[February-16-2026] Daily Cybersecurity Threat Report

1. Executive Summary

In the monitored period of February 16, 2026, the global cybersecurity landscape experienced a surge in high-impact events ranging from state-level infrastructure attacks to mass-scale consumer data theft. A total of 94 incidents were analyzed, revealing three primary tactical trends:

Critical Infrastructure Targeting: Operational Technology (OT) and SCADA systems were directly targeted, specifically in Spain’s water management sector and Ukraine’s power grid, signaling a shift from espionage to active disruption.
Mega-Breaches in the Global South: Brazil and India faced disproportionately large data leaks, with a single incident in Brazil (LifeHub) allegedly exposing 257 million records.
The Industrialization of Initial Access: Threat actors are heavily trading validated credentials for RDP, VPN, and specific platforms like Jenkins and WordPress, lowering the barrier to entry for ransomware gangs.

Key Statistics:

Total Incidents: 94
Major Sectors: Financial Services, Government, Retail, Critical Infrastructure (Water/Energy).
Top Victim Geographies: Indonesia (High volume of defacements), USA (Corporate data theft), India, Spain, and Brazil.

2. Critical Infrastructure and Operational Technology (OT) Threats

The most alarming development in this reporting window is the direct targeting of industrial control systems. Unlike data breaches which compromise privacy, these attacks threaten physical safety and essential services.

2.1. The Spanish Water Sector Campaign

Spain has become a primary target for hacktivist and state-aligned actors.

Wastewater SCADA Breach: The group “Z-PENTEST ALLIANCE” claimed unauthorized access to a wastewater pumping station’s SCADA system in Spain. The actors allegedly accessed interface monitors that control pumps, liquid levels, and flow rates.+1
Drinking Water Control System: A separate group, “NoName057(16),” claimed to compromise a drinking water filtration control system. This breach reportedly allowed control over filtration cycles and tank levels, posing a severe risk to public health infrastructure.+1
Broader Targeting: The group “SERVER KILLERS” simultaneously announced a general targeting campaign against Spain.

2.2. Energy Sector Disruption in Ukraine

The conflict in Eastern Europe continues to manifest in the cyber domain.

Power Grid Attack: The “IT ARMY OF RUSSIA” claimed responsibility for breaching Kirovogradoblenergo PJSC (a regional power distributor) and two unidentified power stations.
Operational Impact: The group asserted they disabled substations and disrupted electricity distribution, temporarily paralyzing energy operations by damaging control equipment. This represents a kinetic impact via cyber means.

3. Major Data Breaches and Privacy Crises

This period witnessed “mega-breaches” where individual datasets exceeded 10 million records, severely impacting consumer privacy globally.

3.1. The LifeHub Breach (Brazil)

In one of the largest breaches of the year, threat actor “Spirigatito” claimed to sell a database from LifeHub, a Brazilian AI and data intelligence firm.

Scale: 257 million records, covering Brazilian citizens, deceased individuals, and foreign residents.
Sensitivity: The data includes full names, dates of birth, mobile numbers, full addresses, and the “CPF” (Brazilian tax ID), effectively exposing the entire population to identity theft.

3.2. Financial and Crypto Sector Leaks

Financial institutions remain the “crown jewels” for motivated cybercriminals.

Ripple (USA): Threat actor “Wadjet” claimed to sell a 400,000-record dataset linked to Ripple.com, allegedly sourced from a Mailchimp database.
Liquid.com (Japan): The same actor, “Wadjet,” offered data from the Japanese cryptocurrency exchange Liquid, involving ~99,000 records primarily consisting of email addresses.
HSBC Mexico: Actor “BFRepoV4Files” leaked customer financial data, including account numbers, transaction histories, and statement histories, posing immediate fraud risks for the bank’s clients.
Payclick (India): A massive breach of 7 million records from Payclick.co.in was reported, including transaction logs, UPI metadata, and payment references.

3.3. Educational Sector Compromise

Schools and EdTech platforms are increasingly targeted due to their typically lower security posture but rich data environments.

Foxford (Russia): A massive breach of the Russian online education platform Foxford allegedly exposed 13.6 million customer records, including student names and class details.
Universidad de la Sierra Sur (Mexico): Actor “Evorax” dumped the university’s full database, including academic records and administrative logs.

4. The Initial Access Market (IAB)

A thriving economy of “Initial Access Brokers” (IABs) was observed, where criminals sell backdoors into corporate networks. These sales are often the precursor to ransomware attacks.

4.1. Corporate Network Access

Canada: Actor “samy01” listed unauthorized RDWeb (Remote Desktop) and domain user access to multiple Canadian organizations in the electronics and retail sectors. The access included Domain Controller visibility, a critical vulnerability that grants total network control.+1
USA: The same actor listed similar RDWeb access for US hospitality firms, noting the presence of Sophos and Datto security solutions, suggesting they have bypassed these defenses.+1
Uzbekistan (Mobiuz): Actor “bytetobreach” claimed full compromise of the Mobiuz corporate network, gaining administrative control over 280 computers and Domain Controllers via an ADCS exploit.+1

4.2. SaaS and Web Access

Jenkins Instances: Actor “Korbibian” offered 205 unique Jenkins accesses. Jenkins is a critical software development tool; access here often allows attackers to inject malicious code into a company’s software products (supply chain attack).
VPN/Remote Access: A bulk sale of 411 valid VPN/Remote credentials was listed, covering Fortinet, Citrix, and GlobalProtect gateways.

5. Malware and Tool Development

Underground forums remain a hub for innovation in malicious software.

Evasive C2: Actor “NightRaider” advertised an “Evasive C2” (Command and Control) framework capable of 1-day Windows Local Privilege Escalation (LPE), indicating a sophisticated toolset for post-exploitation.
ClickFix/FileFix: A new payload builder was offered that hides malware in browser cache to bypass Endpoint Detection and Response (EDR) systems.
1Password/Chrome Backdoor: A Unicode-based backdoor targeting password managers was advertised, claiming to exploit browser behavior to steal credentials.

6. Regional Analysis: The Indonesia Defacement Wave

A distinct cluster of activity was observed in Indonesia, characterized by high-tempo website defacements. This appears to be a coordinated hacktivist campaign rather than financially motivated crime.

Primary Actors: “BABAYO EROR SYSTEM” and “DEFACER INDONESIAN TEAM.”
Targets: Local government offices (Deli Serdang Regency, Halmahera Regency), educational institutions (SMK Negeri 5 Batam), and private businesses.
Tactics: Web defacement is used to signal dominance or political messaging. While low in technical sophistication compared to the SCADA attacks, the volume disrupts digital governance and erodes public trust.+3

7. Comprehensive Incident Catalog

The following is a detailed categorization of all 94 reported incidents.

7.1. Confirmed and Alleged Data Breaches

North America

Ripple (USA): 400k records, marketing data.
Mold Tech (USA): Construction firm internal corporate data.
Tracking/Shipping Platform (USA): 548k records, 274k unique phone numbers.
Pickett and Associates (USA): Engineering data (up to 892 GB) related to electricity infrastructure.
Modoc Medical Center (USA): Patient records.
Canada Goose Inc (Canada): 583k records breached.

South America

LifeHub (Brazil): 257 million records (CPF, keys, biometric data).
Municipal Council of Aldermen of Cacique Doble (Brazil): Administrative government records.
PT Ikapharmindo Putramas (Indonesia): Pharmaceutical company data. Note: Listed in South America section for proximity in analysis to other developing nation breaches, though geographically SE Asia.

Europe

SOCOZ (France): 31 million records from an omnichannel retail platform.
CNRS (France): 331MB of data from the National Centre for Scientific Research.
TooEasy (France): IT services data including CVs and IP addresses.
Autoici (France): Automotive dealer customer data.
Paginas Amarillas España (Spain): 1.12 million records (phone/address).
Efficy (Belgium): CRM software company internal data.
Thames Valley Chamber of Commerce (UK): Financial records and SAGE documents.
Germany (E-Commerce): 100k customer profiles with IBANs.
Spain (Banking): 100k customer profiles with IBAN/BIC data.

Asia / Pacific

Payclick (India): 7 million financial records.
Raaga (India): 10 million records from music streaming service.
Mold-Tek (India): EDA pipeline and cloud infrastructure credentials.
Liquid (Japan): 99k crypto exchange emails.
Foxford (Russia): 13.6 million education records.
QIP.ru (Russia): 33 million records (historical database from 2011).
Chinese Data Leak: A claim of “50 billion” records (likely exaggerated or aggregated) covering logistics and government.
YouX (Australia): 141GB of Fintech data, including driver’s licenses.
Forex Australia Database: Sensitive personal info of traders.
MaiMaiDX (China): Rhythm game user database.
Warren New Materials (China): Legal services data.

Unidentified/International

Elite Global Data Leads: Business executive leads.
Crypto Email Database: 1 million records.
Credit Card Records: 174 full CVV/Pan records.

7.2. Initial Access Sales (Unauthorized Access)

Mobiuz (Uzbekistan): Full AD/DC compromise.
Jenkins Instances: 205 valid administrative accesses.
VPN/Remote Credentials: 411 credentials across Fortinet/Citrix.
Canadian Organizations: RDWeb access to Retail/Manufacturing sectors.
USA Hospitality: RDWeb access to hotel reservation sectors.
David Guiraud (France): Hacked personal email/Telegram of a politician.
Webmail Accounts: 660 unique valid accesses.
Opencart Shop (India): Admin panel access.
WordPress Admin (USA): Shop with active orders.
KFC POS (Malaysia): Point-of-Sale environment access.
Manufacturing Company (Italy): Windows/Doors manufacturer access.
Medical Company (USA/Europe): Database access.
PrestaShop (Chile): E-commerce admin access.
WordPress Shop (UK): Admin access.
WHMCS Hosting: Access including 60 Windows VPS instances.

7.3. Defacement & Hacktivism

Engg Entrance Exam (India): Targeted by DEFACER INDONESIAN TEAM.
Sa Yai Som Municipality (Thailand): Targeted by EXADOS.
Suyud Margono Law Firm (Indonesia): Targeted by BABAYO EROR SYSTEM.
Indonesian Government Sites: Multiple regency websites defaced.
Nandicoirs (India): Targeted by DEFACER INDONESIAN TEAM.
Datalogics (India): Targeted by TEAM MR PLAX.
Like Indonesia: Targeted by BABAYO EROR SYSTEM.
Halmahera Regency (Indonesia): Targeted by DEFACER INDONESIAN TEAM.
Foster Academy (India): Targeted by TEAM MR PLAX.
WP Engine (USA): Targeted by TEAM MR PLAX.
Kanwil Kemenag Sumsel (Indonesia): Targeted by DEFACER INDONESIAN TEAM.
Russian Foreign Trade Bank: Targeted by AN0M949_GHOST_TRACK.
SIDESI Ogan Ilir (Indonesia): Targeted by BABAYO EROR SYSTEM.
Amazon Luxury Apartment (Nigeria): Targeted by BABAYO EROR SYSTEM.
Belmedicare Hospital (Nigeria): Targeted by BABAYO EROR SYSTEM.

7.4. Cyber Attacks (Disruption)

CHOC FM (Canada): Cyberattack disrupted broadcasting and audio files.
Russian Legion: Announced targeting of Israeli infrastructure/banks.
Reverse Osmosis System (Thailand): Unauthorized access by AL-MUJAHIDEEN FORCE 313.

8. Threat Actor Profiling

Based on the dataset, three threat actor archetypes are currently dominant:

8.1. The “Wholesale” Data Brokers

Actors like Wadjet, INS, and Spirigatito operate as high-volume data merchants. They do not appear motivated by ideology but by profit. Their ability to secure datasets ranging from 400,000 to 257 million records suggests either advanced SQL injection capabilities or insider access.

Key Targets: Financial, Retail, Crypto.

8.2. The “System Breakers” (Hacktivists)

Groups like Babayo Error System, DEFACER INDONESIAN TEAM, and NoName057(16) focus on visibility and disruption.

Tactics: Mass defacements, DDoS, and opportunistic SCADA attacks.
Geopolitical Alignment: Often aligned with nationalist or religious sentiments (e.g., targeting India, Israel, or specific government entities). The attacks on Spanish water systems and Ukrainian power grids by affiliated groups indicate a dangerous escalation from web vandalism to kinetic threats.

8.3. The “Access Merchants”

Actors like Korbibian, samy01, and privisnanet serve as the supply chain for ransomware operators. They do not monetize the data itself but the pathway to it. The sale of RDWeb and VPN credentials is a leading indicator of future ransomware events in the victim organizations.

9. Conclusion and Strategic Outlook

The events of February 16, 2026, illustrate a hyper-active cyber threat environment. The simultaneous compromise of critical infrastructure in Europe (Spain, Ukraine) and the exposure of nearly half a billion personal records globally (Brazil, India, Russia, France) underscores the failure of current defensive postures in both public and private sectors.

Immediate Implications:

Physical Safety Risks: The successful access to SCADA systems in Spain and Ukraine proves that OT security remains a critical vulnerability. If attackers can manipulate water flow or power distribution, the threat moves from financial loss to public safety hazards.
Identity Theft Epidemic: The “LifeHub” and “Foxford” breaches alone have compromised enough PII to fuel phishing and identity fraud campaigns for months.
Ransomware Precursors: The high volume of valid VPN and RDP credentials listed for sale guarantees a wave of ransomware attacks targeting the Retail, Manufacturing, and Hospitality sectors in North America and Europe in the coming weeks.

Recommendations:

For Critical Infrastructure: Immediate isolation of OT networks from IT networks (air-gapping) and a review of all remote access protocols.
For Corporations: Mandatory rotation of all credentials associated with VPNs and RDP, and the implementation of phishing-resistant MFA, particularly for organizations using Jenkins or exposed to the “Initial Access” markets identified in this report.
For Government: Enhanced monitoring of “hacktivist” channels (Telegram) to anticipate defacement campaigns and denial-of-service attacks.

Detected Incidents Draft Data

Alleged data breach of Ripple
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly linked to ripple.com, described as a Mailchimp email database. the dataset contains approximately 400,248 records dated Q4 2024. The leaked data contains email addresses, suggesting the data may relate to marketing or newsletter subscribers.
Date: 2026-02-16T22:52:37Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-ripple-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ed990d98-bc52-4c7e-83af-318a0c708aac.png
Threat Actors: Wadjet
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: ripple
Victim Site: ripple.com
Alleged Unauthorized Access to Municipal Council of Aldermen of Cacique Doble in Brazil
Category: Initial Access
Content: Threat actors claim to have gained unauthorized access to the database of the Municipal Council of Aldermen of Cacique Doble, Rio Grande do Sul, Brazil. The compromised data reportedly includes multiple database tables related to administrative records, documents, user accounts, sessions, permissions, and other internal governmental information.
Date: 2026-02-16T22:51:52Z
Network: telegram
Published URL: https://t.me/crewcyber/711
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/19f8c2ae-fd00-4449-91ba-9328db55a1ec.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: municipal council of aldermen of cacique doble
Victim Site: camaracaciquedoble.rs.gov.br
Alleged data breach of Payclick
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly belonging to payclick.co.in. the dataset includes around 320 CSV files totaling approximately 13.2 GB and over 7 million records. The leaked data contains online payment transaction logs, including request IDs, transaction references, timestamps, payment amounts, UPI-related metadata, customer identifiers, email addresses, phone numbers, and webhook response details.
Date: 2026-02-16T22:41:21Z
Network: openweb
Published URL: https://breachforums.as/Thread-India-payclick-co-in-Online-Banking-Data-Breach-Leaked-Sale
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aed6a896-29bf-457e-9ff4-e218b3208a56.png
Threat Actors: INS
Victim Country: India
Victim Industry: Financial Services
Victim Organization: payclick
Victim Site: payclick.co.in
DEFACER INDONESIAN TEAM targets the website of Engg Entrance Exam
Category: Defacement
Content: The group claims to have defaced the website of Engg Entrance Exam.
Date: 2026-02-16T22:33:17Z
Network: telegram
Published URL: https://t.me/c/2433981896/907
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fceef324-1241-4e4c-b497-b24e1b5a08a3.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: India
Victim Industry: Education
Victim Organization: engg entrance exam
Victim Site: eeetest.in
Alleged data breach of Liquid
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly associated with liquid.com, a Japanese cryptocurrency exchange. The data contains approximately 99,704 records and provides a sample consisting primarily of email addresses from various domains.
Date: 2026-02-16T22:10:21Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-liquid-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0edf7079-e382-4623-a84d-7dde8d762c1a.png
Threat Actors: Wadjet
Victim Country: Japan
Victim Industry: Financial Services
Victim Organization: liquid
Victim Site: liquid.com
Alleged sale of Backdoored 1Password & Google Chrome Unicode Exploit Tool
Category: Malware
Content: The Threat actor advertises a supposed Unicode-based backdoor targeting 1Password and Google Chrome. The post includes a download link and promotional banner for a tool allegedly capable of exploiting browser/password manager behavior.
Date: 2026-02-16T21:59:51Z
Network: openweb
Published URL: https://breachforums.as/Thread-1Password-Unicode-Exposure-Google-Chrome-Backdoor
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da3986e4-c3e0-4639-a4c9-2f7c5b5090cb.png
Threat Actors: PhineasFisher
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Multiple corporate domains
Category: Data Breach
Content: The threat actor is advertising a list of random corporate domains and company mail-related targets.
Date: 2026-02-16T21:55:43Z
Network: openweb
Published URL: https://breachforums.as/Thread-RANDOM-CORPS-DOMAIN
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a51b872-cccc-4b6b-8e69-c4df5721b5a8.png
Threat Actors: harmoniafione
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Forex Australia Database
Category: Data Breach
Content: The threat actor claims to have leaked a database containing Forex Australia Database. The exposed dataset reportedly contains sensitive personal information, including first names, last names, full names, gender details, email addresses, dates of birth, phone numbers, street addresses and cities.
Date: 2026-02-16T21:54:25Z
Network: openweb
Published URL: https://leakbase.la/threads/forex-australia-database.48883/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0ad61c8-6e08-4df3-965e-b68f982a32f5.png
Threat Actors: Kirby
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Random Corps Domain
Category: Data Breach
Content: The threat actor claims to have leaked a database containing random corporate domain data. The exposed dataset reportedly includes domain-related records that associated with multiple organizations.
Date: 2026-02-16T21:53:35Z
Network: openweb
Published URL: https://leakbase.la/threads/random-corps-domain.48882/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8c62d3f-c789-4b69-a519-864743f361a7.png
Threat Actors: DanteMasamune12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Paginas Amarillas España
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly belonging to paginasamarillas.es. the dataset contains over 1.12 million records in a CSV file (~885 MB). which includes names, addresses, cities, postal codes, provinces, and contact details such as phone numbers and telecom-related metadata.
Date: 2026-02-16T21:37:35Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Spain-paginasamarillas-es-Data-Breach-Leaked-Sale
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfb8e854-8f22-4f4f-9941-d23d9c5c0b29.png
Threat Actors: INS
Victim Country: Spain
Victim Industry: Marketing, Advertising & Sales
Victim Organization: paginas amarillas españa
Victim Site: paginasamarillas.es
Alleged data breach of SOCOZ
Category: Data Breach
Content: The threat actor alleges that a large dataset from SOCOZ’s omnichannel retail platform. The post claims approximately 31 million records containing customer details, order/reservation data, product information, contact details, and marketing preferences.
Date: 2026-02-16T20:55:38Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-SOCLOZ-APPLE-LACOSTE-NIKE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e857dac4-8868-4a23-a2f9-1f7ec7e53c03.png
Threat Actors: DumpSec
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: socoz
Victim Site: socloz.com
Alleged Sale of Unauthorized Admin Panel Access to an Opencart Shop in India
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an India-based OpenCart shop, including admin panel access and alleged SQL injection capabilities.
Date: 2026-02-16T20:47:42Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276230/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a45eb2a-fede-4b19-819c-df32597c2c49.png
Threat Actors: pollins05
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Mold-Tek’s EDA pipeline
Category: Data Breach
Content: The threat actor claims to have leaked to Mold-Tek’s EDA pipeline and associated cloud infrastructure.
Date: 2026-02-16T20:24:37Z
Network: openweb
Published URL: https://breachforums.as/Thread-Indian-EDA-Pipeline-Exposed-%E2%80%94-AWS-SQS-DB-Creds-Leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2c0b09d7-a488-47de-bdb3-766d5119de20.png
Threat Actors: macaroni
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of PT Ikapharmindo Putramas
Category: Data Breach
Content: The threat actor claims to have breached PT Ikapharmindo Putramas and is allegedly offering to company data.
Date: 2026-02-16T20:09:55Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/ika
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7592aad-9c3e-4e21-946b-d1f2f1125512.png
Threat Actors: CoinbaseCartel
Victim Country: Indonesia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: pt ikapharmindo putramas
Victim Site: ikapharmindo.com
Alleged Sale of 548K Tracking and Shipping Retail Records in USA
Category: Data Breach
Content: Threat actor claims to be selling a database containing more than 548,000 records allegedly associated with a USA based retail tracking and shipping platform, reportedly including order and fulfillment details, customer first and last names, billing and shipping addresses, city, state, country, postal codes, email addresses, and phone numbers, with approximately 274,000 unique phone numbers and 503,000 unique email addresses
Date: 2026-02-16T20:00:37Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276206/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c2278c1-2eb2-439a-94e3-8f8298423a75.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mold Tech
Category: Data Breach
Content: The threat actor claims to have breached Mold Tech and obtained internal corporate data.
Date: 2026-02-16T19:50:44Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/moldtech
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f02c171-643d-47d9-b35f-fc1830d231d5.png
Threat Actors: CoinbaseCartel
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: mold tech
Victim Site: Unknown
Alleged Sale of Evasive C2 and Loader
Category: Malware
Content: Threat actor claims to be selling a malware named Evasive C2 and malware loaders, which provides remote command execution and payload deployment capabilities, along with a claimed 1-day Windows Local Privilege Escalation (LPE) exploit, indicating use for remote system control, post-exploitation activities, and malware deployment operations.
Date: 2026-02-16T19:45:10Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276209/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a1e96f0-0d2b-4aaf-80d3-8f65673f6cd0.png
Threat Actors: NightRaider
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Wastewater Pumping Station SCADA System in Spain
Category: Initial Access
Content: The group claims to have gained unauthorized access to Wastewater Pumping Station SCADA System in Spain. They have reportedly obtained access to interface monitors and controls pumps, displaying their operating parameters, liquid levels, and flow rates.
Date: 2026-02-16T19:43:36Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1079
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93e72c34-697f-4060-9a61-028a140454ec.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Efficy
Category: Data Breach
Content: The threat actor claims to have breached Efficy and is allegedly offering to company data.
Date: 2026-02-16T19:42:02Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/efficy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7f0222f7-d3ad-45ba-95d2-4cb6ce217122.png
Threat Actors: CoinbaseCartel
Victim Country: Belgium
Victim Industry: Software
Victim Organization: efficy
Victim Site: efficy.com
Alleged data breach of CNRS (Centre national de la recherche scientifique)
Category: Data Breach
Content: The threat actor claims to have leaked a 331MB database allegedly belonging to CNRS (Centre national de la recherche scientifique). The exposed data reportedly includes personal and professional information such as full names, dates of birth, addresses, email addresses, social security numbers, banking details (RIB), and employment-related records.
Date: 2026-02-16T19:30:44Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FR-CNRS-Centre-national-de-la-recherche-scientifique
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7247757-d6b0-4780-b769-8e7c4c076ccd.png
https://d34iuop8pidsy8.cloudfront.net/2a0686b8-0d73-455b-9a84-4ab0e48e3486.png
Threat Actors: uhqqqqqqqqqqqqqqqqqq
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: cnrs (centre national de la recherche scientifique)
Victim Site: cnrs.fr
Alleged sale of unauthorized access to David Guiraud personal email and Telegram accounts
Category: Initial Access
Content: The threat actor claims to have hacked French politician David Guiraud and gained unauthorized access to his personal accounts and private communications. The attacker alleges that they obtained sensitive Telegram conversations and Gmail data and released sample materials, stating that additional informations.
Date: 2026-02-16T19:10:22Z
Network: openweb
Published URL: https://breachforums.as/Thread-French-Politicain-hacked-David-Guiraud
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4319304-3d6e-43ea-9d1d-b8e4a8d46cc8.png
Threat Actors: HaxFrance
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 660 Unique Webmail Account Accesses
Category: Initial Access
Content: Threat actor claims to be selling a lot containing 660 valid and unique webmail account accesses in which all domains are unique with no duplicates and that the credentials are currently valid.
Date: 2026-02-16T19:01:34Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276214/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a42a1a4b-04a5-49e0-8c5b-4b856e3c55b2.png
Threat Actors: Korbibian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Parcel Platform Database in France
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with a France-based parcel delivery platform. it include user information, shipment records, customer details, and internal operational data.
Date: 2026-02-16T18:59:25Z
Network: openweb
Published URL: https://leakbase.la/threads/leak-french-platform-for-parcel.48879/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b72b9a0-d57d-4b14-a998-3211303566be.png
Threat Actors: neo236
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of ClickFix FileFix EDR Bypass Malware Payload and Builder
Category: Malware
Content: A threat actor is offering a ClickFix/FileFix malware payload for sale. The seller claims the payload is hidden within browser cache and executed through disguised commands to bypass EDR and security monitoring. The package reportedly includes a builder, source code, instructions, and customizable templates, with additional services offered to tailor the malware for specific campaigns.
Date: 2026-02-16T18:40:15Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-New-ClickFix-FileFix-%E2%80%A2-Payload-in-cache-%E2%80%A2-No-win-R-No-win-E-%E2%80%A2-EDR-Bypass-%E2%80%A2-Source-Cod
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1dd5ea40-fe3f-4dd1-b4e0-513be52646a4.png
Threat Actors: 159
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 411 Valid VPN and Remote Access Credentials Across Multiple Platforms
Category: Initial Access
Content: Threat Actor claims to be selling a lot containing 411 allegedly valid access credentials across 291 unique domains. The access reportedly includes 140 Fortinet, 94 RDWeb, 59 Citrix, 39 MyPolicy, 34 GlobalProtect, 28 Cisco, and 17 Dana-NA access accounts. Also all entries consist of currently valid username-password combinations, though no deeper level of access verification has allegedly been performed.
Date: 2026-02-16T18:33:42Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276213/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2244458c-9ac5-40fe-babe-a3b0a49e32b9.png
Threat Actors: Korbibian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized WordPress Admin Access to USA Based Shop
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized wordpress admin access to a USA Shop. The access reportedly includes active plugin access and recent transactional activity, including 187 orders in January and 131 orders in February.
Date: 2026-02-16T18:18:38Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276215/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e4c0cc2-29ab-44c2-b091-ec2caf569b61.png
Threat Actors: Reve
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized RDWeb and Domain User Access to Multiple Organizations in Canada
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized RDWeb and domain user access to multiple Canada-based organizations operating in Electronics, Retail, Manufacturing, and E-commerce sectors. The access reportedly includes two domain controllers and approximately 346 domain-connected computers. Security solutions such as Datto and Sophos are deployed within the environment.
Date: 2026-02-16T18:14:38Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276208/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1748a44e-912f-4957-ab91-b640ff85a87a.png
Threat Actors: samy01
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to Jenkins
Category: Initial Access
Content: Threat actor claims to be selling unauthorized 205 unique and valid Jenkins accesses. It includes multiple login URLs and administrative credential samples, with the actor stating that all accesses are active and non-duplicated at the time of posting
Date: 2026-02-16T18:14:15Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276216/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d6504cd4-8920-476b-abca-0be324e22d0b.png
Threat Actors: Korbibian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized RDWeb and Domain User Access to Multiple Organizations in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized RDWeb access and domain user access to multiple USA-based organizations operating in hospitality and hotel reservations sectors. The access reportedly includes RDWeb connectivity, domain user-level privileges, two domain controllers, and approximately 68 domain-connected computers. Security solutions such as Datto and Sophos are deployed within the environment.
Date: 2026-02-16T17:59:00Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276211/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cda6b776-78f0-467e-be35-3da6e43c1f77.png
Threat Actors: samy01
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of QIP.ru
Category: Data Breach
Content: The threat actor claims to have leaked the database of QIP.ru from 2011. the leaked data allegedly contains approximately 33,394,145 records. The exposed data reportedly includes usernames, email addresses, hashed passwords, registration details, and other account-related informations.
Date: 2026-02-16T17:49:01Z
Network: openweb
Published URL: https://breachforums.as/Thread-Qip-ru-33kk-2011
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3cffb830-47d4-4e6a-8557-25d97ed9d0b1.png
Threat Actors: DeadlyQueen
Victim Country: Russia
Victim Industry: Network & Telecommunications
Victim Organization: qip.ru
Victim Site: qip.ru
Alleged Data Breach of Thames Valley Chamber of Commerce
Category: Data Breach
Content: Threat Actor claims to have breached the database of Thames Valley Chamber of Commerce in UK, allegedly containing company financial records, documents from the SAGE, and departmental records. They intend to publish within 1-2 days.
Date: 2026-02-16T17:43:32Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/1772015470/overview
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42a4b8a3-64f5-4e41-b129-3a737a5417da.png
https://d34iuop8pidsy8.cloudfront.net/bb3af067-78f4-4c4d-8b37-4bb9465412d7.png
Threat Actors: Worldleaks
Victim Country: UK
Victim Industry: Non-profit & Social Organizations
Victim Organization: thames valley chamber of commerce
Victim Site: thamesvalleychamber.co.uk
Alleged data breach Modoc Medical Center
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to Modoc Medical Center, allegedly containing sensitive patient and internal records.
Date: 2026-02-16T17:08:46Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/2110812573/overview
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3fcdd5f-617f-43c0-aa5c-c5ada61d9361.png
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: modoc medical center
Victim Site: modocmedicalcenter.org
EXADOS targets the website of Sa Yai Som Subdistrict Municipality Office
Category: Defacement
Content: The group claims to have defaced the website of Sa Yai Som Subdistrict Municipality Office.
Date: 2026-02-16T16:49:07Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/148
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c2fd289b-160b-4780-862b-8af46a2893ea.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: sa yai som subdistrict municipality office
Victim Site: srayaisom.go.th
Alleged leak of MaiMaiDX User Database
Category: Data Breach
Content: A threat actor claims to have leaked the user database of the MaiMaiDX rhythm arcade game .The exposed database is reportedly around 198 MB and contains player-related information such as user IDs, usernames, version data, player ratings, trophies, membership status, and in-game statistics.
Date: 2026-02-16T16:23:24Z
Network: openweb
Published URL: https://breachforums.as/Thread-MaiMaiDX-China-user-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/768b8efc-0a8f-4549-9ca8-dc59c180f560.png
Threat Actors: NekoPay2019
Victim Country: China
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of LifesHub
Category: Data Breach
Content: A threat actor claims to be selling a massive database belonging to LifeHub, a Brazilian AI and data intelligence company. the database contains information on approximately 257 million individuals, including Brazilian citizens, deceased individuals, and foreign residents.the exposed dataset includes full names, CPF (Brazilian tax ID), personal keys, birth dates, email addresses, phone numbers, mobile numbers, and full address details.
Date: 2026-02-16T15:57:32Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Lifeshub-com-br-257M–188178
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/73a8e0cb-2a79-4ea2-988c-487e0913d13e.png
https://d34iuop8pidsy8.cloudfront.net/0c993375-8d17-4f16-8f2d-cab0dea508fe.png
https://d34iuop8pidsy8.cloudfront.net/47e945a4-a378-44a7-9e48-d0240eabd44e.png
Threat Actors: Spirigatito
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: lifeshub
Victim Site: lifeshub.com.br
Alleged data breach of BEYOUNG
Category: Data Breach
Content: Group claims to have leaked data from BEYOUNG. The compromised data reportedly contain 5.5 million customer records, including customer orders, comments, email addresses, and phone numbers.
Date: 2026-02-16T15:19:37Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/414
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1198e789-516a-4826-a3c5-b437b49d4898.png
Threat Actors: LulzSec Hackers
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: beyoung
Victim Site: beyoung.in
BABAYO EROR SYSTEM targets the website of Suyud Margono & Associates Law Firm
Category: Defacement
Content: The Group claims to have defaced the website of Suyud Margono & Associates Law Firm in Indonesia.
Date: 2026-02-16T15:11:28Z
Network: telegram
Published URL: https://t.me/c/3664625363/583
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54a86314-c39c-467e-9de6-f6053a26e956.png
https://d34iuop8pidsy8.cloudfront.net/aa14dc29-9240-4b89-8c8e-79167d639e13.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Legal Services
Victim Organization: suyud margono & associates law firm
Victim Site: suyudlaw.com
BABAYO ERROR SYSTEM targets the website of Indonesian government
Category: Defacement
Content: The group claims to have defaced the Indonesian government websites.ppid.langkatkab.go.idppid.serdangbedagaikab.go.idppid.simalungunkab.go.idppid.bungokab.go.idppid.manggaraikab.go.idppid.manggaraibaratkab.go.idppid.baritokualakab.go.idppid.parigimoutongkab.go.idppid.jambiprov.go.idppid.deliserdangkab.go.idppid.dairikab.go.id
Date: 2026-02-16T15:06:45Z
Network: telegram
Published URL: https://t.me/c/3664625363/576
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c92c4e5-cf81-4f70-a4dc-2f315b1b46a3.png
Threat Actors: Babayo Error System
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
SERVER KILLERS claims to target Spain
Category: Alert
Content: A recent post by the group indicates that they are targeting Spain.
Date: 2026-02-16T14:40:53Z
Network: telegram
Published URL: https://t.me/ServerKillersRus/4
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f5d4d684-2b6c-47be-bbed-b54ac4312db1.jpg
Threat Actors: SERVER KILLERS
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Spanish Drinking Water Control System
Category: Initial Access
Content: The group claims to have gained unauthorized access to an industrial control system used for managing drinking water filtration in Spain. According to their post, the system allows control over pumps, tank levels, and filtration cycles, potentially affecting critical water infrastructure operations.
Date: 2026-02-16T14:32:38Z
Network: telegram
Published URL: https://t.me/c/2787466017/2313
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f7ca7e66-8fcd-420a-9c4f-170f30fa64d4.png
Threat Actors: NoName057(16)
Victim Country: Spain
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Nandicoirs
Category: Defacement
Content: Group claims to have defaced the website of Nandicoirs.
Date: 2026-02-16T14:24:52Z
Network: telegram
Published URL: https://t.me/c/2433981896/892
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/633cdde1-3d8b-4b19-9f79-9c0b900f6de6.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: India
Victim Industry: Manufacturing & Industrial Products
Victim Organization: nandicoirs
Victim Site: nandicoirs.in
Babayo Error System targets the website of Department of Communication and Informatics (KOMINFO) of Deli Serdang Regency
Category: Defacement
Content: The group claims to have defaced the website of Department of Communication and Informatics (KOMINFO) of Deli Serdang Regency
Date: 2026-02-16T14:22:36Z
Network: telegram
Published URL: https://t.me/c/3664625363/575
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/166487f0-1dcc-48ec-b53b-30d7893ab680.png
Threat Actors: Babayo Error System
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: department of communication and informatics (kominfo) of deli serdang regency
Victim Site: ppid.deliserdangkab.go.id
Russian Legion claims to target Israel
Category: Alert
Content: A recent post by the group indicated that they are targeting Israeli infrastructure, including banks.
Date: 2026-02-16T14:13:45Z
Network: telegram
Published URL: https://t.me/ruLegionn/122
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7805537e-af78-4f65-9282-7a30d65b7731.png
Threat Actors: Russian Legion
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
TEAM MR PLAX targets the website of Datalogics
Category: Defacement
Content: Group claims to have defaced the website of Datalogics.
Date: 2026-02-16T13:55:28Z
Network: telegram
Published URL: https://t.me/mrplaxx/248
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/793f6df7-ff96-466d-8406-652c9844fe98.png
Threat Actors: TEAM MR PLAX
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: datalogics
Victim Site: shop.datalogics.in
Alleged data breach of Mobiuz
Category: Data Breach
Content: The threat actor known as bytetobreach claims to have achieved a full compromise of Mobi UZ (UMS) corporate network, allegedly gaining administrative control over 280 computers and critical domain controllers. The actor asserts they exfiltrated sensitive data including customer ID documents, facial recognition records, and the personal information of approximately 3,000 employees. The breach was facilitated by exploiting vulnerabilities such as ADCS ESC1 certificates and the NetScaler SessionID disclosure (CVE-2024-6235).
Date: 2026-02-16T13:04:42Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-Mobi-UZ-UMS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/32068e42-a791-4a11-b686-a51efdcfa85d.jpg
Threat Actors: bytetobreach
Victim Country: Uzbekistan
Victim Industry: Network & Telecommunications
Victim Organization: mobiuz
Victim Site: mobi.uz
Alleged leak of login credentials to PAMS Kedaidesa
Category: Initial Access
Content: The group claims to have leaked the login credentials to PAMS Kedaidesa
Date: 2026-02-16T12:38:37Z
Network: telegram
Published URL: https://t.me/memek1777/364
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34377978-dc8e-42a3-a536-7c493f5d1732.png
Threat Actors: Gugugaga
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: pams kedaidesa
Victim Site: pams.kedaidesa.id
Alleged breach of Canada Goose Inc
Category: Data Breach
Content: The threat actor claims to have breached 583,000 data from Canada Goose Inc.
Date: 2026-02-16T12:37:16Z
Network: openweb
Published URL: https://leakbase.la/threads/canada-goose-583k.48876/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/156f2697-4b48-4a8f-93e1-f38af0f1eb44.png
Threat Actors: frog
Victim Country: Canada
Victim Industry: Fashion & Apparel
Victim Organization: canada goose inc
Victim Site: canadagoose.com
BABAYO EROR SYSTEM targets the website of Like Indonesia
Category: Defacement
Content: The Group claims to have defaced the website of Like Indonesia.
Date: 2026-02-16T12:31:53Z
Network: telegram
Published URL: https://t.me/c/3664625363/561
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c047fa2e-41c9-4a33-9106-385bcad04740.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: likeindonesia
Victim Site: likeindonesia.com
Alleged leak of login credentials to Kedaton Village
Category: Initial Access
Content: The group claims to have leaked the login credentials to Kedaton Village
Date: 2026-02-16T12:27:10Z
Network: telegram
Published URL: https://t.me/memek1777/366
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b82ea373-dbad-4f3e-92ce-3fa505eb4e4b.jpg
Threat Actors: Gugugaga
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kedaton village
Victim Site: kedaton-bjn.desa.id
Cyber Attack hits Choc FM
Category: Cyber Attack
Content: CHOC FM, a community radio station based in Quebec, Canada, reported a cyberattack that disrupted its digital infrastructure and temporarily affected broadcasting operations. The incident resulted in the loss of certain audio files and internal system functionality, impacting the station’s ability to operate normally. Emergency response measures were implemented to contain the situation, and cybersecurity specialists were engaged to assess the extent of the damage. The Sûreté du Québec has been notified, and an investigation is underway. Restoration efforts are ongoing as the station works to recover affected systems and resume full services securely.
Date: 2026-02-16T12:25:05Z
Network: openweb
Published URL: https://ici.radio-canada.ca/nouvelle/2229291/choc-fm-cyberattaque-radio-station
Screenshots:
None
Threat Actors: Unknown
Victim Country: Canada
Victim Industry: Broadcast Media
Victim Organization: choc fm
Victim Site: choc.fm
Alleged breach of autoici
Category: Data Breach
Content: The threat actor claims to have breached data from autoici .The compromised data includes Account ID, Gender, Full Name, Phone Number, Email and Address.
Date: 2026-02-16T12:06:17Z
Network: openweb
Published URL: https://leakbase.la/threads/fr-auto-ici-fr-french-autodealer.48875/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/48ef566c-8292-4d38-ae77-aad4af28de29.png
Threat Actors: Jacksnow1
Victim Country: France
Victim Industry: Automotive
Victim Organization: autoici
Victim Site: auto-ici.fr
Alleged breach of Warren New Materials
Category: Data Breach
Content: The threat actor claims to have breached data from Warren New Materials
Date: 2026-02-16T11:53:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1243
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7874c4b8-8962-4aab-8dc8-29d24e971775.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Legal Services
Victim Organization: warren new materials
Victim Site: warrennm.com
Alleged data breach of Foxford
Category: Data Breach
Content: The threat acton claims to be selling a massive database belonging to Foxford, a prominent Russian online educational platform. The breach allegedly impacts approximately 13.6 million customers. The compromised information reportedly includes sensitive user details such as full names, email addresses, IP addresses, and partial data on birthdays and physical addresses. To prove the validity of the claim, the actor provided screenshots of CSV files containing millions of records, including specific data on students and school classes
Date: 2026-02-16T11:52:19Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-RU-Foxford-ru-13-6M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c0db6aa-6ecc-4661-aaac-993c6b93e2de.jpg
https://d34iuop8pidsy8.cloudfront.net/de7f60bd-1ea1-4bc5-9128-65f1b9dcab17.jpg
Threat Actors: Angel_Batista
Victim Country: Russia
Victim Industry: Education
Victim Organization: foxford
Victim Site: forford.ru
DEFACER INDONESIAN TEAM targets the website of Halmahera Regency Government
Category: Defacement
Content: Group claims to have defaced the website of Halmahera Regency Government.
Date: 2026-02-16T11:41:11Z
Network: telegram
Published URL: https://t.me/c/2433981896/884
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d24be10-442d-4f16-8b38-c22faa1ed7c7.png
https://d34iuop8pidsy8.cloudfront.net/e5195702-1f32-49b1-b960-40dbf219ef19.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: halmahera regency government
Victim Site: jdih.halbarkab.go.id
TEAM MR PLAX targets the website of Foster Academy
Category: Defacement
Content: Group claims to have defaced the website of Foster Academy.
Date: 2026-02-16T11:32:48Z
Network: telegram
Published URL: https://t.me/mrplaxx/246
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c35136f-d138-4d2f-8bd5-50c2a8d7ee2a.png
Threat Actors: TEAM MR PLAX
Victim Country: India
Victim Industry: Education
Victim Organization: foster academy
Victim Site: fosteracademy.co.in
TEAM MR PLAX targets the website of WP Engine
Category: Defacement
Content: The Group claims to have defaced the website of WP Engine.
Date: 2026-02-16T11:31:30Z
Network: telegram
Published URL: https://t.me/mrplaxx/244
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ccc0c786-5735-40ef-b3cb-a4ba255bb976.jpg
https://d34iuop8pidsy8.cloudfront.net/39887555-fc8f-4c8d-b9c3-26a8da456e13.jpg
Threat Actors: TEAM MR PLAX
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: wp engine
Victim Site: rdhstage.wpengine.com
Alleged unauthorized access to an unidentified Reverse Osmosis Control System from Thailand
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified Reverse Osmosis Control System from Thailand.
Date: 2026-02-16T11:28:50Z
Network: telegram
Published URL: https://t.me/c/3041653742/166
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/31804a23-cca4-443b-b45d-6b4197bbd253.png
Threat Actors: AL-MUJAHIDEEN FORCE 313
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of unidentified organization
Category: Data Breach
Content: The threat actor claims to be selling data from an unidentified organization. The compromised data reportedly contains email addresses, mobile numbers, WhatsApp contacts, and business executive lead information.
Date: 2026-02-16T11:24:59Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-ELITE-GLOBAL-DATA-LEADS-%E2%80%93-UNLOCK-WORLDWIDE-POWER
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b3445b8-3943-4292-a861-b66b7263acce.png
Threat Actors: asfmnry5g
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Chinese Data
Category: Data Breach
Content: The threat actor claims to have leaked 50 billion Chinese Data.The compromised data includes Chinese consumer platforms, business services, logistics providers, and government-related databases.
Date: 2026-02-16T11:14:39Z
Network: openweb
Published URL: https://leakbase.la/threads/massive-chinese-data-collection-leak-50-billion-records-2026.48871/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f60c1c5c-6584-4665-8b98-61e335634a13.png
Threat Actors: SpicyRobot
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Kanwil Kementerian Agama Provinsi Sumatera Selatan
Category: Defacement
Content: Group claims to have defaced the website of Kanwil Kementerian Agama Provinsi Sumatera Selatan.
Date: 2026-02-16T11:08:37Z
Network: telegram
Published URL: https://t.me/c/2433981896/881
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b02c02c4-20ef-4613-ad3e-926ed7c850a1.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: kanwil kementerian agama provinsi sumatera selatan
Victim Site: sumsel.kemenag.go
Alleged Data Leak of 1 Million Crypto Email Database
Category: Data Breach
Content: Threat Actor claims to have leaked the crypto email database containing 1 million records.
Date: 2026-02-16T10:57:44Z
Network: openweb
Published URL: https://leakbase.la/threads/1-million-crypto-email-database.48873/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/58f6d56f-6813-491e-b506-676b59683d68.png
Threat Actors: Pijush507
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to EasyShift Ltd
Category: Initial Access
Content: The group claims to have leaked login credentials to EasyShift Ltd.
Date: 2026-02-16T10:41:41Z
Network: telegram
Published URL: https://t.me/c/2451084701/567619
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b2dc46c-756c-42c0-8fde-066c5cad700d.jpg
Threat Actors: Buscador
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: easyshift ltd
Victim Site: ezshift.co.il
Alleged Data Breach of Raaga
Category: Data Breach
Content: The threat actor claims to be selling a10 million database from Raaga. The compromised data reportedly includes email addresses, names, genders, dates of birth, geographic details, and passwords.
Date: 2026-02-16T10:41:10Z
Network: openweb
Published URL: https://leakbase.la/threads/india-raaga-com-music-streaming-platform-usersdb-10-million-2025.48872/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6dd78fa-2fcc-48a9-b47f-c1fc29e8612e.png
https://d34iuop8pidsy8.cloudfront.net/80f824d3-443a-4836-8761-69efeb4ce623.png
Threat Actors: wonder
Victim Country: India
Victim Industry: Music
Victim Organization: raaga
Victim Site: raaga.com
Alleged Data Breach Of youX
Category: Data Breach
Content: The threat actor FulcrumSec claims to have exfiltrated 141GB of data from the Australian FinTech platform youX, impacting over 444,000 unique borrowers. This alleged breach reportedly includes sensitive information such as government IDs, bank statements, and nearly 230,000 drivers license numbers belonging to customers of various finance brokers. The actor asserts that the company failed to address long-standing vulnerabilities, including unrotated credentials and a lack of multi-factor authentication. In an attempt to pressure the organization, the hackers have begun a staged release of the data on a dark web forum after a failed extortion attempt. The leak allegedly exposes the internal operations of hundreds of brokerages and sensitive financial interactions with major Australian banks.
Date: 2026-02-16T10:14:36Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-FRESH-BREACH-PREVIEW-YOUx-AUSSIE-FINTECH-DLs-MORE-EXPOSED
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c52e9e47-abd1-4d9e-a80a-ab5ea2db6ca6.jpg
https://d34iuop8pidsy8.cloudfront.net/c5b86ddf-0f27-4067-8752-88d4748251a1.jpg
Threat Actors: FulcrumSec
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: youx
Victim Site: youxpowered.com.au
Alleged unauthorized access to Kirovogradoblenergo PJSC in Ukraine
Category: Initial Access
Content: The group claims to have gained unauthorized access to Kirovogradoblenergo PJSC Regional power distribution and two unidentified power stations in Ukraine. They have reportedly claim to have disabled Ukrainian power substations, disrupted electricity distribution, and temporarily paralyzed energy operations by interfering with control systems and damaging equipment
Date: 2026-02-16T10:12:28Z
Network: telegram
Published URL: https://t.me/itarmyofrussianews/330
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3d51368-d6b5-4e63-b29c-60b34aecf750.jpg
https://d34iuop8pidsy8.cloudfront.net/57ca401b-cdde-442d-80c0-56e7fe9cd3ce.jpg
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
AN0M949_GHOST_TRACK targets the website of Russian Foreign Trade Bank
Category: Defacement
Content: Group claims to have defaced the website of Russian Foreign Trade Bank.
Date: 2026-02-16T09:58:11Z
Network: telegram
Published URL: https://t.me/CyaberGhost/723
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3996dee0-9ff4-4006-a457-6bcbce66c9fc.png
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: Russia
Victim Industry: Financial Services
Victim Organization: russian foreign trade bank
Victim Site: rusoseo.org
Alleged data leak of HSBC Mexico
Category: Data Breach
Content: The threat actor claims to have leaked data from HSBC Mexico. The compromised data reportedly contains customer personal and financial information, including names, phone numbers, email addresses, dates of birth, account numbers, transaction histories, payee account information, and statement histories.
Date: 2026-02-16T09:32:29Z
Network: telegram
Published URL: https://t.me/c/3667951656/2208
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/05dbe9e9-2f11-49a8-8ea2-e3f92dc424d7.png
Threat Actors: BFRepoV4Files
Victim Country: Mexico
Victim Industry: Financial Services
Victim Organization: hsbc mexico
Victim Site: hsbc.com.mx
Alleged Sale Of Uncensored Epstein Files
Category: Data Breach
Content: The threat actor claims to be an authorized official assigned to review confidential Epstein-related documents and recordings. They allege that the materials contain incriminating evidence involving high-profile individuals, including political leaders and wealthy elites. The actor further claims they were threatened and offered bribes to suppress the information but refused.NB: The authenticity of the claims is yet to be verified
Date: 2026-02-16T09:26:52Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-Donate-for-Epstein-Files-Leaks
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e667df2-6c93-48f6-b1ae-caee23058241.jpg
Threat Actors: leakofepsteinfiles
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of TooEasy
Category: Data Breach
Content: The threat actor claims to have leaked data from TooEasy. The exposed records allegedly include names, email addresses, phone numbers, IP addresses, and CV/job application information. The shared archive size is approximately 50MB.
Date: 2026-02-16T09:14:43Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-FR-Tooeasy-fr-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dbd56561-169e-4e30-af9f-053e46e0b26a.png
https://d34iuop8pidsy8.cloudfront.net/036c3820-9acf-400a-8a80-ecc2c460b41f.png
Threat Actors: lemophile
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: tooeasy
Victim Site: tooeasy.fr
BABAYO EROR SYSTEM targets the website of SIDESI Ogan Ilir
Category: Defacement
Content: Group claims to have defaced the website of SIDESI Ogan Ilir.
Date: 2026-02-16T07:51:22Z
Network: telegram
Published URL: https://t.me/c/3664625363/560
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9c5a43d-4f65-482e-9ac8-fea4d6ef97c4.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: sidesi ogan ilir
Victim Site: sidesi.oganilirkab.go.id
BABAYO EROR SYSTEM targets the website of PPID Desa Jemberkab
Category: Defacement
Content: Group claims to have defaced the website of PPID Desa Jemberkab.
Date: 2026-02-16T07:14:06Z
Network: telegram
Published URL: https://t.me/c/3664625363/535
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c14a071f-d991-4121-89eb-690696b19e3b.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: ppid desa jemberkab
Victim Site: ppid-desa.jemberkab.go.id
Alleged Sale of WHMCS and Windows VPS
Category: Initial Access
Content: Threat actor claims to be selling access to a WHMCS-based hosting environment that allegedly includes 60 Windows VPS instances.
Date: 2026-02-16T07:02:36Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276169/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7bd8eec4-be6e-48d9-8008-398f4303ca71.png
Threat Actors: MrProfessor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of honey.liore.top
Category: Defacement
Content: The group claims to have defaced the website of honey.liore.top.
Date: 2026-02-16T06:53:54Z
Network: telegram
Published URL: https://t.me/c/3664625363/521
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5bb6e24-f86f-47d2-b15a-b1a6f8ac3b6f.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: honey.liore.top
Alleged Data breach of SMA Trensains Muhammadiyah Sragen
Category: Data Breach
Content: The threat actor claims to be breached 1027 Students data from SMA Trensains Muhammadiyah Sragen. The compromised data reportedly including Name, Gender, Date of birth, mother name, national identification number, national student identification number and student id and information.Note: This organization Was previously breached on January 2026
Date: 2026-02-16T06:17:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-Leaked-By-Zeeone-SMA-Trensains-Muhammadiyah
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63b3dd73-73b4-4519-a767-47e932fe3aca.png
Threat Actors: XZeeoneOfc
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sma trensains muhammadiyah sragen
Victim Site: trensains.sch.id
Alleged Sale of Unauthorized Access to an KFC Shop in Malaysia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a KFC point-of-sale (POS) environment in Malaysia.
Date: 2026-02-16T06:08:37Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276165/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1ea6a8c-ba5f-4af9-94c6-9504a663726f.png
Threat Actors: privisnanet
Victim Country: Malaysia
Victim Industry: Food & Beverages
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Victory Free WiFi
Category: Data Breach
Content: The group claims to have breached data of Victory Free WiFi. The compromised data reportedly includes user id, name, email, phone number, username, password, account, status and photo
Date: 2026-02-16T05:35:35Z
Network: telegram
Published URL: https://t.me/c/2552217515/324
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9ab6012-84d0-429a-8e84-7ca949fffa86.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: Philippines
Victim Industry: Network & Telecommunications
Victim Organization: victory free wifi
Victim Site: victoryfreewifi.site
Alleged Sale of Unauthorized Access to an Manufacturing Company in Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an Italian company specializing in the manufacturing of windows and doors, reportedly based in Notaresco, Italy.
Date: 2026-02-16T05:32:17Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276164/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74eb6f94-6b8f-48c4-ad0f-4736f4561ae7.png
Threat Actors: privisnanet
Victim Country: Italy
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of AIBuilderClub
Category: Data Breach
Content: The threat actor claims to be leaked data from AIBuilderClub. The compromised data reportedly contain 14,000 user records, including email addresses, full names, UUIDs, profile images, customer IDs, subscription price IDs, account timestamps, metadata, and access status indicators.
Date: 2026-02-16T05:19:41Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-AIBuilderClub-com-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9e97d88a-e5b6-435d-b440-ed958dda10c0.png
Threat Actors: Sythe
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: aibuilderclub
Victim Site: aibuilderclub.com
Alleged sale of 174 credit card records
Category: Data Breach
Content: Threat actor claims to be selling 174 credit card records from different countries. The compromised data reportedly includes credit card number, expiry, name, email, phone, and total paid in reservation.
Date: 2026-02-16T05:12:50Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276080/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2885a393-1f92-41d9-a110-26d8d2063237.png
Threat Actors: loznoB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of SMK Negeri 5 Batam
Category: Data Breach
Content: The threat actor claims to be breached 1000 Students data from SMK Negeri 5 Batam. The compromised data reportedly including Name, Gender, Date of birth, National Identification Number, National Student Identification Number and Student ID and information.
Date: 2026-02-16T05:10:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-Leaked-By-Zeeone-Smk-Negri-5-batam
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f1582e6-0ac3-4532-bc89-a9ebc75265f9.png
Threat Actors: XZeeoneOfc
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smk negeri 5 batam
Victim Site: smkn5batam.sch.id
Alleged Data Breach of Universidad de la Sierra Sur
Category: Data Breach
Content: The threat actor claims to have breached the database of Universidad de la Sierra Sur (UNSIS), the dataset contains user accounts, academic records, administrative logs, and platform configuration data.
Date: 2026-02-16T05:02:13Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-MEXICO-EDU-Universidad-de-la-Sierra-Sur-FULL-DB-DUMP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64944dd4-0b06-4f06-926e-47972bba2ddd.png
Threat Actors: Evorax
Victim Country: Mexico
Victim Industry: Education
Victim Organization: universidad de la sierra sur
Victim Site: unsis.edu.mx
Alleged sale of database access to unidentified medical company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized database access to an unidentified medical company in USA and Europe.
Date: 2026-02-16T04:59:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276084/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9328174-f0f3-40b5-a810-20eb3bbc9ec5.png
Threat Actors: DaveGrol91
Victim Country: USA
Victim Industry: Medical Equipment Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Pemerintah Provinsi Jawa Tengah
Category: Data Breach
Content: The threat actor claims to be breached data from Pemerintah Provinsi Jawa Tengah. The compromised data reportedly including Complainants full name, Telephone/Mobile Number, Address and Social media accounts information.
Date: 2026-02-16T04:51:35Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DOCUMENTS-Leaked-Database-of-Public-Reports-to-the-Governor-of-Central-Javaan
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6fb6b811-1b6f-4e8a-85e4-f86f452e2f3c.png
Threat Actors: XZeeoneOfc
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: pemerintah provinsi jawa tengah
Victim Site: jatengprov.go.id
BABAYO EROR SYSTEM targets the website of Rohit Enterprise
Category: Defacement
Content: The group claims to have defaced the website of Rohit Enterprise
Date: 2026-02-16T04:30:32Z
Network: telegram
Published URL: https://t.me/c/3664625363/517
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f94a95d-f16d-40b2-9dfc-f4b20576cea8.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Textiles
Victim Organization: rohit enterprise
Victim Site: rohitenterprise-re.in
BABAYO EROR SYSTEM targets the website of Amazon Luxury Apartment
Category: Defacement
Content: The group claims to have defaced the website of Amazon Luxury Apartment.
Date: 2026-02-16T04:14:54Z
Network: telegram
Published URL: https://t.me/c/3664625363/514
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab24e03f-fa25-4749-95cf-0581923f9b65.png
https://d34iuop8pidsy8.cloudfront.net/2f22f89b-aea8-43e6-873a-1325cffa3b24.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Nigeria
Victim Industry: Real Estate
Victim Organization: amazon luxury apartment
Victim Site: amazonluxuryapartment.com
Alleged Data breach of Pickett and Associates, LLC
Category: Data Breach
Content: The threat actor claims to be selling 139.1 GB – 892 GB data from Pickett and Associates, LLC. The compromised data reportedly including operational engineering data, infrastructure analysis, modeling, risk assessment and specialized research information.
Date: 2026-02-16T04:10:45Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-Pickett-USA-Engineering-Data-Dump-American-Electricity-Infrastructure
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f20f19e8-f5e4-4dd0-bf7e-3fc5c003b566.png
Threat Actors: zestix
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: pickett and associates, llc
Victim Site: pickettusa.com
BABAYO EROR SYSTEM targets the website of Vossop Corporate
Category: Defacement
Content: The group claims to have defaced the website of Vossop Corporate.
Date: 2026-02-16T04:00:24Z
Network: telegram
Published URL: https://t.me/c/3664625363/517
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa89900c-8fce-4ac8-bff3-5edf8524d8ca.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Import & Export
Victim Organization: vossop corporate
Victim Site: vossopcorporate.com
Alleged Leak of Customer Full Profile and IBAN Information data from Spain
Category: Data Breach
Content: The threat actor claims to be leaked Customer Full Profile and IBAN Information data from Spain. The compromised data reportedly contain 100,000 Spanish customer profile records includes Customer identifiers, Full name, address, Payment metadata, IBAN and BIC fields
Date: 2026-02-16T03:36:21Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SPAIN-FULL-INFO-WITH-IBAN
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/72903c64-8255-499a-9c39-3f9fb683c2fa.png
Threat Actors: TelephoneHooliganism
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of Belmedicare Hospital
Category: Defacement
Content: Group claims to have defaced the website of Belmedicare Hospital.
Date: 2026-02-16T03:32:00Z
Network: telegram
Published URL: https://t.me/c/3664625363/514
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8fec6fa9-18fd-4a3a-aea1-5badb37388a5.png
https://d34iuop8pidsy8.cloudfront.net/5503b8fe-6c0b-4e05-9990-239eabc3190a.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Nigeria
Victim Industry: Hospital & Health Care
Victim Organization: belmedicare hospital
Victim Site: belmedicare.ng
Alleged access to camera system in Indonesia
Category: Initial Access
Content: The group claims to have gained access to an camera server in Indonesia
Date: 2026-02-16T02:23:12Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3724
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca8e50cb-edfc-4711-870f-222176d47083.png
https://d34iuop8pidsy8.cloudfront.net/8bceb766-617d-4a54-bf90-670a01d289a9.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Unidentified E‑Commerce Customer Profiles and IBAN Data from Germany
Category: Data Breach
Content: The threat actor claims to be leaked Unidentified E‑Commerce Customer Profiles and IBAN Data from Germany. The compromised data reportedly contain 100K records includes Customer identifiers, Full name, Email address, phone number, Account metadata, IBAN and BIC fields
Date: 2026-02-16T01:30:07Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DE-E%E2%80%91Commerce-Full-Profile-Dataset-WITH-IBAN
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f264f69-c455-4aa7-8291-a1247ab51884.png
Threat Actors: TelephoneHooliganism
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of WordPress Admin and Cpanel access
Category: Initial Access
Content: Threat actor claims to be selling large volumes of validated WordPress admin (WP-ADMIN) and cPanel login credentials. The actor states that logins are checked for validity prior to sale, and that WordPress credentials include confirmed access to the admin panel and plugins.There are no accesses on sale with domain zones such as ru, su, by, ua, kz, md.
Date: 2026-02-16T00:06:03Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276156/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/489795df-78ae-4099-8880-ee5820bd4478.png
Threat Actors: HackIcon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified PrestaShop from Chile
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a PrestaShop-based e-commerce website located in Chile (CL). The listing indicates the store uses a redirect-based payment form.
Date: 2026-02-16T00:03:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276159/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eae65c78-fc1b-4327-bc6c-9b15c24a80f4.png
Threat Actors: WOC
Victim Country: Chile
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized WordPress access to an unidentified Shop in UK
Category: Initial Access
Content: Threat actor claims to be selling unauthorized administrator access to a WordPress-based e-commerce shop located in the United Kingdom (UK). The listing states the website processes payments through a credit card iframe integration.
Date: 2026-02-16T00:01:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276161/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85147b20-57f8-4c45-a49a-a5cc33f2c87d.png
Threat Actors: ed1n1ca
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown