[March-25-2026] Daily Cybersecurity Threat Report

Executive Summary

This report analyzes 294 draft cybersecurity incident records primarily occurring between March 25 and March 26, 2026. The threat landscape during this window was dominated by four primary types of malicious activity:

Mass Website Defacements: Largely driven by automated campaigns from groups like BABAYO EROR SYSTEM and independent actors like DimasHxR.
Prolific Credential Leaks: Threat actors, most notably “CODER,” distributed tens of millions of credential combinations (Combo Lists) across Telegram and cybercriminal forums.
High-Profile Data Breaches: Groups such as RubiconH4CK and Scattered LAPSUS$ Hunters claimed extensive breaches across global government, defense, and corporate sectors.
Critical Infrastructure Disruption: Real-world impacts were observed via ransomware and cyberattacks against healthcare and logistics sectors in Europe and the Americas.

1. Data Breaches and Information Leaks

The dataset reveals a high volume of alleged data breaches, with threat actors targeting diverse industries globally.

Prominent Threat Actors in Data Extortion

RubiconH4CK

This actor claimed responsibility for several high-impact, nation-state-level data leaks:

Allegedly leaked a 5TB database from the Shanghai National Police (SHGA), containing roughly 1.2 billion documents and data points.
Claimed to possess 281 GB of data from the U.S. National Security Agency (NSA).
Claimed to have leaked 3TB of data from Google LLC, including sensitive member and user data.
Alleged the sale of 1TB of data belonging to the Hellenic Air Force (Greece).
Claimed to leak data from the Pakistan defense system.
Claimed a 2TB data leak from the Kenya Airport Authority.
Allegedly breached the Hopewell Area School District in the USA.
Claimed to sell a database of 3,682,729 records from Japan Lifebear.

Scattered LAPSUS$ Hunters

This group (and its iterations like “scattered LAPSUS$ hunters 7.0”) executed a widespread, opportunistic campaign targeting smaller corporations and government portals across multiple countries:

Government/Public Sector: Food Security Portal (Pakistan) , AJK IT Board (Pakistan) , Employment Office in Turkey.
Technology/IT: Hybricom (Mexico) , Futuriy (Italy) , Youtech (USA) , RedSegura Tech (Colombia) , NulledBB (USA).
Manufacturing/Industrial: Hantermann (Germany) , Sweeper Brush (Turkey) , AirCenter AG (Switzerland) , Dantherm Group AG (Switzerland).
Retail/E-commerce: Zoomaailm (Estonia) , Givoni Pty Ltd (Australia) , GoDirect, Inc. (USA).
Automotive: Vip Racing Shopping (Brazil) , Blue Oval Truck Parts (USA).
Other Sectors: Name Blue Dragon National High School Baseball Championship (South Korea) , La Serenissima (Italy) , Sportphoto.shop (Netherlands) , Experoffice S.r.l (Italy) , The Lake District Walker Ltd (UK) , Syrian Food Safety (Syria) , ISub Supplies (UK).

Other Notable Data Breaches

Victim Organization	Threat Actor	Details	Source
Cipher (Ukraine)	CyberSerp Official	Exfiltrated encryption source code, private certification keys, internal communications, and a database of over 500 clients.
P3Global/CrimeStoppers	iym	Selling 8.3 million records (93GB) of police tipline systems, dubbed “BlueLeaks 2.0,” for $10,000.
KFC China	Gus	Leaked usernames, emails, mobile numbers, addresses, and gender data.
Service National Universel (France)	Admin	Selling a MongoDB dump containing user profiles, credentials, and infrastructure data.
Yuanta Securities (Thailand)	datasource	Selling 2.3 million records containing national IDs, passwords, and securities data (note: previously breached in Sept 2025).
Forbes Ukraine	CyberSerp Official	Alleged exfiltration of approximately 150GB of data.
51.com (China)	fanfan	Leaked a 2019 dataset of 321,752,993 records containing UINs, emails, IPs, and passwords.
Parkway Realty Group LLC	Sorb	Leaked 85 GB of data including lease agreements, legal files, and banking info.
ProCamps (USA)	Sorb	Selling 623,000 user records, including DOBs and IP addresses.

2. Combo Lists and Credential Harvesting

The sharing of “Combo Lists” (combinations of emails/usernames and passwords) was highly prevalent, primarily distributed on open web cybercriminal forums like CrackingX.

The Actor “CODER”: This individual or group is the most prolific distributor in the dataset, sharing massive lists for free via Telegram channels. Their distributions included:
- 21 million social media credentials.
- 14.5 million credentials for Gmail, Hotmail, Office 365, and MSN.
- 11 million mixed email records.
- 10.2 million records from multiple countries (France, Germany, Iran, Italy, etc.).
- 10 million mixed records.
- 8 million mixed corporate domain accounts.
- 7 million records from various global sources.
- 7.5 million mixed SMTP credentials.
- Lists specifically targeting Fortnite accounts and educational domains.
Other Notable Distributors: Actors like HQcomboSpace, BestCombo, Kommander0, Hotmail Cloud, and gsmfix heavily targeted email services.
Targeted Platforms: Microsoft domains (Hotmail, Outlook, live.fr, hotmail.es) were disproportionately targeted in smaller, allegedly “fresh” and “valid” batches. Other specific targets included Yahoo cryptocurrency users (1.19 million records) , gaming/casino platforms in Germany (783,668 records) , and educational institutions (130,027 and 129,523 records).

3. Website Defacements

Website defacement activity was characterized by automated mass campaigns and persistent individual actors targeting vulnerable web infrastructure (often WordPress or Linux-hosted environments).

BABAYO EROR SYSTEM (Actor: Mr.XycanKing)

This threat actor executed a highly coordinated mass defacement campaign on March 25, 2026, largely targeting businesses and e-commerce sites in Bangladesh, though other global domains were impacted.

Targeted Domains Included: pilescarex.com, nexby.xyz, skinhealthbd.xyz, probashihelpar.com, wellnixbd.com, careofskin.xyz, chinisstore.com, draevo.com, estoreflow.xyz, fixby.xyz, gardenhelper.xyz, gardentoolsbd.xyz, germantonailplus.xyz, glamourskin.xyz, goskincare.xyz, healthynail.xyz, homedecoral.com, joymartbd.com, kitabiya.com, lastylezz.com, magicskinbd.xyz, minisky.xyz, nailcarebd.com, nailrepair.xyz, aramart.xyz, bikroyall.xyz, and barakahwall.com.

DimasHxR

Operating seemingly independently, this actor targeted specific files (often readme.txt or b.html) across a diverse range of international websites.

Targeted Domains Included: courant-brand.online, scottrobertsvoice.com, chachooanims.fr, powerpackiq.com, thetrack.com.au, loleverywhere.com, loloops.com, menintalk.com, wahgazab.com, beatspy.com, adoption-center.info, getmoroccotours.org, precisioncabinetry.net, ruizranch.com, and ablethanh.com.

NUCLIER-Y-C-C-M

This group focused on targeted defacements rather than mass campaigns, often impacting manufacturing, media, and organizational sites in Asia.

Targets Included: Taiwan Fire Corporation, lezw.com.tw, btwe3.com, Janhit Sewa Shiksha Foundation (India), NPPM (India), Sparekart India, tailoringindia.com, Daily Aaj (Pakistan), and FSN (Thailand).

Other Defacement Actors

BROKENPIPE: Targeted UAE-based fashion and crafts sites including Stuck On You, Petit Bateau, and Superdry.
Alpha wolf / XYZ: Targeted the Brazilian hospitality sector (Pousada Esquina do Sol) and a Luxembourg sports organization (Judo Club Esch).
Idiot Crew (Actor: maw3six): Executed mass defacements on cloud-hosted servers, targeting sites like organisedasfood.dev, f1casemimic.com, fronthgaarden.no, and Adria Logistika.
CYKOMNEPAL: Targeted Nepalese organizations, including Rotary District 3292 and Chirinyima Handicraft.
Leviathan Perfect Hunter (Actor: aexdy): Defaced specific pages on olozfera.com and clrmo.com.

4. Malware, Exploits, and Initial Access Sales

Cybercriminal forums featured the active sale of tools and initial access vectors designed to facilitate further attacks.

Malware & Tools:
- Dedsec Stealer: Advertised for stealing browser data, VPN data, 2FA, crypto wallets, and evading anti-VM/RDP software.
- ULPR (Revolutionary JavaScript): Sold for extracting credentials from local databases and analyzing combo lists.
- Cyanotic V5: Designed for brute-forcing and inbox checking on Outlook/Hotmail accounts.
- Aura AIO Checker: A multi-module credential validation tool.
- EmSpoof: An email spoofing service sold for $1500, claiming 100% inbox delivery and the ability to spoof major banks and crypto exchanges (e.g., Binance, HSBC).
Initial Access Sales:
- ADV1337: Claimed to sell root-level and IAM server access to an unidentified company with over $1 billion in turnover.
- Saturned33: Advertised shell access to a Venezuelan tourism organization and a Palestinian ISP/MSP organization , both including SYSTEM and Local Administrator privileges in domain-joined Windows environments.
- YongPo: Sold unauthorized access to self-written shops in the US and UK.
- Z-PENTEST ALLIANCE: Claimed unauthorized access to a private CCTV camera in Poland and the control system (HMI) of a mini-hydroelectric power plant in Italy, claiming the ability to control turbines and valves.

5. Disruptive Cyberattacks and Ransomware

The dataset includes reports of highly disruptive attacks impacting operational technology and critical services.

Port of Vigo (Spain): Suffered a ransomware attack on March 25, 2026, causing the temporary shutdown of digital cargo management services. While the threat was neutralized, preventive measures forced a reversion to manual paper records.
Papardo Hospital (Italy): Paralyzed by a cyberattack that blocked computers, databases, and the SovraCup reservation system. The hospital activated a security plan, shifting to cloud backups and alternative methods to maintain patient care.
Puerto Rico Innovation and Technology Service (PRITS): Detected and neutralized an attempted attack on the Department of Transportation and Public Works (DTOP). Preventive disconnection of systems caused temporary suspension of Driver Services Centers (CESCO) operations, but no data leaked.

Conclusion

The intelligence gathered from March 25–26, 2026, paints a picture of a highly active and commoditized cybercriminal ecosystem. The barrier to entry for credential stuffing and account takeovers remains incredibly low, evidenced by the free distribution of tens of millions of combo lists by actors like “CODER”. Concurrently, mass defacement campaigns rely heavily on automated exploitation of vulnerable web infrastructure, serving mostly as digital graffiti or reputation building for actors like “Mr.XycanKing”.

However, the severe threat lies in the activities of groups like RubiconH4CK and Scattered LAPSUS$ Hunters, who demonstrate the capability to extract massive datasets from high-value government, military, and corporate targets. Furthermore, the successful disruption of critical infrastructure—seen in the ransomware attack on the Port of Vigo and the IT paralysis at Papardo Hospital—highlights the continued physical-world consequences of these digital intrusions.

Detected Incidents Draft Data

Website defacement of Taiwan Fire Corporation by NUCLIER-Y-C-C-M
Category: Defacement
Content: The attacker group NUCLIER-Y-C-C-M successfully defaced the about page of Taiwan Fire Corporations website on March 26, 2026. This appears to be an isolated defacement targeting a single page rather than a mass or redefacement attack.
Date: 2026-03-25T23:55:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/814757
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Taiwan
Victim Industry: Manufacturing
Victim Organization: Taiwan Fire Corporation
Victim Site: www.taiwanfire.com
Alleged threat activity related to PENTAFON
Category: Data Breach
Content: Forum post titled PENTAFON with no visible content available for analysis.
Date: 2026-03-25T23:44:16Z
Network: openweb
Published URL: https://xforums.st/threads/pentafon.593042/
Screenshots:
None
Threat Actors: asnsi991sp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: PENTAFON
Victim Site: Unknown
Website defacement of lezw.com.tw by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M conducted a home page defacement attack against www.lezw.com.tw on March 26, 2026. This was a single-target attack rather than part of a mass defacement campaign.
Date: 2026-03-25T23:43:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/814738
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.lezw.com.tw
Website defacement of btwe3.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the btwe3.com website on March 26, 2026. This was a single-site home page defacement rather than a mass attack campaign.
Date: 2026-03-25T23:30:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/814664
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: btwe3.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,800 alleged Hotmail email credentials through a free download link on MediaFire, claiming the data is valid and private.
Date: 2026-03-25T23:14:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69877/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
BROKENPIPE targets the Website of Stuck On You
Category: Defacement
Content: The group claims to have defaced the website of Stuck On You.
Date: 2026-03-25T23:01:51Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41647807?hz=1
Screenshots:
None
Threat Actors: BROKENPIPE
Victim Country: UAE
Victim Industry: Arts & Crafts
Victim Organization: stuck on you
Victim Site: mcstaging.stuckonyou.ae/media/customer_address/r/e
BROKENPIPE targets the website of Petit Bateau
Category: Defacement
Content: The group claims to have defaced the website of Petit Bateau.
Date: 2026-03-25T22:56:41Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41647815?hz=1
Screenshots:
None
Threat Actors: BROKENPIPE
Victim Country: UAE
Victim Industry: Fashion & Apparel
Victim Organization: petit bateau
Victim Site: petit-bateau.ae
BROKENPIPE targets the website of Superdry
Category: Defacement
Content: The group claims to have defaced the website of Superdry.
Date: 2026-03-25T22:52:38Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41647806
Screenshots:
None
Threat Actors: BROKENPIPE
Victim Country: UAE
Victim Industry: Fashion & Apparel
Victim Organization: superdry
Victim Site: mcstaging.superdry.ae/media/customer_address/r/e/reload.txt
Alleged data sale of arcterminal.xyz
Category: Data Leak
Content: The threat actor claims to be selling a database from Arcterminal.xyz, allegedly containing 66,769 unique email addresses along with associated wallet addresses and Twitter usernames.
Date: 2026-03-25T22:47:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Arcterminal-xyz-Crypto-Database-66k-unique-emails
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: arcterminal.xyz
Alleged leak of mixed credential combolist containing 130,000 records
Category: Combo List
Content: A threat actor shared a combolist containing 130,000 email and password combinations from mixed sources. The credentials are described as fresh and high quality.
Date: 2026-03-25T22:32:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69875/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cipher
Category: Data Breach
Content: The group claims to have breached data from Cipher, exfiltrating encryption product source code, private certification keys, internal communications, and a large customer database, with potential implications for key compromise and exposure of vulnerabilities across systems relying on its cryptographic solutions.
Date: 2026-03-25T22:25:09Z
Network: telegram
Published URL: https://t.me/CyberSerp_Official/26
Screenshots:
None
Threat Actors: CyberSerp Official
Victim Country: Ukraine
Victim Industry: Computer & Network Security
Victim Organization: cipher
Victim Site: cipher.com.ua
Alleged leak of education sector credentials targeting social and shopping platforms
Category: Combo List
Content: A threat actor has leaked a combolist containing 153,619 credential lines allegedly targeting education sector accounts for social media and shopping platforms. The data is being distributed for free via file sharing service.
Date: 2026-03-25T22:22:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69873/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of live.fr domain credentials
Category: Combo List
Content: A threat actor shared a credential list containing 7,206 entries targeting the live.fr domain through a file hosting service. The credentials appear to be distributed freely without any payment required.
Date: 2026-03-25T22:21:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69874/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: France
Victim Industry: Technology
Victim Organization: Orange
Victim Site: live.fr
Alleged sale of root access to an unidentified organization
Category: Initial Access
Content: The threat actor claims to be selling root-level and IAM server access to an unidentified company with a turnover exceeding $1 billion, stating that the access includes web interface access and shell payload capabilities.
Date: 2026-03-25T22:18:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279180/
Screenshots:
None
Threat Actors: ADV1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Forbes Ukraine
Category: Data Leak
Content: The group claims to have breached Forbes Ukraine, allegedly exfiltrating approximately 150GB of data.
Date: 2026-03-25T22:10:21Z
Network: telegram
Published URL: https://t.me/CyberSerp_Official/12
Screenshots:
None
Threat Actors: CyberSerp Official
Victim Country: Ukraine
Victim Industry: Newspapers & Journalism
Victim Organization: forbes ukraine
Victim Site: forbes.ua
Alleged data breach of elocal
Category: Data Breach
Content: A threat actor claims to have breached elocal.com, a digital marketing and lead generation platform, and is selling a database containing approximately 1.83 million user records.
Date: 2026-03-25T22:02:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279174/
Screenshots:
None
Threat Actors: renn
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: elocal
Victim Site: elocal.com
Alleged sale of unauthorized access to a self-written shop in the united states
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to a self-written shop in the United States, including an admin panel, installation code, and authorization form, stating that the shop has recorded 75 orders for the current year.
Date: 2026-03-25T21:27:00Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279173/
Screenshots:
None
Threat Actors: YongPo
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Posta Shqiptare
Category: Data Leak
Content: The group claims to have leaked the data of Posta Shqiptare .
Date: 2026-03-25T21:22:11Z
Network: telegram
Published URL: https://t.me/JusticeHomeland1/603
Screenshots:
None
Threat Actors: Homeland Justice
Victim Country: Albania
Victim Industry: Financial Services
Victim Organization: posta shqiptare
Victim Site: postashqiptare.al
Alleged sale of ULPR tool
Category: Malware
Content: The threat actor claims to be selling a malware tool ULPR – Revolutionary JavaScript The malware is designed to search and extract credentials from local databases, supporting formats like email:pass, login:pass, and URL-based credentials, for analyzing stolen credential dumps or combo lists.
Date: 2026-03-25T21:21:48Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279171/
Screenshots:
None
Threat Actors: SMB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of French fake identity document templates and services
Category: Initial Access
Content: Threat actor offering fake French identity documents including national ID cards and passports, along with editable PSD templates and MRZ calculators for prices ranging from 15€ to 80€. Services include document modification and creation tools for fraudulent identity purposes.
Date: 2026-03-25T21:14:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69872/
Screenshots:
None
Threat Actors: fakeid
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
L4663R666H05T targets the website of Petit Bateau
Category: Defacement
Content: The group claims to have defaced the website of Petit Bateau.
Date: 2026-03-25T21:01:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813863
Screenshots:
None
Threat Actors: L4663R666H05T
Victim Country: UAE
Victim Industry: E-commerce & Online Stores
Victim Organization: petit bateau
Victim Site: petit-bateau.ae
Alleged data breach of Hybricom
Category: Data Breach
Content: The group claims to have breached the database of Hybricom.
Date: 2026-03-25T21:00:03Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Mexico
Victim Industry: Network & Telecommunications
Victim Organization: hybricom
Victim Site: hybricom.com.mx
Alleged data breach of Name Blue Dragon National High School Baseball Championship
Category: Data Breach
Content: The group claims to have breached the database of NameBlue Dragon National High School Baseball Championship.
Date: 2026-03-25T20:59:04Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: South Korea
Victim Industry: Sports
Victim Organization: nameblue dragon national high school baseball championship
Victim Site: hsbaseball.kr
L4663R666H05T targets the website of Petit Bateau
Category: Defacement
Content: The group claims to have defaced the website of Petit Bateau.
Date: 2026-03-25T20:57:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813828
Screenshots:
None
Threat Actors: L4663R666H05T
Victim Country: UAE
Victim Industry: E-commerce & Online Stores
Victim Organization: petit bateau
Victim Site: mcprod.petit-bateau.ae
Alleged data leak of Corporate Email Credentials
Category: Data Leak
Content: A threat actor claims to be selling a large collection of corporate email credentials, reportedly consisting of over 700,000 records.
Date: 2026-03-25T20:54:55Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279169/
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Futuriy.
Category: Data Breach
Content: The group claims to have breached the database of Futuriy.
Date: 2026-03-25T20:51:14Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Italy
Victim Industry: Information Technology (IT) Services
Victim Organization: futuriy
Victim Site: futuriy.it
Alleged data breach of La Serenissima
Category: Data Breach
Content: The group claims to have breached the database of La Serenissima.
Date: 2026-03-25T20:49:24Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Italy
Victim Industry: Hospitality & Tourism
Victim Organization: la serenissima
Victim Site: bbserenissima.it
Alleged data breach of Vip Racing Shopping
Category: Data Breach
Content: The group claims to have breached the database of Vip Racing Shopping.
Date: 2026-03-25T20:43:30Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: vip racing shopping
Victim Site: vipracingshopping.com.br
Alleged data leak of europian casino database
Category: Data Leak
Content: A threat actor claims to have leaked a payment system database linked to European casinos, containing approximately 2.5 million user records. The dataset includes deposit amounts, currency, email addresses, phone numbers, and maximum deposit values, covering multiple countries including France, Germany, Italy, and others.
Date: 2026-03-25T20:41:47Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279168/
Screenshots:
None
Threat Actors: Green41k
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Hantermann
Category: Data Breach
Content: The group claims to have breached the database of Hantermann.
Date: 2026-03-25T20:40:42Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Germany
Victim Industry: Manufacturing & Industrial Products
Victim Organization: hantermann
Victim Site: hantermann.eu
Alleged data leak of Altatech
Category: Data Leak
Content: The threat actor claims to have leaked SQL data from Altatech, allegedly containing 87 SQL tables.
Date: 2026-03-25T20:40:33Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-altatech-com-br-Database
Screenshots:
None
Threat Actors: BCXIII
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: altatech
Victim Site: altatech.com.br
Alleged leak of credential lists from multiple countries
Category: Combo List
Content: Threat actor CODER is distributing credential lists (combolists) containing approximately 7 million records from multiple countries including Sweden, Poland, Germany, France, Italy, Spain, Portugal, Greece, Turkey, Egypt, Japan, and China through Telegram channels.
Date: 2026-03-25T20:39:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69871/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Janhit Sewa Shiksha Foundation by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M threat actor successfully defaced the homepage of Janhit Sewa Shiksha Foundation, an Indian educational non-profit organization, on March 26, 2026. This was a single-target home page defacement rather than a mass defacement campaign.
Date: 2026-03-25T20:36:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/814161
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Non-profit/Education
Victim Organization: Janhit Sewa Shiksha Foundation
Victim Site: janhitsewashikshafoundation.in
Alleged data breach of NulledBB
Category: Data Breach
Content: The group claims to have breached the database of NulledBB.
Date: 2026-03-25T20:36:28Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: nulledbb
Victim Site: nulledbb.com
Alleged data breach of Zoomaailm
Category: Data Breach
Content: The group claims to have breached the database of Zoomaailm
Date: 2026-03-25T20:29:23Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Estonia
Victim Industry: Retail Industry
Victim Organization: zoomaailm
Victim Site: zoomaailm.ee
Alleged data breach of Sweeper Brush
Category: Data Breach
Content: The group claims to have breached the database of Sweeper Brush.
Date: 2026-03-25T20:27:36Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Turkey
Victim Industry: Manufacturing
Victim Organization: sweeper brush
Victim Site: sweeperparts.net
Alleged data breach of Youtech
Category: Data Breach
Content: The group claims to have breached the database of Youtech.
Date: 2026-03-25T20:26:48Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Program Development
Victim Organization: youtech
Victim Site: youtech.fr
Alleged data breach of Sportphoto.shop
Category: Data Breach
Content: The group claims to have breached the database of Sportphoto.shop.
Date: 2026-03-25T20:24:15Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Netherlands
Victim Industry: Photography
Victim Organization: sportphoto.shop
Victim Site: sportphoto.shop
Alleged data breach of Experoffice S.r.l
Category: Data Breach
Content: The group claims to have breached the database of Experoffice S.r.l.
Date: 2026-03-25T20:21:34Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Italy
Victim Industry: Design
Victim Organization: experoffice s.r.l
Victim Site: experoffice.it
Alleged data breach of AirCenter AG
Category: Data Breach
Content: The group claims to have breached the database of AirCenter AG.
Date: 2026-03-25T20:19:30Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Switzerland
Victim Industry: Machinery Manufacturing
Victim Organization: aircenter ag
Victim Site: aircenter.ch
Alleged data breach of The Lake District Walker Ltd
Category: Data Breach
Content: The group claims to have breached the database of The Lake District Walker Ltd.
Date: 2026-03-25T20:18:45Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: UK
Victim Industry: Leisure & Travel
Victim Organization: alleged data breach of
Victim Site: thelakedistrictwalker.co.uk
Alleged data breach of Givoni Pty Ltd
Category: Data Breach
Content: The group claims to have breached the database of Givoni Pty Ltd.
Date: 2026-03-25T20:17:38Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Australia
Victim Industry: E-commerce & Online Stores
Victim Organization: givoni pty ltd
Victim Site: givoni.com.au
Alleged data breach of GoDirect, Inc.
Category: Data Breach
Content: The group claims to have breached the database of GoDirect, Inc.
Date: 2026-03-25T20:16:43Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: godirect, inc.
Victim Site: godirectinc.com
Alleged leak of freenet.de credentials
Category: Combo List
Content: A threat actor shared a combolist containing 20,718 credential entries allegedly targeting freenet.de domain users. The data was made available as a free download through a file sharing service.
Date: 2026-03-25T20:16:30Z
Network: openweb
Published URL: https://crackingx.com/threads/69870/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Freenet
Victim Site: freenet.de
Alleged data breach of Blue Oval Truck Parts
Category: Data Breach
Content: The group claims to have breached the database of Blue Oval Truck Parts.
Date: 2026-03-25T20:15:31Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Automotive
Victim Organization: blue oval truck parts
Victim Site: blueovaltruckparts.com
Alleged data breach of Syrian Food Safety
Category: Data Breach
Content: The group claims to have breached the database of Syrian Food Safety.
Date: 2026-03-25T20:14:46Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Syria
Victim Industry: Agriculture & Farming
Victim Organization: syrian food safety
Victim Site: syrian-fs.org
Alleged data breach of RedSegura Tech
Category: Data Breach
Content: The group claims to have breached the database of RedSegura Tech.
Date: 2026-03-25T20:05:20Z
Network: telegram
Published URL: https://t.me/c/3816027580/4498
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters 7.0
Victim Country: Colombia
Victim Industry: Information Technology (IT) Services
Victim Organization: redsegura tech
Victim Site: redsegura.com
Alleged Data Breach of ISub Supplies
Category: Data Breach
Content: The threat group claims to have leaked a database allegedly linked to the ISub Supplies.
Date: 2026-03-25T20:05:07Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters 7.0
Victim Country: UK
Victim Industry: Printing
Victim Organization: isub supplies
Victim Site: isub-supplies.co.uk
Alleged Data Breach of Dantherm Group AG
Category: Data Breach
Content: The threat group claims to have leaked a database allegedly linked to the Dantherm Group AG.
Date: 2026-03-25T20:03:52Z
Network: telegram
Published URL: https://t.me/c/3816027580/4499
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Switzerland
Victim Industry: Manufacturing & Industrial Products
Victim Organization: dantherm group ag
Victim Site: luft-entfeuchter.ch
Website defacement of NPPM by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M successfully defaced the website www.nppmrj.in on March 26, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-03-25T20:02:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/814160
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Unknown
Victim Organization: NPPM
Victim Site: www.nppmrj.in
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list of 800 Hotmail credentials claimed to be valid as of March 25th. The data is being distributed as a free combolist on underground forums.
Date: 2026-03-25T20:02:02Z
Network: openweb
Published URL: https://crackingx.com/threads/69868/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 128,467 corporate email and password combinations via a file-sharing service. The credentials are claimed to be from 2026 leaks affecting corporate email accounts.
Date: 2026-03-25T20:01:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69869/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multiple databases containing personal information and identity documents
Category: Data Breach
Content: Threat actor claims to have access to multiple databases containing driver licenses, SSNs, passports, company information, consumer data, phone lists, email lists, and credentials. Actor provides Telegram contact for communication.
Date: 2026-03-25T20:01:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69867/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Australian credentials
Category: Combo List
Content: A threat actor shared a combolist containing 76,000 Australian email and password combinations for free download on a cybercriminal forum.
Date: 2026-03-25T19:51:01Z
Network: openweb
Published URL: https://crackingx.com/threads/69865/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Canadian credentials
Category: Combo List
Content: A threat actor shared a download link for Canadian credential data containing 96,000 records on a cybercrime forum, making the data freely available to registered users.
Date: 2026-03-25T19:50:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69866/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of international credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 9,500 credentials claimed to be from users in USA, EU, Asia, and Russia, marketed as top quality data from March 25th.
Date: 2026-03-25T19:39:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69864/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Kiwi targets the website of sunme.qa
Category: Defacement
Content: The group claims to have defaced the website of sunme.qa
Date: 2026-03-25T19:23:07Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41647530?hz=1
Screenshots:
None
Threat Actors: kiwi
Victim Country: Qatar
Victim Industry: Unknown
Victim Organization: sunme.qa
Victim Site: sunme.qa
Alleged leak of Outlook and Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,400 mixed credential logs for Outlook and Hotmail email accounts as a free download on an underground forum.
Date: 2026-03-25T19:18:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69863/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: outlook.com
Alleged leak of forum credential combolist
Category: Combo List
Content: A threat actor shared a mixed credential list containing 81,000 entries allegedly containing valid forum credentials. The data appears to be distributed freely on the CrackingX forum.
Date: 2026-03-25T19:09:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69861/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Cyanotic V5 tool
Category: Malware
Content: The threat actor claims to be selling a malware tool called Cyanotic V5.The malware is designed to for brute-force attacks and inbox checking on Outlook/Hotmail accounts, enabling credential validation and potential unauthorizedaccess.
Date: 2026-03-25T18:43:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Cyanotic-v5-0-outlook-hotmail-live-cracked
Screenshots:
None
Threat Actors: makitabosch
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by Alpha wolf team targeting Brazilian hospitality sector
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including a Brazilian hospitality business. The attack occurred on March 26, 2026 and was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-03-25T18:38:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248120
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Brazil
Victim Industry: Hospitality
Victim Organization: Pousada Esquina do Sol
Victim Site: pousadaesquinadosol.com.br
Website defacement of Pousada Esquina do Sol by Alpha wolf team
Category: Defacement
Content: Alpha wolf team, with attacker XYZ, conducted a single website defacement targeting Brazilian hospitality business Pousada Esquina do Sol on March 26, 2026. The attack was a home page defacement rather than a mass defacement campaign.
Date: 2026-03-25T18:32:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813868
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Brazil
Victim Industry: Hospitality
Victim Organization: Pousada Esquina do Sol
Victim Site: pousadaesquinadosol.com.br
Handala Hack claims to target Lockheed Martin
Category: Alert
Content: A recent post by the group indicates that they are targeting Lockheed Martin.
Date: 2026-03-25T18:07:00Z
Network: telegram
Published URL: https://t.me/HANDALA_HPR2/243
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Military Industry
Victim Organization: lockheed martin
Victim Site: lockheedmartin.com
Alleged leak of mail.com credentials
Category: Combo List
Content: A combolist containing 11,074 credentials targeting mail.com domain has been made available for free download on a cybercriminal forum.
Date: 2026-03-25T18:01:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69859/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: mail.com
Victim Site: mail.com
Alleged distribution of gaming and social media platform credential lists
Category: Combo List
Content: Threat actor CODER is distributing credential lists (combolists) for various platforms including gaming services, social media, and streaming platforms through Telegram channels. The actor offers free access to these credential compilations targeting multiple online services.
Date: 2026-03-25T18:00:32Z
Network: openweb
Published URL: https://crackingx.com/threads/69860/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo cryptocurrency-targeted credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1.19 million Yahoo credentials specifically targeting cryptocurrency users. The data was made available as a free download via file sharing service.
Date: 2026-03-25T17:49:06Z
Network: openweb
Published URL: https://crackingx.com/threads/69857/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor snowstormxd shared what appears to be fresh Hotmail credential lists through free download links on a cybercriminal forum. The data is being distributed via paste sites and Telegram channels at no cost.
Date: 2026-03-25T17:36:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69854/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Thread claims to contain 81,000 Hotmail domain credentials with a validity date of March 25, 2026. The actual post content is restricted and requires forum registration to view.
Date: 2026-03-25T17:36:14Z
Network: openweb
Published URL: https://crackingx.com/threads/69855/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 32,000 valid email credentials on a cybercriminal forum. The content is hidden for registered users and additional resources are offered through a private Telegram channel.
Date: 2026-03-25T17:35:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69856/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Food Security Portal
Category: Data Leak
Content: The group claims to have leaked the data from Food Security Portal.
Date: 2026-03-25T17:34:35Z
Network: telegram
Published URL: https://t.me/c/3816027580/4497
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: food security portal
Victim Site: fsp.gov.pk
Alleged data leak of AJK IT Board
Category: Data Leak
Content: The threat actor claims to have leaked a database associated with the AJK IT Board a government entity in Pakistan.
Date: 2026-03-25T17:34:08Z
Network: telegram
Published URL: https://t.me/c/3816027580/4496
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: ajk it board
Victim Site: itb.ajk.gov.pk
El Puerto de Vigo sufre un ciberataque y ve afectado el tráfico de mercancías
Category: Cyber Attack
Content: The Port of Vigo suffered a ransomware cyberattack on March 25, 2026, resulting in the isolation of its computer systems and temporary shutdown of digital cargo management services. Although the technical team neutralized the threat, full server restoration is delayed by preventive security measures, forcing users to resort to manual methods such as paper records. The ports physical activity remains operational, but a forensic analysis is underway to determine the causes of the incident and responsibilities.
Date: 2026-03-25T17:29:02Z
Network: openweb
Published URL: https://www.lavozdegalicia.es/noticia/somosmar/2026/03/24/puerto-vigo-sufre-ciberataque-afecta-trafico-mercancias/00031774365104751290252.htm
Screenshots:
None
Threat Actors:
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Autoridad Portuaria de Vigo
Victim Site: apvigo.es
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Forum user klyne05 shared a combolist containing mixed email credentials that were allegedly checked and verified as fresh and private.
Date: 2026-03-25T17:22:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69853/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Dedsec Stealer
Category: Malware
Content: A threat actor is advertising a malware tool called Dedsec Stealer .The malware is designed to steal browser data, games data theft, file/VPN stealing, 2FA theft, wallet injection, system info collection, anti-VM/RDP evasion, and UAC bypass.
Date: 2026-03-25T17:18:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Dedsec-Stealer-2025
Screenshots:
None
Threat Actors: rippors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Employment Office in Turkey
Category: Data Leak
Content: The group claims to have leaked the data from Employment Office in Turkey.
Date: 2026-03-25T17:13:19Z
Network: telegram
Published URL: https://t.me/c/3816027580/4494
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Turkey
Victim Industry: Human Resources
Victim Organization: employment office in turkey
Victim Site: istihdamofisi.net
Website defacement of Rotary District 3292 by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Rotary District 3292 website in Nepal on March 26, 2026. The attack targeted a non-profit organizations website with an unknown motive.
Date: 2026-03-25T17:03:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813810
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Non-profit
Victim Organization: Rotary District 3292
Victim Site: rotarydistrict3292.org.np
Alleged sale of aura AIO checker
Category: Malware
Content: The threat actor claims to be offering Aura AIO Checker, a multi-module tool designed to validate credentials across various platforms, enabling large-scale account checking and potential unauthorized access.
Date: 2026-03-25T16:55:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Aura-AIO-Checker–137764
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of 10 million credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 10 million record credential combolist through Telegram channels. The actor operates free Telegram groups for sharing combos and programs with cybercriminals.
Date: 2026-03-25T16:45:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69849/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Judo Club Esch by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the Judo Club Esch website on March 25, 2026. This was a targeted home page defacement of the Luxembourg-based martial arts organizations website.
Date: 2026-03-25T16:35:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813803
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Luxembourg
Victim Industry: Sports/Recreation
Victim Organization: Judo Club Esch
Victim Site: judoclubesch.lu
Website defacement of Judo Club Esch by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker group operating under the Alpha wolf team successfully defaced the website of Judo Club Esch, a sports organization based in Luxembourg. The defacement occurred on March 25, 2026 and targeted the clubs primary website running on a Linux server.
Date: 2026-03-25T16:34:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248119
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Luxembourg
Victim Industry: Sports/Recreation
Victim Organization: Judo Club Esch
Victim Site: judoclubesch.lu
Alleged sale of PayPal cracking tools
Category: Malware
Content: The threat actor claims to be offering a PayPal cracking tools pack containing multiple utilities designed for credential validation and account cracking, enabling unauthorized access to financial accounts.
Date: 2026-03-25T16:33:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-PayPal-Cracking-Tools-Pack
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor allegedly leaked 21,000 corporate email credentials on a cybercrime forum. The post indicates these are valid email access credentials dated March 25th.
Date: 2026-03-25T16:32:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69847/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,236 allegedly valid Hotmail email credentials on CrackingX forum. The credentials are described as premium hits from private cloud sources.
Date: 2026-03-25T16:32:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69848/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Shanghai National Police (SHGA) database
Category: Data Leak
Content: The threat actor claims to be selling a 5TB database associated with the Shanghai National Police (SHGA), allegedly containing highly sensitive data. The dataset is claimed to include approximately 1.2 billion data and documents.
Date: 2026-03-25T16:28:32Z
Network: telegram
Published URL: https://t.me/rubiconhack/170?single
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: China
Victim Industry: Law Enforcement
Victim Organization: shanghai national police (shga)
Victim Site: gaj.sh.gov.cn
Alleged sale of brute-force tools
Category: Malware
Content: The threat actor claims to be offering a collection of brute-force tools targeting multiple platforms, including social media, gaming, streaming, and email services, enabling automated password cracking and large-scale credential attacks.
Date: 2026-03-25T16:24:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Ultimate-Brute-Force-Tools-Pack
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Sparekart India by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M group successfully defaced the homepage of Sparekart Indias e-commerce website on March 25, 2026. This appears to be a single-target attack rather than part of a mass defacement campaign.
Date: 2026-03-25T16:17:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813802
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: E-commerce
Victim Organization: Sparekart India
Victim Site: sparekartindia.com
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 42,000 German email credentials dated March 25th on a cybercriminal forum.
Date: 2026-03-25T16:15:18Z
Network: openweb
Published URL: https://crackingx.com/threads/69842/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,734 Hotmail credentials, organized by country with targeted inbox accounts identified.
Date: 2026-03-25T16:14:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69843/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
6.3K FRESH MAIL ACCESS
Category: Combo List
Content: New thread posted by RandomUpload: 6.3K FRESH MAIL ACCESS
Date: 2026-03-25T16:14:26Z
Network: openweb
Published URL: https://crackingx.com/threads/69845/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japan Lifebear user database
Category: Data Leak
Content: The threat actor claims to be selling a database associated with Japan Lifebear, allegedly containing sensitive user data and login access. The dataset is claimed to include approximately 3,682,729 records, with data entries dated to 2025. The exposed information may contain user-related data and account access details.
Date: 2026-03-25T16:12:42Z
Network: telegram
Published URL: https://t.me/rubiconhack/170?single
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: Japan
Victim Industry: Software
Victim Organization: lifebear
Victim Site: lifebear.com
Website defacement of tailoringindia.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced the robots.txt file of tailoringindia.com on March 25, 2026. The attack targeted a tailoring/fashion website based in India.
Date: 2026-03-25T16:11:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813801
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Fashion/Textile
Victim Organization: Tailoring India
Victim Site: tailoringindia.com
Cyberattack hits Papardo Hospital
Category: Cyber Attack
Content: An alleged cyberattack targeted Papardo Hospital in Messina, Italy, causing significant disruption to its IT systems, with staff reporting blocked computers and access systems and critical services such as databases and appointment scheduling temporarily unavailable, leading to operational challenges in managing patient services; however, despite the outage, the hospital continued to provide medical care through alternative methods, ensuring that patient services were not completely interrupted, while authorities and cybersecurity experts worked to restore systems and investigate the incident.
Date: 2026-03-25T16:07:48Z
Network: openweb
Published URL: https://www.messinatoday.it/cronaca/papardo-caos-sistemi-informatici-hacker.html
Screenshots:
None
Threat Actors:
Victim Country: Italy
Victim Industry: Hospital & Health Care
Victim Organization: papardo hospital
Victim Site: aopapardo.it
Alleged data sale of Hellenic Air Force
Category: Data Breach
Content: The group claims to be selling 1TB data belonging to Hellenic Air Force.
Date: 2026-03-25T16:05:46Z
Network: telegram
Published URL: https://t.me/rubiconhack/172
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: Greece
Victim Industry: Defense & Space
Victim Organization: hellenic air force
Victim Site: haf.gr
21.9k MIXED GOODS D4RKNETHUB CLOUD 25.03.26
Category: Combo List
Content: New thread posted by D4rkNetHub: 21.9k MIXED GOODS D4RKNETHUB CLOUD 25.03.26
Date: 2026-03-25T16:03:06Z
Network: openweb
Published URL: https://crackingx.com/threads/69838/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
2.4K Hotmail Full Valid By @Kommander0 25.03
Category: Combo List
Content: New thread posted by Kommander0: 2.4K Hotmail Full Valid By @Kommander0 25.03
Date: 2026-03-25T16:02:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69839/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[ ⚡⚡ 859x PREMIUM FRESH HOTMAILS ⚡⚡ ] + [ INBOXES TARGETS ] + [SORTED COUNTRIES ]
Category: Combo List
Content: New thread posted by Hotmail Cloud: [ ⚡⚡ 859x PREMIUM FRESH HOTMAILS ⚡⚡ ] + [ INBOXES TARGETS ] + [SORTED COUNTRIES ]
Date: 2026-03-25T16:02:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69841/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of checker pack
Category: Malware
Content: The threat actor claims to be offering a large collection of checker tools designed to validate credentials across multiple platforms, including gaming, streaming, email, VPN, and e-commerce services, enabling bulk credential stuffing and account validation activities.
Date: 2026-03-25T16:00:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-NEW-CHECKERS-PACK-150-TOOLS-Literally-the-most-UPDATED-and-FULL-PACK
Screenshots:
None
Threat Actors: KorwiN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
NUCLIER-Y-C-C-M defaced tailoringindia.com/robots.txt
Category: Defacement
Content: Target: tailoringindia.com/robots.txtAttacker: NUCLIER-Y-C-C-MTeam: NUCLIER-Y-C-C-MDate: 2026-03-25 22:57:41
Date: 2026-03-25T16:00:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813801
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tailoringindia.com/robots.txt
Cyberattack hits Puerto Rico Innovation and Technology Service
Category: Cyber Attack
Content: An attempted cyberattack targeted the systems of the Department of Transportation and Public Works (DTOP) in Puerto Rico, where the Puerto Rico Innovation and Technology Service (PRITS) successfully detected and neutralized the threat using its security monitoring tools, prompting an immediate activation of the incident response protocol and the preventive disconnection of affected systems to protect the government network, which resulted in temporary service disruptions including the suspension of Driver Services Centers (CESCO) operations and rescheduling of appointments; however, authorities confirmed that the attack was contained in time with no evidence of data leakage or compromise, while technical teams continue to assess, secure, and restore system operations.
Date: 2026-03-25T15:59:45Z
Network: openweb
Published URL: https://wipr.pr/prits-activa-protocolo-de-respuesta-tras-detectar-intento-de-ataque-cibernetico-en-sistemas-del-dtop/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Government & Public Sector
Victim Organization: puerto rico innovation and technology service
Victim Site: prits.pr.gov
670.056 Lines ➡️ Europa Germany Shopping Target
Category: Combo List
Content: New thread posted by HQcomboSpace: 670.056 Lines ➡️ Europa Germany Shopping Target
Date: 2026-03-25T15:50:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69833/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[6.690 lines] verizon.net domain target
Category: Combo List
Content: New thread posted by BestCombo: [6.690 lines] verizon.net domain target
Date: 2026-03-25T15:49:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69834/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
5 ml Bussines Combolist
Category: Combo List
Content: New thread posted by CODER: 5 ml Bussines Combolist
Date: 2026-03-25T15:48:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69836/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fresh Privat Mix Mail 2.9K PandaCloud
Category: Combo List
Content: New thread posted by Kokos2846q: Fresh Privat Mix Mail 2.9K PandaCloud
Date: 2026-03-25T15:35:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69829/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
7.500 GOOD COMBO MAIL ACCESS FRANCE
Category: Combo List
Content: New thread posted by karaokecloud: 7.500 GOOD COMBO MAIL ACCESS FRANCE
Date: 2026-03-25T15:34:51Z
Network: openweb
Published URL: https://crackingx.com/threads/69828/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[ ⚡⚡ 1065x SAMPLE HOTMAIL ⚡⚡ ]
Category: Combo List
Content: New thread posted by HollowKnight07: [ ⚡⚡ 1065x SAMPLE HOTMAIL ⚡⚡ ]
Date: 2026-03-25T15:34:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69831/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ X1456 Valid UHQ Mix ⚡⚡
Category: Combo List
Content: New thread posted by noir: ⚡⚡ X1456 Valid UHQ Mix ⚡⚡
Date: 2026-03-25T15:33:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69832/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1.7K Full Valid HOTMAIL Hits Just Mail Access 25.03
Category: Logs
Content: New thread posted by MegaCloud: 1.7K Full Valid HOTMAIL Hits Just Mail Access 25.03
Date: 2026-03-25T15:24:52Z
Network: openweb
Published URL: https://xforums.st/threads/1-7k-full-valid-hotmail-hits-just-mail-access-25-03.591340/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged WordPress-related data leak by threat actor zod
Category: Combo List
Content: Threat actor zod posted WordPress-related content in a combolists and dumps forum, requiring sign-in to view details and providing a Telegram contact for password access.
Date: 2026-03-25T15:15:36Z
Network: openweb
Published URL: https://crackingx.com/threads/69827/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2.8K mixed email credentials via a MediaFire download link on a cybercrime forum.
Date: 2026-03-25T14:56:28Z
Network: openweb
Published URL: https://crackingx.com/threads/69825/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed SMTP credential combolist
Category: Combo List
Content: Threat actor distributes a mixed SMTP credential combolist containing 7.5 million entries through Telegram channels, offering free access to credential combinations for email exploitation.
Date: 2026-03-25T14:55:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69826/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Middle Technical University
Category: Data Breach
Content: Threat actor claims to have leaked a database allegedly linked to the Middle Technical University of Iraq. The dataset reportedly contains approximately 2,143 records including names and email addresses. Sample data was shared by the actor to demonstrate the contents of the database.
Date: 2026-03-25T14:46:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/central-technical-university-of-iraq-name-email.98449/
Screenshots:
None
Threat Actors: DBHunter
Victim Country: Iraq
Victim Industry: Higher Education/Acadamia
Victim Organization: middle technical university
Victim Site: mtu.edu.iq
Papardo nel caos: sistemi informatici paralizzati dagli hacker, assistenza comunque garantita
Category: Cyber Attack
Content: A cyberattack paralyzed the IT systems of Azienda Ospedaliera Papardo, blocking terminals and databases and disrupting the SovraCup reservation system. Management activated its security plan and transferred operations to the cloud using backups, ensuring that patient care continues normally despite the chaos. While the situation is under control and no sensitive data was stolen, no specific recovery date has been announced and authorities have been alerted.
Date: 2026-03-25T14:41:49Z
Network: openweb
Published URL: https://www.messinatoday.it/cronaca/papardo-caos-sistemi-informatici-hacker.html
Screenshots:
None
Threat Actors:
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Azienda Ospedaliera Papardo
Victim Site: aopapardo.it
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Kommander0 shared a combolist containing 827,000 allegedly valid Hotmail email credentials via MediaFire download link on March 25th.
Date: 2026-03-25T14:40:54Z
Network: openweb
Published URL: https://crackingx.com/threads/69823/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist containing 2,800 records
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 2,800 records on a cybercriminal forum. The post requires forum registration to view the full content and download links.
Date: 2026-03-25T14:40:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69824/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor TeraCloud1 leaked a combolist containing 25,000 valid email credentials on CrackingX forum. Additional private cloud services are offered through Telegram contact.
Date: 2026-03-25T14:27:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69820/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 100 million records
Category: Combo List
Content: Threat actor @hello_zod_bot allegedly leaked a credential combolist containing 100 million username/password combinations, distributed via Telegram channel with password protection.
Date: 2026-03-25T14:26:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69821/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
KONCO ERROR SYSTEM targets the website of Independent Media Review and Analysis
Category: Defacement
Content: The group claims to have defaced the website of Independent Media Review and Analysis
Date: 2026-03-25T14:26:13Z
Network: telegram
Published URL: https://t.me/c/3807888281/245
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Israel
Victim Industry: Non-profit & Social Organizations
Victim Organization: independent media review and analysis
Victim Site: imra.org.il
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to contain private Hotmail credential hits, though the actual content is restricted to registered users only.
Date: 2026-03-25T14:25:54Z
Network: openweb
Published URL: https://crackingx.com/threads/69822/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of 100 credit card records
Category: Data Leak
Content: Threat actor claims to be selling 100 credit card records from USA.
Date: 2026-03-25T14:21:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279141/
Screenshots:
None
Threat Actors: old_pirat
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Institute of Chartered Accountants of Bangladesh (ICAB)
Category: Data Breach
Content: The threat actor claims to be leaked data from Institute of Chartered Accountants of Bangladesh (ICAB)
Date: 2026-03-25T14:18:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ICAB-CA-of-bangladesh
Screenshots:
None
Threat Actors: so_momin
Victim Country: Bangladesh
Victim Industry: Higher Education/Acadamia
Victim Organization: institute of chartered accountants of bangladesh (icab)
Victim Site: icab.org.bd
Alleged Sale of Unauthorized Admin Access to Unidentified shop in UK
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to a United Kingdom based shop.
Date: 2026-03-25T14:14:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279139/
Screenshots:
None
Threat Actors: YongPo
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged threat activity related to Numbuster.ru
Category: Alert
Content: Forum thread referencing numbuster.ru domain with no additional content or context available for analysis.
Date: 2026-03-25T14:13:32Z
Network: openweb
Published URL: https://xforums.st/threads/numbuster-ru.584702/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: numbuster.ru
Alleged Sale of Databases of multiple hotels
Category: Data Leak
Content: Threat actor claims to have exploited critical vulnerabilities in two hotel platforms, extracting over 430,000 records linked to corporate clients. The leaked data reportedly includes names, phone numbers, addresses, locations, password hashes, emails, and account access tokens. The actor also claims exposed APIs, IDOR flaws, leaked tokens, and public config files enabling full system access.
Date: 2026-03-25T14:11:57Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279135/
Screenshots:
None
Threat Actors: zzMAMMONzz
Victim Country: Unknown
Victim Industry: Restaurants
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 15,800 mixed email credentials with access information on a cybercrime forum.
Date: 2026-03-25T14:06:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69817/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of corporate credential combolist
Category: Combo List
Content: Threat actor distributes an 8 million record corporate credential combolist through Telegram channels. The actor offers free access to combos and related programs through multiple Telegram groups.
Date: 2026-03-25T14:05:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69819/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to an unidentified CCTV camera of private home in Poland
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified CCTV camera of private home in Poland. They claims to have potential control over CCTV system, with remote access to its live feed, settings, and possibly device controls, all without user authorization.
Date: 2026-03-25T14:03:01Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/907
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak Of IT Students Data From Kazakhstan
Category: Data Leak
Content: The threat actor claims to be leaked Kazakhstan IT Students Data from 2017
Date: 2026-03-25T14:01:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-IT-students-Kazakhstan-2017
Screenshots:
None
Threat Actors: c0mmandor
Victim Country: Kazakhstan
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to an unidentified mini-hydroelectric power plant in Italy.
Category: Initial Access
Content: Group claims to have gained unauthorized access to the control system of an unidentified mini hydroelectric power plant in Italy. They obtained full control of the HMI and real-time system operations, including the ability to control spindles, valves, and operational modes, as well as access system parameters, logs, and archives. The group also claims they can start or stop the turbine, reset alarms, and shut down the unit at any time.
Date: 2026-03-25T13:54:54Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/906
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor named Cl0ud0wner allegedly leaked 1,200 Hotmail email account credentials on the CrackingX forum in a thread titled 1.2k HOTMAIL ACCESS.
Date: 2026-03-25T13:51:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69815/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Cl0ud0wner shared access to 1,900 Hotmail email credentials on CrackingX forum. The credentials appear to be distributed freely as part of a private collection.
Date: 2026-03-25T13:50:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69816/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Leak Of KFC China
Category: Data Breach
Content: The threat actor claims to be leaked data from KFC China. The compromised data reportedly including username, email, mobile, sex, address
Date: 2026-03-25T13:36:46Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-KFC-China-Database-Leaked-Download
Screenshots:
None
Threat Actors: Gus
Victim Country: China
Victim Industry: Food & Beverages
Victim Organization: kfc
Victim Site: kfc.com.cn
Alleged leak of German shopping credentials
Category: Combo List
Content: Threat actor shared a combolist containing over 1 million credential records allegedly targeting German shopping platforms. The data was made available as a free download via file sharing service.
Date: 2026-03-25T13:36:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69814/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials
Category: Combo List
Content: Forum post claims to offer over 100,000 Gmail credentials, though the actual content requires registration to view.
Date: 2026-03-25T13:23:05Z
Network: openweb
Published URL: https://crackingx.com/threads/69812/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 759 Hotmail email credentials, organized by country with inbox access targets identified.
Date: 2026-03-25T13:22:36Z
Network: openweb
Published URL: https://crackingx.com/threads/69813/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Gardium Group Publishes Infographic Reviewing Alleged Cyberattacks During the “Ramadan War
Category: Cyber Attack
Content: A post shared on Telegram, attributed to the Gardium hacker group, presents an infographic summarizing the cyber operations allegedly conducted by the group from the beginning of the so-called “Ramadan War” until March 21, 2026. The infographic lists several claimed cyber activities, including attacks targeting infrastructure in Bahrain and the United Arab Emirates, as well as alleged intrusions into systems associated with Israel.
Date: 2026-03-25T13:20:05Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20771
Screenshots:
None
Threat Actors:
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of UK HR Cloud
Category: Defacement
Content: The Group claims to have defaced the website of UK HR Cloud.
Date: 2026-03-25T13:13:34Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/378
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: uk hr cloud
Victim Site: ukhrcloud.com
Alleged leak of Goren Amir
Category: Data Breach
Content: Group claims to have leaked data from Goren Amir. They exposed part of the financial corruption documents.
Date: 2026-03-25T13:08:08Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/52
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: goren amir
Victim Site: goren-amir.co.il
Alleged leak of email service credentials combolist
Category: Combo List
Content: Threat actor CODER is distributing a 14.5 million record combolist containing credentials for Gmail, Hotmail, Office 365, and MSN email services through Telegram channels. The credentials are being shared for free through specified Telegram groups.
Date: 2026-03-25T13:06:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69810/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of American Romanian Summer School
Category: Data Breach
Content: Group claims to have leaked data from American Romanian Summer School
Date: 2026-03-25T13:03:35Z
Network: telegram
Published URL: https://t.me/Noheartz1337/32
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: Romania
Victim Industry: Education
Victim Organization: american romanian summer school
Victim Site: drl.ro
Alleged sale of low-authority websites list
Category: Cyber Attack
Content: The group claims to be selling a list of low-authority websites likely intended for use in future cyberattacks.
Date: 2026-03-25T12:52:41Z
Network: telegram
Published URL: https://t.me/phteammarket/426
Screenshots:
None
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,900 mixed email credentials via a MediaFire download link on an underground forum.
Date: 2026-03-25T12:51:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69809/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of USA 1000 CC Data
Category: Data Leak
Content: Threat actor claims to be selling a dataset of approximately 1,000 US credit cards with a stated validity rate of 70–80%. The dataset reportedly includes card number, expiration month/year, CVV2, full name, phone number, address, city, state, ZIP code, email, and country.
Date: 2026-03-25T12:32:28Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279130/
Screenshots:
None
Threat Actors: mesin
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist with 219,971 entries
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 219,971 entries on a cybercrime forum. The password-protected archive is distributed via Telegram channel.
Date: 2026-03-25T12:12:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69806/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 940 Hotmail credentials on a cybercriminal forum. The post offers free download access to the credential list.
Date: 2026-03-25T12:12:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69807/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed country credential lists
Category: Combo List
Content: Threat actor CODER is distributing credential lists (combolists) containing 10.2 million records from multiple countries including France, Germany, Iran, Italy, Colombia, Israel, India, and others. The credentials are being shared through Telegram channels for free distribution.
Date: 2026-03-25T12:11:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69808/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged potential leak of cyber tools or data
Category: Alert
Content: A recent post shared by the group suggests a potential leak of cyber tools or data, possibly to be offered for sale. The post references the update of an older SMB exploitation tool and hints at the possibility of a “full dump,” potentially involving cryptocurrency payments.
Date: 2026-03-25T12:10:54Z
Network: telegram
Published URL: https://t.me/c/3530811487/16
Screenshots:
None
Threat Actors: TheShadowBrokers
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Donbas News
Category: Data Breach
Content: The groups claims to have leaked the database of Donbas News. The compromised data include archives, author lists, and technical information.
Date: 2026-03-25T12:01:08Z
Network: telegram
Published URL: https://t.me/CyberSerp_Official/15
Screenshots:
None
Threat Actors: CyberSerp_Official
Victim Country: Ukraine
Victim Industry: Newspapers & Journalism
Victim Organization: donbas news
Victim Site: novosti.dn.ua
Alleged leak of mixed credential combos via D4RKNETHUB
Category: Combo List
Content: Threat actor D4rkNetHub shared a collection of 18,421 mixed credential combinations through an image hosting service, with an expiration date of March 25, 2026.
Date: 2026-03-25T11:57:43Z
Network: openweb
Published URL: https://crackingx.com/threads/69803/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo.co.jp credentials
Category: Combo List
Content: A threat actor shared a combolist containing 7,652 credentials specifically targeting yahoo.co.jp domain users. The credentials are being distributed for free via a file sharing service.
Date: 2026-03-25T11:57:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69804/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Yahoo Japan
Victim Site: yahoo.co.jp
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 81,000 mixed forum credentials described as valid. The data appears to be distributed freely on a cybercriminal forum.
Date: 2026-03-25T11:57:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69805/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cipher
Category: Data Breach
Content: The group claims to have leaked data from Cipher. The compromised data reportedly contains full server dumps, including source code of cryptographic products, certification authority private keys, internal communications with government entities, and a client database of over 500 organizations.
Date: 2026-03-25T11:39:20Z
Network: telegram
Published URL: https://t.me/CyberSerp_Official/26
Screenshots:
None
Threat Actors: CyberSerp_Official
Victim Country: Ukraine
Victim Industry: Information Technology (IT) Services
Victim Organization: cipher
Victim Site: cipher.com.ua
Alleged Sale of Verified Crypto User Leads
Category: Data Leak
Content: The threat actor claims to be selling verified crypto user leads.The cpimpromised data includes email, phone, and personal details from multiple platforms worldwide.
Date: 2026-03-25T11:31:59Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Registration-Check-Crypto-Leads-2025-26
Screenshots:
None
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Crypto Account Checker Tool
Category: Data Leak
Content: The threat actor claims to be selling a crypto-related account checker tool with captchaless functionality and high request rates.
Date: 2026-03-25T11:28:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Crypto-com-VM-Checker-Tools
Screenshots:
None
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed email credential combolist containing 11 million records
Category: Combo List
Content: Threat actor CODER is distributing a mixed email credential combolist containing 11 million records through Telegram channels, operating multiple groups offering free credential lists and hacking programs.
Date: 2026-03-25T11:27:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69801/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by BABAYO EROR SYSTEM targeting multiple websites
Category: Defacement
Content: The threat actor Mr.XycanKing from BABAYO EROR SYSTEM conducted a mass defacement campaign targeting multiple websites including pilescarex.com on March 25, 2026. This appears to be part of a broader coordinated attack affecting numerous sites simultaneously.
Date: 2026-03-25T11:23:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248114
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: pilescarex.com
Mass website defacement campaign by BABAYO EROR SYSTEM targeting nexby.xyz
Category: Defacement
Content: The threat actor Mr.XycanKing from the BABAYO EROR SYSTEM team conducted a mass defacement campaign targeting nexby.xyz on March 25, 2026. This incident is part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:22:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248115
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nexby.xyz
Mass website defacement by BABAYO EROR SYSTEM targeting skinhealthbd.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM conducted a mass defacement campaign targeting multiple websites including skinhealthbd.xyz, a healthcare website in Bangladesh. The attack was carried out by Mr.XycanKing on March 25, 2026.
Date: 2026-03-25T11:22:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248116
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Healthcare
Victim Organization: Skin Health BD
Victim Site: skinhealthbd.xyz
Mass website defacement by BABAYO EROR SYSTEM targeting probashihelpar.com
Category: Defacement
Content: BABAYO EROR SYSTEM conducted a mass defacement campaign targeting probashihelpar.com on March 25, 2026. The attack was carried out by Mr.XycanKing as part of a broader mass defacement operation affecting multiple websites.
Date: 2026-03-25T11:22:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248117
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Services
Victim Organization: Probashi Help
Victim Site: probashihelpar.com
Mass defacement campaign by BABAYO EROR SYSTEM targeting wellnixbd.com
Category: Defacement
Content: The threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting wellnixbd.com on March 25, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-25T11:21:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248118
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Wellnix
Victim Site: wellnixbd.com
Alleged Sale of Forex Depositor Leads Database
Category: Data Leak
Content: The threat actor claims to be selling a high-quality forex depositor leads database.The dataset reportedly includes user details such as names, email addresses, phone numbers, country, deposit amounts, deposit dates, and broker-related information.
Date: 2026-03-25T11:20:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Forex-High-Quality-Depositor-Leads
Screenshots:
None
Threat Actors: tan_dob11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Mahachulalongkornrajavidyalaya University (MCU)
Category: Data Breach
Content: Group claims to have leaked data from Mahachulalongkornrajavidyalaya University (MCU).
Date: 2026-03-25T11:20:06Z
Network: telegram
Published URL: https://t.me/Noheartz1337/11
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: Thailand
Victim Industry: Higher Education/Acadamia
Victim Organization: mahachulalongkornrajavidyalaya university (mcu)
Victim Site: mcu.ac.th
Mass website defacement campaign by BABAYO EROR SYSTEM targeting careofskin.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting multiple websites including careofskin.xyz, with the attack executed by threat actor Mr.XycanKing on March 25, 2026.
Date: 2026-03-25T11:15:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248093
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Healthcare/Beauty
Victim Organization: Unknown
Victim Site: careofskin.xyz
Alleged leak of COBRAPE
Category: Data Breach
Content: Group claims to have leaked data from COBRAPE.
Date: 2026-03-25T11:15:43Z
Network: telegram
Published URL: https://t.me/Noheartz1337/11
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: Brazil
Victim Industry: Civil Engineering
Victim Organization: cobrape
Victim Site: cobrape.com.br
Mass defacement campaign by BABAYO EROR SYSTEM targeting chinisstore.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor Mr.XycanKing from the BABAYO EROR SYSTEM team targeting the e-commerce website chinisstore.com on March 25, 2026. The incident was part of a broader mass defacement campaign affecting multiple websites.
Date: 2026-03-25T11:15:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248094
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Chinis Store
Victim Site: chinisstore.com
Mass defacement campaign by BABAYO EROR SYSTEM targeting draevo.com
Category: Defacement
Content: The threat group BABAYO EROR SYSTEM, through actor Mr.XycanKing, conducted a mass defacement campaign targeting draevo.com on March 25, 2026. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-25T11:15:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248095
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Draevo
Victim Site: draevo.com
Mass website defacement campaign by BABAYO EROR SYSTEM targeting estoreflow.xyz
Category: Defacement
Content: The threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting estoreflow.xyz on March 25, 2026. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-25T11:14:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248096
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: estoreflow.xyz
Mass defacement campaign by BABAYO EROR SYSTEM targeting fixby.xyz
Category: Defacement
Content: Mass defacement attack conducted by threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group targeting fixby.xyz on March 25, 2026. The incident was part of a larger mass defacement campaign rather than a targeted attack on a single organization.
Date: 2026-03-25T11:14:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248097
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fixby.xyz
Mass website defacement campaign by BABAYO EROR SYSTEM targeting gardenhelper.xyz
Category: Defacement
Content: The threat group BABAYO EROR SYSTEM conducted a mass defacement campaign on March 25, 2026, with attacker Mr.XycanKing targeting the gardening website gardenhelper.xyz. This was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:14:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248098
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Agriculture/Gardening
Victim Organization: Garden Helper
Victim Site: gardenhelper.xyz
Mass defacement campaign by BABAYO EROR SYSTEM targeting gardentoolsbd.xyz
Category: Defacement
Content: Mass defacement attack conducted by attacker Mr.XycanKing from the BABAYO EROR SYSTEM group targeting gardentoolsbd.xyz on March 25, 2026. The attack was part of a larger mass defacement campaign rather than a targeted individual site compromise.
Date: 2026-03-25T11:13:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248099
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Retail/E-commerce
Victim Organization: Garden Tools BD
Victim Site: gardentoolsbd.xyz
Mass website defacement campaign by BABAYO EROR SYSTEM targeting germantonailplus.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM conducted a mass defacement campaign targeting multiple websites including germantonailplus.xyz. The attack was executed by Mr.XycanKing on March 25, 2026, as part of a broader defacement operation affecting multiple targets simultaneously.
Date: 2026-03-25T11:13:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248100
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Beauty/Personal Care
Victim Organization: Germanto Nail Plus
Victim Site: germantonailplus.xyz
Alleged Sale of Trade Republic Forex User Leads Database
Category: Data Leak
Content: The threat actor claims to be selling Trade Republic Forex User Leads Database. The compromised data reportedly contain 44836 records including including first and last names, email addresses, phone numbers Country, Source Date
Date: 2026-03-25T11:13:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Trade-Republic-Leads-2026
Screenshots:
None
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by BABAYO EROR SYSTEM targeting glamourskin.xyz
Category: Defacement
Content: The BABAYO EROR SYSTEM group conducted a mass defacement campaign on March 25, 2026, with attacker Mr.XycanKing targeting the glamourskin.xyz beauty website. This was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:13:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248101
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Beauty/Cosmetics
Victim Organization: Glamour Skin
Victim Site: glamourskin.xyz
Mass defacement campaign by BABAYO EROR SYSTEM targeting goskincare.xyz
Category: Defacement
Content: The threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting goskincare.xyz on March 25, 2026. This incident was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:13:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248102
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Healthcare/Beauty
Victim Organization: Go Skincare
Victim Site: goskincare.xyz
Mass website defacement by BABAYO EROR SYSTEM targeting healthynail.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM conducted a mass defacement campaign on March 25, 2026, with attacker Mr.XycanKing targeting healthynail.xyz among other sites. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-25T11:12:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248103
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Healthcare/Beauty
Victim Organization: Unknown
Victim Site: healthynail.xyz
Mass website defacement by BABAYO EROR SYSTEM targeting homedecoral.com
Category: Defacement
Content: Mass defacement attack conducted by attacker Mr.XycanKing from the BABAYO EROR SYSTEM team targeting homedecoral.com on March 25, 2026. This incident was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-25T11:12:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248104
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Home Decoration/Retail
Victim Organization: Home Decoral
Victim Site: homedecoral.com
Alleged leak of educational sector credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 129,523 entries targeting educational sector organizations. The combolist appears to contain mixed credentials from various educational institutions and is being distributed via a file hosting service.
Date: 2026-03-25T11:12:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69800/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by BABAYO EROR SYSTEM targeting joymartbd.com
Category: Defacement
Content: The threat actor Mr.XycanKing from BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting the Bangladeshi e-commerce website joymartbd.com on March 25, 2026. This incident was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:11:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248105
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: E-commerce
Victim Organization: JoyMart BD
Victim Site: joymartbd.com
Alleged Sale of USA 600 CC Data
Category: Data Leak
Content: Threat actor claims to be selling a dataset of approximately 600 US credit cards with a stated validity rate of 70–80%. The dataset reportedly includes card number, expiration month/year, CVV2, full name, phone number, address, city, state, ZIP code, email, and country.
Date: 2026-03-25T11:11:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279130/
Screenshots:
None
Threat Actors: mesin
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement by BABAYO EROR SYSTEM targeting kitabiya.com
Category: Defacement
Content: The threat group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting kitabiya.com on March 25, 2026. The attack was executed by an individual using the handle Mr.XycanKing as part of a broader mass defacement operation.
Date: 2026-03-25T11:11:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248106
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kitabiya
Victim Site: kitabiya.com
Mass website defacement by BABAYO EROR SYSTEM targeting lastylezz.com
Category: Defacement
Content: The BABAYO EROR SYSTEM group, specifically attacker Mr.XycanKing, conducted a mass defacement campaign targeting lastylezz.com on March 25, 2026. This incident was part of a larger mass defacement operation rather than a targeted attack on a single website.
Date: 2026-03-25T11:11:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248107
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lastylezz.com
Mass website defacement campaign by BABAYO EROR SYSTEM targeting magicskinbd.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM threat group conducted a mass defacement campaign targeting multiple websites including magicskinbd.xyz. The attack was carried out by threat actor Mr.XycanKing on March 25, 2026.
Date: 2026-03-25T11:10:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248108
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Beauty/Cosmetics
Victim Organization: Magic Skin BD
Victim Site: magicskinbd.xyz
Mass website defacement campaign by BABAYO EROR SYSTEM targeting minisky.xyz
Category: Defacement
Content: Mass defacement attack conducted by threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group targeting the minisky.xyz domain on March 25, 2026. This incident appears to be part of a broader mass defacement campaign rather than a targeted attack on a specific organization.
Date: 2026-03-25T11:10:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248109
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: minisky.xyz
Mass website defacement campaign by BABAYO EROR SYSTEM targeting nail care business
Category: Defacement
Content: Mass defacement attack conducted by attacker Mr.XycanKing from the BABAYO EROR SYSTEM group targeting a Bangladesh-based nail care business website. The attack was part of a larger mass defacement campaign affecting multiple sites.
Date: 2026-03-25T11:10:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248110
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Beauty and Personal Care
Victim Organization: Nail Care BD
Victim Site: nailcarebd-com-311714.hostingersite.com
Alleged leak of Japan Overseas Railway System Association (JORSA)
Category: Data Breach
Content: Group claims to have leaked data from Japan Overseas Railway System Association (JORSA).
Date: 2026-03-25T11:10:14Z
Network: telegram
Published URL: https://t.me/Noheartz1337/11
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: Japan
Victim Industry: Non-profit & Social Organizations
Victim Organization: japan overseas railway system association
Victim Site: jorsa.or.jp
Website defacement of nailcarebd.com by Mr.XycanKing/BABAYO EROR SYSTEM
Category: Defacement
Content: The website nailcarebd.com was defaced by attacker Mr.XycanKing affiliated with the BABAYO EROR SYSTEM group on March 25, 2026. The targeted site appears to be a nail care services business based in Bangladesh running on a Linux server.
Date: 2026-03-25T11:10:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248111
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Beauty and Personal Care
Victim Organization: Nail Care BD
Victim Site: nailcarebd.com
Mass website defacement campaign by BABAYO EROR SYSTEM targeting nailrepair.xyz
Category: Defacement
Content: The threat actor Mr.XycanKing from BABAYO EROR SYSTEM conducted a mass defacement campaign targeting nailrepair.xyz on March 25, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-25T11:09:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248112
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Beauty/Personal Care
Victim Organization: Unknown
Victim Site: nailrepair.xyz
Alleged leak of International Journal of Professional Studies (IJPS)
Category: Data Breach
Content: Group claims to have leaked data from International Journal of Professional Studies (IJPS).
Date: 2026-03-25T11:09:31Z
Network: telegram
Published URL: https://t.me/Noheartz1337/11
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: India
Victim Industry: Publishing Industry
Victim Organization: international journal of professional studies
Victim Site: ijps.in
Mass defacement campaign by BABAYO EROR SYSTEM targeting nailcarebd.xyz
Category: Defacement
Content: Attacker Mr.XycanKing from the BABAYO EROR SYSTEM team conducted a mass defacement campaign targeting nailcarebd.xyz on March 25, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single site.
Date: 2026-03-25T11:09:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248113
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Beauty and Personal Care
Victim Organization: Unknown
Victim Site: nailcarebd.xyz
Alleged Sale of USA Fresh Crypto Package
Category: Data Leak
Content: The threat actor claims to be selling a U.S.-focused cryptocurrency user leads dataset compiled from multiple platforms, containing millions of records with user details such as names, emails, phone numbers, country, and source information.
Date: 2026-03-25T11:08:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Fresh-Crypto-Package–70171
Screenshots:
None
Threat Actors: tan_dob11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to camera servers in Israel
Category: Initial Access
Content: Group claims to have compromised and gained access to 414 camera servers in Israel.
Date: 2026-03-25T11:05:20Z
Network: telegram
Published URL: https://t.me/CIR48/1784
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement by BABAYO EROR SYSTEM targeting barakahwall.com
Category: Defacement
Content: The threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group conducted a mass defacement campaign targeting barakahwall.com on March 25, 2026. This was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-25T11:03:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248090
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: barakahwall.com
Mass website defacement campaign by BABAYO EROR SYSTEM targeting aramart.xyz
Category: Defacement
Content: BABAYO EROR SYSTEM threat group conducted a mass defacement campaign targeting multiple websites including aramart.xyz. The attack was carried out by threat actor Mr.XycanKing on March 25, 2026.
Date: 2026-03-25T11:03:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248091
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aramart.xyz
Mass website defacement campaign by BABAYO EROR SYSTEM threat actor Mr.XycanKing
Category: Defacement
Content: Mass defacement attack conducted by threat actor Mr.XycanKing from the BABAYO EROR SYSTEM group targeting bikroyall.xyz on March 25, 2026. This incident was part of a broader mass defacement campaign rather than a targeted attack on a single organization.
Date: 2026-03-25T11:02:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248092
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bikroyall.xyz
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 5,000 unique Hotmail email and password combinations on a cybercrime forum.
Date: 2026-03-25T10:58:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69799/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of fenixlogin.dyndns.tv
Category: Data Leak
Content: The threat actor claims to be leaked data from fenixlogin.dyndns.tv. The compromised data reportedly contains 11803 records including usernames, display names, email addresses, phone numbers, passwords, IP related information, user roles, account status, and associated system metadata.
Date: 2026-03-25T10:47:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-fenixlogin-dyndns-tv
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Network & Telecommunications
Victim Organization: fenixlogin.dyndns.tv
Victim Site: fenixlogin.dyndns.tv
Alleged promotion of proxy pool service on underground forum
Category: Initial Access
Content: Threat actor promoting MeowProxy service offering free proxy pool creation starting with 300 proxies, positioning as alternative to paid proxy services at $0.5-1 per GB.
Date: 2026-03-25T10:45:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69798/
Screenshots:
None
Threat Actors: AngelBae
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Google
Category: Data Breach
Content: Group claims to have leaked 3TB data of Google. The compromised data include members and users sensitive data.
Date: 2026-03-25T10:35:43Z
Network: telegram
Published URL: https://t.me/rubiconhack/168
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: USA
Victim Industry: Software Development
Victim Organization: google llc
Victim Site: google.com
Alleged leak of user data from multiple countries
Category: Data Leak
Content: Threat actor claims to be selling a database containing 1.25 million user records from Australia, UK, and USA. The dataset reportedly includes personal information such as first and last names, phone numbers, dates of birth, email addresses, and physical addresses.
Date: 2026-03-25T10:30:25Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279126/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Daily Aaj by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the Daily Aaj news website on March 25, 2026. The attack targeted a specific asset path rather than the homepage of the Pakistani media organization.
Date: 2026-03-25T10:28:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813791
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Pakistan
Victim Industry: Media/News
Victim Organization: Daily Aaj
Victim Site: www.dailyaaj.com.pk
Website defacement of FSN by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M successfully defaced the FSN website targeting the CKEditor component on March 25, 2026. The attack specifically compromised the kcfinde subdirectory within the CKEditor installation on the Thai organizations website.
Date: 2026-03-25T10:28:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813792
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: FSN
Victim Site: fsn.co.th
Alleged Data leak of Unidentified Documents in USA
Category: Data Leak
Content: Threat actor claims to be selling a US-based client database from a private therapy center containing around 4,800 individuals. The dataset reportedly includes sensitive personal information such as names, DOB, SSN, addresses, phone numbers, emails, marital status, employer, occupation, driver’s license numbers, and spouse details.
Date: 2026-03-25T10:27:16Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279127/
Screenshots:
None
Threat Actors: Teleppt
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale User Data From ProCamps
Category: Data Breach
Content: The threat actor claims to be selling data from ProCamps. The compromised data reportedly contains 623 000 user records, 384 000 email records and 349 000 phone records including Full names, Full addresses, Dates of birth, IP addresses and more
Date: 2026-03-25T10:23:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-procamps-com-623-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: USA
Victim Industry: Sports
Victim Organization: procamps
Victim Site: procamps.com
Alleged leak of data from Parkway Realty Group LLC
Category: Data Breach
Content: The threat actor claims to be leaked 85 GB data from Parkway Realty Group LLC. The compromised data reportedly including lease agreements, transaction records, legal files, banking information, and operational documents such as building plans and maintenance records.
Date: 2026-03-25T10:16:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-USA-parkway-realty-group-data-85-gb
Screenshots:
None
Threat Actors: Sorb
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: parkway realty group llc
Victim Site: parkway-realty.com
Alleged Sale User Data From Alyna
Category: Data Breach
Content: The threat actor claims to be selling data from Alyna. The compromised data reportedly contains 18 000 user records, 13,500 email records and 16,000 phone records, including hashed credentials (MD5), device information, location data, and account-related metadata.
Date: 2026-03-25T10:07:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Kuwait-alyna-co-18-000-users
Screenshots:
None
Threat Actors: Sorb
Victim Country: Kuwait
Victim Industry: Information Technology (IT) Services
Victim Organization: alyna
Victim Site: alyna.co
Alleged leak of social media credentials
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 21 million social media credentials through Telegram channels, offering free access to the credential data.
Date: 2026-03-25T10:05:35Z
Network: openweb
Published URL: https://crackingx.com/threads/69794/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to an unidentified raw material drying processor in Turkeyraw material drying processor in Turkey
Category: Initial Access
Content: The Group claims to have gained unauthorized access to an unidentified conveyor and disrupted the raw material drying process in Turkey.
Date: 2026-03-25T09:55:33Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/89
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing URL-LOG-PASS data
Category: Combo List
Content: A threat actor shared a credential combolist containing URL-LOG-PASS data totaling 355GB, with additional reference to 1300GB of history data in ULP TXT format. The data appears to be made available for free download on a cybercriminal forum.
Date: 2026-03-25T09:53:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69793/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of alice.it credentials
Category: Combo List
Content: A threat actor shared a credential list containing 13,282 lines targeting the alice.it domain. The data was distributed for free via a file sharing service.
Date: 2026-03-25T09:39:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69792/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Telecom Italia
Victim Site: alice.it
Alleged unauthorized access to Store Locator Widgets
Category: Initial Access
Content: Groups claims to unauthorized access to Store Locator Widgets.
Date: 2026-03-25T09:34:17Z
Network: telegram
Published URL: https://t.me/kittysearchnews/249
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: USA
Victim Industry: Software Development
Victim Organization: store locator widgets
Victim Site: storelocatorwidgets.com
Keymous Plus claim to target Telecom Egypt
Category: Alert
Content: A recent post by the group indicates that they are targeting Telecom Egypt
Date: 2026-03-25T09:26:44Z
Network: telegram
Published URL: https://t.me/KeymousTG/971
Screenshots:
None
Threat Actors: Keymous Plus
Victim Country: Egypt
Victim Industry: Network & Telecommunications
Victim Organization: telecom egypt
Victim Site: te.eg
Alleged Leak of Chinese Drone Operational And User Data
Category: Data Leak
Content: The threat actor claims to be leaked Chinese Drone Operational And User Data. The compromised data reportedly including usernames, full names, phone numbers, department details, roles, account status, and activity timestamps.
Date: 2026-03-25T09:24:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Chinese-Drone-data-leak
Screenshots:
None
Threat Actors: Jon1234
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Panama Government ID (DNI) Data from Empleos Panamá
Category: Data Breach
Content: The threat actor claims to be selling Panama Government ID (DNI) Data from Empleos Panamá. The compromised dataset reportedly contains 600 photos of national ID cards
Date: 2026-03-25T09:18:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PA-600-DNI-EMPLEOSPANAMA-GOB-PA-2026
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Panama
Victim Industry: Government & Public Sector
Victim Organization: empleos panamá
Victim Site: empleospanama.gob.pa
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 130,027 credentials allegedly targeting educational institutions. The data was made available as a free download via a file sharing platform.
Date: 2026-03-25T09:10:32Z
Network: openweb
Published URL: https://crackingx.com/threads/69791/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Kenya Airport Authority
Category: Data Breach
Content: Group claims to have leaked 2TB data from Kenya Airport Authority.
Date: 2026-03-25T09:06:42Z
Network: telegram
Published URL: https://t.me/rubiconhack/167
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: Kenya
Victim Industry: Airlines & Aviation
Victim Organization: kenya airport authority
Victim Site: kaa.go.ke
Alleged sale of customer data from Yuanta Securities
Category: Data Breach
Content: The threat actor claims to be selling customer data from Yuanta Securities. The compromised data reportedly contains 2.3 million records including full names, mobile phone numbers, gender, national ID card numbers, stockholder information, passwords, and securities related account data.Note: This Organization was previously breached on Sep 18 2025
Date: 2026-03-25T09:05:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Yuanta-Securities-Thailand-2300000
Screenshots:
None
Threat Actors: datasource
Victim Country: Thailand
Victim Industry: Financial Services
Victim Organization: yuanta securities
Victim Site: yuanta.co.th
Website defacement of SU Journal by TmaqnirXploit (AbsurdSEC team)
Category: Defacement
Content: TmaqnirXploit from the AbsurdSEC team defaced the SU Journal website on March 25, 2026. The attack targeted a specific file path rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-03-25T09:03:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813787
Screenshots:
None
Threat Actors: TmaqnirXploit, AbsurdSEC
Victim Country: Unknown
Victim Industry: Media/Publishing
Victim Organization: SU Journal
Victim Site: su-journal.com
Alleged leak of Fortnite credentials
Category: Combo List
Content: A threat actor is distributing Fortnite email:password credential lists through Telegram channels. The actor operates multiple Telegram groups offering free combolists and programs.
Date: 2026-03-25T08:57:20Z
Network: openweb
Published URL: https://crackingx.com/threads/69790/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Epic Games
Victim Site: fortnite.com
Alleged sale of data from Formbay
Category: Data Breach
Content: The threat actor claims to be selling data from Formbay. The compromised data reportedly contains 162.4K users including full names, dates of birth, addresses, phone numbers, email addresses, gender
Date: 2026-03-25T08:51:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-formbay-com-au-162-4K-users
Screenshots:
None
Threat Actors: z72
Victim Country: Australia
Victim Industry: Information Technology (IT) Services
Victim Organization: formbay
Victim Site: formbay.com.au
Alleged sale of French government database from Service National Universel
Category: Data Breach
Content: Threat actor claims to be selling a complete MongoDB database dump from the French governments Service National Universel initiative, containing user profiles, credentials, infrastructure data, and internal communications. The leak allegedly originated from security oversight in the development pipeline involving government contractor Selego.
Date: 2026-03-25T08:44:34Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45621
Screenshots:
None
Threat Actors: Admin
Victim Country: France
Victim Industry: Government
Victim Organization: Service National Universel
Victim Site: beta.gouv.fr
Alleged Sale of Chinese Cryptocurrency Exchange User KYC Data
Category: Data Leak
Content: The threat actor claims to have leaked 2million Chinese Cryptocurrency Exchange User KYC Data
Date: 2026-03-25T08:35:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Chinese-crypto-exchanges
Screenshots:
None
Threat Actors: GlitchX
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,244 allegedly valid Hotmail email and password combinations. The credentials are described as premium hits from private cloud sources and mixed mail accounts.
Date: 2026-03-25T08:30:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69788/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of courant-brand.online by DimasHxR
Category: Defacement
Content: Website defacement incident targeting courant-brand.online conducted by attacker DimasHxR on March 25, 2026. The attack was documented and archived with mirror evidence available.
Date: 2026-03-25T08:29:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813783
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: courant-brand.online
Website defacement of scottrobertsvoice.com by DimasHxR
Category: Defacement
Content: The website scottrobertsvoice.com was defaced by threat actor DimasHxR on March 25, 2026. This appears to be an isolated defacement incident targeting a single webpage rather than a mass defacement campaign.
Date: 2026-03-25T08:23:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813782
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Scott Roberts Voice
Victim Site: scottrobertsvoice.com
Alleged data breach of 51.com
Category: Data Breach
Content: The threat actor claims to have leaked a data from 51.com, dating from August 2019. The compromised dataset reportedly contains 321,752,993 records, including user identifiers (UIN), account usernames, email addresses, IP addresses, full names, profile information, gender, user levels, account status, and other associated user data.
Date: 2026-03-25T08:20:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-51-com-xx5-in-com-2019-databreach-321-752-993-records
Screenshots:
None
Threat Actors: fanfan
Victim Country: China
Victim Industry: Information Technology (IT) Services
Victim Organization: 51.com
Victim Site: 51.com
Website defacement of chachooanims.fr by DimasHxR
Category: Defacement
Content: French website chachooanims.fr was defaced by attacker DimasHxR on March 25, 2026, targeting the readme.txt file.
Date: 2026-03-25T08:17:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813777
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: chachooanims.fr
Website defacement of powerpackiq.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against powerpackiq.com on March 25, 2026. The attack targeted a specific page (b.html) rather than the main homepage and was not part of a mass defacement campaign.
Date: 2026-03-25T08:17:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813780
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: PowerPack IQ
Victim Site: powerpackiq.com
Website defacement of The Track by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a specific page on The Tracks Australian website on March 25, 2026. The incident targeted a single page rather than the main homepage and was not part of a mass defacement campaign.
Date: 2026-03-25T08:16:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813781
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Entertainment/Media
Victim Organization: The Track
Victim Site: thetrack.com.au
Website defacement of loleverywhere.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced loleverywhere.com on March 25, 2026. The defacement targeted a specific page (readme.txt) rather than the main homepage.
Date: 2026-03-25T08:10:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813767
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: loleverywhere.com
Website defacement of loloops.com by DimasHxR
Category: Defacement
Content: DimasHxR conducted a single website defacement targeting loloops.com on March 25, 2026. The attack targeted a readme.txt file on the domain with no identified mass defacement patterns.
Date: 2026-03-25T08:09:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813768
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: loloops.com
Website defacement of menintalk.com by DimasHxR
Category: Defacement
Content: DimasHxR defaced menintalk.com on March 25, 2026, targeting a readme.txt file on the domain. This was an isolated defacement incident with no team affiliation claimed by the attacker.
Date: 2026-03-25T08:09:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813769
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: menintalk.com
Website defacement of wahgazab.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced wahgazab.com on March 25, 2026. The attacker operated independently without any known team affiliation in this single-site defacement incident.
Date: 2026-03-25T08:08:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813771
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: wahgazab.com
Website defacement of beatspy.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against beatspy.com on March 25, 2026. The attack targeted a readme.txt file on the technology-related website.
Date: 2026-03-25T08:08:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813772
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BeatSpy
Victim Site: beatspy.com
Alleged data sale of Pakistan defense system
Category: Data Leak
Content: The group claims to be selling data belonging to Pakistan defense system.
Date: 2026-03-25T08:03:04Z
Network: telegram
Published URL: https://t.me/rubiconhack/165?single
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of adoption-center.info by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the adoption-center.info website on March 25, 2026. The defacement targeted a specific page (b.html) rather than the homepage and appears to be an isolated incident rather than part of a mass defacement campaign.
Date: 2026-03-25T08:02:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813759
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Non-profit/Social Services
Victim Organization: Unknown
Victim Site: adoption-center.info
Website defacement of Get Morocco Tours by DimasHxR
Category: Defacement
Content: The tourism website getmoroccotours.org was defaced by threat actor DimasHxR on March 25, 2026. This appears to be an isolated defacement incident targeting a single page on the Morocco-based tour operators website.
Date: 2026-03-25T08:01:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813760
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Morocco
Victim Industry: Tourism
Victim Organization: Get Morocco Tours
Victim Site: getmoroccotours.org
Alleged leak of personal data from Australia
Category: Data Leak
Content: The threat actor claims to be leaked 438K personal data from Australia
Date: 2026-03-25T08:01:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Australia-438K-personal-data–70183
Screenshots:
None
Threat Actors: GlitchX
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Precision Cabinetry by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the Precision Cabinetry website on March 25, 2026. This appears to be an isolated defacement incident targeting a cabinetry manufacturing companys web presence.
Date: 2026-03-25T08:01:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813761
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Precision Cabinetry
Victim Site: www.precisioncabinetry.net
Website defacement of olozfera.com by Leviathan Perfect Hunter team
Category: Defacement
Content: The Leviathan Perfect Hunter team, specifically attacker aexdy, defaced the olozfera.com website on March 25, 2026. This was an isolated defacement targeting a single page rather than a mass or home page attack.
Date: 2026-03-25T08:00:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813762
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: olozfera.com
Alleged data breach of Hopewell Area School District
Category: Data Breach
Content: The group claims to have breached data from Hopewell Area School District.
Date: 2026-03-25T07:54:55Z
Network: telegram
Published URL: https://t.me/rubiconhack/165
Screenshots:
None
Threat Actors: RubiconH4CK
Victim Country: USA
Victim Industry: Education
Victim Organization: hopewell area school district
Victim Site: hopewellarea.org
Alleged data leak of JellyJelly
Category: Data Leak
Content: The threat actor claims to be leaked data from JellyJelly. The compromised data reportedly contains 32,000 user records including full names, email addresses, phone numbers, and account-related information.
Date: 2026-03-25T07:50:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-JellyJelly-com-%E2%80%94-32k-PII-1-9k-Solana-wallets
Screenshots:
None
Threat Actors: macaroni
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: jellyjelly
Victim Site: jellyjelly.com
Website defacement of Ruiz Ranch by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Ruiz Ranch website on March 25, 2026, targeting a file within the WordPress includes directory. The incident was a single defacement rather than part of a mass campaign.
Date: 2026-03-25T07:49:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813758
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ruiz Ranch
Victim Site: ruizranch.com
Alleged distribution of mixed corporate domain credentials
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists containing 8 million mixed corporate domain accounts through Telegram channels. The actor also provides related cracking programs and tools through separate Telegram groups.
Date: 2026-03-25T07:36:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69786/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ablethanh.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website ablethanh.com on March 25, 2026, targeting a readme.txt file on the domain.
Date: 2026-03-25T07:31:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813738
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ablethanh.com
Alleged data breach of National Security Agency
Category: Data Breach
Content: Group claims to have leaked 281 GB data from National Security Agency.
Date: 2026-03-25T07:27:49Z
Network: telegram
Published URL: https://t.me/rubiconhack/164
Screenshots:
None
Threat Actors: Rubiconhack
Victim Country: USA
Victim Industry: Defense & Space
Victim Organization: national security agency
Victim Site: nsa.gov
Alleged leak of Gmail credentials
Category: Combo List
Content: Actor BestCombo shared a credential list containing 38,203 Gmail email and password combinations on CrackingX forum via a Mega file sharing link.
Date: 2026-03-25T07:22:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69783/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged sale of email spoofing service targeting cryptocurrency and banking platforms
Category: Initial Access
Content: Threat actor offering email spoofing service for $1500 claiming 100% inbox delivery rate and ability to spoof major cryptocurrency exchanges and banking institutions. Service includes rotating SMTP servers and phishing templates for brands like Binance, Coinbase, HSBC, and others.
Date: 2026-03-25T07:22:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69784/
Screenshots:
None
Threat Actors: EmSpoof
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of financial data and identity documents on cybercriminal forum
Category: Data Breach
Content: Threat actor AquaSpace advertises various financial data and identity documents including SSN fullz, credit cards with high balances, bank statements, drivers licenses, and banking logs from US, Canadian, and European institutions via Telegram contact.
Date: 2026-03-25T07:13:01Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45620
Screenshots:
None
Threat Actors: AquaSpace
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of confidential data related to Tamir Pardo
Category: Data Leak
Content: Group claims to have leaked personal data and confidential documents related to Tamir Pardo, the former Director of Mossad.
Date: 2026-03-25T07:04:01Z
Network: openweb
Published URL: https://handala-team.to/from-hunter-to-hunted-mossads-former-chief-falls-into-the-trap/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach involving Desa Gumiwang database in Banjarnegara Regency
Category: Data Breach
Content: Forum post claims to involve a 9,000 record database from Desa Gumiwang village in Banjarnegara Regency, Indonesia. No post content is available to determine if the database is being sold or leaked for free.
Date: 2026-03-25T06:59:33Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45618
Screenshots:
None
Threat Actors: XhenzoExecuted
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Desa Gumiwang
Victim Site: Unknown
Alleged leak of mixed corporate credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 91,659 credential pairs targeting mixed corporate entities, made available as a free download via file sharing service.
Date: 2026-03-25T06:57:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69781/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 5,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-03-25T06:57:24Z
Network: openweb
Published URL: https://crackingx.com/threads/69782/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Facebook credentials
Category: Combo List
Content: A threat actor allegedly shared a freshly extracted combolist containing Facebook email and password combinations on a cybercriminal forum. The content is hidden and available only to registered forum users.
Date: 2026-03-25T06:34:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69780/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Facebook
Victim Site: facebook.com
Website defacement of Chirinyima Handicraft by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the website of Chirinyima Handicraft, a Nepalese handicraft company, on March 25, 2026. This appears to be a targeted single-site defacement attack against the commercial organizations web presence.
Date: 2026-03-25T06:30:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813735
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Handicraft/Retail
Victim Organization: Chirinyima Handicraft
Victim Site: chirinyimahandicraft.com.np
Alleged distribution of educational institution credential lists
Category: Combo List
Content: Threat actor distributes educational institution credential lists (combolists) for free through Telegram channels, targeting educational domains.
Date: 2026-03-25T06:25:29Z
Network: openweb
Published URL: https://crackingx.com/threads/69779/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of ChatGPT Premium cookies
Category: Combo List
Content: Threat actor allegedly leaked ChatGPT Premium cookies with tutorial video for unauthorized access to premium accounts.
Date: 2026-03-25T06:13:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69778/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: OpenAI
Victim Site: chat.openai.com
Alleged sale of 106 credit card records
Category: Data Leak
Content: Threat actor claims to be leaked 106 credit card records from USA. The compromised data reportedly includes credit card number, expiry, cvv, address, city, state, zip, country, full name etc.
Date: 2026-03-25T05:52:19Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278953/
Screenshots:
None
Threat Actors: Saiwer
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 13.97 million records
Category: Combo List
Content: A threat actor named Daxus shared a credential combolist containing 13.97 million URL:LOG:PASS records on a cybercriminal forum. The actor promotes the data as strictly private and UHQ+ quality, directing users to their Telegram bot and website for access.
Date: 2026-03-25T05:30:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69775/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of business and personal information databases from multiple countries
Category: Data Breach
Content: Threat actor Target777 is allegedly selling comprehensive business and personal information databases from multiple countries including USA, Europe, Australia, Canada, and others. The data includes SSNs, credit scores, business registration details, and personal identifiers with prices ranging from $90-150 per record or wholesale packages of $1000 for 100 records.
Date: 2026-03-25T05:30:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69776/
Screenshots:
None
Threat Actors: Target777
Victim Country: Multiple
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Chinese drone company employee records
Category: Data Leak
Content: Employee records from a Chinese drone company were leaked, containing CRM system data including usernames, phone numbers, Chinese names, department assignments, and user roles.
Date: 2026-03-25T05:10:55Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45615
Screenshots:
None
Threat Actors: Jon1234
Victim Country: China
Victim Industry: Aerospace/Defense
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 19.14 million entries
Category: Data Leak
Content: Threat actor GektorS allegedly made available a credential combolist containing URL:username:password combinations for 19.14 million accounts in a 1+ GB file.
Date: 2026-03-25T05:10:27Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45616
Screenshots:
None
Threat Actors: GektorS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Chronus leaks targets the website of Municipality of San Fernando del Valle de Catamarca (SFVC)
Category: Defacement
Content: The group claims to have defaced the website of Municipality of San Fernando del Valle de Catamarca (SFVC)
Date: 2026-03-25T05:09:13Z
Network: telegram
Published URL: https://t.me/c/3803830732/153
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: municipality of san fernando del valle de catamarca (sfvc)
Victim Site: datos.catamarcaciudad.gob.ar
Alleged leak of mixed country credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1.36 million credentials from multiple countries via a Mega.nz download link on a cybercrime forum.
Date: 2026-03-25T04:59:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69774/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Banco Serfinanza
Category: Data Breach
Content: Threat actor claims to have leaked data from Banco Serfinanza. The compromised data reportedly includes obligation number, document number, full name, telephone, address etc.
Date: 2026-03-25T04:57:49Z
Network: openweb
Published URL: https://xforums.st/threads/serfinanza-bank-emergiacc-conalcreditos-colombia.589114/
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Banking & Mortgage
Victim Organization: banco serfinanza
Victim Site: bancoserfinanza.com
Alleged leak of mixed credential combolist on CrackingX forum
Category: Combo List
Content: A threat actor shared an 81,000 record mixed credential combolist containing valid forum credentials on the CrackingX forum. The post content is restricted and requires registration to view full details.
Date: 2026-03-25T04:48:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69773/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German social media and e-commerce credentials
Category: Combo List
Content: A threat actor shared a combolist containing 251,700 credential pairs allegedly targeting German social media and shopping platforms. The data was distributed for free via a cloud storage link.
Date: 2026-03-25T04:39:23Z
Network: openweb
Published URL: https://crackingx.com/threads/69772/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of organisedasfood.dev by maw3six (Idiot Crew)
Category: Defacement
Content: The website organisedasfood.dev was defaced by attacker maw3six from the Idiot Crew team on March 25, 2026. The attack targeted a cloud-hosted server and resulted in the placement of defacement content at /maw.txt.
Date: 2026-03-25T04:37:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248085
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Food/Catering
Victim Organization: Unknown
Victim Site: organisedasfood.dev
Mass website defacement campaign by Idiot Crew member maw3six
Category: Defacement
Content: Mass defacement attack conducted by attacker maw3six, affiliated with the Idiot Crew group, targeting multiple websites including f1casemimic.com. The attack was hosted on cloud infrastructure and represents part of a broader mass defacement campaign.
Date: 2026-03-25T04:37:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248086
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: f1casemimic.com
Mass defacement targeting fronthgaarden.no by maw3six of Idiot Crew
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six from the Idiot Crew group targeting the Norwegian domain fronthgaarden.no. The attack was part of a broader mass defacement campaign rather than a targeted single-site breach.
Date: 2026-03-25T04:36:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248087
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Norway
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fronthgaarden.no
Website defacement of Adria Logistika by maw3six (Idiot Crew)
Category: Defacement
Content: The attacker maw3six from the Idiot Crew group successfully defaced the Adria Logistika logistics company website on March 25, 2026. The defacement targeted a cloud-hosted server and was archived on a mirror site for documentation purposes.
Date: 2026-03-25T04:36:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248088
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Logistics
Victim Organization: Adria Logistika
Victim Site: adrialogistika.com
Alleged targeting of Colombian financial institutions including Serfinanza Bank
Category: Data Breach
Content: Thread mentions multiple Colombian financial institutions including Serfinanza Bank, Emergiacc, and Conalcréditos, but no specific content is available to determine the nature or scope of the alleged incident.
Date: 2026-03-25T04:17:14Z
Network: openweb
Published URL: https://xforums.st/threads/serfinanza-bank-emergiacc-conalcreditos-colombia.589114/
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Serfinanza Bank
Victim Site: Unknown
Alleged Sale of Unauthorized Shell Access to a Tourism Organization in Venezuela
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized shell access to an organization in Venezuela operating in the tourism sector. The access includes SYSTEM and Local Administrator privileges within a domain-joined Windows environment, with access to more than seven hosts and a domain containing over 90 users.
Date: 2026-03-25T04:14:02Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279112/
Screenshots:
None
Threat Actors: Saturned33
Victim Country: Venezuela
Victim Industry: Hospitality & Tourism
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of The Unified Electronic Services Portal (My.gov.ge)
Category: Data Breach
Content: Threat actor claims to have leaked the database of The Unified Electronic Services Portal (MY.GOV.GE) .The Compromised data includes First Name, Last Name, ID Number, Email Address, Phone Number, Address
Date: 2026-03-25T04:11:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-GE-my-gov-ge
Screenshots:
None
Threat Actors: cybersaspir07
Victim Country: Georgia
Victim Industry: Government & Public Sector
Victim Organization: my.gov.ge
Victim Site: my.gov.ge
Alleged data breach of Mailing Lists from Multiple Companies
Category: Data Breach
Content: The threat actor claims to have leaked multiple newsletter mailing list databases from various organizations. The combined dataset reportedly contains 90,424 records, including sensitive information such as email addresses, full names, phone numbers, company details, locations, IP addresses, and in some cases passwords or SSO codes.
Date: 2026-03-25T04:04:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Combined-Mailing-Lists-Of-10-Companies-90-424-records
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Shell Access to an ISP and MSP Organization in Palestine
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized shell access to an organization in Palestine operating in the ISP and MSP sector. The access includes SYSTEM, NT AUTHORITY, and Local Administrator privileges within a domain-joined Windows environment, covering more than five hosts and a domain with over 75 users, while the organization provides services such as data centers, VPNs, VoIP, and FTTH.
Date: 2026-03-25T04:01:38Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279111/
Screenshots:
None
Threat Actors: Saturned33
Victim Country: Palestine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified U.S.-based financial development environment
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified financial development environment in USA.
Date: 2026-03-25T03:55:53Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279053/
Screenshots:
None
Threat Actors: williamblack
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Ministry of Labour and Social Protection of the Russian Federation
Category: Data Breach
Content: Threat actor claims to have leaked the database of Ministry of Labour and Social Protection of the Russian Federation.
Date: 2026-03-25T03:55:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RU-mintrud-gov-ru
Screenshots:
None
Threat Actors: cybersaspir07
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: ministry of labour and social protection of the russian federation
Victim Site: mintrud.gov.ru
Alleged data breach of Mercer Salesforce database
Category: Data Breach
Content: Threat actor claims to have access to Mercer Salesforce database containing 3,203,200 records with personal information including names, addresses, phone numbers, dates of birth, SSNs, and tax ID numbers. Contact information provided via encrypted messaging app.
Date: 2026-03-25T03:53:30Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45614
Screenshots:
None
Threat Actors: 7obit
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: Mercer
Victim Site: Unknown
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor is sharing a credential list containing phone numbers and passwords, claiming it to be high quality and private data.
Date: 2026-03-25T03:52:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69770/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credential lists
Category: Combo List
Content: A threat actor shared WordPress credential lists containing login credentials and associated URLs on a cybercriminal forum. No content details were available to determine the scope or origin of the credentials.
Date: 2026-03-25T03:52:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69771/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: Threat actor gsmfix shared a credential combolist in URL:LOGIN:PASS format, advertised as high quality and private content on a cybercriminal forum.
Date: 2026-03-25T03:40:33Z
Network: openweb
Published URL: https://crackingx.com/threads/69767/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA and Europe credential combolist
Category: Combo List
Content: A threat actor is distributing what they claim to be an exclusive combolist containing credential combinations from USA and Europe regions. The post uses promotional language suggesting high-quality hits from the credential list.
Date: 2026-03-25T03:40:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69768/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Actor gsmfix claims to distribute high quality credential combolists containing European and US user accounts. The post emphasizes the validity and quality of the credential lists but provides no specific details about sources, record counts, or pricing.
Date: 2026-03-25T03:39:36Z
Network: openweb
Published URL: https://crackingx.com/threads/69769/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of AGP Translations
Category: Data Breach
Content: The threat actor claims to have leaked a newsletter mailing list database from Caramba Shop. The compromised data reportedly contains 10,603 records.
Date: 2026-03-25T03:30:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Combined-Mailing-Lists-Of-10-Companies-90-424-records
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: Translation & Localization
Victim Organization: agp translations
Victim Site: agptraducciones.com
Website defacement of clrmo.com by Leviathan Perfect Hunter
Category: Defacement
Content: The threat group Leviathan Perfect Hunter, through attacker aexdy, successfully defaced the website clrmo.com on March 25, 2026. The defacement targeted a specific page (hx.html) on the domain.
Date: 2026-03-25T03:29:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813728
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: clrmo.com
Alleged data breach of Caramba Shop
Category: Data Breach
Content: The threat actor claims to have leaked a newsletter mailing list database from Caramba Shop. The compromised data reportedly contains 234 records.
Date: 2026-03-25T03:19:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Combined-Mailing-Lists-Of-10-Companies-90-424-records
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: Retail Industry
Victim Organization: caramba shop
Victim Site: carambashop.com
Alleged leak of Gmail credentials
Category: Combo List
Content: Forum post claims to offer over 100,000 Gmail credentials, though actual content is hidden behind registration requirement making verification impossible.
Date: 2026-03-25T03:03:06Z
Network: openweb
Published URL: https://crackingx.com/threads/69765/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail.es credentials
Category: Combo List
Content: A threat actor shared a combolist containing 18,092 credential pairs specifically targeting the hotmail.es domain via a file hosting service.
Date: 2026-03-25T02:52:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69764/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.es
Alleged data breach of Selfix
Category: Data Breach
Content: The group claims to have deleted 4 terabytes data from Selfix.
Date: 2026-03-25T02:38:37Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/51
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Other Industry
Victim Organization: selfix
Victim Site: Unknown
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: A threat actor has made available a combolist containing 145,101 corporate email and password combinations via a file sharing service.
Date: 2026-03-25T02:29:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69763/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ X930 Valid UHQ Hotmail ⚡⚡
Category: Combo List
Content: New thread posted by noir: ⚡⚡ X930 Valid UHQ Hotmail ⚡⚡
Date: 2026-03-25T01:45:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69762/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor redcloud shared a combolist containing 4,500 alleged valid Hotmail email credentials through a MediaFire download link and Telegram contact.
Date: 2026-03-25T01:33:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69761/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of P3Global/CrimeStoppers USA Police Tipline Database
Category: Data Breach
Content: Threat actor is selling a database containing 8.3 million records from USA/Canada police tipline systems, including anonymous crime tips, personal information, social security numbers, and contact details for $10,000. The data is dubbed BlueLeaks 2.0 and reportedly contains 93GB of confidential police data.
Date: 2026-03-25T00:38:09Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45613
Screenshots:
None
Threat Actors: iym
Victim Country: United States
Victim Industry: Law Enforcement
Victim Organization: P3Global/CrimeStoppers
Victim Site: Unknown
Alleged leak of aliceadsl.fr credentials
Category: Combo List
Content: A threat actor shared a combolist containing 9,359 credential lines targeting the aliceadsl.fr domain via a file hosting service.
Date: 2026-03-25T00:33:35Z
Network: openweb
Published URL: https://crackingx.com/threads/69759/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Alice ADSL
Victim Site: aliceadsl.fr
Alleged leak of gaming and casino credentials targeting Germany
Category: Combo List
Content: A threat actor shared a credential list containing 783,668 entries allegedly targeting gaming and casino platforms in Germany. The data was distributed as a free download via a file sharing service.
Date: 2026-03-25T00:22:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69757/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown