[February-22-2026] Daily Cybersecurity Threat Report

I. Executive Summary

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data. The dataset comprises 83 distinct cyber events occurring primarily on February 22, 2026, across multiple global regions. The threat landscape observed in this period is heavily characterized by high-volume data breaches, the proliferation of initial access sales, targeted credential leaks, and politically or ideologically motivated alerts and defacements. The most frequently targeted sectors include government administration, financial services, information technology, and critical infrastructure.

II. Methodology and Scope

This analysis is constructed exclusively from the provided draft data of detected incidents. The incidents are categorized into distinct threat types: Data Breaches, Initial Access, Cyber Attacks, Alerts, Defacements, and Malware. Threat vectors, victim industries, threat actor profiles, and geographical impacts are analyzed to provide a comprehensive view of the threat landscape on the specified date.

III. Critical Infrastructure & Government Compromises

Government entities and critical infrastructure sectors faced severe targeting, resulting in significant alleged data exposures and access compromises.

1. High-Impact Government and Military Data Breaches

The threat actor BFRepoV4Files claims to be selling a 3.5 TB database allegedly associated with NATO and its member or partner entities.
The listing references documents described as bearing NATO classification markings, including Restricted, Confidential, and Secret.
The leaked data includes personal and professional contact information such as names, nationalities, employers, job titles, email addresses, phone numbers, and physical addresses.
Agencies reportedly referenced include the Ministry of the Armed Forces, Ministry of Defence, United States Navy, Canadian Armed Forces, NASA Glenn Research Center, Naval Air Systems Command, Polish Space Agency, and Department of Defence.
The threat actor zestix claims to be selling a 3.6 TB archive allegedly sourced from the internal systems of the American National Standards Institute (ANSI).
The dataset reportedly includes active and archived ANSI documents, technical committee records, internal communications, and draft and rejected standards from 2023 to 2026.
It also includes metadata, access logs, and historical files.
The leak is described as containing both raw and classified internal materials, with a compressed size estimated at 1.9–2.3 TB.
The Infrastructure Destruction Squad claims to have compromised multiple government and police systems in South Korea.
This breach includes provincial police agencies and a national data center, allegedly exploiting vulnerabilities in file storage, email, and cloud infrastructure.
The data includes official identification documents, driver’s licenses, residence records, real estate contracts, bank account information, and internal government communications.
The threat actor AmieLot claims to have breached a database related to the Philippine National Police (PNP).
The threat actor SnowSoul claims to have leaked approximately 1.95 million personal information records related to Chinese Government (Shanghai) Party and Government organizations.

2. Critical Infrastructure and Energy Sector Breaches

The threat actor rythem claims to be selling hacked data belonging to three Aramco contracting companies in Saudi Arabia: Almutawa Group, Tanmia Ltd, and Bin Omairah Holding.
The dataset includes personnel and engineer information such as resumes, photos, identification cards, emails, phone numbers, addresses, and work records.
Crucially, it includes infrastructure project data covering oil, gas, and power transmission maps.
It also exposes confidential contracts, administrative documents, SCADA system details, research related to the oil industry, and urban development and power transmission project information associated with Saudi infrastructure.

3. Local Government Breaches and Access

The threat actor Shenira6core claims to have breached the database of the Cirebon City Social Assistance system in Indonesia.
The dataset contains personal information such as full names, National Identification Numbers (NIK), addresses, place and date of birth, city/region details, and parents’ names.
The threat actor CinCauGhast claims to have breached data from CENTRAL JAVA PP SATPOL in Indonesia.
The compromised data allegedly contains names, employee identification numbers (NIP), national identification numbers (NIK), tax identification numbers (NPWP), and phone numbers.
The group BABAYO EROR SYSTEM claims to have leaked a login credential belonging to Humas Pajak Jakarta in Indonesia.

IV. Financial Services & Cryptocurrency Threat Vectors

The financial sector, encompassing traditional banking, forex markets, and decentralized cryptocurrency networks, experienced widespread data leaks and credential compromises.

1. Traditional Banking and Lending

The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Mizrahi-Tefahot Bank in Israel.
The group A K U L A v 2 . 2 also claims to have leaked login credentials belonging to Bank Melli Iran (BMI).
The threat actor group mehwargun claims to be selling databases allegedly linked to Bank Hapoalim in Israel.
The leaked data reportedly includes around 6 million records containing information such as cardholder names, card numbers, expiration dates, security codes, website links, site IDs, and card status details.
The bank was previously allegedly breached by the threat actor DigitalGhost on July 5, 2025.
The 313 Team claims responsibility for a cyberattack allegedly targeting Woodforest National Bank in the USA.
The group states that the attack affected the bank’s servers and resulted in service disruption to its mobile application.
The threat actor ResPublica claims to have leaked the database of a U.S. Consumer Financial Services Lender.
The dataset contains highly sensitive personal and financial information related to loan applications and underwriting processes.

2. Cryptocurrency and Web3 Assets

The threat actor Angrboda claims to be selling access to more than 20 Ethereum wallets allegedly containing assorted NFTs, along with their seed phrases.
Angrboda also claims to be selling over 940 Ethereum private keys allegedly obtained from a previously scraped seed phrase leak.
Furthermore, Angrboda claims to be selling over 170 TRON (TRX) wallets allegedly discovered while cleaning old data dumps.
The TRX wallets reportedly include both seed phrases and private keys, along with addresses showing active balances.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Nobitex Exchange in Iran.

3. Foreign Exchange (Forex) Markets

The threat actor Pavlov claims to be selling an Australian forex-related database containing approximately 500,000 records.
The dataset allegedly includes full names, email addresses, gender, dates of birth, phone numbers, physical addresses, and postal codes.
The group BFRepoV4Files claims to have leaked UK-based forex consumer data.
This data includes personal information such as first name, last name, postcode, date of birth, email, and mobile numbers.

V. Initial Access Brokers (IABs) & Dark Web Access Sales

Initial Access Brokers facilitate subsequent cyberattacks by selling compromised network access to other malicious actors.

Table 1: Initial Access Sales

Threat Actor	Target Profile / Infrastructure	Victim Location	Alleged Access Type	Source
Radical	FortiGate and Fortinet devices	Unknown	Approx. 3,000 valid accesses, largely untouched
molotov477	Unidentified Law Firm	Philippines	VPN access to main file server, admin privileges on primary file server, Microsoft 365 accounts, WP-admin account, internal server/NAS admin access
samy01	35 RDWeb connections	UK, EU, AU	Unauthorized access obtained via brute force (targets use Windows Defender)
Black Market – Data Breach	Unidentified .co.id domain	Unknown	Web shell access
Asian_Baddie	Unidentified Legal Service Org.	USA	Unauthorized admin access
Asian_Baddie	Unidentified IT Organization	USA	Unauthorized admin access
Asian_Baddie	Unidentified Lab Equipment Mfg.	USA	Unauthorized admin access
Asian_Baddie	Unidentified College	USA	Unauthorized access
Asian_Baddie	Unidentified Medical Equipment Mfg.	Canada	Unauthorized access
Asian_Baddie	Unidentified Civil Engineering Co.	UK	Unauthorized admin access
Asian_Baddie	Unidentified IT Organization	USA	Unauthorized access
pollins05	Unidentified Online Store	France	SQL injection access
wiosdfji	PureVPN	Unknown	Premium Accounts
NoName057(16)	Smart Home Management System	Germany	Full remote control over lighting, power, blinds, surveillance cameras, etc.

VI. Telecommunications, IT, and Corporate Data Breaches

Corporate entities across telecommunications, technology, and general manufacturing experienced massive data exfiltrations.

1. Telecommunications and Network Infrastructure

The threat actor Tanaka claims to have leaked a database of approximately 40 million records from MTN Irancell.
The data allegedly includes ID numbers, names, phone numbers, addresses, and home numbers.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Al-Jazeera Telecom in Iraq.

2. Information Technology and Security Firms

The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Spara Security Group in Iran.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to ITSafe in Israel.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to LVN – Leading Iraqi GPS Tracking System.

3. Corporate and Manufacturing Enterprises

The threat actor CrowStealer claims to have leaked supplier data related to Orascom Construction in Egypt, covering the period from 2017 to 2025.
The leaked data is claimed to include vendor names, contact names, job positions, registration numbers, tax IDs, trade marks, and addresses.
The threat actor SnowSoul claims to have breached approximately 20GB of data from Jiangsu Hualun Chemical Industry Co., Ltd. in China.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Al Mana Holding in Qatar.
The threat actor HighRisk claims to have leaked data from Nodia & Company, a publishing industry entity in India.

VII. Educational, Healthcare, and Consumer Data Exposure

Entities processing high volumes of personal identifiable information (PII) were actively targeted by various actors.

1. Higher Education and Academic Institutions

The threat actor Angrboda claims to have breached data from GradSmart International LLP in India.
This breach allegedly exposed 2,000 student records, including 205 passport numbers, complete PII, study abroad plans, and visa application status details.
The threat actor Angrboda also claims to have breached data from GVM Technologies in the USA, exposing an identical dataset of 2,000 student records, 205 passport numbers, complete PII, study abroad plans, and visa application status details.
The threat actor NyxarGroup claims to have breached data from UNIPAZ in Colombia.
The dataset allegedly contains student code, DNI, name, last name, institutional email, department, and city.
The threat actor NyxarGroup also claims to have breached the database of Institución Universitaria ITM in Colombia.
The dataset contains first name(s), last name(s), email address, phone number, and home address.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to Islamic Azad University in Iran.

2. Healthcare and Public Health

The threat actor delitospenales claims to have breached the database of SIPRECAN (Sistema de Información para la Prevención del Cáncer) in Bolivia.
The dataset contains personal and healthcare-related data of registered beneficiaries.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to the Health Information Service Delivery Unit (HISDU) Health and Population Department in Pakistan.

3. Retail, Food, Automotive, and Consumer Platforms

The threat actor Eliasxy claims to have leaked the Wendy’s International Franchise Database in the USA.
The database allegedly contains franchise and venue details, store names and internal IDs, location data, operational metadata, contact emails, and exposed API keys.
The threat actor Wadjet claims to have breached 12.4 million records from CarGurus in the USA.
The compromised data includes user IDs, UUIDs, full names, email addresses, and account creation dates.
The group BFRepoV4Files claims to have leaked 30 million records from FiveM in the USA.
The compromised data includes first name, last name, middle name, dob, etc..
The group BFRepoV4Files claims to have leaked 20 million USA Home data records, including household member1, address, city, state, zip, area code, and phone.
The threat actor HighRisk claims to have leaked data from the FarmersD dating app.
The threat actor Tanaka claims to have breached 41,357 rows of data from Waluta in Italy.
The threat actor Gardinaa claims to have breached the database of Cash Express in France.
The group Перун Сварога claims to have leaked data related to AkbMarket in Ukraine.
The group A K U L A v 2 . 2 claims to have leaked login credentials belonging to HLR Store in the UAE.

VIII. Malware, Exploits, Alerts, and Defacement Operations

Threat actors advertised new operational capabilities, declared intended targets, and engaged in website defacements.

Table 2: Defacement Incidents Overview

Threat Actor	Victim Organization	Victim Country	Category	Source
CyberOprationCulture	In Khang Thinh	Vietnam	Defacement
BABAYO EROR SYSTEM	Cirebon City Government	Indonesia	Defacement
BABAYO EROR SYSTEM	Katingan Regency Government	Indonesia	Defacement

Malware and Custom Exploits

The threat actor GlowComa advertises a paid FUD (Fully Undetectable) crypting service designed to bypass antivirus and EDR protections, including Windows Defender, AMSI, and SmartScreen.
The threat actor Akali claims to be selling a WhatsApp crash exploit script.
This script is allegedly capable of causing Android and iOS application crashes, freezing iOS group chats, and performing call and video call bombing, pair crashes, and spam attacks.
The threat actor sha1 claims to be selling a custom initial access malware chain leveraging sideloading techniques to evade EDR, with builds customized per buyer infrastructure.
The group Pharaohs Team market claims to be selling a list of low-authority websites likely intended for use in future cyberattacks.

Cyber Attack Alerts and Declarations

The group hexa-anonymous posted an alert indicating they are targeting the website of Dr Himanta Biswa Sarma, Chief Minister of Assam, India.
A recent post by the group Legion indicates that they are targeting Turkey.
A recent post by the group Petrusnism indicates that they are targeting the Republic of Korea (South Korea).
A recent post by the group RipperSec indicates that they are targeting the UAE.

IX. Threat Actor Analysis

A granular review of the dataset reveals several highly active threat actors executing multiple operations simultaneously.

1. A K U L A v 2 . 2

This actor represents the most prolific credential harvester in the dataset, operating across multiple countries and industries.

They claimed to leak login credentials for Mizrahi-Tefahot Bank (Israel).
They claimed to leak credentials for Nobitex Exchange (Iran).
They claimed to leak credentials for Spara Security Group (Iran).
They claimed to leak credentials for ITSafe (Israel).
They claimed to leak credentials for Islamic Azad University (Iran).
They claimed to leak credentials for TTAC (Iran).
They claimed to leak credentials for Ofsted (UK).
They claimed to leak credentials for the Government of Telangana (India).
They claimed to leak credentials for HISDU (Pakistan).
They claimed to leak credentials for Muslim Alpha (USA).
They claimed to leak credentials for Al-Jazeera Telecom (Iraq).
They claimed to leak credentials for the UAE Ministry of Interior.
They claimed to leak credentials for HLR Store (UAE).
They claimed to leak credentials for Al Mana Holding (Qatar).
They claimed to leak credentials for LVN GPS Tracking (Iraq).
They claimed to leak credentials for Bank Melli Iran (BMI).

2. RipperSec

RipperSec executed a focused campaign against entities within the United Arab Emirates.

The group claimed to have breached data from Energy Tech Edge LLC.
The group claimed to have breached data from Alzhaahi.
The group claimed to have breached data from Silver Heights Engineering Consultancy.
The group claimed to have breached data from Gulf Oasis Insurance Brokers LLC.
The group issued an alert indicating broader targeting of the UAE.

3. BABAYO EROR SYSTEM

This group is highly active against Indonesian targets, mixing defacements with data leaks.

They claimed to have defaced the Cirebon City Government website.
They claimed to have defaced the Katingan Regency Government website.
They claimed to have leaked a login credential belonging to Humas Pajak Jakarta.
They also claimed to have leaked Chinese Passport Data.

4. Additional Notable Actors

SnowSoul focuses on Chinese and Taiwanese targets, executing massive breaches of government and chemical industry data.
BFRepoV4Files specializes in high-value, high-volume data sets, breaching NATO, UK Forex consumers, FiveM, and US Home data.
Angrboda targets cryptocurrency assets and educational institutions.
Asian_Baddie acts exclusively as an Initial Access Broker, selling admin-level access into legal, IT, academic, and manufacturing systems across the USA, UK, and Canada.

X. Additional Minor Incidents

The threat actor Kyrie claims to be offering a KYC package containing a Florida (USA) Driving License.
The package includes identity verification materials intended for Know Your Customer (KYC) processes.
The threat actor SnowSoul claims to have leaked data from Taiwan and China.

XI. Strategic Implications & Conclusion

The cybersecurity events recorded on February 22, 2026, illustrate a highly aggressive and multifaceted threat landscape. Nation-state intelligence apparatuses, military organizations (such as NATO), critical utility providers (Aramco contractors), and high-volume financial institutions face continuous, high-severity attacks aiming to exfiltrate deeply sensitive or classified materials.

Simultaneously, the proliferation of Initial Access Brokers indicates a mature and commoditized cybercrime economy, wherein specialized actors breach systems (like the unidentified US legal and IT organizations) solely to sell the access to secondary operators, likely ransomware affiliates. The prevalence of credential harvesting and database leaks—from local governments to global telecommunications providers—highlights systemic vulnerabilities in identity management and perimeter defense across both the public and private sectors.

Conclusion: Organizations must immediately pivot towards advanced identity protection, strict third-party risk management (as evidenced by the Orascom and Aramco contractor breaches), and continuous monitoring of dark web forums for early indicators of access sales. The integration of zero-trust architectures and rapid credential rotation protocols is mandatory to defend against the tactics demonstrated in this dataset.

Detected Incidents Draft Data

CyberOprationCulture targets the website of In Khang Thinh
Category: Defacement
Content: The group claims to have defaced the website of In Khang Thinh.
Date: 2026-02-22T23:55:40Z
Network: telegram
Published URL: https://t.me/c/3421269527/112
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1f51841-358d-4843-83f9-cda296c83988.png
Threat Actors: CyberOprationCulture
Victim Country: Vietnam
Victim Industry: Printing
Victim Organization: in khang thinh
Victim Site: inkhangthinh.com
Alleged leak of login credentials to Mizrahi-Tefahot Bank
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Mizrahi-Tefahot Bank
Date: 2026-02-22T23:19:51Z
Network: telegram
Published URL: https://t.me/c/1943303299/1077447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5fb68636-5181-4c4e-8135-bc02b2d3eccc.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Banking & Mortgage
Victim Organization: mizrahi-tefahot bank
Victim Site: mizrahi-tefahot.co.il
Alleged Data Breach of ANSI – American National Standards Institute
Category: Data Breach
Content: Threat actor claims to be selling a 3.6 TB archive allegedly sourced from ANSI (American National Standards Institute) internal systems. The dataset reportedly includes active and archived ANSI documents, technical committee records, internal communications, draft and rejected standards (2023–2026), metadata, access logs, and historical files. The leak is described as containing both raw and classified internal materials, with a compressed size estimated at 1.9–2.3 TB.
Date: 2026-02-22T22:58:08Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276679/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa447b06-00de-4643-9266-8403af11408f.png
Threat Actors: zestix
Victim Country: USA
Victim Industry: Information Services
Victim Organization: american national standards institute
Victim Site: ansi.org
Alleged data breach of Orascom Construction
Category: Data Breach
Content: The threat actor claims to have leaked supplier data related to Orascom Construction in Egypt. the dataset allegedly covers the period from 2017 to 2025. The leaked data is claimed to include supplier and vendor details such as vendor names, contact names, job positions, registration numbers, tax IDs, trade marks, and addresses.
Date: 2026-02-22T22:21:36Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Egypt-Orascom-Construction-Suppliers-Data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b1c01b4-ad6f-4fe0-b8bd-00fedad196cb.png
https://d34iuop8pidsy8.cloudfront.net/4216be61-2e47-4ce8-90cd-68b65688e049.png
Threat Actors: CrowStealer
Victim Country: Egypt
Victim Industry: Building and construction
Victim Organization: orascom construction
Victim Site: orascom.com
Alleged Sale of Data from Three Aramco Contracting Companies
Category: Data Breach
Content: Threat Actor claims to be selling hacked data belonging to three Aramco contracting companies including Almutawa Group, Tanmia Ltd, and Bin Omairah Holding in Saudi Arabia. The dataset includes personnel and engineer information such as resumes, photos, identification cards, emails, phone numbers, addresses, and work records, along with infrastructure project data covering oil, gas, and power transmission maps, confidential contracts and administrative documents, SCADA system details, research related to the oil industry, and urban development and power transmission project information associated with Saudi infrastructure.
Date: 2026-02-22T22:07:56Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276678/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad37a8d0-4ef3-4680-9046-85baf75e408d.png
https://d34iuop8pidsy8.cloudfront.net/beb63dac-32d7-4e22-abb0-c502a898f4c4.png
https://d34iuop8pidsy8.cloudfront.net/e739c07e-d928-4d38-944c-42c97f28d303.png
https://d34iuop8pidsy8.cloudfront.net/bf9cb9ac-108e-4f63-9d03-f01cf669131c.png
Threat Actors: rythem
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: almutawa.com.sa
Alleged leak of login credentials to Nobitex Exchange
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Nobitex Exchange
Date: 2026-02-22T21:06:30Z
Network: telegram
Published URL: https://t.me/c/1943303299/1077291
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd56663b-1c60-4a22-a453-b8a9ca5ce69d.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Financial Services
Victim Organization: nobitex exchange
Victim Site: nobitex.ir
Alleged data leak of KYC x1 – Florida Driving License
Category: Data Breach
Content: The threat actor claims to be offering a KYC package containing a Florida (USA) Driving License. the package includes identity verification materials intended for Know Your Customer (KYC) processes.
Date: 2026-02-22T21:02:27Z
Network: openweb
Published URL: https://breachforums.as/Thread-DOCUMENTS-KYC-x1-Florida-Driving-License
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21b5478e-320b-4a63-88f3-14165f14dcf9.png
Threat Actors: Kyrie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
hexa-anonymous claims to target the website of Dr Himanta Biswa Sarma
Category: Alert
Content: A recent post by the group indicates that they are targeting the website of Dr Himanta Biswa Sarma Chief Minister of Assam.
Date: 2026-02-22T20:42:47Z
Network: telegram
Published URL: https://t.me/c/3786117030/148
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/67d9fb44-9f67-4196-9fb6-d22e03342cb1.png
Threat Actors: hexa-anonymous
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: himantabiswasarma.com
Alleged Sale of Unauthorized FortiGate and Fortinet Access
Category: Initial Access
Content: Threat Actor claims to be selling approximately 3,000 valid access associated with FortiGate and Fortinet devices, in which the data is recent and largely untouched.
Date: 2026-02-22T20:39:35Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276664/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/999ec0f3-bb21-460e-9621-0de603d498ef.png
Threat Actors: Radical
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Multiple Accesses to a Law Firm in Philippines
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a Philippines-based law firm, including VPN access to the main file server, administrative privileges on the primary file server, Microsoft 365 accounts of users, a WP-admin account for the main website, and internal server/NAS administrator access.
Date: 2026-02-22T20:12:45Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276668/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8516dfe-6d37-498d-b1f1-0cacbe9e7313.png
Threat Actors: molotov477
Victim Country: Philippines
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of South Korean government and sensitive security systems
Category: Data Breach
Content: The group claims to have compromised multiple government and police systems in South Korea, including provincial police agencies and a national data center, allegedly exploiting vulnerabilities in file storage, email, and cloud infrastructure. The data includes official identification documents, driver’s licenses, residence records, real estate contracts, bank account information, and internal government communications.
Date: 2026-02-22T19:57:36Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3792
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/634772b0-a6d1-4fe9-bb67-59577781cf0a.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Wendy’s
Category: Data Breach
Content: The threat actor claims to have leaked the Wendy’s International Franchise Database, allegedly containing franchise and venue details, store names and internal IDs, location data, operational metadata, contact emails, and exposed API keys.
Date: 2026-02-22T19:11:05Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Database-Wendy-s-International-Franchise-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b2be317-f8c3-48f5-9d04-aad01d13a5a8.png
https://d34iuop8pidsy8.cloudfront.net/87348687-fc2d-462e-b9a0-0cee3ef0b413.png
Threat Actors: Eliasxy
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: wendy’s
Victim Site: wendys.com
Legion claims to target Turkey
Category: Alert
Content: A recent post by the group indicates that they are targeting Turkey
Date: 2026-02-22T18:33:50Z
Network: telegram
Published URL: https://t.me/Legion_Offlcial/757
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8a8159c-a726-4523-92ed-b9b668e0d03a.jpg
Threat Actors: Legion
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to an Unidentified Smart Home Management System in Germany
Category: Initial Access
Content: The group claims to have gained unauthorized access to a smart home management system, obtaining full remote control over lighting, power sockets, blinds, windows, heating, surveillance cameras, weather data, and multimedia systems.
Date: 2026-02-22T17:58:04Z
Network: telegram
Published URL: https://t.me/c/2787466017/2457
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b69fb39d-ea55-4d8c-8730-50fea9303fb0.png
Threat Actors: NoName057(16)
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Petrusnism claims to target South Korea
Category: Alert
Content: A recent post by the group indicates that they are targeting Republic of Korea.
Date: 2026-02-22T16:55:55Z
Network: telegram
Published URL: https://t.me/c/2987402422/410
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/944ad76e-3e5c-49ee-8969-92412eae6771.png
Threat Actors: Petrusnism
Victim Country: South Korea
Victim Industry: Government Administration
Victim Organization: republic of korea
Victim Site: mofa.go.kr
Alleged sale of FUD crypting service
Category: Malware
Content: The threat actor advertises a paid FUD crypting service designed to bypass antivirus and EDR protections, including Windows Defender, AMSI, and SmartScreen.
Date: 2026-02-22T16:48:01Z
Network: openweb
Published URL: https://xss.pro/threads/146077/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3854b040-2af5-4b31-9695-cb2d39622ef4.png
Threat Actors: GlowComa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of WhatsApp Crash Exploit
Category: Malware
Content: Threat Actor claims to be selling a WhatsApp crash exploit script capable of causing Android and iOS application crashes, freezing iOS group chats, and performing call and video call bombing, pair crashes, and spam attacks.
Date: 2026-02-22T16:46:22Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276646/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4fa891ee-a257-48f8-8ddc-cbf6625f64cf.png
Threat Actors: Akali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Australian Forex Database
Category: Data Breach
Content: The threat actor claims to be selling an Australian forex-related database containing approximately 500,000 records. the dataset allegedly includes ,Full names,Email addresses,Gender,Dates of birth,Phone numbers,Physical addresses and postal codes.
Date: 2026-02-22T16:35:40Z
Network: openweb
Published URL: https://hydraforums.io/Threads-%F0%9F%87%A6%F0%9F%87%BA-forex-australia-database-500k-lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fcf009a6-66c7-4f37-8e3c-3572cebd1e0d.png
Threat Actors: Pavlov
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Energy Tech Edge LLC
Category: Data Breach
Content: The group claims to have breached data from Energy Tech Edge LLC.
Date: 2026-02-22T16:24:55Z
Network: telegram
Published URL: https://t.me/c/2875163062/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e2a97d0-1ad9-454d-bd7f-21cbe2de1b85.png
Threat Actors: RipperSec
Victim Country: UAE
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: energy tech edge llc
Victim Site: energytech.ae
Alleged data breach of Alzhaahi
Category: Data Breach
Content: The group claims to have breached data from Alzhaahi.
Date: 2026-02-22T15:56:39Z
Network: telegram
Published URL: https://t.me/c/2875163062/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dae59bb1-c84d-4585-85db-5dc1002d2a51.png
Threat Actors: RipperSec
Victim Country: UAE
Victim Industry: Business and Economic Development
Victim Organization: alzhaahi
Victim Site: alzaahi.ae
Alleged data breach of Silver Heights Engineering Consultancy
Category: Data Breach
Content: The group claims to have breached data from Silver Heights Engineering Consultancy.
Date: 2026-02-22T15:42:21Z
Network: telegram
Published URL: https://t.me/c/2875163062/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b16e1fe7-0a4b-4cdf-8f15-74d1bdcd353d.png
Threat Actors: RipperSec
Victim Country: UAE
Victim Industry: Architecture & Planning
Victim Organization: silver heights engineering consultancy
Victim Site: shec.ae
Alleged Sale of Unauthorized Access to an PureVPN Premium Accounts
Category: Initial Access
Content: The threat actor claims to have offer PureVPN premium accounts.
Date: 2026-02-22T15:41:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-PURE-VPN-Premium-Accounts
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/408cde46-806f-48eb-a7d8-e2d2e70e5fc8.png
Threat Actors: wiosdfji
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Spara Security Group
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Spara Security Group
Date: 2026-02-22T15:34:54Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076765
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/82411a27-9864-4647-941e-a00ca9e50888.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Information Technology (IT) Services
Victim Organization: spara security group
Victim Site: spara.ir
Alleged data breach of Gulf Oasis Insurance Brokers LLC
Category: Data Breach
Content: The group claims to have breached data from Gulf Oasis Insurance Brokers LLC.
Date: 2026-02-22T15:34:19Z
Network: telegram
Published URL: https://t.me/c/2875163062/694
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/384fbf13-dd56-42d3-9464-03f6918274d1.png
Threat Actors: RipperSec
Victim Country: UAE
Victim Industry: Insurance
Victim Organization: gulf oasis insurance brokers llc
Victim Site: oasisins.ae
Babayo Eror System targets the website of Cirebon City Government
Category: Defacement
Content: The Group claims to have defaced the website of Cirebon City Government
Date: 2026-02-22T15:20:10Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/235
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bab6b485-9cee-420a-8641-14326fdca761.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: cirebon city government
Victim Site: cirebonkota.go.id
Alleged data Leak of Chinese Passport Data
Category: Data Breach
Content: The group claims to have leaked chinese passport data.
Date: 2026-02-22T15:14:14Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/238
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50315a2a-9411-4074-b07f-b2cd967d1727.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to ITSafe
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to ITSafe
Date: 2026-02-22T15:04:34Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076630
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b090aaf-b229-4f3f-81a4-f969dde26de8.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: itsafe
Victim Site: itsafe.co.il
Babayo Eror System targets the website of Katingan Regency Government
Category: Defacement
Content: The Group claims to have defaced the website of Katingan Regency Government
Date: 2026-02-22T15:02:28Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/235
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7300aa7b-e676-49df-8f57-af27f253ab96.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: katingan regency government
Victim Site: kelkasonganbaru.katingankab.go.id
Alleged data breach of CarGurus
Category: Data Breach
Content: The threat actor claims to have breached 12.4 million records from CarGurus. The compromised data includes user IDs, UUIDs, full names, email addresses, and account creation dates.
Date: 2026-02-22T14:53:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-cargurus-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3e33b69a-cbc8-4b42-a74c-a6be1796889e.png
Threat Actors: Wadjet
Victim Country: USA
Victim Industry: Automotive
Victim Organization: cargurus
Victim Site: cargurus.com
Alleged Sale of Compromised RDWeb Access From Multiple Countries
Category: Initial Access
Content: The threat actor claims to be offering unauthorized access to 35 RDWeb connections allegedly obtained through brute force attacks. The actor states that the compromised systems are located across the UK, EU, and AU regions and primarily use Windows Defender for endpoint protection.
Date: 2026-02-22T14:40:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276640/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d87927da-7876-40cb-8a14-9ece7cbdeaea.jpg
Threat Actors: samy01
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Islamic Azad University
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Islamic Azad University.
Date: 2026-02-22T14:38:27Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076594
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c66775b9-247f-4cb8-b2ce-108cfe3cb041.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Higher Education/Acadamia
Victim Organization: islamic azad university
Victim Site: iau.ir
Alleged data breach of Philippine National Police (PNP)
Category: Data Breach
Content: Threat actor claims to have breached database related Philippine National Police (PNP).
Date: 2026-02-22T14:27:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Philippine-National-Police-Leak-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8dd11966-0159-4c1f-a6c3-f7990896f1a7.png
Threat Actors: AmieLot
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: philippine national police (pnp)
Victim Site: pnp.gov.ph
Alleged leak of login access to Humas Pajak Jakarta
Category: Initial Access
Content: The group claims to have leaked login credential belonging to Humas Pajak Jakarta.
Date: 2026-02-22T14:15:27Z
Network: telegram
Published URL: https://t.me/BabayoErorSysteam2/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/128d2a8a-d194-4fdd-98a4-169a340a99ef.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: humas pajak jakarta
Victim Site: pajakonline.jakarta.go.id
Alleged leak of login credentials to TTAC
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to TTAC.
Date: 2026-02-22T13:53:50Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076499
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3017251-8623-42f7-9733-53e16910fc3f.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government & Public Sector
Victim Organization: ttac
Victim Site: ttac.ir
Alleged sale of low-authority websites list
Category: Cyber Attack
Content: The group claims to be selling a list of low-authority websites likely intended for use in future cyberattacks.
Date: 2026-02-22T13:22:49Z
Network: telegram
Published URL: https://t.me/phteammarket/278
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92cdc924-354a-4b6f-a5ad-c534f0df5efd.png
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demo.gurubaa.com , orangegrovepharmacy.com , freflyt.ca , navigator23.com, almasaludbellezaybienestar.ar , telepon.id , ipro.academy
Alleged data breached of waluta
Category: Data Breach
Content: The threat actor claims to have breached 41,357 rows of data from Waluta.
Date: 2026-02-22T13:20:36Z
Network: openweb
Published URL: https://darkforums.me/Thread-waluta-it-leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e857af65-399a-472d-8e42-c3228c3ab77f.png
Threat Actors: Tanaka
Victim Country: Italy
Victim Industry: Automotive
Victim Organization: walutatu
Victim Site: waluta.it
Alleged data breach of Cash Express
Category: Data Breach
Content: Threat actor claims to have breached the database of Cash Express
Date: 2026-02-22T13:16:57Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FREE-CASHEXPRESS-2026-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b25e0480-0da2-4005-af35-5a42b807fe04.png
Threat Actors: Gardinaa
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: cash express
Victim Site: cashexpress.fr
Alleged data leak of Ethereum wallets
Category: Data Breach
Content: The threat actor claims to be selling access to more than 20 Ethereum wallets allegedly containing assorted NFTs, along with their seed phrases.
Date: 2026-02-22T13:08:57Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-20-ETH-Wallets-with-Assorted-NFTs-Mutant-Shiba-Wooshi-Bears-Seeds
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c051aeb1-2752-46e0-a632-76005ac03f1d.png
https://d34iuop8pidsy8.cloudfront.net/eac06a1d-a8a8-4a51-b8ef-b54927294b41.png
Threat Actors: Angrboda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of GradSmart International LLP
Category: Data Breach
Content: The threat actor claims to have breached data from GradSmart International LLP, allegedly exposing 2,000 student records, including 205 passport numbers, complete PII, as well as study abroad plans and visa application status details.
Date: 2026-02-22T13:01:31Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-India-GVM-Technologies-GradSmart-2k-Student-Database-with-Passport-Numbers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5ec6fe3-b9b2-4f5d-a0ef-78210a41a905.png
https://d34iuop8pidsy8.cloudfront.net/dee99cfa-5291-4310-8902-625f134e86b5.png
Threat Actors: Angrboda
Victim Country: India
Victim Industry: Education
Victim Organization: gradsmart international llp
Victim Site: gradsmartinternational.com
Alleged sale of Ethereum private keys
Category: Data Breach
Content: The threat actor claims to be selling over 940 Ethereum private keys allegedly obtained from a previously scraped seed phrase leak.
Date: 2026-02-22T12:36:00Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-940-ETH-Private-Keys-with-Balance-and-last-transactions-Total-2K-Fresh-Dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0443adfd-c247-4557-9024-7a9f1e450a4b.png
https://d34iuop8pidsy8.cloudfront.net/ece42510-3231-4674-ab53-e7d257db4b8c.png
Threat Actors: Angrboda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of TRON (TRX) wallets
Category: Data Breach
Content: The threat actor claims to be selling over 170 TRON (TRX) wallets allegedly discovered while cleaning old data dumps. The wallets reportedly include both seed phrases and private keys, along with addresses showing active balances.
Date: 2026-02-22T12:28:11Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-170-TRX-Wallets-with-Seed-Phrases-and-last-transactions-Mnemonic-Dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47e44775-c89e-48ae-a3ea-c83d911610f2.png
https://d34iuop8pidsy8.cloudfront.net/deab22dc-1d2e-4a45-a634-735073f233bf.png
Threat Actors: Angrboda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of GVM Technologies
Category: Data Breach
Content: The threat actor claims to have breached data from GVM Technologies, allegedly exposing 2,000 student records, including 205 passport numbers, complete PII, as well as study abroad plans and visa application status details.
Date: 2026-02-22T12:24:02Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-India-GVM-Technologies-GradSmart-2k-Student-Database-with-Passport-Numbers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfc874f1-9bd9-4fac-98a8-bb054cf4de11.png
https://d34iuop8pidsy8.cloudfront.net/15b17f2e-4063-4bf7-a49a-80e8c39496f2.png
Threat Actors: Angrboda
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: gvm technologies
Victim Site: gvmtechnologies.com
Alleged leak of login credentials to Ofsted
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Ofsted.
Date: 2026-02-22T12:20:26Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076363
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/859c6dfd-43a7-46ad-b32a-898eb586c82a.png
Threat Actors: A K U L A v 2 . 2
Victim Country: UK
Victim Industry: Government Administration
Victim Organization: ofsted
Victim Site: ofsted.gov.uk
Alleged data breach of MTN Irancell
Category: Data Breach
Content: Threat actor claims to have leaked a database of approximately 40 million records from MTN Irancell. The data allegedly includes ID numbers, names, phone numbers, addresses, and home numbers.
Date: 2026-02-22T12:00:47Z
Network: openweb
Published URL: https://breachforums.as/Thread-Irancell-MDB-Database-leak-repost
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a178adb-7725-4b56-a9f3-ffc89a17941e.png
Threat Actors: Tanaka
Victim Country: Iran
Victim Industry: Network & Telecommunications
Victim Organization: mtn irancell
Victim Site: irancell.ir
Alleged data leak of AkbMarket
Category: Data Breach
Content: The group claims to have leaked data related to AkbMarket.
Date: 2026-02-22T10:37:43Z
Network: telegram
Published URL: https://t.me/perunswaroga/1203
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/841bdcbf-a8a8-4477-8d30-7e7549982f00.png
Threat Actors: Перун Сварога
Victim Country: Ukraine
Victim Industry: Retail Industry
Victim Organization: akbmarket
Victim Site: akbmarket.in.ua
Alleged leak of login credentials to Government of Telangana
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Government of Telangana.
Date: 2026-02-22T10:32:55Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076232
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4789ebe0-dd8e-41a9-9ce6-6e52cbb82668.png
Threat Actors: A K U L A v 2 . 2
Victim Country: India
Victim Industry: Government Administration
Victim Organization: government of telangana
Victim Site: qpgd.sbtet.telangana.gov.in
Alleged leak of Chinese Government (Shanghai) Party and Government organizations data
Category: Data Breach
Content: The threat actor claims to have leaked approximately 1.95 million personal information records related to Chinese Government (Shanghai) Party and Government organizations.
Date: 2026-02-22T10:11:02Z
Network: openweb
Published URL: https://breachforums.as/Thread-REPOST-Personal-Information-of-Chinese-Government-Shanghai-Party-and-Government-Organs-20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6481137d-f933-4779-b850-d2c9764f874d.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of an unidentified webshell access (co.id)
Category: Initial Access
Content: The group actor is claiming to sell web shell access to an unidentified .co.id domain.
Date: 2026-02-22T10:01:49Z
Network: telegram
Published URL: https://t.me/Black_Market1337X/67
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5ff78590-df7a-49d3-a716-8a55640b4d01.png
Threat Actors: Black Market – Data Breach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Health Information Service Delivery Unit (HISDU) Health and Population Department
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Health Information Service Delivery Unit (HISDU) Health and Population Department.
Date: 2026-02-22T09:50:35Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076234
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4546430f-29c4-474e-b7a0-8b7216c39293.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Pakistan
Victim Industry: Hospital & Health Care
Victim Organization: health information service delivery unit (hisdu) health and population department
Victim Site: phmis.pshealthpunjab.gov.pk
Alleged database sale of Bank Hapoalim
Category: Data Breach
Content: The threat actor group claims to be selling databases allegedly linked to Bank Hapoalim. The leaked data reportedly includes around 6 million records, containing information such as cardholder names, card numbers, expiration dates, security codes, website links, site IDs, and card status details.NB: The bank was previously allegedly breached by the threat actor DigitalGhost on July 5, 2025.
Date: 2026-02-22T09:11:07Z
Network: telegram
Published URL: https://t.me/mehwargun/5853
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a784e59-72d8-4828-8f2c-681e031b5ae2.png
Threat Actors: mehwargun
Victim Country: Israel
Victim Industry: Banking & Mortgage
Victim Organization: bank hapoalim
Victim Site: bankhapoalim.co.il
Alleged data breach of CENTRAL JAVA PP SATPOL
Category: Data Breach
Content: The threat actor claims to have breached data from CENTRAL JAVA PP SATPOL, allegedly containing name, employee identification number (NIP), national identification number (NIK), tax identification number (NPWP), phone number, and more.
Date: 2026-02-22T09:09:25Z
Network: openweb
Published URL: https://breached.live/showthread.php?mode=threaded&tid=153635&pid=112573#pid112573
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2da572b8-c45a-4449-ab94-16078c06a617.png
https://d34iuop8pidsy8.cloudfront.net/d9ee4535-d2df-42c0-9594-d58158b1224e.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: central java pp satpol
Victim Site: satpolpp.jatengprov.go.id
Alleged data breach of hualunchem
Category: Data Breach
Content: Threat actor claims to have breached approximately 20GB of data from hualunchem.
Date: 2026-02-22T09:03:14Z
Network: openweb
Published URL: https://breachforums.as/Thread-Chinese-data-Free-download-20-G-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-l-hualunchem-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d825067f-7b8e-41e6-8ed0-9e43f24475d3.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Chemical Manufacturing
Victim Organization: jiangsu hualun chemical industry co., ltd.
Victim Site: oa.hualunchem.com
Alleged data breach of Jiangsu Hualun Chemical Industry Co., Ltd.
Category: Data Breach
Content: Threat actor claims to have breached approximately 20GB of data from Jiangsu Hualun Chemical Industry Co., Ltd.
Date: 2026-02-22T08:56:05Z
Network: openweb
Published URL: https://breachforums.as/Thread-Chinese-data-Free-download-20-G-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-l-hualunchem-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d825067f-7b8e-41e6-8ed0-9e43f24475d3.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Chemical Manufacturing
Victim Organization: jiangsu hualun chemical industry co., ltd.
Victim Site: oa.hualunchem.com
313 Team claims cyberattack against Woodforest National Bank
Category: Cyber Attack
Content: A recent post by the group claims responsibility for a cyberattack allegedly targeting Woodforest National Bank. The group states that the attack affected the bank’s servers and resulted in service disruption to its mobile application.
Date: 2026-02-22T08:55:10Z
Network: telegram
Published URL: https://t.me/xX313XxTeam/559
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/be869edc-340f-4b97-a736-b6af213dc4d8.png
Threat Actors: 313 Team
Victim Country: USA
Victim Industry: Banking & Mortgage
Victim Organization: woodforest national bank
Victim Site: woodforest.com
Alleged leak of Taiwan and China
Category: Data Breach
Content: The threat actor claims to have leaked data from Taiwan and China.
Date: 2026-02-22T08:42:29Z
Network: openweb
Published URL: https://breachforums.as/Thread-Personal-information-from-Taiwan-China
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/380625b4-a5d8-441c-8783-cd9dcb8771cb.png
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of NATO database and classified document archive
Category: Data Breach
Content: The group claims to be selling a 3.5 TB database allegedly associated with NATO and its member or partner entities. The listing references documents described as bearing NATO classification markings (Restricted, Confidential, Secret) and includes personal and professional contact information such as names, nationalities, employers, job titles, email addresses, phone numbers, and physical addresses. Agencies reportedly referenced in the dataset include the Ministry of the Armed Forces, Ministry of Defence, United States Navy, Canadian Armed Forces, NASA Glenn Research Center, Naval Air Systems Command, Ministry of Defence, Polish Space Agency, and Department of Defence, among others.
Date: 2026-02-22T08:28:08Z
Network: telegram
Published URL: https://t.me/c/3667951656/2608
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/424cee43-6d86-42ae-8f63-81ffedef2597.png
https://d34iuop8pidsy8.cloudfront.net/8b6f404b-0112-4ada-b033-2ebbee9625c0.png
Threat Actors: BFRepoV4Files
Victim Country: Belgium
Victim Industry: International Affairs
Victim Organization: nato
Victim Site: nato.int
Alleged data breach of UNIPAZ
Category: Data Breach
Content: The threat actor claims to have breached data from UNIPAZ, allegedly containing student code, DNI, name, last name, institutional email, department, and city.
Date: 2026-02-22T08:16:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-CO-UNIPAZ-EDU-CO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a06e968-69f1-4c07-a4cc-b34352093aaa.png
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Education
Victim Organization: unipaz
Victim Site: unipaz.edu.co
Alleged leak of login credentials to Muslim Alpha
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Muslim Alpha.
Date: 2026-02-22T08:04:07Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075670
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7d4da2f-92d2-489e-9d53-f95c258c7d36.png
Threat Actors: A K U L A v 2 . 2
Victim Country: USA
Victim Industry: Religious Institutions
Victim Organization: muslim alpha
Victim Site: muslimalpha.com
Alleged data leak of UK Forex Consumers
Category: Data Breach
Content: The group claims to have leaked UK-based forex consumer data, including personal information such as first name, last name, postcode, date of birth, email, and mobile numbers.
Date: 2026-02-22T07:19:54Z
Network: telegram
Published URL: https://t.me/c/3667951656/2631
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84d349fe-8415-4c99-9a02-1a84f5597e65.png
Threat Actors: BFRepoV4Files
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Institución Universitaria ITM
Category: Data Breach
Content: The threat actor claims to have breached the database of Institución Universitaria ITM; the dataset contains first name(s), last name(s), email address, phone number, and home address.
Date: 2026-02-22T07:03:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-CO-ITM-EDU-CO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64b679e1-b8ed-46d8-b525-924810a3e012.png
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Higher Education/Acadamia
Victim Organization: institución universitaria itm
Victim Site: itm.edu.co
RipperSec claims to target UAE
Category: Alert
Content: A recent post by the group indicates that they are targeting UAE.
Date: 2026-02-22T06:37:10Z
Network: telegram
Published URL: https://t.me/c/2875163062/690
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6bf6f87f-abce-4173-b753-49be84fc04f0.png
Threat Actors: RipperSec
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Al-Jazeera Telecom
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Al-Jazeera Telecom.
Date: 2026-02-22T06:25:08Z
Network: telegram
Published URL: https://t.me/c/1943303299/1076056
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1b319df0-a1f7-40eb-99e2-847335afdeaa.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Network & Telecommunications
Victim Organization: al-jazeera telecom
Victim Site: ftth.jt.iq
Alleged leak of login credentials to webmail Portal for UAE Ministry of Interior.
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to webmail Portal for UAE Ministry of Interior.
Date: 2026-02-22T06:17:12Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075799
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cb0396ba-7fb3-4385-b147-a978c0fa748b.png
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Government Administration
Victim Organization: uae ministry of interior
Victim Site: mail.moi.gov.ae
Alleged data breach of FiveM
Category: Data Breach
Content: The group claims to have leaked 30M data from FiveM. The compromised data includes first name, last name, middle name, dob, etc.
Date: 2026-02-22T06:12:32Z
Network: telegram
Published URL: https://t.me/c/3667951656/2512
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ffad9c7d-b9c3-45fe-8fa1-d58700884cbe.png
Threat Actors: BFRepoV4Files
Victim Country: USA
Victim Industry: Gaming
Victim Organization: fivem
Victim Site: fivem.net
Alleged leak of U.S. Consumer Financial Services Lender
Category: Data Breach
Content: Threat actor claims to have leaked the database of U.S. Consumer Financial Services Lender: the dataset contains highly sensitive personal and financial information related to loan applications and underwriting processes.
Date: 2026-02-22T06:05:31Z
Network: openweb
Published URL: https://darkforums.me/Thread-587K-borrowers-SSN-and-bank-data-in-Lender-Breach-Feb-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c855a9e-9938-4d93-88f9-28a3997a7309.png
Threat Actors: ResPublica
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to HLR Store
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to HLR Store.
Date: 2026-02-22T05:53:18Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075843
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f340fd1-3d52-459d-92ce-3ce27ffc05cf.png
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: E-commerce & Online Stores
Victim Organization: hlr store
Victim Site: hlr-store.ae
Alleged data leak from USA
Category: Data Breach
Content: The group claims to have leaked 20 million USA Home data. The compromised data reportedly includes household member1, address, city, state, zip, area code and phone etc.
Date: 2026-02-22T05:50:50Z
Network: telegram
Published URL: https://t.me/c/3667951656/2459
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d787895b-4ff2-433d-a184-31c86c6d5e35.png
Threat Actors: BFRepoV4Files
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Al Mana Holding
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Al Mana Holding.
Date: 2026-02-22T04:51:56Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075823
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9e322621-2cc1-4a45-803f-4b3a500d4faf.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Qatar
Victim Industry: International Trade & Development
Victim Organization: al mana holding
Victim Site: almanaholding.com.qa
Alleged data leak of FarmersD
Category: Data Breach
Content: Threat actor claims to have leaked data from FarmersD dating app.
Date: 2026-02-22T04:48:52Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276629/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9f88edc-82c3-41fc-9f8f-d1f8831cd272.png
Threat Actors: HighRisk
Victim Country: Unknown
Victim Industry: Other Industry
Victim Organization: farmersd
Victim Site: farmersdatingapp.com
Alleged Data breach of Cirebon Social Assistance Data
Category: Data Breach
Content: The threat actor claims to have breached the database of the Cirebon City Social Assistance system (Cirebon, Indonesia), the dataset contains personal information such as full names, National Identification Numbers (NIK), addresses, place and date of birth, city/region details, and parents’ names.
Date: 2026-02-22T04:46:51Z
Network: openweb
Published URL: https://breachforums.as/Thread-DOCUMENTS-Cirebon-Indonesia-social-assistance-data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5bb8792-73c5-46e4-81b7-a2bdc7d0e66f.png
Threat Actors: Shenira6core
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: pemerintah kabupaten cirebon
Victim Site: jdih.cirebonkab.go.id
Alleged sale of custom initial access malware chain
Category: Malware
Content: Threat actor claims to be selling a custom initial access malware chain leveraging sideloading techniques to evade EDR, with builds customized per buyer infrastructure.
Date: 2026-02-22T04:43:06Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276611/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d27f000-aaf7-4e27-9fbe-68456c5f4aea.png
Threat Actors: sha1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to LVN – Leading Iraqi GPS Tracking System
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to LVN – Leading Iraqi GPS Tracking System.
Date: 2026-02-22T04:39:15Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075760
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/49dbacd1-4256-4c84-a4bf-50a06d4f3719.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Information Technology (IT) Services
Victim Organization: lvn – leading iraqi gps tracking system
Victim Site: track.gpslvn.iq
Alleged leak of login credentials to Bank Melli Iran (BMI)
Category: Data Breach
Content: The group claims to have leaked login credentials belonging to Bank Melli Iran (BMI).
Date: 2026-02-22T04:27:02Z
Network: telegram
Published URL: https://t.me/c/1943303299/1075754
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/325d97a4-a58e-4fd4-a630-21a53db43d62.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Banking & Mortgage
Victim Organization: bank melli iran (bmi)
Victim Site: bmi.ir
Alleged data leak of Nodia & Company
Category: Data Breach
Content: Threat actor claims to have leaked data from Nodia & Company.
Date: 2026-02-22T03:53:37Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276626/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/035eea6d-29a9-4a11-9571-597d289daabb.png
Threat Actors: HighRisk
Victim Country: India
Victim Industry: Publishing Industry
Victim Organization: nodia & company
Victim Site: nodia.co.in
Alleged Data Breach of SIPRECAN
Category: Data Breach
Content: Threat actor claims to have breached the database of SIPRECAN; the dataset contains personal and healthcare-related data of registered beneficiaries.
Date: 2026-02-22T03:43:50Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-LEAK-Sistema-de-Informaci%C3%B3n-para-la-Prevencion-del-Cancer
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6b076754-d8f6-42b0-9766-a3e98860ac6e.png
Threat Actors: delitospenales
Victim Country: Bolivia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: sistema de información para la prevención del cáncer (siprecan)
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified Legal service organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified legal service organization in USA.
Date: 2026-02-22T03:29:10Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276617/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a020d2ca-c681-4663-81f3-d01c6e0ab635.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified IT organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified IT organization in USA.
Date: 2026-02-22T03:28:42Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276616/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aab57bdc-77d4-46ee-84ff-2fd7d91ea26d.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified Lab equipment testing company in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified Lab equipment manufacturing organization in USA.
Date: 2026-02-22T03:18:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276615/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2bbc3860-fc74-448f-bdca-cca2652f76f9.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified college in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified college in USA.
Date: 2026-02-22T03:05:39Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276614/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d39f25f5-50d4-4828-a051-b201ae16e894.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Higher Education/Acadamia
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified medical equipment manufacturing organization in Canada
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified medical equipment manufacturing organization in Canada.
Date: 2026-02-22T02:57:42Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276613/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/07c83f7d-e6fe-4310-ab2e-991b4a42d4dc.png
Threat Actors: Asian_Baddie
Victim Country: Canada
Victim Industry: Medical Equipment Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified Civil engineering company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified civil engineering organization in UK.
Date: 2026-02-22T02:47:13Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276618/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/980661a5-2cbe-4d4f-95ea-cc71e8f9b4f4.png
Threat Actors: Asian_Baddie
Victim Country: UK
Victim Industry: Civil Engineering
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of SQL injection access to unidentified store
Category: Initial Access
Content: Threat actor claims to be selling unauthorized SQL injections access to an unidentified online store in France.
Date: 2026-02-22T02:44:45Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276610/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47f71b12-2f4d-46be-bc85-8bf96be40c52.png
Threat Actors: pollins05
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to unidentified IT organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified IT organization in USA.
Date: 2026-02-22T02:11:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276612/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4270e99-b045-4c47-a78b-5c84a502e7c2.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown