1. Executive Summary
The analyzed dataset reveals a highly active and diverse cyber threat environment characterized by massive data exfiltration, the sale of initial access to corporate and government networks, and widespread website defacements. Threat actors are heavily leveraging Telegram and open-web forums to publish, leak, or sell compromised assets. The incidents span multiple continents, with heavy concentrations of attacks targeting government entities in the Middle East, corporate infrastructure in Europe and the United States, and educational/public institutions in Southeast Asia.+4
2. Threat Actor Profiling
Several prominent threat actors and groups demonstrated significant operational tempo during this period:
- Shadow Cyber Security: This group exhibited a highly targeted campaign against Iranian infrastructure.+2
- They claimed breaches against the Legal Medicine Organization of the Islamic Republic of Iran.
- They targeted Sharif University of Technology.
- They compromised the Iranian Traffic Police.
- They leaked data from the National Iranian Oil Company.
- They targeted various government administration bodies, including the Assembly of Experts for Leadership and the National Organization for Civil Registration.+1
- TelephoneHooliganism: Operating primarily as a data broker on open-web forums, this actor focuses on massive consumer and citizen databases.+3
- They offered 472k records from Skandix (Germany).+1
- They sold data from Vinatis (France) and Tokmanni (Finland).+3
- They compromised government and social databases, including the Belgian Federal Public Service Social Security (182K records) and the Bangladesh Election Commission (423K records).+3
- A K U L A v 2 .: This actor specializes in leaking high-profile government login credentials via Telegram.+1
- They claimed to leak credentials for Israel’s Prime Minister’s Office.
- They leaked credentials for the Martyrs Foundation in Iraq.
- They compromised Iran’s Strategic Management Center of National Cyberspace Security.
- Big-Bro: An Initial Access Broker (IAB) selling corporate network entry points.+4
- They offered unauthorized Sophos VPN and Domain User access to a UK company.
- They sold similar Sophos VPN access to a US manufacturing company.
- They listed Domain Admin and Forti access for a logistics company in Peru.
- Defacement Groups (BABAYO EROR SYSTEM & maulnism1337): These actors executed high-volume defacement campaigns, primarily targeting educational and organizational websites in Indonesia and India.+4
3. Critical Infrastructure and Industrial Control Systems (ICS)
Attacks on critical infrastructure represent severe physical and operational risks.
- Facility in Sweden: The threat actor NoName057(16) claimed full access to an industrial equipment management system via SSE Alarm.+1
- The actor alleged the ability to control tank fluid levels, manage steam boiler parameters (pellet and oil units), and regulate steam reduction valves.
- They claimed capabilities to access emergency logs and remotely start or stop technological processes.
- Greenhouse Automation, South Korea: The group AL-MUJAHIDEEN FORCE 313 claimed access to an Automatic Nutrient Dosing & Irrigation Control System.
- QatarEnergy: The actor Montaro claimed to sell 17,882 personnel records and 4.5 TB of historical data (2015–2026) spanning AWS, Azure AD, and Microsoft SQL Server databases.
4. Government and Public Sector Breaches
The government sector suffered extensive data exfiltration and credential theft across multiple nations.
| Victim Organization | Country | Threat Actor | Compromised Data / Incident Details | Citation |
| Zagora Province | Morocco | Dz-Al-Qaqa | Alleged leak of admin credentials. | |
| Turkish Citizen Database | Turkey | Kirigaya | 53.5 MB JSON file with ~289,770 records including national IDs (TCK). | |
| Kuwait Ministry of Finance | Kuwait | KashPatel | 7.23GB database (10,009 records) containing land contracts and farm ownership data. | |
| Working Group for Determining Instances of Criminal Content | Iran | Shadow Cyber Security | Database breach shared via external channels. | |
| Ministry of Health and Population | Egypt | elJefeDonBiazzi | ~64 million records with PII, national IDs, and medical council data. | |
| Conselho Federal de Medicina Veterinária | Brazil | TelephoneHooliganism | Contact details and veterinary license applications. | |
| NYS Division of Veterans Services | USA | XZeeoneOfc | Internal EMR project timeline and administrative data. | |
| GuideStar Israel | Israel | Anonymous Algeria | Contact list allegedly belonging to parents of a religious school. | |
| Dukcapil North Bengkulu | Indonesia | MrLolzzz | Data belonging to civil registration officials. | |
| Malaysian Royal Police | Malaysia | dope | Unauthorized webmail account access. | |
| Pakistan Military | Pakistan | Jon1234 | Military personnel data including names, emails, and mobile numbers. |
5. Healthcare Sector Compromises
Healthcare systems are highly targeted due to the sensitive nature of Protected Health Information (PHI).
- Livingston HealthCare (USA): Experienced a cyber attack that disrupted internal operations, network infrastructure, and phone services, requiring stabilization and recovery efforts.
- Clarinda Regional Health Center (USA): The actor killaTheGoat claimed to have leaked over 22GB of data.
- Shandong Provincial Mental Health Center (China): The actor redpin advertised the sale of unauthorized access to the facility.
6. Corporate, Retail, and Consumer Data Exposure
A massive volume of consumer Personally Identifiable Information (PII) was exposed across global e-commerce and corporate platforms.
- Massive Data Aggregations: * Actor Citizen FearGrip claimed a 50 billion record leak from China containing consumer, e-commerce, and logistics datasets.
- Actor herefortheoofs claimed to sell a database of 1 million Spanish citizens, allegedly sourced from an unsecured AWS bucket, containing DNI numbers and location details.
- Retail & E-commerce:
- CarGurus, Inc. (USA): ShinyHunters claimed a breach of over 1.7 million records containing PII and corporate data.
- Booktopia (USA/Aus): 478K user records compromised, including order histories and support tickets.
- Sankewang (China): Leak of customer communications, support tickets, and purchase history.
- Goldsmiths (UK) & Valmano (Germany): Actor blackwinter99 leaked customer account statuses, authentication fields, and contact information.+1
- Telecommunications & Technology:
- Reglo Mobile (France): 84City claimed to leak 358,000 user records, including JWT tokens, login credentials, and IDs.
- Session (Switzerland): Data leak claimed by B F R e p o V 4 F i l e s.
- Dell MBO Connect (India): Sanguine claimed a breach involving KYC verifications and user info.
- Corporate Data:
- RTL Group (Luxembourg): LuneBF claimed to leak data on over 27,000 employees, including physical work addresses and phone numbers.
- Taxes Software (Argentina): Montaro claimed exfiltration of 4.7GB of financial records, including SQL dumps and AFIP production certificates.
7. Initial Access Brokers (IABs) and Malware
The commodification of network access and malware tools enables secondary attacks like ransomware.
- Initial Access Offerings:
- Lycée Carnot Paris (France): Tenere700 claimed unauthorized portal access, extracting roughly 5K records.
- RETABET GROUP (Spain): NoName057(16) claimed unauthorized access to the organization’s CCTV cameras.
- phpMyAdmin Access: Actor hubert sold 150 unauthorized accesses (83 admin privilege, 67 user privilege).
- ASAJA Jaén (Spain): Tamnaamm sold unauthorized API access exposing user IDs and state information.
- Egyptian Food Company: decipher claimed to sell unauthorized email access to an accountant.
- Malware & Vulnerabilities:
- Babuk Locker: Advertised Ransomware-as-a-Service (RaaS) alongside access to multiple unidentified databases.
- Stealth Hidden Cryptominer: Actor svox11 promoted malware capable of running silently, bypassing AV detection, embedding in legitimate files, and blocking recovery tools.
- Single Sign On Kementerian Agama (Indonesia): BABAYO EROR SYSTEM claimed to leak vulnerabilities related to the government SSO portal.
8. Financial and Event Data Exposures
- Financial Services: * Saraf app (Iran): stalker8083 claimed to sell millions of user financial records, bank details, and API keys.
- Wonder Rates, Inc (USA): FulcrumSec claimed a database breach.
- FunderNation (Germany): killaTheGoat sold investor-related information and financial data.
- Global Credit Cards: Breachedforum actor sold 500K credit card records (January 2026 data) , while actor corptoday sold 300 USA credit card records including CVV2 and full addresses.+1
- Abu Dhabi Finance Week (UAE): Discovered a breach via an unprotected third-party cloud storage server, exposing passport scans of over 700 attendees, including David Cameron and Anthony Scaramucci; the vulnerability was secured with no evidence of internal system access.
9. Conclusion
The analyzed intelligence data indicates a relentless and highly organized cyber threat landscape. Threat actors are aggressively targeting both public sector infrastructure and private corporate networks globally. The heavy reliance on Initial Access Brokers highlights a thriving underground economy where network entry is commodified. Furthermore, the exposure of industrial control systems (ICS) and sensitive healthcare operations underscores the potential for physical and operational harm stemming from these digital breaches. Organizations must prioritize securing third-party vendor connections , hardening VPN and API endpoints, and mitigating the risk of unauthorized database exposures.+4
Detected Incidents Draft Data
- Alleged leak of login credentials to Israels Prime Ministers Office
Category: Data Breach
Content: The group claims to have leaked login credentials to Israels Prime Ministers Office
Date: 2026-02-18T22:51:44Z
Network: telegram
Published URL: https://t.me/c/1943303299/1068301
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f53b62e4-ebc6-49b7-a75d-de47c7be1eff.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: prime ministers office
Victim Site: pmo.gov.il - Alleged leak of admin credentials to Zagora Province
Category: Initial Access
Content: The group claims to have leaked admin credentials to Zagora Province
Date: 2026-02-18T22:49:44Z
Network: telegram
Published URL: https://t.me/Abu_Alqe3Qa3/14
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3bb6a492-f8ac-440d-9a24-018641f7b4ca.png
Threat Actors: Dz-Al-Qaqa
Victim Country: Morocco
Victim Industry: Government & Public Sector
Victim Organization: zagora province
Victim Site: invest.gov.ma - Alleged leak of login credentials to Martyrs Foundation
Category: Data Breach
Content: The group claims to have leaked login credentials to Martyrs Foundation
Date: 2026-02-18T22:42:54Z
Network: telegram
Published URL: https://t.me/c/1943303299/1068280
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7f52728-7b95-43a2-a45e-fd7e5c4f1f63.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Government & Public Sector
Victim Organization: martyrs foundation
Victim Site: alshuhadaa.gov.iq - Alleged leak of login credentials to Strategic Management Center of National Cyberspace Security (AFTA) in Iran
Category: Data Breach
Content: The group claims to have leaked login credentials to Strategic Management Center of National Cyberspace Security (AFTA) in Iran
Date: 2026-02-18T22:13:27Z
Network: telegram
Published URL: https://t.me/c/1943303299/1068004
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb130644-4271-40b1-9365-0f7cdcc6683c.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government & Public Sector
Victim Organization: strategic management center of national cyberspace security
Victim Site: afta.gov.ir - Alleged leak of login credentials to Irans Strategic Management Center of National Cyberspace Security
Category: Data Breach
Content: The group claims to have leaked login credentials to Irans Strategic Management Center of National Cyberspace Security
Date: 2026-02-18T22:07:10Z
Network: telegram
Published URL: https://t.me/c/1943303299/1068015
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63a8d1fe-412c-40ef-bd76-2d1099cc29e6.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government & Public Sector
Victim Organization: strategic management center of national cyberspace security
Victim Site: ito.gov.ir - Alleged data leak of Turkish Citizen Database
Category: Data Breach
Content: A threat actor posted a database allegedly containing Turkish citizen information. The data is offered in JSON format with a stated size of 53.5 MB and approximately 289,770 raw records. the dataset allegedly includes fields such as firm title, city ID, tax office name, town, address, and TCK (Turkish national identification number).
Date: 2026-02-18T22:01:36Z
Network: openweb
Published URL: https://darkforums.me/Thread-TurkishCitizen
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e710613c-e876-48ef-945d-02bca5167f05.png
Threat Actors: Kirigaya
Victim Country: Turkey
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to unidentified industrial equipment management system in Sweden
Category: Initial Access
Content: The group claims to have gained full access to an industrial equipment management system at a facility in Sweden, reportedly utilizing SSE Alarm. According to the statement, the actor alleges the ability to monitor and control tank fluid levels via sensor systems and emergency thresholds, manage steam boiler parameters (including pellet and oil units) with PID controller adjustments, regulate steam reduction valves in both manual and automatic modes, access emergency logs and service functions, and start or stop technological processes remotely.
Date: 2026-02-18T21:33:22Z
Network: telegram
Published URL: https://t.me/c/2787466017/2366
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ecdfb185-88eb-4594-a582-c9a29b03a9dd.png
Threat Actors: NoName057(16)
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Legal Medicine Organization of the Islamic Republic of Iran
Category: Data Breach
Content: Threat Actor claims to have breached the database of Legal Medicine Organization of the Islamic Republic of Iran.
Date: 2026-02-18T20:50:36Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/375
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c321d165-98c9-49ed-bdbb-862c0e554989.png
https://d34iuop8pidsy8.cloudfront.net/63f47ff3-59ab-4dc0-8af7-e511ae6fe7b1.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: legal medicine organization of the islamic republic of iran
Victim Site: lmo.org.ir - Alleged data breach of Kuwait Ministry of Finance
Category: Data Breach
Content: A threat actor claims to have leaked a partial database allegedly belonging to the Kuwait Ministry of Finance. The exposed data allegedly includes partial lands contracts and records related to companies and individuals owning farms in Kuwait. The database is described as containing approximately 10,009 records (7.23GB) in XLSX and PDF formats.
Date: 2026-02-18T20:45:21Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-Kuwait-Ministry-Of-Finance-2025-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/965f0a2d-c3f3-40e8-8288-7875799b0726.png
Threat Actors: KashPatel
Victim Country: Kuwait
Victim Industry: Government & Public Sector
Victim Organization: kuwait ministry of finance
Victim Site: mof.gov.kw - Alleged data breach of Sharif University of Technology
Category: Data Breach
Content: The group claims to have breached the organisations data.
Date: 2026-02-18T20:41:21Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/375
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5fd41ced-0638-418f-831e-06353798ff5b.png
https://d34iuop8pidsy8.cloudfront.net/be89eee1-ea16-43ec-8b6e-59c1c356fbc3.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Education
Victim Organization: sharif university of technology
Victim Site: en.sharif.edu - Alleged data breach of Iranian Traffic Police
Category: Data Breach
Content: The group claims to have breached the database of Iranian Traffic Police and have shared it via an external distribution channel
Date: 2026-02-18T20:40:12Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/375
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3aea56ff-c76c-4f0e-9712-d433261c9f12.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Law Enforcement
Victim Organization: iranian traffic police
Victim Site: rahvar120.ir - Alleged data leak of Iran data
Category: Data Breach
Content: The group claims to leaked data from Iran which involves approximately 45,000 individuals, the released data reportedly includes full names, residential addresses, phone numbers, and additional personal details, compiled into a 933-page PDF document
Date: 2026-02-18T20:34:29Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/376
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cda27343-a208-453d-894b-64a0bf747daf.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Wallex Exchange
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to Wallex, an Iran-based cryptocurrency exchange.
Date: 2026-02-18T20:29:00Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/375
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bef3c885-5b02-470e-9d92-24c370e5ff20.png
https://d34iuop8pidsy8.cloudfront.net/b5e7aa06-1395-41bf-977b-d91044d14e52.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Financial Services
Victim Organization: wallex exchange
Victim Site: wallex.ir - Alleged data breach of Research Institute for Islamic Culture and Thought (IICT) in Iran
Category: Data Breach
Content: The group claims to have breached the database of Research Institute for Islamic Culture and Thought (IICT) in Iran and have shared it via an external distribution channel
Date: 2026-02-18T20:23:52Z
Network: telegram
Published URL: https://t.me/ShadowUploderbot?start=cb9b83dcfb81
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4aa35a84-0e4f-4700-a651-56a6be6a5ca2.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Research Industry
Victim Organization: research institute for islamic culture and thought (iict) in iran
Victim Site: iict.ac.ir - Alleged data breach of Working Group for Determining Instances of Criminal Content (WGDICC)
Category: Data Breach
Content: The group claims to have breached the database of Irans Assembly of Experts for Leadership and have shared it via an external distribution channel
Date: 2026-02-18T20:19:02Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/375
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dcc9c7d3-0cf5-41f0-94c6-76208c202609.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Government & Public Sector
Victim Organization: working group for determining instances of criminal content (wgdicc)
Victim Site: internet.ir - Alleged data breach of RTL Group
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to RTL Group. the data reportedly includes information on over 27,000 employees. The compromised data is said to contain full names, email addresses, physical work addresses, and both work and personal phone numbers. A sample file is provided to demonstrate the alleged contents of the dataset.
Date: 2026-02-18T20:01:31Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-RTL-Group-Employees-27k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47cd8618-c3e8-49da-aef5-c58edf9771a1.png
Threat Actors: LuneBF
Victim Country: Luxembourg
Victim Industry: Entertainment & Movie Production
Victim Organization: rtl group
Victim Site: rtlgroup.com - Alleged Sale of Unauthorized Sophos VPN and Domain User Access to an Unidentified Company in UK
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized Sophos VPN and Domain User Access to a unidentified company in UK.
Date: 2026-02-18T19:53:20Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276364/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c654002e-32ca-48e5-9b2b-33772fbde68a.png
Threat Actors: Big-Bro
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Sophos VPN and Domain User Access to a Manufacturing Company in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a USA based manufacturing company, which includes Sophos VPN access with domain user privileges.
Date: 2026-02-18T19:51:51Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276362/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cfafafb8-de7a-44cf-9b3b-7c51940deb5c.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized Portal Access to Lycée Carnot Paris
Category: Initial Access
Content: The threat actor claims to have obtained portal access and leaked data related to Lycée Carnot in Paris. the dataset is described as a small extract (~5K records) allegedly sourced via unauthorized portal access.
Date: 2026-02-18T19:41:24Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FR-LYC%C3%89E-CARNOT-PARIS-5K-Extract-by-Portal-acces
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f34a7d1-4e96-4a67-aad4-0905a5c164dd.png
Threat Actors: Tenere700
Victim Country: France
Victim Industry: Education
Victim Organization: lycée carnot paris
Victim Site: carnot-paris.fr - Alleged Sale of Unauthorized Domain Admin Access and Forti Access to Multiple Companies in Peru
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized domain admin access and Forti access to an organization in Peru operating in the logistics and business services sector.
Date: 2026-02-18T19:39:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276354/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/614d86e1-0a70-4268-b3a6-ec0e44c214a0.png
Threat Actors: Big-Bro
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of RaaS and Multiple Unidentified Databases
Category: Malware
Content: A Group claims to be selling Raas along with access to multiple unidentified databases.
Date: 2026-02-18T19:22:32Z
Network: telegram
Published URL: https://t.me/BabukLockerOfficial/153
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36b29c4f-2091-4318-9233-ae609e16071b.png
https://d34iuop8pidsy8.cloudfront.net/82cf9544-3594-45f4-a46c-7ed6aca8bc84.png
Threat Actors: Babuk Locker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Skandix
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly sourced from Skandix, a German automotive parts retailer. the database includes customer contact details, order records, and delivery logs. the leakde data contains names, emails, phone numbers, billing and shipping addresses, order histories, payment and shipping information, and logistics tracking records, with sample snippets shared to demonstrate the structure of the dataset.
Date: 2026-02-18T19:22:06Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-472k-Germany-www-skandix-de-Customer-contacts-including-names-emails-phones-addre
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0857d1be-37b4-47a2-9b8c-5c73eb48a0c8.png
Threat Actors: TelephoneHooliganism
Victim Country: Germany
Victim Industry: Automotive
Victim Organization: skandix
Victim Site: skandix.de - Alleged data leak of 1M Spanish persons database
Category: Data Breach
Content: The threat actor claims to be selling a dataset of 1M Spanish persons ,allegedly sourced from an unsecured AWS bucket. the database contains personal information on approximately one million individuals in Spain, including emails, phone numbers, names, national ID numbers (DNI), location details, and additional demographic and household-related data fields.
Date: 2026-02-18T19:01:31Z
Network: openweb
Published URL: https://breachforums.as/Thread-1M-Spanish-persons-from-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a25f5b9a-4658-4a87-a542-d92a82ce8a56.png
Threat Actors: herefortheoofs
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Global New Investors Database
Category: Data Breach
Content: The threat actor claims to be selling a database Global New Investors Data allegedly containing information on around one million investor leads. the dataset includes personal and investment-related details such as names, investor type, funds of interest, capital allocation intent, campaign tracking data, email addresses, phone numbers, accredited investor status, lead owner details, and country information.
Date: 2026-02-18T18:58:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-Global-New-Investors-Data-1M-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac5fde84-e3cb-4bb7-bbbf-b92362228475.png
Threat Actors: alexE666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Israel accounts and bank cards
Category: Data Breach
Content: The group claims to have leaked Israel accounts and bank card details
Date: 2026-02-18T18:57:13Z
Network: telegram
Published URL: https://t.me/anonymous_algeria_Original/3135?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6067614d-b52d-4cf0-8b10-fbb81696e345.jpg
Threat Actors: Anonymous Algeria
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of btconnect.com
Category: Data Breach
Content: Threat Actor claims to have leaked the database of btconnect.com, allegedly exposing approximately 49,999 records. The dataset contains crypto and financial lead information in XLSX format, including email addresses, full addresses, city, county/state, and country details.
Date: 2026-02-18T18:54:33Z
Network: openweb
Published URL: https://leakbase.la/threads/btconnect-com-uk.48924/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a098c03-69b3-412c-955f-289d9af96429.png
Threat Actors: jacksparrow30
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Vinatis
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly sourced from Vinatis, a French online wine retailer. the database contains customer contact details, billing and shipping information, order records, and delivery logs. the leaked data includes names, emails, phone numbers, addresses, order history, payment and shipping details, and logistics tracking informations.
Date: 2026-02-18T18:44:37Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-412k-France-https-www-vinatis-com-Customer-contacts-billing-shipping-email-pho
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2434c5f3-5351-43ce-9832-4715fc9eda19.png
Threat Actors: TelephoneHooliganism
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: vinatis
Victim Site: vinatis.com - Alleged data breach of Tokmanni
Category: Data Breach
Content: The threat actor claims to be offering a dataset allegedly sourced from Tokmanni’s retail operations in Finland. the data is structured into three main sections—contact, order, and address records—containing customer details such as names, emails, phone numbers, billing and shipping addresses, order history, payment-related metadata, and delivery information.
Date: 2026-02-18T18:38:08Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-473k-Finland-https-www-tokmanni-fi-Retail-customer-records-with-emails-addres
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ec8e2e0-f606-4db7-9dbb-81bcbcddfeca.png
Threat Actors: TelephoneHooliganism
Victim Country: Finland
Victim Industry: Retail Industry
Victim Organization: tokmanni
Victim Site: tokmanni.fi - Alleged data breach of NEJ.cz
Category: Data Breach
Content: A threat actor claims to be selling a dataset allegedly sourced from NEJ.cz containing approximately 284k records. The database reportedly includes personal contact details, booking and service history, and customer identity verification information. Exposed data fields are said to include names, emails, phone numbers, addresses, account details, booking records, and verification-related information.
Date: 2026-02-18T17:52:33Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-284k-Czech-Republic-https-www-nej-cz-Personal-contact-data-including-emails-p
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff78383f-27cc-4876-a5d8-db522408629f.png
Threat Actors: TelephoneHooliganism
Victim Country: Czech Republic
Victim Industry: Network & Telecommunications
Victim Organization: nej.cz
Victim Site: nej.cz - Alleged data breach of Ministry of Health and Population Egypt
Category: Data Breach
Content: A threat actor claims to have leaked a large database from an electronic platform managed by Egypt’s Ministry of Health and Population, specifically linked to the General Administration of Specialized Medical Councils. the dataset contains approximately 64 million records with extensive personally identifiable information (PII), including national ID numbers, names in Arabic, birth and death dates, gender, addresses, phone numbers, email addresses, professional details, and city information.
Date: 2026-02-18T17:48:13Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-mohp-gov-eg-A-cms-of-the-ministry-of-health-of-egypt
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a1ba581-0780-4b8d-a5ec-12cebf75cbf0.png
Threat Actors: elJefeDonBiazzi
Victim Country: Egypt
Victim Industry: Government & Public Sector
Victim Organization: ministry of health and population egypt
Victim Site: mohp.gov.eg - Alleged sale of Stealth Hidden Cryptominer Malware
Category: Malware
Content: A threat actor is promoting a hidden cryptomining malware,advertising its ability to operate stealthily on infected systems while bypassing antivirus detection and security defenses. The malware is described as capable of running silently in the background, embedding into legitimate files, maintaining persistence, and blocking recovery or security tools
Date: 2026-02-18T17:17:27Z
Network: openweb
Published URL: https://xss.pro/threads/146007/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e95ee2f-33d4-45d7-9b5c-5cbcec1b5c39.png
Threat Actors: svox11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Irans National Organization for Civil Registration
Category: Data Breach
Content: The group claims to have breached the database of Irans National Organization for Civil Registration and have shared it via an external distribution channel.
Date: 2026-02-18T17:07:43Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/372
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a25033d-37a2-45a8-9388-b104492bf12e.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Government & Public Sector
Victim Organization: national organization for civil registration of iran
Victim Site: sabteahval.ir - Alleged data breach of Store.bg
Category: Data Breach
Content: A threat actor claims to be offering a database allegedly sourced from Store.bg, a Bulgarian online retail platform. The dataset is said to contain approximately 4 million records, including customer names, email addresses, phone numbers, and physical addresses.
Date: 2026-02-18T17:05:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-store-bg-Bulgaria
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8b6e4d7-7811-4bbb-989d-2d772d1e890a.png
Threat Actors: Jurak
Victim Country: Bulgaria
Victim Industry: E-commerce & Online Stores
Victim Organization: store.bg
Victim Site: store.bg - Alleged data breach of Conselho Federal de Medicina Veterinária
Category: Data Breach
Content: A threat actor claims to be selling a dataset allegedly obtained from Brazil’s Federal Council of Veterinary Medicine (CFMV). The database reportedly includes veterinary professionals’ contact details, veterinary license application records, and animal health incident reports. Exposed information may contain personal and professional contact data, application and licensing details, and incident reporting records related to animal health cases.
Date: 2026-02-18T17:01:47Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-728k-Brazil-https-www-cfmv-gov-br-Veterinary-professionals-contact-and-registra
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/683f6071-93f8-4ebb-9826-75b4dd972bc9.png
Threat Actors: TelephoneHooliganism
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: conselho federal de medicina veterinária
Victim Site: cfmv.gov.br - Alleged data breach of Belgian Federal Public Service Social Security
Category: Data Breach
Content: A threat actor claims to be selling a dataset allegedly sourced from Belgium’s social security systems containing approximately 182K detailed personal records. The exposed data reportedly includes national ID numbers, personal contact details, addresses, benefit application records, and support ticket information. The dataset is advertised on underground forums and described as containing interconnected contact, benefit, and case management data, indicating a potential leak of sensitive personal and social security administrative information.
Date: 2026-02-18T16:56:56Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-182k-Belgium-Full-belgian-Info-Detailed-personal-records-including-IDs-contacts
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe8ffed7-49aa-45b1-b7b8-e2c74384dc1f.png
Threat Actors: TelephoneHooliganism
Victim Country: Belgium
Victim Industry: Government Administration
Victim Organization: belgian federal public service social security
Victim Site: socialsecurity.be - Alleged data breach of Booktopia
Category: Data Breach
Content: A threat actor claims to be offering a dataset allegedly sourced from Booktopia containing approximately 478K user records. The exposed data reportedly includes customer contact information such as names, email addresses, phone numbers, and account details, along with order histories and support ticket records.
Date: 2026-02-18T16:46:22Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-478k-Australia-https-www-booktopia-com-au-User-account-data-including-emails
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77b94900-2d1b-489f-a4a2-b83f4c114749.png
Threat Actors: TelephoneHooliganism
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: booktopia
Victim Site: booktopia.com.au - Alleged data breach New York State Division of Veterans Services
Category: Data Breach
Content: A threat actor claims to be sharing data related to the New York State Division of Veterans Affairs EMR project timeline and events. which includes references to government portal access and provides a downloadable file allegedly containing internal dataset information. The exposed data release as a public exposure of administrative and project-related data, suggesting a potential leak of internal documentation or records associated with veterans’ services systems and digital infrastructure.
Date: 2026-02-18T16:46:01Z
Network: openweb
Published URL: https://breachforums.as/Thread-DOCUMENTS-New-York-State-Division-of-Veterans-Affairs-EMR-Project-Timeline-and-Events
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9441f88-7098-46b4-99e9-ee18d777621e.png
Threat Actors: XZeeoneOfc
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: new york state division of veterans services
Victim Site: veterans.ny.gov - Alleged data leak of Bangladesh Election Commission
Category: Data Breach
Content: A threat actor claims to be selling a dataset allegedly sourced from Bangladesh’s National ID service portal containing approximately 423K records. The exposed data reportedly includes national ID details, personal contact information, demographic data, and service application records. The dataset is described as containing citizen contact profiles, government service applications, and support ticket information, suggesting a potential breach involving sensitive personal and administrative data from Bangladesh’s national identification and public service systems.
Date: 2026-02-18T16:41:57Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-423k-Bangladesh-https-services-nidw-gov-bd-National-ID-and-personal-contact-re
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e2b8a3c5-dc69-44cf-abd4-7ccf3e4ad491.png
Threat Actors: TelephoneHooliganism
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Sankewang
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly sourced from Sankewang containing contact information, communication records, support tickets, and order history data. The exposed dataset is said to include customer names, email addresses, phone numbers, profile details, support interactions, and transaction records. The data is described as structured across multiple sections covering contacts, customer service communications, and purchase history, indicating a potential leak of customer and operational records associated with the platform’s internal systems.
Date: 2026-02-18T16:38:26Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-748k-China-https-www-sankewang-com-Leaked-contact-and-communication-records-da
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/208e13b7-417c-4833-9d72-c0341cbf579b.png
Threat Actors: TelephoneHooliganism
Victim Country: China
Victim Industry: E-commerce & Online Stores
Victim Organization: sankewang
Victim Site: sankewang.com - Alleged data breach of GuideStar Israel
Category: Data Breach
Content: The group claims to have breached the database of GuideStar Israel and leaked contact list allegedly belonging to parents of an Israeli religious school from GuideStar Israel
Date: 2026-02-18T16:36:47Z
Network: telegram
Published URL: https://t.me/anonymous_algeria_Original/3132
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2236832a-e729-44c4-9faf-a02707eff041.jpg
Threat Actors: Anonymous Algeria
Victim Country: Israel
Victim Industry: Government & Public Sector
Victim Organization: guidestar israel
Victim Site: guidestar.org.il - Alleged data breach of Clarinda Regional Health Center
Category: Data Breach
Content: A threat actor claims to have leaked more than 22GB of data allegedly obtained from Clarinda Regional Health Center.
Date: 2026-02-18T16:32:37Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-clarindahealth-com-Data-Breach-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e604c81a-3de9-4be8-a69b-d0019b711e7a.png
Threat Actors: killaTheGoat
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: clarinda regional health center
Victim Site: clarindahealth.com - Alleged data breach of Irans Assembly of Experts for Leadership
Category: Data Breach
Content: The group claims to have breached the database of Irans Assembly of Experts for Leadership and have shared it via an external distribution channel
Date: 2026-02-18T16:27:03Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/369
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/694f5f78-2f19-483d-b922-5e9a5b0155eb.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: assembly of experts for leadership of iran
Victim Site: majlesekhobregan.ir - Alleged data breach of Jobbers Warehouse
Category: Data Breach
Content: A threat actor claims to have leaked data from jobberswarehouse.
Date: 2026-02-18T16:26:40Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-jobberswarehouse-com-Data-Breach-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d7e42c1-8ee4-4907-a18b-6236e96ef4a5.png
Threat Actors: killaTheGoat
Victim Country: USA
Victim Industry: Automotive
Victim Organization: jobbers warehouse
Victim Site: jobberswarehouse.com - Alleged data leak of Central Java Provincial Education Office
Category: Data Breach
Content: A threat actor claims to be leaking zoning area data related to new student admissions (PPDB) for public high schools (SMA) in Central Java Province for the 2023–2024 academic year. The exposed dataset allegedly includes student identification numbers (NPSN), student names, addresses (village, street, district), phone numbers, zoning information, and coordinate points
Date: 2026-02-18T16:21:28Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-ZONING-AREA-DATA-FOR-NEW-STUDENT-ADMISSION-PPDB-OF-PUBLIC-HIGH-SCHOOL-SMA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f922a62-81dd-473d-800c-1d529a44ccfe.png
Threat Actors: ShadowNex
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Session
Category: Data Breach
Content: The group claims to have leaked data belonging to Session.
Date: 2026-02-18T16:20:41Z
Network: telegram
Published URL: https://t.me/c/3667951656/2209
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42dee244-9f35-4328-954c-e2996f08ea1b.jpg
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Switzerland
Victim Industry: Social Media & Online Social Networking
Victim Organization: session
Victim Site: getsession.org - BABAYO EROR SYSTEM targets the website of Shreenath Technologies
Category: Defacement
Content: The group claims to have defaced the website of Shreenath Technologies.
Date: 2026-02-18T15:58:37Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/160
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c95e30a4-5fba-4880-ae18-94172eacec8e.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Information Services
Victim Organization: shreenath technologies
Victim Site: shreenathtechnologies.in - Alleged data breach of Dinas Kependudukan dan Pencatatan Sipil Bengkulu Utara
Category: Data Breach
Content: A threat actor claims to have leaked data belonging to officials from the Dukcapil (Department of Population and Civil Registration) of North Bengkulu Regency.
Date: 2026-02-18T15:57:13Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-DATA-PEJABAT-DUKCAPIL-BENGKULU-UTARA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f1932fe-95bc-4306-853b-702f23071e72.png
Threat Actors: MrLolzzz
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: dinas kependudukan dan pencatatan sipil bengkulu utara
Victim Site: bengkuluutarakab.go.id - Alleged data breach of Fremont Contract Carriers, Inc.
Category: Data Breach
Content: A threat actor claims to have leaked over 70GB of data allegedly belonging to Fremont Contract Carriers, Inc.Which includes a sample file tree showing internal folders such as public documents, PrePass records, returned devices, trailer lists, and equipment photo albums.
Date: 2026-02-18T15:40:35Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-fcc-inc-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e42fea7-1b44-4891-bdaa-f7633182e831.png
Threat Actors: killaTheGoat
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: fremont contract carriers, inc
Victim Site: fcc-inc.com - Alleged data breach of National Iranian Oil Company
Category: Data Breach
Content: The group claims to have branched the database of National Iranian Oil Company and have released and shared via an external distribution channel
Date: 2026-02-18T15:39:35Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/368
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e65b717b-08e5-4291-b122-382741cd2c75.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Oil & Gas
Victim Organization: national iranian oil company
Victim Site: nioc.ir - BABAYO EROR SYSTEM targets the website of The Global Newz
Category: Defacement
Content: The group claims to have defaced the website of The Global Newz.
Date: 2026-02-18T14:51:25Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/159
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db10c575-6787-40d9-a59c-f76450a93c2d.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: the global newz
Victim Site: theglobalnewz.com - Alleged data breach of FunderNation
Category: Data Breach
Content: The threat actor claims to be selling a database from FunderNation, The compromised data reportedly contains investor-related information, potentially including personal identification details, contact information, investment records, and associated financial data.
Date: 2026-02-18T14:50:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-FunderNation-EU
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f728d98d-72e1-4a44-8a3d-391a1f4f3973.png
Threat Actors: killaTheGoat
Victim Country: Germany
Victim Industry: Venture Capital
Victim Organization: fundernation
Victim Site: fundernation.eu - maulnism1337 targets the website of Man Rukoh Banda Aceh
Category: Defacement
Content: The group claims to have defaced the website of Man Rukoh Banda Aceh.
Date: 2026-02-18T14:47:33Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d734e0fd-50d9-4b43-8e34-d2f9dc88f499.png
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: man rukoh banda aceh
Victim Site: man3-bandaaceh.sch.id.mtsn2acehbarat.sch.id - BABAYO EROR SYSTEM targets the website of MAN 3 Banda Aceh
Category: Defacement
Content: The group claims to have defaced the website of MAN 3 Banda Aceh.
Date: 2026-02-18T14:43:10Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e23fcf47-7811-4a0d-b054-d740f3360324.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: man 3 banda aceh
Victim Site: man3-bandaaceh.sch.id - Alleged data breach of All Flying Services
Category: Data Breach
Content: The threat actor claims to have breached 422MB of SQL data from All Flying Services. The compromised data reportedly contains sensitive internal records, including employee and administrator names, professional email addresses, and MD5-hashed credentials.
Date: 2026-02-18T14:37:38Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-allflyingservices-com-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b31a19e6-2f4f-4f72-bac8-af36b18ed8b0.png
Threat Actors: suicid
Victim Country: Italy
Victim Industry: Airlines & Aviation
Victim Organization: all flying services
Victim Site: allflyingservices.com - BABAYO EROR SYSTEM targets the website of MTsN 2 Aceh Barat
Category: Defacement
Content: The group claims to have defaced the website of MTsN 2 Aceh Barat.
Date: 2026-02-18T14:18:08Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93a08c80-74ca-4587-a20e-2d1978c9a418.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mtsn 2 aceh barat
Victim Site: mtsn2acehbarat.sch.id - Alleged data leak of Delhi Golf Club
Category: Data Breach
Content: Threat actor claims to have leaked a dataset containing the personal information of 2,990 members of the Delhi Golf Club. The Compromised content reportedly includes membership numbers, member names, full residential addresses, and personal email addresses.
Date: 2026-02-18T14:13:12Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-2990-Delhi-Golf-Club-Members-Data-Leaked-Free-Download-Sample
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c750d30-1a1e-41b6-b317-276912995610.png
Threat Actors: kekasihgelap
Victim Country: India
Victim Industry: Hospitality & Tourism
Victim Organization: delhi golf club
Victim Site: delhigolfclub.org - Alleged data breach of Taxes Software
Category: Data Breach
Content: The threat actor claims to have breached Taxes Software, allegedly exfiltrating 4.7GB of financial records, including SQL database dumps, AFIP production certificates and private keys, configuration files, and sensitive records linked to Argentine government entities, among other data.
Date: 2026-02-18T14:07:35Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Taxes-com-ar-Ministry-of-Finance-440-Companies-AFIP-Signing
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cdccd6b3-db04-466b-9c33-2ffb51a4a91b.png
https://d34iuop8pidsy8.cloudfront.net/5d449092-0c5f-4630-adbc-1fd061fbb38d.png
https://d34iuop8pidsy8.cloudfront.net/5aab11ae-b4ad-48d7-9c06-924b795d2daa.png
Threat Actors: Montaro
Victim Country: Argentina
Victim Industry: Software Development
Victim Organization: taxes software
Victim Site: taxes.com.ar - maulnism1337 targets the website of Langkah Lestari Sabang
Category: Defacement
Content: The group claims to have defaced the website of Langkah Lestari Sabang.mail.mainkesabang.commainkesabang.com
Date: 2026-02-18T13:53:45Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc48f4db-fc3a-4875-9bb5-6b5a9d529142.png
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Leisure & Travel
Victim Organization: langkah lestari sabang
Victim Site: mainkesabang.com - Alleged data leak of Passports and IDs in UAE
Category: Data Breach
Content: The group claims to be leak passports and IDs from UAE.
Date: 2026-02-18T13:52:01Z
Network: telegram
Published URL: https://t.me/anonymous_algeria_Original/3114
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eaec7501-746c-4935-956d-4bc4fda96dd3.jpg
Threat Actors: Anonymous Algeria
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - maulnism1337 targets the website of Fahaddefense.id
Category: Defacement
Content: The group claims to have defaced the website of Fahaddefense.id.
Date: 2026-02-18T13:49:40Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42225829-2aa4-4fef-9498-f07585c2853f.png
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: fahaddefense.id - maulnism1337 targets the website of QACMS 5
Category: Defacement
Content: The group claims to have defaced the website of QACMS 5.
Date: 2026-02-18T13:44:30Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b25e53ea-25d3-4e3d-81a5-1b0457c2d381.png
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: qacms 5
Victim Site: mail.gampongbha.id - Alleged unauthorized Access to RETABET GROUP
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to CCTV cameras of RETABET GROUP.
Date: 2026-02-18T13:42:43Z
Network: telegram
Published URL: https://t.me/c/2787466017/2362
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f5aa12b8-ac67-45d9-8c2a-7fdebabd7fce.jpg
Threat Actors: NoName057(16)
Victim Country: Spain
Victim Industry: Gambling & Casinos
Victim Organization: retabet group
Victim Site: retabet.es - Alleged leak of vulnerabilities in Single Sign On Kementerian Agama
Category: Vulnerability
Content: The group claims to have leaked vulnerabilities in the website of Single Sign On Kementerian Agama.
Date: 2026-02-18T13:41:53Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/158
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88061af8-5212-4de0-baf1-dd9e8aeff6d2.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: single sign on kementerian agama
Victim Site: sso.kemenag.go.id - maulnism1337 targets the website of SSSRK
Category: Defacement
Content: The group claims to have defaced the website of SSSRK.
Date: 2026-02-18T13:31:29Z
Network: telegram
Published URL: https://t.me/maul1337anon/937
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/305592bd-2e85-47ef-9e99-55259a8c126d.png
Threat Actors: maulnism1337
Victim Country: India
Victim Industry: Business and Economic Development
Victim Organization: sssrk
Victim Site: sssrk24x7.com - Z-BL4CX-H4T.ID targets the website of WD Performance
Category: Defacement
Content: he group claims to have defaced the website of WD Performance.
Date: 2026-02-18T13:01:35Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/71
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/695f8387-bd4f-44c1-9efc-1fcdea8ea869.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Germany
Victim Industry: Automotive
Victim Organization: wd performance
Victim Site: wd-performance.eu - Z-BL4CX-H4T.ID targets the website of Finanzexperten Deutschland
Category: Defacement
Content: The group claims to have defaced the website of Finanzexperten Deutschland.
Date: 2026-02-18T12:09:51Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/71
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e044feaf-b6d9-4923-ba22-2a5d1b3e2348.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: finanzexperten deutschland
Victim Site: finanzexperten-deutschland.com - Alleged Data Breach of CFDT
Category: Data Breach
Content: The threat actor claims to be selling 1,431,906 records from CFDT. The compromised dataset reportedly includes full personal and professional details, including names, email addresses, physical addresses, professional phone numbers, and membership status.
Date: 2026-02-18T11:37:44Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-1-4M-CFDT
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d464c407-ee55-4476-928c-a13743a12811.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Civic & Social Organization
Victim Organization: cfdt
Victim Site: cfdt.fr - Alleged data breach of On Air Fitness
Category: Data Breach
Content: The threat actor claims a data breach involving On Air Fitness, a French gym chain. The allegedly compromised dataset reportedly contains approximately 512,000 customer contact records, along with related sales and membership information.
Date: 2026-02-18T11:08:19Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-On-Air-Fitness-Breach-2026-PII-Ventes-Salles-512k-Contacts
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78fb57ce-1c30-451b-bd81-f04d9a436698.png
Threat Actors: 84City
Victim Country: France
Victim Industry: Health & Fitness
Victim Organization: on air fitness
Victim Site: onair-fitness.fr - Alleged unauthorized access sale involving Shandong Provincial Mental Health Center
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to the Shandong Provincial Mental Health Center (also known as Shandong Mental Health Center).
Date: 2026-02-18T10:10:18Z
Network: openweb
Published URL: https://darkforums.me/Thread-SELLING-ACCESS-Shandong-Provincial-Mental-Health-Center
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8e6c2a4-4aff-4ae2-91d5-e4c7d6a9adb7.png
Threat Actors: redpin
Victim Country: China
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: shandong provincial mental health center
Victim Site: sdmhc.com - Alleged data sale of QatarEnergy
Category: Data Breach
Content: The threat actor claims to be selling 17,882 personnel records and 11 years (2015–2026) of historical QatarEnergy data, including 4.5 TB from multi-cloud infrastructure such as AWS, Azure Active Directory (Global Admin access), and Microsoft SQL Server databases.
Date: 2026-02-18T09:41:18Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Confidential-QatarEnergy-qa-LNG-Infrastructure-Assessment-Database-Cloud
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8028302-15f0-4ca4-b84b-dbfd012b7ef2.png
https://d34iuop8pidsy8.cloudfront.net/be540d33-cb81-46c7-8800-9391e70299e1.png
https://d34iuop8pidsy8.cloudfront.net/32f4739a-36fa-48b3-b505-41802ee3ef7b.png
https://d34iuop8pidsy8.cloudfront.net/89ddbfcf-6cb7-4c92-977e-4a5904a17441.png
https://d34iuop8pidsy8.cloudfront.net/5950cf5d-1707-4e49-b519-b7449cc5e973.png
https://d34iuop8pidsy8.cloudfront.net/cf14c95f-e5be-4bff-bbb6-943deb47271f.png
https://d34iuop8pidsy8.cloudfront.net/46a406e0-ea72-4405-a567-94b995ea015d.png
https://d34iuop8pidsy8.cloudfront.net/5a87af5a-c86c-4267-9532-1df6266d4175.png
https://d34iuop8pidsy8.cloudfront.net/b88e7fe4-dd66-47de-8743-f76173d83b56.png
https://d34iuop8pidsy8.cloudfront.net/d183e295-250c-4abd-8254-b3b2c259cf38.png
Threat Actors: Montaro
Victim Country: Qatar
Victim Industry: Energy & Utilities
Victim Organization: qatarenergy
Victim Site: qatarenergy.qa - Alleged data breach of Business Source Ultimate (BSU)
Category: Data Breach
Content: Threat actor claims to have leaked the database for Business Source Ultimate (BSU). The compromised data reportedly contains a comprehensive list of publication metadata including source types, ISSN numbers, publication names, publishers, and full-text availability timelines.
Date: 2026-02-18T09:34:14Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Business-Source-Ultimate-BSU
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5950190e-301a-423b-a47e-ab244ddb3f95.png
Threat Actors: XZeeoneOfc
Victim Country: USA
Victim Industry: Information Services
Victim Organization: business source ultimate (bsu)
Victim Site: ebsco.com - Alleged data breach of Reglo Mobile
Category: Data Breach
Content: The threat actor claims to have leaked data from Reglo Mobile. The compromised data reportedly contains approximately 358,000 user records including personal information such as names, email addresses, dates of birth, identification numbers, login credentials, and JWT tokens.
Date: 2026-02-18T09:25:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-Reglo-Mobile-2026-Breach-PII-IBANs-PUKs-Fadettes-PDFs-358k-Users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ddcf7610-49f9-4f2d-a30d-5806fd5c86ae.png
https://d34iuop8pidsy8.cloudfront.net/7477c4f2-74f7-438a-a3de-8bc31e4341a4.png
https://d34iuop8pidsy8.cloudfront.net/4bda168a-4fbc-405f-aaa7-d6a96bad8433.png
Threat Actors: 84City
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: reglo mobile
Victim Site: reglomobile.fr - Alleged data breach of EBSCO
Category: Data Breach
Content: Threat actor claims to have leaked the database for EBSCO. The compromised data reportedly contains a comprehensive list of publication metadata including source types, ISSN numbers, publication names, publishers, and full-text availability timelines.
Date: 2026-02-18T09:19:59Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Business-Source-Ultimate-BSU
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5950190e-301a-423b-a47e-ab244ddb3f95.png
Threat Actors: XZeeoneOfc
Victim Country: USA
Victim Industry: Information Services
Victim Organization: ebsco
Victim Site: ebsco.com - Abu Dhabi Finance Week Suffers Data Breach
Category: Data Breach
Content: Abu Dhabi Finance Week reported a potential data breach after discovering that an unprotected third-party vendor-managed cloud storage server exposed passport scans and national identity cards of more than 700 attendees, including high-profile figures such as David Cameron, Alan Howard, and Anthony Scaramucci; the organization stated that the vulnerable environment was secured immediately after identification, initial findings suggest the data was accessed only by the security researcher who discovered the issue, and no evidence has been found indicating unauthorized access to internal systems or exposure of financial information.
Date: 2026-02-18T09:00:40Z
Network: openweb
Published URL: https://www.reuters.com/world/middle-east/data-leak-abu-dhabi-finance-summit-exposes-global-figures-ft-reports-2026-02-17/
Screenshots:
None
Threat Actors: Unknown
Victim Country: UAE
Victim Industry: Financial Services
Victim Organization: abu dhabi finance week
Victim Site: adfw.com - BABAYO EROR SYSTEM targets the website of Isoezy
Category: Defacement
Content: The group claims to have defaced the website of Isoezy.
Date: 2026-02-18T08:03:22Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/152
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/28b61b58-c349-443c-8a84-4033192024bc.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Thailand
Victim Industry: Education
Victim Organization: isoezy
Victim Site: isoezy.com - Cyber Attack hits Livingston HealthCare
Category: Cyber Attack
Content: Livingston HealthCare, a regional healthcare provider based in Montana, United States, experienced a cybersecurity incident that disrupted parts of its network infrastructure and communication systems. The attack impacted internal operations, including phone services, which required restoration efforts while recovery activities continued. Some systems remained limited as the organization worked to stabilize its environment and resume normal services.
Date: 2026-02-18T08:00:39Z
Network: openweb
Published URL: https://dysruptionhub.com/livingston-healthcare-cyber-incident-montana/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27692bed-c738-4c2d-aab6-c845ef942269.png
Threat Actors: Unknown
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: livingston healthcare
Victim Site: livingstonhealthcare.org - Alleged Data Leak of Wir kaufen deinen Flug
Category: Data Breach
Content: Threat actor claims to have leaked partial data from WirKaufenDeinenFlug.de. The post references multiple CSV files allegedly containing user and claims data.
Date: 2026-02-18T06:55:15Z
Network: openweb
Published URL: https://leakbase.la/threads/wirkaufendeinenflug-de-partial-data-leak.48913/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7eadae43-2cb8-47e5-8d34-85c793d4d524.png
Threat Actors: WirKaufDeinenF
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: wir kaufen deinen flug
Victim Site: wirkaufendeinenflug.de - Alleged sale of Hertz UAE databse
Category: Data Breach
Content: Threat actor claims to be selling the database of Hertz, the database contains identity details, contact information, driver license data, and password hashes.
Date: 2026-02-18T06:40:02Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Best-car-Rental-Services-in-%E2%AD%90UAE%E2%AD%90-Hertz-ae
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc6b2114-5d17-4d07-93f0-77badb197978.png
Threat Actors: blackwinter99
Victim Country: UAE
Victim Industry: Automotive
Victim Organization: hertz
Victim Site: hertz.ae - Alleged Data breach of Dell MBO Connect
Category: Data Breach
Content: The threat actor claims to be breached data from Dell MBO Connect. The compromised data reportedly includes KYC Verifications, all user info, and much more.
Date: 2026-02-18T06:19:13Z
Network: openweb
Published URL: https://darkforums.me/Thread-DellMBOConnect-com-India-Vendor-Partners-Docs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1775ad8d-d65c-4234-83c9-67fc7c736af1.png
Threat Actors: Sanguine
Victim Country: India
Victim Industry: Computer Hardware
Victim Organization: dell mbo connect
Victim Site: dellmboconnect.co.in - Alleged Data Breach of Wonder Rates, Inc
Category: Data Breach
Content: The threat actor claims to have breached the database of Wonder Rates, Inc.
Date: 2026-02-18T06:14:15Z
Network: openweb
Published URL: https://darkforums.me/Thread-NEW-BREACH-PREVIEW-WONDER-RATES-BROKERAGE-SSNS-DLS-TAX-INCOME-FINANCES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/69248e6f-b68b-4ae0-b7b9-7a7e356f3120.png
https://d34iuop8pidsy8.cloudfront.net/33cc7a36-9a95-4b48-9002-bd2e59f0a952.png
https://d34iuop8pidsy8.cloudfront.net/47bde424-4524-45e2-a08f-33b25f9e552d.png
https://d34iuop8pidsy8.cloudfront.net/049e6b0a-8687-44b2-a7da-caa6a34672f3.png
Threat Actors: FulcrumSec
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: wonder rates, inc.
Victim Site: oneamo.com - Alleged sale of Saraf app
Category: Data Breach
Content: The threat actor claims to be selling data from Saraf app. The compromised data reportedly includes millions of user financial records, bank account details, card metadata, identity verification files, and API keys
Date: 2026-02-18T05:52:34Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-IR-saraf-app-crypto-finance-app-6m-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00223811-4d0a-4c66-afd0-1a8f29c39f31.png
Threat Actors: stalker8083
Victim Country: Iran
Victim Industry: Financial Services
Victim Organization: saraf app
Victim Site: saraf.app - Alleged data breach of ProficientNow
Category: Data Breach
Content: The threat actor claims to be leaked data from ProficientNow. The compromised data reportedly includes candidate resumes (CVs), education histories, certifications, contact details, internal recruiter communications, opportunity related records
Date: 2026-02-18T05:50:34Z
Network: openweb
Published URL: https://darkforums.me/Thread-US-Proficientnow-com-recruitment-Agency
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a007b48-548e-4361-b08f-3c186883a880.png
Threat Actors: stalker8083
Victim Country: USA
Victim Industry: Staffing/Recruiting
Victim Organization: proficientnow
Victim Site: proficientnow.com - Alleged Data breach of RJR Creation
Category: Data Breach
Content: The threat actor claims that the leaked data from RJR Creation is associated with September 2025. The compromised data reportedly contain 85,000 students records includes Image, Student Name, Father Name, Mother Name, Date of Birth, Address and more.
Date: 2026-02-18T05:38:27Z
Network: openweb
Published URL: https://darkforums.me/Thread-Document-India-RJR-Creation-85k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/498038fd-ad13-48db-9370-7a088ee1231a.png
Threat Actors: notangel
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: rjr creation
Victim Site: rjrcreation.in - Alleged leak of Global credit card data
Category: Data Breach
Content: The threat actor claims to have leaked 500K Global Credit Card Data from January 2026
Date: 2026-02-18T05:38:05Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-500K-Global-Credit-Card-Database-%E2%80%93-January-2026-Capital-One-Synchrony-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90ba02cc-5a51-417a-a436-28f7c1833eab.png
Threat Actors: Breachedforum
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Access to Malaysian Royal Police
Category: Initial Access
Content: A threat actor is allegedly selling unauthorized to a webmail account associated with the official Malaysian Royal Police domain.
Date: 2026-02-18T05:36:48Z
Network: openweb
Published URL: https://bhf.pro/threads/719715/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27af2a0c-01ab-430b-852b-d00a0c2a7581.png
Threat Actors: dope
Victim Country: Malaysia
Victim Industry: Government Administration
Victim Organization: royal malaysia police (rmp)
Victim Site: rmp.gov.my - Alleged Leak of Documents from Apartamentos Hawkins
Category: Data Breach
Content: The threat actor claims to be leaked Documents from Apartamentos Hawkins. The compromised data reportedly contain 3,000 records including ID photos, Passport photos, Invoices, Phone numbers
Date: 2026-02-18T05:24:09Z
Network: openweb
Published URL: https://darkforums.me/Thread-Document-Spain-Apartamentos-Hawkins-3k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/264ad27b-e6ac-4434-8e04-ac76dc77c21f.png
Threat Actors: notangel
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Personal data from argentina
Category: Data Breach
Content: The threat actor claims to be leaked Personal data from argentina. The compromised data reportedly contain 51,120 Personal Identification Information (PII) and 3399 National Identity Document (DNI).
Date: 2026-02-18T04:57:23Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-%F0%9F%94%A5-ARGENTINA-DATABASE%C2%A0PII-DNI-PHOTO-%F0%9F%94%A5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25b01081-3fe8-42e5-ac0b-2f6a536ffc4a.png
https://d34iuop8pidsy8.cloudfront.net/9ad76fe0-dfd6-4cb8-9324-16c0e9c28d98.png
Threat Actors: Kom_Nara
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Goldsmiths
Category: Data Breach
Content: The threat actor claims to be leaked data from Goldsmiths. The compromised data reportedly includes Email address, First name, Last name, Account status indicators
Date: 2026-02-18T04:37:22Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-goldsmiths-co-uk-is-a-reputable-online-store-for-buying-luxury-jewelry-in-the-UK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a413440-7a57-4562-9563-d8a04016162a.png
Threat Actors: blackwinter99
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: goldsmiths
Victim Site: goldsmiths.co.uk - STUXNET targets the website of Arvind Anticor Limited
Category: Defacement
Content: The group claims to have defaced the website of Arvind Anticor Limited
Date: 2026-02-18T04:36:15Z
Network: telegram
Published URL: https://t.me/xstuxnet/428
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70343339-d41d-4526-b47a-3a70c688a8fa.png
Threat Actors: STUXNET
Victim Country: India
Victim Industry: Manufacturing & Industrial Products
Victim Organization: arvind anticor limited
Victim Site: arvindanticor.co.in - Alleged sale of 150 phpMyAdmin access
Category: Initial Access
Content: Threat actor claims to be selling unauthorized phpMyAdmin accesses including 83 admin privilege accesses and 67 user privilege accesses.
Date: 2026-02-18T04:35:03Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276258/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/068c9c42-7dc6-4417-baae-3d2c50abc28c.png
Threat Actors: hubert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of unauthorized API Access to ASAJA Jaén
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized API Access to ASAJA Jaén. The compromised data reportedly including User ID, Name, Email id, Phone number and State information.
Date: 2026-02-18T04:32:50Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Asajajaen-API-s-Access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f5e21d1-579c-47fc-ba2c-0fbced3002f6.png
https://d34iuop8pidsy8.cloudfront.net/8988cf9a-b14a-42b6-bddc-76958ed289dc.png
Threat Actors: Tamnaamm
Victim Country: Spain
Victim Industry: Agriculture & Farming
Victim Organization: asaja jaén
Victim Site: asajajaen.com - Alleged sale of 300 credit card records
Category: Data Breach
Content: Threat actor claims to be selling 300 credit card records from USA. The compromised data reportedly includes credit card number, expiry month, expiry year, cvv2, full name, phone number, address, city, state, zip, email, and country.
Date: 2026-02-18T04:16:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276264/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/38bd4306-8bf4-47a2-aed7-bfff2f9844a2.png
https://d34iuop8pidsy8.cloudfront.net/4ee8dd5d-4535-4d5e-9690-b35a74050195.png
Threat Actors: corptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Valmano
Category: Data Breach
Content: The threat actor claims to be leaked data from Valmano. The compromised data reportedly includes customer account records containing personal contact information, demographic details, authentication related fields, and account metadata.
Date: 2026-02-18T04:06:30Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-valmano-de-is-an-online-store-for-watches-and-jewelry-in-Germany
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a36d37b-fd69-455e-b3a0-4c3814a6344f.png
Threat Actors: blackwinter99
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: valmano
Victim Site: valmano.de - Alleged access to Greenhouse Automatic Nutrient Dosing & Irrigation Control System
Category: Initial Access
Content: The group claims to have gain access to Greenhouse Automatic Nutrient Dosing & Irrigation Control System.
Date: 2026-02-18T03:56:21Z
Network: telegram
Published URL: https://t.me/c/3041653742/171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/076c0adc-0a53-49aa-b370-5b2c6dbe7d50.png
Threat Actors: AL-MUJAHIDEEN FORCE 313
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Pakistan Military Person data
Category: Data Breach
Content: The threat actor claims to be leaked Pakistan Military Person data. The compromised data reportedly includes Name, Father Name, Email, Mobile No, Occupation
Date: 2026-02-18T03:36:22Z
Network: openweb
Published URL: https://darkforums.me/Thread-Data-Breach-Pakistan-Military-Person
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9eea974b-20e0-4c65-bc03-f7ac08d39894.png
Threat Actors: Jon1234
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Email Access to an Unidentified Egyptian Food Company
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized Email Access to an Unidentified Egyptian Food Company.
Date: 2026-02-18T02:50:35Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/email-access-to-an-accountant-of-one-of-egypts-prominent-food-company.610/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f8496f14-9dc8-4b5d-8578-2f5f755517ed.png
Threat Actors: decipher
Victim Country: Egypt
Victim Industry: Food & Beverages
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of data from China.
Category: Data Breach
Content: The threat actor claims to be leaked data from China. The compromised data reportedly contain 50 billion records including Chinese consumer, citizen, e-commerce, real identities and logistics datasets information.
Date: 2026-02-18T02:46:25Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/massive-chinese-data-collection-leak-50-billion-records-total-2026.608/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d46123c-952e-477a-8d7c-c663d5ec7103.png
https://d34iuop8pidsy8.cloudfront.net/dc07391a-dfa2-42e1-acde-735c7e3776c4.png
https://d34iuop8pidsy8.cloudfront.net/03780c21-921d-4f6c-8e6a-fb55947371e7.png
Threat Actors: Citizen FearGrip
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of CarGurus, Inc.
Category: Data Breach
Content: A threat actor claims to have compromised over more than 1.7M+ records associated with CarGurus, Inc.. The allegedly exposed data is said to include PII and other internal corporate data.
Date: 2026-02-18T02:18:55Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d122aa8-9206-4039-b42d-a3aa059b5272.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Automotive
Victim Organization: cargurus, inc.
Victim Site: cargurus.com