I. Incident Landscape Overview
The reporting period witnessed 69 distinct cybersecurity events across a diverse range of industries and geographies. The activities can be categorized as follows:+2
- Data Breaches: The most prevalent threat, accounting for a significant majority of incidents. High-profile targets include Bumble Inc. (30 GB leaked), Facebook (502 million user records), and Instagram (17 million records).+4
- Initial Access & Unauthorized Entry: Threat actors frequently targeted WordPress administrator credentials and Industrial Control Systems (ICS). Notable ICS breaches occurred in the Czech Republic (water and manufacturing) and Romania (air quality systems).+4
- Malware Proliferation: Significant leaks included the source code for SantaStealer and the sale of STARKILLER DEFINITIVE EDITION, an advanced phishing framework.+1
- Defacements: Activist and hacking groups targeted smaller organizational sites in the Philippines, Thailand, and India.+2
II. Significant High-Impact Breaches
| Victim Organization | Industry | Data Impact | Threat Actor |
| Social Media | 502,975,653 user records +2 | sfdfkkkfkfd | |
| Social Media | 17,000,000 user records +2 | eggeayy | |
| Bumble Inc. | Software Dev | 30 GB of internal docs & Slack logs | ShinyHunters |
| Le Point | Journalism | 966,999 lines of sensitive user data | near |
| Réseau | IT Services | 24,000 unique emails; 65,000 phone numbers +1 | Sorb |
III. Threat Actor Spotlight
The report identifies several persistent threat groups:
- Infrastructure Destruction Squad: Specialized in gaining unauthorized access to critical infrastructure and production systems, particularly in Eastern Europe and the USA.+4
- Neffex The BlackHat: Focused on credential harvesting, specifically targeting WordPress administrator logins across various international domains.+1
- CoinbaseCartel: Primarily active on the Tor network, claiming breaches of significant entities like Clatronic International and Pacific Airlines.+1
IV. Geographic and Industry Distribution
Top Affected Countries:
- USA: Multiple breaches including high-tech social media and government-related entities.+4
- France: Targeted attacks on media (Le Point) and IT services (Réseau).+1
- Czech Republic: Heavy focus on industrial and utility infrastructure.+3
- Nigeria: Breaches involving government agencies (FAAN) and e-commerce.+2
Targeted Industries: The most frequently targeted sectors include Social Media, Government & Public Sector, Information Technology, and Critical Infrastructure (Utilities/Manufacturing).+4
V. Emerging Malware Trends
Two critical developments in the malware ecosystem were noted:
- SantaStealer Source Code Leak: The developer leaked the full code due to a payment dispute. This code includes anti-VM capabilities and browser credential harvesting modules.
- Anti-EDR Services: Threat actors are now openly selling “Anti-EDR Crypt” services designed to obfuscate shellcode and bypass modern endpoint detection systems using polymorphic techniques.+1
VI. Conclusion
The data from January 28, 2026, illustrates a professionalized cybercrime economy. Large-scale data breaches remain the primary tool for mass credential theft, while more specialized groups focus on industrial sabotage and the sale of high-level administrative access. The leak of advanced malware source code and anti-EDR tools suggests a coming wave of more sophisticated, harder-to-detect attacks. Organizations should prioritize securing administrative credentials, auditing ICS/SCADA systems, and monitoring for internal document leaks on dark web forums.+4
Detected Incidents Draft Data
- Alleged leak of WordPress admin credentials to Kollysub Malay
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Kollysub Malay
Date: 2026-01-28T23:59:20Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/161
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/271eada2-ec31-4369-97b9-a972d90d96d4.png
Threat Actors: Neffex THe BlackHat
Victim Country: Malaysia
Victim Industry: Entertainment & Movie Production
Victim Organization: kollysub malay
Victim Site: tamilsubmalay.com - Alleged leak of WordPress admin credentials to DHB Tools
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials of DHB Tools
Date: 2026-01-28T23:58:25Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/162
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7d08d6d-daef-4257-b4cc-698542972faa.png
Threat Actors: Neffex THe BlackHat
Victim Country: Vietnam
Victim Industry: Information Technology (IT) Services
Victim Organization: dhb tools
Victim Site: dhbtools.com - Alleged Data Breach of Clatronic International
Category: Data Breach
Content: Threat Actor claims to have breached the database of Clatronic International in Germany. The company reportedly specializes in importing and distributing small kitchen appliances, large household appliances, and personal care devices.
Date: 2026-01-28T22:50:57Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/clatronic
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00001c6d-42c6-429a-ad18-62ff680e6662.png
Threat Actors: CoinbaseCartel
Victim Country: Germany
Victim Industry: Consumer Electronics
Victim Organization: clatronic international
Victim Site: clatronic.de - Alleged leak of WordPress admin credentials to bashgah20.ir
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with bashgah20.ir
Date: 2026-01-28T22:45:18Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b4506c9-049c-4813-a119-6b9f85d619cf.png
https://d34iuop8pidsy8.cloudfront.net/4940997f-2fdd-408b-a28b-a17064997b73.png
Threat Actors: Neffex THe BlackHat
Victim Country: Iran
Victim Industry: Financial Services
Victim Organization: bashgah20.ir
Victim Site: bashgah20.ir - Alleged data breach of Réseau
Category: Data Breach
Content: The threat actor claims to have exfiltrated the full database of reseau.site.The dataset allegedly contains over 24,000 unique email addresses, 65,000 phone numbers, and full physical addresses.
Date: 2026-01-28T22:00:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-France-reseau-site-73-000-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef3a0ea0-8a27-4fe4-be6c-3b2751786d35.png
https://d34iuop8pidsy8.cloudfront.net/d8b2a98e-1fe3-45b7-87b9-ddbb12fe05c9.png
Threat Actors: Sorb
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: réseau
Victim Site: reseau.site - Alleged leak of data from Iran
Category: Data Breach
Content: The group claims to have leaked Iranian data
Date: 2026-01-28T21:45:40Z
Network: telegram
Published URL: https://t.me/shadow_cyber/209
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8ecc005-2f3c-4a6e-9a4f-fdbf99533d01.jpg
Threat Actors: Shadow SEC
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Bumble Inc.
Category: Data Breach
Content: The group claims to have leaked 30 GB of the organizations data. The Compromised data includes thousands of restricted and confidential internal Bumble documents, primarily sourced from Google Drive and Slack.
Date: 2026-01-28T21:42:36Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b60f87d-5e23-4c73-a8c8-88edbd37a91f.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Software Development
Victim Organization: bumble inc.
Victim Site: bumble.com - Alleged data leak of Government of Japan
Category: Data Breach
Content: The threat actor claims to have obtained documents proving corruption and secret loyalty within the highest levels of the Japanese government.
Date: 2026-01-28T21:04:39Z
Network: openweb
Published URL: https://darkforums.io/Thread-Document-The-Japanese-PM-is-loyal-to-a-cult
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7152850-cbda-4a88-b05a-54cf11f845bd.png
Threat Actors: Shameless
Victim Country: Japan
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Le Point
Category: Data Breach
Content: The threat actor near claims to have leaked the database of LePoint. the database contains 966,999 lines of data.The leak data allegedly contains sensitive user and subscriber informations.
Date: 2026-01-28T21:03:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-LEPOINT-FR-966K-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e87dc9f-7bad-4eb1-82c0-cf283a7c30a9.png
https://d34iuop8pidsy8.cloudfront.net/3945d4fd-3050-440d-b833-37a242074971.png
Threat Actors: near
Victim Country: France
Victim Industry: Newspapers & Journalism
Victim Organization: le point
Victim Site: lepoint.fr - Alleged sale of STARKILLER DEFINITIVE EDITION
Category: Malware
Content: The threat actor claims to have released the STARKILLER DEFINITIVE EDITION 2026, an advanced phishing framework designed for high-fidelity credential theft and session hijacking. The allegedly include ,Real Browser Rendering ,Session Hijacking,Live Monitoring,Credential Capture,Operational Infrastructure,Payment & Deployment,API ENDPOINTS
Date: 2026-01-28T20:39:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-STARKILLER-DEFINITIVE-EDITION-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd8417ca-c5fd-45af-b0c5-c238a17bb4a7.png
https://d34iuop8pidsy8.cloudfront.net/5afe4531-0f5b-4036-a8d3-8e615498ce59.png
Threat Actors: jinkusu01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to Triple T Broadband Public Company Limited
Category: Initial Access
Content: The group claims to have exploited an exposed IP address on the organization’s network and used it to compromise the system belonging to Triple T Broadband Public Company Limited.
Date: 2026-01-28T20:18:36Z
Network: telegram
Published URL: https://t.me/crewcyber/611
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a39fa937-7c25-49d6-b780-99ee23b377df.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Thailand
Victim Industry: Network & Telecommunications
Victim Organization: triple t broadband public company limited
Victim Site: fiber3.3bb.co.th - Alleged data breach of Loozap
Category: Data Breach
Content: Threat Actor claims to have breached the database of Loozap in Nigeria. The allegedly exposed dataset is approximately 34,000 users which includes User IDs and full names,Email addresses,Password hashes,Physical locations,IP addresses,Profile metadata.
Date: 2026-01-28T20:08:48Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-loozap-com-34k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0385fa81-37fc-460d-8c79-f9c46a50f9d6.png
Threat Actors: zimablue
Victim Country: Nigeria
Victim Industry: E-commerce & Online Stores
Victim Organization: loozap
Victim Site: loozap.com - Alleged data breach of WeStart India
Category: Data Breach
Content: The group claims to have breached the database of WeStart India. The data is provided in SQL format with a compressed size of approximately 1.04 GB (1.61 GB uncompressed) and reportedly includes vehicle-related documents, database records, and associated images,
Date: 2026-01-28T19:57:50Z
Network: telegram
Published URL: https://t.me/c/2987402422/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc92b7d7-8984-4dad-9083-8283533dc496.jpg
Threat Actors: Petrusnism
Victim Country: India
Victim Industry: Environmental Services
Victim Organization: westart india
Victim Site: westartindia.com - Alleged Sale of Anti-EDR Crypt Service
Category: Malware
Content: Threat Actor claims to be selling an anti-EDR crypt service designed to obfuscate shellcode, EXE, and DLL payloads to evade antivirus and endpoint detection systems. The service reportedly supports multiple formats, including ShellCode, EXE, and DLL, with output provided as either EXE or DLL files. It allegedly uses polymorphic techniques at each build stage to generate unique payloads and includes a cryptography workflow intended to bypass AV/EDR protections.
Date: 2026-01-28T19:18:02Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274733/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbeeab0a-feef-4ca4-b46c-7cd3bf0062b0.png
Threat Actors: 0zero
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Nullsec Philippines targets the website of Idealight Electrical Innovation Center
Category: Defacement
Content: The group claims to have defaced the website of Idealight Electrical Innovation Center
Date: 2026-01-28T18:52:14Z
Network: telegram
Published URL: https://t.me/nullsechackers/802
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75164886-2e8b-451b-a000-cf9d888be301.jpg
Threat Actors: Nullsec Philippines
Victim Country: Philippines
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: idealight electrical innovation center
Victim Site: db.idealight.com.ph - Alleged data leak of Binance UK leads
Category: Data Breach
Content: The threat actor sale of UK-based marketing leads labeled as “Binance UK leads.” The seller claims the dataset contains approximately 50,000 records, include with ,First name,Last name,Email address
Date: 2026-01-28T18:44:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-binance-UK-leads
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2cc24a99-7570-448a-bac3-731fcfddcb93.png
Threat Actors: kaareds
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Cellcom Israel
Category: Data Breach
Content: The grouip claims to have breached the database and exposed data that reportedly includes records linked to Israeli institutions and security-related entities, as well as phone numbers of approximately 10,000 Israeli citizens, claimed to be active.
Date: 2026-01-28T17:39:59Z
Network: telegram
Published URL: https://t.me/shadow_cyber/194?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4ceedaa7-c045-4205-8995-1ddba330b30a.jpg
Threat Actors: Shadow SEC
Victim Country: Israel
Victim Industry: Network & Telecommunications
Victim Organization: cellcom israel
Victim Site: cellcom.co.il - Alleged unauthorized access to the Financial Intelligence Agency (FIA) of Botswana
Category: Initial Access
Content: The group claims to have gained unauthorized access to an internal system of the Financial Intelligence Agency (FIA) of Botswana. The actor claims the access point is located in Francistown and asserts that it enables reconnaissance of internal infrastructure and potential visibility into financial‑activity data.
Date: 2026-01-28T17:13:11Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3516
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/228af700-4aaa-46c9-853d-69992fb3f704.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Botswana
Victim Industry: Security & Investigations
Victim Organization: financial intelligence agency (fia)
Victim Site: fia.org.bw - Alleged data breach of Netflix, Inc.
Category: Data Breach
Content: The threat actor claims to have sale of Netflix accounts in both bulk and non-bulk quantities. The seller claims to have been operating since 2018, targeting resellers with discounted pricing.
Date: 2026-01-28T16:42:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Netflix-Bulk-Hits-For-Resellers-Cheap-Since-2018
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af3bbdd3-1787-402d-b625-a89134196ece.png
Threat Actors: Pampersz
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: netflix, inc.
Victim Site: netflix.com - Alleged data breach of EPTB Pertamina
Category: Data Breach
Content: The threat actor claims to be selling or releasing a dumped database allegedly belonging to EPTB Pertamina Indonesia. The data include multiple CSV files, suggesting exposure of internal or user-related data,
Date: 2026-01-28T16:40:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DATABASE-EPTB-PERTAMINA-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfc3a224-a6ab-4cfc-88c1-b1eb89e74d1c.png
Threat Actors: MrLolzzz
Victim Country: Indonesia
Victim Industry: Oil & Gas
Victim Organization: eptb pertamina
Victim Site: ep.pertamina.com - Alleged data breach of Federal Airports Authority of Nigeria (FAAN)
Category: Data Breach
Content: Threat actor claims to have obtained personal data belonging to 65 staff members of the Federal Airports Authority of Nigeria (FAAN). The exposed data allegedly includes employee email addresses, first and last names, phone numbers, job roles, and assigned airport locations.
Date: 2026-01-28T16:16:11Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FAAN-65-Staff-members
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8657ad1e-2517-4824-9e07-1f8be34765b1.png
Threat Actors: hhhhhhhhhd
Victim Country: Nigeria
Victim Industry: Government & Public Sector
Victim Organization: federal airports authority of nigeria (faan)
Victim Site: faan.gov.ng - Alleged data breach of Pacific Airlines
Category: Data Breach
Content: The group claims to have breached the organizations data.
Date: 2026-01-28T15:45:19Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/pacific
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/46096ca7-55e8-4227-a0f7-2cb57eec6001.png
Threat Actors: CoinbaseCartel
Victim Country: Vietnam
Victim Industry: Airlines & Aviation
Victim Organization: pacific airlines
Victim Site: pacificairlines.com - Alleged data breach of RemoteCOM
Category: Data Breach
Content: Threat actor claims to have obtained RemoteCOM internal databases related to its electronic monitoring platform. The leaked data allegedly includes training materials and multiple databases containing law enforcement officer, employee, and client information, such as full names, email addresses, phone numbers, physical addresses, and monitored device data.
Date: 2026-01-28T15:38:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-US-Law-Enforcment-RemoteCOM-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6eb05b66-33d3-45a8-b881-23a0fdda0eb4.png
Threat Actors: w1kkid
Victim Country: USA
Victim Industry: Law Enforcement
Victim Organization: remotecom
Victim Site: remotecom.com - Alleged data breach of RAKS Sp. z o.o.
Category: Data Breach
Content: The group claims to have breached the organizations data.
Date: 2026-01-28T15:37:26Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/raks
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a16a3490-4be1-4d03-af14-f0aa61f117ad.png
Threat Actors: CoinbaseCartel
Victim Country: Poland
Victim Industry: Software Development
Victim Organization: raks sp. z o.o.
Victim Site: raks.pl - Alleged data leak of 2019 Facebook database
Category: Data Breach
Content: The threat actor claims to have leaked the 2019 Facebook dataset, containing approximately 502,975,653 user records. The exposed information allegedly includes sensitive user details ,Phone numbers,Facebook user IDs,First and last names,Gender,Location and hometown,Profile URLs,Email addresses,Relationship status,Occupation and university information,Birthdate and graduation year,Additional metadata
Date: 2026-01-28T15:22:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Facebook-2019-finally-properly-parsed-502-975-653
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a61c339-fa44-4595-bbd2-fdf66bf0c762.png
https://d34iuop8pidsy8.cloudfront.net/3784e0fd-abe2-4517-aa6e-41eefd8c1122.png
https://d34iuop8pidsy8.cloudfront.net/7763fc1a-d3d8-4f32-bf8d-a1e058d0202d.png
Threat Actors: sfdfkkkfkfd
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: facebook
Victim Site: facebook.com - EXADOS targets the website of Social Telecare Platform
Category: Defacement
Content: The group claims to have defaced the website of Social Telecare Platform.
Date: 2026-01-28T14:50:58Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/90
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63e7d53f-da1a-4d73-b9bf-dd15149c4008.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Hospital & Health Care
Victim Organization: social telecare platform
Victim Site: sc.pcu.in.th - Alleged Data Breach of Instagram
Category: Data Breach
Content: The treat actor claims to have leaked a database containing 17 million records allegedly stolen from Instagram in January 2026. The actor asserts that the data is organized in JSON format and includes sensitive user details such as email addresses, usernames, display names, and phone numbers.
Date: 2026-01-28T14:47:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Instagram-17M-data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f47a7fa8-210d-4669-bcfc-67fb0db20bcb.jpg
Threat Actors: eggeayy
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: instagram, llc
Victim Site: instagram.com - Alleged Leak of SantaStealer Malware Source Code
Category: Malware
Content: The threat actor claims to be the original developer of the SantaStealer infostealer and has purportedly leaked the full source code due to a payment dispute with the projects current distributors. The leak includes sensitive components such as antivm.c for sandbox evasion and chromeelevator.dll, which suggests a focus on harvesting credentials from web browsers. The actor disparages the quality of the software, alleging it was largely vibecoded using AI and copy-pasted from public repositories despite its high subscription cost. This exposure potentially allows security researchers to develop better detections while simultaneously lowering the barrier for other criminals to deploy the malware.
Date: 2026-01-28T14:29:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOURCE-CODE-SantaStealer-SOURCE-CODE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9427d5e7-d342-4d21-b30b-36c6b9753dd2.jpg
Threat Actors: SantaStealerIsIdiot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to an unidentified manufacturing company in Czech Republic
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to a system of the mySCADA company in the Czech Republic, The compromised system reportedly provides bottling and filling, including filling, capping, and packaging. At the same time, it displays weekly and annual production data.
Date: 2026-01-28T14:24:00Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3511
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43a3977d-649c-486f-953f-7f541f91bece.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of admin access to an unidentified food delivery app in Hungary
Category: Initial Access
Content: The threat actor claims to be selling admin access to a food delivery application in Hungary.
Date: 2026-01-28T14:19:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274714/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8495f9e5-b6cd-401f-a062-f78352835b1c.png
Threat Actors: duffyduck11
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HellR00ters Team targets the website of Tony Wilson Boxing Academy
Category: Defacement
Content: The group claims to have defaced the website of Tony Wilson Boxing Academy.
Date: 2026-01-28T14:18:16Z
Network: telegram
Published URL: https://t.me/c/2758066065/925
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d264cd5-325c-4c39-ae51-58397b83a857.jpg
Threat Actors: HellR00ters Team
Victim Country: UK
Victim Industry: Sports
Victim Organization: tony wilson boxing academy
Victim Site: tonywilsonboxing.com - Alleged data breach of AVIS
Category: Data Breach
Content: The group claims to have breached the organisations data.
Date: 2026-01-28T14:08:30Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/91
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b638b5f-1e85-4abc-ab96-61cf92c2e8bf.JPG
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Consumer Services
Victim Organization: avis
Victim Site: avisthailand.com - Alleged unauthorized access to a water recycling system in Czech Republic
Category: Initial Access
Content: The group claims to have gained unauthorized access to the water recycling system Recyklační linka Havířov, located in Havířov, Czech Republic.
Date: 2026-01-28T14:06:03Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3510
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ce60fd7-4e89-4faa-8eac-eed81cd60466.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to an unidentified water management system in Czech Republic
Category: Initial Access
Content: Group claims to have gained unauthorized access to an unidentified access to an unidentified heating and hot water management system in Czech Republic.
Date: 2026-01-28T13:55:44Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3509
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6eaad41d-adc7-410a-a46b-98a22a27c10a.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of FirstEditing
Category: Data Breach
Content: The threat actor claims to have breached database of FirstEditing.
Date: 2026-01-28T13:40:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-Source-Code-First-Editing-com-Data-Breach-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6656557-e651-41d2-b870-67f60c314f1f.png
Threat Actors: KaruHunters
Victim Country: USA
Victim Industry: Writing & Editing
Victim Organization: firstediting
Victim Site: firstediting.com - Alleged data breach of MG MOTOR
Category: Data Breach
Content: The threat actor claims to have breached the organisations data, allegedly including Entire Dealer network with VIN Number, Dealer Names, Key Wave Code, Car Model , Reg Number etc
Date: 2026-01-28T13:11:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-MG-Motors-I
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eeffb795-af66-4fc8-b075-5f3ed3b565bf.JPG
Threat Actors: anfeng10
Victim Country: UK
Victim Industry: Automotive
Victim Organization: mg motor
Victim Site: mg.co.uk - Alleged sale of 175K Belgium Private leads
Category: Initial Access
Content: Threat actor claims to be selling a dataset of 175,000 private Belgium-based leads allegedly collected from advertising campaigns. The data reportedly includes client name, phone and mobile numbers, personal email addresses, and country information.
Date: 2026-01-28T13:09:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274706/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4ad6a0e-d440-4546-9b38-20420ed77fb8.png
Threat Actors: betway
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Unauthorized Access to Bueno Technology Co., Ltd in Romania
Category: Initial Access
Content: The group claims to have gained alleged unauthorized to Bueno Technology Co., Ltd in Romania, The compromised system reportedly provides comprehensive control of indoor air quality, including air extraction, purification, processing, and delivery to indoor spaces. It can monitor and operate fans, supply and return air filters, mixing valves, compressors, heaters, and water pumps.
Date: 2026-01-28T13:07:19Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3506
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b32d8a1-6d1f-4f8a-8969-6c5e27cdc32e.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: Romania
Victim Industry: Consumer Goods
Victim Organization: bueno technology co., ltd.
Victim Site: Unknown - Alleged leak of login credentials from Hilan
Category: Initial Access
Content: Threat actor claims to have leaked login credentials from Hilan.
Date: 2026-01-28T12:50:53Z
Network: telegram
Published URL: https://t.me/c/2451084701/512709
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b440996-9437-4f36-90bd-abd66dc5e183.png
Threat Actors: Buscador
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: hilan
Victim Site: hilan.co.il - Alleged Sale of Unauthorized Admin Access to a WordPress Shop
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access to a WordPress shop.
Date: 2026-01-28T12:50:45Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274707/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/650fd8fd-f6c1-40e9-834c-3f0d1406fa68.png
Threat Actors: ParanoiaDe
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Unauthorised Access to an unidentified production line of brewery in France
Category: Initial Access
Content: The group claims to have gained alleged unauthorized Access to an unidentified production line of a French brewery that produces New England IPA, The compromised system reportedly provides control and operating all production processes, from washing and disinfecting bottles to checking whether the bottles are intact, to filling beer according to the specified quantity, sealing, labeling, and finally checking the quality of the final products and the number of qualified and unqualified products.
Date: 2026-01-28T12:49:48Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3508
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3ddbfbf-072b-43a6-8e52-273551ff4abe.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Chinese Government Data
Category: Data Breach
Content: The threat actor claims to be selling Chinese government data.
Date: 2026-01-28T12:39:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Chinese-Government-Data-ID-1125
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/98b60450-a849-48e5-b1f8-efdac15d981e.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Prestashop redirect to an unidentified organization
Category: Initial Access
Content: A threat actor claims to be selling administrative access to a PrestaShop instance in Italy, enabling a redirect to an unidentified organization.
Date: 2026-01-28T12:32:29Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274701/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/174c99b1-5e7b-4fd3-b1d5-4d675a4af990.png
Threat Actors: ActWater
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to personal system in usa
Category: Initial Access
Content: The group claims to have gained unauthorized access to an persons system in the United States and encrypted the entire system.
Date: 2026-01-28T12:09:07Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3503
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1334c1c7-cadb-494f-9124-369ef46ff897.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to an unidentified boiler system in Lithuania
Category: Initial Access
Content: Group claims to have gained unauthorized access to an unidentified boiler automation system in Lithuania. According to the claim, they have access of control settings for fuel supply, pumps, and temperature using PID controllers.
Date: 2026-01-28T11:49:48Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1020
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33b206a2-f377-419e-aeff-ecdada079aa1.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to an unidentified wordpress shop in Israel
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Israel.
Date: 2026-01-28T11:40:56Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274701/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/928ccf90-13c2-4986-8923-28c644759e53.png
Threat Actors: TreeWater
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of data from unidentified towing and roadside assistance provider in USA
Category: Data Breach
Content: A threat actor claims to have leaked 533,000 records from a U.S.-based towing and roadside assistance provider. The compromised data reportedly includes names, phone numbers, vehicle year, make, model, and additional information.
Date: 2026-01-28T11:11:58Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274696/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c3c0a1a-9204-46d0-8e7f-f0a9dac5bbe0.png
Threat Actors: GeeksforGeeks
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Reskate RP
Category: Data Breach
Content: The threat actor claims to have breached data from Reskate RP, allegedly containing server files, web PCU data, player databases, and payment logs.
Date: 2026-01-28T09:11:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FiveM-Server-Reskate-Roleplay-Server-Files-Web-PCU-Player-DB-Payment-Logs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd7ad14c-3e6f-4fd2-9147-996820016746.png
https://d34iuop8pidsy8.cloudfront.net/b087562c-cef9-445f-823e-9918ec3abd05.png
Threat Actors: ByteHunter
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: reskate rp
Victim Site: reskaterp.com - Alleged leak of Singaporean online customer data
Category: Data Breach
Content: The threat actor claims to have leaked a dataset allegedly containing Singaporean online customer records collected through a dine-in food service CRM.
Date: 2026-01-28T09:04:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-Giveaway-Singaporean-Online-Customer-Captured-on-eating-sit-out-CRM
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63b912fa-4708-4933-b5a4-a90fdc0ab0e6.png
Threat Actors: RonyKingSourcingINC
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Russian Legion claims to target Denmark Government
Category: Alert
Content: A recent post by the group indicates that theyre targeting government systems, the financial sector, energy and logistics in Denmark.
Date: 2026-01-28T08:40:17Z
Network: telegram
Published URL: https://t.me/ruLegionn/6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93011302-62a7-42e1-bfe3-b8e796443858.jpg
https://d34iuop8pidsy8.cloudfront.net/cf4cb90c-e7a2-437a-9748-ed71f0119c82.jpg
Threat Actors: Russian Legion
Victim Country: Denmark
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of TechJobs
Category: Data Breach
Content: The threat actor claims to have breached the database of TechJobs, The exposed dataset reportedly includes company profile records as well as active job applicant data.
Date: 2026-01-28T07:22:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-techjobs-ca
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/315dce0a-e136-4b66-80f4-e7f003cf7d76.png
Threat Actors: p0ppin
Victim Country: Canada
Victim Industry: Staffing/Recruiting
Victim Organization: techjobs
Victim Site: techjobs.ca - Alleged Data breach of Kementerian Agama RI
Category: Data Breach
Content: The threat actor claims to have breached Kementerian Agama RI.
Date: 2026-01-28T07:22:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DATABASE-KEMENTRIAN-AGAMA-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a28ccef1-082a-4709-830b-0451481953f9.png
Threat Actors: MrLolzzz
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kementerian agama republik indonesia
Victim Site: kemenag.go.id - NXBB.SEC targets the website of APK Scientific Co., Ltd
Category: Defacement
Content: The group claims to have defaced the website of APK Scientific Co., Ltd
Date: 2026-01-28T07:00:17Z
Network: telegram
Published URL: https://t.me/nxbbsec/4908
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35725d83-89a9-4236-a67c-a279736292e7.JPG
Threat Actors: NXBB.SEC
Victim Country: Thailand
Victim Industry: Medical Equipment Manufacturing
Victim Organization: apk scientific co., ltd
Victim Site: apkscientific.co.th - Alleged Data Breach of Resist.Mobi
Category: Data Breach
Content: The threat actor claims to have breached the Resist.Mobi database, the dataset includes personal identifiers, online usernames, and activity-related records connected to protest and reporting activity.
Date: 2026-01-28T06:16:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-Resist-Mobi-I-C-E-Protest-Website
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc9d0e5f-9421-46a2-b4e1-4621f4ac276c.png
Threat Actors: Sythe
Victim Country: USA
Victim Industry: Political Organization
Victim Organization: resist.mobi
Victim Site: resist.mobi - TEAM MR PLAX targets the website of Sri Nandi Coir
Category: Defacement
Content: The group claims to have defaced the website of Sri Nandi Coir
Date: 2026-01-28T05:41:42Z
Network: telegram
Published URL: https://t.me/mrplaxx/39
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a581d080-cdbd-4733-a7f1-d25a23d1fdad.png
Threat Actors: TEAM MR PLAX
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: sri nandi coir
Victim Site: nandicoirs.in - Alleged data leak of crypto database
Category: Data Breach
Content: Threat actor claims to have leaked the database of crypto.com. The compromised data reportedly includes email, firstname, lastname, phone number, country, and source.
Date: 2026-01-28T05:21:43Z
Network: openweb
Published URL: https://leakbase.la/threads/crypto-com-db.48566/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ef5ba0d-ce0d-4d59-a072-bafe0a177ce6.png
Threat Actors: gotham321
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of IIT Guwahati
Category: Data Breach
Content: The group claims to have leaked data of IIT Guwahati.
Date: 2026-01-28T05:10:59Z
Network: telegram
Published URL: https://t.me/maul1337anon/715
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6d0f097-2fd7-4493-95db-74b1d143f6ff.png
Threat Actors: maul1337
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: iit guwahati
Victim Site: iitg.ac.in - Alleged sale of German coinbase and webmail leads
Category: Data Breach
Content: Treat actor claims to have leaked German-based leads allegedly tied to Coinbase, Web.de, and GMX.de accounts, likely intended for spam, phishing, or account takeover campaigns.
Date: 2026-01-28T04:47:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274636/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/053e85c6-7ffa-489e-b707-4edd10b96408.png
Threat Actors: blueshock
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Portail Emploi
Category: Data Breach
Content: Threat actor claims to have leaked 560,746 record of data from Portail Emploi.
Date: 2026-01-28T04:32:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-Portail-Emploi-560k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3da80b1a-7341-4ca7-879c-bd2688c7ddb7.png
Threat Actors: iloveemogirls
Victim Country: France
Victim Industry: Staffing/Recruiting
Victim Organization: portail emploi
Victim Site: portailemploi.fr - Alleged sale of Italian identity documents with video selfies
Category: Data Breach
Content: Treat actor claims to be selling Italian identity document kits—including passports, IDs, driver’s licenses, and video selfies—marketed for use in banks, exchanges, and KYC verification.
Date: 2026-01-28T04:25:18Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274626/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd839a02-9d8e-48f3-9855-d9a6e3ee9974.png
https://d34iuop8pidsy8.cloudfront.net/93f067b9-0191-49d0-bfd8-ba7d80df8128.png
Threat Actors: EMPIRE_TEAM
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of mail access to unidentified organization in Poland
Category: Initial Access
Content: The threat actor japco is seeking to purchase unauthorized email access credentials associated with Polish (.pl) domains. The listing requests mail:pass combinations covering all .pl domains and emphasizes interest in long-term cooperation.
Date: 2026-01-28T04:16:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274683/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4e7f50d-6c1a-4070-9567-e29d5eda1b0f.png
Threat Actors: japco
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of BLTools v2.7.2 Multi-Platform Account Checker Tool
Category: Malware
Content: Threat actor advertises BLTools v2.7.2, a multi-service account checker designed to validate stolen cookies, credentials, and account access across numerous online platforms. The tool is presented as an all-in-one solution for large-scale account auditing and verification.
Date: 2026-01-28T04:09:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Leak-BLTools-v2-7-2-%E2%80%93-Advanced-Multi-Platform-Account-Checker-Tool
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85ee2a7e-6c63-4166-8613-4f6f35104f61.png
https://d34iuop8pidsy8.cloudfront.net/fa563f58-80cd-4c28-9ddb-9a3d1092c7c4.png
https://d34iuop8pidsy8.cloudfront.net/fa71c780-bcc2-4adb-ba0c-41a9d9da68a0.png
https://d34iuop8pidsy8.cloudfront.net/8efb788e-b647-473e-9ac1-0cb5f52708fa.png
Threat Actors: rippors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged access to Verizon Business
Category: Initial Access
Content: The group claims to have gained access to Verizon Business
Date: 2026-01-28T04:05:58Z
Network: telegram
Published URL: https://t.me/crewcyber/608
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ea038ab-c084-4daa-91b3-33925b2fe416.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: USA
Victim Industry: Network & Telecommunications
Victim Organization: verizon business
Victim Site: verizon.com - Alleged Sale of Financial Records from unidentified Catering Chains
Category: Data Breach
Content: Threat actor claims to be selling detailed financial and internal data from large catering chains, covering entire restaurant networks and including employee records, invoices, revenues, expenses, KPIs, supplier details, and consolidated financial reports.
Date: 2026-01-28T04:02:58Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274681/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1def9af-4733-45f2-ad52-e14c48ffdef3.png
Threat Actors: remotedesktop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to the website of National Automotive Design and Development Council
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of National Automotive Design and Development Council
Date: 2026-01-28T02:52:38Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/686
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/032dc156-c896-4695-929e-9c6550968033.png
Threat Actors: Pharaohs Team Channel
Victim Country: Nigeria
Victim Industry: Automotive
Victim Organization: national automotive design and development council
Victim Site: cng.naddc.gov.ng - Alleged Data Breach of LePoint
Category: Data Breach
Content: The threat actor claims to have breached the Lepoint database, the dataset contains approximately 50,393 rows with a total size of ~12 MB.
Date: 2026-01-28T02:50:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-lepoint-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac56a972-14ca-4eaa-9c87-4f3003575715.png
Threat Actors: oef50655
Victim Country: France
Victim Industry: Online Publishing
Victim Organization: lepoint
Victim Site: lepoint.fr - Alleged Data Breach of Lockheed Martin
Category: Data Breach
Content: The threat actor claims to be breached the Lockheed Martin and the United States Army database, the dataset contains technical information related to RFID and wireless connection systems used across major U.S. military forces.
Date: 2026-01-28T02:33:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-USA-CONFIDENTIAL-Lockheed-Martin-US-ARMY-RFID-WIRELESS-CONNECTION-MANUALS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/047cb54a-b84f-49fc-af30-7571972cd10c.png
Threat Actors: jrintel
Victim Country: USA
Victim Industry: Defense & Space
Victim Organization: lockheed martin
Victim Site: lockheedmartin.com - Alleged Data Breach of Cuba Ministry of Higher Education (MES)
Category: Data Breach
Content: The threat actor claims to have breached the Ministry of Higher Education of Cuba (MES) database, the dataset contains the student personal data and internal administrative records.
Date: 2026-01-28T01:56:04Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Cuba-Ministerio-de-Educaci%C3%B3n-Superior
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/26566750-3dde-4dc1-a1ce-2384a0df35f3.png
https://d34iuop8pidsy8.cloudfront.net/5cf235fe-14c9-4af1-83d5-8a0b29b8aeb7.png
Threat Actors: Sorb
Victim Country: Cuba
Victim Industry: Higher Education/Acadamia
Victim Organization: ministry of higher education of cuba
Victim Site: mes.gob.cu - Alleged Data Breach of Match Group
Category: Data Breach
Content: The threat actor claims to have breached the database of Match Group, the dataset inludes internal archives, user-related data, private documents, daily reports, and invoices associated with multiple Match Group dating platforms.
Date: 2026-01-28T00:29:44Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Match-Group-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8eb9589-6440-4dde-98d7-f97008655a7e.png
Threat Actors: cysc
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: match group
Victim Site: mtch.com