditioning & Heating , Smith Dalia Architects , BAQUS Construction (UK) , Eastern Platinum Ltd. (Canada) , Montalba Architects , itRobotics , Warranty First , Taylor Oballa Murray Leyland LLP , Integroy Construction , and Environmental Corporation of America.
Tactical Analysis: The rapid succession of these listings on CL0P’s leak site suggests a bulk exploitation event or a completed campaign where victims were posted en masse. The focus on architecture and environmental services suggests the group may be leveraging a specific vulnerability in software common to this industry (e.g., CAD software, project management tools, or specialized file transfer systems).
Data Sensitivity: The stolen data likely includes high-value intellectual property, blueprints, critical infrastructure diagrams (in the case of environmental and heating firms), and client financial data.

3.2. Akira Ransomware: Industrial and Construction Focus

The Akira ransomware group continued its operations with a focus on heavy industry, manufacturing, and construction, maintaining a “double extortion” tactic where data is exfiltrated prior to encryption.

Ocean Fish (Romania): A food production company. Akira claims to hold 10 GB of data, including employee personal info, financial records, and project files. Notably, this organization was reportedly hit by LYNX Ransomware just days prior, indicating a “double-tap” scenario where a weakened victim is targeted by a second group.
Van Eycken Metal Construction (Belgium): Akira claims to have exfiltrated 69 GB of data, including passport details, scanned IDs, and HR records.
Universal Builders Supply (USA): A claim of 22 GB of data exfiltration involving SSNs, passports, and driver’s licenses.
Radial Engineering (Canada): A music/manufacturing entity where 31 GB of data, including NDAs and customer info, was allegedly stolen.
Spiros Industries (USA): A manufacturing victim listed without specific data volume details.

3.3. Qilin Ransomware: International Reach

Qilin (also known as Agenda) demonstrated a global reach, hitting diverse sectors from energy to finance.

EDF Group (USA) & SiNetCon GmbH (Germany): Both IT service providers were listed, suggesting Qilin may be targeting the supply chain to leverage access into downstream clients.
Provincia Leasing S.A. (Argentina): A financial services firm.
Farmacias Vilela (Argentina): A retail pharmacy chain.
Copetrol (Paraguay): An oil and gas entity, highlighting the group’s willingness to target critical energy sectors.

3.4. Brain Cipher: Data Heavyweights

The Brain Cipher group distinguished itself by claiming massive data exfiltration volumes, posing severe regulatory risks for victims.

Kansai Integrated Systems (Japan): The group claims to have 500 GB of SQL and Oracle databases, along with internal documents.
FLB Group Limited (UK): A printing company where the group alleges to have stolen 700 GB of data.
NorthWind Land Resources Inc. (Canada): An environmental services firm with 42 GB of data allegedly compromised.

3.5. Emerging and Other Ransomware Variants

PLAY Ransomware: Targeted California Tax Data (USA), a government relations entity, claiming possession of highly sensitive budget, payroll, and tax information.
STORMOUS: Targeted Claro Chile S.A., a major telecommunications provider, threatening to publish data within 1-2 days.
INC RANSOM: Targeted the legal firm Elmore Goldsmith Kelley & Deholl.
TENGU: A lesser-known group targeting Strong Wings LLP (India, Automotive) with 23 GB of data.
Benzona: Claimed a massive 300 GB theft from an unidentified victim (hinted as *a*ame*i*a.com.g*), potentially a media or government entity.
Sinobi: Targeted Onsight (UK Media Production), claiming a massive 700 GB exfiltration.

4. Operational Technology (OT) and Critical Infrastructure Attacks

Perhaps the most alarming trend in the January 22 report is the shift towards physical systems manipulation. Unlike standard data breaches, these incidents involve unauthorized access to building management systems (BMS) and industrial controls, posing physical safety risks.

4.1. Heating and Building Control Systems

College du Val d’Arros (France): The “Infrastructure Destruction Squad” claimed access to the centralized building control system. They provided screenshots allegedly showing control over boilers, circulation pumps, and thermal energy infrastructure. The threat actors highlighted their ability to manipulate operating schedules and temperature thresholds.
Bunker Hill Engine Service LLC (USA): The “Z-PENTEST ALLIANCE” claimed administrative control over heating and snowmelt systems. They explicitly stated they could monitor and manipulate temperatures and boilers, acknowledging that such actions led to “system disruption and hazardous conditions”.

4.2. Industrial Automation

INELSUR (Spain): The “Infrastructure Destruction Squad” also claimed unauthorized access to this industrial automation company.
VGMT (Germany): A malware-based cyberattack on the Verkehrsgesellschaft Main-Tauber mbH transport company encrypted servers. While buses kept running, the mobility center and communication lines were paralyzed.

These incidents represent a dangerous convergence of cyber threats and physical safety, often referred to as Cyber-Physical Systems (CPS) attacks.

5. Major Data Breaches and Corporate Espionage

The volume of data allegedly available for sale or leaked on January 22 is staggering. This section analyzes the most significant breaches based on data sensitivity and victim profile.

5.1. Corporate Giants and Strategic Entities

Nike, Inc. (USA): The threat group “Worldleaks” claims to have obtained data from the retail giant and intends to publish it within 48 hours. If confirmed, this could involve millions of consumer records and proprietary product data.
Squarespace (USA): A threat actor “spacingsquares” claims to have breached internal portals, exposing data of 2 million users. The breach is attributed to a lack of 2FA and reliance on simple credentials. This poses a risk of domain hijacking for Squarespace customers.
Binance (Brazil): A database of 31,000 users (names, emails, phones) was shared, allegedly obtained via phishing.
Salesfloor (Canada): A massive claim by “LAPSUS-GROUP” involving 4TB of uncompressed data, including source code and internal databases from the retail clienteling platform.
Japanese Government (Rare Earth Mining): A threat actor “jrintel” claims to have leaked confidential documents related to rare earth metal mining, supply chains, and resource extraction policies. This is an event with significant geopolitical and economic security implications.

5.2. Healthcare and Medical Data (PHI)

CallOnDoc (USA): An alleged breach of 1.14 million patient records including medical conditions, prescriptions, and payment details.
Metro Contracting Company LLC (UAE): A sale of 97,000 records involving medical training and hospital affiliations.
Covid Patients Database (Venezuela): A leak of sensitive health data and contact info for COVID-19 patients.
Santa Maria das Barreiras (Brazil): A 37 GB breach of a municipal hospital including lab tests and medical visit records.

5.3. Government and Public Sector

Dresden State Art Collections (Germany): A confirmed cyberattack paralyzed the museum network’s digital infrastructure, including ticket sales and shops.
Ministry of Higher Education (Algeria): Unauthorized access and database exfiltration claimed by “DARK 07x”.
Embassy of Albania in Greece: A leak of 2,800 sensitive diplomatic files.
Abu Dhabi Mobility (UAE): A leak of a “girls database” including driver’s licenses and documents.
Pengadilan Negeri Jayapura (Indonesia): A district court database leak.

5.4. E-Commerce and Consumer Data

Prolific threat actors like 0xy0um0m flooded forums with databases from various smaller vendors.

Rue du Commerce (France): A significant breach of 2.1 million user records.
Lola Pizza (Russia): 279,000 order records and 84,000 user records.
ShowMyParking (India): 650,000 records including vehicle numbers.
MyZJK, 7Ai App, XFSBZ, HQY E-Will (China): Millions of combined records involving phone numbers and user details leaked by 0xy0um0m.

6. The “Access-as-a-Service” Market

Beyond data leaks, the report highlights a thriving market for Initial Access Brokers (IABs) and malware developers, facilitating future attacks.

6.1. Initial Access Sales

University Access (Argentina): RCE (Remote Code Execution) access to a private university was listed for sale, a critical vulnerability allowing total system control.
CCTV Systems (Czech Republic): The “MORNING STAR” group claimed access to multiple surveillance systems.
UAE Bank Accounts: Access to personal and business accounts for fund handling was advertised.
Baspar Test Accuracy (Iran): WordPress admin access being sold.

6.2. Malware and Evasion Tools

Windows Defender Bypass: A threat actor offered “CastleCrypt,” a service to obfuscate malware to evade Windows Defender and SmartScreen.
In-Memory Cryptor: A tool for executing payloads directly in memory (fileless malware) to avoid antivirus detection.
Unique Windows Installation: Traffic selling for malware distribution via custom Windows builds.

7. Hacktivism and Website Defacements

Political and ideological motivations continue to drive low-sophistication but high-visibility attacks.

Anti-Israel Activity: The group chinafans executed a wave of website defacements against Israeli businesses, including Lagansky Bar, Cards And Cases, Eyal Segal Photography, and others.
ZenXPloit Campaign: This group targeted websites in Mexico (Veta Vertical, Phoenix Insumos), Brazil (Studio Synergy Fit), and the UK (MaxiBeat Ltd) with defacements.
Ukraine/Russia/Other: Outsiders targeted a UK parish council (Appleton & Eaton) but the victim country was listed as Ukraine in the source, possibly indicating a misidentified target or proxy war spillover.

8. Detailed Regional Analysis

8.1. North America (USA & Canada)

The region remains the primary target for high-stakes ransomware. The CL0P campaign against architecture firms suggests a strategic assessment by threat actors that these firms have critical deadlines and high willingness to pay. The Squarespace and Nike breaches highlight the vulnerability of the digital supply chain. The Bunker Hill heating system hack introduces a physical safety dimension to US cyber threats.

8.2. Europe (Germany, France, UK)

Germany is currently besieging a wave of disruptive attacks on public institutions (Dresden Museum, VGMT transport, Leinerstift social services). France is seeing a mix of industrial sabotage (College du Val d’Arros) and large-scale data leaks (Rue du Commerce, Fédération Nationale des Chasseurs). The UK faced ransomware attacks on FLB Group, Warranty First, and BAQUS Construction.

8.3. Asia (China, Japan, India)

China is experiencing a “leak wave” where millions of user records from various apps are being dumped on forums, likely by financially motivated actors like 0xy0um0m. Japan faces a serious economic security incident with the Rare Earth mining document leak. India is seeing breaches in the education (Yellow Slate, Proz.in) and transport (ShowMyParking) sectors.

8.4. Middle East (UAE, Israel)

The UAE is a hotspot for data monetization, with breaches in construction, mobility, and banking. Israel continues to be a lightning rod for hacktivist defacements, likely correlated with regional geopolitical tensions.

9. Conclusion

The events of January 22, 2026, illustrate a cyber threat landscape that is aggressive, diversified, and increasingly physical.

Key Takeaways:

Sector-Specific Targeting is Mature: The CL0P ransomware campaign against the architecture and construction industry is not random. It indicates high-level reconnaissance and an understanding of sector-specific pressure points.
The Rise of “Infrastructure Destruction”: The claims regarding the manipulation of heating and boiler systems in France and the USA by groups like “Infrastructure Destruction Squad” and “Z-PENTEST ALLIANCE” mark a dangerous evolution. These are not just data breaches; they are attempts to cause physical damage or create hazardous environments.
Data as a Commodity: The sheer volume of data dumps—from Nike corporate secrets to COVID-19 patient records and French hunting licenses—shows that the data brokerage market is saturated. Threat actors are monetizing everything from high-value IP to trivial user logs.
Supply Chain Fragility: Breaches at Squarespace and Salesfloor demonstrate how compromising a single service provider can expose millions of downstream users and businesses.
Global Ransomware Synchronization: The simultaneous activity of Akira, Qilin, Brain Cipher, and CL0P suggests that January 2026 is a period of peak operational tempo for RaaS groups.

Strategic Recommendations:

Immediate Patching & Segmentation: Organizations in the Architecture and Construction sectors must immediately review security postures, specifically regarding file transfer appliances and remote access portals, given the CL0P campaign.
OT Security Audit: Facilities management in public institutions (schools, hospitals) must segregate building control systems (heating, HVAC) from public-facing networks to prevent the type of exploitation seen at College du Val d’Arros.
Credential Hygiene: The Squarespace breach reinforces the mandatory need for Multi-Factor Authentication (MFA) on all administrative portals.
Supply Chain Vigilance: Companies using third-party IT or retail platforms (like Salesfloor or Zendesk) should verify their vendors’ security status immediately.

This report confirms that the cyber domain remains a contested space where criminal profit seeking, hacktivist ideology, and state-adjacent espionage overlap with increasing intensity.

Detected Incidents Draft Data

Alleged Sale of Windows Defender Bypass
Category: Malware
Content: Threat actor claims to be offering CastleCrypt, a manual crypting service for executable files. The service allegedly provides obfuscation and encryption techniques designed to evade detection by Windows Defender, Chrome security mechanisms, and Microsoft SmartScreen.
Date: 2026-01-22T23:52:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274366/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/51a73d4b-21f0-4b06-a83e-87cf5387a4f2.png
https://d34iuop8pidsy8.cloudfront.net/648b0cfb-e149-4ff8-b26b-db85152bc4e1.png
Threat Actors: castle
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Metro Contracting Company LLC
Category: Data Breach
Content: Threat actor claims to be selling medical training records & hospital affiliations database from Metro Contracting Company LLC, UAE. The compromised data reportedly contains 97,000 records including record id, program batch, program name, participant sequence, participant first name, participant last name, etc.
Date: 2026-01-22T23:17:51Z
Network: openweb
Published URL: https://darkforums.io/Thread-97k-United-Arab-Emirates-https-www-google-com-search-q-metrouae-com-Medical-P
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66003d86-db0a-49d0-a38c-9c5f577254bc.png
Threat Actors: gtaviispeak
Victim Country: UAE
Victim Industry: Building and construction
Victim Organization: metro contracting company llc
Victim Site: metrouae.com
Cyber Attack hits Dresden State Art Collections
Category: Cyber Attack
Content: Dresden State Art Collections has confirmed a targeted cyberattack that disrupted large parts of its digital infrastructure, paralyzing the websites of its entire museum network. As a result, online services—including the online shop and ticket sales—are currently unavailable, and the organization is experiencing significant telephone and digital communication restrictions. on-site ticket counters and museum visits remain operational, and physical security systems were not affected. The scope and perpetrators of the attack have not been disclosed, and recovery timelines remain unclear.
Date: 2026-01-22T22:43:59Z
Network: openweb
Published URL: https://www.mdr.de/nachrichten/sachsen/dresden/dresden-radebeul/hackerangriff-staatliche-kunstsammlungen-100.html
Screenshots:
None
Threat Actors: Unknown
Victim Country: Germany
Victim Industry: Museums & Institutions
Victim Organization: dresden state art collections
Victim Site: skd.museum
Alleged sale of unauthorized access to an unidentified private university in Argentina
Category: Initial Access
Content: The threat actor claims to be selling alleged remote code execution (RCE) access to an unidentified private university in Argentina
Date: 2026-01-22T22:40:36Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Selling-access-to-a-private-university-in-Argentina
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4ba8f5a-c792-4ce7-8b5f-30c12aaf332d.png
Threat Actors: Kom_Nara
Victim Country: Argentina
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack hits Verkehrsgesellschaft Main-Tauber mbH (VGMT)
Category: Cyber Attack
Content: Verkehrsgesellschaft Main-Tauber mbH (VGMT) has confirmed a malware-based cyberattack affecting its office and the Lauda mobility center, resulting in the encryption of servers and files. Public transport services, including regular, school bus, and taxi operations, remain unaffected, but VGMT and the mobility center are temporarily unreachable by phone and email and closed to the public. Cybersecurity authorities, police, insurers, and the state data protection commissioner have been notified, and recovery efforts are underway with enhanced security measures.
Date: 2026-01-22T22:36:10Z
Network: openweb
Published URL: https://www.main-tauber-kreis.de/Landratsamt/Aktuelles/Pressemitteilungen/VGMT-und-Mobilit%C3%A4tszentrale-von-Cyberangriff-betroffen.php
Screenshots:
None
Threat Actors: Unknown
Victim Country: Germany
Victim Industry: Transportation & Logistics
Victim Organization: verkehrsgesellschaft main-tauber mbh (vgmt)
Victim Site: vgmt.de
Alleged sale of a cryptor/loader tool with in‑memory execution capabilities
Category: Malware
Content: The threat actor claims to be selling a cryptor/loader tool designed to encrypt Windows executables and execute them directly in memory, describing features such as AES‑based payload encryption, polymorphic builds, and in‑memory loading techniques, and stating that the tool is provided with its source code.
Date: 2026-01-22T22:31:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274354/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd0d392b-d11c-43ca-9e2f-0e037af641cf.png
https://d34iuop8pidsy8.cloudfront.net/c59eac8f-0b01-407a-9d1e-b007b0417eb7.png
Threat Actors: c2flow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of an unidentified insurance company in UK
Category: Data Breach
Content: The threat actor claims to have gained unauthorized access to an unidentified UK‑based insurance company and extracted information belonging to more than 4,000 insurance brokers.
Date: 2026-01-22T22:26:13Z
Network: openweb
Published URL: https://leakbase.la/threads/uk-insurance-company-access.48356/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e72b3dc-a1ad-4dd2-9da0-938255e028a5.png
Threat Actors: .dba
Victim Country: UK
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Covid Patients database
Category: Data Breach
Content: A dataset allegedly containing records of COVID-19 patients from Venezuela was exposed . The leaked data reportedly includes personal and contact information such as phone numbers, and in some cases additional sensitive health-related details associated with COVID-19 cases.
Date: 2026-01-22T22:23:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36d43d27-eb1c-45f3-9fd9-3d4cee78a615.png
https://d34iuop8pidsy8.cloudfront.net/be5464e6-0c53-4a0e-885e-d761a8b4f982.png
Threat Actors: 0xy0um0m
Victim Country: Venezuela
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Municipality of Coronel Sapucaia
Category: Data Breach
Content: The group claims to have breached the database of Municipality of Coronel Sapucaia and leaked administrative and user tables containing names, email addresses, login usernames, and password hashes for multiple municipal staff and administrators, including accounts linked to procurement, communication, and press functions
Date: 2026-01-22T22:18:36Z
Network: telegram
Published URL: https://t.me/crewcyber/589
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a0668c81-767c-4f8e-b45d-223af50f3d5b.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: municipality of coronel sapucaia
Victim Site: coronelsapucaia.ms.gov.br
Cyber Attack hits Blijdorp vzw
Category: Cyber Attack
Content: Blijdorp vzw has confirmed a cybersecurity incident that led to the precautionary shutdown of its local servers. The attack was quickly detected by IT staff, and while phone access at the Buggenhout site was temporarily unavailable, cloud-based care systems continued to operate normally. the impact appears limited, and IT teams are working with external cybersecurity experts to analyze the incident and restore full operations as quickly as possible. There has been no reported disruption to client care services.
Date: 2026-01-22T22:16:57Z
Network: openweb
Published URL: https://www.nieuwsblad.be/regio/oost-vlaanderen/denderregio/dendermonde/blijdorp-getroffen-door-cyberattack-geen-hinder-voor-clienten/125675899.html
Screenshots:
None
Threat Actors: Unknown
Victim Country: Belgium
Victim Industry: Hospital & Health Care
Victim Organization: blijdorp vzw
Victim Site: blijdorp.be
Alleged data breach of GestionShop
Category: Data Breach
Content: The threact actor claims to have leaked data from GestionShop. The exposed data reportedly includes customer and business account records, such as email addresses, contact details, and order- or service-related information.
Date: 2026-01-22T22:13:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e631b02-c29f-4ab7-b84d-ee3624ab1545.png
https://d34iuop8pidsy8.cloudfront.net/ad938f85-85e8-4c2b-af20-c9a10ebdc3b1.png
Threat Actors: 0xy0um0m
Victim Country: Colombia
Victim Industry: E-commerce & Online Stores
Victim Organization: gestionshop
Victim Site: gestionshop.co
Alleged data breach of Lola Pizza
Category: Data Breach
Content: Threat actor claims to be selling leaked orders and users data from Lola Pizza. The compromised data reportedly contains 279,000 rows of order data including id, order name, phone number, client request response, etc and 84,000 rows of user data including id, username, email, password hash, Ip address, etc.
Date: 2026-01-22T22:12:11Z
Network: openweb
Published URL: https://darkforums.io/Thread-full-database-of-lolapizza-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2605b76a-feb8-4763-92fd-c67f2b235bb0.png
Threat Actors: scorpion1337
Victim Country: Russia
Victim Industry: E-commerce & Online Stores
Victim Organization: lola pizza
Victim Site: lolapizza.ru
Alleged data breach of Hishabee
Category: Data Breach
Content: The threat actor claims to have accessed Hishabee systems, exposing merchant and user-related data. The leaked information reportedly includes names, phone numbers, email addresses, business details, account-related metadata, and other associated personal information.
Date: 2026-01-22T22:06:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3982cafa-3879-4fb1-b6eb-62e01e14c0a5.png
https://d34iuop8pidsy8.cloudfront.net/1c44ed50-b628-4cc9-a2dc-7fc8af5de830.png
Threat Actors: 0xy0um0m
Victim Country: Bangladesh
Victim Industry: Social Media & Online Social Networking
Victim Organization: hishabee
Victim Site: hishabee.io
Alleged data breach of Rue du Commerce
Category: Data Breach
Content: The threat actor claims to be selling a dataset from Rue du Commerce, containing 2,167,681 user records with names, email addresses, phone numbers, and full postal address information.
Date: 2026-01-22T21:57:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274357/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08603ecd-f20d-4812-bfa6-6e57483d72b2.png
Threat Actors: renn
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: rue du commerce
Victim Site: rueducommerce.fr
Alleged data breach of Baguero
Category: Data Breach
Content: The threat actor claims to have obtained a database containing customer records, including email addresses, phone numbers, and other marketing-related contact information.
Date: 2026-01-22T21:56:16Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1845fd82-8889-4fed-9608-6dd6c0227ba7.png
https://d34iuop8pidsy8.cloudfront.net/53ccb9e8-ec66-4f87-ae1d-a9292b5f7054.png
Threat Actors: 0xy0um0m
Victim Country: Colombia
Victim Industry: Consumer Services
Victim Organization: baguero
Victim Site: baguero.co
Alleged data breach of Dinesh Gahlot
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 500,000 Dinesh Gahlot user records, containing email addresses and phone numbers, allegedly originating from dineshgahlot.org.
Date: 2026-01-22T21:52:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2791a0b5-b243-464d-9059-aaeb30223efc.png
https://d34iuop8pidsy8.cloudfront.net/7c0bc14e-8514-468a-a543-3585a1547e3a.png
Threat Actors: 0xy0um0m
Victim Country: India
Victim Industry: Education
Victim Organization: dinesh gahlot
Victim Site: dineshgahlot.org
Alleged data breach of Bisemultan University
Category: Data Breach
Content: The threat actor claims to have breached Bisemultan University systems, exposing student and examination-related records.
Date: 2026-01-22T21:46:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5295b66-917b-4718-9bc6-14d3d286bfa3.png
https://d34iuop8pidsy8.cloudfront.net/a8159b9a-69e3-4769-96b2-9c3731d12129.png
Threat Actors: 0xy0um0m
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: bisemultan university
Victim Site: bisemultan.edu.pk
Alleged data breach of Proz.in
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 800,000 Proz.in records, including unique contact information and around 36,000 teacher records containing full school details, allegedly originating from proz.in.
Date: 2026-01-22T21:40:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc9aae43-5c5b-408a-baf0-9393bdae1f87.png
https://d34iuop8pidsy8.cloudfront.net/d3d3857f-b400-406c-ae7b-f6297f1ab0fd.png
Threat Actors: 0xy0um0m
Victim Country: India
Victim Industry: Education
Victim Organization: proz.in
Victim Site: proz.in
Claro Chile S.A. falls victim to STORMOUS Ransomware
Category: Ransomware
Content: Group claims to have obtained organizations data and they intend to publish it within 1-2 days.
Date: 2026-01-22T21:39:08Z
Network: tor
Published URL: http://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/52e88978-86ea-4d57-abf5-13f8c629a136.png
Threat Actors: STORMOUS
Victim Country: Chile
Victim Industry: Network & Telecommunications
Victim Organization: claro chile s.a.
Victim Site: clarochile.cl
Alleged data breach of MyZJK
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 657,500 MyZJK user records, containing phone numbers and additional personal information, allegedly originating from myzjk.com.
Date: 2026-01-22T21:38:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d1f29f6-5bac-4d96-b51f-9b4f224037e7.png
https://d34iuop8pidsy8.cloudfront.net/83dd8cf4-5aa7-4888-af27-7c7d77cd90f9.png
Threat Actors: 0xy0um0m
Victim Country: China
Victim Industry: Retail Industry
Victim Organization: myzjk
Victim Site: myzjk.com
Alleged data breach of Sinovcloud Trade
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 360,000 Sinovcloud Trade customer records, including about 6,600 records containing payment card numbers, allegedly originating from trade.sinovcloud.com.
Date: 2026-01-22T21:35:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2393237-72a8-41a1-b797-16826b87da8b.png
https://d34iuop8pidsy8.cloudfront.net/d8a45ed5-a676-4d2d-8e88-2218b8fd7d37.png
Threat Actors: 0xy0um0m
Victim Country: China
Victim Industry: Information Technology (IT) Services
Victim Organization: sinovcloud trade
Victim Site: trade.sinovcloud.com
Alleged data breach of 7Ai App
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 460,000 7Ai App user records, containing email addresses and phone numbers, allegedly originating from 7ai.app.
Date: 2026-01-22T21:31:34Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1ed718b-021f-40ab-a5f5-6b09a829f5ac.png
https://d34iuop8pidsy8.cloudfront.net/71b39d0c-441a-42d2-b815-0dfeba9de669.png
Threat Actors: 0xy0um0m
Victim Country: China
Victim Industry: Social Media & Online Social Networking
Victim Organization: 7ai app
Victim Site: 7ai.app
Alleged data breach of ShowMyParking
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 650,000 ShowMyParking records, containing contact details and vehicle number information, allegedly originating from showmyparking.com.
Date: 2026-01-22T21:28:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e78b0ee2-2a08-4f4e-933c-7e8fbef84ec1.png
https://d34iuop8pidsy8.cloudfront.net/0a6f2ef0-9aa9-405b-a476-1c337517365c.png
Threat Actors: 0xy0um0m
Victim Country: India
Victim Industry: Transportation & Logistics
Victim Organization: showmyparking
Victim Site: showmyparking.com
Alleged data breach of XFSBZ
Category: Data Breach
Content: The threat actor claims to have leaked approximately 2 million XFSBZ customer records, consisting primarily of phone numbers, allegedly originating from xfsbz.cn.
Date: 2026-01-22T21:28:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b52375a-c7ca-4335-890e-693266df9a8c.png
https://d34iuop8pidsy8.cloudfront.net/9c212f4b-8977-4223-bcec-caa366ea25e1.png
Threat Actors: 0xy0um0m
Victim Country: China
Victim Industry: Consumer Services
Victim Organization: xfsbz
Victim Site: xfsbz.cn
Alleged data breach of HQY E-Will
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 600,000 HQY E-Will customer records, consisting primarily of phone numbers, allegedly originating from hqy.ewill.cn.
Date: 2026-01-22T21:27:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee4b23d6-aa23-4d3e-93d3-06e155a2ac7a.png
https://d34iuop8pidsy8.cloudfront.net/28b5f2d5-53ca-407a-936e-b20a59715092.png
Threat Actors: 0xy0um0m
Victim Country: China
Victim Industry: Consumer Services
Victim Organization: hqy e-will
Victim Site: hqy.ewill.cn
Kansai Integrated Systems falls victim to Brain Cipher Ransomware
Category: Ransomware
Content: The group claims to have obtained 500 GB of the organizations data. The data contains SQL and Oracle databases, along with various other internal files and documents containing sensitive corporate as well as personal information. They intend to publish the data within 14-15 days.
Date: 2026-01-22T21:20:34Z
Network: tor
Published URL: http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/n/kisnet
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54481cef-fe28-408b-ae1c-1c5bcfc4fab1.png
Threat Actors: Brain Cipher
Victim Country: Japan
Victim Industry: Software
Victim Organization: kansai integrated systems
Victim Site: kisnet.co.jp
FLB Group Limited falls victim to Brain Cipher Ransomware
Category: Ransomware
Content: The group claims to have obtained 700 GB of the organizations data. The data contains databases, email containers, various other internal files and documents containing sensitive corporate as well as personal information. They intend to publish the data within 5-6 days.
Date: 2026-01-22T21:19:44Z
Network: tor
Published URL: http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/n/flbgroup
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd248d67-a6a5-429d-9cf3-50b082ca1e95.png
Threat Actors: Brain Cipher
Victim Country: UK
Victim Industry: Printing
Victim Organization: flb group limited
Victim Site: flbgroup.com
Alleged Access to Multiple CCTV Surveillance Systems in Czech Republic
Category: Initial Access
Content: The Group claims to have gained unauthorized access to multiple CCTV surveillance systems in Czech Republic.
Date: 2026-01-22T21:13:36Z
Network: telegram
Published URL: https://t.me/op_morningstar/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d58a3f4e-2d13-4dfc-ab75-f280d4db7e94.png
https://d34iuop8pidsy8.cloudfront.net/84190861-3216-4ca0-af49-cdbfc766110a.png
Threat Actors: MORNING STAR
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Dorongadget
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 2.18 million Dorongadget customer records, containing phone numbers and order-related information, allegedly originating from dorongadget.com.
Date: 2026-01-22T21:11:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84a362ed-91f7-46dc-8c3f-010524d17ce6.png
https://d34iuop8pidsy8.cloudfront.net/ee972c64-a63e-4014-b65a-d359677725b4.png
Threat Actors: 0xy0um0m
Victim Country: Indonesia
Victim Industry: Retail Industry
Victim Organization: dorongadget
Victim Site: dorongadget.com
NorthWind Land Resources Inc. falls victim to Brain Cipher Ransomware
Category: Ransomware
Content: The group claims to have obtained 42 GB of the organizations data. The data contains general documents, client data, project files and other internal corporate information. They intend to publish the data within 16 days.
Date: 2026-01-22T21:08:18Z
Network: tor
Published URL: http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/n/nwlr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3d2596f4-65e6-4a5a-8408-6281d2606ece.png
Threat Actors: Brain Cipher
Victim Country: Canada
Victim Industry: Environmental Services
Victim Organization: northwind land resources inc.
Victim Site: nwlr.ca
Alleged unauthorized access to Baspar Test Accuracy Company
Category: Initial Access
Content: The threat actor claims to have gained unauthorized access to the WordPress administrative login for Baspar Test Accuracy Company in Iran.
Date: 2026-01-22T20:53:20Z
Network: openweb
Published URL: https://xforums.st/threads/basparco-ir-admin-wp-login.484819/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b271271-da9a-45f1-9242-31332450d184.png
Threat Actors: X Forum Bot
Victim Country: Iran
Victim Industry: Research Industry
Victim Organization: baspar test accuracy company
Victim Site: basparco.ir
Alleged data breach of BrandoWap
Category: Data Breach
Content: The threat actor claims to have leaked over 15 million BrandoWap marketing lead records, containing email addresses and full contact information, allegedly originating from brandowap.com.br.
Date: 2026-01-22T20:41:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15d7b897-84d3-4b18-9ffa-bfc3ee69e43d.png
https://d34iuop8pidsy8.cloudfront.net/cbf4c76d-8ec3-47d9-b561-501d28071031.png
Threat Actors: 0xy0um0m
Victim Country: Brazil
Victim Industry: Marketing, Advertising & Sales
Victim Organization: brandowap
Victim Site: brandowap.com.br
Alleged data breach of GS25 Travel
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 370,000 GS25 Travel client records, containing email addresses and phone numbers, allegedly originating from gs25travel.com.
Date: 2026-01-22T20:34:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/24e87f7f-6dd6-4b2b-934e-44e21c67d6aa.png
https://d34iuop8pidsy8.cloudfront.net/38074c77-8022-464b-b47f-f49ae69752ba.png
Threat Actors: 0xy0um0m
Victim Country: Thailand
Victim Industry: Hospitality & Tourism
Victim Organization: gs25 travel
Victim Site: gs25travel.com
California Tax Data falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc.They intend to publish the data within 5 days.
Date: 2026-01-22T20:30:45Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=8RB76PhPYU3A24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c28b86d-64e3-4159-8c14-65f7b6ca3fcb.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Government Relations
Victim Organization: california tax data
Victim Site: californiataxdata.com
Alleged data breach of Holistic Choice Fruits and Veggies
Category: Data Breach
Content: The threat actor claims to have breached Holistic Choice Fruits and Veggies and extracted 2.8 million customer records, including names, email addresses, phone numbers, location details, campaign identifiers, timestamps, and partial payment card descriptors.
Date: 2026-01-22T20:25:13Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274316/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90930486-a314-4807-a6d2-b894b7a878ab.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Consumer Goods
Victim Organization: holistic choice
Victim Site: fruitsandveggiesoffer.com
Alleged data breach of Test-IG
Category: Data Breach
Content: The threat actor claims to have obtained and leaked approximately 1.1 million Test-IG user records, consisting primarily of user account data with associated email addresses.
Date: 2026-01-22T20:21:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-0x0xbase-Discount-sale-dumps-24-25-yy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1b156dd8-7604-4627-b1d9-0f4958bf5fa0.png
Threat Actors: 0xy0um0m
Victim Country: USA
Victim Industry: Education
Victim Organization: test-ig
Victim Site: test-ig.org
Alleged data leak of UK KYC verification data
Category: Data Breach
Content: The threat actor claims to have leaked approximately 12 GB of KYC verification data. The dataset allegedly includes identity verification records, which may contain personal identifiable information (PII) such as identity documents, verification files, and related compliance data.
Date: 2026-01-22T20:01:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-12GB-KYC-Verification-Data-KYC-UK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90b933d5-56fa-4351-8a44-1f653a563eb2.png
Threat Actors: itskilim
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Franc macon book
Category: Data Breach
Content: The threat actor claims to have shared a collection of 2,190 French-language PDF books related to French Freemasonry, originating from the so-called “Franc Mason papers” .
Date: 2026-01-22T19:41:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-FR-Franc-macon-book
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cc608e5-da7c-4632-b4a3-fc8dbc9e31a3.png
Threat Actors: Didiplayer
Victim Country: France
Victim Industry: Civic & Social Organization
Victim Organization: Unknown
Victim Site: Unknown
ZenXPloit targets the website of Studio Synergy Fit
Category: Defacement
Content: The group claims to have defaced the website of Studio Synergy Fit
Date: 2026-01-22T19:29:47Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0eb96e7c-b27e-42c7-8cc5-fafa01d908a6.jpg
Threat Actors: ZenXPloit
Victim Country: Brazil
Victim Industry: Health & Fitness
Victim Organization: studio synergy fit
Victim Site: synergyfit.com.br
ZenXPloit targets the website of Veta Vertical
Category: Defacement
Content: The Group claims to have defaced the website of Veta Vertical in Mexico.
Date: 2026-01-22T19:22:10Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8f47df3-5976-4f3a-95ed-78469aef489c.png
Threat Actors: ZenXPloit
Victim Country: Mexico
Victim Industry: Building and construction
Victim Organization: veta vertical
Victim Site: vetavertical.com.mx
ZenXploit targets the website of Phoenix Insumos Hospitalarios
Category: Defacement
Content: The Group claims to have defaced the website of Phoenix Insumos Hospitalarios in Mexico.
Date: 2026-01-22T19:19:04Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2102ce52-4d7f-4896-a050-c066d57391d5.png
Threat Actors: ZenXPloit
Victim Country: Mexico
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: phoenix insumos hospitalarios
Victim Site: phoenixinsumoshospitalarios.com
ZenXPloit targets the website of MaxiBeat Ltd
Category: Defacement
Content: The group claims to have defaced the website of
Date: 2026-01-22T19:12:32Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/522c6205-4fa4-4558-b7ce-13099826c70d.jpg
Threat Actors: ZenXPloit
Victim Country: UK
Victim Industry: Import & Export
Victim Organization: maxibeat ltd
Victim Site: maxibeat.info
Alleged data breach of Epitech
Category: Data Breach
Content: The threat actor claims to have shared a scraped database from Epitech containing personal information such as first and last names, phone numbers, and email addresses. The dataset is reported to be approximately 5.4 MB in size.
Date: 2026-01-22T18:48:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Epitech-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c73a1d4-47b8-407a-a85d-726adf0bf984.png
https://d34iuop8pidsy8.cloudfront.net/9e52ff71-9c8a-42f6-bc35-8215c1c9cbf8.png
Threat Actors: telaviv
Victim Country: France
Victim Industry: Education
Victim Organization: epitech
Victim Site: epitech.eu
Alleged data leak of Japanese Government
Category: Data Breach
Content: The threat actor claims to have leaked confidential Japanese government documents related to rare earth metal mining, potentially including strategic, operational, or policy-related information concerning resource extraction and national supply chains.
Date: 2026-01-22T18:18:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-JAPAN-CONFIDENTIAL-GOV-RARE-EARTH-METAL-MINING-DOCUMENT-LEAKED
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1366ab4-fad6-4fc9-b4e3-098699dde8c4.png
https://d34iuop8pidsy8.cloudfront.net/c205f102-6df9-4559-9028-10847eaf11d5.png
Threat Actors: jrintel
Victim Country: Japan
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Elk Air Conditioning & Heating falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T18:03:01Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/elkair-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f94fd40a-37be-47e5-8074-58daf065b112.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: elk air conditioning & heating
Victim Site: elkair.com
AERIFY.io falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:59:00Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/aerify-io
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5526fba3-36d7-414c-b85c-dd95480b0310.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: aerify.io
Victim Site: aerify.io
Smith Dalia Architects falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:47:48Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/smithdalia-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a554312-7d14-4eae-9bd4-c30aee6d9a03.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: smith dalia architects
Victim Site: smithdalia.com
BAQUS Construction and Property Consultancy falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:47:00Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/baqus-co-uk
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b716c9d8-afcf-483c-9289-35869230382c.png
Threat Actors: CL0P
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: baqus construction and property consultancy
Victim Site: baqus.co.uk
Eastern Platinum Ltd. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:41:46Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/eastplats-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2c9e24f6-debe-44ba-9fad-4ff6197551a9.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Mining/Metals
Victim Organization: eastern platinum ltd.
Victim Site: eastplats.com
Montalba Architects falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:34:25Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/montalbaarchitects-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e325ea79-c984-47f3-be06-f3353171cf68.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: montalba architects
Victim Site: montalbaarchitects.com
Alleged Unauthorized Access to College du Val d’Arros in France
Category: Initial Access
Content: Threat Actor claims to have gained unauthorized access to the centralized building control and management system of Collège du Val d’Arros in France. The compromised system is reportedly used to monitor and control the institution’s heating systems, thermal energy infrastructure, and domestic hot water systems (ECS), covering multiple independent zones with real-time temperature monitoring and configurable threshold. The system allows control over boilers, circulation pumps, zone-specific pipelines, and operating schedules for both active and inactive periods and also displays equipment status, active alarms, operational parameters, and historical logs via a data logger.
Date: 2026-01-22T17:32:49Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3421
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe2c57d0-e2a9-492e-9e08-d4218e531898.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: France
Victim Industry: Education
Victim Organization: college du val d’arros
Victim Site: val-arros.mon-ent-occitanie.fr
Alleged data breach of Salesfloor
Category: Data Breach
Content: The threat actor claims to have leaked Salesfloor’s source code and internal databases, including developer data, logs, user images, SQL files, and customer-related information. The dataset reportedly totals approximately 1TB compressed and 4TB uncompressed, and allegedly includes data linked to multiple retail clients.
Date: 2026-01-22T17:21:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-4TB-Salesfloor-net-Source-Code-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f8497e85-61da-4604-99c0-1f26271882ed.png
https://d34iuop8pidsy8.cloudfront.net/cc4fd025-46c9-49b7-8933-fee8af1fb667.png
Threat Actors: LAPSUS-GROUP
Victim Country: Canada
Victim Industry: Retail Industry
Victim Organization: salesfloor
Victim Site: salesfloor.net
Alleged data breach of Nike, Inc
Category: Data Breach
Content: Group claims to have obtained organizations data and intent to publish it within 1-2 days
Date: 2026-01-22T17:21:13Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/1560961974/overview
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd692880-58be-4da1-9be8-087fed4baef7.png
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: nike, inc
Victim Site: nike.com
itRobotics falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:19:31Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/itrobotics-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d97de226-e0f0-4153-b472-d72b6006d34f.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Oil & Gas
Victim Organization: itrobotics
Victim Site: itrobotics.com
Warranty First falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:16:22Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/warrantyfirst-co-uk
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2700fa4d-86a6-4acd-9f43-f9b62da21b3b.png
Threat Actors: CL0P
Victim Country: UK
Victim Industry: Automotive
Victim Organization: warranty first
Victim Site: warrantyfirst.co.uk
Taylor Oballa Murray Leyland LLP falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:14:44Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/tomllawyers-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a723bcfe-d36b-4b21-809c-c3646c80e8d2.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Legal Services
Victim Organization: taylor oballa murray leyland llp
Victim Site: tomllawyers.com
EDF Group falls victim to falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-22T17:11:39Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ebf5b97a-2e56-38cb-9297-6d6d59342f4d
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27ec4d3b-b26d-4e29-b621-7f3dd061e52f.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: edf group
Victim Site: theedfgroup.com
SiNetCon GmbH falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-22T17:08:19Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=6d84461f-8361-3668-8b95-618697b34111
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00e47f87-6aac-475e-9d7f-b2c4b55bb9bc.png
Threat Actors: Qilin
Victim Country: Germany
Victim Industry: Information Technology (IT) Services
Victim Organization: sinetcon gmbh
Victim Site: sinetcon.de
Integroy Construction Inc. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T17:03:04Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/integroy-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8031c044-048c-4d8a-9fb5-8e612aa31e67.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: integroy construction inc.
Victim Site: integroy.com
Provincia Leasing S.A. falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-22T17:01:41Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e10f1b29-a0ad-3531-8f4f-68cee13b7144
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81ea0f25-4fdd-403b-848d-376d4caa5338.png
Threat Actors: Qilin
Victim Country: Argentina
Victim Industry: Financial Services
Victim Organization: provincia leasing s.a.
Victim Site: provincialeasing.com.ar
Farmacias Vilela falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-22T16:56:09Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ee254ee9-70a3-3aa0-ba73-331aba1702c2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de69e39e-3076-4985-b22e-4f59e18bc476.png
Threat Actors: Qilin
Victim Country: Argentina
Victim Industry: Retail Industry
Victim Organization: farmacias vilela
Victim Site: farmaciasvilela.com.ar
Environmental Corporation of America falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-22T16:47:30Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/eca-usa-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27915d94-0747-4238-98b1-8a047ccfb57b.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Environmental Services
Victim Organization: environmental corporation of america
Victim Site: eca-usa.com
Alleged Data Leak of French Education Portal
Category: Data Breach
Content: The threat actor claims to have leaked a database from a French education portal containing approximately 3,000 records with professor and staff identifiers, names, email addresses, login details, user IDs, and associated domain information.
Date: 2026-01-22T16:45:35Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-3K-FRENCH-EDUCATION-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c0b58238-c5e9-453b-af96-5f557dee87d8.png
Threat Actors: xmlrpc
Victim Country: France
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Infinite International claims to target Rcell
Category: Alert
Content: A recent post by the group indicates that they are targeting Rcell
Date: 2026-01-22T16:38:32Z
Network: telegram
Published URL: https://t.me/infinitena/280
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ad85f99-4dd9-4ddc-b454-3c057aef3e60.jpg
Threat Actors: Infinite International
Victim Country: Syria
Victim Industry: Network & Telecommunications
Victim Organization: rcell
Victim Site: rcell.me
Ocean Fish falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 10 GB of the organization’s data. The compromised data reportedly includes employee personal information, financial and payment records, project files, partner information, and other internal confidential documents.NB: The organization previously fell victim to LYNX Ransomware on Jan 18 2026
Date: 2026-01-22T16:10:44Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d62b15cc-cff6-4bd8-9142-8de8b4de7a17.png
Threat Actors: akira
Victim Country: Romania
Victim Industry: Food Production
Victim Organization: ocean fish
Victim Site: oceanfish.ro
Alleged data breach of K-CHESS
Category: Data Breach
Content: The threat actor claims to have extracted the complete K-CHESS user database containing approximately 83,000 user records. The exposed data reportedly includes user account information such as usernames, email addresses, personal details, authentication identifiers, avatars, chess ratings across multiple modes, game statistics, preferences, friend and challenge settings, moderation flags, activity status, timestamps, and subscription-related metadata.
Date: 2026-01-22T15:43:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-K-CHESS-COM-83K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56104d35-ad80-4478-93b0-630486f92ef1.png
Threat Actors: marak
Victim Country: France
Victim Industry: E-Learning
Victim Organization: k-chess
Victim Site: k-chess.com
BD Anonymous claims to target XPHONE 018 LTD
Category: Alert
Content: A recent post by the group indicates that they are targeting XPHONE 018 LTD.
Date: 2026-01-22T15:39:54Z
Network: telegram
Published URL: https://t.me/httpstmeVl8Cr1np5kxhYjd0/1745
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b97a8233-b75d-4ca1-9512-ea95d1d0f7bb.png
Threat Actors: BD Anonymous
Victim Country: Israel
Victim Industry: Network & Telecommunications
Victim Organization: xphone 018 ltd
Victim Site: xphone.co.il
Van Eycken Metal Construction falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 69 GB of the organization’s data. The compromised data reportedly includes employees information (passport details and scanned identification documents), HR records, financial documents, project files, and confidentiality agreements.
Date: 2026-01-22T15:32:37Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0576535c-0d07-401d-8a3c-bdec8eb32d62.png
Threat Actors: akira
Victim Country: Belgium
Victim Industry: Building and construction
Victim Organization: van eycken metal construction
Victim Site: vaneycken.be
Copetrol falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-22T15:28:57Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=80d3146a-fb96-3ff6-984d-a80998f7eb6f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ea894d79-f4c9-43e6-8c93-964f0ad124fa.png
Threat Actors: Qilin
Victim Country: Paraguay
Victim Industry: Oil & Gas
Victim Organization: copetrol
Victim Site: copetrol.com.py
Universal Builders Supply falls victim to akira Ransomware
Category: Ransomware
Content: he group claims to have obtained 22 GB of the organization’s data. The compromised data reportedly includes employees information (addresses, SSNs, passport and driver’s license scans, bank and credit card details), HR records, financial documents, project files, and confidential materials such as NDAs.
Date: 2026-01-22T15:23:16Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e2448e5-9980-4c9d-aea3-eaa36ebc8479.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: universal builders supply
Victim Site: ubs1.com
Alleged data breach of iPage
Category: Data Breach
Content: The group claims to have leaked database of iPage , exposing both user and administrative account data. The compromised dataset reportedly includes user identifiers, device and business details, full names, email addresses, passwords, one-time passwords and expiry timestamps, phone numbers, countries, full postal addresses, verification and status flags, as well as administrator records containing names, usernames, email addresses, password hashes, privilege levels, activity status, and last login timestamps.
Date: 2026-01-22T15:14:22Z
Network: telegram
Published URL: https://t.me/c/3027611821/331
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dbaa738b-80a5-4c9f-9ba9-df516bf61f11.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ipage
Victim Site: iappsorg.ipage.com
Radial Engineering falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 31 GB of the organization’s data. The compromised data reportedly includes employee and customer information, financial records, project files, and confidential documents such as NDAs.
Date: 2026-01-22T14:54:53Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f32b0f05-43ac-4bf6-bb5f-50dbe7634570.png
Threat Actors: akira
Victim Country: Canada
Victim Industry: Music
Victim Organization: radial engineering
Victim Site: radialeng.com
Spiros Industries falls victim to akira ransomware
Category: Ransomware
Content: The threat actor claims to have obtained the organisations data.
Date: 2026-01-22T14:50:23Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b5b1acc-8fde-4510-87f5-5d2203284ff6.JPG
Threat Actors: akira
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: spiros industries
Victim Site: spirosind.com
Alleged data breach of Yellow Slate
Category: Data Breach
Content: The threat actor claims to have shared a dataset allegedly associated with Yellow Slate, which operates the school search platform yellowslate.com. The data is described as a CSV file containing more than 21,000 records.
Date: 2026-01-22T14:45:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Yellow-Slate-yellowslate-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3fafcadb-98c7-4aa2-a98e-fd6b9bc5f464.png
Threat Actors: X0Frankenstein
Victim Country: India
Victim Industry: Education
Victim Organization: yellow slate
Victim Site: yellowslate.com
Alleged unauthorized access to Bunker Hill Engine Service LLC
Category: Initial Access
Content: The group claims that they have gained unauthorized access to the heating and snowmelt control system of Bunker Hill Engine Service LLC in USA. According to the claim, the access of full administrative control over the heating and snowmelt control system, allowing them to monitor and manipulate temperatures, boilers, operating modes, and snowmelt zones, which led to system disruption and hazardous conditions.
Date: 2026-01-22T14:35:38Z
Network: telegram
Published URL: https://t.me/zpentestalliance/991
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5739d19a-741a-4097-9755-1977828f4789.jpg
https://d34iuop8pidsy8.cloudfront.net/935766a1-aa25-407a-9421-0516d642aa5d.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: USA
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: bunker hill engine service llc
Victim Site: bunkerhillengine.com
Alleged leak of WordPress configuration files linked to multiple French organizations
Category: Data Breach
Content: The threat actor claims to have leaked WordPress configuration files allegedly originating from a web agency and linked to several organizations, including Airbus, ArianeGroup, and Vinci Construction Maritime et Fluvial.
Date: 2026-01-22T14:33:34Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOURCE-CODE-wp-config-Airbus-Ariane-Dorel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3bef1483-3968-4e53-97d0-a60a9ee7d70e.png
Threat Actors: ldopanda2
Victim Country: France
Victim Industry: International Trade & Development
Victim Organization: airbus avions & atlantic cfe-cgc
Victim Site: airbus.avions.cfe-cgc.fr
Cyber Attack hits Institut der Wirtschaftsprüfer in Deutschland e.V.
Category: Cyber Attack
Content: The Institut der Wirtschaftsprüfer in Deutschland (IDW), the professional association for auditors in Germany, has reportedly been the victim of a cyberattack in which data from auditors and partner organisations may have been exfiltrated. According to reports, the incident disrupted key communication systems and server connections, and the IDW has warned that sensitive business and personal data could have fallen into criminal hands, raising concerns about potential follow-on threats such as identity theft and phishing.
Date: 2026-01-22T14:28:39Z
Network: openweb
Published URL: https://www.finance-magazin.de/banking-berater/wirtschaftspruefer/cyberangriff-auf-idw-daten-von-wirtschaftspruefern-und-partnern-abgeflossen-234940/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Germany
Victim Industry: Accounting
Victim Organization: institut der wirtschaftsprüfer in deutschland e.v.
Victim Site: idw.de
Alleged data breach of Valorissimo
Category: Data Breach
Content: The threat actor claims to have leaked data of Valorissimo, a subsidiary of Bouygues Immobilier. The dataset is dated 2021 and reportedly includes account, company, and company contact records. The compromised data contains personal and corporate information such as names, email addresses, phone numbers, physical addresses, and company identifiers affecting over 13,000 user accounts and several thousand associated companies and contacts.
Date: 2026-01-22T14:20:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-Valorissimo
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/69fce18a-9233-4252-a185-268ab86b69a3.png
https://d34iuop8pidsy8.cloudfront.net/56960c3e-dbbb-4ed9-b640-0d03eb13602d.png
Threat Actors: ldopanda2
Victim Country: France
Victim Industry: Real Estate
Victim Organization: valorissimo
Victim Site: partenaires.valorissimo.com
Alleged data sale of ORPI AFG Immobilier
Category: Data Breach
Content: The threat actor claims to be selling 85 GB of data of the organisation.
Date: 2026-01-22T14:17:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FR-85GB-200K-Files-Orpi-AFG-Immobilierr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/098d45dc-0d44-447c-9bff-56bc30ef5aed.JPG
https://d34iuop8pidsy8.cloudfront.net/b98b93f7-5242-469e-a55d-18b0a536e7da.JPG
Threat Actors: HexDex2
Victim Country: France
Victim Industry: Real Estate
Victim Organization: orpi afg immobilier
Victim Site: orpi.com
Alleged data sale of CallonDoc
Category: Data Breach
Content: The threat actor claims to be selling database of CallOnDoc (callondoc.com), a telemedicine and medical clinic platform, exposing 1,144,223 patient records tied to a breach dated December 2025. The dataset is said to include sensitive patient information such as names, contact details, addresses, medical categories and conditions, prescribed services, transaction numbers, and payment amounts. If verified, the incident represents a serious exposure of protected health information (PHI).
Date: 2026-01-22T14:10:20Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Massive-American-Data-Breach-1-1M-Patient-Profiles-Exposed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f1f119c9-76a4-460d-9fae-4f7a0918d3c7.png
https://d34iuop8pidsy8.cloudfront.net/8670722f-3369-4cca-aed8-64d5f0bb4594.png
https://d34iuop8pidsy8.cloudfront.net/de8d7ad2-3e8f-4eeb-875e-a98a411c8b85.png
https://d34iuop8pidsy8.cloudfront.net/66bdf7de-d776-4df6-bde8-7cfed336dd2a.png
https://d34iuop8pidsy8.cloudfront.net/fd7b40f9-f7d3-4fda-87e3-5d9fbfe106d4.png
Threat Actors: iProfessor
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: callondoc
Victim Site: callondoc.com
Alleged data breach of Ministry of Higher Education and Scientific Research (Algeria)
Category: Data Breach
Content: Group claims to have gained unauthorized access to the systems of the Ministry of Higher Education and Scientific Research (Algeria), allegedly obtaining database and confidential information.
Date: 2026-01-22T14:01:41Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1106?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c08483c-feb6-4386-9e12-bb9a2a2bd0e6.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Government Administration
Victim Organization: ministry of higher education and scientific research
Victim Site: mesrs.dz
ELMORE GOLDSMITH KELLEY & DEHOLL falls victim to INC RANSOM ransomware
Category: Ransomware
Content: The threat actor claims to have obtained the organisations data.
Date: 2026-01-22T13:21:30Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696f63048f1d14b7432dbc14
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85907641-5e78-4974-b463-26541c924dd1.JPG
https://d34iuop8pidsy8.cloudfront.net/bac1937b-a695-41b2-9929-d8d6cdeada44.JPG
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: elmore goldsmith kelley & deholl
Victim Site: elmoregoldsmith.com
Alleged unauthorized access to a server belonging to an unidentified entity in the UAE
Category: Initial Access
Content: Group claims to have gained unauthorized access to a server belonging to an unidentified entity in the UAE and intends to publish the files soon.
Date: 2026-01-22T13:16:45Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/319
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/940639c2-c54a-4a1f-ac15-4e4bc4574834.png
Threat Actors: LulzSec Hackers
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
STRONG WINGS LLP falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 23 GB of organizations data. They intend to publish in 5 – 6 days.
Date: 2026-01-22T12:50:37Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/ab9f49b923161544d6fc0c3d7cd0bdf867adcfcffa4af758f4ccda040e76f6f9/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e79d1bb3-e8cf-45af-b183-255d9650929d.png
Threat Actors: TENGU
Victim Country: India
Victim Industry: Automotive
Victim Organization: strong wings llp
Victim Site: Unknown
Outsiders targets the website of Appleton & Eaton Parish Council
Category: Defacement
Content: The group claims to have defaced the website of Appleton & Eaton Parish Council
Date: 2026-01-22T11:48:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/783800
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8703917-3cc7-4f9d-8d0c-8b28b12af9d0.JPG
Threat Actors: ./Outsiders
Victim Country: Ukraine
Victim Industry: Government Administration
Victim Organization: appleton & eaton parish council
Victim Site: appleton-eaton-pc.gov.uk
Benzona ransomware group adds an unknown victim (aameia.com.g*)
Category: Ransomware
Content: The group claims to have obtained 300 GB of the organization’s data. The compromised data includes financial, client data.
Date: 2026-01-22T11:19:05Z
Network: tor
Published URL: http://benzona6x5ggng3hx52h4mak5sgx5vukrdlrrd3of54g2uppqog2joyd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c30d0da6-9548-4bb7-adde-6cc924b9f125.png
Threat Actors: Benzona
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: *aameia.com.g
Alleged unauthorized access to Radio Algeria
Category: Initial Access
Content: Group claims to have gained unauthorized access to the website of Radio Algeria.
Date: 2026-01-22T10:55:34Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1098
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c90103b-3040-4e97-bb08-2ac5c226cfef.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Broadcast Media
Victim Organization: radio algeria
Victim Site: radioalgerie.dz
chinafans defaced the website of Lagansky Bar
Category: Defacement
Content: Group claims to have defaced the website of Lagansky Bar.
Date: 2026-01-22T09:52:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784128
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4ff10a5d-f61d-4f96-a9dd-73fef839f2ac.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: Food & Beverages
Victim Organization: lagansky bar
Victim Site: lagansky.com
chinafans targets the website of Cards And Cases
Category: Defacement
Content: The group claims to have defaced the organizations website.
Date: 2026-01-22T09:31:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784102
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04c92984-86cc-4d63-89f7-6f2135b30ef3.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: cards and cases
Victim Site: cardsandcases.co.il
chinafans targets the website of Amina Healthcare Group
Category: Defacement
Content: The group claims to have defaced the organizations website.
Date: 2026-01-22T09:26:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784090
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/296d7fa3-4927-45f9-8be2-046082433b79.png
Threat Actors: chinafans
Victim Country: UAE
Victim Industry: Hospital & Health Care
Victim Organization: amina healthcare group
Victim Site: dev1.aminahealthcare.ae
chinafans targets the website of Eyal Segal Eilat Photography
Category: Defacement
Content: Group claims to have defaced the website of Eyal Segal Eilat Photography.
Date: 2026-01-22T09:25:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784114
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a16e89fd-6903-4bc7-a3d2-99b59a7ffa36.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: Photography
Victim Organization: eyal segal eilat photography
Victim Site: segalphotography.co.il
chinafans targets the website of Oron Tires
Category: Defacement
Content: Group claims to have defaced the website of Oron Tires.
Date: 2026-01-22T09:20:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784127
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5990889-d7c9-4181-9b6a-b69ef34052f6.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: Wholesale
Victim Organization: oron tires
Victim Site: oronstires.co.il
chinafans targets the Hanan Website
Category: Defacement
Content: The group claims to have defaced the organizations website.
Date: 2026-01-22T09:10:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/784124
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f42dc86-cdbd-491d-b4e2-11afe0d4185b.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: Education
Victim Organization: hanan website
Victim Site: chnana.co.il
Alleged leak of sensitive documents from the Embassy of the Republic of Albania in Greece
Category: Data Breach
Content: The threat actor claims to have leaked approximately 2,800 files allegedly associated with the Embassy of the Republic of Albania in Greece. According to the post, the leaked material consists of multiple folders totalling nearly 1 GB in size and is described as containing sensitive diplomatic documents.
Date: 2026-01-22T08:10:52Z
Network: openweb
Published URL: https://darkforums.io/Thread-Document-2-8-THOUSAND-SENSITIVE-DOCUMENTS-EMBASSY-OF-THE-REPUBLIC-OF-ALBANIA-IN-GREECE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b0d50765-faee-406b-a306-1c0d42427883.png
Threat Actors: HaxChipper
Victim Country: Albania
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Minecraft database
Category: Data Breach
Content: Threat actor claims to have leaked Minecraft database.
Date: 2026-01-22T07:31:00Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DB-MINECRAFT
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5f5055d-db9a-4bb4-9aa0-c4706286c312.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Sweden
Victim Industry: Gaming
Victim Organization: minecraft
Victim Site: minecraft.net
Z-BL4CX-H4T.ID targets the website of BMW
Category: Defacement
Content: The group claims to have defaced the website of BMW
Date: 2026-01-22T07:25:13Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/27
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a68e3cd8-baf1-43fd-870f-ac1f1e850717.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Vietnam
Victim Industry: Manufacturing
Victim Organization: bmw
Victim Site: bmwhcmc.vn
Alleged access to National Center for HIV/AIDS, Dermatology and STD
Category: Initial Access
Content: The group claims to have leaked access to National Center for HIV/AIDS, Dermatology and STD.
Date: 2026-01-22T06:31:12Z
Network: telegram
Published URL: https://t.me/thaiisgodalert/313
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47c904dd-6ccd-4f48-b665-bbceb98c7ac9.png
https://d34iuop8pidsy8.cloudfront.net/6ca52945-30ed-49e1-a934-3c5260c6478a.png
Threat Actors: thai is god
Victim Country: Cambodia
Victim Industry: Hospital & Health Care
Victim Organization: national center for hiv/aids, dermatology and std
Victim Site: mpi.nchads.gov.kh
Alleged Sale of UAE Bank Accounts
Category: Initial Access
Content: The group claims to have gained unauthorized access to UAE personal and business bank accounts for handling funds.
Date: 2026-01-22T06:28:50Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274290/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b127212-2379-4394-b713-67621d0e9d3f.png
Threat Actors: KURDI
Victim Country: UAE
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Gran Concursos Públicos
Category: Data Breach
Content: Threat actor claims to have leaked user data belonging to Gran Concursos Públicos, a Brazil-based EdTech platform. The dataset allegedly contains approximately 570,000 customer records, including session data, IP addresses, user agents, and email-related identifiers, sourced from MS and PHP session logs.
Date: 2026-01-22T06:28:46Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274301/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2c25eb11-4707-4ae9-b3dd-469681002af8.png
Threat Actors: hubert
Victim Country: Brazil
Victim Industry: Education
Victim Organization: gran concursos públicos
Victim Site: grancursosonline.com.br
Alleged Data Breach of Squarespace
Category: Data Breach
Content: Threat actor claims to have breached internal Squarespace web portals used for domain sales and management, allegedly exposing data of approximately 2 million users, including WHOIS-protected records and migrated Google Domains customers, due to systems lacking 2FA and relying only on username/password authentication.
Date: 2026-01-22T06:17:44Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274298/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd757a9a-8c53-4d2c-ae9d-387e31ff9cfe.png
https://d34iuop8pidsy8.cloudfront.net/0fd6e29c-f1c3-468b-abd4-0145241d98f8.png
Threat Actors: spacingsquares
Victim Country: USA
Victim Industry: Software Development
Victim Organization: squarespace
Victim Site: squarespace.com
Alleged Data Breach of Credit Glory
Category: Data Breach
Content: Threat actor claims to have breached data from Credit Glory, a US-based credit repair company. The alleged dataset includes nearly 500,000 customer records with names, emails, phone numbers, client IDs, billing and CRM data, as well as credit report details, dispute status, average scores, and look-alike data containing addresses, DOBs, ZIP codes, and age.
Date: 2026-01-22T06:16:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274303/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d4016f92-936a-4c71-8bba-d0db92bbd471.png
https://d34iuop8pidsy8.cloudfront.net/db681dbd-e4af-47f6-8db7-255670cd7aaf.png
Threat Actors: hubert
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: credit glory
Victim Site: creditglory.com
Cyber Attack hits Zendesk ticket systems
Category: Cyber Attack
Content: People worldwide are being impacted by a cyber incident involving unsecured Zendesk support systems, which is being exploited to launch a large-scale cyber attack. Victims report receiving hundreds of unsolicited emails, some with disturbing or alarming subject lines. The situation is under investigation, and the timeline for full remediation remains uncertain.
Date: 2026-01-22T06:07:33Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/zendesk-ticket-systems-hijacked-in-massive-global-spam-wave/
Screenshots:
None
Threat Actors: Unknown
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: zendesk ticket systems
Victim Site: zendesk.com
Alleged sale of data belonging to employees of an unidentified C-level company
Category: Data Breach
Content: Threat actor is offering an alleged database of over 19 million records containing contact details of wealthy individuals and C-level executives. The data reportedly includes names, company names, email addresses, phone numbers, and job titles, collected from aggregated marketing and mailing sources. The dataset is advertised for lead generation and outreach purposes and is listed for sale at a price of $10,000.
Date: 2026-01-22T05:24:19Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274299/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/844c47dc-3910-4791-8167-5554b35167da.png
Threat Actors: GeeksforGeeks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unique Windows Installation
Category: Malware
Content: Threat actor claims to be selling Windows installation traffic, offering unique and bundled installs for .exe payload delivery. The service is marketed for malware distribution, with traffic delivered via custom builds and installation bundles.
Date: 2026-01-22T05:22:54Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274292/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b7bd10e-2d66-4f6a-85e6-b8ce02a576a3.png
Threat Actors: Scarlet_sc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Fédération Nationale des Chasseurs
Category: Data Breach
Content: The threat actor claims to have breached the Fédération Nationale des Chasseurs data, the dataset includes insurance invoices, validation PDFs for hunting licenses, and personal information of licensed hunters.
Date: 2026-01-22T04:10:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FEDERATION-CHASSEUR-DE-FRANCE-PERMIS-CHASSE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d995d86-546f-4837-a158-79785d2c6f94.png
Threat Actors: marak
Victim Country: France
Victim Industry: Non-profit & Social Organizations
Victim Organization: fédération nationale des chasseurs
Victim Site: chasseurdefrance.com
Alleged unauthorized access to INELSUR
Category: Initial Access
Content: The group claim to have gained unauthorized access to INELSUR.
Date: 2026-01-22T03:40:11Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3419
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c8e2d12-85b6-4355-8a45-0d9a1c74068a.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Spain
Victim Industry: Industrial Automation
Victim Organization: inelsur
Victim Site: inelsur.es
Alleged data breach of Pengadilan Negeri Jayapura Kelas IA
Category: Data Breach
Content: The threat actor claims to be leaked data from Pengadilan Negeri Jayapura Kelas IA
Date: 2026-01-22T03:17:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Pengadilan-Negeri-Jayapura-Kelas-IA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd2ded5a-d4cb-47d1-8a9a-6b0a331bdc82.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: pengadilan negeri jayapura kelas ia
Victim Site: pn-jayapura.go.id
Alleged Data Breach of CarsDir
Category: Data Breach
Content: The threat actor claims to have leaked the user database of CarsDir, The dataset contains approximately 118,900 member records, including account credentials and associated metadata.
Date: 2026-01-22T03:14:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-www-carsdir-com-118-9k-Members-Dehashed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4748e6e-63d6-4ad1-aa74-9e8873914e1d.png
Threat Actors: Al-Sheikh
Victim Country: Unknown
Victim Industry: Automotive
Victim Organization: carsdir
Victim Site: carsdir.com
Alleged data breach of Kemahasiswaan Mitra
Category: Data Breach
Content: The threat actor claims to be leaked data from Kemahasiswaan Mitra
Date: 2026-01-22T03:03:28Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-kemahasiswaan-mitra
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d5206b5-f3c0-40f2-a804-6ee6d42bfde4.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: kemahasiswaan mitra
Victim Site: kemahasiswaan.umiba.ac.id
Alleged data breach of Santa Maria das Barreiras
Category: Data Breach
Content: The group claims to be breached 37.58 GB data from Hospital Municipal de Santa Maria das Barreiras. The compromised data reportedly includes information about patients, results of laboratory tests and records of medical visits.
Date: 2026-01-22T03:01:53Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3414
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/705b7747-4c90-480d-8bbe-044ba378c3ce.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Brazil
Victim Industry: Hospital & Health Care
Victim Organization: santa maria das barreiras
Victim Site: santamariadasbarreiras.pa.gov.br
Alleged leak of Hotmail Account
Category: Data Breach
Content: The threat actor claims to be leaked 2.8k Hotmail Account
Date: 2026-01-22T02:55:43Z
Network: openweb
Published URL: https://darkforums.io/Thread-2-8k-HOTMAIL-HITS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1e20076-8c74-4329-ad07-dbc02853eb7b.png
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Global Passenger Flight and Travel Data
Category: Data Breach
Content: The threat actor claim to be leaked Global Passenger Flight and Travel Data. The compromised data reportedly includes personal identifiers, passport numbers, flight details, travel history, hotel addresses, emergency contact information
Date: 2026-01-22T02:25:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Global-Flight-Information
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8743a2ee-dd90-45fe-828b-bfbddc0963f1.png
https://d34iuop8pidsy8.cloudfront.net/e19d2dce-debc-4bb2-bebe-d022e48fc9f6.png
Threat Actors: 5gbstoragevpn
Victim Country: Unknown
Victim Industry: Airlines & Aviation
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Global Casino and Gambling Lead Database
Category: Data Breach
Content: The threat actor claims to be selling Global Casino and Gambling Lead Database. The Compromised Data contain 790,000 records including Full name, Login, username, Physical address, Country, currency, Phone number, Email address
Date: 2026-01-22T02:09:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Premium-Casino-Gambling-Leads-High-Converting-Global-2026-Fresh-Dump-Unsold
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0702485f-dede-4d11-98a8-0559943856e9.png
Threat Actors: taking0ver
Victim Country: Unknown
Victim Industry: Gambling & Casinos
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack hits Leinerstift e.V.
Category: Cyber Attack
Content: The Leinerstift in Großefehn has been affected by a cyberattack that temporarily restricted access to its IT systems. Despite the disruption, care and support services for individuals continued without interruption. The incident was detected recently, and investigations are ongoing. Technical teams and management are currently working to restore full system functionality, though no clear timeline for complete recovery has been announced.
Date: 2026-01-22T02:05:39Z
Network: openweb
Published URL: https://www.ga-online.de/artikel/1626122/Leinerstift-in-Grossefehn-Ziel-von-Cyber-Kriminellen
Screenshots:
None
Threat Actors: Unknown
Victim Country: Germany
Victim Industry: Civic & Social Organization
Victim Organization: leinerstift e.v.
Victim Site: leinerstift.de
Alleged data breach of Abu Dhabi Mobility
Category: Data Breach
Content: The group claims to have leaked the data of Abu Dhabi Mobility. The compromised data includes girls database including names, email addresses, phone numbers, documents, and drivers licenses.
Date: 2026-01-22T01:45:25Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/231
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eeb23778-2777-4d80-857e-ba62a1fd956a.png
Threat Actors: LulzSec Hackers
Victim Country: UAE
Victim Industry: Government Administration
Victim Organization: abu dhabi mobility
Victim Site: admobility.gov.ae
Alleged Sale of Russian Business Executives And Corporate Contacts Data Leak
Category: Data Breach
Content: The threat actor claims to have leaked possession and distribution of a large scale structured data containing corporate contacts and executive level business information.
Date: 2026-01-22T01:39:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Russian-Business-Executives-Corporate-Contacts-Database-2-49M-Records-CSV
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9e377bb1-3c0e-44af-9ced-cbdf6f05570c.png
https://d34iuop8pidsy8.cloudfront.net/6888d219-368a-461d-9bb5-d89245b12bcc.png
Threat Actors: ProxyBurning
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of unidentified organization data from France
Category: Data Breach
Content: The threat actor claims to have leaked unidentified organization data from France.
Date: 2026-01-22T01:34:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-repack-mix-database-francee
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7356475-70bd-43fb-81c5-0e64d2c4cdcc.png
Threat Actors: harmoniafione
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Onsight falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 700 GB of organizations data. The compromised data includes contracts and confidential data. They intend to publish it within 8 – 9 days.
Date: 2026-01-22T01:21:24Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6971248e6387a4c9a2929a67
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ec9be9c-f96e-4145-b599-d7b5e578d0c5.png
https://d34iuop8pidsy8.cloudfront.net/291e17a7-a5d2-445c-a622-5855da171da5.png
Threat Actors: Sinobi
Victim Country: UK
Victim Industry: Media Production
Victim Organization: onsight
Victim Site: onsight.co.uk
Alleged Data Breach of MHz Group
Category: Data Breach
Content: The threat actor claims to have breached MHz Group data base.
Date: 2026-01-22T01:12:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOURCE-CODE-MHz-group-com-Data-Breach-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75ef5368-5a83-473d-9d6e-41e1ea5a0b52.png
Threat Actors: 888
Victim Country: UAE
Victim Industry: Management Consulting
Victim Organization: mhz grou
Victim Site: mhz-group.com
Alleged data leak of UAE
Category: Data Breach
Content: The group claims to have leaked data of the UAE.
Date: 2026-01-22T01:09:04Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/226
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/53b8330c-bc8b-490d-9a46-069aa6069cf8.png
https://d34iuop8pidsy8.cloudfront.net/2ec7f124-d61f-4e9a-9cdd-ea7ce9bcbfa8.png
https://d34iuop8pidsy8.cloudfront.net/11c7bdef-4e06-405a-8a68-81dac22b8a28.png
https://d34iuop8pidsy8.cloudfront.net/4a91292d-9a2f-4793-8dc4-133aaeb4a83d.png
https://d34iuop8pidsy8.cloudfront.net/45567fe8-0855-42b4-99ca-723bb7e3b228.png
Threat Actors: LulzSec Hackers
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Syrian Arab Monetary Fund
Category: Data Breach
Content: The threat actor claims to have breached Syrian Arab Monetary Fund documents.
Date: 2026-01-22T00:51:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-SYRIA-ARAB-MONETARY-FUND-LEAKED-DOCUMENTS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/958e3f63-2c2f-43a8-8e9f-4ca23f41e136.png
Threat Actors: temp123
Victim Country: Syria
Victim Industry: Banking & Mortgage
Victim Organization: syrian arab monetary fund
Victim Site: Unknown
Alleged Data Breach of colisprivé
Category: Data Breach
Content: The threat actor claims to have leaked customer-related data associated with colisprivé, the dataset contains full names, phone numbers, email addresses, physical addresses, postal codes, and messaging identifiers.
Date: 2026-01-22T00:41:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-colispriv%C3%A9r-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34c61135-bc33-435f-a452-ff6ef3708b5b.png
Threat Actors: lysanaflare
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: colis privé
Victim Site: colisprivé.fr
Alleged Data Leak of Binance
Category: Data Breach
Content: Threat actor shared an alleged Binance Brazil database obtained via phishing. The leak reportedly contains names, email addresses, and phone numbers of users, totaling approximately 31,000 records.
Date: 2026-01-22T00:15:32Z
Network: openweb
Published URL: https://leakbase.la/threads/binance-brazil-2026.48349/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f92de90f-c9a8-45f3-b2eb-3193258b6528.png
Threat Actors: zoozkooz
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of +3WiFi Compromised Wi-Fi Networks Database
Category: Data Breach
Content: Threat actor claims to be leaked associated with +3WiFi, The dataset contains over 30 million records of Wi-Fi access points, including technical parameters, geolocation data, and network configuration details.
Date: 2026-01-22T00:00:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-3WiFi-database-of-compromised-Wi-Fi-networks-LEAK-30223735-ROWS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4867b3c6-6a15-41a3-8c17-b5b10997e832.png
https://d34iuop8pidsy8.cloudfront.net/6b81bfdf-4473-4a78-8bfb-fd232a947683.png
Threat Actors: ProxyBurning
Victim Country: Unknown
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown