[March-30-2026] Daily Cybersecurity Threat Report

1. Executive Summary

The analyzed period reflects a surge in automated and coordinated cyber activities. Key highlights include:

Credential Megaleaks: The distribution of “Combo Lists” reached staggering volumes, including a single collection of 17.52 million records and another targeting 14 million Hotmail accounts.
Government Infrastructure under Siege: A specific threat actor, Chronus leaks, systematically targeted Argentinian provincial ministries, leaking databases from health, education, and law enforcement sectors.
Strategic Exploitation: High-value targets such as Dubai Airports , the China People’s Liberation Army Rocket Force (PLARF) , and Israeli military technology industries faced alleged data breaches.
Industrial & IoT Risks: Reports emerged of unauthorized access to SCADA systems in Turkey and IoT smart home systems in Italy.

2. Quantitative Analysis of Incident Categories

The following table summarizes the distribution of the 249 reported incidents by category:

Category	Primary Characteristics	Notable Examples
Combo List	Massive dumps of email/password pairs, often targeting specific providers like Hotmail or Gmail.	13M mixed platform records; 7.5M UK accounts.
Data Breach	Unauthorized access and extraction of sensitive organizational databases.	2M records from National Disability Agency; 870k Market Watch records.
Defacement	Altering website appearances, often for notoriety or political signaling.	Mass campaigns by Nicotine/Umbra Community and maw3six.
Initial Access	Selling backdoors, web shells, or administrative credentials to third parties.	Unauthorized web shell access to OTIC; Turkish SCADA access.
Malware	Promotion and sale of sophisticated exploitation tools.	iOS 18.4–18.6 zero-click malware; Noobsaibot HVNC.

3. Deep Dive: Targeted Sectoral Analysis

3.1 Public Sector and Government Administration

Government agencies are currently the primary targets for “Chronus leaks,” which has demonstrated a focused campaign against Argentina.

Argentina: Significant breaches include the Ministry of Health of Buenos Aires , OSEP (full names and residence) , the Chubut Education Ministry , and the Police of Misiones.
Mexico: Tecomán City Council and Regio Ruta Monterrey data was allegedly leaked, including personal and employment-related information.
Bangladesh: The Bureau of Manpower, Employment and Training database was compromised, exposing worker profiles and passport details.
USA: The Washington Office of Superintendent of Public Instruction suffered a breach involving school district names and positions.

The healthcare sector remains a high-value target due to the sensitive nature of Personal Identifiable Information (PII) and Protected Health Information (PHI).

California Medicare: A database of up to 300,000 records was offered for sale.
Neuquén, Argentina: Over 1 million patient records were allegedly breached from the Ministry of Health.
Institute of Medical Assistance Work: Breach claims include names, employment entities, and birth dates.

3.3 The Credential Underground (Hotmail & Gmail)

Threat actors like CODER, HQcomboSpace, and BestCombo are flooding forums with millions of credentials.

Hotmail Obsession: Massive lists targeting Hotmail were frequent, including 1.9M gaming/shopping credentials , 14M mixed-region credentials , and 1.16M crypto-focused credentials.
Regional Lists: Targeted dumps appeared for the UK (7.5M) , Germany (613k) , and Japan (33.8M).

4. Threat Actor Profiles

4.1 Chronus Leaks

Chronus leaks is the most prolific actor in the dataset regarding targeted entity breaches. Their operations are characterized by:

Sector Focus: Heavy emphasis on Argentinian government administration, healthcare, and education.
Data Granularity: Leaks often include high-detail records like tax IDs (CUIT), DNI numbers, and weekly work schedules.

4.2 Nicotine (Umbra Community)

Nicotine is a primary driver of the current defacement wave.

Volume: This actor is responsible for dozens of single-target defacements.
Target Diversity: They target everything from law firms (Or Primor Law) to solar energy companies (ANZ Solar) and environmental NGOs (1 Billion Trees).

4.3 CODER and Kotowka

CODER: Focuses on the free distribution of massive credential packages (7M-13M records) to drive traffic to Telegram channels and promote “private” combos.
Kotowka: Operates as a merchant, selling country-specific lists (USA, Japan, Canada, Hong Kong) typically priced at $100 per 1 million records.

5. Sophisticated Threats and Emerging Malware

The market for high-tier exploitation tools remains active, indicating a shift toward stealth and automation.

iOS Zero-Click Malware: A tool claiming to target iOS 18.4–18.6 is being marketed for $25k+, offering full device control and data theft.
NetScan.info: An automated platform designed to scan for vulnerabilities and extract API keys for AWS, Stripe, and PayPal.
Noobsaibot HVNC: A hidden remote desktop tool using zero-disk execution to evade detection, priced at $5,000.
SCADA & IoT: Successful manipulation of a heating system in Bursa, Turkey and smart home systems in Italy highlights the increasing vulnerability of physical infrastructure.

6. Significant Corporate & Military Incidents

Beyond the “noise” of credential stuffing, several high-impact incidents were reported:

Cota Co., Ltd. (Japan): This cosmetics firm reported a major system disruption on March 27, 2026, leading to investigations into potential personal data theft.
Dubai Airports (UAE): Nasir Security claims to have maintained access for months, allegedly obtaining passport records and threatening a massive document release.
Israeli Military Tech: Anonymous For Justice claims to have leaked 1.4 terabytes of data from Elbit Systems and Rafael Advanced Defense Systems.
PLARF (China): Alleged breach of the Rocket Force, including sample records and contact details.

7. Regional Incident Distribution

Region	Primary Threat Type	Dominant Actor(s)
South America	Data Breaches (Gov/Health)	Chronus leaks
Israel/Middle East	CCTV Hijacking, Military Leaks, Defacement	Anonymous For Justice , Nicotine
Western Europe	Retail Credential Lists, Telecom Breaches	BestCombo , Postal4938
Asia-Pacific	Education Breaches, E-commerce Breaches	Team Hazardous Pakistan , Kotowka
USA	Healthcare & Telecommunications	Immanuel_Kant , golems1996

8. Conclusion

The cybersecurity events of late March 2026 illustrate a dual-track threat environment. On one side, there is a high-volume, automated commodity market where millions of credentials (particularly Hotmail) are traded like bulk currency. This suggests that “credential stuffing” remains one of the most viable and efficient attack vectors for entry-level threat actors.

On the other side is a highly targeted campaign against public infrastructure. The systematic dismantling of Argentinian provincial databases by Chronus leaks indicates a deliberate effort to compromise civil services and public safety. Furthermore, the alleged breaches of military entities in China and Israel, alongside the sale of zero-click iOS malware, point toward a sophisticated tier of cyber warfare and high-stakes espionage.

Organizations must prioritize Multi-Factor Authentication (MFA) to mitigate the risks posed by the massive combo lists and enhance the monitoring of administrative web shells and API key exposures, which are increasingly being automated for rapid data harvesting.

Detected Incidents Draft Data

Alleged leak of educational domain credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 128,398 credentials from mixed educational domains. The data was made available as a free download through a file-sharing service.
Date: 2026-03-30T23:52:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70504/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Asbury International by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced the privacy policy page of Asbury Internationals website on March 31, 2026. The attack targeted a specific page rather than the main site homepage.
Date: 2026-03-30T23:44:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822913
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Asbury International
Victim Site: asbury-intl.com
Alleged data leak of California Medicare Customer Data
Category: Data Leak
Content: A threat actor claims to be selling a database of California Medicare customer information, with around 48,000 records already extracted and up to 150,000–300,000 records potentially available.
Date: 2026-03-30T23:37:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279531/
Screenshots:
None
Threat Actors: golems1996
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of shenqixiangsu.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced a subdirectory of shenqixiangsu.com on March 31, 2026. The attack targeted a specific upload directory rather than the main homepage of the Chinese website.
Date: 2026-03-30T23:11:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822912
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shenqixiangsu.com
Alleged leak of mixed email-password credential list
Category: Combo List
Content: A threat actor shared a credential list containing 140,000 email and password combinations from mixed sources. The actor also advertises selling high-quality combo lists with guarantee.
Date: 2026-03-30T23:04:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70502/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Kits Tech Solutions by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the services page of Kits Tech Solutions on March 31, 2026. This appears to be an isolated defacement incident targeting the technology services companys website.
Date: 2026-03-30T22:48:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822910
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Technology Services
Victim Organization: Kits Tech Solutions
Victim Site: kitstechsolutions.com
Website defacement of Brazilian Federal Regional Court by spl1nt3r
Category: Defacement
Content: Threat actor spl1nt3r defaced a Brazilian Federal Regional Court website on March 31, 2026. The attack targeted a specific page within the courts search functionality rather than the homepage.
Date: 2026-03-30T22:30:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822904
Screenshots:
None
Threat Actors: spl1nt3r
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Federal Regional Court of the 1st Region
Victim Site: www.trf1.jus.br
Website defacement of MU Global by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M compromised and defaced the videos section of muglobal.com.br on March 31, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-30T22:30:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822903
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: MU Global
Victim Site: muglobal.com.br
spl1nt3r defaced www.trf1.jus.br/trf1/busca/?pa…
Category: Defacement
Content: Target: www.trf1.jus.br/trf1/busca/?pa…Attacker: spl1nt3rDate: 2026-03-31 05:28:19
Date: 2026-03-30T22:30:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822904
Screenshots:
None
Threat Actors: spl1nt3r
Victim Country: United States of America
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.trf1.jus.br/trf1/busca/?pa…
Alleged sale of unauthorized web shell access to OTIC
Category: Initial Access
Content: The threat actor claims to be selling unauthorized web shell access to OTIC.
Date: 2026-03-30T22:01:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CL-OTIC-Web-Shell-Access
Screenshots:
None
Threat Actors: malloc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Automated Website Vulnerability Scanning and API Key Extraction Tool
Category: Malware
Content: The threat actor claims to be offering an automated platform designed to scan websites for vulnerabilities and extract sensitive data, including API keys from services such as AWS, Stripe, PayPal, and SMTP providers.
Date: 2026-03-30T21:48:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279519/
Screenshots:
None
Threat Actors: PyKuBBePx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Bureau of Manpower, Employment and Training
Category: Data Leak
Content: The threat actor claims to have leaked the database of Bureau of Manpower, Employment and Training, the compromised dataset include contact records, enrollment data, and nominee information.
Date: 2026-03-30T21:44:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-824k-Bangladesh-www-bmet-gov-bd-Worker-profiles-including-passport-contact-job
Screenshots:
None
Threat Actors: Grubder
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bureau of manpower, employment and training
Victim Site: bmet.gov.bd
Alleged leak of Hotmail gaming and shopping credentials
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.989 million Hotmail credentials specifically targeting gaming and shopping accounts. The credential list was made available for free download via a file sharing service.
Date: 2026-03-30T21:42:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70501/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Tecomán City Council
Category: Data Leak
Content: The threat actor claims to have leaked the database of the Tecomán City Council, with the compromised data containing sensitive personal and employment-related information.
Date: 2026-03-30T21:37:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATA-LEAK-OF-SIDEPAT-TECOMAN
Screenshots:
None
Threat Actors: blackout948
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: tecomán city council
Victim Site: tecoman.gob.mx
Alleged distribution of UK email credential combolists including banking and social media accounts
Category: Combo List
Content: Threat actor is distributing free credential combolists containing 7.5 million UK email accounts from various providers including banking and social media platforms through Telegram channels.
Date: 2026-03-30T21:33:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70499/
Screenshots:
None
Threat Actors: CODER
Victim Country: United Kingdom
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MINISTRY OF HEALTH OF BUENOS AIRES
Category: Data Breach
Content: Group claims to have leaked database from the Ministry of Health of Buenos Aires. The compromised data reportedly includes address, number, floor, postal code, phone number, and email.
Date: 2026-03-30T21:22:58Z
Network: telegram
Published URL: https://t.me/c/3803830732/222
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: ministry of health of buenos aires
Victim Site: gba.gob.ar
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,490 Hotmail email and password combinations for free download on a cybercrime forum.
Date: 2026-03-30T21:22:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70498/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of OSEP
Category: Data Breach
Content: Group claims to have leaked database from OSEP. The compromised data include full name, residence (address), cell phone number, email address, and relationship. It also includes identification details such as member number and ID card number, along with the category. Membership-related information covers the joining date, expiration date, termination date, termination reason, and seniority. Additionally, it records health program registrations and credential data.
Date: 2026-03-30T21:11:44Z
Network: telegram
Published URL: https://t.me/c/3803830732/218
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: osep
Victim Site: osepmendoza.com.ar
Alleged data breach of Institute of Medical Assistance Work
Category: Data Breach
Content: The group claims to have breached data from the Institute of Medical Assistance Work. Reported records include last name, first name, employment entity, and date of birth and more.
Date: 2026-03-30T21:03:37Z
Network: telegram
Published URL: https://t.me/c/3803830732/226
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Unknown
Victim Industry: Education
Victim Organization: institute of medical assistance work
Victim Site: Unknown
Alleged data breach of Xleet Shop
Category: Data Breach
Content: The threat actor claims to have breached the database from Xleet Shop. The post claims to reveal sensitive personal and identity-related information belonging to the alleged owner/operator of the platform.
Date: 2026-03-30T20:58:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Identity-Reveal-Xleet-Shop-owner-name-emailaddress-physical-address-passport
Screenshots:
None
Threat Actors: leakerpro
Victim Country: Egypt
Victim Industry: Software Development
Victim Organization: xleet shop
Victim Site: xleet.sh
Alleged data breach of CHUBUT EDUCATION MINISTRY
Category: Data Breach
Content: Group claims to have leaked database from CHUBUT EDUCATION MINISTRY. The compromised data include personal and administrative information such as full name, tax identification number (CUIT), national identity document (DNI), date of birth, residence, email address, disability status, declaration data, year, declaration ID, creation and confirmation dates, status, certification details, affiliated establishment, total hours declared, declared subjects and roles, and a weekly schedule grid.
Date: 2026-03-30T20:51:16Z
Network: telegram
Published URL: https://t.me/c/3803830732/224
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: chubut education ministry
Victim Site: chubut.edu.ar
Alleged leak of Hotmail credential combolists
Category: Combo List
Content: Threat actor claims to be distributing 14 million Hotmail credentials from multiple domains (hotmail.com, hotmail.fr, hotmail.es) through Telegram channels. The credentials are being offered for free distribution rather than for sale.
Date: 2026-03-30T20:50:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70496/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of National Survey of Educational Personnel
Category: Data Breach
Content: The group claims to have leaked a data from National Survey of Educational Personnel. The compromised data includes personal and employment records such as names, document numbers, job positions, service levels, work hours, and other personnel information.
Date: 2026-03-30T20:50:16Z
Network: telegram
Published URL: https://t.me/c/3803830732/216
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: ministry of education of argentina
Victim Site: argentina.gob.ar/educacion/renpe-2025
Alleged sale of fraudulent bank and cryptocurrency exchange accounts
Category: Initial Access
Content: Threat actor notAtomic advertises sale of fraudulent bank and cryptocurrency exchange accounts including Revolut, Wise, and Zen through automated shop at atomicbanks.su. Accounts are described as handmade and delivered via Telegram.
Date: 2026-03-30T20:50:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70497/
Screenshots:
None
Threat Actors: notAtomic
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials
Category: Combo List
Content: Forum post claims to contain over 100,000 Gmail credentials, though the actual content is restricted to registered users only.
Date: 2026-03-30T20:41:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70495/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com
Alleged data breach of Policía de Misiones
Category: Data Breach
Content: The group claims to have leaked a data from Policía de Misiones. The compromised data over 19,000 documents includes full names, business names, sector information, addresses, expiration dates, and certificate numbers.
Date: 2026-03-30T20:40:33Z
Network: telegram
Published URL: https://t.me/c/3803830732/212
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Public Safety
Victim Organization: policía de misiones
Victim Site: policiamisiones.gob.ar
Alleged data breach of Gobierno de Jujuy
Category: Data Breach
Content: The group claims to have leaked a database from Gobierno de Jujuy. The compromised data over 250,000 records includes personal identification information such as full name, ID number, tax ID, birth date, residence, and personal details.
Date: 2026-03-30T20:37:50Z
Network: telegram
Published URL: https://t.me/c/3803830732/214
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: gobierno de jujuy
Victim Site: educacion.jujuy.gob.ar
Allegedly leaked data of Military technology industries
Category: Data Leak
Content: Group claims to have leaked 1400 gigabytes of the latest achievements of the most important military technology industries, including Rafael Advanced Defense Systems, Elbit Systems.
Date: 2026-03-30T20:24:17Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/63
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 39,000 fresh credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 39,000 allegedly valid and fresh credential combinations on a cybercriminal forum. The credentials are described as high quality and appear to be freely distributed.
Date: 2026-03-30T20:23:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70493/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of BTInternet credentials
Category: Combo List
Content: A threat actor shared a credential list containing 101,000 BTInternet accounts on a cybercriminal forum. The data is described as high quality and made available for free download to registered forum users.
Date: 2026-03-30T20:14:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70491/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: United Kingdom
Victim Industry: Telecommunications
Victim Organization: BT Group
Victim Site: btinternet.com
Alleged leak of Comcast credentials
Category: Combo List
Content: User Immanuel_Kant shared a free download containing alleged Comcast credentials affecting approximately 99,000 records on CrackingX forum.
Date: 2026-03-30T20:13:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70492/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Comcast
Victim Site: comcast.net
Alleged data breach of National Office for Distance Education and Training
Category: Data Breach
Content: The threat actor claims to have breached data from the National Office for Distance Education and Training, allegedly containing students’ full names, usernames, plaintext passwords, IP addresses, academic emails, birthdays, registration dates, and more.
Date: 2026-03-30T20:12:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-National-Office-for-Distance-Education-and-Training-of-Algerian
Screenshots:
None
Threat Actors: Null_Iterator
Victim Country: Algeria
Victim Industry: Education
Victim Organization: national office for distance education and training
Victim Site: onefd.edu.dz
Alleged data breach of POLICIA DE MISIONES
Category: Data Breach
Content: Group claims to have leaked database from Policía de Misiones. The compromised data include name of the complainant, national identity document (DNI), residential address, description of the issue, information about the reported individual, and the request or petition submitted.
Date: 2026-03-30T20:12:22Z
Network: telegram
Published URL: https://t.me/c/3803830732/210
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: policía de misiones
Victim Site: policiamisiones.gob.ar
Alleged data breach of Police of Santiago del Estero
Category: Data Breach
Content: The group claims to have breached data from Police of Santiago del Estero. The compromised data includes sensitive personal information such as identification numbers, residence details, status records, death details, relatives’ information, and police officer names.
Date: 2026-03-30T20:11:46Z
Network: telegram
Published URL: https://t.me/c/3803830732/205
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Law Enforcement
Victim Organization: police of santiago del estero
Victim Site: policiadesantiago.gob.ar
Alleged leak of LHKPN asset declaration data linked to PSI DPRD Jakarta
Category: Data Breach
Content: The threat actor claims to have exposed a dataset containing LHKPN (asset declaration) records allegedly associated with members of the PSI faction in the Jakarta Regional House of Representatives (DPRD) for the 2024–2029 period. The data reportedly includes personal identification details such as full names, national ID numbers (NIK), addresses, institutional roles, and reporting metadata, along with financial and asset information including property ownership, vehicles, investment portfolios, bank balances, and liabilities.
Date: 2026-03-30T20:07:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DATA-EXPOSURE-BY-SHENIRA6CORE-LHKPN-PSI-DPRD-DKI-JAKARTA-2024-2029
Screenshots:
None
Threat Actors: Shenira6core
Victim Country: Indonesia
Victim Industry: Political Organization
Victim Organization: psi jakarta
Victim Site: jakarta.psi.id
Alleged Leak of Russian Federation Plan for Centralized Control of Critical Infrastructure
Category: Data Leak
Content: The group claims that they leaked documents reveal the Russian Federation is creating a fully centralized and controlled model of critical infrastructure.
Date: 2026-03-30T20:04:36Z
Network: telegram
Published URL: https://t.me/ukrainian_militant/36714?single
Screenshots:
None
Threat Actors: UKRAINIAN MILITANT
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of POLICIA DE TUCUMAN
Category: Data Breach
Content: Group claims to have leaked a database from the Policía de Tucumán. The compromised data includes sensitive personal information such as a photo of the national identity document (DNI), birth certificate, full name, national ID number, gender, date of birth, marital status, residential address, email address, phone number, and criminal record.
Date: 2026-03-30T20:04:32Z
Network: telegram
Published URL: https://t.me/c/3803830732/207
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: policia de tucuman
Victim Site: policiadetucuman.gov.ar
Alleged data breach of Consejo General de Educación
Category: Data Breach
Content: The group claims to have breached data from Consejo General de Educación. data reportedly containing over 1,000,000 records. includes personal information, identification numbers, contact details, school information, and family member data.
Date: 2026-03-30T20:02:49Z
Network: telegram
Published URL: https://t.me/c/3803830732/203
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Education
Victim Organization: consejo general de educación
Victim Site: cge.entrerios.gov.ar
Alleged data breach of Río Uruguay Seguros
Category: Data Breach
Content: The group claims to have breached data from Río Uruguay Seguros.
Date: 2026-03-30T19:54:55Z
Network: telegram
Published URL: https://t.me/c/3803830732/199
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Financial Services
Victim Organization: río uruguay seguros
Victim Site: riouruguay.com.ar
Alleged promotion of credit card fraud vendor guide and marketplace
Category: Combo List
Content: Forum post promotes a guide for finding legitimate credit card vendors and cashout methods, referencing financial losses from fraudulent transactions and directing users to external resources for vendor vetting processes.
Date: 2026-03-30T19:53:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70490/
Screenshots:
None
Threat Actors: AnonymousHelper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
TBDF targets the website of Combiz Solutions
Category: Defacement
Content: Group claims to have defaced the website of Combiz Solutions.
Date: 2026-03-30T19:48:27Z
Network: telegram
Published URL: https://t.me/c/1867326321/608
Screenshots:
None
Threat Actors: TBDF
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: combiz solutions
Victim Site: combizsolutions.co.in
Alleged leak of German shopping credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credential pairs allegedly targeting German shopping websites. The data is being distributed for free via a file sharing service.
Date: 2026-03-30T19:44:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70485/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed country credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 141,000 credentials from mixed countries on a cybercrime forum. The content is hidden and requires user registration to access.
Date: 2026-03-30T19:44:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70486/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,747 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are being distributed for free to registered forum users.
Date: 2026-03-30T19:44:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70487/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of 7 million credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 7 million credential pairs through Telegram channels. The actor provides free access to combo lists and programs through multiple Telegram groups.
Date: 2026-03-30T19:43:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70488/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of crypto-banking credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing nearly 2 million credentials allegedly targeting crypto-banking platforms through a file sharing service.
Date: 2026-03-30T19:43:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70489/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of National Disability Agency
Category: Data Breach
Content: The group claims to have breached data from Gobierno de Salta. The data reportedly 2 million records include police records, missing persons data, consultation records, family violence records, summaries, and vehicle data.
Date: 2026-03-30T19:43:21Z
Network: telegram
Published URL: https://t.me/c/3803830732/187
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government & Public Sector
Victim Organization: national disability agency
Victim Site: argentina.gob.ar
Alleged data leak of General Directorate of Schools
Category: Data Leak
Content: The group claims to have breached data from the General Directorate of Schools, reportedly exposing student information, employee records, user data, scholarships, school details, and more.
Date: 2026-03-30T19:30:45Z
Network: telegram
Published URL: https://t.me/c/3803830732/163
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Education
Victim Organization: general directorate of schools
Victim Site: mendoza.edu.ar
Alleged sale of Mandatory Technical Inspection (RTO) Argentina
Category: Data Breach
Content: The group claims to be selling data from Mandatory Technical Inspection (RTO) Argentina. The data reportedly including vehicle inspection records and operator information. The group states the full database contains approximately 1 million vehicle records and is being offered for sale.
Date: 2026-03-30T19:29:15Z
Network: telegram
Published URL: https://t.me/c/3803830732/169
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Gobierno de Salta
Category: Data Breach
Content: The group claims to have breached data from Gobierno de Salta. The data reportedly 2 million records include police records, missing persons data, consultation records, family violence records, summaries, and vehicle data.
Date: 2026-03-30T19:23:50Z
Network: telegram
Published URL: https://t.me/c/3803830732/171
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: gobierno de salta
Victim Site: salta.gob.ar
Alleged data breach of Ministerio de Seguridad Nacional
Category: Data Breach
Content: The group claims to have breached data from Ministerio de Seguridad. The data reportedly includes personal information, criminal case records, police records, and internal judicial information, with over 30,000 records exposed.
Date: 2026-03-30T19:23:34Z
Network: telegram
Published URL: https://t.me/c/3803830732/167
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: ministerio de seguridad nacional
Victim Site: argentina.gob.ar/seguridad
Alleged sale of Advanced Zero-Click iOS Malware
Category: Malware
Content: The group claims to be selling an zero-click iOS malware for iOS 18.4–18.6 can silently take full control of a device, steal data (messages, photos, location, crypto wallets), and provide real-time monitoring through a control panel.
Date: 2026-03-30T19:20:25Z
Network: telegram
Published URL: https://t.me/hkvd_team/90?single
Screenshots:
None
Threat Actors: HKVD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fédération Française de Savate
Category: Data Breach
Content: The threat actor claims to have breached the database from Fédération Française de Savate, the dataset contains personal data of 689,891 unique members/adherents and reportedly covers records from 1977 to 2026.
Date: 2026-03-30T19:20:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-679K-F%C3%A9d%C3%A9ration-Fran%C3%A7aise-de-Savate
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Sports
Victim Organization: fédération française de savate
Victim Site: ffsavate.com
Alleged sale of multiple databases containing personal data and credentials
Category: Data Breach
Content: Threat actor jannatmirza11 is offering various databases containing personal information including drivers licenses, SSNs, passports, consumer information, phone lists, email lists, and credentials. The actor provides Telegram contact for potential buyers.
Date: 2026-03-30T19:18:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70483/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyberattack hit security cameras in Israel
Category: Cyber Attack
Content: A cyberattack hit on more than 50 security cameras in Israel , likely to monitor missile strike damage and track military movement. It’s unclear how long access lasted. Similar hacking attempts have also targeted Gulf countries like Saudi Arabia, UAE, and Bahrain.
Date: 2026-03-30T19:15:55Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20854
Screenshots:
None
Threat Actors:
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of adctechno.com by Team Hazardous Pakistan
Category: Defacement
Content: Team Hazardous Pakistan, led by attacker overthrash1337, defaced the ADC Techno website on March 31, 2026. The defacement targeted a specific page on the technology companys domain.
Date: 2026-03-30T19:13:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822887
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: ADC Techno
Victim Site: adctechno.com
Website defacement of aryamahaeseva.in by Team Hazardous Pakistan
Category: Defacement
Content: Team Hazardous Pakistan, through member overthrash1337, defaced the Indian website aryamahaeseva.in on March 31, 2026. The attack targeted a specific page containing Pakistani-themed content.
Date: 2026-03-30T19:12:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822889
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aryamahaeseva.in
Alleged data breach of Ministry of Health of Neuquén
Category: Data Breach
Content: The group claims to have breached data from Ministry of Health of Neuquén. The compromised data over 1 million patient records. data reportedly includes personal information such as national ID numbers, full names, gender, nationality, contact information, residence details, and family information.
Date: 2026-03-30T19:11:37Z
Network: telegram
Published URL: https://t.me/c/3803830732/165
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: ministry of health of neuquén
Victim Site: saludneuquen.gob.ar
Alleged data leak of the Supreme Court of Justice Province of Buenos Aires
Category: Data Leak
Content: The group claims to have breached data from the Supreme Court of Justice Province of Buenos Aires. The data reportedly includes full name, cuil, dni, date of birth, department, position, city, street, phone number, mobile phone number, email.
Date: 2026-03-30T19:07:59Z
Network: telegram
Published URL: https://t.me/c/3803830732/161
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: supreme court of justice province of buenos aires
Victim Site: scba.gov.ar
Alleged data breach of Dubai Airports
Category: Data Breach
Content: The threat actor claims to have breached systems associated with Dubai International Airport, alleging access to sensitive data including passport-related records and other confidential information from multiple nationalities. The group also claims to have maintained access over several months and threatens to release thousands of documents.
Date: 2026-03-30T19:00:00Z
Network: openweb
Published URL: http://nasir.cc/pages/dubai-airport.html
Screenshots:
None
Threat Actors: Nasir Security
Victim Country: UAE
Victim Industry: Airlines & Aviation
Victim Organization: dubai airports
Victim Site: dubaiairports.ae
Alleged data breach of Entre Rios Police
Category: Data Breach
Content: The group claims to have breached data from Entre Rios Police. The data reportedly includes registration details and photos of approximately 1,131 police officers.
Date: 2026-03-30T18:50:48Z
Network: telegram
Published URL: https://t.me/c/3803830732/175
Screenshots:
None
Threat Actors: Chronus leaks
Victim Country: Argentina
Victim Industry: Law Enforcement
Victim Organization: entre rios police
Victim Site: policiadeentrerios.gob.ar
Alleged data leak of Washington Office of Superintendent of Public Instruction
Category: Data Breach
Content: Group claims to have leak the database from Washington Office of Superintendent of Public Instruction. The compromised data include Country, ESD, School District, Name, Position/Title, Phone, Email, Address.
Date: 2026-03-30T18:50:21Z
Network: telegram
Published URL: https://t.me/ruskinetgroup/137
Screenshots:
None
Threat Actors: RuskiNet Group
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: washington office of superintendent of public instruction
Victim Site: ospi.k12.wa.us
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 7,200 mixed email credentials through a file sharing platform. The credentials appear to be from various sources and are being distributed for free download.
Date: 2026-03-30T18:27:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70479/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyberattack hits COTA Co., Ltd.
Category: Cyber Attack
Content: COTA Co., Ltd. reported a cybersecurity incident on March 27, 2026, resulting in system disruptions due to a cyberattack. The company stated that it is currently assessing the impact, working with external cybersecurity experts to restore affected systems, and has notified relevant authorities. The full scope of the incident remains under investigation.
Date: 2026-03-30T18:18:29Z
Network: openweb
Published URL: https://ssl4.eir-parts.net/doc/4923/tdnet/2782863/00.pdf
Screenshots:
None
Threat Actors:
Victim Country: Japan
Victim Industry: Cosmetics
Victim Organization: cota co., ltd.
Victim Site: cota.co.jp
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 800,000 allegedly valid Hotmail email and password combinations via a file sharing service.
Date: 2026-03-30T18:16:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70478/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of 9.2 million credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 9.2 million credentials through Telegram channels, offering free access to the credential list and associated programs.
Date: 2026-03-30T18:04:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70477/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email service credentials
Category: Combo List
Content: Actor alphaxdd shared a combolist containing 3,721 mixed email credentials including Hotmail accounts, distributed as a free download on underground forum.
Date: 2026-03-30T17:51:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70476/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Magewell
Category: Data Breach
Content: The group claims to have leaked a complete broadcast disruption by shutting down all video streams and taking platforms offline, as well as extracting administrators’ IP logs and obtaining sample videos from the servers.
Date: 2026-03-30T17:47:55Z
Network: telegram
Published URL: https://t.me/CIR48/1823
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: China
Victim Industry: Software Development
Victim Organization: magewell control hub
Victim Site: magewell.com
Alleged NetScan.info Automation Tool for Vulnerability Scanning and Data Harvesting
Category: Malware
Content: The threat actor claims to be offering an automated platform called “NetScan.info” designed to scan websites for vulnerabilities and collect sensitive data. The actor states that the tool can aggregate API keys (including SMTP, AWS, Stripe, PayPal), analyze subdomains and services, and extract database credentials. They further claim the service enables centralized monitoring, automated scanning, and potential monetization of discovered data through various techniques.
Date: 2026-03-30T17:43:23Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279505/
Screenshots:
None
Threat Actors: SlonCode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Compromised Bollards Database
Category: Data Leak
Content: The threat actor clams to be selling of a database referred to as “Bollards,” claiming it contains predominantly U.S.-based corporate data.
Date: 2026-03-30T17:38:16Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279501/
Screenshots:
None
Threat Actors: Gifts9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist targeting multiple platforms
Category: Combo List
Content: Threat actor distributes a 13 million record credential combolist via Telegram channels, targeting multiple platforms including eBay, PayPal, streaming services, PSN, VPN services, and Office 365 accounts.
Date: 2026-03-30T17:30:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70473/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (eBay, PayPal, PlayStation Network, Office 365)
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,500 allegedly valid Hotmail email credentials dated March 30th. The credentials are made available for free download to registered forum users.
Date: 2026-03-30T17:29:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70474/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Microsoft domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 635,703 Microsoft domain credentials via a file sharing platform. The credentials are described as high quality and specifically target Microsoft domains.
Date: 2026-03-30T17:28:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70475/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown
Alleged leak of Hotmail credentials targeting cryptocurrency users
Category: Combo List
Content: A threat actor shared a combolist containing over 1.16 million Hotmail credentials specifically targeting cryptocurrency users. The credentials are distributed via a file hosting service as a free download.
Date: 2026-03-30T17:17:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70472/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of NatWest bank account credentials with debit card
Category: Data Breach
Content: Threat actor claims to be selling NatWest bank account credentials including debit card, ATM PIN, and personal information for an account allegedly containing £400k+. The asking price is £25k+ in cryptocurrency.
Date: 2026-03-30T17:16:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70471/
Screenshots:
None
Threat Actors: Johnnyblaze619
Victim Country: United Kingdom
Victim Industry: Financial Services
Victim Organization: NatWest
Victim Site: Unknown
Alleged Sale of an Unspecified Database
Category: Initial Access
Content: The threat actor clams to be selling an Unspecified Database.
Date: 2026-03-30T16:47:56Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279494/
Screenshots:
None
Threat Actors: Gifts9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential samples
Category: Combo List
Content: Threat actor HollowKnight07 shared a sample of 900 Hotmail credentials as a free download on CrackingX forum.
Date: 2026-03-30T16:46:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70469/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 700,000 mixed credentials through Telegram channels. The actor operates free combo and program distribution groups on Telegram.
Date: 2026-03-30T16:35:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70467/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of crypto currency data
Category: Data Leak
Content: The threat actor claims to have leaked the 21.2 million-line data from Crypto Currency Database Leak Bundle Pack. the dataset including references to platforms such as Poloniex, Bitfinex, Coinbase, Paxful, CoinMarketCap, Bitcointalk, Zendger, SwanBitcoin, and others.
Date: 2026-03-30T16:23:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-21-2M-Crypto-Currency-Database-Leak-Bundle-Pack
Screenshots:
None
Threat Actors: GlitchX
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir allegedly shared a combolist containing valid Hotmail credentials along with other mixed credential data through a Telegram channel. The post indicates high-quality valid credentials are being distributed.
Date: 2026-03-30T15:55:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70462/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Mercor
Category: Data Leak
Content: The group actor claims to be selling Mercor Database. The compromised data reportedly contains 4TB of databases, source code, and more. We have a lot of customer and employee data from this giant.
Date: 2026-03-30T15:53:49Z
Network: telegram
Published URL: https://t.me/lapsus_groupo/19
Screenshots:
None
Threat Actors: LAPSUS
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: mercor
Victim Site: mercor.com
Alleged data breach of Army Public School Defence Complex
Category: Data Breach
Content: The threat claims to have breached the database from Army Public School Defence Complex. the compromised dataset includes registration numbers, student names, fathers’ names, mobile numbers, and category information.
Date: 2026-03-30T15:49:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-DATA-BREACH-OF-ARMY-PUBLIC-SCHOOL-DEFENCE-COMPLEX-ISLAMABAD
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: army public school defence complex
Victim Site: apsdci.edu.pk
Alleged distribution of credential combolists targeting multiple platforms
Category: Combo List
Content: Threat actor distributes credential combolists targeting OnlyFans, Facebook, X.com, Tinder and other platforms through Telegram channels. The actor provides free access to combo groups while also offering private combinations through direct contact.
Date: 2026-03-30T15:44:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70461/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple
Victim Site: onlyfans.com
Alleged data breach of the Carlisle Indian Industrial School
Category: Data Breach
Content: The threat actor claims to have breached data from the Carlisle Indian Industrial School, allegedly containing detailed personal, family, health, administrative, and historical records of over 1,000 Native American students from the late 19th century.
Date: 2026-03-30T15:36:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Carlisle-Indian-Industrial-School-Carlisle-Barracks-Pennsylvania-student-database
Screenshots:
None
Threat Actors: XZeeoneOfc
Victim Country: Russia
Victim Industry: Education
Victim Organization: carlisle indian industrial school
Victim Site: carlisleindian.dickinson.edu
Alleged distribution of credential combolist on CrackingX forum
Category: Combo List
Content: A threat actor named FlashCloud2 posted a private combolist on the CrackingX forum in the Combolists & Dumps section. The actual content and details are hidden behind a login requirement.
Date: 2026-03-30T15:34:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70460/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Market Watch
Category: Data Breach
Content: The threat actor claims to be selling 870K records from Market Watch, allegedly containing name, address, city, state, phone number, gender, date of birth, email, investor type, and CID.
Date: 2026-03-30T15:23:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-www-marketwatch-com-Wall-Street-Investors
Screenshots:
None
Threat Actors: GlitchX
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: market watch
Victim Site: marketwatch.com
Alleged leak of gaming and streaming platform credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 5.26 million credentials allegedly targeting gaming and streaming platforms through a file hosting service.
Date: 2026-03-30T15:15:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70458/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of European educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 166,303 credential pairs allegedly sourced from European educational institutions. The data is being distributed for free via a file sharing platform.
Date: 2026-03-30T15:05:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70455/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor is allegedly sharing a combolist containing 3,000 Hotmail email and password combinations on a cybercriminal forum. The content is restricted to registered forum members only.
Date: 2026-03-30T15:05:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70456/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 1,166 Hotmail email credentials described as premium hits from a private cloud. The credentials are being distributed for free download.
Date: 2026-03-30T14:55:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70453/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of educational email credential combolists
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists containing educational email accounts and passwords through Telegram channels. The actor provides links to Telegram groups offering free combos and programs for credential exploitation.
Date: 2026-03-30T14:54:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70454/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of China People’s Liberation Army Rocket Force
Category: Data Breach
Content: The threat actor claims to have breached the data allegedly related to China’s People’s Liberation Army Rocket Force (PLARF), providing sample records and contact details for further access.
Date: 2026-03-30T14:46:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-China-PLARF-Data-Breach–71703
Screenshots:
None
Threat Actors: Jon1234
Victim Country: China
Victim Industry: Military Industry
Victim Organization: people’s liberation army rocket force (plarf)
Victim Site: Unknown
Alleged leak of European Online Shopping Dataset
Category: Data Leak
Content: the threat actor claims to have leaked the database of European Online Shopping Dataset. The dataset contains customer-related data collected from various European online shopping platforms
Date: 2026-03-30T14:27:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Online-shopping-data-of-European-countries
Screenshots:
None
Threat Actors: mengtaiqi
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: Cybercrime forum user claims to have leaked 42,000 Hotmail credentials described as valid and related to forums. The actual content requires forum registration to access.
Date: 2026-03-30T14:20:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70451/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of Poland credential combolists
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists targeting Poland through Telegram channels. The actor provides links to Telegram groups offering free combos and programs for credential stuffing attacks.
Date: 2026-03-30T14:20:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70452/
Screenshots:
None
Threat Actors: CODER
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Unidentified SCADA System in Turkey
Category: Initial Access
Content: The Group Claims to have breached a SCADA-based heating system in Turkish city of Bursa, allegedly manipulating a boiler interface to cause faults and obscure system errors.
Date: 2026-03-30T13:59:42Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/102
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 3.4 million entries
Category: Combo List
Content: Threat actor CODER distributes a credential combolist containing 3.4 million entries through Telegram channels, offering both free combinations and programs for credential stuffing attacks.
Date: 2026-03-30T13:49:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70450/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User HollowKnight07 shared a sample combolist containing 485 Hotmail credentials on the CrackingX forum as a free download.
Date: 2026-03-30T13:36:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70448/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Allged sale of Noobsaibot HVNC
Category: Malware
Content: Threat actor claims to be selling Noobsaibot HVNC, a stealer malware with hidden remote desktop capabilities. It allegedly uses strong encryption and zero-disk execution to evade detection, while extracting sensitive data and enabling full system control. The tool is promoted as highly stealthy and scalable, priced at $5,000 via a guarantor.
Date: 2026-03-30T13:26:49Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279488/
Screenshots:
None
Threat Actors: c2flow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-03-30T13:15:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70447/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Interia.pl credentials
Category: Combo List
Content: A threat actor shared a combolist containing 7,260 credential entries targeting the interia.pl domain via a file sharing service.
Date: 2026-03-30T13:04:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70445/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Poland
Victim Industry: Technology
Victim Organization: Interia
Victim Site: interia.pl
Alleged sale of Facebook user credentials and session data
Category: Data Breach
Content: Threat actor claims to be selling Facebook user data including session cookies, user IDs, names, IP addresses, and browser information for Asian users. The post contains sample data showing detailed session information and user profiles from November 2021.
Date: 2026-03-30T13:03:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70446/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook
Victim Site: facebook.com
Alleged sale of Japanese email credentials
Category: Data Breach
Content: Threat actor is allegedly selling Japanese email and password credentials for $100 per 1 million records via Telegram.
Date: 2026-03-30T12:54:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70444/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credentials targeting shopping and education sectors
Category: Combo List
Content: A threat actor shared a combolist containing 175,489 credential pairs allegedly targeting shopping and educational institutions. The data is being distributed for free via a file sharing service.
Date: 2026-03-30T12:44:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70442/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of USA credentials combolist
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a USA-based credentials combolist containing 1 million email:password combinations for $100 via Telegram.
Date: 2026-03-30T12:44:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70439/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed credential database
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a mixed credential database containing 1 million records for $100. The data is described as MIX NumPass bases and contact is provided via Telegram.
Date: 2026-03-30T12:44:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70441/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Japanese email and phone credential lists
Category: Data Breach
Content: Threat actor is allegedly selling Japanese credential lists containing 33.8 million email:password combinations and 24.2 million phone:password combinations. Contact information and samples are provided via Telegram.
Date: 2026-03-30T12:25:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70437/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Vibe Formaturas by tirz4sec (jatengblackhat team)
Category: Defacement
Content: The website of Vibe Formaturas, a Brazilian graduation ceremony services company, was defaced by attacker tirz4sec from the jatengblackhat team on March 30, 2026. The defacement targeted a specific page rather than the homepage.
Date: 2026-03-30T12:25:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248179
Screenshots:
None
Threat Actors: tirz4sec, jatengblackhat
Victim Country: Brazil
Victim Industry: Education Services
Victim Organization: Vibe Formaturas
Victim Site: vibeformaturas.com.br
Alleged sale of USA credential lists on CrackingX forum
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling USA-based credential lists containing 1 million records for $200 on CrackingX forum. The actor is promoting the sale through Telegram channels with samples provided.
Date: 2026-03-30T12:25:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70438/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by jatengblackhat targeting Indonesian government sites
Category: Defacement
Content: The threat actor tirz4sec, associated with the jatengblackhat group, conducted a mass defacement campaign targeting Indonesian government websites. The attack compromised the official website of Pinabeteng Utara District Government in North Minahasa on March 30, 2026.
Date: 2026-03-30T12:19:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248178
Screenshots:
None
Threat Actors: tirz4sec, jatengblackhat
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pinabeteng Utara District Government, North Minahasa
Victim Site: pinabetenganutara.minahasa.go.id
Alleged sale of Japanese credential data
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Japanese credential data containing 1.4 million records for $400. The data appears to be username:password combinations based on the numpass format mentioned.
Date: 2026-03-30T12:15:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70435/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Canadian credential combolist
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a Canadian credential combolist containing 1 million email and password combinations for $100 on the CrackingX forum.
Date: 2026-03-30T12:15:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70436/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist via ULP 2 package
Category: Combo List
Content: Threat actor zod distributed a credential package labeled VIP ULP 2 on a cybercriminal forum specializing in combolists and dumps. Access details were provided via Telegram channel.
Date: 2026-03-30T12:06:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70433/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Singapore credential data
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Singapore-based credential data containing 100,000 records for $100 on the CrackingX forum. The actor provides samples via Telegram channel.
Date: 2026-03-30T12:05:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70434/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing 3,800 Hotmail account credentials through a free MediaFire download link on a cybercrime forum.
Date: 2026-03-30T11:56:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70430/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of gaming, adult entertainment, and GitLab credential lists
Category: Combo List
Content: Threat actor distributes credential lists allegedly containing 7.2 million records from gaming platforms, adult entertainment sites, and GitLab. The data is being shared for free through Telegram channels.
Date: 2026-03-30T11:56:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70431/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hong Kong credential lists
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Hong Kong-based email and password credential lists containing 100,000 records for $100 via Telegram.
Date: 2026-03-30T11:55:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70432/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Hong Kong
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo.com credential combolist
Category: Combo List
Content: A threat actor shared a Yahoo.com credential combolist on a cybercrime forum. The combolist is password-protected and distributed through a Telegram channel.
Date: 2026-03-30T11:46:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70427/
Screenshots:
None
Threat Actors: zod
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of mixed domain email credentials from EU and Asia regions
Category: Combo List
Content: A threat actor is freely distributing a combolist containing 15,630 email credentials from mixed domains, targeting users in European and Asian regions.
Date: 2026-03-30T11:46:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70428/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 27,000 mixed email account credentials through a MediaFire download link on a cybercrime forum.
Date: 2026-03-30T11:46:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70429/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to MADRASAH ALIYAH NEGERI 2 KOTA CIREBON
Category: Initial Access
Content: The group claims to have gained access to MADRASAH ALIYAH NEGERI 2 KOTA CIREBON.
Date: 2026-03-30T11:45:06Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/178
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: madrasah aliyah negeri 2 kota cirebon
Victim Site: dumas.man2kotacirebon.sch.id
Alleged Data Breach of Lakemonster
Category: Data Breach
Content: The threat actor claims to have breached the database of Lakemonster, the dataset contains user and platform-related information collected over multiple years (2019–present).
Date: 2026-03-30T11:40:56Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-lakemonster-com-database-leaked-download
Screenshots:
None
Threat Actors: Xtc
Victim Country: USA
Victim Industry: Environmental Services
Victim Organization: lakemonster
Victim Site: lakemonster.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 140,100 mixed email credentials via a MediaFire download link on a cybercrime forum.
Date: 2026-03-30T11:37:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70425/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials from multiple regions
Category: Combo List
Content: Threat actor distributed a collection of 24,000 email credentials allegedly compromising accounts from USA, EU, Asia, Russia and corporate domains. The credentials were shared as a mixed combolist targeting multiple geographic regions.
Date: 2026-03-30T11:37:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70426/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Philippine Professional Regulation Commission data
Category: Data Breach
Content: The threat actor claims to be selling the database of Philippine Professional Regulation Commission. The database contains personally identifiable information (PII) associated with individuals linked to the agency.
Date: 2026-03-30T11:32:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Philippine-Government-Agency-PRC-Personal-Data
Screenshots:
None
Threat Actors: KurdFemboys
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: professional regulation commission (prc)
Victim Site: prc.gov.ph
Alleged Data Breach of Fananitende
Category: Data Breach
Content: The threat actor claims to have breached the database of Fananitende, the dataset contains user-related metadata extracted from the platform.
Date: 2026-03-30T11:20:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%E2%AD%90%EF%B8%8F-fananitende-it-Database-Italy-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: AshleyWood2022
Victim Country: Italy
Victim Industry: Online Publishing
Victim Organization: fananitende
Victim Site: fananitende.it
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor made available a combolist containing 5,320 mixed email credentials for free download on a cybercrime forum.
Date: 2026-03-30T11:10:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70423/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 180K accounts
Category: Combo List
Content: A threat actor shared a combolist containing 180,000 URL:username:password combinations in URL:LOG:PASS format on a cybercrime forum. The credentials appear to be described as super fresh suggesting recent compromise.
Date: 2026-03-30T11:10:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70424/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email service provider credentials
Category: Combo List
Content: Threat actor distributes free combolists containing 8.3 million email and password combinations from various email service providers including GMX, Web.de, Hotmail, and AOL through Telegram channels.
Date: 2026-03-30T11:01:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70421/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials on underground forum
Category: Combo List
Content: Threat actor D4rkNetHub allegedly made available over 100,000 Gmail credentials on the CrackingX underground forum. The post content is hidden behind registration requirements.
Date: 2026-03-30T11:00:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70422/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged Data Breach of FilmyZadara
Category: Data Breach
Content: The threat actor claims to have breached the database of FilmyZadara, the dataset contains users account data.
Date: 2026-03-30T10:54:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%E2%AD%90filmyzadara-cz-Database-Czech-Republic-%E2%AD%90%EF%B8%8F8K-CSV
Screenshots:
None
Threat Actors: AshleyWood2022
Victim Country: Czech Republic
Victim Industry: Social Media & Online Social Networking
Victim Organization: filmyzadara
Victim Site: filmyzadara.cz
Alleged distribution of cryptocurrency and banking credential combolist
Category: Combo List
Content: A threat actor distributed a combolist containing 1,718,975 credentials targeting cryptocurrency and banking platforms. The credentials are hosted on a file-sharing service and appear to be freely available for download.
Date: 2026-03-30T10:41:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70420/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Janobiyat
Category: Data Breach
Content: The threat actor claims to have breached the database of Janobiyat, the dataset contains user authentication data and account-level metadata.
Date: 2026-03-30T10:34:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%E2%AD%90-janobiyat-com-Database-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: AshleyWood2022
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: janobiyat
Victim Site: janobiyat.com
Alleged leak of German domain credential combolist
Category: Combo List
Content: A credential combolist containing 458,383 lines allegedly targeting German domains has been made available for free download. The data is described as a Good Leaks De Germany Domain Combolist and distributed via file sharing platform.
Date: 2026-03-30T10:33:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70419/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Ahmadu Bello University
Category: Data Breach
Content: The threat actor claims to have breached the data breach of Ahmadu Bello University (ABU), the dataset contains staff-related records and organizational structure data.
Date: 2026-03-30T10:23:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%E2%AD%90%EF%B8%8FNigeria-Database-abu-edu-ng-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: AshleyWood2022
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: ahmadu bello university
Victim Site: abu.edu.ng
Alleged unauthorized access to industrial system in Italy
Category: Initial Access
Content: The group claims to have gained unauthorized access to industrial system in Italy.
Date: 2026-03-30T10:23:37Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/913
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.5 million credentials
Category: Combo List
Content: A threat actor shared a link to download 1.5 million URL:username:password credentials via a file hosting service. The credentials appear to be distributed as a combolist without any specific victim organization identified.
Date: 2026-03-30T10:22:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70418/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Regio Ruta Monterrey
Category: Data Leak
Content: The threat actor claims to have leaked a dataset associated with Regio Ruta Monterrey. The dataset contains highly sensitive PII, including national identifiers and full contact details.
Date: 2026-03-30T10:17:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Data-leak-Regio-Ruta-Mty-NL-Mx
Screenshots:
None
Threat Actors: Salmoncoltmx
Victim Country: Mexico
Victim Industry: Transportation & Logistics
Victim Organization: regio ruta monterrey
Victim Site: Unknown
Alleged sale of phone number and password credentials with country code +9
Category: Data Breach
Content: Threat actor Kotowka is selling a credential list containing phone numbers and passwords with +9 country code for $100 per 1 million records. The data appears to be formatted as phone number and password combinations.
Date: 2026-03-30T10:13:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70416/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-03-30T10:13:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70415/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of Chinese email credential lists
Category: Data Breach
Content: Threat actor allegedly selling Chinese email credential lists containing 1 million records for $150. Sample data provided via Telegram channel.
Date: 2026-03-30T10:13:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70417/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hotmail credential list
Category: Data Breach
Content: Threat actor is selling a credential list containing 1 million Hotmail email and password combinations for $300. The seller is providing samples via Telegram and conducting transactions through the messaging platform.
Date: 2026-03-30T10:03:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70413/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of Japanese credential lists
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Japanese credential lists containing login/password/email combinations for $150, with 100,000 records available through Telegram contact.
Date: 2026-03-30T10:03:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70414/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 38,000 allegedly valid German email credentials through a file sharing service. The credentials are claimed to be current as of March 30th.
Date: 2026-03-30T09:52:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70412/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Avis concernant une panne du système due à une cyberattaque (1er communiqué)
Category: Cyber Attack
Content: Cota Co., Ltd. a fait état dune panne de son SI survenue le 27 mars 2026 à la suite dune cyberattaque. Une enquête a été engagée avec des experts externes afin de déterminer létendue des répercussions, notamment en ce qui concerne le vol de données personnelles et de données clients. Lentreprise assure prendre les mesures nécessaires pour rétablir le système dans les plus brefs délais. Des consultations avec les autorités compétentes ont par ailleurs été engagées.
Date: 2026-03-30T09:43:48Z
Network: openweb
Published URL: https://ssl4.eir-parts.net/doc/4923/tdnet/2782863/00.pdf
Screenshots:
None
Threat Actors:
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Cota Co., Ltd.
Victim Site: cota.co.jp
Alleged distribution of credential combolist containing corporate email addresses
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 7 million corporate email credentials through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs.
Date: 2026-03-30T09:32:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70410/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of mujerysociedad.org.pe by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subpage of the Peruvian womens rights and social organization website mujerysociedad.org.pe on March 30, 2026. This was a targeted single-page defacement rather than a mass or homepage attack.
Date: 2026-03-30T09:11:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822871
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Peru
Victim Industry: Non-profit/Social Organization
Victim Organization: Mujer y Sociedad
Victim Site: mujerysociedad.org.pe
Website defacement of efans.game gaming platform by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced a page on the eFans gaming platform website on March 30, 2026. The defacement targeted a specific page (b.html) rather than the main homepage and was not part of a mass defacement campaign.
Date: 2026-03-30T09:10:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822872
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Gaming/Entertainment
Victim Organization: eFans Gaming
Victim Site: www.efans.game
Mass defacement targeting cloud applications by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting cloud-based Laravel applications. The attack affected multiple sites as part of a coordinated campaign against cloud infrastructure platforms.
Date: 2026-03-30T08:58:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248177
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Laravel Cloud Apps
Victim Site: laravelcloudapps.com
Website defacement of thehookug.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against thehookug.com on March 30, 2026. The attack targeted a specific page on the Ugandan website, with the defacement archived on zone-xsec.com.
Date: 2026-03-30T08:52:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822870
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Uganda
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thehookug.com
Mass website defacement by maw3six targeting handphonebkscrb.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting handphonebkscrb.com on March 30, 2026. The attack was part of a larger mass defacement campaign affecting multiple websites simultaneously.
Date: 2026-03-30T08:51:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248174
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology/Electronics
Victim Organization: Unknown
Victim Site: handphonebkscrb.com
Mass website defacement by maw3six targeting beginnertailwind.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting beginnertailwind.com, a web development tutorial site focused on Tailwind CSS. The incident occurred on March 30, 2026 and was part of a broader mass defacement operation rather than targeting the specific organization.
Date: 2026-03-30T08:51:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248175
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology/Web Development
Victim Organization: Beginner Tailwind
Victim Site: beginnertailwind.com
Mass website defacement campaign by maw3six targeting bliss-fc.com
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting multiple websites including bliss-fc.com, a football club website. The attack occurred on March 30, 2026 and was hosted on cloud infrastructure.
Date: 2026-03-30T08:51:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248176
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Sports/Football
Victim Organization: Bliss Football Club
Victim Site: bliss-fc.com
Website defacement of polnischedaten.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the polnischedaten.de website on March 30, 2026. The attack targeted a specific page rather than the main site and was not part of a mass defacement campaign.
Date: 2026-03-30T08:45:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822869
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: polnischedaten.de
Alleged leak of mixed credential combolist
Category: Combo List
Content: User snowstormxd shared links to download a mixed credential combolist on CX forum, making the data freely available through Pasteview and Telegram channels.
Date: 2026-03-30T08:34:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70408/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Les Burgers de Papa
Category: Data Breach
Content: The threat actor claims to have breached the database of Les Burgers de Papa, the dataset contains customer PII along with behavioral and transactional data.
Date: 2026-03-30T08:33:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-FR-Lesburgersdepapa-fr
Screenshots:
None
Threat Actors: Postal4938
Victim Country: France
Victim Industry: Food & Beverages
Victim Organization: les burgers de papa
Victim Site: lesburgersdepapa.fr
NoName057(16) targets the website of TCL Europe
Category: Defacement
Content: The group claims to have defaced the website of TCL Europe
Date: 2026-03-30T08:30:42Z
Network: telegram
Published URL: https://t.me/c/3584967422/268
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Netherlands
Victim Industry: Transportation & Logistics
Victim Organization: tcl europe
Victim Site: tcleurope.eu
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A credential list containing 613,106 entries from various German domains has been leaked and made available for free download. The data appears to be a combolist affecting multiple German websites and services.
Date: 2026-03-30T08:24:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70405/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Orange France credentials
Category: Combo List
Content: A threat actor shared a credential list containing 13,675 lines targeting the orange.fr domain through a file sharing service.
Date: 2026-03-30T08:23:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70406/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Orange
Victim Site: orange.fr
Mass defacement targeting Mexican educational institution by maw3six
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the Rosa Urazapata Cano educational institutions website in Mexico on March 30, 2026. The defacement was part of a broader mass attack rather than a targeted single-site compromise.
Date: 2026-03-30T08:00:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248173
Screenshots:
None
Threat Actors: maw3six
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Rosa Urazapata Cano Educational Institution
Victim Site: scolare.rosaurazapatacano.edu.mx
Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: A threat actor allegedly shared a combolist containing 42,000 Hotmail credentials on a cybercriminal forum. The post indicates these are valid credentials obtained from forums.
Date: 2026-03-30T07:03:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70404/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of astrofotografie.nl by Aptisme
Category: Defacement
Content: The attacker Aptisme defaced the Dutch astrophotography website astrofotografie.nl on March 30, 2026. This appears to be a single-target defacement incident affecting a specialized photography community website.
Date: 2026-03-30T06:59:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822844
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Netherlands
Victim Industry: Photography/Astronomy
Victim Organization: Unknown
Victim Site: astrofotografie.nl
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor shared credential lists allegedly containing 111 million Hotmail accounts on underground forum.
Date: 2026-03-30T06:54:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70403/
Screenshots:
None
Threat Actors: qaqwer
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of somers.pro by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker from Alpha wolf team conducted a home page defacement of somers.pro on March 30, 2026. This was an isolated defacement targeting a single website rather than a mass defacement campaign.
Date: 2026-03-30T06:47:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822839
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: somers.pro
Website defacement of somers.pro by XYZ/Alpha wolf team
Category: Defacement
Content: The threat actor XYZ, operating as part of the Alpha wolf team, successfully defaced the somers.pro website on March 30, 2026. This was an isolated defacement incident targeting a single website rather than a mass or repeat attack.
Date: 2026-03-30T06:46:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248168
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: somers.pro
Mass defacement campaign by Alpha wolf team targeting cani-harmony.fr
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including cani-harmony.fr on March 30, 2026. The attack was attributed to attacker XYZ and affected multiple sites simultaneously.
Date: 2026-03-30T06:46:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248169
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: France
Victim Industry: Unknown
Victim Organization: Cani Harmony
Victim Site: cani-harmony.fr
Mass defacement campaign by Alpha wolf (XYZ) targeting multiple websites
Category: Defacement
Content: Alpha wolf threat actor (XYZ) conducted a mass defacement campaign targeting multiple websites including n8n.pierre-desforges.fr on March 30, 2026. The attack was part of a broader campaign affecting multiple sites rather than targeting a single organization.
Date: 2026-03-30T06:45:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248170
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: France
Victim Industry: Technology
Victim Organization: Pierre Desforges
Victim Site: n8n.pierre-desforges.fr
Mass website defacement campaign by Alpha wolf team member XYZ
Category: Defacement
Content: Alpha wolf team member XYZ conducted a mass defacement campaign targeting multiple websites including matomo.somers.pro on March 30, 2026. The attack targeted a Matomo analytics platform subdomain as part of a broader mass defacement operation.
Date: 2026-03-30T06:45:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248171
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: matomo.somers.pro
Mass defacement campaign by Alpha wolf team targeting pierre-desforges.fr
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple websites including pierre-desforges.fr on March 30, 2026. The attack was carried out by an individual identified as XYZ and represents part of a broader coordinated defacement operation.
Date: 2026-03-30T06:45:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248172
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pierre-desforges.fr
Alleged Sale of Mortgage Company Database in Australia
Category: Data Leak
Content: Threat Actor claims to be selling a database allegedly belonging to an Australian mortgage company, containing approximately 5,000 profiles. The dataset allegedly contains highly sensitive personal and financial information, including scans of driver’s licenses, passports, Medicare details, bank statements, credit reports, tax records, TFN and ATO information, payslips, ABN details, birth certificates, and additional business-related data linked to individuals associated with sole trader or company registrations.
Date: 2026-03-30T06:30:56Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279477/
Screenshots:
None
Threat Actors: einein786
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nicotine targets the website of Velvett Cakes Dubai
Category: Defacement
Content: The group claims to have defaced the website of Velvett Cakes Dubai.
Date: 2026-03-30T06:26:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822776
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Food & Beverages
Victim Organization: velvett cakes dubai
Victim Site: velvettcakes.ae
Alleged leak of Belgium credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 1 million Belgium-based email and password combinations through a file sharing service. The data is described as a random leak of high quality credentials.
Date: 2026-03-30T06:15:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70402/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OpsShadowStrike targets the website of Dental Hub Alleppey
Category: Defacement
Content: The Group claims to have defaced the website of Dental Hub.
Date: 2026-03-30T06:11:39Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/199
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: dental hub alleppey
Victim Site: dentalhuballeppey.com
Alleged data leak of IRC
Category: Data Breach
Content: Threat actor claims to be selling data from IRC.
Date: 2026-03-30T06:08:15Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-ircenter-gov-ua-database
Screenshots:
None
Threat Actors: StuffedAnimals
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: irc
Victim Site: ircenter.gov.ua
Alleged leak of Yahoo credentials
Category: Combo List
Content: A threat actor shared a combolist containing 388,760 Yahoo email credentials from mixed countries via a file sharing platform.
Date: 2026-03-30T06:05:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70401/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Website defacement of myhappyplace.ph by Zod
Category: Defacement
Content: The website myhappyplace.ph was defaced by an attacker identified as Zod on March 30, 2026. The defacement targeted a specific page (zod.html) on the Linux-hosted website.
Date: 2026-03-30T05:54:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248167
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: myhappyplace.ph
Alleged leak of VirusTotal API keys
Category: Data Leak
Content: The threat actor claims to have leaked VirusTotal API keys
Date: 2026-03-30T05:36:20Z
Network: openweb
Published URL: https://xss.ac/threads/146701/
Screenshots:
None
Threat Actors: MrDark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: virustotal
Victim Site: Unknown
Alleged Data Leak of 30K Email Records
Category: Data Leak
Content: A threat actor claims to be selling a database containing approximately 30,000 email records from multiple countries worldwide.
Date: 2026-03-30T05:20:43Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279474/
Screenshots:
None
Threat Actors: Judy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OpsShadowStrike targets the website of Cutis International Hair Transplant & Cosmetic Clinic
Category: Defacement
Content: The Group claims to have defaced the website of Cutis International Hair Transplant & Cosmetic Clinic.
Date: 2026-03-30T04:41:07Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/198
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: UAE
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: cutis international hair transplant & cosmetic clinic
Victim Site: cutisinternational.ae
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor has made available a high-quality private collection of phone number and password combinations on a cybercriminal forum.
Date: 2026-03-30T04:40:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70399/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credential lists
Category: Combo List
Content: Forum post allegedly sharing WordPress credential lists containing login credentials and associated URLs. No specific content details are available in the post.
Date: 2026-03-30T04:40:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70400/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 17.52 million records
Category: Combo List
Content: A threat actor distributed a credential combolist containing 17.52 million URL:LOG:PASS format records through their website and Telegram channel. The combolist appears to be offered as a free download to forum members.
Date: 2026-03-30T04:31:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70398/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a credential combolist containing URL, login, and password combinations in a high-quality private format. The post indicates the data is structured as URL:LOGIN:PASS format and labeled as high-quality private credentials.
Date: 2026-03-30T04:19:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70395/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA and Europe credential combolist
Category: Combo List
Content: A threat actor shared an exclusive combolist containing credentials from users in the USA and Europe. The post advertises it as a HITS MIX suggesting these are verified working credentials.
Date: 2026-03-30T04:19:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70396/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor gsmfix claims to be distributing high quality credential combolists containing valid email and password combinations from European and US sources. The post emphasizes the data is fully valid and high quality but does not specify pricing or record counts.
Date: 2026-03-30T04:19:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70397/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German domain credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 309,587 lines of compromised credentials allegedly targeting German domain users. The data is being distributed for free via a file sharing service.
Date: 2026-03-30T03:59:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70393/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Cox Communications credentials
Category: Combo List
Content: A threat actor shared a credential list containing 12,347 lines targeting cox.net domain users via a file sharing service.
Date: 2026-03-30T03:59:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70394/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Cox Communications
Victim Site: cox.net
Nicotine targets the website of Or Primor Law Firm
Category: Defacement
Content: The group claims to have defaced the website of Or Primor Law Firm.
Date: 2026-03-30T03:20:28Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41655469
Screenshots:
None
Threat Actors: Nicotine
Victim Country: Israel
Victim Industry: Legal Services
Victim Organization: or primor law firm
Victim Site: orprimorlaw.co.il
Nicotine targets the website of Safety-4U
Category: Defacement
Content: The group claims to have defaced the website of Safety-4U.
Date: 2026-03-30T03:03:21Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41655469
Screenshots:
None
Threat Actors: Nicotine
Victim Country: Israel
Victim Industry: Insurance
Victim Organization: safety-4u
Victim Site: safety-4u.co.il
S4uD1Pwnz targets the website of BAT4U
Category: Defacement
Content: The group claims to have defaced the website of BAT4U and its subdomain.
Date: 2026-03-30T03:01:37Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41654807
Screenshots:
None
Threat Actors: S4uD1Pwnz
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: bat4u
Victim Site: bat4u.co.il
Nicotine targets the website of Shimon VIP
Category: Defacement
Content: The group claims to have defaced the website of Shimon VIP.
Date: 2026-03-30T02:55:23Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41655476
Screenshots:
None
Threat Actors: Nicotine
Victim Country: Israel
Victim Industry: Hospital & Health Care
Victim Organization: shimon vip
Victim Site: shimonvip.co.il
Nicotine targets the website of Israeli Spine Surgery
Category: Defacement
Content: The group claims to have defaced the website of Israeli Spine Surgery.
Date: 2026-03-30T02:52:27Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41655478
Screenshots:
None
Threat Actors: Nicotine
Victim Country: Israel
Victim Industry: Medical Practice
Victim Organization: israeli spine surgery
Victim Site: spinesurgery.co.il
Website defacement of microlead.in by salmaemie/hmpforbidden88
Category: Defacement
Content: The website microlead.in was defaced by attacker salmaemie associated with team hmpforbidden88 on March 30, 2026. This was a targeted single-site defacement incident.
Date: 2026-03-30T02:18:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822835
Screenshots:
None
Threat Actors: salmaemie, hmpforbidden88
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: microlead.in
Website defacement of 1 Billion Trees environmental initiative by Nicotine (Umbra Community)
Category: Defacement
Content: The environmental organization 1 Billion Trees website was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The defacement targeted the organizations website promoting tree planting and environmental conservation efforts.
Date: 2026-03-30T01:44:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822779
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Environmental/Non-profit
Victim Organization: 1 Billion Trees
Victim Site: 1billiontrees.net
Website defacement of medicine-sorek.co.il by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community, through attacker Nicotine, defaced the Israeli medical organization website medicine-sorek.co.il on March 30, 2026. This represents a targeted attack against Israeli healthcare infrastructure.
Date: 2026-03-30T01:43:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822826
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Israel
Victim Industry: Healthcare
Victim Organization: Sorek Medical
Victim Site: medicine-sorek.co.il
Alleged leak of Yahoo.de email credentials
Category: Combo List
Content: A threat actor leaked a credential list containing 43,426 lines targeting Yahoo.de domain users. The data appears to be distributed for free via a file sharing platform.
Date: 2026-03-30T01:42:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70391/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.de
Website defacement of nedvy.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website nedvy.com was defaced by attacker Nicotine affiliated with Umbra Community team on March 30, 2026. The defacement targeted the index.txt file on the domain.
Date: 2026-03-30T01:42:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822827
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nedvy.com
Alleged leak of gaming and casino credentials targeting Germany
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credential pairs allegedly targeting gaming and casino platforms in Germany. The data was made available as a free download through a file-sharing service.
Date: 2026-03-30T01:42:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70392/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to multiple CCTV surveillance systems in USA
Category: Initial Access
Content: The group claims to have gained unauthorized access to a private smart home system in Italy, including control over IoT devices such as cameras, lighting, pool temperature, and irrigation systems.
Date: 2026-03-30T01:42:28Z
Network: telegram
Published URL: https://t.me/op_morningstar/624
Screenshots:
None
Threat Actors: MORNING STAR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Or Primor Law by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, operating through the attacker handle Nicotine, successfully defaced the website of Israeli law firm Or Primor Law on March 30, 2026. The attack targeted the firms index page, compromising their primary web presence.
Date: 2026-03-30T01:42:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822828
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Israel
Victim Industry: Legal Services
Victim Organization: Or Primor Law
Victim Site: orprimorlaw.co.il
Website defacement of campaigncure.com by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare organization Campaign Cures website was defaced by attacker Nicotine associated with the Umbra Community group on March 30, 2026. The defacement targeted the main index page of the campaigncure.com domain.
Date: 2026-03-30T01:36:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822738
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Campaign Cure
Victim Site: campaigncure.com
Website defacement of 15dasarah.online by Nicotine from Umbra Community
Category: Defacement
Content: The website 15dasarah.online was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group on March 30, 2026. This appears to be an isolated defacement incident rather than part of a mass campaign.
Date: 2026-03-30T01:35:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822739
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 15dasarah.online
Website defacement of Ahmed Portacabin by Nicotine/Umbra Community
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the Ahmed Portacabin company website on March 30, 2026. The attack targeted a construction/manufacturing companys web presence.
Date: 2026-03-30T01:34:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822753
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Construction/Manufacturing
Victim Organization: Ahmed Portacabin
Victim Site: ahmedportacabin.com
Website defacement of gr8trend.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website gr8trend.com was defaced by attacker Nicotine associated with the Umbra Community team on March 30, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-03-30T01:34:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822759
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gr8trend.com
Website defacement of Maxima Group by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the maximagroup-pm.com website on March 30, 2026. The defacement targeted a specific page rather than the main homepage.
Date: 2026-03-30T01:33:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822767
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Maxima Group
Victim Site: maximagroup-pm.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing what they claim to be valid Hotmail credential lists through a Telegram channel. The post advertises high-quality validated email and password combinations for Hotmail accounts.
Date: 2026-03-30T01:32:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70390/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of allpaymentprocess.com by Nicotine from Umbra Community
Category: Defacement
Content: On March 30, 2026, the website allpaymentprocess.com was defaced by an attacker using the handle Nicotine associated with the Umbra Community group. The defacement targeted what appears to be a payment processing service website.
Date: 2026-03-30T01:27:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822620
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: allpaymentprocess.com
Website defacement of Better Balance Health Now by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare website betterbalancehealthnow.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-30T01:26:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822628
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Better Balance Health Now
Victim Site: betterbalancehealthnow.com
Website defacement of focusbrainmax.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website focusbrainmax.com was defaced by threat actor Nicotine from the Umbra Community group on March 30, 2026. The defacement targeted what appears to be a brain health or cognitive enhancement service website.
Date: 2026-03-30T01:26:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822645
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Wellness
Victim Organization: Focus Brain Max
Victim Site: focusbrainmax.com
Website defacement of greenteanature.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website greenteanature.com was defaced by attacker Nicotine affiliated with the Umbra Community team on March 30, 2026. This appears to be an isolated defacement incident targeting a tea-related business website.
Date: 2026-03-30T01:25:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822646
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Green Tea Nature
Victim Site: greenteanature.com
Website defacement of healbodylab.com by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the healbodylab.com website on March 30, 2026. The defacement targeted what appears to be a healthcare-related organizations website.
Date: 2026-03-30T01:25:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822648
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Heal Body Lab
Victim Site: healbodylab.com
Website defacement of AA Group by Nicotine (Umbra Community)
Category: Defacement
Content: The website of AA Group was defaced by an attacker identified as Nicotine, affiliated with the Umbra Community team, on March 30, 2026.
Date: 2026-03-30T01:19:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822512
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: AA Group
Victim Site: aa-group.vn
Website defacement of ANZ Solar by Nicotine (Umbra Community)
Category: Defacement
Content: The website anzsolar.com was defaced by attacker Nicotine from the Umbra Community team on March 30, 2026. The defacement targeted what appears to be an Australian solar energy companys website.
Date: 2026-03-30T01:18:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822513
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Australia
Victim Industry: Energy/Solar
Victim Organization: ANZ Solar
Victim Site: anzsolar.com
Website defacement of bbcreative.vn by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the Vietnamese creative services website bbcreative.vn on March 30, 2026. The defacement targeted the index.txt file of the site.
Date: 2026-03-30T01:18:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822514
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Vietnam
Victim Industry: Creative Services
Victim Organization: BB Creative
Victim Site: bbcreative.vn
Website defacement of tttvplphutho.vn by Nicotine (Umbra Community)
Category: Defacement
Content: The website tttvplphutho.vn was defaced by attacker Nicotine affiliated with Umbra Community on March 30, 2026. This appears to be a targeted single-site defacement incident.
Date: 2026-03-30T01:17:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822517
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tttvplphutho.vn
Website defacement of 7cero.com.mx by Nicotine (Umbra Community)
Category: Defacement
Content: The website 7cero.com.mx was defaced by an attacker named Nicotine, associated with the Umbra Community group, on March 30, 2026. This appears to be a targeted single-site defacement rather than a mass or repeat attack.
Date: 2026-03-30T01:16:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822522
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 7cero.com.mx
Website defacement of Girls Cadet College by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine defaced the Girls Cadet College website on March 30, 2026. This was a single-target defacement of an educational institutions website.
Date: 2026-03-30T01:10:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822441
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Girls Cadet College
Victim Site: girlscadetcollege.com
Website defacement of Asset Life Guard by Nicotine from Umbra Community
Category: Defacement
Content: The website assetlifeguard.com was defaced by attacker Nicotine associated with the Umbra Community group on March 30, 2026. The defacement targeted what appears to be a financial services or asset management company.
Date: 2026-03-30T01:10:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822459
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Asset Life Guard
Victim Site: assetlifeguard.com
Website defacement of barani.pk by Nicotine (Umbra Community)
Category: Defacement
Content: The website barani.pk was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. This appears to be a targeted single-site defacement rather than a mass defacement campaign.
Date: 2026-03-30T01:04:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822409
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: barani.pk
Website defacement of shopsyde.co.uk by Nicotine (Umbra Community)
Category: Defacement
Content: The e-commerce website shopsyde.co.uk was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The defacement targeted the sites index page and was documented in threat intelligence repositories.
Date: 2026-03-30T01:03:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822425
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: E-commerce
Victim Organization: Shopsyde
Victim Site: shopsyde.co.uk
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 3,900 allegedly valid Hotmail email credentials through a free download link. The actor claims the credentials are private, high quality, and dated March 30, 2026.
Date: 2026-03-30T01:03:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70389/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of asenkop.pl by Nicotine (Umbra Community)
Category: Defacement
Content: The website asenkop.pl was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The defacement targeted the sites index page with no apparent political or ideological motivation indicated.
Date: 2026-03-30T01:02:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822427
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: asenkop.pl
Website defacement of AFSS by Nicotine (Umbra Community)
Category: Defacement
Content: The website afss.pk was defaced by attacker Nicotine associated with the Umbra Community group on March 30, 2026. This appears to be a single website defacement rather than part of a mass campaign.
Date: 2026-03-30T01:02:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822429
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: AFSS
Victim Site: afss.pk
Website defacement of CED Pakistan by Nicotine (Umbra Community)
Category: Defacement
Content: The Centre for Entrepreneurship Development Pakistan website was defaced by attacker Nicotine affiliated with Umbra Community on March 30, 2026. The defacement targeted the organizations main index page.
Date: 2026-03-30T01:01:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822433
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Centre for Entrepreneurship Development
Victim Site: ced.org.pk
Website defacement of ahcl.mw by Nicotine (Umbra Community)
Category: Defacement
Content: The website ahcl.mw was defaced by attacker Nicotine associated with the Umbra Community team on March 30, 2026. The defacement targeted the index.txt file of the Malawian domain.
Date: 2026-03-30T00:55:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822382
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Malawi
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ahcl.mw
Website defacement of vostok-stal.ru by salmaemie (hmpforbidden88 team)
Category: Defacement
Content: The attacker salmaemie, affiliated with team hmpforbidden88, defaced the Russian steel manufacturing company Vostok Stals website on March 30, 2026. The defacement targeted a specific page (salmon.php) rather than the main homepage.
Date: 2026-03-30T00:55:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822396
Screenshots:
None
Threat Actors: salmaemie, hmpforbidden88
Victim Country: Russia
Victim Industry: Manufacturing
Victim Organization: Vostok Stal
Victim Site: vostok-stal.ru
Website defacement of Infinity Tax by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Infinity Tax, a Canadian tax services company, was defaced by the attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The defacement targeted the main index page of the companys website.
Date: 2026-03-30T00:54:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822397
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Financial Services
Victim Organization: Infinity Tax
Victim Site: infinitytax.ca
Website defacement of Umanga Ayurveda by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community group, through attacker Nicotine, successfully defaced the Umanga Ayurveda website on March 30, 2026. The attack targeted what appears to be an Ayurvedic healthcare organizations website.
Date: 2026-03-30T00:42:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822369
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Umanga Ayurveda
Victim Site: umangayurveda.com
Website defacement of Vion Private Limited by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Vion Private Limited was defaced by attacker Nicotine affiliated with the Umbra Community team on March 30, 2026. The defacement targeted the index.txt file of the companys domain.
Date: 2026-03-30T00:42:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822370
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Vion Private Limited
Victim Site: vionpvtltd.com
Website defacement of Grupo Gidel by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Grupo Gidel corporate website on March 30, 2026. The defacement targeted the main index page of the companys web presence.
Date: 2026-03-30T00:41:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822374
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Grupo Gidel
Victim Site: grupogidel.com
Website defacement of newwave.web.id by Nicotine (Umbra Community)
Category: Defacement
Content: Website newwave.web.id was defaced by attacker Nicotine associated with the Umbra Community group on March 30, 2026. This appears to be a single-site defacement incident targeting an Indonesian domain.
Date: 2026-03-30T00:41:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822381
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: newwave.web.id
Website defacement of Ruby Forgings by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group defaced the Ruby Forgings company website on March 30, 2026. The defacement targeted the index.txt file of the manufacturing companys website.
Date: 2026-03-30T00:35:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822338
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Ruby Forgings
Victim Site: rubyforgings.com
Website defacement of keytrixtoken.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community, through attacker Nicotine, successfully defaced the Keytrix Token cryptocurrency website on March 30, 2026. This appears to be a targeted single-site defacement against a blockchain/cryptocurrency organization.
Date: 2026-03-30T00:34:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822355
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Cryptocurrency/Blockchain
Victim Organization: Keytrix Token
Victim Site: keytrixtoken.com
Website defacement of RVS Marketing by Nicotine (Umbra Community)
Category: Defacement
Content: The marketing company RVS Marketings website was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. The defacement targeted the index page of the companys website.
Date: 2026-03-30T00:33:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822361
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Marketing/Advertising
Victim Organization: RVS Marketing
Victim Site: rvsmarketings.com
Website defacement of skaylift.in by Nicotine (Umbra Community)
Category: Defacement
Content: The website skaylift.in was defaced by an attacker using the handle Nicotine who is associated with the Umbra Community group. The defacement occurred on March 30, 2026, with the compromised content accessible via index.txt.
Date: 2026-03-30T00:33:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822365
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Skaylift
Victim Site: skaylift.in
Alleged leak of credential combolist containing 1.1 million records
Category: Combo List
Content: Threat actor leaked a fresh credential combolist containing 1.1 million records described as ULP UHQ quality data from March.
Date: 2026-03-30T00:29:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70387/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email credential combolists from multiple providers
Category: Combo List
Content: Threat actor Xviixi is allegedly selling fresh email:password credential lists from major providers including Hotmail, Yahoo, Gmail, AT&T, and others. The actor claims to offer corporate and educational combos from USA, EU, Canada, Australia, and Japan for bulk deals only.
Date: 2026-03-30T00:29:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70388/
Screenshots:
None
Threat Actors: Xviixi
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple email providers
Victim Site: Unknown
Website defacement of Shiv Life Insurance by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the Shiv Life Insurance company website on March 30, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-30T00:27:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822242
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Insurance
Victim Organization: Shiv Life Insurance
Victim Site: shivlifeinsurance.com
Website defacement of SV Prime Wealth by Nicotine (Umbra Community)
Category: Defacement
Content: The website of SV Prime Wealth was defaced by attacker Nicotine associated with the Umbra Community group on March 30, 2026. The defacement targeted the index.txt file of the financial services organizations website.
Date: 2026-03-30T00:26:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822248
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: SV Prime Wealth
Victim Site: svprimewealth.com
Website defacement of 2qinternational.com by Nicotine from Umbra Community
Category: Defacement
Content: Website defacement attack conducted by threat actor Nicotine associated with the Umbra Community targeting 2qinternational.com on March 30, 2026. The attack specifically targeted the index.txt file on the victims website.
Date: 2026-03-30T00:26:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822254
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: 2Q International
Victim Site: 2qinternational.com
Website defacement of Dhanwantari Central by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against Dhanwantari Centrals website on March 30, 2026. This represents a repeat compromise of the healthcare organizations web presence.
Date: 2026-03-30T00:25:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822259
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Dhanwantari Central
Victim Site: dhanwantaricentral.com
Website defacement of GK Institute by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine conducted a redefacement attack against GK Institutes website on March 30, 2026. This incident represents a repeat compromise of the educational institutions web infrastructure.
Date: 2026-03-30T00:24:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822263
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: GK Institute
Victim Site: gkinstitute.net
Website defacement of HiSafe Export House by Nicotine (Umbra Community)
Category: Defacement
Content: The website of HiSafe Export House was defaced by attacker Nicotine affiliated with the Umbra Community group on March 30, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-03-30T00:24:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822267
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Import/Export
Victim Organization: HiSafe Export House
Victim Site: hisafeexporthouse.com
Alleged leak of credential combolist containing 3.8 million records
Category: Combo List
Content: A threat actor is distributing a fresh credential combolist containing 3.8 million records as a free download on underground forums.
Date: 2026-03-30T00:14:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70385/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 1.9 million records
Category: Combo List
Content: Threat actor shared a fresh credential combolist containing 1.9 million records for free download on underground forum.
Date: 2026-03-30T00:13:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70386/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Comfort International by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the Comfort International website on March 30, 2026. This was a single-site defacement targeting the Brazilian organizations web presence.
Date: 2026-03-30T00:08:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822060
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Comfort International
Victim Site: comfortinternational.org.br
Website defacement of adkreativeforum.in by Nicotine (Umbra Community)
Category: Defacement
Content: On March 30, 2026, the website adkreativeforum.in was defaced by attacker Nicotine affiliated with the Umbra Community group. The defacement targeted what appears to be a marketing or advertising forum website.
Date: 2026-03-30T00:08:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822069
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Technology/Marketing
Victim Organization: AD Kreative Forum
Victim Site: adkreativeforum.in
Alleged leak of credential combolist containing 8.6 million records
Category: Combo List
Content: A threat actor named Blackcloud shared a fresh credential combolist containing 8.6 million records for free download on a cybercrime forum.
Date: 2026-03-30T00:03:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70383/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 6.3 million records
Category: Combo List
Content: Threat actor Blackcloud made available a fresh credential combolist containing 6.3 million records for free download on CrackingX forum. The post advertises the data as ULP UHQ FRESH suggesting high-quality, recently obtained credentials.
Date: 2026-03-30T00:02:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70384/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown