Global Cybersecurity Threat Landscape Report: January 25, 2026

Date of Report: January 26, 2026 Data Source: Detected Incidents Draft Data (Sources 1–194)

1. Executive Summary

This report provides an exhaustive analysis of 103 distinct cybersecurity incidents recorded primarily on January 25, 2026. The data reveals a highly volatile global threat landscape characterized by a diverse array of attack vectors, ranging from sophisticated ransomware operations and critical infrastructure compromises to widespread data breaches and hacktivist defacements.

Key Findings:

• Volume & Velocity: The reporting period saw a massive surge in activity, with over 100 incidents logged in a single day.
• Primary Threat Vectors: The most prevalent category is Data Breach, followed significantly by Initial Access sales and Ransomware deployment.
• Geographic Spread: Victims span the globe, with heavy concentrations in the United States, Israel, Indonesia, Brazil, and Europe (specifically the UK, France, and Spain).
• Targeted Sectors: Government administration, defense, education, and critical infrastructure (energy, building management) were frequently targeted alongside private industries like retail, finance, and hospitality.
• Active Threat Actors: Several actors demonstrated high operational tempo, notably bobbyaxelrod99 (bulk data sales), BABAYO EROR SYSTEM (Indonesian data leaks), InDoM1nuS Team (Brazilian defacements), and ransomware groups like Qilin and NightSpire.

This report dissects these incidents by category, region, and actor to provide actionable intelligence on the current threat environment.

---

2. Ransomware Campaigns and Extortion

Ransomware groups continue to be a dominant force, targeting high-value organizations to exfiltrate sensitive data and extort payments. The provided data highlights several active groups utilizing “name and shame” tactics on Tor leak sites.

2.1. Qilin Ransomware Group

The Qilin group remains highly active, targeting diverse industries across Europe.

• Centrotherm International AG (Germany): On Jan 25, 2026, Qilin claimed to have obtained data from this machinery manufacturing firm. The breach of a manufacturing entity implies potential theft of intellectual property or operational blueprints.
• Şemsioğlu Uşak House Tarhana (Turkey): The group targeted the food and beverage sector, claiming possession of the company’s internal data.
• OKIN GROUP (Czech Republic): A business development organization was compromised, with Qilin listing the victim on their leak site. This attack on a business service provider could pose third-party risks to OKIN’s clients.

2.2. NightSpire Ransomware

NightSpire appears to be an aggressive actor, with multiple victims listed in a short window, often specifying the volume of data stolen.

• The Successful Match / MD2B Connect (USA): This education and medical career service was breached. The compromise of a platform connecting medical students suggests the potential exposure of sensitive applicant data.
• Aromate Industries Co., Ltd. (Taiwan): A chemical manufacturing firm lost 200 GB of data. A leak of this size likely includes trade secrets, chemical formulas, or supply chain details.
• Lesk Engineers Limited (UK): This industrial engineering firm saw 40 GB of data exfiltrated.
• KICKSTAGE (Taiwan): A fashion and apparel company was targeted, with 30 GB of data stolen and a threat to publish within 2–3 days.

2.3. Other Ransomware Operations

• ANUBIS Ransomware: This group targeted the legal and hospitality sectors. They claimed to have data from Langley Twigg Law in New Zealand and Vitosha Park Hotel in Bulgaria. Attacks on law firms are particularly critical due to the confidentiality of client-attorney privilege.
• RHYSIDA Ransomware: The group targeted Cytek (USA), a biotechnology firm, claiming to have obtained their data. Attacks on biotech firms often aim to steal proprietary research and patient data.

---

3. Critical Infrastructure and Operational Technology (OT) Attacks

A highly concerning trend in this dataset is the unauthorized access to physical control systems. These incidents move beyond data theft to potential kinetic impacts and safety risks.

3.1. Building and Energy Management Systems

Several incidents involved the “Infrastructure Destruction Squad” and other groups gaining access to management systems in Europe.

• Italy (Smart Building Control): The “Infrastructure Destruction Squad” claimed unauthorized access to a smart building control system responsible for lighting, energy management, and automation. Compromising these systems can lead to physical disruptions or safety hazards for occupants.
• Czech Republic (Energy Management): The same group claimed access to an energy management system controlling solar panels, battery storage, and grid distribution. They alleged the ability to monitor real-time production and grid interaction, posing a risk of grid instability or equipment damage.
• Poland (Building Engineering): The “Z-PENTEST ALLIANCE” claimed full remote control over a building’s power supply and heating systems in Poland. This level of access could allow actors to disable heating in winter or cut power, causing significant operational disruption.
• Ukraine (Energy Control): “QuietSec” claimed access to an energy generation and substation control system in Ivano-Frankivsk. Given the geopolitical context, attacks on Ukrainian energy infrastructure are highly sensitive.

3.2. Surveillance and Monitoring Systems

Unauthorized access to CCTV and monitoring software allows threat actors to conduct reconnaissance and spy on physical locations.

• Israel (CCTV): The group “MORNING STAR” claimed access to multiple CCTV systems across Israel.
• Ukraine (Construction Store CCTV): “Z-PENTEST ALLIANCE” also claimed access to surveillance systems at a construction store in Ukraine.
• Bangladesh (Flight Monitoring): “The Night Hunters” claimed access to the Flight Monitoring Software at Hazrat Shahjalal International Airport. This is a critical aviation safety risk, potentially allowing actors to track flights or disrupt airport operations.

---

4. Global Data Breaches by Region

The majority of incidents involved the sale or leak of databases containing PII (Personally Identifiable Information), corporate secrets, or government records.

4.1. North America (USA & Mexico)

The United States remains a primary target for large-scale data theft.

• Government & Defense:
  • Dept of Defense / Boeing: Actor “jrintel” claimed to leak Boeing systems tied to US defense projects.
  • Dept of War / CMMC: The same actor leaked a “Department of War” confidential CMMC cybersecurity briefing.
  • Military Blueprints: Actor “chrs1234” offered blueprints for military vehicles and US Navy vessels, including personnel SSNs and deployment history.
  • Raytheon: “JRINTEL FREE DATA V3” claimed a leak of Raytheon data.
• Corporate & Commercial:
  • Omni Hotels & Resorts: A massive leak of 5.2 million records including guest names and addresses was reposted.
  • Edmunds: A dump of 140,000 user accounts and hashed credentials from the automotive site was claimed by “Wadjet”.
  • Roblox: A staggering claim of 37 million breached records was made by “Jacksparrow1”.
  • FedEx: “Hackaton13” claimed unauthorized insider access to FedEx databases containing shipper/recipient data.
• Regional Databases:
  • Georgia & Hawaii: Actor “bobbyaxelrod99” sold private databases for Georgia (130k records) and Hawaii (1.3M phone records).
  • Axtel (Mexico): Actor “Eternal” leaked 78,450 client lines from Mexican telecom Axtel.

4.2. Middle East (Israel & UAE)

The region faces intense cyber activity, often blending financial motivation with geopolitical friction.

• Israel:
  • Citizen Data: A massive dataset of 3.95 million Israeli citizens (including ID, location, and family details) was leaked by “iloveya”.
  • Business Data: A dataset of 420,000 Israeli businesses was offered by “buadamcokfena”.
  • Hebrew University-Hadassah: A dental faculty database was leaked by “Cyber His-eyes”.
  • Dan Digital: Login access was leaked by “Z-BL4CX-H4T”.
• UAE:
  • Dept of Government Enablement: Actor “rSora” sold data related to Abu Dhabi’s government infrastructure, claiming to bypass Azure SSO.

4.3. Europe (UK, France, Germany, Spain)

European nations saw frequent targeted breaches and database sales.

• France:
  • Mairie de Venoy: The municipality’s website was compromised, leaking resident data.
  • Livrenpoche: A book marketplace breach exposed over 716,000 customer records.
  • Cocolis: A logistics platform leak reportedly exposed over 6.7 million user records.
• United Kingdom:
  • Dental Leads: A database of 71,874 dental service contacts was sold.
  • Private Leads: A massive set of 1.6 million “private leads” was offered by “betway”.
• Germany:
  • WEB.DE: A combo list targeting this email provider was leaked.
• Spain:
  • Salamanca Empresarial: An e-commerce site was breached by “IntelShadow”.
  • Cadena Joven Digital: A full database dump including admin passwords was leaked.

4.4. Asia (Indonesia, India, Bangladesh, Thailand, Taiwan)

Asia is experiencing a surge in hacktivism and broad data leaks.

• Indonesia:
  • Public Sector Onslaught: The actor “BABAYO EROR SYSTEM” was relentless, leaking data from BPJS Kesehatan (Insurance) , Kementerian Pendidikan (Education) , TVRI (State TV) , and various other databases.
  • Desa Nglayang: Resident data including NIK (IDs) was leaked.
• India:
  • City Finance: Actor “whiterose” breached a database covering 4,000 cities, exposing Aadhaar numbers and agent passwords.
  • Cricket Live Score: Unauthorized access was claimed by “NOTRASEC TEAM”.
  • Farsight India: A wealth consultant firm was breached.
• Bangladesh:
  • Bangladesh Computer Council: Breached by “HackShyen”.
  • Prison Data: “7 Proxies” claimed to leak prison system data.
• Taiwan:
  • Lifetour.com.tw: A travel agency breach exposed 23 GB of sensitive traveler data, including passports.

---

5. Initial Access Markets

Beyond static data, there is a thriving market for active access to systems, allowing buyers to conduct their own attacks.

• WordPress Access: Actor “ed1n1ca” specialized in selling unauthorized WordPress access, listing specific markets like the USA , UK , and Spain. This access is often used for SEO spam, malware distribution, or phishing.
• Ryanair eCrew: Unauthorized admin access to the Ryanair crew management platform was leaked. This poses risks to airline operations and staff privacy.
• Corporate SMTP: Actor “VipCode212” sold brute-forced corporate SMTP access, which is a primary tool for Business Email Compromise (BEC) and spam campaigns.
• Beniz Tajhiz Co (Iran): Admin access to this manufacturing firm was leaked.

---

6. Threat Actor Profiling

The dataset reveals several distinct archetypes of threat actors operating in the current landscape.

6.1. The “Wholesale” Data Brokers

These actors focus on volume sales of databases, often aggregating data from various sources.

• bobbyaxelrod99: This actor is extremely prolific, responsible for listing databases from Georgia USA , UK Dental Leads , Spain , USA eBay Buyers , French Solar Panel Buyers , Hawaii Phones , Ecuador Companies , and Worldwide Hotels. Their operation appears to be a “supermarket” for stolen PII.
• s4sori: Specializes in financial fraud, selling 6,000 Credit Card (CC/CVV) records from multiple countries.

6.2. The Hacktivists & Defacers

Motivated by politics, reputation, or chaos, these groups focus on visibility.

• BABAYO EROR SYSTEM: Focused heavily on Indonesia, this group executed a rapid-fire series of leaks against government and public infrastructure .
• InDoM1nuS Team: Targeted Brazilian websites with mass defacements, hitting hotels , marketing firms , and religious sites.
• HackShyen: Explicitly announced targeting Bangladesh and Pakistan and executed attacks on the Bangladesh Computer Council.
• IT ARMY OF RUSSIA: Claimed a breach of the Khmelnytskyi City Council in Ukraine, exposing shelter locations and architectural plans. This is a clear example of cyber operations supporting kinetic warfare.

6.3. The Specialized Infiltrators

• Infrastructure Destruction Squad: As detailed in Section 3, this group focuses on OT/IoT systems in Europe, showing a dangerous capability to interact with physical infrastructure.
• jrintel: Focuses on high-level US defense and government documents, leaking materials from the DoD and Boeing.

---

7. Incident Impact Analysis by Category

7.1. Personal Identity & Financial Fraud Risk

The volume of PII exposed is immense.

• Israel: 3.95 million citizens.
• USA: 130k Georgia records , 1.3M Hawaii records , 140k Edmunds users.
• Indonesia: NIK numbers and teacher records.
• Finance: 21,000 Turkish credit cards and 6,000 global CC records. Impact: This data fuels identity theft, phishing campaigns (using real names and addresses), and financial fraud. The “Combo Lists” and “Email Access Tools” further facilitate credential stuffing attacks.

7.2. National Security & Defense

The leaks involving the US Department of Defense, Boeing , Raytheon , and military vehicle blueprints represent a loss of sensitive technical data. While some “leaks” on forums can be exaggerated or recycled, the specific mention of CMMC briefings suggests the exposure of compliance and security posture details. In Ukraine, the exposure of shelter coordinates and CCTV locations directly endangers civilian safety during conflict.

7.3. Corporate Espionage & Intellectual Property

Ransomware attacks on manufacturing and engineering firms (Centrotherm , Aromate , Lesk Engineers ) likely resulted in the theft of proprietary designs and client lists. The “Stake” betting platform leak (14 million records) poses a massive privacy risk to gamblers and a competitive loss for the company.

---

8. Conclusion and Outlook

The events of late January 2026 illustrate a cyber threat landscape that is saturated, aggressive, and indiscriminate.

1. Commoditization of Access: The barriers to entry are lower than ever. Actors like bobbyaxelrod99 and ed1n1ca have turned data and server access into cheap commodities. A threat actor no longer needs to hack a company; they can simply buy “unauthorized WordPress access” or a “UK dental leads database” for a nominal fee.
2. Convergence of Cyber and Kinetic Risks: The attacks on building management systems in Italy and Poland, and energy systems in the Czech Republic and Ukraine, mark a dangerous shift. Threat actors are actively probing systems that control the physical environment (heat, power, lighting).
3. Ransomware Evolution: Groups like Qilin and NightSpire are maintaining a high operational tempo, targeting mid-to-large enterprises across manufacturing, education, and biotechnology. The “double extortion” model (encrypt + leak) remains the standard.
4. Regional Hotspots: Indonesia and Brazil are suffering from intense hacktivist waves, while the US and Israel are the primary targets for large-scale data exfiltration and state-adjacent espionage.

Final Assessment: Organizations must assume that their data is a target. The prevalence of “Initial Access” sales indicates that many breaches occur due to compromised credentials or unpatched common vulnerabilities (like WordPress plugins). Furthermore, the targeting of critical infrastructure control systems demands an urgent focus on OT security and network segmentation.

---

9. Detailed Incident Log (Categorized)

The following section provides the granular details of every incident analyzed to form the conclusions above.

A. Ransomware Incidents

1. Centrotherm International AG (Germany) – Qilin: Manufacturing data obtained.
2. Langley Twigg Law (New Zealand) – ANUBIS: Law firm data compromised.
3. Vitosha Park Hotel (Bulgaria) – ANUBIS: Hospitality data seized.
4. Şemsioğlu Uşak House Tarhana (Turkey) – Qilin: Food industry data breached.
5. OKIN GROUP (Czech Republic) – Qilin: Business services data breached.
6. Cytek (USA) – RHYSIDA: Biotech data obtained.
7. The Successful Match (USA) – NightSpire: Medical education data breached.
8. Aromate Industries Co., Ltd. (Taiwan) – NightSpire: 200 GB of chemical mfg data.
9. Lesk Engineers Limited (UK) – NightSpire: 40 GB of engineering data.
10. KICKSTAGE (Taiwan) – NightSpire: 30 GB of fashion retail data.

B. Critical Infrastructure & OT Access

11. Smart Building Control (Italy): Access to lighting/energy automation.
12. Energy Management System (Czech Republic): Access to solar/grid distribution.
13. Building Engineering System (Poland): Remote control of power/heating.
14. Energy Control System (Ukraine): Access to substation control in Ivano-Frankivsk.
15. CCTV Systems (Israel): Unauthorized access by MORNING STAR.
16. Construction Store CCTV (Ukraine): Access by Z-PENTEST ALLIANCE.
17. Hazrat Shahjalal Airport (Bangladesh): Flight monitoring software access.

C. Major Data Breaches (Government & Defense)

18. AADL (Algeria): Login credentials leaked.
19. Algeria Post: 8 TB of data/emails alleged.
20. US Dept of Defense / Boeing: Defense project systems leaked.
21. US Dept of War: CMMC security briefing leaked.
22. US Navy / Military: Vehicle blueprints and personnel SSNs.
23. Raytheon (USA): Data leak claimed.
24. Khmelnytskyi City Council (Ukraine): Shelter coordinates and citizen data.
25. Dept of Government Enablement (UAE): Admin portals and AI infra access.
26. Bangladesh Computer Council: Website breach.
27. Bangladesh Prison Data: Inmate data leak.
28. TVRI (Indonesia): State TV data leak.
29. Kementerian Pendidikan (Indonesia): Teacher/staff NIP data.

D. Corporate & Customer Data Breaches

30. Ledger-related Database: 3,000 records.
31. WEB.DE (Germany): 7,144 combo list lines.
32. ProtonVPN: User credentials (likely stuffing).
33. Atrox Fit: 2,300 user records.
34. Omni Hotels & Resorts (USA): 5.2M records (re-post).
35. Center-V (Ukraine): Patient names/phones.
36. Salamanca Empresarial (Spain): Internal data leak.
37. Desa Nglayang (Indonesia): Resident NIK data.
38. Axtria (USA): Source code/data leak.
39. Edmunds (USA): 140k user accounts/hashed creds.
40. Cadena Joven Digital (Spain): Full DB dump/admin passwords.
41. Livrenpoche (France): 716k book orders/addresses.
42. Roblox (USA): 37M records alleged.
43. Cocolis (France): 6.7M user records.
44. City Finance (India): 4,000 cities financial records.
45. Farsight India Wealth: Financial data leak.
46. Hebrew University-Hadassah (Israel): Dental faculty data.
47. EvergreenHedging (USA): Agriculture customer data.
48. Stake (India/Global): 14M gambling records.
49. Axtel (Mexico): 78k telecom records.
50. Call Lade (Singapore): Logistics data/Usernames.
51. Lifetour.com.tw (Taiwan): 23GB travel data/passports.
52. NTC Group (Cambodia): Education data breach.

E. Data Sales (Brokers & Markets)

53. USA WordPress Access: Unauthorized access sold.
54. UK WordPress Access: Unauthorized access sold.
55. Spain WordPress Access: Unauthorized access sold.
56. Israel Citizens DB: 3.95M records.
57. Israel Business DB: 420k records.
58. Email Access Tool: Cracker/Checker tool.
59. Georgia (USA) Private DB: 130k records.
60. UK Dental Leads: 71k records.
61. Spain Private DB: General database sale.
62. USA Private DB (eBay Buyers): Sold by bobbyaxelrod99.
63. France Solar Panel Buyers: Sold by bobbyaxelrod99.
64. Hawaii (USA) Phones: 1.3M records.
65. Ecuador Companies: 4.6M lines.
66. Worldwide Hotels/Rentals: 859k records.
67. Financial/Wealth DBs: Morgan Stanley/Cabot leads.
68. Bulgaria Shop DB: 6,000 user lines.
69. Corporate SMTP Access: Brute-forced access.
70. Indonesian Corporate DB: Source code/contacts.
71. UK Online Store Admin: Unauthorized access.
72. UK Private Leads: 1.6M records.
73. Turkey Credit Cards: 21k records.
74. Global Credit Cards: 6,000 records (Colombia, US, etc.).

F. Defacement & Hacktivism

75. Imagine Computer Institute (Pakistan): Defaced by Malnox ZeroX.
76. Fuwaytai Technology (Thailand): Defaced by EXADOS.
77. Mango Park Hotel (Philippines): Defaced by InDoM1nuS Team.
78. Odisha Society (India): Defaced by Team Azrael.
79. Artdec (Thailand): Defaced by EXADOS.
80. Sabrina Balbino (Brazil): Defaced by InDoM1nuS Team.
81. Minha Bio (Brazil): Defaced by InDoM1nuS Team.
82. 40 Dias Por Você (Brazil): Defaced by InDoM1nuS Team.
83. Dra. Barbara Sanches (Brazil): Defaced by InDoM1nuS Team.
84. Oceuevoce (Brazil): Defaced by InDoM1nuS Team.
85. King Magic (China): Defaced by BROTHERHOOD CAPUNG.
86. Sanatorium Ozero Medvezhye (Russia): Defaced by DimasHxR.

G. Other Unauthorized Access & Leaks

87. Ryanair eCrew: Admin access leaked.
88. FedEx: Insider database access.
89. Cricket Live Score: Access obtained.
90. Beniz Tajhiz Co (Iran): Admin WP login.
91. BPJS Kesehatan (Indonesia): Access obtained.
92. Dan Digital (Israel): Login access.
93. Traffic Ticket Data: Leaked by BABAYO.
94. Loan Application Data: Leaked by BABAYO.
95. Insurance Application Data: Leaked by BABAYO.
96. Penebusan: Data leak.
97. Anemia: Data leak.
98. KRS: Data leak.
99. Bumil Indonesia: Data leak.
100. Student Database (Indonesia): Leaked by BABAYO.

Detected Incidents Draft Data

1. Alleged leak of Ledger-related customer database
   Category: Data Breach
   Content: The threat actor claims to be selling a newly leaked Ledger-related customer database, advertising approximately 3,000 records.
   Date: 2026-01-25T23:16:57Z
   Network: openweb
   Published URL: https://xss.pro/threads/145591/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/f5d1c3b2-c440-4b30-a3ea-e1a3e1604eea.png
   https://d34iuop8pidsy8.cloudfront.net/c79d3b04-e1a9-4f40-b7fe-28b2c5e88979.png
   Threat Actors: aisdata
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
2. Alleged leak of login credentials to AADL
   Category: Initial Access
   Content: The group claims to have leaked login credentials to the National Agency for Housing Improvement and Development (AADL)
   Date: 2026-01-25T23:11:11Z
   Network: telegram
   Published URL: https://t.me/firewirBackupChannel/216
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/2b4968c4-5969-4d8d-bc07-4ab067d78eb2.png
   Threat Actors: Fire Wire
   Victim Country: Algeria
   Victim Industry: Government Administration
   Victim Organization: national agency for housing improvement and development (aadl)
   Victim Site: aadl.dz
3. Alleged leak of WEB.DE Combo List
   Category: Combo List
   Content: The threat actor claims to have leaked a 7144 line email password combo list targeting WEB.DE GmbH
   Date: 2026-01-25T23:00:19Z
   Network: openweb
   Published URL: http://185.206.215.219/threads/63506/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/f633e9f6-7f80-45b9-b03a-8aa5312c800b.png
   Threat Actors: BestCombo
   Victim Country: Germany
   Victim Industry: Network & Telecommunications
   Victim Organization: web.de gmbh
   Victim Site: web.de
4. Alleged sale of unauthorized WordPress access in the USA
   Category: Initial Access
   Content: The threat actor claims to be selling unauthorized WordPress access in the USA
   Date: 2026-01-25T22:56:52Z
   Network: openweb
   Published URL: https://forum.exploit.in/topic/274539/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/1b7a4b08-491b-4208-a120-a34b9700862a.png
   Threat Actors: ed1n1ca
   Victim Country: USA
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
5. Alleged data leak of ProtonVPN
   Category: Data Breach
   Content: The threat actor claims to be leaking ProtonVPN-related account credentials, presented in an email:password format. which includes a small list of email addresses paired with plaintext passwords, likely obtained through credential stuffing, phishing campaigns, or reused credentials from third-party breaches, rather than a confirmed direct compromise of ProtonVPN’s infrastructure.
   Date: 2026-01-25T22:40:38Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-protonvpn–185618
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/8441fa28-5e3c-4a6f-a289-a0681e1574fc.png
   Threat Actors: Yanisxratsu
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
6. Alleged unauthorized access to multiple CCTV surveillance systems in Israel
   Category: Initial Access
   Content: The group claims to have gained unauthorized access to multiple CCTV surveillance systems in Israel
   Date: 2026-01-25T22:38:43Z
   Network: telegram
   Published URL: https://t.me/op_morningstar/278
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/f403dc44-acb6-462d-a432-0933fcb9313f.jpg
   https://d34iuop8pidsy8.cloudfront.net/44990652-62fd-46c3-891d-6d42b9dfc8cf.jpg
   Threat Actors: MORNING STAR
   Victim Country: Israel
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
7. Alleged data leak of Atrox Fit
   Category: Data Breach
   Content: The threat actor claims to have leaked a private database of approximately 2,300 Atrox Fit users.
   Date: 2026-01-25T22:38:01Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-Atrox-Fit-2-3k-Users-2026
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/11ac47ec-a00a-4423-abc3-7eb57059291d.png
   Threat Actors: hhhhhhhhhd
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
8. Alleged sale of unauthorized English WordPress access
   Category: Initial Access
   Content: The threat actor claims to be selling unauthorized WordPress access in England
   Date: 2026-01-25T22:15:52Z
   Network: openweb
   Published URL: https://forum.exploit.in/topic/274537/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/fea2f672-6bbb-4d55-bb68-a323a28a3983.png
   Threat Actors: ed1n1ca
   Victim Country: UK
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
9. Alleged sale of unauthorized Spanish WordPress access
   Category: Initial Access
   Content: The threat actor claims to be selling unauthorized WordPress access in Spain
   Date: 2026-01-25T22:04:33Z
   Network: openweb
   Published URL: https://forum.exploit.in/topic/274536/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/3ddf2611-0a74-4321-88cf-2b0d54b9a196.png
   Threat Actors: ed1n1ca
   Victim Country: Spain
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
10. Alleged data leak of U.S. Department of Defense programs
    Category: Data Breach
    Content: The threat actor claims to have leaked Boeing systems tied to U.S. defense projects.
    Date: 2026-01-25T21:29:54Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-USA-SECRET-Department-of-Defense-Boeing-New-Technology-INFO-CONTACTS
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8484ef8f-3112-488a-ab93-3b5919a88b5b.png
    https://d34iuop8pidsy8.cloudfront.net/84272282-3dd5-4e42-a0d3-1b9f7941c3ba.png
    Threat Actors: jrintel
    Victim Country: USA
    Victim Industry: Aviation & Aerospace
    Victim Organization: Unknown
    Victim Site: Unknown
11. Alleged data breach of Algeria Post
    Category: Data Breach
    Content: The group claims to have breached the digital infrastructure of Algeria Post (poste.dz), alleging the extraction of large-scale datasets including databases, cloud storage contents, employee records, customer accounts, and confidential documents exchanged with other government entities. According to the statement, the actor claims access to multiple subdomains and email systems and alleges exfiltration of more than 8 TB of sensitive data, which is reportedly being offered for sale on dark web forums alongside account credentials and technical details
    Date: 2026-01-25T21:25:23Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/1426
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d3338eee-3b0c-4948-b9e6-248add441133.jpg
    https://d34iuop8pidsy8.cloudfront.net/67389086-270d-4d4a-ab6c-0702a5b588db.jpg
    https://d34iuop8pidsy8.cloudfront.net/6da17b07-a50c-46e5-bb7e-0c32dbb8170e.jpg
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Government & Public Sector
    Victim Organization: algeria post
    Victim Site: poste.dz
12. centrotherm international AG falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data
    Date: 2026-01-25T21:22:33Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=859824df-f08f-3cfd-a3b2-f3e44d9ff57e
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2d545dab-ddc7-4a77-bd63-9be787cf88d6.png
    Threat Actors: Qilin
    Victim Country: Germany
    Victim Industry: Machinery Manufacturing
    Victim Organization: centrotherm international ag
    Victim Site: centrotherm.de
13. Malnox ZeroX targets the website of Imagine Computer Institute
    Category: Defacement
    Content: The group claims to have defaced the website of Imagine Computer Institute
    Date: 2026-01-25T20:48:16Z
    Network: telegram
    Published URL: https://t.me/CyberVolkArcanum/187
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/340e4751-ae51-4a4d-863d-1eee1dc80544.jpg
    Threat Actors: Malnox ZeroX
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: imagine computer institute
    Victim Site: imaginecomputerinstitute.com
14. Alleged data leak of Israel Citizens
    Category: Data Breach
    Content: The threat actor claims to have leaked a dataset containing personal information of approximately 3.95 million Israel citizens.the exposed data allegedly includes phone numbers, user IDs, email addresses, first and last names, gender, registration dates, dates of birth, location data, hometown relationships, account status, graduation years, workplaces, group affiliations, page data, last update timestamps, and account creation dates.
    Date: 2026-01-25T20:38:18Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-3-95M-Israel-Citizens
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9dc4f713-af36-49e4-a162-c4a93063f5ac.png
    Threat Actors: iloveya
    Victim Country: Israel
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
15. Langley Twigg Law falls victim to ANUBIS Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data.
    Date: 2026-01-25T20:32:56Z
    Network: tor
    Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/5tMytMX6UrzQPtP4ynCEsdJbzW2yWFsoiHx+Yh0Reg0dsJx0gVb6sRuy0tTdPzOBPJJ24FoOCiuC7ViZ7IsbY2ZhSk13eFBv
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3ee98812-1811-4d1b-87f3-f4e930ca7038.png
    https://d34iuop8pidsy8.cloudfront.net/5204c72d-0eee-48cf-ace5-a7238557a361.png
    https://d34iuop8pidsy8.cloudfront.net/9fb6f1b7-a688-4921-a7bc-f06d8f5c16ed.png
    https://d34iuop8pidsy8.cloudfront.net/75df9968-f0fd-490b-83da-54a555395281.png
    Threat Actors: ANUBIS
    Victim Country: New Zealand
    Victim Industry: Law Practice & Law Firms
    Victim Organization: langley twigg law
    Victim Site: langleytwigg.co.nz
16. Alleged leak of Israel Business Database
    Category: Data Breach
    Content: The threat actor claims to be offering a dataset containing information on approximately 420,000 Israel businesses in CSV format.the exposed data includes company identifiers, company names, email addresses, physical addresses, cities, states, ZIP codes, phone numbers, fax numbers, SIC codes, SIC descriptions, and website addresses.
    Date: 2026-01-25T20:31:34Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-425K-ISRAEL-DATA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/99648111-f8d4-45f5-94c5-b3b25bd89166.png
    Threat Actors: buadamcokfena
    Victim Country: Israel
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
17. Alleged leak of email access tool
    Category: Malware
    Content: The threat actor claims to have released an email access checker and cracker tool, described as software for large‑scale email login verification and inbox scraping. The tool reportedly supports IMAP/POP3 connections, downloading messages, domain discovery, and includes a built‑in mail viewer.
    Date: 2026-01-25T20:31:12Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Leak-Email-ACCESS-CHECKER-and-Cracker-2026
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d350b0ca-8523-4441-96f2-2a7c167bdc0b.png
    https://d34iuop8pidsy8.cloudfront.net/c55c574a-2498-4f4d-bd02-6f9ce829cf86.png
    https://d34iuop8pidsy8.cloudfront.net/8a527539-0cdb-4614-b4b1-e0218049292d.png
    https://d34iuop8pidsy8.cloudfront.net/fe420a14-fba0-4a38-80c9-d78491ec89c4.png
    https://d34iuop8pidsy8.cloudfront.net/a708896f-afdf-4f54-93ed-ff9f1fafabab.png
    Threat Actors: rippors
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
18. Vitosha Park Hotel falls victim to ANUBIS Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data.
    Date: 2026-01-25T20:24:00Z
    Network: tor
    Published URL: http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/1pB4YVCtJrA9DFc4mFt0fGX0OwZTi4VDSjFBpWKz8b+zmqifIG6bTDtgzX1mgmKTUqxiRxQRdT3MUTWgqFi0VhrblU2ckha
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1826074d-5f8e-4765-a2bb-9820f475f1cc.png
    https://d34iuop8pidsy8.cloudfront.net/1326e0c0-9d2e-4286-98cd-c916dc4abe3a.png
    https://d34iuop8pidsy8.cloudfront.net/0c78d9d2-dc16-4dc8-a4c8-e4e36012e7b3.png
    https://d34iuop8pidsy8.cloudfront.net/2e10e71e-a11e-46c0-ae5f-61992524c668.png
    https://d34iuop8pidsy8.cloudfront.net/c7f9ec30-69a7-453e-9a02-14d5ba971be6.png
    https://d34iuop8pidsy8.cloudfront.net/939ef7e2-2fbc-45cd-b618-e4f94ce18e96.png
    https://d34iuop8pidsy8.cloudfront.net/ebf5c241-1d19-4ec4-9e47-f5afce62ebed.png
    Threat Actors: ANUBIS
    Victim Country: Bulgaria
    Victim Industry: Hospitality & Tourism
    Victim Organization: vitosha park hotel
    Victim Site: vitoshaparkhotel.com
19. Alleged data breach of Mairie de Venoy
    Category: Data Breach
    Content: The threat actor claims to have compromised the official website of Mairie de Venoy (mairie-venoy.fr) and exfiltrated all associated databases. the leaked data contains sensitive personal information of users and residents, including names, email addresses, hashed passwords, postal addresses, postal codes, cities, and dates of birth.
    Date: 2026-01-25T20:15:50Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-mairie-venoy-fr
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/03211762-26db-4ea3-923b-3cbab9721e48.png
    Threat Actors: X-VDP-X
    Victim Country: France
    Victim Industry: Government & Public Sector
    Victim Organization: mairie de venoy
    Victim Site: mairie-venoy.fr
20. Alleged sale of USA Georgia Private Database
    Category: Data Breach
    Content: The threat actor claims to be selling a private database allegedly containing over 130,000 records related to individuals and properties in the state of Georgia, USA. The exposed data reportedly includes full names, email addresses, residential addresses, city, state, ZIP codes, and property-related information, which could be used for spam, phishing, identity fraud, or further social engineering attacks.
    Date: 2026-01-25T19:58:29Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274529/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ee56de1c-42ed-46b2-adca-665ba53490f5.png
    https://d34iuop8pidsy8.cloudfront.net/705bdd6d-18e6-4d3d-a0bf-7e166bd44379.png
    Threat Actors: bobbyaxelrod99
    Victim Country: USA
    Victim Industry: Real Estate
    Victim Organization: Unknown
    Victim Site: Unknown
21. Alleged data breach of Omni Hotels & Resorts
    Category: Data Breach
    Content: The threat actor claims to have leaked a full database allegedly belonging to Omni Hotels & Resorts, a major U.S.-based luxury hotel group operating over 50 properties across North America. the exposed dataset contains approximately 5.2 million records stored in multiple CSV files and compressed archives. The leaked information reportedly includes guest and loyalty member data such as full names, email addresses, full postal addresses, loyalty or membership levels, enrollment dates, dates of birth, and language preferences.
    Date: 2026-01-25T19:48:40Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Re-post-Omni-Hotels-USA-Full-Leak-hexvior
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d86e4b05-14d1-4965-bb76-5260cfdfb713.png
    https://d34iuop8pidsy8.cloudfront.net/a36af894-fe28-48be-b7d3-c9f6107f3dd3.png
    Threat Actors: hexvior
    Victim Country: USA
    Victim Industry: Leisure & Travel
    Victim Organization: omni hotels & resorts
    Victim Site: omnihotels.com
22. Alleged sale of UK Dental Leads Database
    Category: Data Breach
    Content: The threat actor claims to be selling a private UK dental leads database containing 71,874 records. The dataset allegedly includes email addresses, full names, phone numbers, and other contact details of individuals linked to dental services in the UK.
    Date: 2026-01-25T19:45:39Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274530/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d38c2520-c2ea-4c9e-b4c7-a296f5d315c9.png
    https://d34iuop8pidsy8.cloudfront.net/4704b0e5-a82b-4473-aa83-0975e15e91b9.png
    Threat Actors: bobbyaxelrod99
    Victim Country: UK
    Victim Industry: Hospital & Health Care
    Victim Organization: Unknown
    Victim Site: Unknown
23. Alleged sale of private database from Spain
    Category: Data Breach
    Content: The threat actor claims to be selling a private database from Spain.
    Date: 2026-01-25T19:30:50Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274527/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/587d7324-0baa-4540-bd06-7647b0b50da5.png
    Threat Actors: bobbyaxelrod99
    Victim Country: Spain
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
24. Alleged unauthorized access to Hazrat Shahjalal International Airports Flight Monitoring Software
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to Hazrat Shahjalal International Airports Flight Monitoring Software
    Date: 2026-01-25T19:30:22Z
    Network: telegram
    Published URL: https://t.me/c/2362414795/18097
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/96608454-ee31-4042-a069-4f5b9432c868.jpg
    Threat Actors: The Night Hunters
    Victim Country: Bangladesh
    Victim Industry: Airlines & Aviation
    Victim Organization: hazrat shahjalal international airport
    Victim Site: hsia.gov.bd
25. Alleged data breach of Center-V
    Category: Data Breach
    Content: The group in collaboration with Perun Swaroga claims to have leaked data allegedly obtained from the official website of the Center-V, exposing sensitive patient and user information. The compromised data reportedly includes names, phone numbers, email addresses, passwords, and appointment details.
    Date: 2026-01-25T19:21:41Z
    Network: telegram
    Published URL: https://t.me/QuietSecOfficial/237?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/321a6eea-18a9-43c0-afd1-df6d19849988.jpg
    Threat Actors: QuietSec
    Victim Country: Ukraine
    Victim Industry: Medical Practice
    Victim Organization: center-v
    Victim Site: centrv.com.ua
26. Alleged data breach of Salamanca Empresarial
    Category: Data Breach
    Content: The threat actor claims to have compromised the website salamancaempresarial.es and leaked internal data.
    Date: 2026-01-25T19:19:43Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-salamancaempresarial-es-SPAIN
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9c7a5780-ab44-43dd-803f-fb3fc208b7d0.png
    https://d34iuop8pidsy8.cloudfront.net/0a4a6578-ccfa-470b-b73f-e31e6a8b3b94.png
    Threat Actors: IntelShadow
    Victim Country: Spain
    Victim Industry: E-commerce & Online Stores
    Victim Organization: salamanca empresarial
    Victim Site: salamancaempresarial.es
27. Alleged data leak of Bangladesh prison data
    Category: Data Breach
    Content: The group claims to have leaked the data of Bangladesh prisons
    Date: 2026-01-25T19:11:57Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/961
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fb19bec4-9834-45a2-8d88-090050c23ff3.jpg
    Threat Actors: 7 Proxies
    Victim Country: Bangladesh
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
28. Alleged leak of private database from USA
    Category: Data Breach
    Content: The threat actor claims to be selling USA Private Database with eBay Buyers
    Date: 2026-01-25T19:11:17Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274528/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a0bafdbb-640e-42b4-9c6e-34a1d6183f5a.png
    Threat Actors: bobbyaxelrod99
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
29. Alleged Sale of Solar Panels Buyers Database from France
    Category: Data Breach
    Content: Threat actor claims to be selling solar panels buyers private database from France. The compromised data reportedly contains id, email, first name, last name, phone number, etc.
    Date: 2026-01-25T18:52:10Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274525/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3dd8bc6c-25fc-4ca0-868b-7460eb71c15a.png
    Threat Actors: bobbyaxelrod99
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
30. Alleged Sale of Hawaii USA Phones Private Database
    Category: Data Breach
    Content: Threat actor claims to be selling a private database containing 1380724 lines of phone user data from Hawaii state, USA. The compromise data reportedly includes phone id, state, phone code, name, phone, address, etc.
    Date: 2026-01-25T18:41:24Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274524/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bc53891d-d68a-454a-a1eb-a1bc66961b23.png
    Threat Actors: bobbyaxelrod99
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
31. Alleged Sale of Ecuador Companies Database
    Category: Data Breach
    Content: Threat actor claims to be selling private database containing 4654083 lines of data about Ecuador companies.
    Date: 2026-01-25T18:24:56Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274526/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7c0cbbfa-9715-4a54-a95e-4d9186d4df05.png
    Threat Actors: bobbyaxelrod99
    Victim Country: Ecuador
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
32. Alleged data breach of Official Geoportal of the Khmelnytskyi City Council
    Category: Data Breach
    Content: The group claims to have leaked the database of Official Geoportal of the Khmelnytskyi City Council. The exposed data reportedly includes personal information of approximately 41,450 citizens and organizations (addresses, phone numbers, passport details), login credentials of 10 system administrators, coordinates of 703 protective structures (shelters), locations of 237 CCTV cameras, cadastral data with over 49,000 geotags and information on 3,120 land plots, and extensive architectural and urban planning documentation, including a complete general city plan
    Date: 2026-01-25T18:16:33Z
    Network: telegram
    Published URL: https://t.me/itarmy_ru/268
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1d1b604d-90f6-4f77-8cfd-3398d33888af.jpg
    Threat Actors: IT ARMY OF RUSSIA
    Victim Country: Ukraine
    Victim Industry: Government Administration
    Victim Organization: official geoportal of the khmelnytskyi city council
    Victim Site: gis.khm.gov.ua
33. Alleged Sale of Worldwide Hotels & Holiday Rentals Private Database
    Category: Data Breach
    Content: Threat actor claims to be selling Hotels and Holidays rentals private database which reportedly contains 859686 records of data from around the world.
    Date: 2026-01-25T17:58:59Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274523/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7fa1d7c4-ad0f-4cb0-9a5a-1d2b3ec6fc17.png
    Threat Actors: bobbyaxelrod99
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
34. Alleged leak of military vehicle blueprints and personal data
    Category: Data Breach
    Content: The threat actor claims to be offering military vehicle blueprints and a structured dataset containing personnel‑related fields. The post lists several aircraft and U.S. Navy vessels and references fields such as SSN, name, rank, unit, clearance level, medical status, and deployment history.
    Date: 2026-01-25T17:57:57Z
    Network: openweb
    Published URL: https://leakbase.la/threads/us-navy-military-vehicle-db.48479/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e45794b9-f240-42d2-92d0-f8108eac12de.png
    Threat Actors: chrs1234
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
35. Alleged unauthorized access to Ryanair eCrew WEB platform
    Category: Initial Access
    Content: Threat actor claims to have leaked unauthorized admin access to Ryanair Connect (or old eCrew WEB),a internal digital crew management and communication platform.
    Date: 2026-01-25T17:17:43Z
    Network: openweb
    Published URL: https://xforums.st/threads/ecrew-ryanair-com-admin-wp-login.491627/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/15a59f7d-64fd-4bd5-8a9d-b956884df594.png
    Threat Actors: X Forum Bot
    Victim Country: Ireland
    Victim Industry: Airlines & Aviation
    Victim Organization: ryanair
    Victim Site: ryanair.com
36. Alleged data breach of Desa Nglayang
    Category: Data Breach
    Content: The threat actor claims to have leaked personal data belonging to residents of Desa Nglayang, Indonesia. The exposed data consists of citizen records, including full names, NIK , and additional descriptive fields, affecting over 100 individuals.
    Date: 2026-01-25T17:08:26Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-PERSONAL-DATA-DESA-NGLAYANG
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0d20fe59-8df0-485b-84ba-5204b2da0751.png
    https://d34iuop8pidsy8.cloudfront.net/51b812ca-3668-4cef-a59b-c5cfc87874aa.png
    https://d34iuop8pidsy8.cloudfront.net/c2d96f92-3ceb-417d-bd65-db8437bac145.png
    Threat Actors: RapperXploit
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: desa nglayang
    Victim Site: nglayangdesaku.id
37. Alleged sale of financial research and wealth management databases
    Category: Data Breach
    Content: The threat actor claims to be selling financial research and wealth management databases and leads associated with firms such as Morgan Stanley Wealth Management, Morgan Stanley Insured Solutions, Cabot Wealth Network, Cumberland, and Palm Beach Research Group.
    Date: 2026-01-25T17:01:12Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274514/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c0af4fd9-1612-4826-83fb-88171b61cbe6.png
    Threat Actors: phase1
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
38. Alleged access to CCTV surveillance system of an unidentified construction store in Ukraine
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to CCTV surveillance system of an unidentified construction store in Ukraine
    Date: 2026-01-25T16:57:28Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/1007
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3eeefbe6-9823-4c87-8b03-f01c80f5c79a.jpg
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Ukraine
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
39. Alleged data breach of Bangladesh Computer Council (BCC)
    Category: Data Breach
    Content: The group claims to have breached the website of Bangladesh Computer Council (BCC).
    Date: 2026-01-25T16:50:17Z
    Network: telegram
    Published URL: https://t.me/HackShyen/25
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5526324f-be9b-4328-8286-3b9790cd24c9.jpg
    Threat Actors: HackShyen
    Victim Country: Bangladesh
    Victim Industry: Government Administration
    Victim Organization: bangladesh computer council (bcc)
    Victim Site: bcc.gov.bd
40. HackShyen claims to target Bangladesh and Pakistan
    Category: Alert
    Content: A recent post by the group indicates that theyre targeting Bangladesh and Pakistan
    Date: 2026-01-25T16:45:01Z
    Network: telegram
    Published URL: https://t.me/HackShyen/24
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fc3da244-5bb0-4ecd-8516-d20cf85527f6.jpg
    Threat Actors: HackShyen
    Victim Country: Bangladesh
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
41. Alleged unauthorized access to FEDEX database
    Category: Initial Access
    Content: Threat actor claims to have unauthorized insider access to the FEDEX database. The compromised database reportedly contains tracks by sender, account numbers, recipient and shipper data.
    Date: 2026-01-25T16:40:29Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274507/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/651f44bf-e0fe-47f8-9a4e-29a6d0934217.png
    Threat Actors: Hackaton13
    Victim Country: USA
    Victim Industry: Transportation & Logistics
    Victim Organization: fedex
    Victim Site: fedex.com
42. Alleged data breach of Axtria
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Axtria .
    Date: 2026-01-25T16:28:56Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Source-Code-Axtria-Data-Breach-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d58ca21d-1b7c-44c1-8604-486a6763e27c.png
    Threat Actors: 888
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: axtria
    Victim Site: axtria.com
43. Alleged sale of database of an unidentified shop from Bulgaria
    Category: Data Breach
    Content: Threat actor claims to be selling user database of an unidentified shop from Bulgaria. The compromised data reportedly contains 6,000 lines of users data from US, including first name, last name, phone, email, mobile, remark, address, etc.
    Date: 2026-01-25T16:24:40Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274517/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7945934e-3122-4fa6-80a0-30221f721d81.png
    Threat Actors: savel987
    Victim Country: Bulgaria
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
44. Alleged sale of brute-forced corporate SMTP access
    Category: Initial Access
    Content: The threat actor claims to be selling brute-forced corporate SMTP access, with pricing based on sample type and country.
    Date: 2026-01-25T16:18:34Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274508/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a48091d1-819d-40c6-9a2f-8bb1f8a15c6d.png
    Threat Actors: VipCode212
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
45. Alleged unauthorized access to an unidentified Smart Building Control System located in Italy
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to a Smart Building Control System located in Italy, allegedly used to manage and operate modern building infrastructure. According to the claim, the compromised system controls lighting, energy management, and building automation functions, including monitoring power consumption, regulating electrical loads, and managing lighting and window operations to ensure efficiency, safety, and occupant comfort
    Date: 2026-01-25T16:15:04Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3465
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6f4e14c6-6c30-4d6c-bf23-d26f06f90431.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Italy
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
46. Alleged unauthorized access to Cricket Live Score
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to Cricket Live Score
    Date: 2026-01-25T16:06:19Z
    Network: telegram
    Published URL: https://t.me/c/2622575053/1349
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d136daa0-6346-40e0-8104-8212fcfcdd53.png
    Threat Actors: NOTRASEC TEAM
    Victim Country: India
    Victim Industry: Sports
    Victim Organization: cricket live score
    Victim Site: cricscorepro.in
47. Alleged data breach of Edmunds
    Category: Data Breach
    Content: The threat actor claims to have dumped Edmunds database, leaking a 140K-user sample containing user accounts, hashed credentials, contact details, forum and Q&A activity, platform metadata, and Twilio SMS messaging records, including message content and phone numbers.
    Date: 2026-01-25T15:54:41Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-edmunds-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3dc86f86-8b36-4828-bb1b-0335d1dc5acb.png
    https://d34iuop8pidsy8.cloudfront.net/2ec6b84b-856f-461f-b950-8206b2da1db3.png
    Threat Actors: Wadjet
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: edmunds
    Victim Site: edmunds.com
48. Alleged unauthorized access to an energy management system located in Czech Republic
    Category: Initial Access
    Content: The group claims to have identified and gained visibility into an energy management system located in Czech Republic, responsible for controlling and optimizing the distribution of energy between multiple sources, including solar panels, battery storage, and the power grid. According to the claim, the system monitors real-time energy production and consumption, automatically manages battery charging and discharging to maximize efficiency, balances grid interaction to reduce energy waste, and generates performance data and alerts in the event of malfunctions.
    Date: 2026-01-25T15:54:08Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3471
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/23899c0c-d80f-4cba-bf90-e9f56fe433e5.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
49. EXADOS targets the website of Fuwaytai Technology (Thailand) Co., Ltd.
    Category: Defacement
    Content: The group claims to have defaced the website of Fuwaytai Technology (Thailand) Co., Ltd.
    Date: 2026-01-25T15:52:19Z
    Network: telegram
    Published URL: https://t.me/EXA_DOS_KH/36
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/626c8ca5-1ee4-4459-9046-fe302762da8b.png
    Threat Actors: EXADOS
    Victim Country: Thailand
    Victim Industry: Chemicals
    Victim Organization: fuwaytai technology (thailand) co., ltd.
    Victim Site: fuwaytai.co.th
50. Alleged unauthorized access to Beniz Tajhiz Co
    Category: Initial Access
    Content: Threat actor claims to have leaked unauthorized admin access to Beniz Tajhiz Co, Iran.
    Date: 2026-01-25T15:47:42Z
    Network: openweb
    Published URL: https://xforums.st/threads/beniztajhiz-ir-admin-wp-login.491390/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ddd079fb-f985-4a9c-ac77-f82edd4f2d37.png
    Threat Actors: X Forum Bot
    Victim Country: Iran
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: beniz tajhiz co
    Victim Site: beniztajhiz.ir
51. Alleged sale of Database & Source Code Leak
    Category: Data Breach
    Content: The threat actor claims to have leaked a database and source code, exposing internal corporate records containing office addresses , business contact email addresses, and multiple Indonesian phone numbers, suggesting disclosure of internal administrative and operational information.
    Date: 2026-01-25T15:47:34Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Source-Code-Db-Leaked
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1003c2cb-96a8-4b58-9fd7-5648014326eb.png
    Threat Actors: CY8ER_N4TI0N
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
52. Alleged data breach of Cadena Joven Digital
    Category: Data Breach
    Content: The threat actor claims to have leaked a full database dump of Cadena Joven Digital’s . The exposed sensitive data including five administrative accounts with real names, hashed passwords, and registration, as well as around 70 websites, over 100 security log records containing IP addresses, failed login attempts, and suspicious activity indicators, WordPress configuration files with plugin, theme, and system settings, and metadata.
    Date: 2026-01-25T15:20:52Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-SPAIN-CADENA-JOVEN-DIGITAL-FULL-DB-DUMP
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bb4acf99-2d69-488e-8c3b-292725e4de29.png
    https://d34iuop8pidsy8.cloudfront.net/41663b7a-c217-408e-86e8-74da10e37c53.png
    Threat Actors: Evorax
    Victim Country: Spain
    Victim Industry: Online Publishing
    Victim Organization: cadena joven digital
    Victim Site: cadenajoven.com
53. InDoM1nuS Team targets the website of Mango Park Hotel
    Category: Defacement
    Content: The group claims to have defaced the website of Mango Park Hotel,
    Date: 2026-01-25T14:49:23Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/70
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/37064014-5394-46eb-8f89-18e38411d789.jpg
    Threat Actors: InDoM1nuS Team
    Victim Country: Philippines
    Victim Industry: Hospitality & Tourism
    Victim Organization: mango park hotel
    Victim Site: mangoparkhotel.com
54. Alleged data breach of Livrenpoche
    Category: Data Breach
    Content: The threat actor claims to have breached 716 thousand plus rows of data of the organisation, allegedly including order Id, first Name, last Name, company, email, phone, address1, address2, postal, city, district, country.
    Date: 2026-01-25T14:32:02Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-Livrenpoche-Online-Book-Marketplace-716k-Names-Emails-Phones-Addresses
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b667b45c-a9e9-4f43-b6e1-c875e8ce15be.JPG
    Threat Actors: placenta
    Victim Country: France
    Victim Industry: E-commerce & Online Stores
    Victim Organization: livrenpoche
    Victim Site: livrenpoche.com
55. Alleged data leak of Raytheon
    Category: Data Breach
    Content: The group claims to have leaked data of Raytheon.
    Date: 2026-01-25T14:29:21Z
    Network: telegram
    Published URL: https://t.me/topsecretdocumentsleaked/226
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/58858e00-61ac-4b94-84c5-52830c58e0f6.png
    Threat Actors: JRINTEL FREE DATA V3
    Victim Country: USA
    Victim Industry: Defense & Space
    Victim Organization: raytheon
    Victim Site: Unknown
56. Alleged unauthorized access to an unidentified building management system in Poland
    Category: Initial Access
    Content: Group claims to have gained unauthorized access to an unidentified building engineering management and monitoring system in Poland. According to the claim, they have access of full remote access and control over the building’s power supply, heating systems, connected equipment, and real-time monitoring interfaces.
    Date: 2026-01-25T14:16:14Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/1005
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a43af83d-a0ea-43ad-9a04-9d924e2f4d15.jpg
    https://d34iuop8pidsy8.cloudfront.net/1ddab71c-e47d-4dd7-937d-e97861883f53.jpg
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Poland
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
57. Alleged data breach of Roblox
    Category: Data Breach
    Content: The threat actor claims to have breached 37 million records from Roblox.
    Date: 2026-01-25T14:14:36Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Roblox-DB-37M
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e32f43c2-1679-4861-88a1-cb503c1f267c.png
    Threat Actors: Jacksparrow1
    Victim Country: USA
    Victim Industry: Gaming
    Victim Organization: rolbox
    Victim Site: roblox.com
58. Alleged data breach of United States Department of War
    Category: Data Breach
    Content: The group claims to have breached the organisations data, allegedly including pdf presentation related to CMMC access control.
    Date: 2026-01-25T14:13:52Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-USA-CONFIDENTIAL-CMMC-Department-of-Defense-Cyber-Security-Briefing
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2410da60-4c58-49c5-a8eb-bc3eb380e042.JPG
    https://d34iuop8pidsy8.cloudfront.net/e93e05f5-2888-49f4-b92d-ffedefe8fc70.JPG
    Threat Actors: jrintel
    Victim Country: USA
    Victim Industry: Defense & Space
    Victim Organization: united states department of war
    Victim Site: war.gov
59. Alleged sale of Cocolis user database
    Category: Data Breach
    Content: Threat actor claims to be selling leaked users data from Cocolis, France, The compromised data reportedly contains 6,769,320 records including first name, last name, telephone, email, address
    Date: 2026-01-25T14:13:03Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274504/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/40faa482-85fc-4581-a226-96705073deec.JPG
    Threat Actors: renn
    Victim Country: France
    Victim Industry: Transportation & Logistics
    Victim Organization: cocolis
    Victim Site: cocolis.fr
60. Team Azrael Angel Of Death targets the website of Odisha Society For Social Audit Accountability and Transparency
    Category: Defacement
    Content: The group claims to have defaced the website of Odisha State Seed and Odisha Society For Social Audit Accountability and Transparency
    Date: 2026-01-25T13:55:12Z
    Network: telegram
    Published URL: https://t.me/anonymous_Cr02x/1273
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cee77bc7-a340-4e40-a986-157a6118fdb6.png
    Threat Actors: Team Azrael Angel Of Death
    Victim Country: India
    Victim Industry: Government Administration
    Victim Organization: odisha society for social audit accountability and transparency
    Victim Site: ossaat.in
61. Şemsioğlu Uşak House Tarhana falls victim to Qilin ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organisations data.
    Date: 2026-01-25T13:37:39Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4130d458-57c6-360d-ac53-d3761708bec1
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dd8cc1c8-1dd6-44c3-9548-556919891a30.JPG
    Threat Actors: Qilin
    Victim Country: Turkey
    Victim Industry: Food & Beverages
    Victim Organization: şemsioğlu uşak house tarhana
    Victim Site: semsioglu.com.tr
62. OKIN GROUP falls victim to Qilin ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-25T13:34:43Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=03b681ac-20f8-3767-8593-3d7478f56a26
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1b95c1ac-015d-4623-95fe-183ad3080c36.png
    Threat Actors: Qilin
    Victim Country: Czech Republic
    Victim Industry: Business and Economic Development
    Victim Organization: okin group
    Victim Site: okin.eu
63. Alleged data leak of Department of Defense
    Category: Data Breach
    Content: The group claims to have leaked Department of Defense CMMC cyber security briefing
    Date: 2026-01-25T13:25:48Z
    Network: telegram
    Published URL: https://t.me/topsecretdocumentsleaked/225
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0225ce02-ef66-40b0-ab8d-9bf73feb2da5.JPG
    Threat Actors: JRINTEL FREE DATA V3
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
64. EXADOS targets the website of Artdec
    Category: Defacement
    Content: The group claims to have defaced the website of Artdec
    Date: 2026-01-25T13:24:28Z
    Network: telegram
    Published URL: https://t.me/EXA_DOS_KH/32
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ccfb8286-cb69-4665-9e4f-da3109c8dd63.JPG
    Threat Actors: EXADOS
    Victim Country: Thailand
    Victim Industry: Manufacturing
    Victim Organization: artdec
    Victim Site: artdec.co.th
65. Alleged unauthorized access to an unidentified energy control system in Ukraine
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to an unidentified energy generation and substation control system located in Ivano-Frankivsk, Ukraine.
    Date: 2026-01-25T12:35:50Z
    Network: telegram
    Published URL: https://t.me/QuietSecOfficial/218
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3936f6a2-9477-49cb-87e0-978417c4d617.png
    https://d34iuop8pidsy8.cloudfront.net/f92987be-30da-49ab-84e2-f3b87e56bdac.png
    Threat Actors: QuietSec
    Victim Country: Ukraine
    Victim Industry: Energy & Utilities
    Victim Organization: Unknown
    Victim Site: Unknown
66. Cytek falls victim to RHYSIDA ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organisations data.
    Date: 2026-01-25T12:35:36Z
    Network: tor
    Published URL: http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4dde3e45-1e91-4bf3-9507-2560a95bb0c3.JPG
    Threat Actors: RHYSIDA
    Victim Country: USA
    Victim Industry: Biotechnology
    Victim Organization: cytek
    Victim Site: cytekbio.com
67. Alleged unauthorized access to BPJS Kesehatan
    Category: Initial Access
    Content: The group claims to have obtained unauthorized access to BPJS Kesehatan.
    Date: 2026-01-25T12:19:22Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/19
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/efd54192-4f2b-416f-9231-b8340a01d02c.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Insurance
    Victim Organization: bpjs kesehatan
    Victim Site: bpjs-kesehatan.go.id
68. Alleged data leak of Kementerian Pendidikan dan Kebudayaan
    Category: Data Breach
    Content: The group claims to have leaked data belonging to an Indonesian public education authority, allegedly exposing records of teachers and education personnel, including identification numbers (NIP), names, school affiliations, and job titles.
    Date: 2026-01-25T11:52:20Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/25
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1dc65ce0-5413-4551-b278-0be56fdeda1d.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: kementerian pendidikan dan kebudayaan
    Victim Site: kemdikbud.go.id
69. Alleged data leak of Televisi Republik Indonesia
    Category: Data Breach
    Content: The group claims to have leaked data belonging to Televisi Republik Indonesia (TVRI).
    Date: 2026-01-25T11:51:24Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/24
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b811961e-aa6f-458e-9635-51f7a4ab1dad.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: televisi republik indonesia
    Victim Site: tvri.go.id
70. Alleged data leak of bumil Indonesia
    Category: Data Breach
    Content: The group claims to have leaked the data of bumil Indonesia
    Date: 2026-01-25T11:42:21Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/22
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7d354898-2429-4153-893e-a0e0a9de98d6.JPG
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
71. Alleged data leak of krs
    Category: Data Breach
    Content: The group claims to have leaked the data of krs
    Date: 2026-01-25T11:36:44Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/23
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9de6b182-902a-4409-9023-f797b4314918.JPG
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
72. Alleged data breach of City Finance
    Category: Data Breach
    Content: The threat actor claims to have breached data belonging to City Finance. The actor alleges unauthorized access to a database containing financial and personal records for over 4,000 cities. According to the leak notification, the compromised data reportedly includes sensitive information such as agent passwords, Aadhaar numbers, mobile contact details, and transaction records.
    Date: 2026-01-25T11:35:24Z
    Network: telegram
    Published URL: https://t.me/WhiteRoseIntel/10
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9db3fc27-f01f-400f-98cc-2f9b09fa4a2d.png
    Threat Actors: whiterose
    Victim Country: India
    Victim Industry: Financial Services
    Victim Organization: city finance
    Victim Site: cityfinance.in
73. Alleged leak of student database in Indonesia
    Category: Data Breach
    Content: The group claims to have leaked student database in Indonesia.
    Date: 2026-01-25T11:15:51Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/21
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2086913a-765b-4a86-9fe8-40aead9bc739.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
74. Alleged data leak of Anemia
    Category: Data Breach
    Content: The group claims to have leaked data of Anemia.
    Date: 2026-01-25T11:10:29Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/20
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7990c964-29cd-43ff-b814-cdd37ff5fb0f.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
75. Alleged data leak of Traffic ticket
    Category: Data Breach
    Content: Alleged data leak of Traffic ticket
    Date: 2026-01-25T10:56:51Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/17
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/90df27df-063a-49a0-b5c1-1dec0b27504f.JPG
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
76. Alleged data breach of Farsight India Wealth Consultants Pvt. Ltd.
    Category: Data Breach
    Content: The group claims to have leaked data from Farsight India Wealth Consultants Pvt. Ltd.
    Date: 2026-01-25T10:38:47Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/365
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/756c56c7-80b3-4fae-af06-4b483971e4a4.png
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: India
    Victim Industry: Financial Services
    Victim Organization: farsight india wealth consultants pvt. ltd.
    Victim Site: farsight.in
77. Alleged leak of Loan Application Data
    Category: Data Breach
    Content: The group claims to have leaked Loan Application Data.
    Date: 2026-01-25T10:33:39Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/15
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/32b9415f-71f7-461c-acbf-4f87aad49464.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
78. Alleged data leak of Penebusan
    Category: Data Breach
    Content: The group claims to have leaked the data of Penebusan
    Date: 2026-01-25T10:26:21Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/16
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/89420698-b7a5-4d6f-9c6a-44a9255489ad.JPG
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
79. Alleged leak of Insurance Application Data
    Category: Data Breach
    Content: The group claims to have leaked Insurance Application Data from Indonesia.
    Date: 2026-01-25T10:25:59Z
    Network: telegram
    Published URL: https://t.me/c/3664625363/14
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/45b47b5d-841b-468a-b495-59211a614a8c.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Insurance
    Victim Organization: Unknown
    Victim Site: Unknown
80. Alleged sale of admin access to unidentified store in UK.
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in UK.
    Date: 2026-01-25T09:28:45Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274501/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/20e37544-c529-41f6-8d9b-8ddd4cd0e0e1.png
    Threat Actors: Reve
    Victim Country: UK
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
81. Alleged data leak of The Hebrew University-Hadassah
    Category: Data Breach
    Content: The group claims to have leaked a database containing information related to the Hebrew University–Hadassah Faculty of Dental Medicine.
    Date: 2026-01-25T07:55:44Z
    Network: telegram
    Published URL: https://t.me/c/3756126996/30
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a402f669-c874-4444-a914-bb264a08edbb.png
    https://d34iuop8pidsy8.cloudfront.net/1fe37c7c-7da6-46ec-9c79-9b5358c635b3.png
    Threat Actors: Cyber His-eyes
    Victim Country: Israel
    Victim Industry: Education
    Victim Organization: the hebrew university-hadassah
    Victim Site: en.dental.huji.ac.il
82. Alleged sale of 1.6Million UK private leads
    Category: Data Breach
    Content: Threat actor claims to be selling 1.6Million UK private leads allegedly collected from advertising campaigns.
    Date: 2026-01-25T06:49:05Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274496/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/229d3b77-004d-48dd-a6ac-741c277c72f4.png
    Threat Actors: betway
    Victim Country: UK
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
83. Alleged sale of credit card records
    Category: Data Breach
    Content: Threat actor claims to be selling 21,000 credit card records from Turkey.
    Date: 2026-01-25T06:18:48Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274495/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cb63980e-aae7-4428-b463-e476739e869b.png
    Threat Actors: daren563
    Victim Country: Turkey
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
84. The Successful Match (MD2B Connect) falls victim to NightSpire Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data.NB: The Successful Match is part of the ecosystem of services owned and operated by MD2B.
    Date: 2026-01-25T06:16:13Z
    Network: tor
    Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/06238478-7ba9-4718-ae7c-430d257b79a0.png
    Threat Actors: NightSpire
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: the successful match (md2b)
    Victim Site: thesuccessfulmatch.com
85. Alleged data breach of EvergreenHedging
    Category: Data Breach
    Content: The threat actor claims to have breached the customer database of EvergreenHedging, data dataset contains customer account and location data, including names, email addresses, and geographic information.
    Date: 2026-01-25T05:41:42Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-Evergreenhedging-com-Database-Leaked
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d3e0e884-9329-4152-b966-a046dc1ecea7.png
    Threat Actors: KaruHunters
    Victim Country: USA
    Victim Industry: Agriculture & Farming
    Victim Organization: evergreenhedging
    Victim Site: evergreenhedging.com
86. Aromate Industries Co., Ltd. falls victim to NightSpire Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 200 GB of the organizations data.
    Date: 2026-01-25T05:29:01Z
    Network: tor
    Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b4bf58b6-286c-43d4-a6ee-a6a7349e7ebc.png
    Threat Actors: NightSpire
    Victim Country: Taiwan
    Victim Industry: Chemical Manufacturing
    Victim Organization: aromate industries co., ltd.
    Victim Site: aromate.com
87. InDoM1nuS Team targets the website of Sabrina Balbino
    Category: Defacement
    Content: The group claims to have defaced the website of Sabrina Balbino
    Date: 2026-01-25T05:28:38Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/64?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d69d2dc6-4f49-432d-961b-21401ea1c4ff.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Brazil
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: sabrina balbino
    Victim Site: sabrinabalbinot.com
88. InDoM1nuS Team targets the website of Minha Bio
    Category: Defacement
    Content: The group claims to have defaced the website of Minha Bio
    Date: 2026-01-25T05:25:11Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/64?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d9ad617c-9c11-4158-82f8-bd5247e78ea5.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Brazil
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: minha bio
    Victim Site: minhabiopro.com.br
89. Lesk Engineers Limited falls victim to NightSpire Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 40 GB of the organizations data.
    Date: 2026-01-25T05:24:45Z
    Network: tor
    Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eb19f430-f9d5-469a-a02a-00c336e7a83d.png
    Threat Actors: NightSpire
    Victim Country: UK
    Victim Industry: Mechanical or Industrial Engineering
    Victim Organization: lesk engineers limited
    Victim Site: leskengineers.co.uk
90. InDoM1nuS Team targets the website of 40 Dias Por Você
    Category: Defacement
    Content: The group claims to have defaced the website of 40 Dias Por Você
    Date: 2026-01-25T05:21:16Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/64?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bc8af2a7-cc36-41ff-8eda-be76cdc5d0f6.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Brazil
    Victim Industry: Religious Institutions
    Victim Organization: 40 dias por você
    Victim Site: 40diasporvoce.com.br
91. InDoM1nuS Team targets the website of Dra. Barbara Sanches
    Category: Defacement
    Content: The group claims to have defaced the website of Dra. Barbara Sanches
    Date: 2026-01-25T05:15:51Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/64?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1d5481ec-fef6-4e44-988e-84b88ee3f9fa.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Brazil
    Victim Industry: Unknown
    Victim Organization: dra. barbara sanches
    Victim Site: drabarbarasanches.com.br
92. Alleged sale of 6000 CC from Multiple Countries
    Category: Data Breach
    Content: Threat actor claims to be selling 6,000 CC/CVV records sourced from multiple countries, including Colombia, the Dominican Republic, Peru, the United States, and others, with an alleged 70–75% valid rate.
    Date: 2026-01-25T05:06:27Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/274489/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b1c19d68-a165-4119-98bc-44479031d0e7.png
    Threat Actors: s4sori
    Victim Country: Colombia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
93. InDoM1nuS Team targets the website of oceuevoce.com.br
    Category: Defacement
    Content: The group claims to have defaced the website of oceuevoce.com.br
    Date: 2026-01-25T04:59:58Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/64?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/946c16a2-ce37-4b2c-9bd3-bb4963fdd256.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Brazil
    Victim Industry: Unknown
    Victim Organization: oceuevoce
    Victim Site: oceuevoce.com.br
94. Alleged Sale of Department of Government Enablement data leak
    Category: Data Breach
    Content: The threat actor claims to be selling Department of Government Enablement data, the dataset includes subdomains that bypass the main Azure SSO wall, including AI infrastructure, admin portals, and legacy systems.
    Date: 2026-01-25T04:51:34Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-WTS-Abu-Dhabi-Gov-DGE-Validated-Recon-AI-Admin-Portals-Fast-Flip
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/803279ef-f62f-40e6-838f-d2acb1eaeaf1.png
    Threat Actors: rSora
    Victim Country: UAE
    Victim Industry: Government Administration
    Victim Organization: department of government enablement (dge)
    Victim Site: dge.gov.ae
95. Alleged sale of Stake betting platform
    Category: Data Breach
    Content: Threat actor claims to be selling 14million customer information from Stake Betting Platform.
    Date: 2026-01-25T04:42:11Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-For-Sale-%C2%A0stake-com%C2%A0Global-Gambling-Customer-Information-Database-Total-14-million
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c8f2a6a4-e92a-4f85-b876-3201e684e05e.png
    https://d34iuop8pidsy8.cloudfront.net/80f74f9b-3016-40a8-97cd-3209386dc5b1.png
    Threat Actors: oubao713
    Victim Country: India
    Victim Industry: Gambling & Casinos
    Victim Organization: stake
    Victim Site: stake.com
96. KICKSTAGE falls victim to NightSpire Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 30 GB of the organizations data and they intend to publish it within 2-3 days.
    Date: 2026-01-25T04:26:59Z
    Network: tor
    Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/14186296-395d-4a75-be5e-fb4b43967645.png
    Threat Actors: NightSpire
    Victim Country: Taiwan
    Victim Industry: Fashion & Apparel
    Victim Organization: kickstage
    Victim Site: kickstage.com.tw
97. Alleged data breach of Axtel
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Axtel. The compromised data reportedly includes telephone number, full name, and full address.
    Date: 2026-01-25T04:22:35Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-Axtel-IZZI-Mexico-Clients-78-450-lines
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ad241b66-b62b-4457-989e-89b1036d2b85.png
    https://d34iuop8pidsy8.cloudfront.net/2da17363-af07-4bb2-b457-157ddb3b0308.png
    Threat Actors: Eternal
    Victim Country: Mexico
    Victim Industry: Network & Telecommunications
    Victim Organization: axtel
    Victim Site: axtelcorp.mx
98. BROTHERHOOD CAPUNG INDONESIA targets the website of King magic
    Category: Defacement
    Content: The group claims to have defaced the website of King magic
    Date: 2026-01-25T04:14:24Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/233082
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/90add0ee-14ad-442f-ad20-f61b3bef3855.png
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: China
    Victim Industry: Manufacturing
    Victim Organization: king magic
    Victim Site: kingmagic.us
99. Alleged leak of login access to Dan Digital
    Category: Initial Access
    Content: The group claims to have leaked login access to Dan Digital
    Date: 2026-01-25T04:07:18Z
    Network: telegram
    Published URL: https://t.me/c/3027611821/357
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/afdb6e91-586f-405a-961e-eb4afb3f1144.png
    Threat Actors: Z-BL4CX-H4T
    Victim Country: Israel
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: dan digital
    Victim Site: dandigital.co.il
100. DimasHxR targets the website of Sanatorium Ozero Medvezhye
     Category: Defacement
     Content: The group claims to have defaced the website of Sanatorium Ozero Medvezhye.
     Date: 2026-01-25T04:01:04Z
     Network: openweb
     Published URL: https://defacer.id/mirror/id/233212
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/5e88aa94-68ec-4db4-a5de-42276e70cd0f.png
     Threat Actors: DimasHxR
     Victim Country: Russia
     Victim Industry: Health & Fitness
     Victim Organization: sanatorium ozero medvezhye
     Victim Site: ozero-medvejie.ru
101. Alleged data leak of Call Lade
     Category: Data Breach
     Content: Threat actor claims to have leaked data from Call Lade Enterprises Pte Ltd. The compromised data reportedly includes usernames, full names, passwords, user type, date of birth, full ic, and job id.
     Date: 2026-01-25T03:46:13Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Source-Code-Calllade-com-Data-Beach-Leaked
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/27ab6b6b-8023-4d57-ab05-2834e9d4b44c.png
     Threat Actors: KaruHunters
     Victim Country: Singapore
     Victim Industry: Transportation & Logistics
     Victim Organization: call lade enterprises pte ltd
     Victim Site: calllade.com
102. Alleged data leak of lifetour.com.tw
     Category: Data Breach
     Content: Threat actor claims to have leaked 23GB of data from lifetour.com.tw. The compromised data reportedly includes name, ID card, home address, mobile number, flight ticket information, and passport photo.
     Date: 2026-01-25T03:37:59Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Data-from-lifetour-com-tw-Taiwan
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7a1b0784-0489-41e1-8537-e192ef2537c6.png
     Threat Actors: fuck_tommyJ
     Victim Country: Taiwan
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: lifetour.com.tw
103. Alleged data breach of NTC Group
     Category: Data Breach
     Content: The group claims to have breached data of NTC Group
     Date: 2026-01-25T00:08:30Z
     Network: telegram
     Published URL: https://t.me/thaiisgodalert/315?single
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/d86c0c1f-1c47-402c-b17c-c201807bf7c2.png
     https://d34iuop8pidsy8.cloudfront.net/a280bad5-8b8b-4df0-a567-788e2e7ec9cb.png
     Threat Actors: thai is god
     Victim Country: Cambodia
     Victim Industry: Education
     Victim Organization: ntc group
     Victim Site: ntcgroup.com.kh