[March-28-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a detailed analysis of a series of cybersecurity incidents recorded between March 28 and March 29, 2026. The provided intelligence details 182 distinct cyber events spanning multiple threat categories, including the mass distribution of credential combo lists, website defacements, high-impact data breaches, and the unauthorized sale of initial access to corporate and government networks.

The threat landscape observed during this period is characterized by the vast, free distribution of sensitive data across open web forums (such as crackingx.com) and Telegram channels. High-profile incidents include the alleged leak of 250 million Personally Identifiable Information (PII) records from the USA , the breach of the Indian Council of Medical Research involving 815 million records , and targeted disruptive attacks on critical infrastructure and retail operations by groups like Handala Hack.

2. Threat Landscape Overview

An analysis of the provided dataset reveals a distinct breakdown of cybercriminal activities into four primary categories:

Credential Combo Lists: The overwhelming majority of recorded incidents involve the distribution of parsed login credentials.
Website Defacements: A significant number of incidents involve the unauthorized alteration of web pages, largely driven by hacktivist groups or actors seeking notoriety.
Data Breaches and Leaks: High-impact incidents involving the exfiltration and exposure of sensitive corporate, government, and individual data.
Initial Access and Vulnerabilities: The brokering or exposure of unauthorized access to industrial control systems, surveillance networks, and corporate environments.

3. Detailed Vector Analysis

3.1 Credential Combo Lists and Access Brokers

The most frequent event in the dataset is the distribution of “Combo Lists”—datasets containing millions of usernames, emails, and passwords, often formatted as URL:LOGIN:PASS.

Volume and Scale:

A threat actor named Knight allegedly shared multiple massive databases, including a 100 million record combo list , a 21 million record list , a 10 million record list , and an 11GB credential list.
The actor Daxus distributed 34.95 million URL:LOG:PASS entries through a Telegram bot and the Daxus.pro service.
CODER distributed a combo list containing 17 million banking credentials. This actor also shared an 11 million record mixed corporate combo list.

Targeted Platforms and Regions:

Technology Providers: Microsoft (Hotmail) and Google (Gmail) were heavily targeted. Actor D4rkNetHub leaked over 100,000 Gmail credentials. Numerous actors, including MailAccesss, HollowKnight07, and HQcomboSpace, leaked varying volumes of Hotmail credentials, with one list containing 1.7 million records. Yahoo credentials were also targeted, including a list of 161,822 records and a Japan-specific list of 6,541 records.
Regional Targeting: Specific combo lists were curated by geography. HQcomboSpace targeted German domains with 314,190 records and German shopping sites with 1.1 million pairs. Other localized lists targeted Sweden (87,000 records) , Denmark (78,000 records) , Russia (5,400 records) , Poland , France , and China.

Distribution Methods:

The vast majority of these credentials are being shared for free.
Data is primarily distributed via registered accounts on forums like crackingx.com , file-sharing services like Mega.nz , and Telegram channels like PandaCloud04.

3.2 Website Defacements

Website defacement remains a highly active vector for demonstrating capability, ideological messaging, or cyber-vandalism. The dataset indicates both single-target attacks and mass campaigns.

Prominent Defacement Actors:

NUCLIER-Y-C-C-M: This actor or group is the most prolific defacer in the dataset. They conducted targeted attacks against a wide array of victims, including the Lebanon Book Fair , AAA Nutri Foods , Asquare Pharmaceutical in Bangladesh , Residie Ons , and numerous other commercial and educational sites.
KEJE ARMY / ARJUN-X001: This group focused on home page defacements, targeting domains like nialaretta.com , Horizen Academy , and specific IP addresses like 209.15.116.52 and 52.248.40.42.
Alpha wolf / XYZ: Conducted single and mass defacements, notably targeting pymedia.cl in Chile and executing a mass campaign against mtaapu.net.
Aptisme: Targeted international organizations, including the Fleurieu Peninsula Visitor Guide in Australia and Avaz in Vietnam.

3.3 High-Impact Data Breaches and Leaks

The report highlights several severe data breaches involving the exfiltration of sensitive organizational databases and large-scale PII.

Government and Public Sector Breaches:

Indian Council of Medical Research (ICMR): Actor pow claims to be selling a database of 815 million records containing Aadhaar numbers, passport numbers, demographics, and addresses.
Iran Government Leak: The group Anonymous claims to have extracted over 750GB of sensitive data, including internal orders on nationwide censorship and filtering logs.
Alcaldía de Medellín (Colombia): NyxarGroup leaked administrative records, citizen information, and financial data from the Medellín government platform.
Gauteng Provincial Government (South Africa): Actor XP95 breached systems, exposing approximately 3.6 million files related to government operations.

Corporate and Financial Breaches:

Massive USA PII Leak: Actor KrimCo claims to have leaked personal information of over 250 million US individuals, including income details and demographics.
Binance Database: Actor PexRat is allegedly selling a database of 1.5 million Binance users, containing KYC status, 2FA status, and full PII.
Good Food Store (USA): Handala Hack wiped 4 terabytes of data, forcing a complete operational shutdown of the retail store in Missoula.
Fenie Energía S.A. (Spain): A 430GB dataset was leaked containing ID cards, IBAN numbers, and contracts.
Chronopost (France): Actor aeter leaked 860,000 customer records from the French courier service, including locker locations and shipment status.

3.4 Initial Access and Vulnerability Exploitation

Threat actors actively traded and leaked initial access points, posing severe supply-chain and physical security risks.

Industrial Control Systems (ICS): The group NetStrike claimed unauthorized access to a UniLogic Kernel-based ICS, alleging the ability to manipulate physical operations like valves and turbines. They also claimed access to a power plant control system in Tel Aviv, Israel.
Surveillance Systems: The Z-PENTEST ALLIANCE claimed access to CCTV cameras in a Polish laboratory , while MORNING STAR claimed access to multiple CCTV systems in the USA.
Corporate Access Brokering: Threat actors attempted to sell VPN access to a Netherlands manufacturing company , admin access to an electronics manufacturer in India , and firewall access to a Chinese luxury retail company.

4. Threat Actor Profiling

Based strictly on the provided data, several prominent actors and groups emerge:

CYBER U.N.I.T.Y: A highly active group exhibiting state-aligned or hacktivist motivations, predominantly targeting Israeli infrastructure. Their targets included the Israeli Air Force , Transport Infrastructure , and Bank Card data. They also targeted the Ministry of National Defence in Romania and the UAE Passport system.
Handala Hack: Operates with a highly destructive methodology. They claimed responsibility for wiping 4TB of data from the Good Food Store and taking 2,680 Point of Sale (POS) terminals offline across 110 US companies (North Country Business Products).
HQcomboSpace & Knight: Specialized data brokers focused strictly on the curation, aggregation, and free distribution of massive credential combo lists across open web forums.

5. Geographical and Industry Impact

Geographical Hotspots:

United States: Faced severe breaches (250M PII leak ), destructive retail attacks (Good Food Store , POS terminal shutdowns ), and CCTV compromises.
Israel: Heavily targeted by ideological groups (CYBER U.N.I.T.Y, NetStrike), suffering breaches to Air Force databases , transport infrastructure , and power plant control systems.
Germany: Frequent target for credential scraping (T-Online , German shopping sites ) and corporate breaches (German Doner Kebab , Volkswagen ).
India: Suffered the largest single numerical breach recorded in the dataset (815M ICMR records).

Industry Vulnerabilities:

Government & Public Sector: High-value targets for data exfiltration (Medellín , South Africa , Iran ).
Technology & Communications: Microsoft, Google, and Yahoo were continuously targeted via credential stuffing and combo list generation.
Financial Services: Cryptocurrency platforms (Binance , CoinMarketCap ) and regional financial data (Israeli banks , Serlefin Colombia ) were prime targets for monetization.

6. Conclusion

The cybersecurity events recorded between March 28 and March 29, 2026, illustrate a highly volatile threat landscape characterized by the commoditization of stolen data.

The most pervasive threat identified is the widespread, freely available distribution of credential combo lists containing tens of millions of records. Because these lists are shared freely on forums like CrackingX and via Telegram, they drastically lower the barrier to entry for novice cybercriminals, fueling secondary attacks such as credential stuffing, account takeovers, and subsequent data breaches.

Furthermore, the intelligence highlights the persistent threat to physical and critical infrastructure. Claims of access to Industrial Control Systems (ICS) and the destructive wiper attacks on retail infrastructure demonstrate that threat actors are actively seeking to bridge the gap between digital exploitation and physical disruption.

Finally, hacktivism remains a highly visible element of the cyber domain. Groups like CYBER U.N.I.T.Y and NUCLIER-Y-C-C-M utilize defacements and targeted data leaks to cause reputational damage and push ideological messaging against state-level targets, particularly in the Middle East. Organizations across all sectors—particularly Government, Retail, and Technology—must prioritize robust identity access management, enforce strict multi-factor authentication to combat combo lists, and aggressively monitor initial access vectors like VPNs and remote administrative tools.

Detected Incidents Draft Data

Alleged distribution of banking credential combolist
Category: Combo List
Content: Threat actor distributing a combolist containing 17 million banking credentials through Telegram channels. The credentials are being shared for free through multiple Telegram groups.
Date: 2026-03-28T23:38:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70244/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of nialaretta.com by ARJUN-X001 (KEJE ARMY)
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group conducted a home page defacement of nialaretta.com on March 29, 2026. This was an isolated defacement targeting a single website rather than a mass attack campaign.
Date: 2026-03-28T23:30:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821023
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nialaretta.com
Alleged leak of German mixed-target combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.1 million credential pairs targeting German entities across multiple sectors. The credential list was made available for free download via a file sharing service.
Date: 2026-03-28T23:28:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70243/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of 209.15.116.52 by ARJUN-X001 (KEJE ARMY)
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group successfully defaced a website hosted at IP address 209.15.116.52 on March 29, 2026. This was a single home page defacement rather than a mass attack.
Date: 2026-03-28T23:18:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821021
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 209.15.116.52
Website defacement by ARJUN-X001 (KEJE ARMY) targeting IP address 52.248.40.42
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group successfully defaced a website hosted at IP address 52.248.40.42 on March 29, 2026. This appears to be a single-target home page defacement rather than a mass attack.
Date: 2026-03-28T23:06:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821020
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 52.248.40.42
Alleged leak of mixed email-password credential list
Category: Combo List
Content: Actor shared a combolist containing 100,000 email and password combinations from mixed sources. The credentials are offered as a free download to registered forum users.
Date: 2026-03-28T22:51:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70240/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of levharulo.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced a specific page on www.levharulo.com on March 29, 2026. This appears to be an isolated defacement targeting a single page rather than a mass attack campaign.
Date: 2026-03-28T22:49:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821018
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.levharulo.com
Alleged data breach of Shelter Indonesia
Category: Data Breach
Content: The threat actor claims to have breached the database from Shelter Indonesia. The compromised dataset reportedly includes full names, Indonesian national ID numbers (NIK/KTP), phone/WhatsApp numbers, location details, and file/date references.
Date: 2026-03-28T22:42:36Z
Network: openweb
Published URL: https://breachforums.sb/Thread-PT-SHELTER-EMPLOYEE-DATA-SHELTER-VENDOR-OS-SHELTER-FREE-DOWNLOAD
Screenshots:
None
Threat Actors: hamzahcorp
Victim Country: Indonesia
Victim Industry: Staffing/Recruiting
Victim Organization: shelter indonesia
Victim Site: shelterindonesia.id
Website defacement of Horizen Academy by ARJUN-X001/KEJE ARMY
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY team successfully defaced the Horizen Academy educational website on March 29, 2026. This was a single-site home page defacement targeting the educational institutions primary domain.
Date: 2026-03-28T22:37:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821017
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Horizen Academy
Victim Site: horizenacademy.com
Website defacement of chenar-khayyam.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M group defaced the chenar-khayyam.com website on March 29, 2026. The attack targeted a specific blog page rather than the main homepage.
Date: 2026-03-28T22:01:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821013
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: chenar-khayyam.com
Alleged leak of credential combolist containing 34.95 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 34.95 million URL:LOG:PASS entries through their Telegram bot and website. The data is being distributed through the Daxus.pro service with associated support channels.
Date: 2026-03-28T21:53:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70238/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of sensitive government and network data in Iran
Category: Data Leak
Content: Group claims to have extracted over 750 gigabytes of sensitive data, including confidential government reports, internal orders on nationwide censorship, user-profiling and filtering logs and information about private networks involved in DNS blocking and “White Internet” operations.
Date: 2026-03-28T21:46:11Z
Network: telegram
Published URL: https://t.me/youranon_storm/1414
Screenshots:
None
Threat Actors: Anonymous
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of kiyje.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the about page of kiyje.com on March 29, 2026. This appears to be an isolated defacement incident targeting a single webpage rather than a mass or redefacement attack.
Date: 2026-03-28T21:44:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821012
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kiyje.com
Alleged leak of Gmail credentials
Category: Combo List
Content: Threat actor claims to have leaked over 100,000 Gmail credentials on a cybercriminal forum. The post appears to offer Gmail credential data but access requires forum registration to view full details.
Date: 2026-03-28T21:43:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70237/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website defacement of swiftgh.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced swiftgh.com/page/wow on March 29, 2026. This appears to be an isolated defacement incident targeting a Ghanaian website.
Date: 2026-03-28T21:38:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821011
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Ghana
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: swiftgh.com
Website defacement of myupavan.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced the myupavan.com e-commerce website on March 29, 2026. The attack targeted a product page on the commercial platform.
Date: 2026-03-28T21:32:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821010
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: MyUpavan
Victim Site: myupavan.com
Alleged leak of educational sector credentials and social media data
Category: Combo List
Content: A threat actor leaked a combolist containing 151,879 credential records allegedly targeting educational, social media, and shopping platforms. The data is being distributed for free via a file-sharing service.
Date: 2026-03-28T21:17:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70234/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of URL-LOG-PASS credential combolist
Category: Combo List
Content: Threat actor TheBash1996 shared a 530GB collection of URL-LOG-PASS credential data described as fresh and private. The data appears to be browser history combined with login credentials in text format.
Date: 2026-03-28T21:06:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70232/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to an unidentified industrial control system
Category: Initial Access
Content: The group claims to have gained access to an unidentified industrial control system. They claims that they have control over UniLogic Kernel -based industrial control system and potentially the ability to monitor or manipulate physical operations like valves and turbines, though the extent of this control may be exaggerated.
Date: 2026-03-28T21:00:06Z
Network: telegram
Published URL: https://t.me/netstrikegroup/50
Screenshots:
None
Threat Actors: NetStrike
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential list
Category: Combo List
Content: A threat actor allegedly leaked a credential list containing 355,000 Hotmail account credentials on a cybercriminal forum.
Date: 2026-03-28T20:56:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70230/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged unauthorized access to Telvinet Sp. z o.o
Category: Initial Access
Content: The group claims to have gained unauthorized access to Telvinet Sp. z o.o.
Date: 2026-03-28T20:29:44Z
Network: telegram
Published URL: https://t.me/kittysearchnews/255
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Poland
Victim Industry: Information Technology (IT) Services
Victim Organization: telvinet sp. z o.o
Victim Site: telvinet.pl
Website defacement of mtaapu.net by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, with attacker XYZ, successfully defaced the mtaapu.net website on March 29, 2026. This was a single home page defacement rather than a mass attack.
Date: 2026-03-28T20:24:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821005
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mtaapu.net
Website defacement of 365generic.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M defaced the 365generic.com website on March 29, 2026. The defacement targeted the terms and conditions page of the site.
Date: 2026-03-28T20:24:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821006
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 365generic.com
Mass website defacement by Alpha wolf team targeting mtaapu.net
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement attack targeting mtaapu.net on March 29, 2026. This was part of a larger mass defacement campaign rather than a targeted attack on a single organization.
Date: 2026-03-28T20:23:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248162
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Tonga
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mtaapu.net
Alleged leak of admin access to pros.ophony.com
Category: Initial Access
Content: The group claims to have leaked unauthorized admin access to pros.ophony.com .
Date: 2026-03-28T20:19:28Z
Network: telegram
Published URL: https://t.me/kittysearchnews/256
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pros.ophony.com
Website defacement of Asian Buddha Hotel by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M threat actor successfully defaced the Asian Buddha Hotel website on March 29, 2026. This was a targeted single-site attack rather than part of a mass defacement campaign.
Date: 2026-03-28T20:17:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821003
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Asian Buddha Hotel
Victim Site: www.asianbuddhahotel.com
Website defacement of jobkaroge.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The hacker group NUCLIER-Y-C-C-M defaced the privacy policy page of jobkaroge.com, a job portal website, on March 29, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-28T20:16:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821004
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Employment Services
Victim Organization: JobKaroge
Victim Site: jobkaroge.com
Title: Alleged Data Breach of German Doner Kebab
Category: Data Breach
Content: The threat actor claims to have breached data from German Doner Kebab.The compromised data includes names, email addresses, phone numbers, dates of birth, and addresses and more.
Date: 2026-03-28T20:12:58Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279397/
Screenshots:
None
Threat Actors: KrimCo
Victim Country: Germany
Victim Industry: Food & Beverages
Victim Organization: german doner kebab
Victim Site: germandonerkebab.com
Alleged unauthorized access to an unidentified Israeli power plant control system
Category: Initial Access
Content: The group claims to have gained access to the an unidentified control systems of a power plant in Tel Aviv, alleging full control over its operations and infrastructure.
Date: 2026-03-28T20:12:52Z
Network: telegram
Published URL: https://t.me/netstrikegroup/49
Screenshots:
None
Threat Actors: NetStrike
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Serlefin
Category: Data Breach
Content: The threat actor claims to have breached the database from Serlefin. The compromised data includes customer folders, transaction records, and audio recordings, reportedly in a very large volume.
Date: 2026-03-28T20:10:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Serlefin-BPO-Banco-Davivienda-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: serlefin
Victim Site: serlefin.com
Alleged Leak of 250M USA PII Records
Category: Data Leak
Content: The threat actor claims to have leaked a massive database containing personal information of over 250 million individuals in the United States, including names, email addresses, phone numbers, physical addresses, income details, and other sensitive demographic data, with the original source reportedly unknown.
Date: 2026-03-28T20:03:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279398/
Screenshots:
None
Threat Actors: KrimCo
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 21 million records
Category: Combo List
Content: A threat actor shared a combolist containing 21 million URL:LOGIN:PASS combinations on a cybercriminal forum. The post content is hidden behind registration requirements.
Date: 2026-03-28T19:57:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70223/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 100 million credentials
Category: Combo List
Content: A threat actor is allegedly sharing a combolist containing 100 million URL:login:password combinations on a cybercriminal forum.
Date: 2026-03-28T19:57:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70224/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Lebanon Book Fair by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M threat actor successfully defaced the Lebanon Book Fair website on March 29, 2026. The attack targeted the cultural organizations main website, compromising their online presence.
Date: 2026-03-28T19:54:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820999
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Lebanon
Victim Industry: Publishing/Literature
Victim Organization: Lebanon Book Fair
Victim Site: lebanonbookfair.com
Website defacement of pymedia.cl by XYZ/Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the PyMedia website on March 29, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-28T19:47:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248160
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Chile
Victim Industry: Media
Victim Organization: PyMedia
Victim Site: pymedia.cl
Website defacement of PyMedia by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, with attacker XYZ, successfully defaced the pymedia.cl website on March 29, 2026. The attack targeted the .well-known directory of the Chilean website.
Date: 2026-03-28T19:42:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820998
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: PyMedia
Victim Site: pymedia.cl
Website defacement of AAA Nutri Foods by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M threat group successfully defaced the AAA Nutri Foods website on March 29, 2026. The attack targeted a specific file (wow.txt) on the companys domain, with evidence archived on zone-xsec mirror platform.
Date: 2026-03-28T19:36:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820996
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Food and Nutrition
Victim Organization: AAA Nutri Foods
Victim Site: aaanutrifoods.com
Alleged data leak of SAPA BANSOS
Category: Data Breach
Content: A threat group claims to have leaked a database belonging to SAPA BANSOS
Date: 2026-03-28T19:27:03Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/415
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: sapa bansos
Victim Site: sapabansos.dinsos.jatimprov.go.id
Alleged leak of 10 million credentials
Category: Combo List
Content: A threat actor named Knight allegedly shared a combolist containing 10 million URL:LOGIN:PASS credential combinations on a cybercrime forum.
Date: 2026-03-28T19:21:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70219/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 46,000 email credentials
Category: Combo List
Content: Threat actor TeraCloud1 allegedly made available 46,000 valid email credentials on a cybercriminal forum, with additional access offered through a private Telegram channel.
Date: 2026-03-28T19:21:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70220/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 314,190 credential pairs targeting German domains via a Mega.nz download link on a cybercrime forum.
Date: 2026-03-28T19:12:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70217/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 8 million credentials
Category: Combo List
Content: A threat actor named Knight allegedly shared a credential list containing 8 million URL:username:password combinations on a cybercrime forum.
Date: 2026-03-28T19:11:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70218/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Asquare Pharmaceutical by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M group successfully defaced the blog section of Asquare Pharmaceuticals website on March 29, 2026. This appears to be a targeted defacement against the Bangladeshi pharmaceutical company rather than part of a mass campaign.
Date: 2026-03-28T19:02:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820994
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Bangladesh
Victim Industry: Pharmaceutical
Victim Organization: Asquare Pharmaceutical
Victim Site: asquarepharmaceutical.com
Website defacement of owiedreamclub.com by CYKOMNEPAL
Category: Defacement
Content: The CYKOMNEPAL threat actor successfully defaced the owiedreamclub.com website on March 29, 2026. This appears to be an isolated defacement incident targeting a single website rather than part of a broader campaign.
Date: 2026-03-28T19:01:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820995
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Owie Dream Club
Victim Site: owiedreamclub.com
Alleged leak of credential combolist containing 1.1 million records
Category: Combo List
Content: A forum user shared a credential combolist containing 1.1 million URL-login-password combinations dated March 29, 2026. The content is hidden behind user registration requirements on the cracking forum.
Date: 2026-03-28T19:00:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70213/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credential list
Category: Combo List
Content: A threat actor shared a collection of 81,000 mixed valid forum credentials in a combolist format on an underground forum.
Date: 2026-03-28T19:00:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70216/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of halo-guru.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced a classroom page on the Halo Guru educational website on March 29, 2026. The attack targeted a specific page rather than the main site, suggesting a targeted defacement of the online learning platform.
Date: 2026-03-28T18:49:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820993
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Halo Guru
Victim Site: halo-guru.com
Alleged leak of PandaCloud email credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing 5.2K email:password combinations branded as PandaCloud through a Telegram channel and file sharing platform. The actor claims to add fresh databases daily with only relevant and latest data.
Date: 2026-03-28T18:48:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70210/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 11GB of data
Category: Combo List
Content: A threat actor named Knight allegedly shared an 11GB credential combolist containing URL:LOGIN:PASS combinations on a cybercrime forum. The post content is hidden behind registration requirements, preventing further analysis of the specific data contents or victim details.
Date: 2026-03-28T18:48:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70211/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 7 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 7 million URL:Login:Pass combinations on a cybercrime forum. The specific source or victim organization of these credentials is not disclosed in the available information.
Date: 2026-03-28T18:47:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70212/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 200 credit card records
Category: Data Leak
Content: Threat actor claims to be selling 200 credit card records from USA.
Date: 2026-03-28T18:45:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279392/
Screenshots:
None
Threat Actors: old_pirat
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of BitLogicX by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M threat actor successfully defaced the BitLogicX company website on March 29, 2026. This was a targeted home page defacement rather than a mass attack campaign.
Date: 2026-03-28T18:43:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820992
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BitLogicX
Victim Site: bitlogicx.com
Alleged leak of Swedish email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 87,000 Swedish email and password combinations on a cybercriminal forum. The credentials are being distributed freely to registered forum users.
Date: 2026-03-28T18:38:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70209/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Denmark credential data
Category: Combo List
Content: A threat actor is freely distributing a credential dataset containing 78,000 records allegedly from Denmark. The data is being shared on a cybercrime forum specializing in combolists and data dumps.
Date: 2026-03-28T18:28:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70207/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed corporate credential lists
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record mixed corporate combolist through Telegram channels. The actor operates free Telegram groups sharing credential lists and programs.
Date: 2026-03-28T18:27:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70208/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email provider credentials
Category: Combo List
Content: A threat actor is distributing a combolist containing 3,999 email credentials from various providers including Hotmail and other mixed email services. The credentials are being offered as a free download through Telegram contact.
Date: 2026-03-28T18:08:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70204/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Mixed Email Providers
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,700 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are described as TOP Quality and dated March 28th.
Date: 2026-03-28T17:57:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70203/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Good Food Store.
Category: Data Breach
Content: The group claims to have breached the database of Good Food Store in Missoula, USA, resulting in the deletion of 4 terabytes of data and forcing a complete shutdown of the store’s operations.
Date: 2026-03-28T17:51:16Z
Network: openweb
Published URL: https://handala-hack.tw/4-terabytes-wiped-good-food-store-shut-down-after-major-cyberattack/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: good food store
Victim Site: goodfoodstore.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor klyne05 shared a mixed email combolist on CrackingX forum, claiming the credentials are private, fresh, and checked. The post offers the credential list as a free download.
Date: 2026-03-28T17:25:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70200/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: Actor snowstormxd shared a combolist containing mixed email credentials through free download links on Pasteview and Telegram. The data appears to be distributed at no cost to forum members.
Date: 2026-03-28T17:12:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70199/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post distributing a free download of 510 Hotmail email credentials described as fresh and high quality.
Date: 2026-03-28T17:02:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70198/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1.8 million Gmail email and password combinations, claiming the data consists of fresh leaks from shopping-related targets.
Date: 2026-03-28T16:52:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70197/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 2,485 premium Hotmail credentials on a cybercrime forum. The credentials are described as valid and include mixed email accounts from a private cloud.
Date: 2026-03-28T16:43:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70195/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor FlashCloud2 allegedly made available a collection of 1,800 validated Hotmail credentials on a cybercriminal forum. The post indicates these are private, verified credential pairs that require forum registration to access.
Date: 2026-03-28T16:43:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70196/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Mass defacement targeting Albanian government portal by maw3six
Category: Defacement
Content: Albanian municipal government website was defaced by threat actor maw3six as part of a mass defacement campaign. The attack targeted the online portal of the Municipality of Kavaje.
Date: 2026-03-28T16:36:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248159
Screenshots:
None
Threat Actors: maw3six
Victim Country: Albania
Victim Industry: Government
Victim Organization: Municipality of Kavaje
Victim Site: online.bashkiakavaje.gov.al
Alleged leak of USA-based email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 2,750 email credentials with mail access, targeting USA-based accounts. The credentials are being distributed as a free download on a cybercriminal forum.
Date: 2026-03-28T16:24:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70194/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged vulnerability leak of Fair Trade India
Category: Vulnerability
Content: Group claims to have leaked a vulnerability in Fair Trade India.
Date: 2026-03-28T15:54:45Z
Network: telegram
Published URL: https://t.me/c/3807888281/283
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: fair trade india
Victim Site: fairtradeindia.in
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir claims to have valid Hotmail credentials available through their Telegram channel. The post advertises high-quality credential lists but requires forum registration to view full details.
Date: 2026-03-28T15:52:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70193/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of velumds.com by maw3six
Category: Defacement
Content: The website velumds.com was defaced by threat actor maw3six on March 28, 2026. The attacker operated independently without team affiliation and compromised the cloud-hosted target.
Date: 2026-03-28T15:45:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248158
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: velumds.com
Alleged leak of German credential combolist via PandaCloud
Category: Combo List
Content: A threat actor shared a free German credential combolist containing 53,000 records via Telegram channel PandaCloud04. The actor claims to regularly add fresh email databases with only relevant and latest data.
Date: 2026-03-28T15:41:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70192/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3.6K mixed email credentials through a file sharing platform. The credentials appear to be from various email providers and were made available as a free download.
Date: 2026-03-28T15:31:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70191/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mysterious Team Bangladesh claims to target Uganda
Category: Alert
Content: A recent post by the group indicates that they are targeting Uganda.
Date: 2026-03-28T15:22:58Z
Network: telegram
Published URL: https://t.me/MysteriousTeamO/53
Screenshots:
None
Threat Actors: Mysterious Team Bangladesh
Victim Country: Uganda
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hax.or targets the website of United Pen Press
Category: Defacement
Content: The group claims to have defaced the website of United Pen Press.
Date: 2026-03-28T15:16:05Z
Network: telegram
Published URL: https://t.me/ctifeeds/129396
Screenshots:
None
Threat Actors: Hax.or
Victim Country: USA
Victim Industry: Publishing Industry
Victim Organization: united pen press
Victim Site: unitedpenpress.com
Alleged leak of T-Online credentials
Category: Combo List
Content: A combolist containing 12,597 credentials targeting the T-Online domain was shared on a cybercriminal forum. The data was made available as a free download via a cloud storage link.
Date: 2026-03-28T15:12:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70190/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 1,030 Hotmail credentials on a cybercrime forum. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-03-28T15:02:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70189/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor allegedly leaked a combolist containing 2,800 Hotmail email credentials described as fresh and high quality.
Date: 2026-03-28T14:51:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70188/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of European education sector credential list
Category: Combo List
Content: A threat actor shared a combolist containing 165,311 credential pairs allegedly targeting European educational institutions. The data is being distributed for free via a file sharing service.
Date: 2026-03-28T14:41:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70185/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of premium account upgrades for multiple services
Category: Initial Access
Content: Forum post advertising personal account upgrades for multiple popular services including Adobe, YouTube, Spotify, Discord, and Canva. No specific content details are available in the post.
Date: 2026-03-28T14:41:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70187/
Screenshots:
None
Threat Actors: bl4cklak3
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Adobe, YouTube, Spotify, Discord, Canva)
Victim Site: Unknown
Alleged leak of premium credential hits and email targets
Category: Combo List
Content: Threat actor leaked 459 premium credential hits along with inbox targets and country-sorted data on cracking forum. The leak includes working credentials and email targets organized by geographic location.
Date: 2026-03-28T14:17:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70180/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 43,000 allegedly valid German email credentials dated March 28th on an underground forum.
Date: 2026-03-28T14:16:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70182/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by Zod targeting unitedpenpress.com
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting unitedpenpress.com on March 28, 2026. This was part of a broader mass defacement operation affecting multiple websites beyond the primary target.
Date: 2026-03-28T14:05:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248157
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Media/Publishing
Victim Organization: United Pen Press
Victim Site: unitedpenpress.com
Alleged data leak from Algeria Press Service
Category: Data Breach
Content: Group claims to have leaked database from Algeria Press Service. The compromised data include emails, contracts, internal data, passwords.
Date: 2026-03-28T13:57:35Z
Network: telegram
Published URL: https://t.me/N3XUS_SH13LD/32?single
Screenshots:
None
Threat Actors: N3XUS SH13LD
Victim Country: Algeria
Victim Industry: Newspapers & Journalism
Victim Organization: algeria press service
Victim Site: aps.dz
Alleged leak of Japanese email credentials via PandaCloud service
Category: Combo List
Content: Threat actor distributes fresh Japanese credential lists containing 4,100 valid email and password combinations through Telegram channel and file sharing platform. The actor claims to add new credential databases daily.
Date: 2026-03-28T13:56:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70179/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credentials
Category: Combo List
Content: User zod shared WordPress credentials on CrackingX forum in the Combolists & Dumps section. The content is password protected and distributed via Telegram channel.
Date: 2026-03-28T13:34:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70178/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: WordPress
Victim Site: wordpress.com
Alleged data leak shared via ULP by threat actor zod
Category: Combo List
Content: Threat actor zod shared a ULP (User Link Password) file on CrackingX forum with password-protected access via Telegram channel. The specific nature and scope of the leaked data is unclear from the available information.
Date: 2026-03-28T13:24:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70176/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Unidentified Business Products in North Country
Category: Data Leak
Content: Threat actor claims responsibility for breaching North Country Business Products, alleging that 2,680 POS terminals across 110 U.S. companies were taken offline, disrupting retail operations nationwide and causing significant business i
Date: 2026-03-28T13:18:37Z
Network: openweb
Published URL: https://handala-hack.tw/north-country-business-products-breached-2680-pos-terminals-disabled-nationwide/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared a collection of 5,400 Russian email credentials with full mail access, dated March 28th. The credentials appear to be leaked or distributed for free download on a cybercrime forum.
Date: 2026-03-28T13:12:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70174/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,700 Japanese email credentials dated March 28th, described as fresh and top quality.
Date: 2026-03-28T13:12:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70175/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 11,150 email credential combinations, primarily targeting Polish users and other regions. The credentials are being distributed as a free download on cybercriminal forums.
Date: 2026-03-28T13:01:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70173/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of data from Indian Council of Medical Research (ICMR)
Category: Data Breach
Content: The threat actor claims to be selling data from Indian Council of Medical Research (ICMR). The compromised data reportedly contains 815 million records including including full names, father’s names, phone numbers, passport numbers, Aadhaar numbers, age, gender and detailed address information such as district, state, town, and pincode.
Date: 2026-03-28T13:01:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-ICMR-Database-815-Million
Screenshots:
None
Threat Actors: pow
Victim Country: India
Victim Industry: Government & Public Sector
Victim Organization: indian council of medical research
Victim Site: icmr.gov.in
Alleged leak of cryptocurrency and banking credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.96 million credentials allegedly targeting cryptocurrency and banking platforms. The data is distributed via a file sharing service without apparent cost.
Date: 2026-03-28T12:52:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70172/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese email credentials
Category: Combo List
Content: Forum post claims to share 1,200 fresh Chinese email access credentials dated March 28th. The content is hidden and requires forum registration to view.
Date: 2026-03-28T12:38:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70171/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,550 mixed email credentials for free download on a cybercrime forum.
Date: 2026-03-28T12:29:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70168/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 175,086 lines of compromised credentials. The data is distributed for free through a Telegram channel.
Date: 2026-03-28T12:29:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70169/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.7 million Hotmail email and password combinations through a file sharing service. The credentials are being distributed for free as a downloadable list targeting social media accounts.
Date: 2026-03-28T12:29:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70170/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared 1,600 allegedly fresh and valid French email access credentials dated March 28th on an underground forum.
Date: 2026-03-28T12:19:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70167/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 28,000 mixed email credentials via a file hosting service. The credentials appear to be from various sources and are being distributed for free download.
Date: 2026-03-28T12:09:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70165/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of VPN access to a Manufacturing company in Netherlands
Category: Initial Access
Content: Threat actor claims to be selling VPN access to a Manufacturing company in Netherlands.
Date: 2026-03-28T12:05:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279377/
Screenshots:
None
Threat Actors: yesdaddy
Victim Country: Netherlands
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 81,000 mixed forum credentials described as valid. The post was made available on a cracking forum in the combolists and dumps section.
Date: 2026-03-28T11:50:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70162/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of GST Registered Profiles in Australia
Category: Data Leak
Content: Threat actor claims to be selling Australian GST-registered business profiles, including ABN details, entity info, and registration data. The listing mentions 125 records, a sample link, and a starting price of $5,000.
Date: 2026-03-28T11:46:49Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279376/
Screenshots:
None
Threat Actors: Auking
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Residie Ons by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the residieons.com website on March 28, 2026. The incident targeted a specific storage configuration path on the victims web infrastructure.
Date: 2026-03-28T11:41:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820985
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Residie Ons
Victim Site: residieons.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 27,000 valid email credentials from mixed sources dated March 28th. The credentials are being distributed for free to registered forum users.
Date: 2026-03-28T11:40:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70161/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Binance User Database
Category: Data Leak
Content: The threat actor claims to be selling Binance User Database. The compromised data reportedly contains 1.5 million user records including including full names, email addresses, phone numbers, registered country details, account creation dates, KYC status , login activity logs (IP addresses, timestamps, 2FA status.
Date: 2026-03-28T11:33:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SELLING-1-5M-Fresh-Binance-User-Database-Full-PII-Login-Activity-2024-2025
Screenshots:
None
Threat Actors: PexRat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: binance
Victim Site: binance.com
Alleged leak of Gmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub allegedly made available over 100,000 Gmail credentials on a cybercrime forum. The post is restricted and requires registration to view full details.
Date: 2026-03-28T11:02:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70159/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combolist containing 314 Hotmail credential hits, sorted by countries and including inbox targets. The credentials are being made available for free download on a cybercrime forum.
Date: 2026-03-28T11:02:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70160/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Travel Software Database From Spain
Category: Data Leak
Content: The threat actor claims to be selling Travel Software Database From Spain. The The compromised data reportedly contains 170K users records, 310K Twitter Accounts records, 350K Geo Address records including including usernames, full names, email addresses, passwords, account metadata and more
Date: 2026-03-28T10:53:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Spain-Travel-Software-170k
Screenshots:
None
Threat Actors: DeltaForceUnit
Victim Country: Spain
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to an unidentified CCTV camera in Poland
Category: Initial Access
Content: The group claims to have accessed the surveillance system of an unidentified laboratory in Poland.
Date: 2026-03-28T10:43:52Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/912
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of crypto-banking combolist containing 1.4 million credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,412,667 credentials allegedly targeting crypto-banking services. The credential list is being distributed for free via a file sharing platform.
Date: 2026-03-28T10:35:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70157/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolists targeting multiple countries and platforms
Category: Combo List
Content: Threat actor distributes mixed credential combolists containing login data from multiple countries (France, Germany, Italy, etc.) and platforms including gaming sites, e-commerce platforms (PayPal, Amazon, eBay), and streaming services (Twitch) through Telegram channels.
Date: 2026-03-28T10:34:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70158/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Paisplus database
Category: Data Breach
Content: The threat actor claims to be selling the database of Paisplus, the dataset contains Employee data, company data, customer data, and company investors.
Date: 2026-03-28T10:33:05Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1226
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: paisplus
Victim Site: paisplus.co.in
Alleged sale of multiple identity document templates and personal databases
Category: Data Breach
Content: Threat actor claims to offer various identity documents including driver licenses, passports, SSNs, and multiple databases containing personal information, consumer data, phone numbers, and email addresses. Contact is provided via Telegram for potential transactions.
Date: 2026-03-28T10:24:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70156/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to unidentified CCTV cameras in Israel
Category: Initial Access
Content: The group claims to have accessed unidentified CCTV cameras in Israel.
Date: 2026-03-28T10:19:05Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/158
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.4 million Hotmail email and password combinations through a file sharing service. The credentials are being distributed for free download.
Date: 2026-03-28T10:15:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70155/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach Of Isthmus Technological Institute
Category: Data Breach
Content: The threat actor claims to be leaked data from Isthmus Technological Institute. The compromised data reportedly including full names, phone numbers, personal email addresses, dates of birth, age, domicile information, CURP (national ID), health/insurance indicators, disability status, indigenous language information, household composition, income related data.
Date: 2026-03-28T10:12:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-M%C3%89XICO-INSTITUTO-TECNOL%C3%93GICO-DEL-ISTMO
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Education
Victim Organization: isthmus technological institute
Victim Site: iti.com.pa
Alleged Leak of Rowo Kandangan Village Population Database
Category: Data Leak
Content: The threat actor claims to be leaked Rowo Kandangan Village Population Database. The compromised data reportedly contains population records, including national ID numbers (NIK), family card numbers (KK), full names, gender, dates of birth, address details, marital status, education level, religion, occupation, and blood type.
Date: 2026-03-28T10:01:05Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LEAK-MASTER-BOOK-OF-ROWO-KANDANGAN-VILLAGE-TEMANGGUNG-REGENCY
Screenshots:
None
Threat Actors: ANONB2H
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of recepta2u.pl by DimasHxR
Category: Defacement
Content: DimasHxR defaced the recepta2u.pl website on March 28, 2026. The attack targeted a Polish healthcare-related service and was documented in zone-xsec mirror archives.
Date: 2026-03-28T09:59:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820984
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Healthcare
Victim Organization: Recepta2U
Victim Site: recepta2u.pl
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list of 1,500 alleged Hotmail credentials on a cybercrime forum, promoting a Telegram channel for fresh email credential lists. The credentials are being distributed for free download.
Date: 2026-03-28T09:46:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70154/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 41,000 email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 41,000 valid email credentials on a cybercriminal forum. The data is being distributed for free to registered forum users.
Date: 2026-03-28T09:37:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70153/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Might International by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Might International website on March 28, 2026. The attack targeted a specific subdirectory of the companys domain.
Date: 2026-03-28T09:20:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820983
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Might International
Victim Site: mightinternational.com
Alleged Sale of Unauthorized Access to electronics manufacturing industry in India
Category: Initial Access
Content: Threat actor claims to be selling domain users and many local admins access to electronics manufacturing industry in India
Date: 2026-03-28T09:00:46Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279367/
Screenshots:
None
Threat Actors: Ritsu08
Victim Country: India
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of VNC protocol pentesting
Category: Initial Access
Content: Threat actor claims to be selling VNC protocol pentesting project with $1,000 price.
Date: 2026-03-28T08:50:13Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279365/
Screenshots:
None
Threat Actors: budda12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Fleurieu Peninsula Visitor Guide by Aptisme
Category: Defacement
Content: The attacker Aptisme successfully defaced the Fleurieu Peninsula Visitor Guide tourism website on March 28, 2026. This was a single home page defacement targeting the Australian tourism organizations main website.
Date: 2026-03-28T08:35:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820978
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Australia
Victim Industry: Tourism
Victim Organization: Fleurieu Peninsula Visitor Guide
Victim Site: fleurieupeninsulavisitorguide….
Website defacement of obomlugar.com by Aptisme
Category: Defacement
Content: The website obomlugar.com was defaced by the attacker Aptisme on March 28, 2026. This was a single home page defacement with no associated team or mass campaign.
Date: 2026-03-28T08:34:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820979
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: obomlugar.com
Website defacement of morshidak.com by Aptisme
Category: Defacement
Content: Attacker Aptisme successfully defaced the morshidak.com website on March 28, 2026. The defacement targeted a specific page (art.html) rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-03-28T08:34:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820980
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: morshidak.com
Alleged leak of login access to Registro Nacional de Identificación y Estado Civil
Category: Initial Access
Content: The group claims to have leaked login access to Registro Nacional de Identificación y Estado Civil.
Date: 2026-03-28T08:30:15Z
Network: telegram
Published URL: https://t.me/crakaizenchannel/572
Screenshots:
None
Threat Actors: Crakaizen Channel
Victim Country: Peru
Victim Industry: Government Administration
Victim Organization: registro nacional de identificación y estado civil
Victim Site: reniec.gob.pe
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor posted a combolist containing 5,000 unique Hotmail credentials on the CrackingX forum. The content is hidden behind a registration requirement.
Date: 2026-03-28T08:25:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70148/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Casino User Database From Usa
Category: Data Leak
Content: The threat actor claims to be leaked 400K Casino User Database From Usa
Date: 2026-03-28T08:17:34Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-USA-Casino-user-DB-400K
Screenshots:
None
Threat Actors: Sabit
Victim Country: USA
Victim Industry: Gambling & Casinos
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain combolist
Category: Combo List
Content: A combolist containing 33,126 credential entries targeting mixed domains has been made available for free download via a file sharing service.
Date: 2026-03-28T08:16:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70147/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of BNC Canada Crypto Leads Database
Category: Data Leak
Content: The threat actor claims to be selling 1M Records of BNC Canada Crypto Leads Database
Date: 2026-03-28T08:14:11Z
Network: openweb
Published URL: https://breachforums.sb/Thread-COLLECTION-BNC-Canada-Crypto-1-Million-Leads
Screenshots:
None
Threat Actors: Rodela
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German shopping site credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 1.1 million credential pairs allegedly targeting German shopping websites. The data is being distributed for free via a file-sharing service.
Date: 2026-03-28T08:07:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70146/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists and programs through multiple Telegram channels. The actor is soliciting direct contact via Telegram for additional combo materials.
Date: 2026-03-28T07:58:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70144/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,443 allegedly valid Hotmail email and password combinations. The credentials are described as premium hits from a private cloud and mixed mail sources.
Date: 2026-03-28T07:58:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70145/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Nepmeds by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Nepmeds healthcare website on March 28, 2026. The attack targeted a specific page on the Nepalese medical services platform.
Date: 2026-03-28T07:33:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820970
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Healthcare
Victim Organization: Nepmeds
Victim Site: www.nepmeds.com.np
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 1,410 Hotmail email and password combinations on a cybercrime forum. The credentials are being distributed as a free download sample.
Date: 2026-03-28T07:30:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70143/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum user allegedly shared a combolist containing 1,495 fresh Hotmail email and password combinations for free download.
Date: 2026-03-28T07:20:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70141/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Avaz by Aptisme
Category: Defacement
Content: The attacker Aptisme defaced a specific page on the Vietnamese website avaz.com.vn on March 28, 2026. This was an isolated defacement targeting a single page rather than a mass or home page attack.
Date: 2026-03-28T07:10:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820969
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: avaz.com.vn
Alleged leak of stealer logs with mixed credentials
Category: Combo List
Content: Threat actor fatetraffic shared stealer logs containing 1,054 mixed credentials via file sharing platform with password protection.
Date: 2026-03-28T06:48:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70140/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo Japan credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,541 credential entries specifically targeting Yahoo Japan (yahoo.co.jp) domain users via a file sharing platform.
Date: 2026-03-28T06:07:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70138/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Yahoo Japan
Victim Site: yahoo.co.jp
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 161,822 credential pairs specifically targeting Yahoo domain users through a file sharing platform.
Date: 2026-03-28T05:57:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70137/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged data breach of Chronopost
Category: Data Breach
Content: A threat actor claims to have leaked a database belonging to Chronopost, a French courier service. The dataset reportedly contains approximately 860,000 customer records, including personal details such as names, email addresses, and parcel-related information like tracking numbers, delivery details, locker locations, and shipment status.
Date: 2026-03-28T05:47:16Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-FR-Chronopost-860k
Screenshots:
None
Threat Actors: aeter
Victim Country: France
Victim Industry: Transportation & Logistics
Victim Organization: chronopost
Victim Site: chronopost.fr
Alleged data breach of Fenie Energía S.A.
Category: Data Breach
Content: A threat actor claims to have breached the database of Fenie Energia. The leaked data reportedly includes a large dataset of 430GB, containing sensitive information such as ID card details, contracts, financial/card-related data, personal information, contact details, IBAN numbers, billing records, and corporate data.
Date: 2026-03-28T05:37:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-ES-Spain-Electricity-Company-FENIE-Energia
Screenshots:
None
Threat Actors: spain
Victim Country: Spain
Victim Industry: Energy & Utilities
Victim Organization: fenie energía s.a.
Victim Site: fenieenergia.es
Alleged data breach of Alcaldía de Medellín
Category: Data Breach
Content: A threat actor claims to have leaked data from the Medellín government platform, exposing a wide range of administrative and operational records. The compromised dataset reportedly includes citizen and client information, official case records, financial and accounting data, inventory logs, internal and external documents, as well as active user and system-related information.
Date: 2026-03-28T05:36:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CO-MEDELLIN-GOV-CO-FREE-LEAK
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Government & Public Sector
Victim Organization: alcaldía de medellín
Victim Site: medellin.gov.co
Alleged data breach of Imej Parking Sdn Bhd
Category: Data Breach
Content: A threat actor claims to have leaked the full infrastructure of Imej Parking Sdn Bhd.The data reportedly includes a large database containing over 138 tables and tens of thousands of customer records. the exposed data may include usernames, email addresses, phone numbers, physical addresses, and identification details.
Date: 2026-03-28T05:21:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-MALAYSIA-Imej-Parking-Sdn-Bhd-%E2%80%93-Full-Infrastructure-Leak-Few-GOV-Data
Screenshots:
None
Threat Actors: k4y0s3
Victim Country: Malaysia
Victim Industry: Transportation & Logistics
Victim Organization: imej parking sdn bhd
Victim Site: imej.com.my
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor klyne05 shared a combolist containing Hotmail email credentials on a cybercriminal forum. The post claims the credentials are private, fresh, and verified.
Date: 2026-03-28T05:19:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70136/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of ogledharma.xyz by MatrixMan (ikan julung julung team)
Category: Defacement
Content: The website ogledharma.xyz was defaced by the attacker MatrixMan, affiliated with the team ikan julung julung, on March 28, 2026. This was classified as a home page defacement rather than a mass defacement campaign.
Date: 2026-03-28T05:13:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820963
Screenshots:
None
Threat Actors: MatrixMan, ikan julung julung
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ogledharma.xyz
Website defacement of mes-lucioles-fractales.ch by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: The website mes-lucioles-fractales.ch was defaced by attacker aexdy, affiliated with the Leviathan Perfect Hunter group, on March 28, 2026. This was identified as a home page defacement incident.
Date: 2026-03-28T05:12:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820964
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mes-lucioles-fractales.ch
Alleged leak of mixed forums credential combolist
Category: Combo List
Content: A threat actor shared an 81,000 record combolist containing mixed credentials from various forums. The post indicates the credentials are valid forum accounts.
Date: 2026-03-28T04:45:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70135/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Kash Patel Emails
Category: Data Leak
Content: The threat actor claims to have leaked personal data associated with Kash Patel. The exposed data including emails, photographs, work-related documents, and other personal records.
Date: 2026-03-28T04:11:01Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Hacked-Kash-Patel-Emails-Handala
Screenshots:
None
Threat Actors: cementine
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Gauteng Provincial Government
Category: Data Breach
Content: A threat actor claims to have breached the systems of the Gauteng Provincial Government.The dataset reportedly contains approximately 3.6 million files related to government operations. which expose sensitive government data and internal records.
Date: 2026-03-28T04:03:00Z
Network: tor
Published URL: http://37lfmtakhknzx5t6k57ieijkiqrc4c3kpimfvrmafva25ut2tknvw3yd.onion/
Screenshots:
None
Threat Actors: XP95
Victim Country: South Africa
Victim Industry: Government & Public Sector
Victim Organization: gauteng provincial government
Victim Site: gauteng.gov.za
Alleged data leak of UAE Passport
Category: Data Leak
Content: The group claims to have leaked data related to UAE Passports.
Date: 2026-03-28T03:58:37Z
Network: telegram
Published URL: https://t.me/cybersecunity/1320
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 284,319 Hotmail email and password combinations from mixed countries via a file sharing service.
Date: 2026-03-28T03:48:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70133/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed country credential combolist
Category: Combo List
Content: A credential combolist containing 1,768,548 records from mixed countries was shared for free download via Mega file hosting service.
Date: 2026-03-28T03:47:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70134/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of China Data
Category: Data Leak
Content: The threat actor claims to have leaked a large dataset associated with China organizations. The exposed dataset is claimed to be approximately 100GB and includes a mix of sensitive information such as personal data, enterprise documents, financial records, contracts, internal files, and event-related data.
Date: 2026-03-28T03:37:49Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1273
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email service credentials including Hotmail and Office365
Category: Data Breach
Content: Threat actor richishim advertises credential services for multiple email providers including Hotmail, Skynet, Orange, and EDU Office365 accounts on cybercriminal forum.
Date: 2026-03-28T03:37:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70132/
Screenshots:
None
Threat Actors: richishim
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Cyber Attack Hits Volkswagen associated with Subdomain Compromise
Category: Defacement
Content: News regarding a cyberattack targeting Volkswagen has emerged, with claims that Turkish hacktivists compromised a company subdomain.
Date: 2026-03-28T03:33:27Z
Network: openweb
Published URL: https://x.com/nullsecurityx/status/2037632267737043222
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Automotive
Victim Organization: volkswagen
Victim Site: Unknown
Alleged leak of Shomrim database
Category: Data Leak
Content: The group claims to have leaked Shomrim database
Date: 2026-03-28T03:18:39Z
Network: telegram
Published URL: https://t.me/cybersecunity/1314
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: UK
Victim Industry: Non-profit & Social Organizations
Victim Organization: shomrim database
Victim Site: shomrimlondon.org.uk
Alleged access to multiple CCTV surveillance systems in USA
Category: Initial Access
Content: The group claims to have gained unauthorized access to multiple CCTV surveillance systems in USA
Date: 2026-03-28T03:11:42Z
Network: telegram
Published URL: https://t.me/op_morningstar/611
Screenshots:
None
Threat Actors: MORNING STAR
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ministry of National Defence Romania (MAPN)
Category: Data Breach
Content: The group claims to have leaked data from Ministry of National Defence Romania (MAPN)
Date: 2026-03-28T03:04:03Z
Network: telegram
Published URL: https://t.me/cybersecunity/1306
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: Romania
Victim Industry: Government Administration
Victim Organization: ministry of national defence romania (mapn)
Victim Site: mapn.ro
Alleged breach of Israeli Air Force
Category: Data Breach
Content: the group claims to have leaked data from Israeli Air Force.
Date: 2026-03-28T02:59:27Z
Network: telegram
Published URL: https://t.me/cybersecunity/1312
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: israeli air force
Victim Site: iaf.org.il
Alleged leak of Israeli WhatsApp Numbers Database
Category: Data Leak
Content: The group claims to have leaked Israeli WhatsApp Numbers Database.
Date: 2026-03-28T02:50:27Z
Network: telegram
Published URL: https://t.me/cybersecunity/1318?single
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israel Transport Infrastructure People’s Information
Category: Data Leak
Content: The group claims to have leaked Israel Transport Infrastructure People’s Information.
Date: 2026-03-28T02:47:42Z
Network: telegram
Published URL: https://t.me/cybersecunity/1318
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: Israel
Victim Industry: Transportation & Logistics
Victim Organization: israel transport infrastructure
Victim Site: iroads.co.il
Alleged leak of Israeli Banks Card Data
Category: Data Leak
Content: The group claims to have leaked Israeli Banks Card Data
Date: 2026-03-28T02:40:14Z
Network: telegram
Published URL: https://t.me/cybersecunity/1318?single
Screenshots:
None
Threat Actors: CYBER U.N.I.T.Y
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged EBT fraud and money laundering service advertisement
Category: Combo List
Content: Threat actor advertises EBT (Electronic Benefits Transfer) cash-out services claiming to operate multiple stores and markets for fraudulent benefit conversion across any US state with same-day payment and no limits.
Date: 2026-03-28T02:34:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70130/
Screenshots:
None
Threat Actors: jzebi05450
Victim Country: United States
Victim Industry: Government Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CoinMarketCap user database
Category: Data Breach
Content: Forum user claims to have access to 3 million CoinMarketCap cryptocurrency user email addresses, allegedly targeting the data for marketing purposes. Multiple sample email addresses from various domains were provided as proof of the dataset.
Date: 2026-03-28T02:33:09Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-3M-COINMARKETCAP-CRYPTO-USERS-EMAIL-DATA-FOR-MARKETING
Screenshots:
None
Threat Actors: splet03
Victim Country: Unknown
Victim Industry: Cryptocurrency
Victim Organization: CoinMarketCap
Victim Site: coinmarketcap.com
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor shared what appears to be a credential list containing phone numbers and passwords, described as high quality and private content.
Date: 2026-03-28T02:15:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70127/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credentials
Category: Combo List
Content: Forum post claims to contain WordPress login credentials in URL:LOGIN:PASS format. No post content was available to verify the claim or determine scope.
Date: 2026-03-28T02:15:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70128/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor is sharing a credential combolist containing login credentials in URL:LOGIN:PASS format, advertised as high quality and private. The post appears to be offering free access to the credential list on a cracking forum.
Date: 2026-03-28T02:05:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70124/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist targeting USA and Europe
Category: Combo List
Content: A threat actor is distributing a combolist containing credential combinations targeting users from the United States and Europe. The post advertises this as an exclusive hits mix combolist.
Date: 2026-03-28T02:05:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70125/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential lists targeting Europe and USA
Category: Combo List
Content: Threat actor claims to distribute high quality credential lists (combolists) targeting users in Europe and USA regions. The post advertises the credentials as fully valid but lacks specific details about sources or record counts.
Date: 2026-03-28T02:04:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70126/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach with cracked accounts shared on CrackingX forum
Category: Combo List
Content: User Kinglukeman shared cracked accounts on CrackingX forum dated March 27, 2026, but specific details about the data are hidden behind registration requirements.
Date: 2026-03-28T01:52:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70122/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 3,700 alleged Hotmail email and password combinations dated March 28, 2026. The credentials are being distributed for free download via Mediafire and promoted through Telegram contact.
Date: 2026-03-28T01:52:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70123/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged forum post with unclear content
Category: Alert
Content: Forum post contains only repeated w characters with no discernible threat intelligence value or actionable information.
Date: 2026-03-28T01:51:16Z
Network: openweb
Published URL: https://breachforums.sb/Thread-wwwwwwwwwww
Screenshots:
None
Threat Actors: wd1010
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed corporate credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 183,795 credential pairs targeting mixed corporate entities, made available as a free download via file sharing service.
Date: 2026-03-28T01:34:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70120/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 8,577 lines targeting mixed domains has been made available for free download on a cybercriminal forum.
Date: 2026-03-28T01:33:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70121/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Webull
Category: Data Breach
Content: A threat actor claims to be selling a large dataset allegedly sourced from the Webull app. The database reportedly contains approximately 2.6 million unique investor records.The Exposed data may include full names, phone numbers, email addresses, and dates of birth.
Date: 2026-03-28T01:22:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-American-stock-market-investors-securities-2600K
Screenshots:
None
Threat Actors: datasource
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: webull
Victim Site: webull.com
Alleged Sale of Unauthorized Access to an Unidentified Chinese Luxury Retail Company
Category: Initial Access
Content: A threat actor claims to be selling unauthorized firewall access to a luxury retail company based in China.The access reportedly provides administrator-level privileges on a Linux-based system.
Date: 2026-03-28T01:20:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-Access-3-access-China-Luxury-retail-company
Screenshots:
None
Threat Actors: BCXIII
Victim Country: China
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer valid Hotmail credentials through a private cloud service. The threat actor promotes access to these credential lists via Telegram contact.
Date: 2026-03-28T01:09:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70119/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of German Citizens Database
Category: Data Leak
Content: A threat actor claims to be selling a database allegedly containing records of German citizens.The dataset reportedly includes approximately 622,000 records in SQL/CSV format. The exposed data fields may include names, email addresses, phone numbers, and physical addresses.
Date: 2026-03-28T00:58:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Germany-Citizens-Database-622k
Screenshots:
None
Threat Actors: fent888
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of private logs data
Category: Combo List
Content: User maicolpg19 shared a password-protected download link containing approximately 2GB of private logs data on a cybercrime forum. The specific nature and origin of the logs remains unclear from the limited post information.
Date: 2026-03-28T00:48:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70118/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor claims to have leaked over 100,000 Gmail credentials on the CrackingX forum. The post content is hidden behind registration requirements, making verification of the claims difficult.
Date: 2026-03-28T00:16:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70116/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website defacement of predatorhama.com by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The website predatorhama.com was defaced by attacker tirz4sec, affiliated with the jatengblekhet team, on March 28, 2026. This appears to be a single-target defacement incident with no specified motivation or reasoning provided.
Date: 2026-03-28T00:12:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820924
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: predatorhama.com
BABAYO EROR SYSTEM targets the website of neriva.space
Category: Defacement
Content: The group claims to have defaced the website of neriva.space
Date: 2026-03-28T00:02:49Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/404
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Services
Victim Organization: neriva.space
Victim Site: neriva.space