[January-29-2026] Daily Cybersecurity Threat Report

1. Executive Summary

The cyber landscape on January 29, 2026, was characterized by a massive surge in Data Breaches, particularly targeting the retail, government, and financial sectors. Significant events include a major disruptive attack on Poland’s National Energy Infrastructure and high-volume data leaks from entities like PROCARMA (5 million records) and Global Prime (5.3 million records). Threat actors utilized varied methods, from destructive wiper malware to the systematic exploitation of WordPress vulnerabilities for initial access.+4

2. Global Incident Breakdown by Category

2.1. Data Breaches (Primary Threat)

Data breaches accounted for the majority of recorded incidents. These ranged from localized business leaks to massive datasets spanning millions of citizens.

Financial & Investment: * Global Prime (Australia): 5.3 million records leaked.
- SogoTrade Inc (USA): 2.1 million records leaked.
- Arqaam Investment Company (Saudi Arabia): 2 million records containing names, emails, and phone numbers.+2
- BTC-E: A historical leak re-emerged containing 551,000 records including hashed passwords and account balances.
Government & Public Sector:
- Zambia (ZISPIS): A catastrophic breach involving 500 GB of data belonging to 15 million people, including national IDs and socio-economic data.
- Spain: Alleged leak of data from the National Intelligence Centre (CNI) and high-ranking political figures.
- Kota Samarinda (Indonesia): Population database leak including national ID numbers (NIK).
- Algeria: 500,000 national ID holder records exposed.+1
Automotive & Retail:
- PROCARMA (USA): Over 5 million customer records leaked from the MyPCP portal.+1
- VeryChic (France): 900,000 luxury travel records containing transport and payment info.

2.2. Critical Infrastructure & Cyber Attacks

The most significant operational threat was the attack on Poland’s Energy Grid. Security researchers noted the use of DynoWiper and Electrum malware to target 30 energy facilities. While service disruptions were avoided, the attack highlights the ongoing vulnerability of Operational Technology (OT).+2

2.3. Initial Access & Malware Sales

Threat actors are increasingly commodifying access to enterprise environments:

WordPress Exploitation: The actor Saiwer and group Neffex THe BlackHat dominated this space, selling or leaking administrative credentials for dozens of sites globally, including academic institutions like Adam Mickiewicz University.+4
Malware Tools: The Google Restore Bot (designed to restore sessions from stealer logs) and an Automated AV Killer (utilizing vulnerable drivers to bypass security) were actively marketed on underground forums.+1

3. Notable Threat Actors and Groups

Threat Actor / Group	Primary Activity	Key Targets
888	Data Breach	Small-to-medium florists (Floranext platform) +1
Neffex THe BlackHat	Initial Access	WordPress Admin credentials globally +1
Pharaohs Team Channel	Defacement	African & Middle Eastern websites +1
temporary	Data Breach	European retail and healthcare (Pandora, Consento) +1
c0mmandor	Data Breach	VPNs and Russian services (TunnelBear, Dakota Shushi) +1

4. Sector-Specific Impact Analysis

4.1. The “Florist” Campaign

A specific trend emerged where the actor 888 targeted nearly a dozen floral companies (e.g., Texas Blooms, Holton Flowers, PIGMINT). This appears to be a supply chain compromise involving Floranext, a POS and customer management platform.+4

4.2. Education and Research

Academic institutions faced a dual threat of data theft and defacement. Notable victims include Shandong Agricultural University (China) and Thrivus University (Ghana).+1

5. Conclusion

The events of January 29, 2026, demonstrate a highly industrialized cybercrime ecosystem. The prevalence of PII (Personally Identifiable Information) leaks suggests that identity theft and subsequent phishing campaigns will likely rise in the coming weeks.+2

Key Findings:

Supply Chain Vulnerability: The targeting of specialized POS software (Floranext) allowed a single actor to breach multiple small businesses simultaneously.
State-Aligned Disruptions: The Polish energy grid incident underscores the use of wiper malware for geopolitical leverage.+1
Commoditization of Access: The widespread sale of WordPress admin access and RDP credentials (with one claim citing 55 billion entries) lowers the barrier to entry for ransomware affiliates.+3

Organizations are advised to prioritize the security of CMS platforms (WordPress), implement MFA for all administrative dashboards, and monitor for unauthorized use of vulnerable drivers on their endpoints.

Detected Incidents Draft Data

Alleged Leak of Korea Investment Forum
Category: Data Breach
Content: The threat actor claims to have leaked Korea Investment Forum Email and Password Data
Date: 2026-01-29T23:52:57Z
Network: openweb
Published URL: https://bhf.pro/threads/718956/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/edf60cf4-3de8-4a1d-be4c-18272fa07d80.png
Threat Actors: DeSauTIP
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Order403 targets the website of BM Conectividade
Category: Defacement
Content: The group claims to have defaced the website of BM Conectividade
Date: 2026-01-29T23:51:20Z
Network: telegram
Published URL: https://t.me/order403/61
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9dcbf616-b65f-4dfa-82cd-1f1709c1ff7c.png
Threat Actors: Order403
Victim Country: Brazil
Victim Industry: Network & Telecommunications
Victim Organization: bm conectividade
Victim Site: bmeletro.com.br
Alleged Leak of Cellphone Data from Multiple Countries
Category: Data Breach
Content: The threat actor claims to be leaked Cellphone Data from Multiple Countries
Date: 2026-01-29T23:43:16Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-2025-Updated-Cellphone-Database-Worldwide
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/18709520-6c6f-4b33-a55e-4052c2416c7c.png
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Google Restore Bot
Category: Malware
Content: Threat Actor claims to be selling the Google Restore Bot tool, which is capable to restore Google sessions and claiming compatibility with multiple stealer logs along with a high recovery success rate. The tool is offering free functionality, a user-friendly interface, support for both Russian and English languages, and a dedicated bot API server.
Date: 2026-01-29T22:45:54Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274812/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e2c81a26-2ef9-45fe-81fc-e85ff7864dcd.png
Threat Actors: DOLOR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of The Online Casino
Category: Data Breach
Content: Threat actor claims to be selling leaked data from The Online Casino, a international betting website. The compromised data reportedly contains 78,623 records including player name, player ID, player username, player address, etc.
Date: 2026-01-29T22:44:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-The-Online-Casino-78-6k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44718ec9-dbb7-4999-8888-dc2e79bc800a.png
Threat Actors: temporary
Victim Country: Comoros
Victim Industry: Gambling & Casinos
Victim Organization: the online casino
Victim Site: theonlinecasino.com
Alleged data sale of Pandora
Category: Data Breach
Content: Threat actor claims to be selling leaked data from Pandora, Austria. The compromised data reportedly contains 89,264 records including username, email, name, phone etc.
Date: 2026-01-29T22:35:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Austria-Pandora-89-2k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac311641-f509-431d-96b9-41a33091174d.png
Threat Actors: temporary
Victim Country: Austria
Victim Industry: Luxury Goods & Jewelry
Victim Organization: pandora
Victim Site: at.pandora.net
Alleged sale of confidential government/military data from USA
Category: Data Breach
Content: Threat actor claims to be selling a list of various confidential military and government related documents from USA.
Date: 2026-01-29T22:29:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FRESH-TOP-SECRET-US-GOV-MILITARY-DOCS-SALE–186110
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de27f6c2-310f-4bec-981d-473d12325ff3.png
https://d34iuop8pidsy8.cloudfront.net/e943878d-9d8c-4f12-9284-ef51c874b150.png
Threat Actors: jrintel
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Breach of Windows Server in Tunisia
Category: Data Breach
Content: The group claims to have breached a Windows Server in Tunisia
Date: 2026-01-29T22:15:47Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1521?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c38fccb-7b70-439a-8971-91dd698162c3.jpg
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Consento
Category: Data Breach
Content: Threat actor claims to be selling leaked data from Consento, Bulgaria. The compromised data reportedly contains 32,683 records including email, first name, last name, city, date of birth, and gender.
Date: 2026-01-29T22:14:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Bulgaria-Consento-32-6k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/220cf6b2-dcb6-4477-876d-227277077a7d.png
Threat Actors: temporary
Victim Country: Bulgaria
Victim Industry: Hospital & Health Care
Victim Organization: consento
Victim Site: consento.bg
Alleged data sale of Arc-Cinema
Category: Data Breach
Content: Threat actor claims to be selling leaked data from Arc-Cinema. The compromised data reportedly contains data from 2016, including user id, user login, user pass, user email, etc.
Date: 2026-01-29T22:07:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-France-arc-cinema-fr-Database-Repost
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eeff32d9-be40-4de2-82e3-15287ccef61d.png
Threat Actors: Tanaka
Victim Country: France
Victim Industry: Online Publishing
Victim Organization: arc-cinema
Victim Site: arc-cinema.fr
Alleged data breach of Dvago
Category: Data Breach
Content: Threat actor claims to be selling leaked data from Dvago, Pakistan. The compromised data reportedly contains 126,428 records including email, city, fax, billing first name, billing last name, mobile number, zip, state/province, address, phone number.
Date: 2026-01-29T22:06:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Pakistan-dvago-pk-126-4k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/178cdbdf-4fe0-48a8-8b60-6a1a5b43d325.png
Threat Actors: temporary
Victim Country: Pakistan
Victim Industry: E-commerce & Online Stores
Victim Organization: dvago
Victim Site: dvago.pk
Alleged data breach of ibroker
Category: Data Breach
Content: Threat actor claims to be selling data from ibroker, Spain. The compromised data reportedly contains 214,145 including name, gender, phone number, and email.
Date: 2026-01-29T21:51:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-ibroker-es
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee100529-ff02-46d0-a120-1e34b02df0f1.png
Threat Actors: z72
Victim Country: Spain
Victim Industry: Financial Services
Victim Organization: ibroker
Victim Site: ibroker.es
umbra.by targets the website of BreachForums
Category: Defacement
Content: The group claims to have defaced the website of BreachForums
Date: 2026-01-29T21:32:50Z
Network: telegram
Published URL: https://t.me/umbraby/10
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d5f468a4-b2fe-41c3-89a7-180f888e0205.png
Threat Actors: umbra.by
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: breachforums
Victim Site: breachforums.bf
Alleged data breach of New Generation Computing, Inc.
Category: Data Breach
Content: The group claims to have exfiltrated the organizations internal data.
Date: 2026-01-29T21:31:14Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/ngc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8b30cbe-a032-44e9-a327-932e8d7543bf.png
Threat Actors: CoinbaseCartel
Victim Country: USA
Victim Industry: Fashion & Apparel
Victim Organization: new generation computing, inc. (ngc software)
Victim Site: ngcsoftware.com
Alleged data breach of Arqaam Investment Company
Category: Data Breach
Content: Threat actor claims to be selling database of Arqaam Investment Company, Saudi Arabia. The compromised data reportedly contains 2 million records including name, email, user ID, password, phone, etc.
Date: 2026-01-29T21:25:38Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-saudi-arabia-argaam-com-database-2million-records
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0cd42742-c6e6-4f75-90bf-b3e2092ee20c.png
https://d34iuop8pidsy8.cloudfront.net/aa4e4c98-b984-43b1-9048-836f4c0db83c.png
Threat Actors: pking25
Victim Country: Saudi Arabia
Victim Industry: Investment Management, Hedge Fund & Private Equity
Victim Organization: arqaam investment company
Victim Site: argaam.com
Alleged Sale of Unauthorized WordPress Access with Traffic to Multiple Countries
Category: Initial Access
Content: Threat Actor claims to be selling WordPress administrative access with web traffic across the United States, Canada, European Union, and mixed/global regions.
Date: 2026-01-29T20:54:52Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274791/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/566b8062-5b78-4a9f-b08f-e8f8b87d46a5.png
Threat Actors: Saiwer
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized 6 Unique WordPress Access in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized 6 unique WordPress access in USA, including news, 3D maps, shipping and environmental protection, water products, working tools, and hairdressing supplies.
Date: 2026-01-29T20:35:47Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274789/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc92d279-ea99-4b83-a312-b402897b154f.png
Threat Actors: Saiwer
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Automated AV Killer
Category: Malware
Content: Threat Actor claims to be selling an automated AV killer tool, which operates through a vulnerable driver and is fully FUD, including both the driver and exploit. They can provide regular updates and maintenance, rotate drivers frequently with limited availability, and that the tool can consistently disable multiple security solutions.
Date: 2026-01-29T20:21:54Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274790/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7c8d917-0ec8-4d3b-9aac-cdfa4785da1a.png
Threat Actors: amenouzume
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of pagesdor.be
Category: Data Breach
Content: Threat actor claims to be selling the business directory database from pagesdor.be, Belgium. The compromised data reportedly contains 1 million records including legal name, email, address, phone number, VAT number, etc.
Date: 2026-01-29T20:16:47Z
Network: openweb
Published URL: https://darkforums.io/Thread-1m-Belgium-https-www-pagesdor-be-Business-directory-database-with-legal-name
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb3e6ee0-eca5-48c6-8015-de182b2aa1fb.png
Threat Actors: gtaviispeak
Victim Country: Belgium
Victim Industry: Marketing, Advertising & Sales
Victim Organization: pagesdor.be
Victim Site: pagesdor.be
Alleged leak of Algerian citizens personal information
Category: Data Breach
Content: A threat actor claims to have obtained and leaked personal data belonging to Algerian Citizens (National ID Holders / Civil Registry). The exposed information reportedly includes first and last names, email addresses, phone numbers, and national identity card details.
Date: 2026-01-29T20:07:37Z
Network: openweb
Published URL: https://darkforums.io/Thread-500k-algerian-data-algeria-post
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c6c09c33-dfbe-46b7-9f2e-0e7e50928a3b.png
Threat Actors: BlueEx
Victim Country: Algeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of BTC-E
Category: Data Breach
Content: Threat Actor claims to have leaked the database of BTC-E, reportedly dating back to 2015 and containing approximately 551,000 records with a total size of around 240 MB. The exposed data may include usernames, hashed passwords, email addresses, account balances, internal IDs, IP addresses, and country codes.
Date: 2026-01-29T20:02:56Z
Network: openweb
Published URL: https://leakbase.la/threads/btc-e-dataleak.48627/#post-270815
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8aaa79ad-5cd6-47c4-83a8-9f9b63b62b27.png
Threat Actors: Yuzaoka1.0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of PROCARMA
Category: Data Breach
Content: Threat actor claims to be selling a leaked customer database belonging to PROCARMA, USA. The compromised data is reportedly sourced from the MyPCP portal, a customer service and vehicle care management platform used by PROCARMA. The exposed dataset allegedly contains over five million records, including customer IDs, customer names, primary email addresses, phone numbers, physical addresses, and related personal information.
Date: 2026-01-29T19:15:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-mypcp-us-Data-Breach-Leaked-Sale
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd38c988-ece6-47d4-8f5e-f0e7a28ee2f0.png
Threat Actors: INS
Victim Country: USA
Victim Industry: Automotive
Victim Organization: procarma
Victim Site: mypcp.us
Alleged leak of identity documents from multiple countries
Category: Data Breach
Content: Threat actor claims to have leaked passport and government-issued identification document sets from multiple countries. The listings include passports, national ID cards, and driver’s licenses, with various combinations such as front and back scans, selfies, mixed scans and photographs. The actor claims availability of thousands of document sets from countries including Australia, China, India, USA, Malaysia, France, etc.
Date: 2026-01-29T17:42:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-MIX-document-31gb-FREE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/18782f9a-ac6b-4836-9fe8-e36a07057c34.png
Threat Actors: DocLite
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Team Azrael Angel Of Death claims to target multiple websites in India
Category: Defacement
Content: The group claims to have defaced multiple websites in India which include:pkrangul.compujaworksmanufacturer.inpurefoodsolutions.inriteedu.in
Date: 2026-01-29T17:32:45Z
Network: telegram
Published URL: https://t.me/anonymous_Cr02x/1277
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f684ec52-7de5-4a11-a36c-e3abc9b9afa8.jpg
Threat Actors: Team Azrael Angel Of Death
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Team Azrael Angel Of Death claims to target multiple websites in India
Category: Defacement
Content: The group claims to have defaced multiple websites in India which include:baruneinursing.combabybubbles.in21stcenturysoftwares.comnicetbhutamundai.combccakantilo.inbrainybrightsinternationalresidentialschool.comdukanpar.shop
Date: 2026-01-29T17:17:10Z
Network: telegram
Published URL: https://t.me/anonymous_Cr02x/1276
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93b071ba-18ef-466b-9fbd-a89718f352e2.jpg
Threat Actors: Team Azrael Angel Of Death
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of TOBi
Category: Data Breach
Content: Threat actor claims to have leaked data from TOBi, an Internet service provider from Ukraine. The compromised data reportedly contains 500,000 rows including 10,000 rows of users information.
Date: 2026-01-29T17:04:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-provider-of-Ukraine-tobi-net
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d032f059-316f-48ed-b2bc-d58e41ab9a18.png
Threat Actors: GoogleAdmin
Victim Country: Ukraine
Victim Industry: Network & Telecommunications
Victim Organization: tobi
Victim Site: tobi.net
Alleged Data Breach of Kota Samarinda
Category: Data Breach
Content: A threat actor claims to have obtained and leaked a population database belonging to Kota Samarinda. The exposed data reportedly includes internal record IDs, national identification numbers (NIK), full names, village information (Kelurahan Bukuan), district details (Kecamatan Palaran), and residential addresses (Jl. Salak), along with other sensitive personal identification details.
Date: 2026-01-29T16:57:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATA-PENDUDUK-KELURAHAN-BUKUAN-DI-SAMARINDA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2806117-eae4-4f38-b45e-18ff8ef9fcb1.png
Threat Actors: ShadowNex
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: kota samarinda
Victim Site: samarindakota.go.id
Zambia Integrated Social Protection Information System
Category: Data Breach
Content: The threat actor claims to have breached the Zambia Integrated Social Protection Information System (ZISPIS), allegedly compromising 500 GB of data belonging to 15 million people. The exfiltrated records reportedly include highly sensitive information such as national IDs, payment histories, GPS locations, and detailed household socio-economic data.
Date: 2026-01-29T16:32:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-ZM-Government-of-Zambia-%E2%80%93-Social-Protection-Beneficiaries-34M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56a6e9e8-fb8c-418d-8d18-dd8b3e211f77.jpg
https://d34iuop8pidsy8.cloudfront.net/95bd3da9-a6d3-4568-a984-1a872889a8fd.jpg
https://d34iuop8pidsy8.cloudfront.net/551f7f0a-9217-4a92-9159-89b4e0979c8f.jpg
https://d34iuop8pidsy8.cloudfront.net/b6ade33d-d47d-472a-b2f1-6516006fb232.jpg
Threat Actors: Spirigatito
Victim Country: Zambia
Victim Industry: Government Administration
Victim Organization: zambia integrated social protection information system
Victim Site: zispis.grz.gov.zm
Alleged leak of login access to Seva Satkar Foundations
Category: Initial Access
Content: The group claims to have gained login access credentials belonging to Seva Satkar Foundations
Date: 2026-01-29T15:09:55Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/75
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c58a4144-a964-4da5-9d49-68043d5a4e40.JPG
Threat Actors: Neffex THe BlackHat
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: seva satkar foundations
Victim Site: sevasatkarfoundation.org
Alleged data breach of Kibbutz Hatzor-Ashdod
Category: Data Breach
Content: The group claims to have breached the database of the community portal for Kibbutz Hatzor-Ashdod, located in the Southern District of Israel
Date: 2026-01-29T15:07:07Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/448
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10d2b9b0-756d-4703-84ab-70bf6f5590d3.jpg
Threat Actors: Gaza Childrens Group
Victim Country: Israel
Victim Industry: Government & Public Sector
Victim Organization: kibbutz hatzor-ashdod
Victim Site: hatzor.org.il
Alleged data leak of SogoTrade Inc
Category: Data Breach
Content: The threat actor claims to have leaked 2.1 million data from SogoTrade Inc.
Date: 2026-01-29T14:54:33Z
Network: openweb
Published URL: https://leakbase.la/threads/stock-12m-data-leaks.48621/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c4804790-a7a3-4a3d-960f-a62f5354f881.png
Threat Actors: Yuzaoka1.0
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: sogotrade, inc.
Victim Site: sogotrade.com
Alleged data leak of Global Prime database
Category: Data Breach
Content: The threat actor claims to have leaked 5.3 million records from Global Prime.
Date: 2026-01-29T14:51:21Z
Network: openweb
Published URL: https://leakbase.la/threads/stock-12m-data-leaks.48621/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ce8b85c-8337-4151-9204-b45d092361d7.png
Threat Actors: Yuzaoka1.0
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: global prime
Victim Site: globalprime.com
Alleged data leak of Veronesi
Category: Data Breach
Content: The threat actor claims to have leaked 37,299 records of data from Veronesi. The compromised data reportedly includes id_address, id_country, id_state, id_customer, and additional fields.
Date: 2026-01-29T14:48:16Z
Network: openweb
Published URL: https://leakbase.la/threads/ar-veronesi-leak.48620/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db0767ad-97f5-4eb9-b282-2b1d1267b89c.png
Threat Actors: frog
Victim Country: Argentina
Victim Industry: Education
Victim Organization: veronesi
Victim Site: veronesiweb.com
Alleged data leak of internal order from the Central Administration of the SBU
Category: Data Breach
Content: The group claims to have leaked the internal order from the Central Administration of the SBU
Date: 2026-01-29T14:26:09Z
Network: telegram
Published URL: https://t.me/hackberegini/3168
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac6bbe00-ed4d-468a-81dd-8923eab62cb7.JPG
https://d34iuop8pidsy8.cloudfront.net/ac654340-8f2e-4dc4-8fd6-506e6b2225fe.JPG
Threat Actors: Beregini
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Shandong Agricultural University
Category: Data Breach
Content: The threat actor claims to have breached data from Shandong Agricultural University.
Date: 2026-01-29T14:22:28Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SnowSoul-ID-1236
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c32c0b5a-1a23-4c69-ad27-32b000b4563d.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Education
Victim Organization: shandong agricultural university
Victim Site: english.sdau.edu.cn
Alleged data breach of FloraNext
Category: Data Breach
Content: The threat actor claims to have breached 77 thousand customer data of the organisation, allegedly including full names, addresses, email addresses, phone numbers and order Information.
Date: 2026-01-29T14:18:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-LakesFloral-com-Database-Leaked-Download–186017
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd2214cf-9d57-43ad-8d28-53627715fa2b.JPG
https://d34iuop8pidsy8.cloudfront.net/4ee17a44-9cc5-4161-a74e-db56d605e293.JPG
Threat Actors: 888
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: floranext
Victim Site: lakesfloral.com
Z-BL4CX-H4T.ID targets the website of TAKEISHI ALLOYTOOL VIETNAM Co., Ltd.
Category: Defacement
Content: The group claims to have defaced the website of TAKEISHI ALLOYTOOL VIETNAM Co., Ltd.
Date: 2026-01-29T14:13:12Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/44
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ba5f8cde-bd27-46bc-a3e8-04d8d0b41145.jpg
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Vietnam
Victim Industry: Machinery Manufacturing
Victim Organization: takeishi alloytool vietnam co., ltd.
Victim Site: takeishivn.com
Alleged data breach of ART among the FLOWERS
Category: Data Breach
Content: The threat actor claims to have breached 15.3K customer records from ART among the FLOWERS, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T14:08:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-ArtAmongTheFlowers-com-Database-Leaked-Download–186011
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4b009e5-8f5e-44f7-9820-fe5d3813c8bf.png
https://d34iuop8pidsy8.cloudfront.net/c110a725-a3ef-4c7e-a38b-0125998e3e73.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: art among the flowers
Victim Site: artamongtheflowers.com
Alleged data breach of Central Market Flowers
Category: Data Breach
Content: The threat actor claims to have breached 6.7K customer records from Central Market Flowers, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T14:05:10Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-CentralMarketFlowers-com-Database-Leaked-Download–186012
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74b29d2f-450d-4762-85eb-0b96364abb88.png
https://d34iuop8pidsy8.cloudfront.net/d74435d6-b423-45d5-a4db-e32a7637013b.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: central market flowers
Victim Site: centralmarketflowers.com
Z-BL4CX-H4T.ID targets the website of Digitattva Technolabs
Category: Defacement
Content: The group claims to have defaced the website of Digitattva Technolabs.
Date: 2026-01-29T14:01:00Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/44
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/631bd891-5860-4c25-aa9f-37f7bb422f7f.jpg
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: digitattva technolabs
Victim Site: pmt.digitattva.in
Alleged data breach of Texas Blooms and Gifts – Florist and Austin Flower Delivery
Category: Data Breach
Content: The threat actor claims to have breached 12K customer records from Texas Blooms and Gifts – Florist and Austin Flower Delivery, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T13:53:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Texas-Blooms-com-Database-Leaked-Download–186020
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1ca04d10-5a2b-4771-aceb-c0c271cf61c5.png
https://d34iuop8pidsy8.cloudfront.net/4d8be7f0-7a1e-44af-9951-463f09198669.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: texas blooms and gifts – florist and austin flower delivery
Victim Site: texas-blooms.com
Cyber Attack hits Poland’s National Energy Infrastructure
Category: Cyber Attack
Content: The Polish energy sector experienced a significant cyberattack targeting its national power grid in late December, impacting approximately 30 energy facilities, including combined heat and power plants and renewable energy dispatch systems. Attackers compromised operational technology (OT) systems using destructive wiper malware such as DynoWiper and Electrum, damaging key equipment, though Poland avoided major service disruptions. Security researchers further linked the activity to advanced state-aligned threat groups and connected the campaign to other wipers previously used against energy infrastructure, including CaddyWiper and Industroyer2, underscoring critical vulnerabilities in distributed energy resources and the ongoing risk to critical infrastructure.NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-29T13:48:20Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Poland
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of LK ZHEU
Category: Data Breach
Content: The group claims to have leaked database files allegedly obtained from LK ZHEU. The disclosed files reportedly include 6,700+ names, home addresses, and data on the organizations employees.
Date: 2026-01-29T13:41:31Z
Network: telegram
Published URL: https://t.me/perunswaroga/1124
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff232f64-1fdc-4f91-a113-aaf62979e3b6.jpg
https://d34iuop8pidsy8.cloudfront.net/955bf501-eed7-4b20-8654-49c457ef6a85.jpg
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Oil & Gas
Victim Organization: lk zheu
Victim Site: lubnykju.com.ua
Alleged Sale of Stolen PII and Cybercrime Tools
Category: Malware
Content: The threat actor claims to be selling a massive database containing over 100 million records of Fullz and sensitive personal information from the US, UK, and Canada. This data allegedly includes high-value identifiers such as Social Security Numbers, National Insurance Numbers, drivers license photos, and even tax return information.
Date: 2026-01-29T13:36:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-US-FRESH-SSNDOB-DL-FULLZ-DL-PHOTOS-ALL-STATES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/07a3a07e-c358-490a-8939-629c57930ce4.jpg
Threat Actors: ally549
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials from Spinneys Egypt
Category: Initial Access
Content: Group claims to have leaked login credentials from Spinneys Egypt.
Date: 2026-01-29T13:35:47Z
Network: telegram
Published URL: https://t.me/c/2451084701/514173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ec21fab-a8b7-4839-af55-6092945bde01.png
Threat Actors: Buscador
Victim Country: Egypt
Victim Industry: Retail Industry
Victim Organization: spinneys egypt
Victim Site: spinneys-egypt.com
Alleged data breach of Holton Flowers
Category: Data Breach
Content: The threat actor claims to have breached 19.8 thousand customer data of the the organisation, allegedly including full names, addresses, email addresses, phone numbers and order information.
Date: 2026-01-29T13:31:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-HoltonFlowers-com-Database-Leaked-Download–186016
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1406be22-3d99-445c-b73c-ac4187958ed9.JPG
https://d34iuop8pidsy8.cloudfront.net/020c39a3-5fb3-4f17-aa02-bf6d67ac1745.JPG
Threat Actors: 888
Victim Country: Canada
Victim Industry: E-commerce & Online Stores
Victim Organization: holton flowers
Victim Site: holtonflowers.com
Alleged data breach of PIGMINT
Category: Data Breach
Content: The threat actor claims to have breached 25.2K customer records from PIGMINT, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T13:26:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Shoppigmint-com-Database-Leaked-Download–186019
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c8d3cd8-d3e3-4ca6-96e3-b6706d4121d9.png
https://d34iuop8pidsy8.cloudfront.net/09e0d369-d342-4804-b4ff-ba1125b0ccf2.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: pigmint
Victim Site: shoppigmint.com
404 CREW CYBER TEAM targets the website of
Category: Defacement
Content: The group claims to have defaced the website of Ranel Profesyonel El Aletleri.
Date: 2026-01-29T13:24:28Z
Network: telegram
Published URL: https://t.me/crewcyber/613
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c9aa195-fe9e-48cc-b994-f4cc4772569d.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Turkey
Victim Industry: Machinery Manufacturing
Victim Organization: ranel profesyonel el aletleri
Victim Site: ranel.com.tr
Alleged data breach of Joy Flower Shop
Category: Data Breach
Content: The threat actor claims to have breached 9.3K customer records from Joy Flower Shop, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T13:23:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-MyJoyFlowerShop-com-Database-Leaked-Download–186018
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc8c26a5-4e4f-4295-b7e6-b037a4ced9b2.png
https://d34iuop8pidsy8.cloudfront.net/be9987c0-a235-4a9c-a37a-d5a2286db02f.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: joy flower shop
Victim Site: myjoyflowershop.com
Alleged data leak of The Cottage Flowers and Gifts
Category: Data Breach
Content: The threat actor claims to have leaked customer data linked to The Cottage Flowers & Gifts (formerly CottageAtQueenCreek) following a broader compromise involving Floranext, a software and POS platform widely used by florist companies. The incident, which allegedly occurred in January 2026, is said to have impacted nearly a dozen florists, with 16.4K customer records. The exposed data allegedly includes full names, physical addresses, email addresses, phone numbers, and order-related information.
Date: 2026-01-29T13:22:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-TheCottageFlowersAndGifts-com-Database-Leaked-Download–186013
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/baea86f1-bda5-46d4-b008-0767d49d39d3.png
https://d34iuop8pidsy8.cloudfront.net/d25a7b4e-6642-46d7-af4b-03c45318376b.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: the cottage flowers and gifts
Victim Site: thecottageflowersandgifts.com
Alleged data breach of Consider the Lillies
Category: Data Breach
Content: The threat actor claims to have breached 10.7K customer records from Consider the Lillies, allegedly containing full names, addresses, email addresses, phone numbers, and order information.
Date: 2026-01-29T13:09:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Ctlflorist-com-Database-Leaked-Download–186015
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a79157ba-6d03-43ff-9283-c05ee10dc90f.png
https://d34iuop8pidsy8.cloudfront.net/a0263301-493b-4a3e-b46f-0ce94aea14d1.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: consider the lillies
Victim Site: ctlflorist.com
Russian Legion claims to target Denmark
Category: Alert
Content: A recent post by the group indicates that theyre targeting Denmark Government.
Date: 2026-01-29T13:08:28Z
Network: telegram
Published URL: https://t.me/ruLegionn/12
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c828f46-63ed-40f4-afdd-06869a497c9e.jpg
Threat Actors: Russian Legion
Victim Country: Denmark
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Creation Station Flowers
Category: Data Breach
Content: The threat actor claims to have leaked customer data allegedly belonging to Creation Station Flowers following a wider compromise of Floranext, a POS and customer management platform used by many florist companies. The incident, said to have have occurred in January 2026, reportedly impacted nearly a dozen florists, with 13.6K customer records. The exposed data allegedly includes full names, physical addresses, email addresses, phone numbers, and order-related information
Date: 2026-01-29T13:06:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-CreationStationFlowers-com-Database-Leaked-Download–186014
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d66e2796-b46e-46ee-ab85-f626528bd2af.png
https://d34iuop8pidsy8.cloudfront.net/933447d3-f30e-4672-b803-659a9acbe3ae.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: creation station flowers
Victim Site: creationstationflowers.com
Alleged Data Breach of Coin Wallet Australia Pty Limited
Category: Data Breach
Content: The threat claims to have exfiltrated a comprehensive database containing over 200,000 records from the website Coin Wallet Australia Pty Limited. They assert that the stolen information is available in CSV and JSON formats and stems from a compromise of the sites WordPress CMS.
Date: 2026-01-29T12:58:00Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-hardwarewallets-com-au-Australia-Hardware-Wallets
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bce10e31-5bad-4a52-8da5-713e63f5a3a6.jpg
Threat Actors: NanC
Victim Country: Australia
Victim Industry: E-commerce & Online Stores
Victim Organization: coin wallet australia pty limited
Victim Site: hardwarewallets.com.au
Alleged data sale of an unidentified Singapore automotive company
Category: Data Breach
Content: The threat actor claims to be selling data from an unidentified Singapore automotive company, allegedly exposing administrator account credentials, access to the administrator dashboard, and sensitive internal data, including car information and vehicle pricing.
Date: 2026-01-29T12:43:28Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Singapore-Automotive-Leak-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/30cadb16-c2d7-4628-b53e-a99c16c948cb.png
Threat Actors: chadnormie
Victim Country: Singapore
Victim Industry: Automotive
Victim Organization: Unknown
Victim Site: Unknown
Alleged purchase of databases from the Middle East and North Africa (MENA) region
Category: Alert
Content: An Exploit forum user claims to be purchasing databases from the Middle East and North Africa (MENA) region.
Date: 2026-01-29T12:42:49Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274762/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f2c7160-5555-47a2-b48d-655926591799.png
Threat Actors: d3migur3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SFR
Category: Data Breach
Content: The threat actor claims to have breached 583,307 lines of data from SFR.
Date: 2026-01-29T12:36:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-boutique-sfr-fr-583K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40925dc9-cd9b-46ce-8a79-3e1f7a5a440a.png
Threat Actors: czx
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: sfr
Victim Site: boutique.sfr.fr
Alleged Data Breach of Spanish National Security and Political Entities
Category: Data Breach
Content: The threat actor claims to have breached a significant data leak containing sensitive information from several major Spanish government and security organizations. They assert that the compromised data includes files from the Centro Nacional de Inteligencia (CNI), the Policia Nacional, and multiple prominent political parties such as PSOE and VOX. The post includes a sample of personal data, including names, DNI numbers, and addresses, purportedly belonging to high-ranking political figures.
Date: 2026-01-29T12:30:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-REUPLOAD-Spain-Politicians-Policia-Nacional-CNI
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1f684fd-b6b8-45a7-8138-d6a2229c1a83.jpg
Threat Actors: IntelShadow
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of ISMS Group of Institutions
Category: Defacement
Content: The group claims to have defaced the website of ISMS Group of Institutions
Date: 2026-01-29T11:37:47Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/43
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40ab9bd7-fe48-4307-a2c9-d49744b92cb6.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Education
Victim Organization: isms group of institutions
Victim Site: assignmentportal.ismspune.in
Alleged Breach of Australian and British Passport Data
Category: Data Breach
Content: The threat actor claims to be in possession of a dataset containing 6,700 entries sourced from Australian and British passports. According to the post on a known data leak forum, the information is being distributed in multiple batches, with the first installment allegedly containing 100 records.
Date: 2026-01-29T11:31:51Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-100-Australian-and-British-passports-1
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/145bbeab-fe6b-49f8-8f5b-75a124510aaf.jpg
Threat Actors: coolworker378
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an Italian car company
Category: Initial Access
Content: The threat actor claims to be selling unauthorized admin dashboard access to an Italian car company, allegedly providing access to internal systems including CRM data, sales proposals, vehicle lookup, car sales dashboards, B2C car orders with payment information, and dealership orders.
Date: 2026-01-29T11:12:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-selling-Admin-Dashboard-Access-Itallian-Car-Company
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb9ecc70-446e-4e36-bf71-63995d35075f.png
Threat Actors: p0ppin
Victim Country: Italy
Victim Industry: Automotive
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SuperPrice
Category: Data Breach
Content: The group claims to have breached 14 thousand records of data of the organisation.
Date: 2026-01-29T10:42:18Z
Network: telegram
Published URL: https://t.me/shadow_cyber/218
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d61145b-4f84-4e5c-8a35-70234cf9521b.JPG
Threat Actors: Shadow SEC
Victim Country: Israel
Victim Industry: Manufacturing
Victim Organization: superprice
Victim Site: superprice.co.il
Alleged leak of students data from Azerbaijan
Category: Data Breach
Content: Threat actor claims to have leaked students data from Azerbaijan.The compromised data reportedly includes UTIS codes, phone numbers, names, surnames, birth dates, class information, and school details.
Date: 2026-01-29T10:23:23Z
Network: openweb
Published URL: https://leakbase.la/threads/azerbaijan-student-data.48614/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc0735af-0ee1-45fe-b6d4-64426cdd131e.png
Threat Actors: menpolisem
Victim Country: Azerbaijan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Diskal Group
Category: Data Breach
Content: The group claims to have leaked data belonging to Diskal Group.
Date: 2026-01-29T10:21:05Z
Network: telegram
Published URL: https://t.me/shadow_cyber/218
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce5360dc-e4a5-40f0-be36-bfe20518af75.png
Threat Actors: Shadow SEC
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: diskal group
Victim Site: diskal.co.il
Alleged data leak of City of Kaliningrad
Category: Data Breach
Content: The threat actor claims to have leaked 2.2 million records from the City of Kaliningrad, Russia, allegedly containing names, city of residence, dates of birth, addresses, and more.
Date: 2026-01-29T10:01:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Kaliningrad-2-2MILLION-MIX
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d3f8dd6-9556-4637-82b0-7b574bfa403c.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: city of kaliningrad
Victim Site: klgd.ru
Alleged Credential Leak of TunnelBear VPN Users
Category: Data Breach
Content: The threat actor claims to have gained unauthorized access to TunnelBears internal user database, allegedly exfiltrating over 1,000 unique records. According to the post, the stolen data includes sensitive information such as email addresses and plaintext passwords, which could facilitate immediate account takeovers. The actor asserts that the compromise was achieved through a vulnerability in the services authentication systems, allowing them to bypass standard security protocols.
Date: 2026-01-29T09:55:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Tunnel-Bear-VPN-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/622dcb73-3227-440a-98c9-069475de0821.jpg
Threat Actors: c0mmandor
Victim Country: Canada
Victim Industry: Information Technology (IT) Services
Victim Organization: tunnelbear
Victim Site: tunnelbear.com
Alleged data breach of AvizInfo
Category: Data Breach
Content: The threat actor claims to have successfully compromised and leaked the user database for the Kazakhstan-based platform avizinfo.kz. To substantiate these claims, the actor posted a data sample containing sensitive information such as email addresses, hashed passwords, and full names. The shared record also reveals highly specific personal details, including phone numbers and physical addresses located in Russia.
Date: 2026-01-29T09:36:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-avizinfo-kz-users-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/06e8a877-778b-4b4f-9a10-b52e5cfa27fe.jpg
Threat Actors: c0mmandor
Victim Country: Kazakhstan
Victim Industry: E-commerce & Online Stores
Victim Organization: avizinfo
Victim Site: avizinfo.kz
Alleged Data Breach of Swiss Search Engine Search.ch
Category: Data Breach
Content: The threat actor claims to have successfully breached the Swiss search engine and directory service, Search.ch,. They assert that the stolen database contains a wide array of sensitive information, ranging from personal names and email addresses to bcrypt-hashed passwords and IP logs. To validate their claims, the actors posted a JSON-formatted data sample that appears to display internal business listings and technical metadata.
Date: 2026-01-29T09:24:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Database-Search-ch-Switzerland
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a217d493-0f1b-499f-b6d4-2e9d0a3dd961.jpg
Threat Actors: hinygo
Victim Country: Switzerland
Victim Industry: Information Technology (IT) Services
Victim Organization: search.ch
Victim Site: search.ch
Alleged data breach of Dakota Shushi
Category: Data Breach
Content: The threat actor claims to have breached the Russian delivery service website dakotadostavka.ru and published its user database on a popular cybercrime forum. According to the post dated January 29, 2026, the leaked data contains extensive sensitive information, including customer names, email addresses, telephone numbers, and physical addresses. The database fields also suggest the exposure of transaction details such as order IDs, payment methods, and IP addresses used during checkout.
Date: 2026-01-29T09:11:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-dakotadostavka-ru-users-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f03756c5-30b2-4898-83f1-73f86bd79f4f.jpg
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Restaurants
Victim Organization: dakota shushi
Victim Site: dakotadostavka.ru
Alleged leak of WordPress admin credentials to Akua Solutions
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Akua Solutions
Date: 2026-01-29T09:02:40Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/169
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9926caf8-b458-49fa-8992-0cda17261fa5.JPG
Threat Actors: Neffex THe BlackHat
Victim Country: Colombia
Victim Industry: Textiles
Victim Organization: akua solutions
Victim Site: akuasoluciones.com
Alleged data breach of Seniors Today
Category: Data Breach
Content: The threat actor claims to have successfully scraped sensitive personal data from the Indian website seniortoday.in. This alleged leak reportedly contains 116 files including high-value identity documents such as Indian passports, national IDs, and driving licenses. The actor uploaded a compressed file totaling approximately 168.53 MB
Date: 2026-01-29T09:00:37Z
Network: openweb
Published URL: https://breachforums.bf/Thread-seniorstoday-in
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2f0ff3f-bf0d-48bc-a46c-ce0e9f11293f.jpg
Threat Actors: zvezdanwastaken
Victim Country: India
Victim Industry: Broadcast Media
Victim Organization: seniors today
Victim Site: seniorstoday.in
Alleged leak of WordPress admin credentials to LAMURA CLUB SRL
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with LAMURA CLUB SRL.
Date: 2026-01-29T08:42:45Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/163
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/162b4737-edc2-45fe-895a-1e01941b0af1.jpg
Threat Actors: Neffex THe BlackHat
Victim Country: Italy
Victim Industry: Fashion & Apparel
Victim Organization: lamura club srl
Victim Site: lamuraclub.com
Alleged leak of Malaysian users database
Category: Data Breach
Content: The threat actor claims to be selling 156,000 user records from a Malaysian database, allegedly leaked on 12 January 2026, including email addresses, usernames, and password hashes.
Date: 2026-01-29T08:34:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Malesian-DB-156k-Dumped-on-12-01-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43ec5e7f-cce3-4bfa-867f-a647807cd5ae.png
Threat Actors: amius
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to Sparkling Spring
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Sparkling Spring.
Date: 2026-01-29T08:18:18Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/175
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ffbfcc3-c981-4f70-80b3-dc6b64b45afb.png
Threat Actors: Neffex THe BlackHat
Victim Country: Russia
Victim Industry: Manufacturing
Victim Organization: sparkling spring
Victim Site: purifier.sparklingspring.ru
Alleged leak of WordPress admin credentials to Studio In Controluce
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Studio In Controluce
Date: 2026-01-29T07:57:11Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/182
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/702787c6-ef9c-4556-9e5b-d6a5263d9773.png
Threat Actors: Neffex THe BlackHat
Victim Country: Italy
Victim Industry: Photography
Victim Organization: studio in controluce
Victim Site: studioincontroluce.it
Pharaohs Team Channel targets the website of Constructech
Category: Defacement
Content: The group claims to have defaced the website of Constructech
Date: 2026-01-29T06:11:12Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/821b49f0-fbcb-4094-b217-81b24ecbf44c.png
https://d34iuop8pidsy8.cloudfront.net/3a5d352b-eccd-4e54-bf58-ff8cacf39794.png
Threat Actors: Pharaohs Team Channel
Victim Country: Algeria
Victim Industry: Building and construction
Victim Organization: constructech
Victim Site: constructech-dz.com
Pharaohs Team Channel targets the website of AtechBox
Category: Defacement
Content: The group claims to have defaced the website of AtechBox.
Date: 2026-01-29T06:06:55Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9eac0c7e-d920-45d1-9e65-e925ddedc91c.png
https://d34iuop8pidsy8.cloudfront.net/6835b199-c94d-43f5-be85-7fe26c4a5dca.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: atechbox
Victim Site: atechbox.com
Alleged Sale of RAMP Forum Database
Category: Data Breach
Content: The group claims to be selling internal RAMP forum user records and admin-panel data.
Date: 2026-01-29T06:02:54Z
Network: telegram
Published URL: https://t.me/TorZireael1/859?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9367e4f7-773e-44e7-b596-c4d898ebc643.png
https://d34iuop8pidsy8.cloudfront.net/a716ebf5-9814-42a9-ac7c-c96f6017d233.png
Threat Actors: Tor Zireael
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ramp4u.io
Pharaohs Team Channel targets the website of ONG Carrefour CADENKOSO
Category: Defacement
Content: The group claims to have defaced the website of ONG Carrefour CADENKOSO
Date: 2026-01-29T06:00:58Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ee20a4f-e719-421d-a12d-4b45cf0904c9.png
https://d34iuop8pidsy8.cloudfront.net/2cd5d8d8-8c36-499c-ae76-7680e5960061.png
Threat Actors: Pharaohs Team Channel
Victim Country: Algeria
Victim Industry: Education
Victim Organization: ong carrefour cadenkoso
Victim Site: cadenkoso-dz.com
Alleged leak of WordPress admin credentials to Zakat Foundation
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Zakat Foundation
Date: 2026-01-29T05:53:51Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/183
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4ccb0595-ace2-4df1-959b-38befcf19436.png
Threat Actors: Neffex THe BlackHat
Victim Country: Lebanon
Victim Industry: Non-profit & Social Organizations
Victim Organization: zakat foundation
Victim Site: zakatml.org
Pharaohs Team Channel targets the website of AtechBib
Category: Defacement
Content: The group claims to have defaced the website of AtechBib.
Date: 2026-01-29T05:48:51Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0a643e73-97ba-43da-8ce9-e8b6cf6af52a.png
https://d34iuop8pidsy8.cloudfront.net/d7842748-da88-4df5-b6a9-a9c2429acbf9.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Library
Victim Organization: atechbib
Victim Site: atechbib.com
Pharaohs Team Channel targets the website of Atechtiri
Category: Defacement
Content: The group claims to have defaced the website of Atechtiri.
Date: 2026-01-29T05:46:44Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/96fc0268-d798-4cc4-8534-7b3a9d00226c.png
https://d34iuop8pidsy8.cloudfront.net/15c01caa-cda9-4b27-9c32-f92946e1853b.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: atechtiri
Victim Site: atechtiri.com
Alleged leak of WordPress admin credentials to Adam Mickiewicz University
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials associated with Adam Mickiewicz University
Date: 2026-01-29T05:41:36Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/184
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7e767b7-8734-48a4-b1b7-e10b202c5470.png
Threat Actors: Neffex THe BlackHat
Victim Country: Poland
Victim Industry: Higher Education/Acadamia
Victim Organization: adam mickiewicz university
Victim Site: knztif.web.amu.edu.pl
Pharaohs Team Channel targets the website of Atechqrcode
Category: Defacement
Content: The group claims to have defaced the website of Atechqrcode.
Date: 2026-01-29T05:37:57Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/32795a75-eb47-41ab-984a-924c8a6c38e8.png
https://d34iuop8pidsy8.cloudfront.net/7afcc306-97fb-4c08-a461-9ffb7ee9a8c2.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: atechqrcode
Victim Site: atechqrcode.com
Pharaohs Team Channel targets the website of atechform.com
Category: Defacement
Content: The group claims to have defaced the website of atechform.com.
Date: 2026-01-29T05:37:52Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/24e672ea-d5ca-44da-b489-c142de3521fd.png
https://d34iuop8pidsy8.cloudfront.net/34d53b39-5636-480e-b831-aa57215cd38e.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: atechform
Victim Site: atechform.com
Pharaohs Team Channel targets the website of Bibliothèque de Sankoré
Category: Defacement
Content: The group claims to have defaced the website of Bibliothèque de Sankoré
Date: 2026-01-29T05:34:53Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/310d2ed3-6884-4034-a239-539bd9a2b8be.png
https://d34iuop8pidsy8.cloudfront.net/8e798ff3-4fa2-44cb-9575-42eb852ffe2a.png
Threat Actors: Pharaohs Team Channel
Victim Country: Mali
Victim Industry: Education
Victim Organization: bibliothèque de sankoré
Victim Site: bibliotheque-sankore.com
Pharaohs Team Channel targets the website of Be The Light Foundation
Category: Defacement
Content: The group claims to have defaced the website of Be The Light Foundation
Date: 2026-01-29T05:23:43Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbe94b9d-18b5-48c9-8102-248aa0a148fd.png
https://d34iuop8pidsy8.cloudfront.net/22a66558-aa9e-4c0b-817c-0212e17a4733.png
Threat Actors: Pharaohs Team Channel
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: be the light foundation
Victim Site: bethelightfoundation.online
Alleged leak of WordPress admin credentials to Direct Mortgages Ltd
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials to Direct Mortgages Ltd
Date: 2026-01-29T05:16:05Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/165
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e7f91ba-c10a-4ef6-a98f-9704d16787bd.png
Threat Actors: Neffex THe BlackHat
Victim Country: UK
Victim Industry: Financial Services
Victim Organization: direct mortgages ltd
Victim Site: client.direct2mortgages.co.uk
Pharaohs Team Channel targets the website of ATechAudio
Category: Defacement
Content: The group claims to have defaced the website of ATechAudio.
Date: 2026-01-29T05:13:21Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/311795f5-3a1f-4fd5-bbbe-c974f531b1a4.png
https://d34iuop8pidsy8.cloudfront.net/9a0edb12-f430-4824-ad49-36cdca517382.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: E-Learning
Victim Organization: atechaudio
Victim Site: atechaudio.com
Pharaohs Team Channel targets the website of atech-soft.net.
Category: Initial Access
Content: The group claims to have defaced the website of atech-soft.net.
Date: 2026-01-29T04:54:04Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8837a5f5-20fd-4f68-b851-381b91fa528d.png
https://d34iuop8pidsy8.cloudfront.net/86f17afc-063e-47ce-8ef2-0c8b4e98e199.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: atech-soft
Victim Site: atech-soft.net
Alleged Sale of Unauthorized US RDP Access
Category: Initial Access
Content: The threat actor claims to have selling 55 billion Unauthorized U.S. RDP Access
Date: 2026-01-29T04:51:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-VPN-usa-55-billion
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/556f72ff-8718-4a83-ac0f-83a99947fa23.png
Threat Actors: freezqq
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of Afrique Technologie
Category: Defacement
Content: The group claims to have defaced the website of Afrique Technologie
Date: 2026-01-29T04:40:04Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6a24780-24f9-4016-9c11-6883751db8d4.png
https://d34iuop8pidsy8.cloudfront.net/b769ef96-86f5-473a-bb32-bb6c3d210f35.png
Threat Actors: Pharaohs Team Channel
Victim Country: Senegal
Victim Industry: Education
Victim Organization: afrique technologie
Victim Site: afrique-technologie.com
Alleged leak of Wise account data
Category: Data Breach
Content: The threat actor claims to have leaked Wise accounts data
Date: 2026-01-29T04:25:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-%E2%9A%A1%EF%B8%8F-Wise-Accounts-New-Aged-Fast-Delivery-%E2%9A%A1%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee45e488-3da5-4cba-8b54-0090c9b132ad.png
https://d34iuop8pidsy8.cloudfront.net/0ff7d941-d57d-4d81-8325-fd1a07f42481.png
Threat Actors: Kayote
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: wise
Victim Site: wise.com
Pharaohs Team Channel targets the website of African Research Laboratory for ICT
Category: Defacement
Content: The group claims to have defaced the website of African Research Laboratory for ICT
Date: 2026-01-29T04:19:20Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4100a08a-4468-4a82-bbd6-988e32fc506b.png
https://d34iuop8pidsy8.cloudfront.net/5b225d30-3820-4d49-bf9e-51ff1c4b2060.png
Threat Actors: Pharaohs Team Channel
Victim Country: South Africa
Victim Industry: Research Industry
Victim Organization: african research laboratory for ict
Victim Site: arl-ict.org
Alleged Sale of Paypal Users Databases from Multiple Countries
Category: Data Breach
Content: Threat actor claims to have shared an unverified database of PayPal users from Germany and Austria, allegedly containing transaction IDs, payment status, names, email addresses, and full address details, distributed via a public spreadsheet.
Date: 2026-01-29T04:17:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274751/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8143f3db-d8de-4dcd-bc13-b5fb5d0363da.png
Threat Actors: kimald
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin and shell access to UK Magento store
Category: Data Breach
Content: Threat actor claims to be selling access to a UK-based Magento e-commerce store with admin panel and shell access. The store reportedly processes 400+ orders per month, with active payment methods including Stripe and PayPal. Sales statistics and order logs are allegedly provided as proof. Access is listed for auction with a starting price of $2,000, step $250, and blitz price $3,500.
Date: 2026-01-29T04:16:50Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274748/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/283a522c-b02b-4b1e-a1bc-edbd3306bd67.png
https://d34iuop8pidsy8.cloudfront.net/922b088d-e770-4c2f-bef3-22e2a8d0e7a4.png
Threat Actors: JustAnon69
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to Centrographic
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials to Centrographic.
Date: 2026-01-29T04:15:22Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/179
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbd952d7-c5cb-4f1f-b905-74afd9829dec.png
Threat Actors: Neffex THe BlackHat
Victim Country: Italy
Victim Industry: Printing
Victim Organization: centrographic
Victim Site: centrograficotorino.it
Pharaohs Team Channel targets the website of Leni
Category: Defacement
Content: The group claims to have defaced the website of Leni
Date: 2026-01-29T04:03:33Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a5c74044-a96a-474d-98f5-f2de799858ae.png
https://d34iuop8pidsy8.cloudfront.net/f8797470-1913-44ac-b061-17c2deb8d6d0.png
Threat Actors: Pharaohs Team Channel
Victim Country: USA
Victim Industry: Software Development
Victim Organization: leni
Victim Site: a-leni.com
Alleged leak of Fanvue Verified Creator Accounts
Category: Data Breach
Content: The threat actor claims to have leaked Fanvue Verified Creator Accounts
Date: 2026-01-29T04:00:24Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-%E2%9A%A1Fanvue-Verified-Creator-Account%E2%9A%A1-Male-Female-%E2%9A%A1Lowest-Price-On-The-Market-%E2%9C%85
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43deee6e-8690-400e-9477-bae481265ee4.png
Threat Actors: OnlyCheap
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: fanvue
Victim Site: fanvue.com
Alleged leak of WordPress admin credentials to Sinopsis Media
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials of Sinopsis Media.
Date: 2026-01-29T03:57:19Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/178
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f98055b2-3b3b-4536-ad1e-479f0ceb55e0.png
Threat Actors: Neffex THe BlackHat
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: sinopsis media
Victim Site: develop.sinapsis.media
Alleged leak of PayPal Business and Personal Accounts
Category: Data Breach
Content: The threat actor claims to have leaked PayPal business and personal accounts
Date: 2026-01-29T03:43:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-%E2%9A%A1%EF%B8%8F-Paypal-Business-Personal-Accounts-New-Aged-Fast-Delivery-%E2%9A%A1%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9995bd21-c087-4804-8407-e053ac36b790.png
https://d34iuop8pidsy8.cloudfront.net/f08421d1-2d04-4b1c-b093-534d06913113.png
Threat Actors: Kayote
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: paypal
Victim Site: paypal.com
Alleged leak of WordPress admin credentials to Lupedearena
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials of Lupedearena.
Date: 2026-01-29T03:34:37Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/176
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ff103f2-233d-443b-a91d-7db1f7137c2b.png
Threat Actors: Neffex THe BlackHat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: lupedearena
Victim Site: lupedearena.com
Alleged Sale of Italian Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling Italian Email and Password Database
Date: 2026-01-29T03:28:37Z
Network: openweb
Published URL: https://bhf.pro/threads/718936/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8cb007c-9e89-457a-bb76-9a56e7a21a99.png
Threat Actors: mingfreman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to Theoriefixers
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials to Theoriefixers
Date: 2026-01-29T03:28:26Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/168
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b7e0799-4b8d-4859-8a9e-6c389fab0cab.png
Threat Actors: Neffex THe BlackHat
Victim Country: Netherlands
Victim Industry: Education
Victim Organization: theoriefixers
Victim Site: theoriefixers.nl
Alleged Leak of Documents from Multiple Countries
Category: Data Breach
Content: The threat actor claims to be leaked Documents from Multiple Countries
Date: 2026-01-29T03:28:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-mix-doc-3gb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/669f9046-e5cb-4758-a863-6b781114da31.png
Threat Actors: DocLite
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of French Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling Email and Password Database
Date: 2026-01-29T03:21:45Z
Network: openweb
Published URL: https://bhf.pro/threads/718935/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5ca77329-9fde-4e1c-9539-39631c6a4a26.png
Threat Actors: mingfreman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of German Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling German Corporate Email and Password Database
Date: 2026-01-29T03:10:49Z
Network: openweb
Published URL: https://bhf.pro/threads/718927/#post-7490736
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55c1ee65-875e-4e3e-bf15-70b20c1daa33.png
Threat Actors: mingfreman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to Di Porto Architecture & Design
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials of Di Porto Architecture & Design
Date: 2026-01-29T03:09:16Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/180
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/09acf558-5b78-417b-9401-9bf83691a0f8.png
Threat Actors: Neffex THe BlackHat
Victim Country: Italy
Victim Industry: Design
Victim Organization: di porto architecture & design
Victim Site: studio-diporto.com
Alleged Sale of Canadian Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling Canadian Email and Password Database
Date: 2026-01-29T03:07:11Z
Network: openweb
Published URL: https://bhf.pro/threads/718931/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d227f1d-782b-4b34-8f69-27f64cd4c114.png
Threat Actors: mingfreman
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to Sparkling Spring
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials of Sparkling Spring
Date: 2026-01-29T03:06:12Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f658864-4e0e-4486-9e66-cd7bcf28b53b.png
https://d34iuop8pidsy8.cloudfront.net/4560562f-d03d-49d1-92b4-f322da93161e.png
https://d34iuop8pidsy8.cloudfront.net/f5f2129b-dbb3-40d4-828a-70b6868a5b2d.png
Threat Actors: Neffex THe BlackHat
Victim Country: Russia
Victim Industry: Other Industry
Victim Organization: sparkling spring
Victim Site: purifier.sparklingspring.ru
Alleged data breach of RMGA
Category: Data Breach
Content: The group claims to have obtained data from RMGA.
Date: 2026-01-29T03:00:17Z
Network: tor
Published URL: http://nleakk6sejx45jxtk7x6iyt65hwvfrkifc5v7ertdlwm3gttbpvlvxqd.onion/view_article.php?article=FOPja1LFmE5hAVQWWdXkivgFpph4jXLXvTUhId95TSTWNR2hbVduNP3n1ixIYjmB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b353442-5ea7-48f9-a0f1-26c8bf8077e7.png
Threat Actors: Leaknet
Victim Country: Belgium
Victim Industry: Automotive
Victim Organization: rmga
Victim Site: rmga.be
Alleged Sale of UK Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling UK Email and Password Database
Date: 2026-01-29T02:59:16Z
Network: openweb
Published URL: https://bhf.pro/threads/718930/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc362a5d-a018-4b8a-b580-e9bc291feec0.png
Threat Actors: mingfreman
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Japanese Email and Password Database
Category: Data Breach
Content: The threat actor claims to be selling Japanese Email and Password Database
Date: 2026-01-29T02:56:39Z
Network: openweb
Published URL: https://bhf.pro/threads/718932/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a5ba5e16-0629-4482-8a07-332a5344348d.png
Threat Actors: mingfreman
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin access to unidentified store in Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in Italy.
Date: 2026-01-29T02:52:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274703/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f07a028c-7569-4750-9f76-eeb305638c55.png
Threat Actors: TreeWater
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Turkish GSM database
Category: Data Breach
Content: The threat actor claims to be leaked 145 million Turkish GSM data
Date: 2026-01-29T02:25:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-turkey-145-million-gsm-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db4c48ec-bb2d-43dd-9ff9-0dcbb026fd4b.png
Threat Actors: hizim180
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Unidentified Turkish Province Deed Data
Category: Data Breach
Content: The threat actor claims to be leaked 97 million Unidentified 33 Turkish Province Deed Data
Date: 2026-01-29T02:18:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-turkey-97-million-37-province-deed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c556843-630e-408e-ae42-560509f4e1e7.png
Threat Actors: hizim180
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Semsar Masr
Category: Data Breach
Content: The threat actor claims to be leaked dat from Semsar Masr. The compromised data reportedly including User ID, Member ID, Username, Email address, Phone number, First name, last name, full name, Country, region, city, district
Date: 2026-01-29T02:05:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-www-semsarmasr-com-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9ba931f7-8c9a-4239-a319-fecedff1b16f.png
Threat Actors: Al-Sheikh
Victim Country: Egypt
Victim Industry: Real Estate
Victim Organization: semsar masr
Victim Site: semsarmasr.com
INDRAMAYU CHAOS SYSTEM targets the website of Thrivus University for Biomedical Science and Technology
Category: Defacement
Content: The group claims to have defaced the website of Thrivus University for Biomedical Science and Technology
Date: 2026-01-29T01:52:29Z
Network: telegram
Published URL: https://t.me/c/3427600175/345
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/067f7f49-c707-4432-9d3a-86f7c422b0ed.png
Threat Actors: INDRAMAYU CHAOS SYSTEM
Victim Country: Ghana
Victim Industry: Higher Education/Acadamia
Victim Organization: thrivus university for biomedical science and technology
Victim Site: thrivusinstitute.edu.gh
Alleged Data Breach of DevCamp
Category: Data Breach
Content: The threat actor claims to be leaked data from DevCamp. The compromised data reportedly including First name, last name, Email address, Phone number, WhatsApp number, Address, Education & Enrollment Data
Date: 2026-01-29T01:41:51Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Spain-Dump-devcamp-es
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7fd7b08-243e-4892-a18f-3c9cd590ec04.png
Threat Actors: just1m
Victim Country: Spain
Victim Industry: Education
Victim Organization: devcamp
Victim Site: devcamp.es
Alleged data leak of SilkRoad Dark Web Market
Category: Data Breach
Content: The threat actor claims to be leaked data allegedly associated with SilkRoad Dark Web Market from 2025. The compromised data reportedly including name, Email, username, merchants, products, transactions, images
Date: 2026-01-29T01:40:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-SilkRoad-Darkweb-Pack-Database-Leak-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d75fae97-fb93-44c2-892b-787250d93b4e.png
https://d34iuop8pidsy8.cloudfront.net/2c03b69d-7f39-4f84-94aa-937ba15fe477.png
Threat Actors: 0BITS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to CannaSense
Category: Initial Access
Content: The group claims to have obtained and leaked WordPress administrator credentials to CannaSense
Date: 2026-01-29T01:16:43Z
Network: telegram
Published URL: https://t.me/neffex_the_blackhat/166
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7169f8cf-345d-4acc-9585-a1ac35e88512.png
Threat Actors: Neffex THe BlackHat
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: cannasense
Victim Site: cannasense.com
Alleged data breach of VeryChic
Category: Data Breach
Content: The threat actor claims to be leaked data from VeryChic. The compromised data reportedly contain 900,000 records including Full name, Date of birth, Email address, Phone number, Physical address, Reservation number, Transport details, Payment Information
Date: 2026-01-29T00:35:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FR-BE-IT-DE-CH-VERYCHIC-FR-LUXURY-HOTEL-900K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6f1c874-95dc-42d6-abcd-80ff58740596.png
Threat Actors: marak
Victim Country: France
Victim Industry: Leisure & Travel
Victim Organization: verychic
Victim Site: verychic.fr