[February-5-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This comprehensive intelligence report analyzes 91 distinct cybersecurity incidents detected on February 5, 2026. The data indicates a volatile global threat landscape characterized by a high volume of data breaches, targeted initial access sales, and politically motivated hacktivist activity.

Key trends observed in this reporting period include a massive, coordinated campaign targeting French infrastructure and social services, a persistent wave of financial sector compromises in the Middle East (specifically Iraq and Israel), and continued exploitation of critical infrastructure vulnerabilities in Italy and Ukraine. The day’s events also highlight a significant market for “Initial Access” brokering, where threat actors sell administrative access to compromised networks, firewall roots, and e-commerce backends rather than leaking data immediately.

The following report details these incidents by sector and region, provides profiles on active threat actors, and concludes with a strategic assessment of the current risk environment.

2. Threat Landscape Analysis

2.1 The French Onslaught

A disproportionate number of incidents on February 5 directed targeted French organizations, particularly within the public and non-profit sectors. Threat actors such as HexDex and sux1337 were highly active. Notable victims include FranceConnect, a critical government digital identity service , and Aide à Domicile en Milieu Rural (ADMR), a major social assistance network. The breadth of these attacks—ranging from hiking federations to cinema chains—suggests a broad, opportunistic campaign to harvest French Personally Identifiable Information (PII) for fraud or further targeted phishing.+1

2.2 Middle Eastern Financial Sector Campaign

A specific threat group, A K U L A v 2, executed a rapid-fire campaign against financial and government institutions in Iraq and Israel. Within a span of hours, this actor claimed to leak login credentials for the Iraqi Islamic Bank, Real Estate Bank of Iraq, and various Israeli entities. This pattern indicates a potential credential stuffing operation or the exploitation of a common vulnerability across regional banking portals.+1

2.3 Critical Infrastructure & Industrial Systems

Operational Technology (OT) and critical infrastructure remain prime targets. Incidents involved physical damage to power stations in Ukraine by the IT ARMY OF RUSSIA and unauthorized access to thermal control systems in Italy and South Korea. These attacks move beyond data theft, threatening physical safety and service continuity.+2

3. Detailed Incident Analysis by Sector

3.1 Government, Public Sector, and Defense

The public sector faced the most severe data privacy violations during this period, with citizen registries and defense data exposed.

Israel Ministry of Defense: The group A K U L A v 2 claimed to have leaked data related to the Israel Ministry of Defense. This is a high-severity incident given the potential national security implications.
FranceConnect: In a massive breach of digital identity infrastructure, actor sux1337 claimed to leak a database of approximately 48,849 records from FranceConnect. The data reportedly includes extensive administrative information, workflow metadata, and location details.+1
California Air Resources Board (USA): LulzSec Hackers claimed a breach involving emails and phone numbers from this environmental agency.
Ministry of Health, Population and Hospital Reform (Algeria): DARK 07x claimed a catastrophic breach, asserting access to administrative accounts, internal messages, and large volumes of employee and citizen data.
Thai E-Visa Official Website: A threat actor named miyako listed unauthorized access to the Thailand Government Visa Program. The sale included root remote code execution (RCE) and network admin panel privileges, posing a severe border security risk.+1
Centre National de Gestion (France): Actor HexDex listed 4,000 records of financial management staff, including job profiles and treasury details.
Centre Communal d’Action Sociale of Dunkerque (France): Another breach by HexDex exposed 66,000 records, including 40,406 phone numbers and 13,098 emails.

Healthcare organizations continue to be soft targets for ransomware and data extortion due to the sensitivity of patient data.

Lakelands Public Health (Canada): A cyber attack discovered on January 29 caused disruptions to internal systems. While critical disease systems remain operational, this incident highlights the operational fragility of regional health units.+1
Astensanté (France): Actor sux1337 released a database of 7,665 records containing sensitive medical information, including treatment details, prescriptions, and medical observations.
EMMAUS (France): The group HuntSec leaked records of 100 students associated with this non-profit, including role and contact information.

3.3 Financial Services and Banking

The financial sector saw a mix of “insider” threats and external credential leaks.

Coinbase (USA): In a notable incident, Coinbase confirmed a data breach stemming from an insider threat. A rogue contractor, now terminated, leaked screenshots of internal support tools and user account information.+1
Step Finance (USA): A major crypto-asset theft occurred where attackers compromised executive devices, leading to the theft of $40 million in digital assets.
Iraqi Islamic Bank & Real Estate Bank of Iraq: A K U L A v 2 claimed leaks of login credentials for both institutions, suggesting a systemic weakness in Iraqi banking portals.+1
Discount Bank (Israel): The same actor, A K U L A v 2, targeted this major Israeli bank, claiming to leak login credentials.
Cardbase (USA): Actor Al3in put up for sale a database of 248,000 user records from the trading card platform Cardbase.
Cryptex: A legacy database from a 2020 breach was reshared by Enricaxo, reminding organizations that old data remains in circulation.

3.4 Critical Infrastructure, Energy, and Utilities

Attacks on physical infrastructure monitoring and control systems were prevalent.

Qatar Engineering and Construction Company: LulzSec Hackers claimed a breach involving passports, documents, and mobile numbers from this Oil & Gas sector entity.
SST Chioggia (Italy): A cyber attack hit the transportation and logistics provider, disrupting the Chioggia Fish Market’s transaction support systems.
Ukraine Power Stations: The IT ARMY OF RUSSIA claimed to have accessed inverter systems at unidentified technological power stations, deliberately inducing overloads to cause irreversible physical damage.
Italian Heating Systems: Z-PENTEST ALLIANCE claimed access to an HMI interface for residential heating, allowing them to modify valve settings and pump modes.
Geothermal Heat Pump Control (South Korea): RipperSec claimed unauthorized access to control systems, further evidencing the vulnerability of IoT-connected industrial equipment.

3.5 Education and Research

Academic institutions were frequently targeted for student data and administrative access.

China National Super-computing Center (NSCC): In a massive claim, actor Citizen alleged leaking 10+ Petabytes of data including military, aerospace, and fusion simulation research.
Universiti Teknikal (Malaysia): Citizen also claimed a leak of 3,000 student records including ID card numbers and hashed passwords.
Nusa Cendana University (Indonesia): AYYUBI leaked student graduation data including study programs and faculty details.
Prince of Songkla University (Thailand): NXBB.SEC leaked login credentials for this institution.

3.6 Retail, E-Commerce, and Corporate

This sector faced a high volume of “Initial Access” sales, where hackers sell the “keys” to online shops rather than the data itself.

Lazada Indonesia: TESTI CINCAU leaked credentials for the management portal of this major e-commerce platform.
PrestaShop & Magento Stores: Multiple actors (e.g., duffyduck11, Saiwer, Zimmer) listed unauthorized access to online shops in France, Europe, and the USA. These listings often included admin panel access or SQL injection entry points.+2
Universal Traveller (Malaysia): Citizen leaked 60,000 user records including password hashes.
Family Cinéma (France): HexDex sold data on 156,489 orders placed by cinema customers.

4. Threat Actor Profiles

4.1 A K U L A v 2

This actor was extremely prolific on February 5, focusing on Credential Leaks via Telegram. Their targets were strictly high-value: banks, insurance companies, and government ministries in Iraq, Israel, Iran, and the UAE.

Tactics: Leaking login credentials for specific portals (e.g., agent portals, business portals).
Targets: Iraqi Islamic Bank , Real Estate Bank of Iraq , Middle East Life Insurance (Iran) , A+A Interior Design (UAE) , Ministry of Labour (Iraq).+4

4.2 HexDex

Operating primarily on “openweb” forums (likely BreachForums), HexDex focused on French entities, monetizing large datasets of PII.

Tactics: Selling or leaking medium-to-large databases (4k to 800k records).
Targets: French Hiking Federation (814k records) , Family Cinéma (156k orders) , CCAS Dunkerque (66k records).+2

4.3 Citizen

This actor targeted Asian infrastructure and education, with one massive claim regarding Chinese research data.

Tactics: High-volume data leaks involving government or research data.
Targets: China National Super-computing Center , Universiti Teknikal Malaysia , Universal Traveller , High-ranking Israeli IDs.+3

4.4 LulzSec Hackers

A revival of a notorious name, this group focused on political and industrial targets.

Targets: Qatar Engineering and Construction Company , California Air Resources Board.+1

5. Regional Analysis

5.1 France

France was the primary victim of data breach leaks on this day. The sheer variety of targets—from the FranceConnect identity system to the Hiking Federation—indicates a “dragnet” approach where threat actors are aggregating French citizen data from every available source. The ADMR breach is particularly concerning as it affects vulnerable populations receiving home care.

5.2 Israel

Israel faced a dual threat: hacktivism and financial crime. A K U L A v 2 and Citizen targeted defense (Ministry of Defense, Mossad agent IDs) and banking infrastructure. These leaks often serve a psychological warfare purpose in addition to their cybersecurity impact.

5.3 USA

US targets were diverse. The Coinbase insider breach demonstrates that even the most hardened tech companies are vulnerable to human error/malice. The California Air Resources Board breach and EcoATM breach (biometrics, device images) show a continued erosion of consumer privacy.

5.4 Southeast Asia (Indonesia, Thailand, Malaysia)

This region saw a heavy volume of education sector breaches and government portal compromises. The Thai E-Visa firewall sale is a critical border security failure if legitimate. Indonesia saw breaches in education (Nusa Cendana) and e-commerce (Lazada).

6. Comprehensive Incident Log

For the purpose of this report, all 91 incidents are categorized and summarized below.

Category: Data Breach (High Impact)

Qatar Engineering and Construction Company: LulzSec Hackers leaked passports and emails.
EMMAUS (France): HuntSec leaked student records.
jplatform (Armenia): azrekx leaked 354,000 citizen records.
Intelligence X (Germany): sux1337 leaked data related to Intelx.io.
FranceConnect: sux1337 leaked 48,849 administrative records.
Algeria Ministry of Health: DARK 07x breached internal databases and emails.
Soft98.ir (Iran): A K U L A v 2 leaked login credentials.
Belgian Phone Database: workrussia43 leaked a database of Belgian mobile numbers.
Aparat (Iran): A K U L A v 2 leaked credentials for this social site.
CNG (France): HexDex sold 4,000 financial staff records.
Hendrik Veder Group (Netherlands): AvangardSec claimed a ransomware attack with 1TB data exfiltration.
Salatiga City UMKM (Indonesia): hamzahcorp leaked 15,000 business records.
Middle East Life Insurance: A K U L A v 2 leaked agent portal credentials.
Israeli Citizen Data: STGHO3T leaked general citizen data.
French Hiking Federation: HexDex leaked 814,000 records.
CCAS Dunkerque (France): HexDex leaked 66,000 records.
CLASS.am (Armenia): c0mmandor breached 59 rows of service data.
Microsoft Users (Israel): A K U L A v 2 leaked credentials.
Iraqi Islamic Bank: A K U L A v 2 leaked credentials.
Real Estate Bank of Iraq: A K U L A v 2 leaked credentials.
ecoATM, LLC (USA): zvezdanwastaken leaked 892 records including biometrics and device images.
Ant Yapi (UK): zestix leaked 8.9GB of architectural and engineering files.
US Residents: 7pFT54FFdO claimed a massive leak of 2 billion lines of data.
Singapore Citizens: hulky leaked 2.7M rows of name/phone data.
Israel Ministry of Defense: A K U L A v 2 leaked data.
Discount Bank (Israel): A K U L A v 2 leaked credentials.
International Islamic Bank: A K U L A v 2 leaked credentials.
Family Cinéma (France): HexDex sold 156k order records.
Coinbase (USA): Confirmed insider breach of support tools.
Digital Library of Literature (Brazil): ldopanda2 leaked user emails and IPs.
ELTA Systems Ltd (Israel): A K U L A v 2 leaked employee credentials.
Marketing Leads: asfmnyr5g leaked B2C WhatsApp/email leads.
Discord: famery claimed a massive breach of 5.2 billion messages (likely recycled/scraping).
Drushim IL (Israel): A K U L A v 2 leaked credentials.
Flair Airlines (Canada): GordonFreeman claimed data extraction.
Nusa Cendana University (Indonesia): AYYUBI leaked student data.
pioneer.xssl.net: Tanaka leaked database.
Bonua Data (Indonesia): maulnism1337 breached education data.
Ministry of Labour (Iraq): A K U L A v 2 leaked credentials.
Cardbase (USA): Al3in sold 248k user records.
Universiti Teknikal (Malaysia): Citizen leaked 3k student records.
Indian Customer Data: evilsanta2008 sold 10,054 records.
California Air Resources Board: LulzSec Hackers leaked emails/phones.
Universal Traveller (Malaysia): Citizen leaked 60k records.
Cryptex: Enricaxo reshared a 2020 database.
High-Ranking Israelis/Mossad: Citizen leaked IDs.
EU Companies: thomasvalmorin2828 leaked corporate emails from multiple firms.
China National Super-computing Center: Citizen claimed 10PB data leak.
FiveM: Cvld leaked 1 million player accounts.
Astensanté (France): sux1337 leaked medical records.
ADMR (France): kzh1337 leaked social assistance data.
German Corporate Emails: kaykaykay sold 11 million B2B emails.
Business Accounting Records (USA): remotedesktop leaked 1,694 financial records.
79K Crypto Leads: betway sold leads from Australia, UK, Canada, France.

Category: Initial Access (System Compromise)

US Industrial Facility: Cyber 4vengers accessed CCTV systems.
Ukraine Power Stations: IT ARMY OF RUSSIA accessed inverters.
Italian Heating Systems: Z-PENTEST ALLIANCE accessed HMI interfaces.
InterActive QRIS (Indonesia): TESTI CINCAU leaked business portal credentials.
Lazada Indonesia: TESTI CINCAU leaked management portal credentials.
French Online Shop: duffyduck11 sold PrestaShop admin access.
mmtplonline.com (India): crazyboy68 sold admin access.
International Edu Council (India): crazyboy68 sold DB and admin access.
European Sports Shop: Saiwer sold Magento Iframe access.
US Shop: savel987 sold SQL injection access to backend.
Japanese SMTP Accounts: savel987 sold access to mail servers.
Italian WordPress Shop: ParanoiaDe sold admin access.
Australian Credit Cards: Forbs sold 900 cards.
EU PrestaShop: duffyduck11 sold admin access.
Italian CCTV: NoName057(16) accessed cameras.
Starter Israel: Suffer Dimension Official leaked login access.
Blue Pisces Law (Japan): HellR00ters Team leaked shell access.
Geothermal Heat Pump (Korea): RipperSec accessed controls.
Thai E-Visa Website: miyako sold firewall root access.
Benjamarachanusorn School (Thailand): NXBB.SEC leaked credentials.
Prince of Songkla University: NXBB.SEC leaked credentials.
US Credit Cards: kasap sold 100 records.
Global Web/SSH Access: Zimmer sold root access to servers.

Category: Cyber Attack (Disruption/Ransomware)

SST Chioggia (Italy): Services suspended due to attack.
Uffizi Gallery (Italy): Administrative systems targeted, museum remained open.
Lakelands Public Health (Canada): Service disruption due to cyber attack.
VMware ESXi Systems: CISA warned of active exploitation of ESXi vulnerability.
Step Finance: $40M theft via executive device compromise.

Category: Defacement

Beijing Longshaoheng Mansion: Defaced by PASKO CYBER REXOR.
IOTA Engineering (Kenya): Defaced by 404 CREW CYBER TEAM.
Tax Free Retirement Simplified (USA): Defaced by DEFACER INDONESIAN TEAM.

Category: Alert/Warning

Novoros-Telecom (Russia): Targeted by IT ARMY of Ukraine.
South Korea: Targeted by BD Anonymous.

7. Conclusion

The events of February 5, 2026, illustrate a hyper-active and segmented cyber threat environment.

First, the commoditization of access is rampant. The sheer number of “Initial Access” listings for sale—ranging from Japanese SMTP servers to Thai government firewalls—suggests that specialized “Access Brokers” are feeding downstream ransomware gangs and APT groups. The barrier to entry for conducting sophisticated attacks is lowered when root access is sold for a few hundred dollars on forums like BreachForums or Exploit.in.

Second, critical infrastructure is under active fire. The confirmed physical damage attempts on Ukrainian power stations and the manipulation of Italian heating systems demonstrate that cyber attacks are increasingly kinetic, aiming to destroy equipment or endanger safety rather than just steal data.

Third, the geographic concentration of attacks reveals geopolitical undercurrents. The swarm of attacks on French public services implies a coordinated effort to destabilize trust in French digital infrastructure. Similarly, the relentless targeting of Israeli and Iraqi financial institutions by A K U L A v 2 points to regional conflict manifesting in the digital domain.

Finally, the human element remains the weakest link. The Coinbase breach, caused by a contractor, and the Step Finance theft, caused by compromised executive devices, serve as stark reminders that technical defenses like firewalls are insufficient without rigorous insider threat management and endpoint security for high-value personnel.

Organizations are advised to immediately patch VMware ESXi instances, review third-party contractor access privileges, and increase monitoring for credential stuffing attacks against public-facing portals.

Detected Incidents Draft Data

Alleged data breach at Qatar Engineering and Construction Company
Category: Data Breach
Content: The group claims to have leaked data from Qatar Engineering and Construction Company. The compromised data includes names, emails, mobile numbers, documents, and passports.
Date: 2026-02-05T23:59:58Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/386
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a619b0e3-9ed9-4d45-ba1b-bd3c31b0f9d1.png
https://d34iuop8pidsy8.cloudfront.net/fa38843e-113d-4dc3-a5a9-aa20681cd8ef.png
Threat Actors: LulzSec Hackers
Victim Country: Qatar
Victim Industry: Oil & Gas
Victim Organization: qatar engineering and construction company
Victim Site: qcon.com.qa
Cyber Attack Hits SST Chioggia
Category: Cyber Attack
Content: The Municipality of Chioggia and SST Chioggia reported a cyber attack that affected SST Chioggia’s digital systems, leading to the temporary suspension of some services, including transaction support for the Chioggia Fish Market. The attack was detected quickly, emergency security measures were activated, and cybersecurity experts and authorities were informed. Municipal systems were not affected because they are separate from SST’s network. As a precaution, some operations were paused to protect data and users while checks are ongoing. Investigations are continuing, and services will be gradually restored once the systems are confirmed to be secure.
Date: 2026-02-05T23:58:41Z
Network: openweb
Published URL: https://www.chioggianotizie.it/cronaca/2026/02/05/news/spoofing-di-chiamate-e-sms-cos-e-e-come-difendersi-387893/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Italy
Victim Industry: Transportation & Logistics
Victim Organization: sst chioggia
Victim Site: sstchioggia.it
Alleged data breach of EMMAUS
Category: Data Breach
Content: The threat actor claims to have leaked data from EMMAUS. The compromised data reportedly contain 100 Students records including First Name, Name, Role and Email ID information.
Date: 2026-02-05T23:53:41Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-FR-EMMAUS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8dfa5b89-8cb4-4594-a32d-6ff033c0d439.png
https://d34iuop8pidsy8.cloudfront.net/df5f2417-809d-424e-9b2b-7fa1d4f26d74.png
Threat Actors: HuntSec
Victim Country: France
Victim Industry: Non-profit & Social Organizations
Victim Organization: emmaüs
Victim Site: emmaus-france.org
Cyber Attack Hits Uffizi
Category: Cyber Attack
Content: The Uffizi Gallery in Florence was hit by a cyber attack around the same time as an attack on Rome’s Sapienza University, but the museum stayed open to visitors. The hackers mainly targeted the museum’s administrative systems, so computers and email accounts were temporarily shut down as a precaution, while exhibitions, security, and visitor services continued as normal. Initial checks found no serious damage, and backup systems were activated. Cybersecurity experts and Italian authorities are investigating the attack, restoring systems gradually, and staff were advised not to use their computers until checks are complete and to change passwords.
Date: 2026-02-05T23:48:50Z
Network: openweb
Published URL: https://www.cybersecitalia.it/galleria-degli-uffizi-sotto-attacco-cyber-museo-aperto-ma-stop-ai-servizi-amministrativi/58908/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Italy
Victim Industry: Museums & Institutions
Victim Organization: uffizi
Victim Site: uffizi.it
Cyber Attack Hits Lakelands Public Health
Category: Cyber Attack
Content: Lakelands Public Health discovered a cybersecurity issue on January 29 and quickly took action to secure its systems and start an investigation with the help of a cybersecurity firm. Some internal systems are affected, which may cause temporary disruptions to certain services, but important systems related to infectious diseases, immunizations, and sexual health appointments have not been impacted so far. The organization says protecting personal information and restoring services safely is the top priority, and anyone affected will be contacted if needed.
Date: 2026-02-05T23:32:42Z
Network: openweb
Published URL: https://www.thepeterboroughexaminer.com/news/health-unit-cyber-attack-response/article_df372ec0-e998-571f-8a92-ee260a46d408.html
Screenshots:
None
Threat Actors: Unknown
Victim Country: Canada
Victim Industry: Hospital & Health Care
Victim Organization: lakelands public health
Victim Site: lakelandsph.ca
Alleged data breach of jplatform
Category: Data Breach
Content: The threat actor claims to have leaked data from jplatform. The compromised data reportedly contain 354,000 armenian citizen records including person numbers, first name, last names
Date: 2026-02-05T23:25:56Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-jplatform-am-354k-ARMANIA-PERSON-NUMBER
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4686ddd-dcbf-4083-a622-9663b3051121.png
Threat Actors: azrekx
Victim Country: Armenia
Victim Industry: Other Industry
Victim Organization: jplatform
Victim Site: jplatform.am
Alleged unauthorized access to the CCTV system of an unidentified industrial facility in the USA
Category: Initial Access
Content: The group claims to have gained unauthorized access to the CCTV surveillance system of an unidentified industrial facility in the USA.
Date: 2026-02-05T23:03:12Z
Network: telegram
Published URL: https://t.me/Cyber4vengers/17
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2a3bea21-055c-4a4d-bb16-e17665103f3c.png
Threat Actors: Cyber 4vengers
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 79K Cryptocurrency Private Leads from Multiple Countries
Category: Data Breach
Content: Threat Actor claims to be selling a database containing approximately 79,000 private leads of individuals reportedly interested in cryptocurrency, allegedly collected through advertising campaigns. The exposed data includes full names, phone numbers, email addresses, registration dates, country information, and partner identifiers. Also 78,841 phone numbers and 79,415 email addresses are unique, with records spanning multiple countries including Australia, the United Kingdom, Canada, France, and several EU and Asia-Pacific regions.
Date: 2026-02-05T22:47:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275344/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8203c64-38af-464e-8e79-67f8eb45f49e.png
Threat Actors: betway
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to unidentified technological power stations in Ukraine
Category: Initial Access
Content: The group claims to have accessed inverter systems, deliberately induced overload conditions, and caused irreversible physical damage resulting in equipment failure
Date: 2026-02-05T22:03:32Z
Network: telegram
Published URL: https://t.me/itarmy_ru/280
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/291bf52f-a02d-470b-9d49-2d49aecf5f45.jpg
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Intelligence X
Category: Data Breach
Content: A threat actor claims to be sharing data allegedly related to Intelx.io in the form of a RAR archive containing 34 files.
Date: 2026-02-05T20:23:55Z
Network: openweb
Published URL: https://breachforums.jp/Thread-Intelx-io-DATA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc8ca163-6c3a-4e65-b9ce-609d53779393.png
Threat Actors: sux1337
Victim Country: Germany
Victim Industry: Computer & Network Security
Victim Organization: intelligence x
Victim Site: intelx.io
Alleged data breach of FranceConnect
Category: Data Breach
Content: A threat actor claims to be leaking a FranceConnect database allegedly containing approximately 48,849 records. The exposed data is said to include extensive personal and administrative information such as names, email addresses, phone numbers, addresses, location details, workflow metadata, document references, sales and campaign data, and other internal system fields.
Date: 2026-02-05T20:10:06Z
Network: openweb
Published URL: https://breachforums.jp/Thread-FRANCE-CONNECT-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/404a447c-81c7-4bf7-9bac-e3b6c7b4176a.png
Threat Actors: sux1337
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: franceconnect
Victim Site: franceconnect.gouv.fr
Alleged data breach of Algerias Ministry of Health, Population and Hospital Reform
Category: Data Breach
Content: The group claims to have breached the database of Algerias Ministry of Health, Population and Hospital Reform and have leaked databases, obtained administrative and supervisory account access, and accessed multiple subdomains containing large volumes of data, including employee and citizen information, as well as internal messages and email systems.
Date: 2026-02-05T20:02:18Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1575
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/843025f1-2219-4fff-b11b-72d1b586ef1b.jpg
https://d34iuop8pidsy8.cloudfront.net/84e9b197-7bec-4ef4-bec3-f202cc923110.jpg
https://d34iuop8pidsy8.cloudfront.net/746baf33-d057-45cf-9a21-51300777eb9d.jpg
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Government Administration
Victim Organization: ministry of health, population and hospital reform of algeria
Victim Site: sante.gov.dz.
Alleged unauthorized access to an HMI interface of heating and domestic hot water systems in Italy
Category: Initial Access
Content: The group claims to have gained unauthorized access to an HMI interface controlling residential heating and domestic hot water systems in Italy. According to the statement, the compromised system manages zone valves, climate and hot water timers, a heat pump, boiler, and fan coil unit, with the actor alleging administrative access that allowed modification of timers, pump modes, and valve settings, as well as configuration data capture
Date: 2026-02-05T19:36:08Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1045
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/59619e04-68ff-4a93-aee2-8d1715f1ea30.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials of A+A Interior Design
Category: Data Breach
Content: The group claims to have leaked login credentials of A+A Interior Design
Date: 2026-02-05T19:23:12Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053551
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/633c399d-3c39-45c5-a097-d099fa0c0250.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Architecture & Planning
Victim Organization: a+a interior design
Victim Site: hhibz.ae
Alleged leak of login credentials for business portal of InterActive QRIS
Category: Initial Access
Content: The group claims to have leaked login credentials for business portal of InterActive QRIS
Date: 2026-02-05T19:17:01Z
Network: telegram
Published URL: https://t.me/TestiCincau2/79
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca77c07e-fa69-4b74-aad3-6c4de20a79b5.jpg
Threat Actors: TESTI CINCAU
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: interactive qris
Victim Site: merchant.qris.id
PASKO CYBER REXOR targets the website of Beijing Longshaoheng Mansion
Category: Defacement
Content: The group claims to have defaced the website of Beijing Longshaoheng Mansion
Date: 2026-02-05T19:08:50Z
Network: telegram
Published URL: https://t.me/c/2855272928/7244
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ba489473-a47d-4e20-ab2c-05aae283151c.jpg
Threat Actors: PASKO CYBER REXOR
Victim Country: China
Victim Industry: Restaurants
Victim Organization: beijing longshaoheng mansion
Victim Site: lsh-hotel.com
Alleged Data Leak of Business Accounting Records in USA
Category: Data Breach
Content: Threat Actor claims to have leaked the data allegedly taken from the accounting department of a company involved in inter-company financial settlements in USA. The exposed dataset reportedly contains approximately 1,694 records and includes company names, addresses, telephone numbers, email addresses, EIN (tax ID), and AN/RN identifiers
Date: 2026-02-05T19:01:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275330/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a49c8a57-188a-409d-87ed-7bd4703128ac.png
Threat Actors: remotedesktop
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Astensanté
Category: Data Breach
Content: A threat actor claims to be leaking the Astensanté database, allegedly containing 7,665 records. The exposed data sample suggests sensitive medical and personal information, including patient names, civil status, phone numbers, addresses, medical observations, treatment details, prescription history, visit records, and related healthcare data.
Date: 2026-02-05T18:59:19Z
Network: openweb
Published URL: https://breachforums.jp/Thread-ASTENSANTE-DATA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0945d932-89ec-4104-8704-d14aa8423393.png
Threat Actors: sux1337
Victim Country: France
Victim Industry: Hospital & Health Care
Victim Organization: astensanté
Victim Site: astensante.com
Alleged leak of login credentials for management portal for Lazada Indonesia
Category: Initial Access
Content: The group claims to have leaked login credentials for the management portal for Lazada Indonesia
Date: 2026-02-05T18:53:22Z
Network: telegram
Published URL: https://t.me/TestiCincau2/80
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3a8d31f-fdf9-4225-8c8b-60ff582ba488.jpg
Threat Actors: TESTI CINCAU
Victim Country: Indonesia
Victim Industry: E-commerce & Online Stores
Victim Organization: lazada indonesia
Victim Site: sellercenter.lazada.co.id
Alleged Sale of Unauthorized PrestaShop Admin Access to an Online Shop in France
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a France-based PrestaShop e-commerce site specializing in gifts and event items, including admin panel credentials along with an SQL injection entry point.
Date: 2026-02-05T18:36:26Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275317/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b720d38d-c4d9-4f9d-b4d6-d653728b0342.png
Threat Actors: duffyduck11
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Aide à Domicile en Milieu Rural (ADMR)
Category: Data Breach
Content: The threat actor claims to have breached ADMR, a French home-care and social assistance network. The allegedly leaked data includes personal information such as first and last names, email addresses, home addresses, organizational details, and related documents.
Date: 2026-02-05T18:17:17Z
Network: openweb
Published URL: https://breachforums.jp/Thread-FR-ADMR-Aide-%C3%A0-domicile-en-milieu-rural
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/946ad231-b948-47de-bade-e20ce4c97eb0.png
Threat Actors: kzh1337
Victim Country: France
Victim Industry: Non-profit & Social Organizations
Victim Organization: aide à domicile en milieu rural (admr)
Victim Site: admr.org
Alleged leak of 11 million German corporate email addresses
Category: Data Breach
Content: A threat actor claims to be selling a database containing approximately 11 million German corporate B2B email addresses, allegedly cleaned of duplicates and non-corporate entries, and shared sample data and contact details.
Date: 2026-02-05T18:10:46Z
Network: openweb
Published URL: https://breachforums.jp/Thread-11-million-corp-Germany-e-mails
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a65cddc0-887b-455e-ac95-b932510aa4bf.png
Threat Actors: kaykaykay
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials of Soft98.ir
Category: Data Breach
Content: The group claims to have leaked login credentials of Soft98.ir
Date: 2026-02-05T17:53:43Z
Network: telegram
Published URL: https://t.me/c/1943303299/1054286
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/59252cb7-1886-4e61-93b5-1188403a3f89.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Online Publishing
Victim Organization: soft98.ir
Victim Site: soft98.ir
Alleged sale of unauthorized admin access to an Indian Website mmtplonline.com
Category: Initial Access
Content: The threat actor claims to be selling administrative access to the Indian website mmtplonline.com.
Date: 2026-02-05T17:47:17Z
Network: openweb
Published URL: https://darkforums.me/Thread-INDIAN-website-mmtplonline-com-admin-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/128d25aa-9ac3-47a4-8b47-4ff3beda1e62.png
Threat Actors: crazyboy68
Victim Country: India
Victim Industry: Online Publishing
Victim Organization: mmtpl online
Victim Site: mmtplonline.com
IT ARMY of Ukraine claims to target Novoros-Telecom LLC
Category: Alert
Content: A recent post by the group indicates that they are targeting Novoros-Telecom LLC
Date: 2026-02-05T17:42:50Z
Network: telegram
Published URL: https://t.me/itarmyofukraine2022/3608
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2968c409-f8f4-4ad3-bc1f-3b6007e7d2fe.png
Threat Actors: IT ARMY of Ukraine
Victim Country: Russia
Victim Industry: Network & Telecommunications
Victim Organization: novoros-telecom llc
Victim Site: novoros-telecom.ru
Alleged Data Leak of Phone Number Database from Belgium
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with Belgium-based individuals. The exposed dataset reportedly contains phone number records only, consisting of Belgian mobile numbers allegedly exported directly from backend databases.
Date: 2026-02-05T17:37:26Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275314/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63340d47-9cef-4be7-8416-a4c3cd9ff130.png
Threat Actors: workrussia43
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an International Edu Council
Category: Initial Access
Content: The threat actor claims to be selling database and admin access to the International Edu Council (India). The allegedly exposed data includes student application records containing names, application IDs, university details, course information, application status, and related academic records.
Date: 2026-02-05T17:24:34Z
Network: openweb
Published URL: https://darkforums.me/Thread-DB-and-admin-access-International-Edu-Council-india
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd6607ca-0055-406a-a366-ab3d522efaac.png
Threat Actors: crazyboy68
Victim Country: India
Victim Industry: Education
Victim Organization: international edu council
Victim Site: internationaleducouncil.com
Alleged leak of login credentials to Aparat
Category: Data Breach
Content: The group claims to have leaked login credentials to Aparat
Date: 2026-02-05T17:09:52Z
Network: telegram
Published URL: https://t.me/c/1943303299/1054268
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cfeeea37-f97c-4501-805e-6f451d0ecb77.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Social Media & Online Social Networking
Victim Organization: aparat
Victim Site: aparat.ir
Alleged data breach of Centre National de Gestion (CNG)
Category: Data Breach
Content: The threat actor claims to be selling a database containing approximately 4,000 financial management staff records associated with the French Centre National de Gestion (CNG), a public organization managing hospital personnel. The alleged leaked data includes usernames, email addresses, job profiles, employment status, treasury and office details, work addresses, postal codes, cities, and contact information such as names and phone numbers.
Date: 2026-02-05T16:59:39Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-FR-CNG-4K-Financial-Management-Staff
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cee1e81-0bb1-4a0c-9619-aedb0c345832.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: centre national de gestion (cng)
Victim Site: cng.sante.fr
404 CREW CYBER TEAM targets the website of IOTA Engineering & Construction Ltd
Category: Defacement
Content: The group claims to have defaced the website of IOTA Engineering & Construction Ltd
Date: 2026-02-05T16:56:09Z
Network: telegram
Published URL: https://t.me/crewcyber/643
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3bef7d32-4ef8-4895-a714-25fa36c4e51a.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Kenya
Victim Industry: Building and construction
Victim Organization: iota engineering & construction ltd
Victim Site: iotakenya.com
Alleged data breach of Hendrik Veder Group
Category: Data Breach
Content: The group claims to have breached the database of Hendrik Veder Group and has access to internal systems and administrative panels across multiple corporate networks, They have also deployed a ransomware encrypting approximately 159,994 files, exfiltration of more than 1 TB of database data, and the placement of additional files on affected systems.
Date: 2026-02-05T16:33:35Z
Network: telegram
Published URL: https://t.me/AvangardSec/27
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91f2b56a-8810-4503-b18c-978c0a56b678.jpg
Threat Actors: AvangardSec
Victim Country: Netherlands
Victim Industry: Manufacturing & Industrial Products
Victim Organization: hendrik veder group
Victim Site: hendrikvedergroup.com
Alleged data leak of UMKM records from Salatiga City, Indonesia
Category: Data Breach
Content: The threat actor claims to have breached and leaked a database containing approximately 15,000 UMKM records from Salatiga City, Indonesia. The exposed data allegedly includes business names, owner names, business and owner addresses, sector and business type, permit information, financing details, and related government agency data.
Date: 2026-02-05T16:18:03Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DOCUMENTS-15-thousand-UMKM-Data-in-Salatiga-City-Indonesia-Breached
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/80810061-c5e6-49e5-9d23-c855d9978d9f.png
Threat Actors: hamzahcorp
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Magento Iframe Access to a Sports Shop in Europe
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized Magento Iframe access to a European sports e-commerce platform.
Date: 2026-02-05T16:16:07Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275310/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0bee1060-355a-43f4-88e8-ffb6d36c67a1.png
Threat Actors: Saiwer
Victim Country: Unknown
Victim Industry: Sports
Victim Organization: Unknown
Victim Site: Unknown
BD Anonymous claims to target South Korea
Category: Alert
Content: A recent post by the group indicates that they are targeting South Korea
Date: 2026-02-05T15:45:29Z
Network: telegram
Published URL: https://t.me/httpstmeVl8Cr1np5kxhYjd0/1792
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b88366a6-bc31-40f0-a597-bcba3dc097b2.jpg
Threat Actors: BD Anonymous
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Database and Admin Access to an Unidentified Shop from USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a US-based shop payment form and backend database, offering administrative panel access obtained via SQL injection, including known admin credentials and exposure to order data related to approximately 16,300 transactions.
Date: 2026-02-05T15:31:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275290/Shop US 60 в мес. form
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/13d0df2f-9d80-4033-8d7b-0e99cf991c4c.png
Threat Actors: savel987
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of SMTP Accounts in Japan
Category: Initial Access
Content: Threat Actor claims to be selling access to Japan-based SMTP accounts from multiple hosting providers, including Nifty.com, Heteml.jp, Lolipop.jp, Biglobe.ne.jp, Sakura.jp, Commufa.jp, Xserver.jp.
Date: 2026-02-05T15:05:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275289/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/929a3798-14c7-4538-81b3-8f7cb526184d.png
Threat Actors: savel987
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to customer and agent portal for Middle East Life Insurance Company
Category: Data Breach
Content: The group claims to have leaked login credentials to customer and agent portal for Middle East Life Insurance Company
Date: 2026-02-05T14:53:31Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053681
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/736c499a-70f4-434b-b46d-4534daa45128.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Banking & Mortgage
Victim Organization: middle east life insurance company
Victim Site: portal.melico.ir/authentication
Alleged sale of unauthorized admin access to an unidentified WordPress shop in the Italy.
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to an unidentified WordPress shop in the Italy.
Date: 2026-02-05T14:44:04Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275299/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d89f868c-0983-436a-b30c-2d1667d6bdd5.png
Threat Actors: ParanoiaDe
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Israeli Citizen Data
Category: Data Breach
Content: The group claims to have leaked data allegedly sourced from an Israeli database, stating it contains information related to Israeli individuals and organizations.
Date: 2026-02-05T14:31:41Z
Network: telegram
Published URL: https://t.me/stgho3tV/205
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/02b7b7fa-68ed-4a37-95df-1a2fd6317563.png
Threat Actors: STGHO3T
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from multiple countries
Category: Data Breach
Content: The group claims to have leaked email credentials from multiple countries.
Date: 2026-02-05T14:29:40Z
Network: telegram
Published URL: https://t.me/Jacuzzidarkforums/4250
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6345c73-c486-4b69-bf54-ba4812b8282b.png
Threat Actors: Batnetwork_BF
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 900 Credit cards from Australia
Category: Initial Access
Content: The threat actor is offering to sell 900 credits cards from Australia.
Date: 2026-02-05T14:24:10Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275291/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d023b895-b3b2-424f-b45e-2d8edfc72843.png
Threat Actors: Forbs
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of French Hiking Federation
Category: Data Breach
Content: The threat actor claims to have breached 814K records from the French Hiking Federation, allegedly containing number_license, name, dob, sex, address, and more.
Date: 2026-02-05T14:22:59Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-FR-F%C3%A9d%C3%A9ration-Fran%C3%A7aise-de-la-Randonn%C3%A9e-P%C3%A9destre-814K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a371060d-d64a-4e69-aa4c-c760c2a4d4c0.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Sports
Victim Organization: french hiking federation
Victim Site: ffrandonnee.fr
Alleged data leak of the Centre Communal dAction Sociale of Dunkerque
Category: Data Breach
Content: The threat actor claims to have leaked 66K records from the Centre Communal dAction Sociale of Dunkirk, allegedly containing 40,406 single phone numbers and 13,098 single email addresses, as well as data such as name, email, address, date of birth, and more.
Date: 2026-02-05T14:20:38Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-FR-CCAS-Dunkerque-66K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df04c971-0f85-4493-a11c-17c02ae59ea9.png
https://d34iuop8pidsy8.cloudfront.net/f622ebd1-4604-4c0b-b540-fe17c77453b0.png
Threat Actors: HexDex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: centre communal daction sociale of dunkerque
Victim Site: Unknown
Alleged data breach of CLASS.am
Category: Data Breach
Content: The threat actor claims to have breached 59 rows of data from CLASS.am, allegedly including ID, Msisdn, Operator, Service Number, Text and Date
Date: 2026-02-05T14:09:13Z
Network: openweb
Published URL: https://breachforums.jp/Thread-COLLECTION-class-am
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a92baa8-9f9a-47ed-b840-1d08930111c4.JPG
Threat Actors: c0mmandor
Victim Country: Armenia
Victim Industry: Consumer Services
Victim Organization: class.am
Victim Site: class.am
Alleged sale of unauthorized admin access to an unidentified Prestashop in EU
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified Prestashop in EU
Date: 2026-02-05T13:58:16Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275297/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f734c203-e1b0-4411-95a0-8d77fe313edd.png
Threat Actors: duffyduck11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Microsoft users in Israel
Category: Data Breach
Content: The group claims to have leaked login credentials to Microsoft users in Israel.
Date: 2026-02-05T13:57:34Z
Network: telegram
Published URL: https://t.me/c/1943303299/1052931
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bc83359-349f-4629-8882-9f8cef7d3a43.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Software Development
Victim Organization: microsoft
Victim Site: microsoft.co.il
Alleged leak of login credentials to Iraqi Islamic Bank for Investment & Development
Category: Data Breach
Content: The group claims to have leaked login credentials to Iraqi Islamic Bank for Investment & Development.
Date: 2026-02-05T13:54:33Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053087
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22174997-a3ff-491a-b82a-46d82e0362f9.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Banking & Mortgage
Victim Organization: iraqi islamic bank for investment & development
Victim Site: iraqiislamicb.iq
Alleged leak of login credentials to Real Estate Bank of Iraq
Category: Data Breach
Content: The group claims to have leaked login credentials to Real Estate Bank of Iraq.
Date: 2026-02-05T13:50:48Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053079
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a8a84a6-42ec-4ef2-9e2e-85c527a2b244.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Banking & Mortgage
Victim Organization: real estate bank of iraq
Victim Site: reb.gov.iq
Alleged data breach of ecoATM, LLC
Category: Data Breach
Content: The threat actor claims to have breached 892 records of data from ecoATM, LLC, allegedly including ids/dls from several states, images of the person, fingerprints, images of the device, and signatures
Date: 2026-02-05T13:32:26Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-EcoATM-2013
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39416f1d-b02a-4640-95e6-8af99a990ca2.JPG
Threat Actors: zvezdanwastaken
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: ecoatm, llc
Victim Site: ecoatm.com
Alleged Data Leak of Ant Yapi
Category: Data Breach
Content: The threat actor claims to be selling an internal dataset allegedly originating from Ant Yapi UK related to the Park Modern luxury project in London. The leak is reportedly ~8.9 GB and includes architectural designs, engineering files, planning documents, and site imagery.
Date: 2026-02-05T13:14:08Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275282/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b23f1a5-7389-44e4-a4d9-86f6c7fd1756.png
https://d34iuop8pidsy8.cloudfront.net/211e4965-5506-4b05-bcaa-8eb1249ad8cc.png
https://d34iuop8pidsy8.cloudfront.net/f42ee740-ca70-461e-9d80-b7267dc0553b.png
https://d34iuop8pidsy8.cloudfront.net/e41f0546-f11a-4761-a4e4-ad593f932487.png
Threat Actors: zestix
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: ant yapi
Victim Site: antyapi.co.uk
Alleged leak of US Residents
Category: Data Breach
Content: The threat actor claims to have leaked around 2 billion lines of data of US Residents.
Date: 2026-02-05T13:10:44Z
Network: openweb
Published URL: https://breachforums.jp/Thread-US-residents-Around-2-billion-lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43aa6db3-1bdc-401f-894a-a8ba2ac8a4ee.JPG
Threat Actors: 7pFT54FFdO
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Singapore Citizens
Category: Data Breach
Content: The threat actor claims to have leaked Singapore Citizen Informations including name, phone and sex.
Date: 2026-02-05T12:46:35Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Singapore-Citizen-Info-Leak-Name-Phone-Sex-2-7M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6b51992-f67e-47c9-9a95-9a4e3536b28e.JPG
Threat Actors: hulky
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Israel Ministry of Defense
Category: Data Breach
Content: The group claims to have leaked Israel Ministry of Defense.
Date: 2026-02-05T12:39:23Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053506
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ee882ee-414d-4eea-a82a-09dd185f7e1a.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: israel ministry of defense
Victim Site: mod.gov.il
Alleged leak of login credentials to Discount Bank
Category: Data Breach
Content: The group claims to have leaked login credentials to Discount Bank.
Date: 2026-02-05T12:05:43Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053076
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a2a61bb-4f54-4cfe-83aa-8bba7401c475.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Banking & Mortgage
Victim Organization: discount bank
Victim Site: dbank.co.il
Alleged Leak of international lslamic Bank
Category: Data Breach
Content: The group claims to have leaked international lslamic Bank Login Credentials.
Date: 2026-02-05T11:48:19Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053097
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec7d2ead-b589-407c-b231-ef1e2998dba8.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Financial Services
Victim Organization: international lslamic bank
Victim Site: imtb.iq
Alleged data sale of Family Cinéma
Category: Data Breach
Content: The threat actor claim to be selling data from Family Cinéma, allegedly including 156,489 orders placed by customers of the “Family Cinema” movie theater.
Date: 2026-02-05T11:33:37Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-FR-Family-Cinema-136K-Orders
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88598756-e3ea-4ce8-ac08-4fcf8ec165aa.JPG
https://d34iuop8pidsy8.cloudfront.net/de5114f5-80ff-45e2-b8cb-c0ec66ea36d7.JPG
Threat Actors: HexDex
Victim Country: France
Victim Industry: Motion Pictures & Film
Victim Organization: family cinéma
Victim Site: family-cinema.com
Cyber Attack Hits VMware ESXi Systems
Category: Cyber Attack
Content: Organizations have been impacted by ransomware attacks exploiting a critical VMware ESXi vulnerability, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The flaw allows threat actors to gain elevated access to ESXi hosts, enabling ransomware deployment and system disruption. CISA confirmed the vulnerability is being actively exploited in real-world attacks and added it to its Known Exploited Vulnerabilities catalog. Affected organizations are strongly urged to apply security patches and mitigations to reduce the risk of further compromise.
Date: 2026-02-05T11:05:52Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Coinbase Suffers Data Breach
Category: Data Breach
Content: Coinbase has confirmed an insider breach after screenshots from its internal support tool were leaked online, showing sensitive user account information, trading data, and internal comments. The company stated that the incident was caused by a rogue contractor who was terminated once the issue came to light. Coinbase also emphasized that no systems were compromised externally, and it has implemented additional controls to prevent future unauthorized access while cooperating with law enforcement and regulatory authorities to investigate the matter.
Date: 2026-02-05T10:56:10Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/
Screenshots:
None
Threat Actors: Unknown
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: coinbase
Victim Site: coinbase.com
Alleged unauthorized access to an unidentified cctv cameras in Italy
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified cctv cameras in Italy.
Date: 2026-02-05T10:44:33Z
Network: telegram
Published URL: https://t.me/c/2787466017/2052
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e82e053-a329-4d68-abd9-8321a7762701.jpg
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Digital Library of Literature from Portuguese-Speaking Countries
Category: Data Breach
Content: The threat actor claims to have breached the data from Digital Library of Literature from Portuguese-Speaking Countries, allegedly including 3,272 full names, 2,405 unique email addresses and 5,342 unique IP addresses
Date: 2026-02-05T10:36:09Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-literaturabrasileira-ufsc-br
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b552cfdb-34fd-46e5-8ee0-cd8c75fe0bc8.JPG
Threat Actors: ldopanda2
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: digital library of literature from portuguese-speaking countries
Victim Site: literaturabrasileira.ufsc.br
Cyber Attack Hits Step Finance
Category: Cyber Attack
Content: Step Finance suffered a major cyberattack in late January after threat actors compromised devices belonging to company executives, leading to the breach of multiple treasury wallets and the theft of approximately $40 million in digital assets. The platform detected the incident on January 31 and initiated an investigation with cybersecurity firms and law enforcement. Blockchain analysis indicates the attackers exploited a well-known attack vector, resulting in the loss of hundreds of thousands of SOL tokens, though a portion of the assets has since been recovered. While core services were partially halted to reinforce security, Step Finance stated that its Remora Markets platform remains isolated and fully backed. The lack of disclosed technical details has fueled speculation around the attack’s origin, highlighting persistent risks to DeFi platforms from endpoint compromise and executive-level access abuse.
Date: 2026-02-05T10:29:24Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/
Screenshots:
None
Threat Actors: Unknown
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: step finance
Victim Site: step.finance
Alleged leak of login access to starter Israel
Category: Initial Access
Content: The group claims to have leaked login access to starter Israel.
Date: 2026-02-05T10:22:18Z
Network: telegram
Published URL: https://t.me/SufferDimension/51
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8edf998e-c98d-49f4-9f26-a9e61b8f59a6.png
Threat Actors: Suffer Dimension Official
Victim Country: Israel
Victim Industry: Manufacturing
Victim Organization: starter israel
Victim Site: rabbitmq.starter.co.il
Alleged Leak of ELTA Systems Ltd Employee Login Credentials
Category: Data Breach
Content: The group claims to have leaked ELTA Systems Ltd Employee Login Credentials.
Date: 2026-02-05T09:09:10Z
Network: telegram
Published URL: https://t.me/c/1943303299/1053008
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2456db9-b0f4-4366-9edc-c9ef0601ad99.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Defense & Space
Victim Organization: elta systems ltd
Victim Site: elta.co.il
Alleged data leak of marketing leads
Category: Data Breach
Content: The threat actor claims to have leaked permission-based and verified B2C WhatsApp and email marketing leads for multiple industries and countries.
Date: 2026-02-05T08:41:06Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Opt-In-B2C-WhatsApp-Email-Marketing-Leads-Available-GDPR-Compliant
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/be2c8956-d6df-4314-95ea-8795cd04638f.JPG
Threat Actors: asfmnyr5g
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Discord
Category: Data Breach
Content: The threat actor claims to have breached 5.2 billion plus messages from 110 million plus users. allegedly including Messages, Unique Users, Voice Sessions, Files, raw data
Date: 2026-02-05T08:27:30Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-DISCORD-5-2B-messages-from-110M-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81f9649c-0eb3-4c7a-bd12-27a97ec769ec.JPG
Threat Actors: famery
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: discord
Victim Site: discord.com
Alleged leak of login credentials to Drushim IL
Category: Data Breach
Content: The group claims to have leaked login credentials to Drushim IL.
Date: 2026-02-05T08:13:26Z
Network: telegram
Published URL: https://t.me/c/1943303299/1052787
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/838a9855-9655-4d24-9e64-dbc88f931335.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Human Resources
Victim Organization: drushim il
Victim Site: drushim.co.il
Alleged data breach of Flair Airlines
Category: Data Breach
Content: The threat actor claims to have breached the data from Flair Airlines, allegedly including vulnerabilities, access, data extraction method, idfirst_name last_name email andmore
Date: 2026-02-05T08:06:16Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-Flair-Airlines-Vulnerabilities-Access-and-Data-Extraction-Method
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f7b342f-157f-49eb-9a52-585788f224e9.JPG
https://d34iuop8pidsy8.cloudfront.net/134bdff6-9468-46a4-91d9-d5e8167b333a.JPG
Threat Actors: GordonFreeman
Victim Country: Canada
Victim Industry: Airlines & Aviation
Victim Organization: flair airlines
Victim Site: flyflair.com
Alleged leak of shell access to Blue Pisces Law
Category: Initial Access
Content: The group claims to have leaked shell access to Blue Pisces Law.
Date: 2026-02-05T08:01:08Z
Network: telegram
Published URL: https://t.me/c/2758066065/973
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f62edee7-aad2-4855-b5d8-35be02a32801.png
Threat Actors: HellR00ters Team
Victim Country: Japan
Victim Industry: Law Practice & Law Firms
Victim Organization: blue pisces law
Victim Site: bluepisceslaw.com
Alleged data breach of Nusa Cendana University
Category: Data Breach
Content: The threat actor claims to have breached data from 84 sheets belonging to Nusa Cendana University, allegedly containing date, participant nisn number, participant name, study program, and faculty.
Date: 2026-02-05T07:26:03Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DOCUMENTS-DATA-ON-NEW-STUDENTS-GRADUATING-IN-2024-FROM-UNDANA-ac-id-FREE-DOWNLOAD-SAMPLE-%E2%80%BC%EF%B8%8F%E2%80%BC%EF%B8%8F
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e70d5a1c-ac4e-43d5-baf6-41e5124aedaf.png
https://d34iuop8pidsy8.cloudfront.net/992b4316-1ec1-4964-b24e-6ed7f9af414e.png
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: nusa cendana university
Victim Site: undana.ac.id
Alleged data leak of pioneer.xssl.net
Category: Data Breach
Content: The threat actor claims to have leaked data from pioneer.xssl.net.
Date: 2026-02-05T06:55:03Z
Network: openweb
Published URL: https://darkforums.me/Thread-pioneer-xssl-net-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c830bf43-2646-4240-a597-6104c77c921e.png
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: pioneer.xssl.net
Victim Site: pioneer.xssl.net
Alleged data breach of Bonua Data
Category: Data Breach
Content: The group claims to have breached data of Bonua Data
Date: 2026-02-05T04:47:22Z
Network: telegram
Published URL: https://t.me/maul1337anon/773
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b615a1db-a6d1-483e-a528-461b036a52b6.png
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: bonua data
Victim Site: bonuadata.id
Alleged unauthorized access to Geothermal Heat Pump Control System
Category: Initial Access
Content: The group claims to have gained unauthorized access to Geothermal Heat Pump Control System
Date: 2026-02-05T03:42:28Z
Network: telegram
Published URL: https://t.me/c/2875163062/546
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da5128d5-c9ee-45b4-9e69-3b7e7a2030dd.png
Threat Actors: RipperSec
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to THAI E-VISA OFFICIAL WEBSITE
Category: Initial Access
Content: The threat actor claims to be selling access to a Thailand Government Visa Program system. The compromised asset is a Linux OS firewall with Root RCE + Shell and Network Admin Panel permissions.
Date: 2026-02-05T03:17:49Z
Network: openweb
Published URL: https://breachforums.jp/Thread-300-Thailand-Government-Owned-Visa-Program-Firewall-Network-Admin-Panel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac29fb14-6512-4cf4-a3b8-9149f4d75a4b.png
Threat Actors: miyako
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: thai e-visa official website
Victim Site: thaievisa.go.th
Alleged leak of login credentials to Benjamarachanusorn School
Category: Initial Access
Content: The group claims to have leaked login credentials to Benjamarachanusorn School
Date: 2026-02-05T03:03:11Z
Network: telegram
Published URL: https://t.me/nxbbsec/4964
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/804f1cdb-9836-4f65-b30f-c31637581cca.png
Threat Actors: NXBB.SEC
Victim Country: Thailand
Victim Industry: Education
Victim Organization: benjamarachanusorn school
Victim Site: stdsmart.bs.ac.th
Alleged leak of login credentials to Ministry of Labour and Social Affairs
Category: Data Breach
Content: The group claims to have leaked login credentials to Ministry of Labour and Social Affairs
Date: 2026-02-05T02:58:20Z
Network: telegram
Published URL: https://t.me/c/1943303299/1052384
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1464db7e-8869-45fc-ba64-8d4efce38890.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: ministry of labour and social affairs
Victim Site: lvtd.gov.iq
Alleged Sale of Cardbase database
Category: Data Breach
Content: The threat actor claims to be selling Cardbase database,the dataset contains 248,000 user records and includes personal data fields.
Date: 2026-02-05T02:57:26Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-getcardbase-com-USA-248k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2ef10ea1-c010-43d2-81a3-0c5e76b90dd8.png
Threat Actors: Al3in
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: cardbase
Victim Site: getcardbase.com
Alleged sale of unauthorized access to Thailand Government Visa Program
Category: Initial Access
Content: A threat actor claims to be selling unauthorized access to Thailand Government Visa Program. the alleged access involvesfirewall-level access on a Linux system, including root-level remote code execution (RCE), shell access, and network administration panel privileges.
Date: 2026-02-05T02:27:07Z
Network: openweb
Published URL: https://breachforums.jp/Thread-300-Thailand-Government-Owned-Visa-Program-Firewall-Network-Admin-Panel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00dbc3a5-0cc1-4dad-9819-fe9ff9e67ae2.png
Threat Actors: miyako
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Prince of Songkla University
Category: Initial Access
Content: The group claims to have leaked login credentials to Prince of Songkla University
Date: 2026-02-05T02:23:13Z
Network: telegram
Published URL: https://t.me/nxbbsec/4961
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75631315-fc6e-4594-9827-17fb915ac32c.png
Threat Actors: NXBB.SEC
Victim Country: Thailand
Victim Industry: Education
Victim Organization: prince of songkla university
Victim Site: timestamp.psu.ac.th
Alleged Data Breach of Universiti Teknikal
Category: Data Breach
Content: The threat actor claims to have leaked data of 3K from Universiti Teknikal, allegedly Students data includes emails, phone numbers, addresses, identity card numbers, hashed passwords and more information.
Date: 2026-02-05T01:43:45Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/universiti-teknikal-malaysia-leak.282/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c3d06ec-f2f4-4f38-a37d-af825724bc33.png
Threat Actors: Citizen
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: universiti teknikal malaysia melaka
Victim Site: utem.edu.my/en
Alleged sale of email database
Category: Data Breach
Content: Threat actor claims to be selling active email database.
Date: 2026-02-05T01:27:50Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275223/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/088e4aa1-b5c4-478f-8f2e-60121b7d8f6b.png
Threat Actors: TROUBLE
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale Of Customer Data From India
Category: Data Breach
Content: The threat actor claims to be selling Customer Data From India. The compromised data reportedly contain 10054 records including Company, Full Name, Phone, Contact Person, Email
Date: 2026-02-05T01:25:11Z
Network: openweb
Published URL: https://raidforums.wtf/threads/selling-10054-indian-customer-data.592/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93fb1fac-fc68-4fa8-9520-693c3c3a3944.png
https://d34iuop8pidsy8.cloudfront.net/d450ed2b-7e47-4db7-b791-4fa97b3556d2.png
Threat Actors: evilsanta2008
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of California Air Resources Board
Category: Data Breach
Content: The group claims to have leaked data from California Air Resources Board. The compromised data includes emails and phone numbers
Date: 2026-02-05T01:24:54Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/362
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66aaaba1-3765-435a-89f4-5c3d595595ff.png
Threat Actors: LulzSec Hackers
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: california air resources board
Victim Site: cleantruckcheck.arb.ca.gov
DEFACER INDONESIAN TEAM targets the website of Tax Free Retirement Simplified
Category: Defacement
Content: The group claims to have defaced the website of Tax Free Retirement Simplified
Date: 2026-02-05T01:00:13Z
Network: telegram
Published URL: https://t.me/c/2433981896/854
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f85f2ed-b57f-44a2-9561-1b9e130fe6dd.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: tax free retirement simplified
Victim Site: taxfreeretirementsimplified.com
Alleged sale of US credit card records
Category: Data Breach
Content: Threat actor claims to be selling 100 credit card records from USA.
Date: 2026-02-05T00:56:44Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275188/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93f9ecaa-f836-47fc-b03f-733af6523e68.png
Threat Actors: kasap
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Universal Traveller
Category: Data Breach
Content: The threat actor claims to have leaked data of 60,000 from Universal Traveller, allegedly user data includes Email Addresses, Full Names, Date of Birth and Password Hashes information.
Date: 2026-02-05T00:47:07Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/database-of-universal-traveller-a-malaysian-e-commerce-company.257/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11aed6f4-9628-43cb-86f1-6e39abc69b68.png
https://d34iuop8pidsy8.cloudfront.net/d2143559-cbc1-4508-9560-6ced87a20eae.png
Threat Actors: Citizen
Victim Country: Malaysia
Victim Industry: E-commerce & Online Stores
Victim Organization: universal traveller malaysia
Victim Site: universaltraveller.com
Alleged sale of multiple compromised web and SSH accesses
Category: Initial Access
Content: Threat actor claims to be selling multiple compromised web and SSH accesses, including WordPress, Magento, and root-level server access across several countries.
Date: 2026-02-05T00:43:21Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275183/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dde30b25-bacc-4cc1-a0ad-2944abc4e987.png
Threat Actors: Zimmer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Cryptex
Category: Data Breach
Content: The threat actor claims to be sharing a complete Cryptex database originating from a 2020 data breach.
Date: 2026-02-05T00:42:47Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Cryptex-net-database-Unfortunately-I-couldn-t-find-the-password
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a46fd87b-8122-4a31-b428-199750dd6b08.png
Threat Actors: Enricaxo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: cryptex
Victim Site: cryptex.net
Alleged Data Leak of IDs of High-Ranking Israelis and Mossad Agents
Category: Data Breach
Content: The group claims to have leaked login credentials of IDs of High-Ranking Israelis and Mossad Agents.
Date: 2026-02-05T00:33:51Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/ids-of-high-ranks-israelis-and-mossad-agents.280/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/26bc2085-9eda-4048-8e85-01dff5856375.png
Threat Actors: Citizen
Victim Country: Israel
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Multiple EU-based companies
Category: Data Breach
Content: The threat actor claims to have leaked of multiple EU-based companies, the dataset contains corporate email accounts belonging to employees and customers, encrypted passwords, and internal business data.
Date: 2026-02-05T00:20:45Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Corporate-Accounts-Internal-Data-from-Multiple-EU-Based-Companies
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c63a8f98-30cd-47c2-8ea5-0c86c7d3cbd0.png
Threat Actors: thomasvalmorin2828
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinas National Super-computing Center (NSCC)
Category: Data Breach
Content: The threat actor claims to have leaked data of 10+ Petabytes from Chinas National Super-computing Center (NSCC), allegedly data includes research across various fields including Aerospace Engineering, Military Research, Bioinformatics, Fusion Simulation, and more, from top organizations such as AVIC, COMAC, NUDT, NWPU, HUST, and others information.
Date: 2026-02-05T00:11:46Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/data-breach-chinas-national-super-computing-center-nscc-research-facility-hacked.276/#post-831
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec186399-a607-459d-81f0-94d8380ad3c9.png
https://d34iuop8pidsy8.cloudfront.net/213794e7-ef49-4c2e-a860-7f4f18ef7889.png
Threat Actors: Citizen
Victim Country: China
Victim Industry: Research Industry
Victim Organization: national supercomputing center (nscc), china
Victim Site: nscc-gz.cn
Alleged Data Breach of FiveM
Category: Data Breach
Content: The threat actor claims to have breached the database of FiveM, the dataset contains players account data.
Date: 2026-02-05T00:04:01Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-FiveM-French-1MILLION-PLAYER
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af041dae-185e-4a36-a68b-f3a5d66efe13.png
Threat Actors: Cvld
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: fivem
Victim Site: fivem.net