[January-23-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This comprehensive report provides a detailed analysis of the cybersecurity incidents recorded on January 23, 2026. The data, derived from 128 distinct incident reports, reveals a volatile and highly active threat landscape characterized by a convergence of financially motivated ransomware campaigns, large-scale data trafficking, and geopolitically driven hacktivism.

The 24-hour observation window highlights a significant surge in activity from established ransomware groups such as CL0P and Akira, alongside massive data leaks orchestrated by actors like hulky and ShinyHunters, targeting billions of user records across Asia and the West. Furthermore, the data indicates a persistent undercurrent of initial access sales and targeted defacements, particularly affecting nations involved in ongoing geopolitical tensions.

Key findings from this period include:

Ransomware Dominance: A coordinated blitz by the CL0P ransomware gang against North American and European targets.
Mega-Breaches: The exposure of billions of records involving Chinese and Southeast Asian citizens by the threat actor ‘hulky’, as well as high-profile corporate leaks (SoundCloud, Crunchbase) by ‘ShinyHunters’.
Hacktivist Waves: A focused defacement campaign by “Brotherhood Capung Indonesia” targeting Israeli infrastructure.
Critical Infrastructure Threats: Verified alarms regarding power plant access in the Czech Republic and government infrastructure in Senegal and Indonesia.

This report categorizes these incidents into distinct threat vectors, analyzing the specific actors, victim demographics, and the potential operational impact of these compromises.

2. Statistical Overview and Methodology

2.1 Methodology

This report is based on the analysis of raw intelligence data comprising 128 unique entries . Each entry was reviewed for threat actor attribution, victim sector, geographic location, and the nature of the compromised data. All information presented is derived strictly from the provided source material.

2.2 Threat Categories

The incidents on January 23, 2026, fall into four primary categories:

Data Breaches (48%): The unauthorized exfiltration and subsequent sale or leaking of sensitive databases.
Ransomware (31%): attacks involving encryption and data theft, followed by extortion via dark web leak sites.
Defacement (15%): The unauthorized alteration of websites, primarily driven by hacktivist motives.
Initial Access/Malware (6%): The sale of unauthorized administrative access (shells, RDP, panels) or specific hacking tools.

2.3 Geographic Distribution

The geographic spread of victims was vast, with significant concentrations in:

United States: The primary target for ransomware and initial access sales.
China: The primary target for massive volume PII (Personally Identifiable Information) leaks.
Israel: Disproportionately targeted by hacktivist defacement campaigns.
France, Indonesia, and Brazil: Subject to a mix of government data breaches and ransomware attacks.

3. Ransomware Campaigns: The Industrialization of Extortion

Ransomware activity remains a critical threat to global stability. On January 23, 2026, multiple groups were active, but the landscape was dominated by the aggressive maneuvers of the CL0P gang.

3.1 The CL0P Offensive

The CL0P ransomware group executed a high-tempo campaign, listing numerous victims in a short timeframe. Their targeting strategy appears indiscriminate regarding industry but highly focused on Western economies, particularly the USA and Canada.

Legal and Corporate Services: CL0P claimed attacks on Excelas, LLC , a legal firm, and Clearway Group of Companies in Canada. The compromise of legal firms is particularly dangerous due to the sensitivity of client privilege and litigation strategies often contained in their files.
IT and Services: The group targeted INSPYR Solutions and 4D IT Solutions, Inc.. Breaching IT service providers offers threat actors a “force multiplier” effect, potentially allowing them to pivot into the networks of the victim’s clients.
Healthcare and Facilities: Victims included Wild Ridge Lawn & Landscape and VISTA Training, Inc..
International Reach: While US targets were prevalent, CL0P also hit RESTART , a telecommunications company in Italy, and Alseth Brothers Ltd in Norway.

The consistency of these postings suggests CL0P has automated much of their initial exploitation or is working through a backlog of successfully compromised networks.

3.2 The Resurgence of Akira

The Akira ransomware group demonstrated a focus on high-value corporate data, specifically targeting organizations with significant intellectual property or sensitive employee records.

Manufacturing and Supply Chain: Akira listed JA Riollano Co., Inc. and M&W Manufacturing as victims. In both cases, the group claimed to have exfiltrated 20 GB of data, including “employee personal information, client data… and accounting records”.
Publishing: A significant hit was recorded against IGI Global Scientific Publishing, where Akira claimed to have stolen 220 GB of data, including contracts, NDAs, and financial records. This attack threatens the integrity of academic and scientific dissemination.
Infrastructure: In Switzerland, Aschwanden & Partner AG was targeted, with 37 GB of project data compromised.

3.3 INC RANSOM and Other Notable Actors

INC RANSOM focused on large-scale data theft from major industrial and retail entities:

They claimed a massive 1 TB theft from Goldair Handling in Greece, a critical service provider for the aviation industry.
They targeted BMW Slovak Republic, claiming 590 GB of data. Attacks on automotive subsidiaries can disrupt manufacturing supply chains and expose proprietary engineering data.
In Brazil, they targeted the OAB SP (Ordem dos Advogados do Brasil – São Paulo Section), a major civic and legal organization.

Other active groups included DragonForce, which claimed 192 GB from Uinta Bank in the USA , and RansomHouse, which claimed a massive 743 GB from the Warren County Sheriff’s Office. The attack on law enforcement is particularly concerning as it jeopardizes active investigations, witness safety, and officer privacy.

4. The “Hulky” and “ShinyHunters” Wave: A Crisis of Personal Data

Perhaps the most alarming trend observed on January 23, 2026, was the sheer volume of personal data being trafficked on the dark web. Two actors, hulky and ShinyHunters, were responsible for listing billions of records.

4.1 Hulky: The Asian Data Hemorrhage

The threat actor known as hulky flooded the market with databases primarily originating from China and Southeast Asia. The scale of these leaks suggests deep systemic compromises within regional infrastructure or logistics providers.

The Billion-Record Leaks: Hulky listed a database containing 1.2 billion records of Chinese citizens and another with 1.12 billion phone and IMEI records. These datasets, if authentic, represent a near-total enumeration of the digital population of the region.
Logistics and Commerce:
- China Shopping Delivery Addresses: A dataset of 810 million records was listed , alongside another batch of 14.2 million delivery records. These logs contain names, phone numbers, and physical addresses—a goldmine for physical security threats and targeted scams.
- Financial Data: A leak of Chinese Union Pay data allegedly exposed 170 million records, including national IDs and location data.
Targeting the Diaspora: Hulky specifically targeted Chinese nationals living abroad, listing databases for Chinese residents in Malaysia (7 million records) , Canada (115,000 records) , Singapore (1.14 million records) , and the USA (869,000 records). This targeted segmentation suggests an intent to facilitate transnational repression or specialized fraud targeting expatriate communities.

4.2 ShinyHunters: Corporate Giants Exposed

The notorious group ShinyHunters returned with high-profile corporate leaks, signaling that Western tech and financial companies remain vulnerable.

SoundCloud: A claim of 30 million PII records was posted. For a platform built on user interaction, this exposure puts millions of creators and listeners at risk of social engineering.
Betterment: The financial advisory firm allegedly suffered a leak of 20 million records. Financial service breaches are critical due to the potential for immediate monetary theft and long-term identity fraud.
Crunchbase: A database of 2 million records was listed. As a primary resource for business intelligence, a breach here could expose investor details and private contact information of high-net-worth individuals.

5. Geopolitical Hacktivism and Defacement Campaigns

The data from January 23 clearly reflects the ongoing geopolitical tensions in the Middle East and Eastern Europe, manifesting as digital vandalism and psychological warfare.

5.1 The Anti-Israel Campaign

A threat actor group identified as BROTHERHOOD CAPUNG INDONESIA launched a sustained defacement campaign against Israeli civilian and commercial websites. This was not a sophisticated data exfiltration operation but rather a “mass noise” campaign intended to disrupt and intimidate.

Targets: The victims were largely small to medium businesses, including Donna (Cosmetics) , Verelo (Fashion) , JRL Professional , and School Net.
Modus Operandi: The attacks involved replacing the victim’s website content with the group’s messaging. While the technical impact on each individual site is low, the cumulative effect serves to erode public confidence in digital safety.

5.2 The Russia-Ukraine Cyber Front

The conflict between Russia and Ukraine continues to generate significant cyber activity, characterized by mutual targeting of critical databases.

Attacks on Ukraine: The IT ARMY OF RUSSIA claimed responsibility for breaching the Zaporizhzhia State Medical and Pharmaceutical University and Bukovinian State Medical University. Leaking student and academic records is a tactic aimed at demoralizing the population and disrupting educational institutions. Additionally, a group named Perun Svaroga claimed to leak data from Koryukivkavodokanal (a water utility), exposing citizen records and internal system data.
Attacks on Russia: Conversely, the Pension Fund of the Russian Federation (PFR) was targeted by an actor named hexvior, who claimed to share a database of over 100 million records. This represents a massive breach of government trust, potentially exposing the financial and personal details of the entire Russian pensioner population. Additionally, the landscaping platform Газоны России was breached, exposing 27,000 records.

6. Critical Infrastructure and Government Targets

Beyond financial theft and vandalism, the report highlights worrying intrusions into government systems and critical infrastructure, posing risks to national security and public safety.

6.1 Energy and Utilities

Czech Power Plant: An actor named Z-PENTEST ALLIANCE claimed to have gained unauthorized access to the control system of a power plant in the Czech Republic. While the specific plant was not named, any unauthorized access to Industrial Control Systems (ICS) is a Tier-1 national security threat.
Senegal: The General Secretariat of the Government of Senegal suffered a massive breach affecting its central digital infrastructure. The threat actor DARK 07x claimed access to HR systems, communication channels, and administrative tracking systems. They also leaked the professional ID of a ministry inspector to prove access.

6.2 Government Data Leaks

Indonesia: A frequent target, Indonesia saw breaches of its Bank Syariah Indonesia (BSI) (25 million records) , the Ministry of Manpower , and Institut Pertanian Bogor.
Saudi Arabia & UAE: The actor Buscador claimed leaks of login credentials for the Saudi National Portal , the UAE Government website , and NXP Technologies LLC. These credential leaks can serve as precursors to deeper espionage or sabotage operations.
China: In addition to the commercial leaks, thelastwhitehat claimed to leak data from China’s Housing Provident Fund, affecting 41 million people.

7. The Initial Access and Malware Economy

The “Access-as-a-Service” market was vibrant on January 23, acting as the feeder ecosystem for future ransomware and data theft attacks.

7.1 E-Commerce Access Sales

Threat actors like Shopify (the actor name, not the company), ed1n1ca, and Zimmer flooded forums with offers for unauthorized access to online stores.

Locations: Listings included stores in Brazil , the USA , Ireland , New Zealand , and Israel.
Access Types: These sales often included “admin panel access” or “shell access,” giving the buyer full control over the site to steal credit cards (skimming) or deploy ransomware.

7.2 Malware Development

McDonald’s Account Checker: An actor named Zyad2drkwb released a tool specifically designed to bypass security on the McDonald’s mobile app. This highlights the niche market for “credential stuffing” tools used to steal loyalty points and commit fraud.
Undetected Corporate Bots: Actor USER2DA offered “white/legitimate software” capable of evading AV/EDR detection, marketed for use in corporate botnets. This demonstrates the sophistication of malware authors in bypassing modern endpoint defense systems.

8. Sector-Specific Impact Analysis

8.1 Healthcare and Medical

The healthcare sector remains a prime target due to the critical need for uptime and the value of medical records.

Victims: Supriya Aesthetic Dermatology (USA) , Hood River Dental (USA) , Orthopaedic Specialists of Massachusetts (USA) , and One Health (UAE).
Impact: The breach of Orthopaedic Specialists by BEAST Ransomware is notable as the organization had previously fallen victim to Qilin ransomware just days prior. This “double-dip” targeting highlights the ruthlessness of ransomware operators against vulnerable medical entities.

8.2 Education

Educational institutions are increasingly targeted for the PII of students and staff.

Victims: Al-Turath University (Iraq) , Zaporizhzhia State Medical University (Ukraine) , Epitech (France) , and Institut Pertanian Bogor (Indonesia).
Data Types: Leaks included student IDs, parental information, and academic records, posing long-term privacy risks for minors and young adults.

8.3 Financial Services

Trust is the currency of the financial sector, and multiple breaches eroded that trust on January 23.

Victims: Affirm (USA) , Bank Syariah Indonesia , Uinta Bank (USA) , and Betterment.
Scale: The Affirm breach allegedly exposed 26 million records, while the BSI breach exposed 25 million. The sheer volume of financial data circulating on the dark web facilitates complex fraud rings and identity theft on a global scale.

9. Regional Deep Dive

9.1 United States

The USA remains the most attacked nation by volume of distinct incidents. The threats are diverse: ransomware (CL0P, Akira, DragonForce), data breaches (Crunchbase, Affirm), and initial access sales. The targeting of local law enforcement (Warren County Sheriff) and small medical practices indicates that no entity is too small or too specialized to be ignored by automated threat scanners.

9.2 China

China is facing a data privacy crisis of unprecedented magnitude. The activity on January 23 was characterized not by ransomware, but by massive bulk data theft. The leaks by hulky involving billions of rows of citizen data, logistics information, and insurance records suggest a possible systemic failure in how data is aggregated and secured by third-party processors in the region.

9.3 France

France saw a mix of academic breaches (Epitech ), research institute hacks (OFCE Sciences Po ), and scam infrastructure leaks. Interestingly, one leak exposed a French Scamming Platform, where a hacker leaked the internal data of a scam operation itself—a case of “hacker vs. scammer” vigilantism.

9.4 Indonesia

Indonesia continues to suffer from weak digital infrastructure resilience. The breaches range from banking (BSI) to government ministries (Manpower) and universities. The recurrence of Indonesian targets in dark web forums suggests it is viewed as a “soft target” by global threat actors.

10. Conclusion and Strategic Outlook

The events of January 23, 2026, provide a sobering snapshot of a global cybersecurity environment that is becoming increasingly perilous and industrialized.

The Rise of the “Mega-Leak”: The most significant trend identified is the normalization of data leaks involving hundreds of millions to billions of records. The activities of actors like hulky and ShinyHunters indicate that data retention policies and database security measures are failing to keep pace with the capabilities of threat actors. When billions of records regarding citizens’ movements (delivery data), finances (Union Pay), and identity (National IDs) are available for purchase, the concept of digital privacy becomes virtually obsolete for the affected populations.

Ransomware Persistence: Despite global law enforcement efforts, ransomware groups like CL0P and Akira are operating with impunity. Their ability to hit multiple victims across different sectors in a single day demonstrates a high level of operational maturity and automation. The trend of re-victimization (as seen with Orthopaedic Specialists of Massachusetts) suggests that organizations are struggling to patch vulnerabilities even after an initial incident.

Geopolitics as a Driver: The conflict-driven cyberattacks in Ukraine, Russia, and Israel show that cyberspace remains a primary domain for modern warfare. These attacks are rarely about financial gain; they are about disruption, demoralization, and the erosion of trust in public institutions.

The Vulnerability of Supply Chains: Attacks on logistics (Goldair Handling), automotive supply chains (BMW Slovakia, Y.C.C. Parts), and IT service providers (INSPYR Solutions) highlight the fragility of the global supply chain. A single breach in a service provider can ripple out to affect hundreds of downstream clients.

Final Assessment: The data from January 23, 2026, indicates that organizations must pivot from a posture of “prevention” to one of “resilience.” With initial access to corporate networks selling for negligible amounts on dark web forums, the perimeter is porous. The focus must shift to detecting lateral movement, encrypting sensitive data at rest to render it useless if stolen, and hardening backup systems against ransomware. Furthermore, the massive volume of PII leaks necessitates a re-evaluation of identity verification processes, as static data points (DOB, SSN, Address) can no longer be trusted as proof of identity.

Detected Incidents Draft Data

Alleged leak of Turkish Data
Category: Data Breach
Content: The threat actor claims to be leaked Turkish Data
Date: 2026-01-23T23:57:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Hello-everyone-the-Turkish-database-leak-is-here
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6697f64e-3d58-4c36-8dbc-453c6c16a401.png
https://d34iuop8pidsy8.cloudfront.net/b7c9da09-d053-4d06-8433-9aed88253bd0.png
Threat Actors: anonymous249942
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of OFCE Sciences Po
Category: Data Breach
Content: The threat actor claims to be breached data from OFCE Sciences Po
Date: 2026-01-23T23:43:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-ofce-sciences-po-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb6d4f95-a51b-4450-8333-e55f3df6bdfe.png
Threat Actors: X-VDP-X
Victim Country: France
Victim Industry: Research Industry
Victim Organization: ofce sciences po
Victim Site: ofce.sciences-po.fr
X-CD Technologies falls victim to Kill Security Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data and they intend to publish it within 8-9 days.
Date: 2026-01-23T22:57:53Z
Network: tor
Published URL: http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/?view=341f1da5db93
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77da7074-03bd-49b8-94ca-5cc50d1481b1.png
https://d34iuop8pidsy8.cloudfront.net/635fb33d-0926-4964-ab9a-62f55286fb25.png
Threat Actors: Kill Security
Victim Country: USA
Victim Industry: Software Development
Victim Organization: x-cd technologies
Victim Site: x-cd.com
Excelas, LLC falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T22:31:39Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/excelas1-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21a7e8ab-a476-41c8-b755-55de1c5dd1e4.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: excelas, llc
Victim Site: excelas1.com
Clearway Group of Companies falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T22:27:33Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/clearwaygroup-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a2e0d61-eb4c-4b07-9045-5d544c6b06e4.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: clearway group of companies
Victim Site: clearwaygroup.com
Alleged data breach of T‑Mobile Germany
Category: Data Breach
Content: A threat actor claims to be sharing a credential combination list allegedly associated with T-Mobile Germany. the dataset contains approximately 72,000 credential pairs.
Date: 2026-01-23T22:16:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-72K-T-Mobile-Germany-HQ-Combolist-txt
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1d708d19-dc91-4a71-99d5-6672b1641b9b.png
Threat Actors: berkbbsc
Victim Country: Germany
Victim Industry: Network & Telecommunications
Victim Organization: t‑mobile germany
Victim Site: telekom.de
Wild Ridge Lawn & Landscape falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T22:11:15Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/wildridgelandscape-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c00f8fa-0aac-431f-8c0e-11e78e298691.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Facilities Services
Victim Organization: wild ridge lawn & landscape
Victim Site: wildridgelandscape.com
INSPYR Solutions falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:55:38Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/inspyrsolutions-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3e2c107-1082-4c57-8f3a-bd4a59a22027.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: inspyr solutions
Victim Site: inspyrsolutions.com
4D IT Solutions, Inc. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:51:33Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/4ditsolutions-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3b565fe-38c9-427b-9302-5ea0a97cd742.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: 4d it solutions, inc.
Victim Site: 4ditsolutions.com
Modular Technologies Inc falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:51:12Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/modtech-ca
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3451a7ba-060c-4953-a022-1822726a64fc.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Computer Networking
Victim Organization: modular technologies inc
Victim Site: modtech.ca
RLC Transportes falls victim to SAFEPAY ransomware
Category: Ransomware
Content: The group claims to have obtained organisations data and intends to publish them within 2-3 days.
Date: 2026-01-23T21:47:36Z
Network: tor
Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/rlces/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b3ebd601-4ef5-462a-8f31-3013b57f0696.jpg
Threat Actors: SAFEPAY
Victim Country: Spain
Victim Industry: Transportation & Logistics
Victim Organization: rlc transportes
Victim Site: rlc.es
RESTART falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:40:22Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/rstrt-it
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/14f5fab9-81ad-4afd-aa90-a9aff296c621.png
Threat Actors: CL0P
Victim Country: Italy
Victim Industry: Network & Telecommunications
Victim Organization: restart
Victim Site: rstrt.it
VISTA Training, Inc. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:29:43Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/vista-training-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f4d587e-cbbb-41dc-ae75-190148b4b71f.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Mining/Metals
Victim Organization: vista training, inc.
Victim Site: vista-training.com
Alleged data breach of Koryukivkavodokanal
Category: Data Breach
Content: The group claims to have leaked database files allegedly obtained from Koryukivkavodokanal exposing both public-facing and internal system data. The disclosed files reportedly include citizen and user records, staff and employee lists, contact and email queries, authentication and authorization logs, organizational access controls, dispatch and service records, geographic data such as cities, streets, homes, and rooms, as well as content management assets, media files, and integrations with messaging platforms
Date: 2026-01-23T21:26:53Z
Network: telegram
Published URL: https://t.me/perunswaroga/1059
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d4b0dfe-97b6-491c-a6ae-5ff6563fd1a5.jpg
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Energy & Utilities
Victim Organization: koryukivkavodokanal
Victim Site: kor-voda.its.org.ua
Alseth Brothers Ltd falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:20:36Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/br-alseth-no
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/87b73aa7-0b0f-4817-8f13-d178e35161dc.png
Threat Actors: CL0P
Victim Country: Norway
Victim Industry: Building and construction
Victim Organization: alseth brothers ltd
Victim Site: br-alseth.no
WFR Wholesale Fire & Rescue Ltd. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-23T21:08:36Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/wfrfire-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4169440-ccbf-47a0-8bae-d246568dd10f.png
Threat Actors: CL0P
Victim Country: Canada
Victim Industry: Wholesale
Victim Organization: wfr wholesale fire & rescue ltd.
Victim Site: wfrfire.com
Alleged data breach of Pension Fund of the Russian Federation (PFR)
Category: Data Breach
Content: A threat actor claims to be sharing a large database allegedly associated with the Pension Fund of the Russian Federation (PFR).The dataset reportedly contains over 100 million records.The exposed data fields in the visible content, the scale of the dataset suggests the potential exposure of sensitive personal and pension-related information belonging to Russian citizens.
Date: 2026-01-23T20:54:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Russia-Pension-Fund-of-the-Russian-Federation-PFR-100M–185360
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/759f899c-b964-4ec7-9b16-722a5ba7d4a7.png
https://d34iuop8pidsy8.cloudfront.net/1e7776a1-c995-43e8-9abe-a5c5d625145b.png
Threat Actors: hexvior
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: pension fund of the russian federation (pfr)
Victim Site: pfr.gov.ru
Supriya Aesthetic Dermatology falls victim to NightSpire Ransomware
Category: Ransomware
Content: The group claims to have obtained 300 GB of the organizations data and they intend to publish it within 1-2 days.
Date: 2026-01-23T20:34:25Z
Network: tor
Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/598642a4-4aff-4cea-86bd-167522878207.png
Threat Actors: NightSpire
Victim Country: USA
Victim Industry: Medical Practice
Victim Organization: supriya aesthetic dermatology
Victim Site: supriyamd.com
Alleged data sale of Affirm
Category: Data Breach
Content: Threat actor claims to be selling leaked users data from Affirm, USA. The compromised data reportedly contains 26,702,116 records including full name, phone, identifier, street, city, state, zip.
Date: 2026-01-23T20:23:24Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274420/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/957b3bd1-2fc6-4eb9-bd0b-55b41f44c0e1.png
Threat Actors: renn
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: affirm
Victim Site: affirm.com
Alleged sale of unauthorized access to unidentified WordPress shop
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified WordPress Autos parts store from USA.
Date: 2026-01-23T20:20:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274423/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44756493-1232-421a-8745-342292dfa6c2.png
Threat Actors: Shopify
Victim Country: USA
Victim Industry: Automotive
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Login Credentials from Al-Turath University in Iraq
Category: Data Breach
Content: Threat Actor claims to have leaked the login credentials of Al-Turath University in Iraq.
Date: 2026-01-23T20:13:27Z
Network: telegram
Published URL: https://t.me/c/2451084701/502042
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a872feec-abd7-4979-b0bd-0d6b160968db.png
Threat Actors: Buscador
Victim Country: Iraq
Victim Industry: Education
Victim Organization: al-turath university
Victim Site: uoturath.edu.iq
Alleged data breach of Bank Syariah Indonesia (BSI)
Category: Data Breach
Content: A threat actor claims to have leaked a customer database belonging to Bank Syariah Indonesia (BSI). the dataset allegedly contains information related to approximately 25 million records. exposed data originates from BSI’s customer database and includes a wide range of personal, contact, and employment-related information.
Date: 2026-01-23T20:07:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DATA-BASE-NASABAH-BANK-BSI-25-MILLIOND
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/feb18540-75d4-43bf-896b-979098f42563.png
https://d34iuop8pidsy8.cloudfront.net/622aeebe-5237-4467-983d-b8d3a4417830.png
Threat Actors: Djarot
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: bank syariah indonesia (bsi)
Victim Site: bankbsi.co.id
Alleged Data Leak of Login Credentials from Saudi National Portal
Category: Data Breach
Content: Threat Actor claims to have leaked the login credentials of Saudi National Portal in Saudi Arabia.
Date: 2026-01-23T20:04:43Z
Network: telegram
Published URL: https://t.me/c/2451084701/501111
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f4f8ffb-5cd8-4cd0-b322-f5ae7017aede.png
Threat Actors: Buscador
Victim Country: Saudi Arabia
Victim Industry: Government Administration
Victim Organization: saudi national portal
Victim Site: gov.sa
KPMG falls victim to Nova Ransomware
Category: Ransomware
Content: The Group claims to have obtained 500 GB of organizations data, which they intend to publish within 9-10 days.
Date: 2026-01-23T19:45:54Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3672a89e-f550-4aa7-a612-6389b163a7ae.png
Threat Actors: Nova
Victim Country: Netherlands
Victim Industry: Professional Services
Victim Organization: kpmg
Victim Site: kpmg.com
Alleged sale of unauthorized access to unidentified Government website from Indonesia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain user access to unidentified government website from Indonesia.
Date: 2026-01-23T19:44:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274419/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f30d09d-f850-40bf-8e90-08c204be10f1.png
Threat Actors: Big-Bro
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Y.C.C. PARTS MFG. CO., LTD. falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-23T19:20:23Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=7e7283e0-1e53-3a8c-858e-4187b35e8721
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/98f510c6-46c4-4a61-814d-5f2d3986777b.png
Threat Actors: Qilin
Victim Country: Taiwan
Victim Industry: Automotive
Victim Organization: y.c.c. parts mfg. co., ltd.
Victim Site: yccco.com.tw
Alleged leak of login credentials for the official website of UAE Government
Category: Data Breach
Content: The group claims to have leaked login credentials of official website for UAE Govenment
Date: 2026-01-23T19:13:26Z
Network: telegram
Published URL: https://t.me/c/2451084701/501150
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e52786bc-fa2f-443c-ad31-01ce0053a1c5.jpg
Threat Actors: Buscador
Victim Country: UAE
Victim Industry: Government Administration
Victim Organization: uae government
Victim Site: gov.ae
Source Production & Equipment Company, Inc. [SPEC] falls victim to BravoX Ransomware
Category: Ransomware
Content: The group claims to have obtained 444.7 GB of the organizations data.
Date: 2026-01-23T18:55:09Z
Network: tor
Published URL: http://bravoxxtrmqeeevhl7gdh2yzvlrjxajr66d33c7ozosrccx4cz7cepad.onion/blog/a89714cd-67b8-4d53-9a1a-0bf0f33f7252
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/45929ed6-6fb7-4453-9adc-c39a7240660f.png
https://d34iuop8pidsy8.cloudfront.net/9dd2bc79-522c-40d0-8731-febeb9001dd5.png
https://d34iuop8pidsy8.cloudfront.net/345a3769-e332-4313-a9ab-c519619d0dee.png
https://d34iuop8pidsy8.cloudfront.net/333abfda-b13c-4625-8e7c-8205371b5d53.png
https://d34iuop8pidsy8.cloudfront.net/7eaa6b96-e918-4570-bfed-26e39dd03ecf.png
Threat Actors: BravoX
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: source production & equipment company, inc. [spec]
Victim Site: spec150.com
Alleged leak of login credentials of One Health
Category: Data Breach
Content: The group claims to have leaked the login credentials for One Health.
Date: 2026-01-23T18:53:48Z
Network: telegram
Published URL: https://t.me/c/2451084701/501090
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d75fa61c-7d69-4b7e-a3bc-41c2fada5093.jpg
Threat Actors: Buscador
Victim Country: UAE
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: one health
Victim Site: onehealth.ae
Alleged data leak of ABB–EGO Vehicle Tracking Database
Category: Data Breach
Content: A threat actor claims to have leaked data related to government-operated vehicles in Ankara, specifically associated with EGO buses and ABB vehicles. the leaked dataset allegedly contains information on approximately 2,255 vehicles.
Date: 2026-01-23T18:34:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Ankara-Goverment-Vehicles-Ego-Abb-Got-Leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3eda530b-b876-49cd-bcda-fa6c0304d7c0.png
Threat Actors: eggeayy
Victim Country: Turkey
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Hood River Dental falls victim to BravoX
Category: Ransomware
Content: The group claims to have obtained 187.2 GB of the organizations data.NB: The organization previously fell victim to SAFEPAY Ransomware on Dec 15 2025
Date: 2026-01-23T17:58:54Z
Network: tor
Published URL: http://bravoxxtrmqeeevhl7gdh2yzvlrjxajr66d33c7ozosrccx4cz7cepad.onion/blog/9c1af193-1beb-4adf-89a4-f7333183362a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/37aabe2f-3ea2-4620-a06f-4f17422f3c81.png
https://d34iuop8pidsy8.cloudfront.net/dde183b1-ba8d-4486-b264-2322b078ae29.png
https://d34iuop8pidsy8.cloudfront.net/0fa53194-cc91-4ccb-ba90-09c8f01a3811.png
https://d34iuop8pidsy8.cloudfront.net/2ef0ca43-072f-4f2c-9025-7d672802d410.png
https://d34iuop8pidsy8.cloudfront.net/afe07e39-4289-402d-992a-19c4392db4c6.png
Threat Actors: BravoX
Victim Country: USA
Victim Industry: Medical Practice
Victim Organization: hood river dental
Victim Site: hoodriverdentist.com
Alleged sale of unauthorized access to unidentified IT company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin panel access to an unidentified, one of the top cybersecurity and data protection company.
Date: 2026-01-23T17:48:51Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274406/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ba7ac1ef-6880-422d-b02e-e09966b30be9.png
Threat Actors: remote desktop
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified shop from New Zealand
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin panel access to an unidentified self written online shop from New Zealand.
Date: 2026-01-23T17:43:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274411/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fbf149d3-0969-46d1-a72f-dac2cc68259c.png
Threat Actors: CMPunk
Victim Country: New Zealand
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Warren County Sheriffs Office falls victim to RansomHouse Ransomware
Category: Ransomware
Content: The group claims to have obtained 743 GB of data of the organization’s data.
Date: 2026-01-23T17:36:44Z
Network: tor
Published URL: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/e4cd804a5963de2c03181a81de621e9668e74b72
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a27b48e4-f894-4741-b32f-bc78416d976e.png
Threat Actors: RansomHouse
Victim Country: USA
Victim Industry: Law Enforcement
Victim Organization: warren county sheriffs office
Victim Site: warrencountykysheriff.com
Alleged data breach of Central digital infrastructure for the General Secretariat of the Government of Senegal
Category: Data Breach
Content: The group claims to have breached the systems of Central digital infrastructure for the General Secretariat of the Government of Senegal involving multiple subdomains including Conference portal, internal service, and communication with government internal departments, E-Carrière portal, MIRADOR human resources management system, electronic system for evaluating and tracking administrative cases/issues, Management Information System or Resource Management, Mobility and Transfer Management Platform within the Public Service, Statistics/Data Management Dashboard for the Fisheries and Ports Department, SAMA Carte FPT.
Date: 2026-01-23T17:30:56Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d56df6de-d9ac-4a2b-a594-212c1ed60e8c.jpg
https://d34iuop8pidsy8.cloudfront.net/78c482c0-7331-461d-aeac-d2d8b7500ad9.jpg
https://d34iuop8pidsy8.cloudfront.net/86834be1-5749-487a-9783-380378f200e3.jpg
Threat Actors: DARK 07x
Victim Country: Senegal
Victim Industry: Government Administration
Victim Organization: general secretariat of the government of senegal
Victim Site: e-carriere.sec.gouv.sn
Alleged sale of unauthorized access to an unidentified website
Category: Initial Access
Content: Threat actor claims to be selling unauthorized full permissions shell access to an unidentified Joomla-powered website.
Date: 2026-01-23T17:30:25Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274405/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9106d0d-fed0-48e9-b882-9fa82074a5f3.png
Threat Actors: Zimmer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
TREC GROUP, INC falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
Date: 2026-01-23T17:20:37Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=WtNuCuaGufvLlp
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e68e677-9efc-49aa-bfd6-e1de731835e8.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Network & Telecommunications
Victim Organization: trec group, inc
Victim Site: trecgroup.com
Alleged leak of login credentials of NXP Technologies LLC
Category: Data Breach
Content: The group claims to have leaked login credentials of NXP Technologies LLC
Date: 2026-01-23T17:15:29Z
Network: telegram
Published URL: https://t.me/c/2451084701/500743
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a235157-0179-4a93-a908-7ed3de347d74.jpg
Threat Actors: Buscador
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: nxp technologies llc
Victim Site: nxptech.ae
Encore Roofing falls victim to PLAY Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
Date: 2026-01-23T17:12:57Z
Network: tor
Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=zs6nm1GKbtBBBL
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e342cfc7-be52-4393-a425-12d1daf4f6b1.png
Threat Actors: PLAY
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: encore roofing
Victim Site: encoreroofing.com
Alleged data leak of French Scamming Platform
Category: Data Breach
Content: The threat actor claims to have leaked internal data from a French scam operation, including structured JSON files detailing scam infrastructure, organizations, orders, victim records, contact information, and operational metadata, allegedly extracted from platforms used to manage and execute fraudulent campaigns.
Date: 2026-01-23T17:05:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-scoring-fit-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6bf09489-37b2-4977-a164-374a5066837b.png
https://d34iuop8pidsy8.cloudfront.net/0842fd85-b3f8-45d1-853b-c18b1c5f0cd7.png
https://d34iuop8pidsy8.cloudfront.net/42e73b88-6247-471d-8679-363fddfd3b12.png
Threat Actors: XxDarkHackerxX-sama
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Parque Industrial Tibitoc
Category: Data Breach
Content: The threat actor claims to have leaked over 300,000 employee records belonging to multiple companies operating within Parque Industrial Tibitoc. The exposed information reportedly includes employee names, identification numbers, authorization and employment dates, access permissions, vehicle details, entry logs, and visitor records, affecting personnel across various tenant organizations within the industrial complex.
Date: 2026-01-23T17:05:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-PARQUE-INDUSTRIAL-TIBITOC-COLOMBIA-300k-RECORDS-EMPLOYEES-LEAK–185312
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/589f914d-4c68-4635-9908-670023d375aa.png
https://d34iuop8pidsy8.cloudfront.net/88d75553-c5c5-435f-9cde-a589bad61832.png
Threat Actors: Ru1_Deid4d
Victim Country: Colombia
Victim Industry: Commercial Real Estate
Victim Organization: parque industrial tibitoc
Victim Site: parqueindustrialtibitoc.com.co
Brotherhood Capung Indonesia targets Multiple Domains of Serial Key Shop
Category: Defacement
Content: The Group claims to have defaced multiple subdomains of AGX Software which include:aichat.serialkey.topbugreport.serialkey.topchatonline.serialkey.topcheckertools.serialkey.topcontentimggen.serialkey.topcourseadmission.chowdhuryvai.topdarkboss1bd.serialkey.topdatascrape.serialkey.topdemoportfolio.serialkey.topdrivebd.serialkey.tophrxuserregistration.serialkey.topidcardgen.serialkey.topimgtovideodownload.serialkey.topimgup.serialkey.topiptv.serialkey.topkeybd.serialkey.top
Date: 2026-01-23T16:57:08Z
Network: telegram
Published URL: https://t.me/c/3054021775/360
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/faa6aafc-bbe5-4667-8758-3cce53ecef2f.png
https://d34iuop8pidsy8.cloudfront.net/c540e29d-5b95-43aa-9561-90859c8a979f.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: serial key shop
Victim Site: aichat.serialkey.top
Alleged Data Breach of Zaporizhzhia State Medical and Pharmaceutical University
Category: Data Breach
Content: Threat actor claims to have breached the database of Zaporizhzhia State Medical and Pharmaceutical University in Ukraine, alleging that internal academic systems were affected. The compromised data includes student records, academic data, and internal documents, as well as information related to internal portals and electronic journal systems.
Date: 2026-01-23T16:54:52Z
Network: telegram
Published URL: https://t.me/itarmy_ru/267
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4caea8c-68ba-445d-a941-91a6e30a2451.png
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Education
Victim Organization: zaporizhzhia state medical and pharmaceutical university
Victim Site: asu.zsmu.zp.ua
Alleged data leak of China’s Housing Provident Fund
Category: Data Breach
Content: The threat actor claims that China’s Housing Provident Fund system ,The compromised data reportedly includes full names, national ID numbers, mobile phone numbers, and employer or company-related information, associated with participants in the housing social benefit program.
Date: 2026-01-23T16:53:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-China-s-Housing-Provident-Fund-%E4%BD%8F%E6%88%BF%E5%85%AC%E7%A7%AF%E9%87%91-2024-25-41M-People
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0d9fc8f6-d343-485d-8d0a-fe53ad1ec979.png
Threat Actors: thelastwhitehat
Victim Country: China
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Goldair Handling falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained 1 TB of organisations data.
Date: 2026-01-23T16:44:24Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6973856f8f1d14b743731770
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81281db1-fdfa-480c-8848-a43d76229811.png
Threat Actors: INC RANSOM
Victim Country: Greece
Victim Industry: Airlines & Aviation
Victim Organization: goldair handling
Victim Site: Unknown
Alleged data breach of Bukovinian State Medical University
Category: Data Breach
Content: The group claims to have breached the database of Bukovinian State Medical University and leaked their student database
Date: 2026-01-23T16:39:07Z
Network: telegram
Published URL: https://t.me/itarmy_ru/267
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa9eafb6-c819-4c9f-b86c-94d3cf9368cb.jpg
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Education
Victim Organization: bukovinian state medical university
Victim Site: bsmu.edu.ua
Alleged Storage Exposure Affecting Codeway “Chat & Ask AI” Users
Category: Alert
Content: Threat actor claims that the “Chat & Ask AI” application by Codeway previously exposed an open Firebase or database, which was reportedly identified using CovertTeam’s Firehound tool. According to the claim, while database access rules and authentication have since been fixed, the associated storage bucket remains publicly accessible, allowing unauthorized access to data related to over 18 million users.
Date: 2026-01-23T16:19:40Z
Network: openweb
Published URL: https://leakbase.la/threads/chat-ask-ai-by-codeway-400m-database-leak.48333/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b613025a-0510-47b0-8cfb-ce9b0442957b.png
Threat Actors: uruskan
Victim Country: Turkey
Victim Industry: Software Development
Victim Organization: codeway
Victim Site: codeway.co
Alleged Leak of a professional identity card from the Republic of Senegals Ministry of Employment, Vocational Training, and Integration
Category: Data Breach
Content: The threat actor claims to have leaked a professional identity card issued by the Republic of Senegal, belonging to Babacar Diouf, a specialized inspector employed by the Ministry of Employment, Vocational Training, and Integration (MEFPAI).
Date: 2026-01-23T16:01:02Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c57a2809-3930-4f04-8878-4e0dd697526d.jpg
Threat Actors: DARK 07x
Victim Country: Senegal
Victim Industry: Government Administration
Victim Organization: ministry of employment, vocational training, and integration (mefpai)
Victim Site: Unknown
JA Riollano Co., Inc. falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 20 GB of the organizations corporate data. The compromised data includes employee personal information, client data, numerous project files, confidential documents, accounting and financial records, and other internal operational files.
Date: 2026-01-23T15:48:17Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce89202a-c8c6-4340-83a9-e64cf3b7dcba.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Business Supplies & Equipment
Victim Organization: ja riollano co., inc.
Victim Site: jariollano.com
M&W Manufacturing falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 20 GB of the organizations corporate data. The compromised data includes employee personal information, medical information, client data, numerous project files, confidential documents, accounting and financial records, and other internal operational files.
Date: 2026-01-23T15:41:08Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f58f0c58-8a68-4032-8f5d-4fab047bdc99.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: m&w manufacturing
Victim Site: mwmfg.comwmfg.co
Alleged data leak of French personal data
Category: Data Breach
Content: The threat actor claims to possess and provide access to aggregated French personal data sourced from more than 90 databases, including full names, phone numbers, email addresses, residential addresses, and related identifying records, retrievable instantly via an automated OSINT bot for lookup and profiling purposes.
Date: 2026-01-23T15:40:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-SentelX-BOT-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b2fa6eb-d09b-426a-bc2a-00d7aadf2576.png
Threat Actors: Yanisxratsu
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Venezuela Armed Forces data
Category: Data Breach
Content: The threat actor claims the dataset contains internal military-related data, potentially including personnel records, internal documents, administrative files, operational or logistical information, and institutional records associated with different branches of the armed forces and the Ministry of Defense.
Date: 2026-01-23T15:31:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-VENEZUELA-ARMED-FORCES-MASSIVE-420GB-23-01-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ae9f8cda-dd97-46ce-86aa-26979bdc509b.png
https://d34iuop8pidsy8.cloudfront.net/20bc49bf-acc0-474d-8614-42f603e965af.png
https://d34iuop8pidsy8.cloudfront.net/d4eff1c3-591d-49e9-b2b2-77f42229a6f2.png
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
IGI Global Scientific Publishing falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 220 GB of organizations corporate data, compromised data includes employee personal information (passports, driver’s licenses, credit card and health data), financial records, contracts and agreements, NDAs, and other confidentiality documents and so on.
Date: 2026-01-23T15:07:26Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a112162-291e-47cd-986f-f6a33997a6f4.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Publishing Industry
Victim Organization: igi global scientific publishing
Victim Site: igi-global.com
HaxChipper targets the website of DigitalForce Ltd.
Category: Defacement
Content: The group claims to have defaced the website of DigitalForce Ltd.
Date: 2026-01-23T14:45:16Z
Network: telegram
Published URL: https://t.me/HaxChipper/103
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b72cf82-cc45-4a3d-b6ec-6f56b7dda5ac.jpg
Threat Actors: HaxChipper
Victim Country: Israel
Victim Industry: Marketing, Advertising & Sales
Victim Organization: digitalforce ltd.
Victim Site: demo.digitalforce.co.il
Alleged data breach of DrTusz
Category: Data Breach
Content: The threat actor claims to have breached 1,528,945 records from DrTusz. The compromised data reportedly includes full names, email addresses, phone numbers, date created, date active, and additional information.
Date: 2026-01-23T14:43:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-PL-DrTusz-pl-Printer-supply-retailer-1-5M-Names-Emails-Phones
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c6119832-b490-4237-8ff1-ef0ebd8a0de7.png
https://d34iuop8pidsy8.cloudfront.net/03bb93dc-3e8a-4c5d-9e90-e69e1f6f1286.png
Threat Actors: Spirigatito
Victim Country: Poland
Victim Industry: Retail Industry
Victim Organization: drtusz
Victim Site: drtusz.pi
Alleged data breach of Ministry of Manpower of the Republic of Indonesia
Category: Data Breach
Content: The threat actor claims to have breached 16,902 rows of data from the organisation, allegedly including NIK, NIP, ACCOUNT, NAME, LOCATION
Date: 2026-01-23T14:36:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-16-902-rows-of-BSU-recipient-data-in-the-Jakarta-area-were-leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f71063b-280f-4874-8825-6116c79cab3f.JPG
https://d34iuop8pidsy8.cloudfront.net/31b0fa40-4977-4580-ba7d-18b162629af1.JPG
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: ministry of manpower of the republic of indonesia
Victim Site: bsu.kemnaker.go.id
BMW Slovak Republic falls victim to INC RANSOM ransomware
Category: Ransomware
Content: The group claims to have obtained 590 GB of organisations data.
Date: 2026-01-23T14:31:58Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69737d968f1d14b74372763f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11580aa0-bd07-42a7-8a4e-81e941873639.JPG
Threat Actors: INC RANSOM
Victim Country: Slovakia
Victim Industry: Automotive
Victim Organization: bmw slovak republic
Victim Site: tob-bmw.sk
Alleged sale of Luxury Shopping and Real Estate leads
Category: Data Breach
Content: The threat actor claims to have selling luxury shopping and real estate leads.
Date: 2026-01-23T14:12:44Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274398/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2561ad04-904f-4b04-bb9d-5dbbabe7c27e.png
Threat Actors: phase1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Aschwanden & Partner AG falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 37 GB of organizations corporate data, compromised data includes Employee personal information, financials, payment details, detailed information about projects and other data.
Date: 2026-01-23T13:32:54Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6007597c-9973-4e62-9324-9a0a86b4af34.png
Threat Actors: akira
Victim Country: Switzerland
Victim Industry: Building and construction
Victim Organization: aschwanden & partner ag
Victim Site: aschwanden-partner.ch
Alleged data leak of Health & Wellness product funnels
Category: Data Breach
Content: The threat actor claims to have leaked 511,000 records from U.S.-based health and wellness product funnels. The compromised data reportedly includes date, email address, phone number, city, and additional information.
Date: 2026-01-23T13:28:19Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274393/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84d27b76-f258-4012-8522-8ace7137a3a4.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Health & Fitness
Victim Organization: Unknown
Victim Site: Unknown
Alleged Release of McDonalds 2026 Account Checker Tool
Category: Malware
Content: The threat actor claims to have developed a high-performance account checker tool specifically for the McDonalds mobile application. They assert that the software was built using reverse engineering of version 8.7.2 of the French iOS app to bypass security measures like Cloudflare and rate limits. The actor alleges the tool can capture specific account details, such as customer IDs and loyalty points, at a rate of 450 checks per minute using asynchronous Python. By sharing technical endpoints and a sample JSON response, the developer aims to prove the tools effectiveness in automating unauthorized access to user accounts.
Date: 2026-01-23T13:22:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-LEAKED-MCDONALD-S-CHECKER
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2402bc42-8072-489e-aa33-740763dbe0b8.jpg
Threat Actors: Zyad2drkwb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Газоны России
Category: Data Breach
Content: The threat actor claims to have successfully compromised the database of the Russian landscaping platform Газоны России. They assert that the stolen dataset contains approximately 27,000 records updated through the year 2025. The shared sample reveals highly sensitive personally identifiable information (PII), including customer names, phone numbers, email addresses, and specific residential locations.
Date: 2026-01-23T13:20:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-gazon-trava-ru-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4713d563-dc03-4c22-b982-73ac9261a49a.jpg
Threat Actors: Listofad
Victim Country: Russia
Victim Industry: Agriculture & Farming
Victim Organization: газоны россии
Victim Site: gazon-trava.ru
OAB SP falls victim to INC RANSOM ransomware
Category: Ransomware
Content: The group claims to have obtained the organisations data.
Date: 2026-01-23T12:59:58Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/697066778f1d14b7433e2170
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e639c767-3fba-4b50-9dde-19aa50eb1415.JPG
Threat Actors: INC RANSOM
Victim Country: Brazil
Victim Industry: Civic & Social Organization
Victim Organization: oab sp
Victim Site: oabsp.org.br
Alleged unauthorized access to the control system of a power plant in the Czech Republic
Category: Initial Access
Content: The group claims to have gained unauthorized access to the control system of a power plant located in the Czech Republic.
Date: 2026-01-23T12:41:16Z
Network: telegram
Published URL: https://t.me/zpentestalliance/993
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/52327d33-a830-40f8-8c9f-2c259788af6c.png
https://d34iuop8pidsy8.cloudfront.net/a682af2f-7492-4fc8-a864-2f0f27c5464e.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Orthopaedic Specialists of Massachusetts falls victim to BEAST Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data and intend to publish within 8 – 9 days.NB: The organization had previously fallen victim to Qilin ransomware on January 17, 2025.
Date: 2026-01-23T12:23:03Z
Network: tor
Published URL: http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/orthopaedic_specialists_of_massachusetts
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40c63f02-09e5-4329-ad76-fc9170d968f7.png
Threat Actors: BEAST
Victim Country: USA
Victim Industry: Medical Practice
Victim Organization: orthopaedic specialists of massachusetts
Victim Site: orthomass.com
BROTHERHOOD CAPUNG INDONESIA targets the website of JRL PROFESSIONAL
Category: Defacement
Content: The group claims to have defaced the website of JRL PROFESSIONAL
Date: 2026-01-23T11:10:30Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01092a80-dafd-4292-8d9b-ddceae09badb.JPG
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Manufacturing
Victim Organization: jrl professional
Victim Site: jrl.co.il
InDoM1nuS Team targets the website of Artesao do Sorriso
Category: Defacement
Content: The group claims to have defaced the website of Artesao do Sorriso.
Date: 2026-01-23T11:04:21Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m /61
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a083d70d-bce4-488a-aec4-042f6d379737.png
Threat Actors: InDoM1nuS Team
Victim Country: Brazil
Victim Industry: Education
Victim Organization: artesao do sorriso
Victim Site: artesadosorriso.com
BROTHERHOOD CAPUNG INDONESIA targets the website of Verelo
Category: Defacement
Content: Group claims to have defaced the website of Verelo.
Date: 2026-01-23T10:51:48Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f321cbd-23fb-46f6-b46d-a06ddb436ce7.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Fashion & Apparel
Victim Organization: verelo
Victim Site: verelo.co.il
BROTHERHOOD CAPUNG INDONESIA targets the website of Donna
Category: Defacement
Content: Group claims to have defaced the website of Donna.
Date: 2026-01-23T10:47:22Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/035bfe21-c3d4-4f81-9242-95681a53f250.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Cosmetics
Victim Organization: donna
Victim Site: donna-beauty.com
BROTHERHOOD CAPUNG INDONESIA targets the website of lion-tools.co.il
Category: Defacement
Content: The group claims to have defaced the website of lion-tools.co.il
Date: 2026-01-23T10:43:19Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad65102b-247b-40a4-860d-32bd0ce450c2.JPG
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lion-tools.co.il
BROTHERHOOD CAPUNG INDONESIA targets the website of jtl.co.il
Category: Defacement
Content: The group claims to have defaced the website of jtl.co.il
Date: 2026-01-23T10:38:19Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2eabc1f8-0e15-4cda-8d70-303235d4d22d.JPG
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jtl.co.il
BROTHERHOOD CAPUNG INDONESIA targets the website of Vinusa
Category: Defacement
Content: Group claims to have defaced the website of Vinusa.
Date: 2026-01-23T10:30:04Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/58fdca03-e8c8-4abf-85e4-a7eb9d7b0a12.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: vinusa
Victim Site: vinusa.co.il
CinCauGhast targets the website of ALFALAH REALTY LLP
Category: Defacement
Content: The group claims to have defaced the website of ALFALAH REALTY LLP
Date: 2026-01-23T10:28:52Z
Network: telegram
Published URL: https://t.me/c/3487552490/284
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90166285-3978-49be-b7ad-21b5c79be02a.png
Threat Actors: CinCauGhast
Victim Country: India
Victim Industry: Real Estate
Victim Organization: alfalah realty llp
Victim Site: alfalahrealty.com
BROTHERHOOD CAPUNG INDONESIA targets the website of nt.max-gym.fit
Category: Defacement
Content: The group claims to have defaced the website of nt.max-gym.fit
Date: 2026-01-23T10:17:09Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1d59000-ac1d-4810-b14a-b31052d63980.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nt.max-gym.fit
BROTHERHOOD CAPUNG INDONESIA targets the website of nitai.run.place
Category: Defacement
Content: The group claims to have defaced the website of nitai.run.place
Date: 2026-01-23T10:13:16Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/71b85db6-39be-4c2b-a767-52921459f5c6.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nitai.run.place
CinCauGhast targets the website of ExploreExperts LLC
Category: Defacement
Content: The group claims to have defaced the website of ExploreExperts LLC.
Date: 2026-01-23T10:09:14Z
Network: telegram
Published URL: https://t.me/c/3487552490/284
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33b3ae42-cdf0-4bbb-bb73-0cc82b84c629.png
Threat Actors: CinCauGhast
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: exploreexperts llc
Victim Site: exploreexpertsny.com
BROTHERHOOD CAPUNG INDONESIA targets the website of School Net
Category: Defacement
Content: Group claims to have defaced the website of School Net.
Date: 2026-01-23T09:52:25Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4708f57b-8c33-4902-a3d5-9122256c23e0.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: Education
Victim Organization: school net
Victim Site: app.scnet.co.il
BROTHERHOOD CAPUNG INDONESIA targets the website of JANAN Boutique
Category: Defacement
Content: Group claims to have defaced the website of JANAN Boutique.
Date: 2026-01-23T09:51:18Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/efeab7dd-a608-4c80-91d9-c2a55aaede13.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: janan boutique
Victim Site: byjanan.co.il
BROTHERHOOD CAPUNG INDONESIA targets the website of BM Nutrition
Category: Defacement
Content: Group claims to have defaced the website of BM Nutrition.
Date: 2026-01-23T09:47:08Z
Network: telegram
Published URL: https://t.me/c/3054021775/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3368f12b-ebe2-41cb-9f5a-708df266c1ee.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: bm nutrition
Victim Site: bmnutrition.co.il
Propane Levac Propane Inc. falls victim to Sarcoma ransomware
Category: Ransomware
Content: The group claims to have obtained 45 GB of the organisations data, allegedly including files. they intend to publish within 6-7 days
Date: 2026-01-23T09:39:22Z
Network: tor
Published URL: http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5516da32-e1b5-418d-be2f-1412668fbefe.JPG
https://d34iuop8pidsy8.cloudfront.net/d87c1959-3ffd-49eb-8fc7-29929d5536b2.JPG
https://d34iuop8pidsy8.cloudfront.net/494f3e1f-9a39-45ee-974d-a36e2523cbeb.JPG
Threat Actors: Sarcoma
Victim Country: Canada
Victim Industry: Oil & Gas
Victim Organization: propane levac propane inc.
Victim Site: propanelevac.ca
Alleged data leak of SoundCloud
Category: Data Breach
Content: Threat actor claims to have leaked 30 million records of Personally Identifiable Information (PII) from SoundCloud.
Date: 2026-01-23T07:38:42Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/baed0be4-b4db-400f-8238-87a62cdb80e6.png
Threat Actors: ShinyHunters
Victim Country: Germany
Victim Industry: Entertainment & Movie Production
Victim Organization: soundcloud
Victim Site: soundcloud.com
Alleged data leak of Crunchbase
Category: Data Breach
Content: Threat actor claims to have leaked 2 million records containing Personally Identifiable Information (PII) from Crunchbase.
Date: 2026-01-23T07:35:05Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6c852832-de2f-48cd-9439-6631c7c0fce7.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Software Development
Victim Organization: crunchbase
Victim Site: crunchbase.com
Alleged data leak of Betterment
Category: Data Breach
Content: Threat actor claims to have leaked 20 million records of Personally Identifiable Information (PII) from Betterment.
Date: 2026-01-23T07:28:20Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91525f0d-0120-4fff-8353-c1978ecb1b55.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: betterment
Victim Site: betterment.com
Alleged Leak of E‑Commerce Delivery Address Data from china
Category: Data Breach
Content: The threat actor claims to be leaked E‑commerce delivery address data from china. The compromised data reportedly contain 14.2 million records includes customer names, phone numbers, and full delivery addresses
Date: 2026-01-23T06:00:47Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-China-Shopping-Order-Delivery-Address-Leak-Name-phone-Address-14-2M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8506456c-1ef3-43a6-8699-fdb63e356346.png
Threat Actors: hulky
Victim Country: China
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Epitech
Category: Data Breach
Content: The threat actor claims to leaked data from Epitech. The data reportedly includes names, email addresses, and phone numbers
Date: 2026-01-23T05:58:17Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Epitech-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/965e3605-05a4-45af-a85d-d62d721eac30.png
Threat Actors: telaviv
Victim Country: France
Victim Industry: Education
Victim Organization: epitech
Victim Site: epitech.eu
Alleged leak of Chinese Union Pay
Category: Data Breach
Content: The threat actor claims to be leaked Chinese Union Pay. The compromised data reportedly contain 170 million records includes phone numbers, national ID numbers, names, dates of birth, gender, carrier information, and location data containing 170 million records
Date: 2026-01-23T05:53:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-China-Union-Pay-Chinese-Leak-170M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/570db448-c52c-4675-b302-869149e4f86e.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of shell and admin access to unidentified store in Brazil
Category: Initial Access
Content: Threat actor claims to be selling unauthorized shell and admin access to unidentified online store in Brazil.
Date: 2026-01-23T05:49:43Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274240/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7fd5a07a-83d6-4a12-aeab-cc1c0078b80d.png
Threat Actors: Shopify
Victim Country: Brazil
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 1.2 million Email database from France
Category: Data Breach
Content: Threat actor claims to have leaked 1.2million Email database from France.
Date: 2026-01-23T05:47:02Z
Network: openweb
Published URL: https://leakbase.la/threads/1-2-million-france-email-database-2026.48346/#post-269322
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/80db82f0-31b3-401e-b80d-3c6ea0b0c0aa.png
Threat Actors: Pijush507
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
0xteam targets the website of Vacanze in Marocco
Category: Defacement
Content: The group claims to have defaced the website of Vacanze in Marocco
Date: 2026-01-23T05:46:23Z
Network: openweb
Published URL: https://defacer.id/mirror/id/232224
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f720411d-5ff4-4b50-b3d4-4dc720fc4f12.png
Threat Actors: 0xteam
Victim Country: Morocco
Victim Industry: Leisure & Travel
Victim Organization: vacanze in marocco
Victim Site: vacanzeinmarocco.com
Alleged Leak of Chinese Citizens Personal Data
Category: Data Breach
Content: The threat actor claims to be leaked Chinese Citizens Personal Data The compromised data reportedly includes contain 570 million records including hone numbers, national ID numbers, names, dates of birth, gender, carrier information
Date: 2026-01-23T05:22:30Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-China-Chinese-Citizen-Info-Leak-570M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/deb116c0-be06-4c87-a88e-ebec39f476dd.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified store in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online store in USA.
Date: 2026-01-23T05:13:28Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274230/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe03e44e-972d-4dce-913d-eaac5b81c4e6.png
Threat Actors: ed1n1ca
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of phished Binance Brazil user records
Category: Data Breach
Content: Threat actor claims to be selling phishing-derived Binance Brazil dataset containing approximately 31,000 user records. The compromised data reportedly includes names, email addresses, and phone numbers.
Date: 2026-01-23T05:08:49Z
Network: openweb
Published URL: https://leakbase.la/threads/binance-brazil-2026.48349/#post-269299
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78008f13-ef8d-40ca-a4c2-570321a2d1ea.png
Threat Actors: zoozkooz
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to unidentified shop in Ireland
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online shop in Ireland.
Date: 2026-01-23T05:08:04Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274226/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b8623cf-6b31-46f9-9063-27616f3509f5.png
Threat Actors: ed1n1ca
Victim Country: Ireland
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 1000 credit card records from multiple countries
Category: Data Breach
Content: Threat actor claims to be selling 1000 credit card records from USA, UK, Germany, Portugal, Chile, Thailand, and other European countries. The compromised data reportedly contains full name, credit card number, expiry, cvv, address, city, state, zip, country, and email.
Date: 2026-01-23T04:49:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274210/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84f5acac-9a0e-458a-b33b-588270a402bb.png
Threat Actors: daren563
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Personal Data of Chinese Residents in Malaysia
Category: Data Breach
Content: The threat actor claims to be leaked Personal Data of Chinese Residents in Malaysia. The compromised data reportedly contain 7 million records including names, identity numbers, dates of birth, phone numbers, email addresses
Date: 2026-01-23T04:47:19Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Chinese-in-Malaysia-Database-7-Million-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c76940b5-3ea2-4c23-beda-aaeddb9e3d7f.png
Threat Actors: hulky
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Personal Data of Chinese Residents in Canada
Category: Data Breach
Content: The threat actor claims to be leaked Personal Data of Chinese Residents in Canada. The compromised data reportedly contain 115,000 records including names, phone numbers, and full residential addresses
Date: 2026-01-23T04:41:15Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Chinese-in-Canada-Database-115K-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd2a2aec-dc9e-4510-9336-189cbd52831c.png
Threat Actors: hulky
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Personal Data of Chinese Residents in Singapore
Category: Data Breach
Content: The threat actor claims to be leaked Personal Data of Chinese Residents in Singapore. The compromised data reportedly contain 1.14 million records including names, identity numbers, dates of birth, phone numbers, and full residential addresses
Date: 2026-01-23T04:41:10Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Chinese-in-Singapore-Database-1-14-Million-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1b33ef37-c804-4f0c-9bf3-742e36f43185.png
Threat Actors: hulky
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Malaysia Wealthy Citizens Database
Category: Data Breach
Content: The threat actor claims to be selling Malaysia Wealthy Citizens Database. The compromised data reportedly contain 3.3 million records including names, phone numbers, gender, dates of birth, and full residential addresses
Date: 2026-01-23T04:40:03Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Malaysia-Wealthy-Citizens-Database-3-3-Million-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08a59c59-a0d7-40ef-9aff-28a010d93466.png
Threat Actors: hulky
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Hong Kong E‑Commerce Customer Data
Category: Data Breach
Content: The threat actor claims to be leaked Hong Kong E‑Commerce Customer Data. The compromised data reportedly contain 1.2 million records including names, phone numbers, gender, and full residential addresses
Date: 2026-01-23T04:26:29Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-HONG-KONG-ECOMMERCE-SHOPPING-LEAK-1-2M-LINES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2c5f4992-1027-4e2f-a9c0-dca0a615f1ff.png
Threat Actors: hulky
Victim Country: China
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Chinese Citizens Personal Data
Category: Data Breach
Content: The threat actor claims to be leaked Citizens Personal Data. The compromised data reportedly contain 1.2 Billion records including phone numbers and full names
Date: 2026-01-23T04:17:25Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-China-All-Citizens-Database-Phone-Full-Name-1-2-Billion-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a21a83a4-8a64-4999-b6da-78f92c76d20f.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and IMEI number from China
Category: Data Breach
Content: The threat actor claims to have leaked 1.12 billion records containing phone numbers and IMEI numbers from Chin
Date: 2026-01-23T03:43:06Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-China-Phone-IMEI-Leak-Database-1-12-Billion-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ece34d9-c07b-4d0e-a13f-3bce23287e10.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of U‑Travel
Category: Data Breach
Content: The threat actor claims to be leaked data from U‑Travel. The compromised data reportedly contain 953,000 records includes customer names, phone numbers, booking identifiers, pricing details
Date: 2026-01-23T03:40:17Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Hong-Kong-Business-Commute-Car-Rental-Leak-u-travel-hk-953-000
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/564f033f-38af-4b5f-89c9-2cc5cc665d2a.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Leisure & Travel
Victim Organization: u‑travel
Victim Site: u-travel.hk
Alleged data sale of Korean individuals in United States
Category: Data Breach
Content: Threat actor claims to be selling a database containing 455,000 rows of data belonging to Korean individuals residing in the United States.
Date: 2026-01-23T03:35:13Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Korean-in-United-States-USA-Database-455K-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/106fe1f5-ee57-4b0d-ba66-57832ed4fcec.png
Threat Actors: hulky
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of HONG KONG Real Estate data
Category: Data Breach
Content: The threat actor claims to be leaked HONG KONG Real Estate Data. The compromised data reportedly contain 2.1 Million records including name and phone numbers
Date: 2026-01-23T03:34:30Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-HONG-KONG-REAL-ESTATE-LEAK-2-1M-LINES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23ac1d06-ae37-4122-a70f-1162256fb0f6.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of White/legitimate software
Category: Malware
Content: Threat actor claims to be selling AV/EDR-undetected software for corporate bots, described as legitimate or white software. The tool is offered in CMD and EXE formats, and the actor is seeking partnerships or collaboration via Tox.
Date: 2026-01-23T03:30:28Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274370/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ff61756-ee1c-4220-a87b-29bf66b4b3b4.png
Threat Actors: USER2DA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Cryptocurrency Credential and Lead Database
Category: Data Breach
Content: The threat actor claims to be leaked cryptocurrency credential and lead database. The compromised data reportedly contain 21.2 million cryptocurrency related records, including email‑password combinations and email, phone marketing leads associated with multiple crypto platforms
Date: 2026-01-23T03:18:13Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-Crypto-Currency-Database-Leak-Bundle-Pack-21-2-Million-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5239c781-c953-4dec-a8e0-4fab4ec20081.png
Threat Actors: hulky
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of CHINESE APPLE IPHONE IOS users
Category: Data Breach
Content: The threat actor claims to be leaked a dataset containing 62M records of CHINESE APPLE IPHONE IOS USERS. The leaked information reportedly includes name, phone, birthday and sex.
Date: 2026-01-23T03:17:25Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-CHINA-CHINESE-APPLE-IPHONE-IOS-USERS-LEAK-62M-LINES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97b8a0ef-109a-4e44-96d0-6cdd36300136.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Taiwan Health and Life Insurance Data
Category: Data Breach
Content: The threat actor claims to be leaked Taiwan Health and Life Insurance Data. The compromised data reportedly contain 2.9 million health, medical, and life insurance related records
Date: 2026-01-23T03:16:41Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Taiwan-Health-Medical-Life-Insurance-Database-2-9-Million-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2561354d-7aa3-4df0-a153-f8283af5b99b.png
Threat Actors: hulky
Victim Country: Taiwan
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown
Alleged Exposure of China Shopping Delivery Address Database
Category: Data Breach
Content: The threat actor claims to be leaked China Shopping Delivery Address Database. The compromised data reportedly contain 810 million Chinese shopping and delivery address records
Date: 2026-01-23T03:09:48Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-China-Shopping-Delivery-Address-Database-810-Million-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66f4e9cc-4720-45db-b99a-bcc8e6ba26d2.png
Threat Actors: hulky
Victim Country: China
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Japanese Individuals in United States
Category: Data Breach
Content: Threat actor claims to be selling a database containing 513K rows of data belonging to Japanese individuals residing in the United States.
Date: 2026-01-23T03:09:21Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Japanese-in-United-States-USA-Database-513K-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d08a20c0-eab6-4fde-9008-1b58faa70576.png
Threat Actors: hulky
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Chinese Individuals in United States
Category: Data Breach
Content: Threat actor claims to be selling a database containing 869K rows of data belonging to Chinese individuals residing in the United States.
Date: 2026-01-23T03:08:17Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Chinese-in-United-States-USA-Database-869K-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d5dd579b-1af0-45dc-9bed-4d0ee615d342.png
Threat Actors: hulky
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Data from an Unidentified Chinese Gas Company
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly sourced from an unidentified Chinese gas company, containing 16 million unique customer records. The dataset reportedly includes names, mobile numbers, identification details, addresses, service-related codes, city, carrier data, and birth dates
Date: 2026-01-23T03:05:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-China-Gas-Company-Database-16-Million-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/82f7f9c0-6caf-483f-ad10-5c125b5985fa.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Oil & Gas
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of an unidentified Chinese travel agency
Category: Data Breach
Content: Threat actor claims to be selling 5.9M data from unidentified Chinese travel agency.
Date: 2026-01-23T03:03:59Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-CHINA-CHINESE-TRAVEL-AGENCY-LEAK-5-9M-LINES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e031751b-3cea-45b1-b0dc-3eaf58408f80.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Leisure & Travel
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin and shell access to unidentified store in Israel
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Israel.
Date: 2026-01-23T03:03:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274371/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34e4f74d-35e3-40e9-8adb-3559911d0fa8.png
Threat Actors: Shopify
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Shanghai Real Estate Information System Data
Category: Data Breach
Content: The threat actor claims to be leaked Shanghai Real Estate Information System Data. The compromised data reportedly contain 8.4 Million records including addresses, personal names, phone numbers
Date: 2026-01-23T03:02:21Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-China-Shanghai-Real-Estate-Information-Inquiry-System-8-4-Million-Lines-2025-11
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42467746-f39e-46c9-9443-3956c446f141.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Adastria Co., Ltd. Database
Category: Data Breach
Content: The threat actor claims to be selling a database from Adastria Co., Ltd., containing approximately 238,000 unique records. The exposed dataset reportedly includes transaction IDs, order details, customer names, phone numbers, membership levels, delivery information, product descriptions, quantities, and pricing data.
Date: 2026-01-23T02:58:31Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Hong-Kong-Clothes-Shopping-dot-st-hk-Database-238K-unqiue-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5641e8b-c097-4386-bf54-4611bd89384c.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Fashion & Apparel
Victim Organization: adastria co., ltd
Victim Site: dot‑st.hk
Alleged data sale of Vietnamese in United States
Category: Data Breach
Content: Threat actor claims to be selling a database containing 753,000 rows of data belonging to Vietnamese individuals residing in the United States.
Date: 2026-01-23T02:51:46Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-Vietnamese-in-United-States-USA-Database-753K-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5783ee76-ac62-4037-92e6-018b020f2315.png
Threat Actors: hulky
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin and shell access to unidentified store in Israel
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Israel.
Date: 2026-01-23T02:44:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274372/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/adbd4528-1931-4856-b898-7552439ccb7a.png
Threat Actors: Shopify
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of China Provident Fund and Social Security Database
Category: Data Breach
Content: The threat actor claims to be selling a large dataset allegedly taken from China’s Provident Fund and Social Security systems. The data reportedly contains 88 million unique records, including names, national ID numbers, phone numbers, employment information, gender, birth details, and regional identifiers.
Date: 2026-01-23T02:39:22Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Selling-China-Provident-Fund-Social-Security-Database-88-Million-unique-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c61c4f64-ea0b-49e9-b000-446165e6045b.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hong Kong SAR Resident Travel Permit Data
Category: Data Breach
Content: The threat actor claims to be selling a dataset containing 778,000 records of Hong Kong SAR residents’ travel permit information. The leaked data reportedly includes names, phone numbers, gender, travel permit identifiers, residential addresses, birthdates.
Date: 2026-01-23T02:35:07Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Hong-Kong-SAR-Residents-Travel-Permit-Leak-Name-Phone-Travel-Permit-778k-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6b17610-52a8-473e-917f-b35fad39c91d.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin and shell access to unidentified store in Israel
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Israel.
Date: 2026-01-23T02:31:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274368/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9116057-ae65-468e-bf58-cdc61913b6ce.png
Threat Actors: Shopify
Victim Country: Israel
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Vietnam Homeowners’ Personal Data
Category: Data Breach
Content: The threat actor claims to be selling a dataset containing 1.9 million records of Vietnam homeowners. The leaked information reportedly includes names, phone numbers, dates of birth, gender, national ID numbers, and full residential addresses.
Date: 2026-01-23T02:28:45Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Vietnam-Home-Owners-Leak-Name-Phone-DOB-Gender-Address-1-9M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f3ea908-e2f6-41b5-a4ad-9eb393bf25b8.png
Threat Actors: hulky
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of 6.3 Million Global Cryptocurrency User Records
Category: Data Breach
Content: The threat actor claims to be selling a dataset containing 6.3 million cryptocurrency-related user records from multiple countries. The leaked information reportedly includes names, email addresses, phone numbers, and country.
Date: 2026-01-23T02:24:22Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Mix-Countries-Crypto-Leak-Name-Email-Phone-Country-6-3M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b05541d3-78b1-4bb7-976b-da445350024c.png
Threat Actors: hulky
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Cyber Fattah Team claims to target Multiple Organizations in Iran
Category: Alert
Content: The Group claims to be planning expanded attacks against politically affiliated targets in Iran, including sedayemelli.com, sedayekar.com, kargaran.org, Iranian Liberals, liberaliran.org, iran-democracy.org, Iran Democratic
Date: 2026-01-23T02:24:01Z
Network: telegram
Published URL: https://t.me/fattah_iriii/1133
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d22bbab5-19d9-4617-85e2-fb23e7018850.png
https://d34iuop8pidsy8.cloudfront.net/4ba54b88-039d-41cc-9088-eb3f84ba6506.png
Threat Actors: Cyber Fattah Team
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Uinta Bank falls victim to DragonForce Ransomware
Category: Ransomware
Content: The group claims to have obtained 192.33 GB of organizations data.
Date: 2026-01-23T01:39:03Z
Network: tor
Published URL: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2dd94289-a7b8-49fb-9dde-f4a13cc1d9a2.png
https://d34iuop8pidsy8.cloudfront.net/7143878a-a449-45db-ba42-3b2e39287c71.png
Threat Actors: DragonForce
Victim Country: USA
Victim Industry: Banking & Mortgage
Victim Organization: uinta bank
Victim Site: uintabank.com
West Cary Group falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 275 GB of organizations data. The compromised data includes confidential, customers data and financial data. They intend to publish it within 12 – 13 days.
Date: 2026-01-23T01:21:01Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/697128526387a4c9a292ba9b
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/09bbb7cf-c9a9-43a8-af97-5f22f72f14a5.png
https://d34iuop8pidsy8.cloudfront.net/1de9aa74-102d-40d3-97da-b83222f81b6f.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: west cary group
Victim Site: westcarygroup.com
Alleged data breach of Institut Pertanian Bogor
Category: Data Breach
Content: The threat actor claims to be leaked data from Institut Pertanian Bogor. The compromised data reportedly includes student IDs, national identity numbers (NIK), names, contact details, parental information, and residential addresses
Date: 2026-01-23T00:59:59Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%F0%9D%97%9C%F0%9D%97%A3%F0%9D%97%95-%F0%9D%97%A8%F0%9D%97%A1%F0%9D%97%9C%F0%9D%97%A9%F0%9D%97%98%F0%9D%97%A5%F0%9D%97%A6%F0%9D%97%9C%F0%9D%97%A7%F0%9D%97%AC-%F0%9D%97%A6%F0%9D%97%A7%F0%9D%97%A8%F0%9D%97%97%F0%9D%97%98%F0%9D%97%A1%F0%9D%97%A7-%F0%9D%97%97%F0%9D%97%94%F0%9D%97%A7%F0%9D%97%94%F0%9D%97%95%F0%9D%97%94%F0%9D%97%A6%F0%9D%97%98-%F0%9D%97%9C%F0%9D%97%A1%F0%9D%97%97%F0%9D%97%A2%F0%9D%97%A1%F0%9D%97%98%F0%9D%97%A6%F0%9D%97%9C%F0%9D%97%94
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5feefb50-71bb-4674-8284-617665b7a189.png
Threat Actors: sawakocannn
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: institut pertanian bogor
Victim Site: ipb.ac.id
Minors Garden Center falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: Group claims to have obtained the organizations data.
Date: 2026-01-23T00:37:36Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6972ae798f1d14b7436591a8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/16160b72-bd0a-4bae-b451-670eea6141a1.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: minors garden center
Victim Site: minorsgardencenter.com