[March-31-2026] Daily Cybersecurity Threat Report

Executive Summary

This report provides a comprehensive analysis of a massive surge in cybersecurity incidents recorded primarily on March 31, 2026. The data encompasses 240 distinct events, revealing a highly active and multifaceted global threat landscape. The incidents range from the mass distribution of multi-million record credential combolists and severe data breaches involving terabytes of sensitive information, to politically motivated website defacements and the compromise of critical Operational Technology (OT) and SCADA systems.

The data indicates that cybercriminal enterprises are operating with distinct specializations. Threat actors such as “CODER” and “xorcat” have demonstrated the capability to exfiltrate, aggregate, and distribute hundreds of millions of user records across the clear web and Telegram. Simultaneously, state-nexus or hacktivist collectives like “scattered LAPSUS$ hunters part 9” and “Zarya” are actively targeting government databases, including the U.S. National Security Agency (NSA) and the Ukrainian Armed Forces. Furthermore, critical supply chain vulnerabilities were exposed through the compromise of the Axios npm package and the Cisco development environment.

This report breaks down the incidents by threat actor profiles, attack vectors, targeted sectors, and geopolitical regions, concluding with strategic recommendations to mitigate these evolving threats.

1. Threat Landscape & Attack Vector Overview

The 240 incidents analyzed in this report can be categorized into several distinct attack vectors, demonstrating a blend of opportunistic data aggregation and highly targeted intrusions.

1.1 Credential Combolists (Credential Stuffing Ecosystem)

The most frequent category of incident reported is the distribution of “Combo Lists” (username/email and password combinations). These lists are the primary fuel for credential stuffing and account takeover (ATO) attacks.

Volume: Hundreds of millions of credentials were leaked on March 31, 2026, targeting a vast array of services.
Primary Distribution Channels: Threat actors are primarily utilizing underground forums (e.g., CrackingX) and Telegram channels to distribute these lists, often for free, to build reputation or drive traffic to secondary illicit services.
Target Scope: Targets range from corporate networks (NVIDIA) to consumer platforms (Spotify, Amazon, PlayStation Network) , and specifically targeted email providers, with Microsoft’s Hotmail being overwhelmingly targeted.

1.2 Data Breaches & Exfiltration

Large-scale data breaches constitute a significant portion of the incidents, characterized by the theft of Personally Identifiable Information (PII), financial data, and proprietary source code.

Mega-Breaches: Several databases containing over 10 million user records were exposed, primarily by the threat actor “xorcat”.
Corporate Extortion: Actors are leveraging Tor-based leak sites to publish gigabytes of corporate data, likely following unsuccessful ransomware or extortion attempts.

1.3 Website Defacements

A persistent volume of website defacements was recorded, largely driven by hacktivist crews seeking ideological visibility or groups engaging in digital vandalism.

Methodology: Defacements typically involve compromising vulnerable Content Management Systems (CMS) or web servers (often Linux-based) to alter the homepage or upload a specific text/HTML file (e.g., pakistan.txt, honkz.html).
Geopolitical Alignment: Many defacements exhibit regional targeting, such as Pakistani groups targeting Indian infrastructure, or individual actors targeting specific countries like Brazil or Indonesia.

1.4 Initial Access & SCADA/OT Compromise

The sale and exploitation of “Initial Access” represents a critical threat, providing entry points for severe subsequent attacks, including ransomware deployment.

CMS Compromise: A robust market exists for unauthorized administrator access to WordPress and Magento e-commerce sites.
Critical Infrastructure: Highly alarming reports indicate the successful compromise of SCADA systems, including microclimate controls in Turkey and golf course infrastructure in South Korea, highlighting weak operational technology security.

2. Threat Actor Profiling

Analysis of the data reveals several highly prolific threat actors and syndicates, each with distinct operational signatures.

2.1 The Data Brokers and Aggregators

Threat Actor: CODER “CODER” is the most prolific distributor of credential combolists in the dataset. This actor specializes in aggregating massive datasets and distributing them freely via Telegram channels, likely to cultivate a large following for future monetization or malware distribution.

Notable Distributions:
- 7 million records targeting NVIDIA via Microsoft Office credentials.
- 16 million records from platforms like Kajabi, Hivebrite, and Discourse.
- 17 million records from forum platforms (CosmoTalks, phpBB, etc.).
- 13 million records targeting Bitcoin, Litecoin, and Reddit communities.
- 11.4 million records targeting Snapchat, Reddit, and LinkedIn.
- 11 million records targeting Spotify, Amazon, and PayPal.

Threat Actor: xorcat “xorcat” operates as a mega-breacher, focusing on exfiltrating complete databases from web forums, community portals, and corporate applications. Their breaches consistently expose highly sensitive PII, including bcrypt-hashed passwords, IP addresses, and phone numbers.

Notable Breaches:
- Gongdong Community (South Korea): 15 million users.
- LSGB (UK): 10.5 million users.
- Gfan Network (China): 10 million users.
- RIDRIK (South Korea): 10 million users.
- Animoto, Inc (USA): 5 million users.

Threat Actor: scattered LAPSUS$ hunters part 9 This group claims high-profile, state-level and enterprise data breaches, operating primarily through Telegram. Their targets suggest a focus on geopolitical espionage and high-value corporate extortion.

Notable Claims:
- 850 GB of data from the U.S. National Security Agency (NSA).
- 2 TB of data from Chinese Intelligence.
- U.S. Department of State Bureau of Counterterrorism.
- Taiwan government databases.

Threat Actor: ATTACKER (Tor-based Extortionist) An unidentified actor utilizing the moniker “ATTACKER” is systematically dumping gigabytes of corporate data on Tor hidden services (.onion sites). This pattern is heavily indicative of post-ransomware data publication.

Notable Data Dumps:
- Idemitsu Lubricants America (55 GB).
- Capsida Biotherapeutics (30 GB).
- Robert H. Lord Company (18 GB).
- PreCon Industries (3.5 GB) – explicitly noted as a previous ransomware victim.

2.2 The Defacement Syndicates

Defacement groups operate on volume and visibility. The data highlights several active cells:

Team Hazardous Pakistan (Primary Actor: overthrash1337): This group is engaged in a highly targeted campaign against Indian infrastructure and businesses. They systematically deface sites by uploading a pakistan.txt file. Targets included Earth Con Developers, Gold Spa, and Kalangan Trophies.
Royal Fool (Primary Actor: YamiFool): Focused on Indonesian targets, specifically educational institutions and local government websites. Targets included the Tabanan Regency Government and multiple Islamic secondary schools (MTSN 2 Mukomuko).
maw3six: A lone actor or group primarily targeting Brazilian entities. Their attacks range from corporate sites (ProAssessment, Carmax Santos) to mass defacement campaigns against development infrastructure (Hipo Agencia).
Leviathan Perfect Hunter (Primary Actor: aexdy): This team targets a diverse geographic range, including Slovakia (adminberry.sk) and Turkey (Bayfix, Uplast).

2.3 Initial Access Brokers

These actors sell the “keys to the kingdom” on underground forums like Exploit.in.

citizenfour: Specializes in selling unauthorized access to WordPress shops in the US, UK, and Italy, as well as compromised credit card details from payment gateways like Authorize.net.
ed1n1ca: Similar to citizenfour, focused on selling unauthorized WordPress shop access across the US, UK, and Italy.

3. Sector-Specific Impact Analysis

The cyber incidents recorded on March 31, 2026, impacted virtually every major industry sector.

3.1 Technology, Software, and IT Services

The technology sector suffered severe structural and data-level compromises.

Cisco Systems: Cisco suffered a massive data breach where threat actors stole source code. The breach was facilitated by credentials compromised in a prior supply chain attack involving “Trivy.” This allowed actors to access internal systems and impact developer environments.
Axios (NPM Package): A critical supply chain attack occurred when a maintainer’s account for the Axios npm package was compromised. Attackers published a malicious version containing hidden post-install scripts designed to execute payloads and evade detection, putting all downstream users at risk.
Lockheed Martin: The “APT IRAN” group claims to have leaked the source code of the defense and aerospace technology giant.
Targeted Platforms: Microsoft’s Hotmail was disproportionately targeted by credential aggregators, with dozens of unique combolists released by actors like BoogyBlue, ValidMail, and HQcomboSpace. Yahoo and Gmail were also heavily targeted.

3.2 Government and Public Administration

State entities remain prime targets for hacktivists and advanced persistent threats (APTs).

United States: “scattered LAPSUS$ hunters part 9” claimed breaches of the NSA (850 GB of classified info and communications) and the Department of State Bureau of Counterterrorism.
Ukraine: The group “Zarya” claims to have breached networks associated with the Ukrainian Armed Forces, alleging the exfiltration of sensitive military documents. The same group leaked emails from the National Commission on State Language Standards.
Albania: “Homeland Justice” claimed unauthorized access to the General Directorate of Prisons and announced targeting intentions against the General Prosecutor’s Office (Prokuroria e përgjithshme).
Global Targets: Breaches were claimed against Chinese Intelligence, Taiwan government databases, the Israel Police, and Italian Public Administration contacts.

3.3 Healthcare and Pharmaceuticals

The healthcare sector faced both data theft and severe operational disruption.

CareCloud: The US-based healthcare IT firm suffered a breach via its CareCloud Health division. Attackers disrupted networks for eight hours and potentially exposed patient health data within one of their electronic health record (EHR) environments.
Charité – Universitätsmedizin Berlin: The German hospital experienced a significant IT outage affecting multiple clinic locations (Virchow, Mitte, and Steglitz), which forced emergency services to temporarily reroute. While initially suspected to be a technical fault, it highlights the fragility of hospital IT networks.
Data Leaks: Tor-based data dumps impacted organizations like Capsida Biotherapeutics (30 GB) and Mennonite Home Communities of Ohio (1 GB).

3.4 Education

Educational institutions were hit by both mass defacements and credential harvesting.

Defacement Campaigns: Indonesian Islamic secondary schools were heavily targeted by “YamiFool,” who compromised graduation result pages and official domains.
Credential Harvesting: Millions of academic credentials were leaked. “HQcomboSpace” distributed hundreds of thousands of credentials targeting European educational institutions. “CODER” distributed a massive 5.6 million record list targeting global educational entities. A breach was also claimed against the San Felipe Del Rio CISD School.

3.5 Financial Services and Banking

The financial sector saw specialized attacks targeting payment infrastructure and user wealth.

Coinbase: A threat actor claimed to possess a database of 1 million Coinbase users, including names, account balances, and cryptocurrency holdings.
Heritage South Credit Union: A data leak exposed 9,000 records containing highly sensitive financial data, including Social Security Numbers, loan balances, credit scores, and underwriting info.
Banking Infrastructure: “N3XUS SH13LD” claimed a 21 GB breach of Al Baraka Bank Tunisia. Furthermore, actors sold cloned JCOP payment cards loaded with data allegedly skimmed from ATMs and POS terminals.

3.6 Industrial, Manufacturing, and SCADA (OT)

Alarming intrusions into Operational Technology highlight severe risks to physical infrastructure.

SCADA Compromises: “Armenian code” claimed unauthorized access to SCADA-based industrial refrigeration panels and microclimate control systems in Turkish greenhouses.
Facility Control: “Z-PENTEST ALLIANCE” breached a SCADA system controlling a South Korean golf course, granting them control over pumps, lighting, and facility zones due to weak security and default credentials.
Manufacturing Breaches: Data leaks impacted manufacturers such as Robert H. Lord Company (18 GB) and Teknotherm (1 GB).

4. Geopolitical and Regional Analysis

Cyber activity is deeply intertwined with geopolitical tensions and regional conflicts.

4.1 Middle East Conflict Subtext

The data reflects the ongoing shadow war in the Middle East.

Iran vs. Israel: Following an alleged Israeli strike on Iran’s steel industry, reports from Tasnim News Agency indicated that Iran updated its target list to include Israeli AI-related data centers and high-tech firms (Check Point, Nvidia, Intel, etc.). Concurrently, the Iranian-linked group “Pay2Key” paralyzed a Swiss tire center (Häpo-Reifencenter) with ransomware. “Handala Hack” hacked IranWire, compromising journalist safety, and announced targeting operations against the USA. The IRGC also threatened global tech companies, including UAE-based G42.
Anti-Israel Activity: Groups claimed access to Israeli CCTV cameras, police emails, and telecom providers (Telebiz).

4.2 The India-Pakistan Cyber Skirmish

A highly visible defacement war is being waged by Pakistani hacktivists against Indian targets.

Team Hazardous Pakistan: Attackers like overthrash1337 and CYKOMNEPAL systematically defaced Indian hospitality, real estate, and sports websites, leaving digital graffiti to claim ideological victories.

4.3 Eastern Europe

The cyber spillover from the Russia-Ukraine conflict remains active.

Zarya: This group targeted Ukrainian critical infrastructure and government, claiming breaches of the Armed Forces and Language Standards commissions.
NoName057(16): Claimed unauthorized access to industrial systems in Poland, a key ally of Ukraine.

5. Notable High-Severity Incident Deep Dives

5.1 The Axios NPM Supply Chain Attack

Incident Summary: Attackers compromised a maintainer’s account for the widely used Axios npm package.
Mechanism: The attackers published a malicious version containing hidden post-install scripts. These scripts were designed to download and execute payloads while evading basic detection.
Impact: This is a classic, highly destructive software supply chain attack. Any downstream system or CI/CD pipeline installing the affected version risks immediate unauthorized access and data compromise.

5.2 The Cisco Source Code Theft

Incident Summary: Cisco disclosed that attackers breached its development environment and exfiltrated proprietary source code.
Mechanism: The intrusion was facilitated by credentials that had been previously compromised in the “Trivy” supply chain attack.
Impact: Access to internal systems and developer environments allows threat actors to search for hardcoded secrets, understand underlying architectures, and potentially find zero-day vulnerabilities in Cisco’s global infrastructure.

5.3 The CareCloud Healthcare Breach

Incident Summary: CareCloud, a major healthcare IT provider, suffered a network disruption and data breach on March 16.
Mechanism: Unauthorized access led to an eight-hour network outage within the CareCloud Health division.
Impact: Attackers penetrated one of six electronic health record (EHR) environments. This exposes highly protected patient health information (PHI), subjecting the company to severe regulatory scrutiny (HIPAA) and putting patients at risk of medical identity theft.

6. Strategic Recommendations & Mitigations

Based on the threat intelligence gathered from the March 31, 2026 data, organizations must adopt a hardened, proactive security posture.

6.1 Mitigating Credential Stuffing & Combolist Abuse

The sheer volume of leaked credentials (e.g., CODER’s 100M+ leaked records) guarantees continuous credential stuffing attacks.

Enforce Multi-Factor Authentication (MFA): MFA must be mandatory across all internal and external-facing portals.
Continuous Credential Monitoring: Organizations must integrate threat intelligence feeds to monitor the dark web and clear web forums (like CrackingX) for corporate domain leaks.
Password Policies: Enforce the rejection of known compromised passwords during account creation or password resets (e.g., referencing NIST guidelines and HaveIBeenPwned databases).

6.2 Securing the Software Supply Chain

The Axios NPM and Cisco Trivy-linked attacks prove that trusting third-party dependencies is a massive vulnerability.

Dependency Auditing: Implement automated Software Composition Analysis (SCA) tools to scan all npm, PyPI, and RubyGems packages for anomalies or sudden maintainer changes.
Pinning Versions: Developers must pin dependency versions rather than allowing automatic updates, ensuring new updates are vetted before ingestion.
Credential Hygiene in Dev Environments: Strict secrets management must be enforced to prevent the exposure of API keys and internal credentials, as seen in the Cisco breach.

6.3 Protecting Critical Infrastructure and SCADA Systems

The breaches of microclimate controls and OT platforms highlight fatal flaws in industrial security.

Network Segmentation: SCADA and OT networks must be air-gapped or strictly segmented from corporate IT networks and the public internet.
Eradicate Default Credentials: The South Korean golf course breach succeeded due to default credentials. All IoT and industrial control systems must be provisioned with complex, unique passwords prior to deployment.

6.4 Defending Against Initial Access Brokers & Defacements

Brokers like citizenfour and ed1n1ca rely on unpatched vulnerabilities.

Patch Management: Vulnerable CMS platforms (WordPress, Magento) are the primary entry point for both defacements (e.g., by YamiFool and maw3six) and initial access brokers. Automated patching for core systems and plugins is critical.
Web Application Firewalls (WAF): Deploy WAFs to detect and block SQL injection and cross-site scripting (XSS) attempts used to facilitate defacements.

7. Conclusion

The data aggregated on March 31, 2026, paints a stark picture of a digitized world under constant, multi-vector assault. The sheer scale of the credential combolist distribution—totaling hundreds of millions of records distributed freely across Telegram and hacker forums—indicates that cybercriminals are prioritizing the commoditization of user data. This effectively lowers the barrier to entry for less sophisticated actors to execute account takeovers and financial fraud.

Simultaneously, the targeted strikes against software supply chains (Axios and Cisco) and Operational Technology (SCADA systems) represent a severe escalation in threat sophistication. Threat actors are no longer just stealing data; they are embedding themselves in the infrastructure that builds software and controls physical environments.

Furthermore, the data explicitly demonstrates that cyber warfare is an active extension of geopolitical conflict, evidenced by targeted campaigns between regional rivals (India/Pakistan, Iran/Israel, Russia/Ukraine).

To survive in this threat landscape, organizations cannot rely solely on perimeter defense. A shift toward Zero Trust architecture, rigorous software supply chain vetting, aggressive credential hygiene, and the absolute isolation of critical OT infrastructure is mandatory. The events of March 31 serve as a definitive baseline: the modern threat actor is well-resourced, highly organized, and continuously probing for the weakest link.

Detected Incidents Draft Data

Alleged distribution of Microsoft Office credential combolist targeting NVIDIA
Category: Combo List
Content: Threat actor distributes a 7 million record credential combolist related to Microsoft Office accounts, specifically targeting NVIDIA. The credentials are being shared for free through Telegram channels.
Date: 2026-03-31T23:58:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70631/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown
Alleged leak of educational institution credential list
Category: Combo List
Content: A threat actor shared a combolist containing 147,190 credential pairs allegedly targeting educational institutions. The data is being distributed for free via a file sharing platform.
Date: 2026-03-31T23:58:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70632/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of gaming platform credential lists
Category: Combo List
Content: Threat actor distributing credential lists (combolists) for various gaming platforms including Minecraft, Call of Duty, NBA 2K, and others through Telegram channels. The actor claims to have 13 million credentials available for free distribution.
Date: 2026-03-31T23:04:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70630/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Multiple gaming platforms
Victim Site: Unknown
Alleged data breach of Vantage Media AI Database
Category: Data Breach
Content: A threat actor claims to have breached Vantage Media AI and is selling a massive database containing approximately 628 million email records along with phone numbers, addresses, IP data, and detailed personal profiles.
Date: 2026-03-31T22:58:39Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279627/
Screenshots:
None
Threat Actors: Vespiary
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: vantage media ai
Victim Site: vantagemedia.ai
Alleged unauthorized access to General Directorate of Prisons
Category: Initial Access
Content: The group claims to have gained unauthorized access to General Directorate of Prisons.
Date: 2026-03-31T22:47:57Z
Network: telegram
Published URL: https://t.me/JusticeHomeland1/668
Screenshots:
None
Threat Actors: Homeland Justice
Victim Country: Albania
Victim Industry: Government Administration
Victim Organization: general directorate of prisons
Victim Site: dpbsh.gov.al
Alleged sale of phone and email lead data
Category: Data Leak
Content: The threat actor claims to have leaked the data of phone numbers, email addresses, banking-related details, and IBAN-linked data across multiple regions.
Date: 2026-03-31T22:40:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SELLING-Phone-Mail-leads-Select-number-prefix-mail-business-owner-BANK-IBAN
Screenshots:
None
Threat Actors: Patolus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,158 Hotmail email and password combinations on a cybercrime forum. The credentials are being distributed as a free download.
Date: 2026-03-31T22:29:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70629/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of credit card in Authorize.net
Category: Initial Access
Content: The threat actor claims to be selling 100 credit card details from Authorize.net.
Date: 2026-03-31T22:16:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279619/
Screenshots:
None
Threat Actors: citizenfour
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Heritage South Credit Union Loans
Category: Data Leak
Content: The threat actor claims to have leaked a 9,000 records of data from Heritage South Credit Union. The compromised data reportedly includes full names, Social Security Numbers, addresses, DOB, loan balances, credit scores, delinquency history, vehicle details, and underwriting info, posing risks of identity theft, financial fraud, and scams.
Date: 2026-03-31T22:07:36Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-HeritageSouth-Loans-USA-9k-Records-with-SSN
Screenshots:
None
Threat Actors: hexvior
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: heritage south credit union loans
Victim Site: myhscu.com
Website defacement of Tabanan Regency Government by YamiFool (Royal Fool)
Category: Defacement
Content: YamiFool from the Royal Fool team defaced the website of the Department of Cooperatives and Labor (Diskopnaker) of Tabanan Regency, Indonesia on April 1, 2026. The attack targeted a local government agencys web presence.
Date: 2026-03-31T21:48:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248195
Screenshots:
None
Threat Actors: YamiFool, Royal Fool
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Tabanan Regency Government – Department of Cooperatives and Labor
Victim Site: diskopnaker.tabanankab.go.id
Alleged leak of credential combolist containing 1.3TB of URL-login-password data
Category: Combo List
Content: A threat actor shared a 1.3TB collection of URL-login-password credentials described as private 2025 data. The credentials appear to be formatted as a combolist containing browsing history and associated login credentials.
Date: 2026-03-31T21:46:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70625/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of multi-platform credential combolist affecting Kajabi, Hivebrite, Discourse and other services
Category: Combo List
Content: Threat actor distributes a 16 million record credential combolist containing email:password combinations allegedly from multiple platforms including Kajabi, Hivebrite, Disciple, Discourse, Higher Logic, and Vanilla forums. The data is being shared for free through Telegram channels.
Date: 2026-03-31T21:46:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70627/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million Yahoo credentials through a file sharing service. The actor claims these are fresh leaks targeting shopping platforms.
Date: 2026-03-31T21:45:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70628/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged Sale of Unauthorized Access to UK-Based WordPress Shop
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to a UK-based WordPress shop.
Date: 2026-03-31T21:33:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279617/
Screenshots:
None
Threat Actors: citizenfour
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 160,000 mixed email-password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 160,000 email and password combinations described as fresh and high quality. The credentials appear to be from mixed sources and are being distributed for free download to registered forum users.
Date: 2026-03-31T21:32:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70624/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to US-Based WordPress Shop
Category: Initial Access
Content: The threat actor claims to be selling unauthorized WordPress access to a shop in the United States.
Date: 2026-03-31T21:19:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279616/
Screenshots:
None
Threat Actors: citizenfour
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of MTSN 2 Mukomuko by YamiFool (Royal Fool team)
Category: Defacement
Content: YamiFool from the Royal Fool team defaced the website of MTSN 2 Mukomuko, an Indonesian Islamic secondary school, on April 1st, 2026. The attack targeted the schools official website running on a Linux server.
Date: 2026-03-31T21:09:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248192
Screenshots:
None
Threat Actors: YamiFool, Royal Fool
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTSN 2 Mukomuko
Victim Site: www.mtsn2mukomuko.sch.id
Mass defacement targeting Indonesian educational institutions by Royal Fool team member YamiFool
Category: Defacement
Content: The Royal Fool team member YamiFool conducted a mass defacement attack targeting Indonesian educational institutions on April 1, 2026. The attack specifically compromised the graduation results page of MTs Negeri 2 Mukomuko, an Islamic junior high school in Indonesia.
Date: 2026-03-31T21:08:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248193
Screenshots:
None
Threat Actors: YamiFool, Royal Fool
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Negeri 2 Mukomuko
Victim Site: kelulusan.mtsn2mukomuko.sch.id
Mass defacement targeting Indonesian educational institutions by Royal Fool team member YamiFool
Category: Defacement
Content: Royal Fool team member YamiFool conducted a mass defacement attack targeting Indonesian educational websites on April 1, 2026. The attack specifically compromised MTS Kertajaya, an Islamic junior high school in Mukomuko, as part of a broader campaign against educational institutions.
Date: 2026-03-31T21:08:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248194
Screenshots:
None
Threat Actors: YamiFool, Royal Fool
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Kertajaya – MTsN 2 Mukomuko
Victim Site: mtskertajaya.mtsn2mukomuko.sch.id
Alleged leak of credentials from multiple forum platforms
Category: Combo List
Content: Threat actor distributing a 17 million record combolist containing email and password combinations allegedly from CosmoTalks, MyJane, FashionHive, and various forum platforms including Invision Power Board, phpBB, and Simple Machines Forum through Telegram channels.
Date: 2026-03-31T20:48:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70622/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Mata Bansos Riau
Category: Data Breach
Content: The group claims to have breached the database of Mata Bansos Riau.
Date: 2026-03-31T20:41:11Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/426
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: mata bansos riau
Victim Site: matabansos.riau.go.id
Alleged sale of Chinese Intelligence database
Category: Data Leak
Content: Group claims to be selling 2 TB of data from two Chinese Intelligence.
Date: 2026-03-31T20:40:50Z
Network: telegram
Published URL: https://t.me/c/3816027580/5153
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor claims to have made available 1,500 valid Hotmail email credentials dated March 31st. The credentials are described as fresh and full access accounts.
Date: 2026-03-31T20:39:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70621/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data leak of U.S. Department of State Bureau of Counterterrorism
Category: Data Breach
Content: The group claims to have breached the database of U.S. Department of State Bureau of Counterterrorism.
Date: 2026-03-31T20:37:22Z
Network: telegram
Published URL: https://t.me/c/3816027580/5163
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: u.s. department of state bureau of counterterrorism
Victim Site: Unknown
Alleged Sale of Australian Database
Category: Initial Access
Content: The threat actor claims to be selling a database of Australian users containing personal documents, identification, and financial information.
Date: 2026-03-31T20:31:43Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279607/
Screenshots:
None
Threat Actors: einein786
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Coinbase with 1 million user records
Category: Data Breach
Content: A threat actor claims to possess a database containing personal and financial information of 1 million Coinbase users, including names, emails, phone numbers, account balances, and cryptocurrency holdings. The data is being offered through Telegram and other messaging platforms.
Date: 2026-03-31T20:26:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70620/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged Sale of Unauthorized Admin Access to an Unidentified Shop in Italy
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access to an unidentified shop in Italy.
Date: 2026-03-31T20:25:44Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279605/
Screenshots:
None
Threat Actors: Reve
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cisco Suffers Data Breach
Category: Data Breach
Content: Cisco disclosed that attackers stole source code after breaching its development environment using credentials compromised in the recent Trivy supply chain attack. The intrusion allowed threat actors to access internal systems, exfiltrate sensitive data, and impact developer environments. Cisco has since contained the incident and is investigating the full scope of the breach.
Date: 2026-03-31T20:13:30Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Software Development
Victim Organization: cisco
Victim Site: cisco.com
Alleged leak of multi-platform credential combolist targeting Bitcoin, Litecoin, and Reddit communities
Category: Combo List
Content: Threat actor CODER is distributing a 13 million record credential combolist containing email and password combinations targeting Bitcoin, Litecoin, and various Reddit communities including rSEO, rbigseo, and rTechSEO. The actor is promoting free access through Telegram channels.
Date: 2026-03-31T20:08:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70619/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack Hits Charité – Universitätsmedizin Berlin
Category: Cyber Attack
Content: A technical IT outage at Charité hospital in Berlin temporarily disrupted systems across multiple clinic locations, affecting operations and emergency coordination. The issue has since been resolved, allowing emergency services to resume normal routing to hospital sites. Authorities stated that there is currently no confirmed evidence linking the disruption to a cyberattack, though investigations into the cause are ongoing.
Date: 2026-03-31T20:08:18Z
Network: openweb
Published URL: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-behoben-feuerwehr-kann-klinikstandorte-wieder-anfahren-15421749.html
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Hospital & Health Care
Victim Organization: charité – universitätsmedizin berlin
Victim Site: charite.de
Alleged leak of email credentials from Poland, Germany, and Italy
Category: Combo List
Content: A threat actor leaked a combolist containing 6,820 email credentials from users in Poland, Germany, and Italy. The credentials are described as good mail access suggesting they are verified working email account credentials.
Date: 2026-03-31T19:57:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70618/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
IRGC Targeting Global Technology and AI Companies Including G42
Category: Alert
Content: A post attributed to the Islamic Revolutionary Guard Corps (IRGC) alleges potential retaliatory actions against multiple international companies, including G42. The message suggests possible physical targeting in response to geopolitical tensions, raising concerns about the safety of organizations and their personnel.NB :- The authenticity of the claim is yet to be verified.
Date: 2026-03-31T19:54:40Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20872#
Screenshots:
None
Threat Actors:
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: g42
Victim Site: g42.ai
Alleged sale of BlackLine Inc
Category: Data Breach
Content: The threat actor claims to be selling a dataset of BlackLine, reportedly totaling approximately 354.4 GB and over 1.5 million files. According to the listing, the data includes various document types such as bills, licenses, certificates, and other records linked to multiple high-profile clients.
Date: 2026-03-31T19:46:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-354GB-Blackline-com-Breach-2026
Screenshots:
None
Threat Actors: The_Auditors
Victim Country: USA
Victim Industry: Software Development
Victim Organization: blackline inc
Victim Site: blackline.com
Alleged data leak of National Security Agency
Category: Data Breach
Content: The group claims to have leaked 850 GB data from the U.S. National Security Agency (NSA). The compromised data reportedly contains Full names, Emails, Office numbers, personal cell numbers Email Addresses (Government, Military & Pentagon) Classified Information and communications ETC.
Date: 2026-03-31T19:46:03Z
Network: telegram
Published URL: https://t.me/c/3816027580/5156
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: national security agency
Victim Site: nsa.gov
Alleged data leak of Hacker
Category: Data Leak
Content: The threat actor claims to have leaked a 1.4 million users of records from Hacker, compromised data includes user IDs, emails, usernames, bcrypt-hashed passwords, names, phone numbers, IP addresses, registration dates, post counts, reputation scores, and last login details, exposing users to privacy risks, credential abuse, and phishing.
Date: 2026-03-31T19:45:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-HACKER-CO-KR-Korean-Tech-Forum-1-4M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: South Korea
Victim Industry: Other Industry
Victim Organization: hacker
Victim Site: hacker.co.kr
Alleged data leak of Taiwan government database
Category: Data Leak
Content: The group claims to have breached data from Taiwan government database.
Date: 2026-03-31T19:45:12Z
Network: telegram
Published URL: https://t.me/c/3816027580/5150
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak from National Commission on State Language Standards
Category: Data Breach
Content: Group claims to have leaked mails from National Commission on State Language Standards.
Date: 2026-03-31T19:44:34Z
Network: telegram
Published URL: https://t.me/Inform_Zarya/723
Screenshots:
None
Threat Actors: Zarya
Victim Country: Ukraine
Victim Industry: Government Administration
Victim Organization: national commission on state language standards
Victim Site: mova.gov.ua
Cyberangriff in Winterthur: Hacker legen HÃ¤po-Reifencenter lahm
Category: Cyber Attack
Content: Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à lIran, a chiffré et paralysé le système informatique de lentreprise Häpo-Reifencenter, située à Winterthour, à laide dun ransomware. Bien que lentreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction nenvisage pour linstant pas de payer la rançon exigée.
Date: 2026-03-31T19:39:52Z
Network: openweb
Published URL: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182
Screenshots:
None
Threat Actors:
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Häpo-Reifencenter
Victim Site: haepo.ch
IT‑Ausfall an der Berliner Charité: Feuerwehr kann drei Klinikstandorte nicht anfahren
Category: Cyber Attack
Content: Un dysfonctionnement technique au sein dun centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr daccéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services durgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.
Date: 2026-03-31T19:39:49Z
Network: openweb
Published URL: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Charité
Victim Site: charite.de
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a credential list containing 146,803 lines targeting social media, shopping, and educational platforms. The data is being distributed for free via a file sharing service.
Date: 2026-03-31T19:38:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70616/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Brute Wrestling
Category: Data Breach
Content: Threat Actor claims to have breached the database of Brute Wrestling in USA. The exposed data reportedly includes Customer records, emails, addresses, payment details, rows of lives flattened into entries.
Date: 2026-03-31T19:32:23Z
Network: tor
Published URL: http://nleakk6sejx45jxtk7x6iyt65hwvfrkifc5v7ertdlwm3gttbpvlvxqd.onion/view_article.php?article=HT8LS4z4xAgDRdQtVRON9FghaHlrJkvm6h09I9bW6ku5yZIOl8wqWPZUlunSgXxy
Screenshots:
None
Threat Actors: Leaknet
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: brute wrestling
Victim Site: brute.com
Alleged leak of credentials from Antionline Forums, Wilders Security Forums, Mighty Networks, Circle, and CommuniPass
Category: Combo List
Content: A threat actor is distributing a 12 million record combolist containing credentials allegedly from multiple forums and platforms including Antionline Forums, Wilders Security Forums, Mighty Networks, Circle, and CommuniPass. The credentials are being shared through Telegram channels.
Date: 2026-03-31T19:29:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70613/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Multiple organizations including Antionline Forums, Wilders Security Forums, Mighty Networks, Circle, CommuniPass
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub claims to have made available a combolist containing 34,600 Hotmail email credentials on a cybercriminal forum. The post indicates the data is hosted on D4RKNETHUB CLOUD with an expiration date of March 31, 2026.
Date: 2026-03-31T19:29:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70614/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of GAMETUTS
Category: Data Leak
Content: The actor claims to have leaked a 1.4 million user records from GameTuts, the compromised data includes user IDs, emails, usernames, bcrypt-hashed passwords, display names, registration dates, last login, tutorial counts, reputation points, fav games, and forum post info, posing risks to account security and user privacy.
Date: 2026-03-31T19:24:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-GAMETUTS-COM-Gaming-Tutorial-Site-1-4M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Gaming
Victim Organization: gametuts
Victim Site: gametuts.com
Alleged data breach of Farmacias Del Ahorro
Category: Data Breach
Content: The threat actor claims to have breached 18,530 people records from Farmacias Del Ahorro.
Date: 2026-03-31T19:17:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-Farmacias-Del-Ahorro-Mx
Screenshots:
None
Threat Actors: Salmoncoltmx
Victim Country: Mexico
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: farmacias del ahorro
Victim Site: fahorro.com
Alleged data breach of FFVL
Category: Data Breach
Content: The threat actor claims to have breached data from FFVL.
Date: 2026-03-31T19:13:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-FFVL
Screenshots:
None
Threat Actors: Cybernox
Victim Country: France
Victim Industry: Other Industry
Victim Organization: ffvl
Victim Site: federation.ffvl.fr
Alleged Data Breach of ANTIK Telecom, s.r.o.
Category: Data Breach
Content: The threat actor claims to have breached the database of ANTIK Telecom, s.r.o. The compromised data reportedly includes user IDs, email addresses, usernames, bcrypt-hashed passwords, full names, phone numbers, full addresses, cities, ZIP codes, registration dates, last login details, ad counts, and rating scores.
Date: 2026-03-31T19:09:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ANTIK-SK-Slovak-Marketplace-3M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Slovakia
Victim Industry: Network & Telecommunications
Victim Organization: antik telecom, s.r.o.
Victim Site: antik.sk
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor TeraCloud1 made available a combolist containing 17,000 valid email access credentials on a cybercriminal forum, with additional private cloud services offered through Telegram contact.
Date: 2026-03-31T19:02:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70608/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of LSGB
Category: Data Breach
Content: The threat actor claims to have breached the database of LSGB.The compromised data includes User ID Username,Email Address,Password Hash,Salt,User Group,Registration Date (Unix timestamp),Last Visit,Registration IP,Last IP,Post Count,Reputation,PM Count,Signature,Birthday,Location and Website.
Date: 2026-03-31T19:02:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LSGB-NET-German-Gaming-Forum-10-5M-Users–71783
Screenshots:
None
Threat Actors: xorcat
Victim Country: UK
Victim Industry: Education
Victim Organization: lsgb
Victim Site: lsgb.net
A Cyber Attack Hits Axios
Category: Cyber Attack
Content: A cyberattack has been reported involving the npm package associated with Axios, where attackers compromised a maintainer’s account and published a malicious version of the package. The injected package reportedly included hidden post-install scripts designed to download and execute a payload while evading detection.This incident highlights a software supply chain attack, where trusted dependencies are manipulated to distribute malicious code to downstream users. Systems installing the affected version may be at risk of unauthorized access and potential data compromise. Immediate mitigation steps include downgrading to a safe version, auditing dependencies, and scanning environments for indicators of compromise.
Date: 2026-03-31T18:53:40Z
Network: telegram
Published URL: https://t.me/itarmyofukraine2022/3775
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Newspapers & Journalism
Victim Organization: axios
Victim Site: axios.com
Alleged Data Breach of Polska Agencja Antydopingowa
Category: Data Breach
Content: The group claims to have breached the database of Polska Agencja Antydopingowa.
Date: 2026-03-31T18:46:22Z
Network: telegram
Published URL: https://t.me/Inform_Zarya/745?single
Screenshots:
None
Threat Actors: Zarya
Victim Country: Poland
Victim Industry: Government Administration
Victim Organization: polska agencja antydopingowa
Victim Site: polada.pl
8ML COMBOLIST Salesforce Experience Cloud Khoros Communities Higher Logic Thrive Vanilla
Category: Combo List
Content: New thread posted by CODER: 8ML COMBOLIST Salesforce Experience Cloud Khoros Communities Higher Logic Thrive Vanilla
Date: 2026-03-31T18:31:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70607/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Corporate University SAC
Category: Data Breach
Content: The threat actor claims to have breached the database of Corporate University SAC.The compromised data includes User ID,Email Address,Full Name,Password (bcrypt),Student ID,Program/Course,Enrollment Date,Phone Number,Address,City,DNI (Peruvian ID),Grade Records and IP Address.
Date: 2026-03-31T18:29:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-UNIVERSIDAD-CORPORATIVA-FP-PERU-Education-1M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Peru
Victim Industry: E-Learning
Victim Organization: corporate university sac
Victim Site: universidadcorporativa.com
Alleged Data leak of K24Klik
Category: Data Breach
Content: The group claims to have breached the database of K24Klik.
Date: 2026-03-31T18:15:56Z
Network: telegram
Published URL: https://t.me/c/3816027580/5146
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Indonesia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: k24klik
Victim Site: k24klik.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 720,000 allegedly valid Hotmail email and password combinations through a file sharing service.
Date: 2026-03-31T18:12:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70605/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor is distributing a credential list containing 3,461 mixed email accounts including Hotmail addresses. The combolist is being offered as a free download through Telegram contact.
Date: 2026-03-31T18:11:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70606/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Chromium-Compatible Stealer Malware Source Code
Category: Malware
Content: The threat actor claims to be selling the full source code of a stealer malware supporting Chromium-based browsers. The tool is advertised as capable of collecting sensitive data such as credentials, cookies, cryptocurrency wallets, and system information, along with a management panel for data processing and control. The sale reportedly includes full rights to the project and additional support for setup and customization.
Date: 2026-03-31T18:07:36Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279583/
Screenshots:
None
Threat Actors: memchik
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of taxhelplines.com.pk by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the admin section of taxhelplines.com.pk, a Pakistani tax assistance website, on April 1, 2026. The attack targeted the administrative area of the site rather than the main homepage.
Date: 2026-03-31T18:03:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823007
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Pakistan
Victim Industry: Financial Services
Victim Organization: Tax Helplines
Victim Site: taxhelplines.com.pk
Alleged unauthorized access to Dayinsure
Category: Initial Access
Content: The group claims to have gained unauthorized access to Dayinsure.
Date: 2026-03-31T18:02:43Z
Network: telegram
Published URL: https://t.me/c/3816027580/5042
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: UK
Victim Industry: Financial Services
Victim Organization: dayinsure
Victim Site: admin.day-insure.uk
Alleged Sale of Poland User Database
Category: Data Leak
Content: The threat actor claims to be selling a database of Polish users containing phone numbers, email addresses, and personal/business details sourced from a marketing platform.
Date: 2026-03-31T18:01:59Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279597/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: Threat actor BoogyBlue shared a fresh high-quality mixed credential combolist for free download via file sharing platforms and Telegram. The post indicates the credentials are newly obtained and of high quality.
Date: 2026-03-31T18:01:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70604/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized WordPress Admin Access to UK-Based Website
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized WordPress Admin Access to UK-Based Website.
Date: 2026-03-31T17:55:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279600/
Screenshots:
None
Threat Actors: manofworld
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data leak of Armoured Vehicles Nigam Limited
Category: Data Breach
Content: The group claims to have breached the database of Armoured Vehicles Nigam Limited.
Date: 2026-03-31T17:53:31Z
Network: telegram
Published URL: https://t.me/c/3816027580/5028
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: India
Victim Industry: Automotive
Victim Organization: armoured vehicles nigam limited
Victim Site: avnl.co.in
Alleged Sale of “Bigpond Checker” Tool for IMAP Credentials
Category: Malware
Content: The threat actor claims to be selling a tool designed to validate login credentials for Bigpond email accounts via IMAP, advertising high-value (CPM) valid logins.
Date: 2026-03-31T17:53:25Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279596/
Screenshots:
None
Threat Actors: blueshock
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed country credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 16,000 credential pairs from mixed countries on a cybercrime forum. The credentials appear to be made available for free download to registered forum users.
Date: 2026-03-31T17:52:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70603/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of KEEA by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced the keea.org.np website on April 1, 2026, targeting a specific notice detail page. This was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-03-31T17:52:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823006
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: KEEA
Victim Site: keea.org.np
Alleged Sale of Unauthorized Access to an Unidentified WordPress Shop in Italy
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized Access to an Unidentified WordPress Shop in Italy.
Date: 2026-03-31T17:49:42Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279594/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Unicode Software Solution by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M threat actor defaced the website of Unicode Software Solution on April 1, 2026. The incident was a targeted single-site defacement rather than a mass attack.
Date: 2026-03-31T17:45:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823005
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: Unicode Software Solution
Victim Site: unicodesoftwaresolution.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor named FlashCloud2 claims to have made available 5,000 validated Hotmail credentials on the CrackingX forum. The actual content requires forum registration to view.
Date: 2026-03-31T17:41:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70601/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolists targeting academic and security platforms
Category: Combo List
Content: Threat actor distributes combolists containing 5 million credentials allegedly targeting IEEE Xplore, ResearchGate, arXiv.org, CNKI academic forums, x00sec, MalwareTips, and Wilders Security platforms. Actor promotes free credential distribution through Telegram channels.
Date: 2026-03-31T17:40:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70602/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple
Victim Site: Multiple
Alleged Sale of Unauthorized Access to an Unidentified WordPress Shop in United Kingdom
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in the United Kingdom.
Date: 2026-03-31T17:40:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279593/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Domain Admin Access to Construction Holding company in Turkey
Category: Initial Access
Content: Alleged Sale of Unauthorized Domain Admin Access to Construction Holding in company Turkey
Date: 2026-03-31T17:38:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279581/
Screenshots:
None
Threat Actors: Ritsu08
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to an Unidentified WordPress Shop in USA
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized Access to an Unidentified WordPress Shop in USA.
Date: 2026-03-31T17:33:13Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279592/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of balajipg.in by Team Hazardous Pakistan
Category: Defacement
Content: Team Hazardous Pakistan, specifically attacker overthrash1337, defaced the Indian website balajipg.in on April 1, 2026. The defacement involved placing content at the pakistan.txt path on the compromised domain.
Date: 2026-03-31T17:28:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822996
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: balajipg.in
Website defacement of brighttejmkt.com by Team Hazardous Pakistan
Category: Defacement
Content: Team Hazardous Pakistan, led by attacker overthrash1337, successfully defaced the brighttejmkt.com website on April 1, 2026. The attack targeted a specific page (pakistan.txt) on the domain.
Date: 2026-03-31T17:27:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822997
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: brighttejmkt.com
Alleged leak of educational domain combolist
Category: Combo List
Content: A threat actor shared a combolist containing 173,098 email and password combinations from educational domain accounts. The credentials are being distributed for free via file sharing platform.
Date: 2026-03-31T17:27:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70600/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to WordPress Redirect Infrastructure
Category: Initial Access
Content: The threat actor claims to be offering unauthorized administrative access to a WordPress-based system used for traffic redirection.
Date: 2026-03-31T17:27:39Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279591/
Screenshots:
None
Threat Actors: bobby_killa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Earthcon Infotech by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: Website defacement attack conducted by overthrash1337, affiliated with Team Hazardous Pakistan, targeting Earthcon Infotechs website on April 1, 2026.
Date: 2026-03-31T17:27:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822999
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: Earthcon Infotech
Victim Site: earthconinfotech.com
Website defacement of Earth Con Developers by overthrash1337 from Team Hazardous Pakistan
Category: Defacement
Content: The attacker overthrash1337 from Team Hazardous Pakistan successfully defaced the Earth Con Developers website on April 1, 2026. This appears to be a targeted single-site defacement attack against the construction/development company.
Date: 2026-03-31T17:26:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823000
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: Unknown
Victim Industry: Construction/Development
Victim Organization: Earth Con Developers
Victim Site: earthcondevelopers.com
Website defacement of goldspa.in by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: Team Hazardous Pakistan member overthrash1337 defaced the Gold Spa website on April 1, 2026. The attack targeted a hospitality business website based in India.
Date: 2026-03-31T17:26:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823001
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Hospitality/Wellness
Victim Organization: Gold Spa
Victim Site: goldspa.in
Alleged Sale of EV Code Signing Certificate
Category: Initial Access
Content: The threat actor claims to be offering an Extended Validation (EV) code signing certificate issued by a Microsoft-trusted Certificate Authority.
Date: 2026-03-31T17:26:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279579/
Screenshots:
None
Threat Actors: wget_money
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Hotel Deluxe by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: Team Hazardous Pakistan member overthrash1337 defaced the Hotel Deluxe website on April 1, 2026. The attack targeted a hospitality business in India, with the defaced content hosted at pakistan.txt on the victims domain.
Date: 2026-03-31T17:25:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823002
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Hospitality
Victim Organization: Hotel Deluxe
Victim Site: hoteldeluxe.in
Website defacement of Kalangan Trophies by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: On April 1, 2026, the website of Kalangan Trophies was defaced by attacker overthrash1337 affiliated with Team Hazardous Pakistan. The defacement targeted an Indian trophy manufacturing companys website.
Date: 2026-03-31T17:25:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823003
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Sports/Recreation
Victim Organization: Kalangan Trophies
Victim Site: kalangantrophies.in
Website defacement of moonlightspacenter.in by overthrash1337/Team Hazardous Pakistan
Category: Defacement
Content: Team Hazardous Pakistan, specifically attacker overthrash1337, defaced the Moonlight Space Center website on April 1, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-31T17:24:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823004
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Technology/Space Services
Victim Organization: Moonlight Space Center
Victim Site: moonlightspacenter.in
Alleged Unauthorized Access to Unidentified Single Golf Course Management System
Category: Initial Access
Content: The group claims to have breached a SCADA-based Single Golf Course Management System OT platform. they can control infrastructure systems such as pumps, lighting, and facility zones, and claims weak security and default credentials allowed the access.
Date: 2026-03-31T17:20:53Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/915
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Midtown Beverage by V4NX7 (Bekasi Root Sec)
Category: Defacement
Content: The website midtownbeverage.com was defaced by attacker V4NX7, associated with the Bekasi Root Sec team, on April 1, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-31T17:07:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822994
Screenshots:
None
Threat Actors: V4NX7, Bekasi Root Sec
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Midtown Beverage
Victim Site: midtownbeverage.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 8,000 mixed email access credentials through a file sharing service. The credentials appear to be from various sources and are being distributed for free.
Date: 2026-03-31T17:00:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70596/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed premium credential combinations
Category: Combo List
Content: Threat actor shared a collection of 2,738 premium valid credential combinations along with 79+ keyword targets for free download on a cybercriminal forum.
Date: 2026-03-31T17:00:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70598/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged adult content account credentials and services shop
Category: Data Breach
Content: Forum post advertising a shop selling OnlyFans balance credits and adult website account credentials. The post appears to be selling access to compromised adult entertainment platform accounts and services.
Date: 2026-03-31T17:00:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70597/
Screenshots:
None
Threat Actors: FANZIO
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: OnlyFans
Victim Site: onlyfans.com
Alleged distribution of credential combolist containing 41,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 41,000 records on a cybercriminal forum. The post content is hidden behind a registration wall, limiting analysis of the specific data sources or victims.
Date: 2026-03-31T16:46:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70593/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of international credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,800 credentials from EU, USA, and Asian regions, claimed to be valid and dated March 31st.
Date: 2026-03-31T16:46:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70594/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of email credential combolists via Telegram channels
Category: Combo List
Content: Threat actor distributing email credential combolists through Telegram channels, offering both free combos and programs for credential exploitation activities.
Date: 2026-03-31T16:45:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70595/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Forvis Mazars in France
Category: Data Breach
Content: The group claims to have breached the database of Forvis Mazars in France. The compromised data reportedly contain financial information, business details, and email records,
Date: 2026-03-31T16:39:12Z
Network: telegram
Published URL: https://t.me/c/3816027580/5036
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: France
Victim Industry: Accounting
Victim Organization: forvis mazars in france
Victim Site: mazars.fr
Alleged leak of Chinese platform credentials combolist
Category: Combo List
Content: A threat actor is distributing a 13 million record combolist containing credentials for Chinese social media and messaging platforms including Douyin, Kuaishou, Weibo, QQ, and Qzone through Telegram channels.
Date: 2026-03-31T16:20:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70592/
Screenshots:
None
Threat Actors: CODER
Victim Country: China
Victim Industry: Technology
Victim Organization: Multiple Chinese platforms
Victim Site: Unknown
Alleged Sale of Unauthorized Magento Access in USA
Category: Initial Access
Content: The threat actor claims to be selling Magento CMS access in USA.
Date: 2026-03-31T16:15:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279574/
Screenshots:
None
Threat Actors: Malwareboy
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 100 credit card records
Category: Initial Access
Content: Threat actor claims to be selling 100 credit card records from Brazil.
Date: 2026-03-31T16:10:56Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279576/
Screenshots:
None
Threat Actors: old_pirat
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum user BoogyBlue shared a free download of a private high-quality Hotmail credential list (combolist) through external links. The post provides access to Hotmail email and password combinations at no cost.
Date: 2026-03-31T16:08:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70589/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor klyne05 made available a free download of a mixed email credential combolist described as private, fresh, and checked on the CrackingX forum.
Date: 2026-03-31T16:07:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70590/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor D4rkNetHub allegedly shared a combolist containing 969 Hotmail credentials on a cybercriminal forum. The post includes an image link and requires forum registration to view the full content.
Date: 2026-03-31T16:07:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70591/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of ProAssessment by maw3six
Category: Defacement
Content: Brazilian professional assessment company ProAssessment was defaced by attacker maw3six on March 31, 2026. The defacement targeted a single page on the companys website.
Date: 2026-03-31T16:05:42Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248186
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Professional Services
Victim Organization: ProAssessment
Victim Site: proassessment.com.br
maw3six defaced proassessment.com.br
Category: Defacement
Content: Target: https://proassessment.com.br/maw.txtAttacker: maw3sixDate: 2026-03-31 22:56:47OS: Linux
Date: 2026-03-31T16:05:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248186
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: proassessment.com.br
Website defacement of bauenlife-wudavqof.on-forge.com by maw3six
Category: Defacement
Content: Attacker maw3six defaced the cloud-hosted website bauenlife-wudavqof.on-forge.com on March 31, 2026. The incident was a single-site defacement targeting a website of unknown purpose or organization.
Date: 2026-03-31T16:04:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248187
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bauenlife-wudavqof.on-forge.com
Website defacement of Carmax Santos by maw3six
Category: Defacement
Content: Individual attacker maw3six defaced the Carmax Santos automotive company website hosted on cloud infrastructure. The defacement occurred on March 31, 2026 and was archived on haxor.id mirror platform.
Date: 2026-03-31T16:04:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248188
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: Carmax Santos
Victim Site: carmaxsantos.com.br
Website defacement of danielmartins.tech by maw3six
Category: Defacement
Content: Threat actor maw3six successfully defaced the personal technology website danielmartins.tech on March 31, 2026. The attack targeted a cloud-hosted site and appears to be an isolated incident rather than part of a mass defacement campaign.
Date: 2026-03-31T16:04:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248189
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Daniel Martins
Victim Site: danielmartins.tech
Mass website defacement campaign by maw3six targeting Brazilian development site
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the development subdomain of Brazilian digital agency Hipo Agencia. The incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-03-31T16:03:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248190
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Digital Marketing/Advertising
Victim Organization: Hipo Agencia
Victim Site: dev.hipoagencia.com.br
Website defacement of paulocorreajr.com.br by maw3six
Category: Defacement
Content: The attacker maw3six defaced the Brazilian website paulocorreajr.com.br on March 31, 2026. This appears to be an individual defacement targeting a personal or small business website.
Date: 2026-03-31T16:03:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248191
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: paulocorreajr.com.br
Website defacement of teamhamco.mx by maw3six
Category: Defacement
Content: Attacker maw3six successfully defaced the teamhamco.mx website on March 31, 2026. The incident involved a single-site defacement targeting the Mexican organizations web presence.
Date: 2026-03-31T15:57:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248185
Screenshots:
None
Threat Actors: maw3six
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Team Hamco
Victim Site: teamhamco.mx
Alleged unauthorized access to an unidentified CCTV camera in Israel
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified systems and unidentified CCTV cameras in Israel.
Date: 2026-03-31T15:54:18Z
Network: telegram
Published URL: https://t.me/actbd/42?single
Screenshots:
None
Threat Actors: Advanced Cyber Tech-Bd
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: Threat actor noir shares a credential combolist containing valid Hotmail and other mixed email accounts with passwords on underground forum. The actor provides their Telegram contact for access to the data.
Date: 2026-03-31T15:51:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70587/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor is distributing a fresh private high-quality Hotmail credential combolist through free download links on a cybercriminal forum.
Date: 2026-03-31T15:51:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70588/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Unauthorized Access to Unidentified SCADA System in Turkey
Category: Initial Access
Content: The Group Claims to have breached a SCADA-based industrial refrigeration control panel.
Date: 2026-03-31T15:36:13Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/109
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of TikTok credentials
Category: Combo List
Content: Threat actor is distributing a combolist containing 9 million TikTok credentials through Telegram channels. The credentials are being shared for free rather than sold.
Date: 2026-03-31T15:34:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70586/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: TikTok
Victim Site: tiktok.com
Alleged Unauthorized Access to Unidentified SCADA System in Turkey
Category: Initial Access
Content: The Group Claims to have breached a SCADA-based microclimate control system in a Turkish greenhouse.
Date: 2026-03-31T15:28:32Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/109
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Akinbey Gida
Category: Initial Access
Content: The group claims to have gained Unauthorized access to Akinbey Gida.
Date: 2026-03-31T15:26:02Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/106
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Food Production
Victim Organization: akinbey gida
Victim Site: akinbey.com.tr
Alleged leak of German mixed-target combolist
Category: Combo List
Content: A combolist containing 174,228 credential pairs targeting German users across mixed platforms has been made available for download. The data appears to be distributed freely through a file sharing service.
Date: 2026-03-31T15:22:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70582/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of EQL Company by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the EQL Company website hosted on cloud infrastructure on March 31, 2026. This appears to be an isolated defacement incident targeting a single Brazilian commercial entity.
Date: 2026-03-31T15:17:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248184
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: EQL Company
Victim Site: eqlcompany.com.br
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,539 alleged valid Hotmail email and password combinations on a cybercrime forum. The credentials are described as premium hits from a private cloud source.
Date: 2026-03-31T14:54:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70581/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Government & Organizational Email Accounts
Category: Data Breach
Content: The threat actor claims to be selling email accounts associated with multiple Israeli government entities and organizations, along with some additional international domains.
Date: 2026-03-31T14:36:48Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-IL-GOVMAILS-Israeli-Government-Emails-Israeli-Organizations-Emails-Other-Emails
Screenshots:
None
Threat Actors: swag
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: israel police
Victim Site: police.gov.il
Alleged leak of massive credential collection
Category: Combo List
Content: Threat actor shared a large collection of URL-LOG-PASS credentials totaling 370GB, described as private data from 2026, along with 1300GB of browsing history in text format.
Date: 2026-03-31T14:17:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70579/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Remita Payment System Data
Category: Data Breach
Content: The threat actor claims to be selling the database of Remita.
Date: 2026-03-31T14:13:02Z
Network: openweb
Published URL: https://spear.cx/Thread-NG-Remita-Payments-Full-Data
Screenshots:
None
Threat Actors: bytetobreach
Victim Country: Nigeria
Victim Industry: Fine Art
Victim Organization: remita
Victim Site: remita.net
Alleged leak of Snapchat, Reddit, and LinkedIn credentials
Category: Combo List
Content: Actor distributes credential combolist containing 11.4 million records allegedly from Snapchat, Reddit, and LinkedIn through Telegram channels offering free access to compromised credentials and cracking tools.
Date: 2026-03-31T14:04:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70578/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Snapchat, Reddit, LinkedIn
Victim Site: snapchat.com, reddit.com, linkedin.com
Alleged Data Breach of Animoto, Inc
Category: Data Breach
Content: The threat actor claims to have breached the database of Animoto, inc, the dataset contains personally identifiable information (PII) and user activity-related metadata.
Date: 2026-03-31T13:57:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ANIMOTO-COM-Video-Creation-5M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Media Production
Victim Organization: animoto, inc
Victim Site: animoto.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor BoogyBlue shared a free download link to a fresh high-quality Hotmail credential combolist on a cybercrime forum. The credentials are being distributed via external file sharing platforms including Pasteview and Telegram.
Date: 2026-03-31T13:52:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70577/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of costlay.com by Zod
Category: Defacement
Content: The threat actor known as Zod successfully defaced the costlay.com website on March 31, 2026. The attack targeted a Linux-based server and resulted in the compromise of a specific page on the domain.
Date: 2026-03-31T13:49:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248181
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: costlay.com
Website defacement of ROI 2021 event site by Zod
Category: Defacement
Content: The attacker known as Zod defaced the ROI 2021 conference website hosted on WP Engine on March 31, 2026. The defacement targeted a specific page (zod.html) on the event website.
Date: 2026-03-31T13:48:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248180
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Events/Conference
Victim Organization: ROI 2021
Victim Site: roi2021.wpengine.com
Zod defaced costlay.com
Category: Defacement
Content: Target: https://costlay.com/zod.htmlAttacker: ZodTeam: ZodDate: 2026-03-31 20:46:49OS: Linux
Date: 2026-03-31T13:48:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248181
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: costlay.com
Website defacement of Midtown Beverage by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the Midtown Beverage company website on March 31, 2026. The defacement targeted a specific page (zod.html) on the beverage companys domain hosted on cloud infrastructure.
Date: 2026-03-31T13:48:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248182
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: United States
Victim Industry: Food and Beverage
Victim Organization: Midtown Beverage
Victim Site: midtownbeverage.com
Website defacement of DaVinci Properties by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the DaVinci Properties website on March 31, 2026. The incident involved compromising a Linux-based server hosting the real estate companys web presence.
Date: 2026-03-31T13:47:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248183
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: DaVinci Properties
Victim Site: davinci-properties.com
Alleged leak of mixed email credentials from multiple countries
Category: Combo List
Content: A threat actor leaked a combolist containing 8,430 email and password combinations from multiple countries including the United States, Japan, Italy, Poland, and Germany. The credentials are being distributed as a free download on a cybercriminal forum.
Date: 2026-03-31T13:40:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70575/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Multiple
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged WordPress-related data leak by threat actor zod
Category: Combo List
Content: Threat actor zod posted a password-protected WordPress-related data leak in a combolists and dumps forum. The actual content is hidden behind authentication and requires accessing a Telegram channel for the password.
Date: 2026-03-31T13:40:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70576/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Canva Pty Ltd
Category: Data Breach
Content: The threat actor claims to have leaked data from Canva Pty Ltd. The compromised data reportedly contains 900,000 users records including, Email Address, Username, Password, Phone Number, Location, Profile Data and much more information.
Date: 2026-03-31T13:38:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CANVA-COM-Design-Platform-900K-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Australia
Victim Industry: Graphic & Web Design
Victim Organization: canva pty ltd
Victim Site: canva.com
Alleged Data Breach of Whitepages
Category: Data Breach
Content: The threat actor claims to have breached the database of Whitepages, the dataset contains highly sensitive personally identifiable information (PII).
Date: 2026-03-31T13:37:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-WHITEPAGES-COM-People-Search-680K-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: whitepages, inc
Victim Site: whitepages.com
Alleged Data breach of Gfan Network
Category: Data Breach
Content: The threat actor claims to have leaked data from Gfan Network. The compromised data reportedly contains 10,000,000 users records including, Gender, Email Address, Username, Password, Birthdate, Phone Number, Location, Profile Data and much more information.
Date: 2026-03-31T13:33:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-GFAN-COM-Chinese-Android-Forum-10M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Network & Telecommunications
Victim Organization: gfan network
Victim Site: gfan.com
100k+ GMAIL GOODS D4RKNETHUB $ (17)
Category: Combo List
Content: New thread posted by D4rkNetHub: 100k+ GMAIL GOODS D4RKNETHUB $ (17)
Date: 2026-03-31T13:27:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70572/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a Gmail credential combolist containing email:password combinations, claiming the credentials are valid until March 31, 2026 and work across multiple platforms including Facebook, PayPal, Twitter, dating sites, and adult content sites.
Date: 2026-03-31T13:26:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70573/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com
Alleged distribution of Pinterest, LinkedIn, and Twitter credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a fresh combolist containing 11 million credentials allegedly from Pinterest, LinkedIn, and Twitter through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-03-31T13:26:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70574/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Pinterest, LinkedIn, Twitter
Victim Site: pinterest.com, linkedin.com, twitter.com
Alleged Data breach of Research Institute of the Differently Abled Persons Right in Korea (RIDRIK)
Category: Data Breach
Content: The threat actor claims to have leaked data from Research Institute of the Differently Abled Persons Right in Korea (RIDRIK). The compromised data reportedly contains 10,000,000 users records including, User ID, Email Address, Username, Password IP Address, Registration Date, Phone Number, Location, Profile Data information.
Date: 2026-03-31T13:16:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-COWALK-OR-KR-Korean-Social-Platform-10M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: South Korea
Victim Industry: Non-profit & Social Organizations
Victim Organization: research institute of the differently abled persons right in korea (ridrik)
Victim Site: cowalk.or.kr
Alleged leak of Yahoo credentials
Category: Combo List
Content: A combolist containing 1,719,798 Yahoo email and password combinations was made available for free download on a cybercrime forum. The credential list was shared via a file hosting service.
Date: 2026-03-31T13:06:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70570/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of email credentials combolist
Category: Combo List
Content: TeraCloud1 allegedly leaked a combolist containing 31,000 valid email credentials on CrackingX forum. The threat actor also advertised additional private cloud access via Telegram.
Date: 2026-03-31T13:06:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70571/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Avvo
Category: Data Breach
Content: The threat actor claims to have breached the database of Avvo, inc , the dataset contains personal user data and professional legal profiles.
Date: 2026-03-31T13:05:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-AVVO-COM-Legal-Directory-1-8M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: avvo, inc
Victim Site: avvo.com
Alleged Data Breach of Canva
Category: Data Breach
Content: The threat actor claims to have breached the database od Canva, the dataset contains 900k account-level and usage-related metadata.
Date: 2026-03-31T13:03:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CANVA-COM-Design-Platform-900K-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Australia
Victim Industry: Software Development
Victim Organization: canva pty ltd
Victim Site: canva.com
Alleged Data Breach of Gongdong Community
Category: Data Breach
Content: The threat actor claims to have breached the database of Gongdong Community. The dataset contains extensive personally identifiable information (PII) of users.
Date: 2026-03-31T12:57:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-GONGDONG-OR-KR-Korean-Community-Portal-15M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: South Korea
Victim Industry: Other Industry
Victim Organization: gongdong community
Victim Site: gongdong.or.kr
Alleged leak of PlayStation Network credentials
Category: Combo List
Content: Threat actor distributing a combolist containing 2 million PlayStation Network credentials through Telegram channels. The credentials are being shared for free through multiple Telegram groups.
Date: 2026-03-31T12:55:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70568/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Sony Interactive Entertainment
Victim Site: playstation.com
Alleged leak of credential combolist via ULP 3 package
Category: Combo List
Content: Threat actor zod shared a credential combolist package titled VIP ULP 3 on a cybercriminal forum, with access details provided through a Telegram channel. The post appears in a forum section dedicated to combolists and data dumps.
Date: 2026-03-31T12:55:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70569/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of multi-country credential combolists
Category: Combo List
Content: Threat actor CODER is distributing credential combolists containing 9 million records from multiple countries including Argentina, Italy, Germany, France, Israel, and Poland through Telegram channels. The actor offers free access to these credential lists and associated programs through dedicated Telegram groups.
Date: 2026-03-31T12:37:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70566/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 41,000 records
Category: Combo List
Content: A threat actor posted a combolist containing 41,000 unique credential combinations on a cybercrime forum. The post requires registration to view the actual content.
Date: 2026-03-31T12:37:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70567/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized access to infrastructure in USA
Category: Initial Access
Content: The group claims to have gained Unauthorized access to infrastructure in USA
Date: 2026-03-31T12:35:10Z
Network: telegram
Published URL: https://t.me/CIR48/1831
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach Of IranWire
Category: Data Breach
Content: The threat actor claims to have compromised IranWire and exfiltrated sensitive communications and affiliate data, posing significant risks to journalist safety, source confidentiality, and potential intelligence exploitation.
Date: 2026-03-31T12:18:37Z
Network: openweb
Published URL: https://handala-hack.tw/iranwire-hacked/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Iran
Victim Industry: Newspapers & Journalism
Victim Organization: iranwire
Victim Site: iranwire.com
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor shared a collection of 22,000 corporate email credentials dated March 31st on an underground forum. The credentials appear to be targeting corporate email accounts though specific victim organizations are not identified.
Date: 2026-03-31T12:16:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70565/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor BoogyBlue shared a free combolist containing Hotmail email and password combinations through Pasteview and Telegram channels. The post advertises the credentials as UHQ (ultra high quality) and fresh, suggesting recently compromised or validated account information.
Date: 2026-03-31T12:00:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70564/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Tinder credential combolist
Category: Combo List
Content: A credential combolist containing 12,359 lines of alleged Tinder email access credentials was shared on a cybercriminal forum. The data appears to be distributed as a free download with password-protected access via Telegram.
Date: 2026-03-31T11:49:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70561/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Tinder
Victim Site: tinder.com
Alleged unauthorized access to Industrial system in Poland
Category: Initial Access
Content: The group claims to have gained unauthorized access to Industrial system in Poland
Date: 2026-03-31T11:38:42Z
Network: telegram
Published URL: https://t.me/c/3584967422/287
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor snowstormxd shared what appears to be fresh Hotmail credentials through a Telegram channel, describing them as UHQ (Ultra High Quality). The credentials are being distributed for free rather than sold.
Date: 2026-03-31T11:36:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70558/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of corporate business credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 15 million record credential combolist targeting corporate business accounts through Telegram channels. The combolist appears to be made available for free through specified Telegram groups.
Date: 2026-03-31T11:36:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70559/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post shares a free download link for a combolist containing 960,000 alleged Hotmail email and password combinations. The threat actor advertises the credentials as fresh and high quality.
Date: 2026-03-31T10:54:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70555/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of European educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 134,843 credential pairs allegedly targeting European educational institutions and shopping platforms. The data was made available as a free download via a file sharing service.
Date: 2026-03-31T10:53:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70556/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a free download of a mixed email credentials combolist containing 4,150 entries on a cybercriminal forum.
Date: 2026-03-31T10:53:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70557/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of AVC-Livestock
Category: Data Breach
Content: Threat actor claims to be selling an Afghanistan user database 284K records containing personal details such as phone, email, name, location (province/district/region), and ID numbers, priced at $300.
Date: 2026-03-31T10:51:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279555/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Afghanistan
Victim Industry: Unknown
Victim Organization: avc-livestock
Victim Site: avc-livestock.com
Alleged Data breach Of San Felipe Del Rio CISD School
Category: Data Breach
Content: The threat actor claims to have breached data from San Felipe Del Rio CISD School and intends to publish it within 1-2 days.
Date: 2026-03-31T10:44:07Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/0300206018/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Education
Victim Organization: san felipe del rio cisd school
Victim Site: sfdr-cisd.org
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 574 high-quality Hotmail email and password combinations on a cybercriminal forum. The credentials are described as premium hits, suggesting they are verified working accounts.
Date: 2026-03-31T10:39:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70552/
Screenshots:
None
Threat Actors: anonymous_cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolist containing 41,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 41,000 unique email and password combinations on a cybercriminal forum. The content requires forum registration to access, indicating it may be freely distributed to registered members.
Date: 2026-03-31T10:38:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70553/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of educational institution credential lists
Category: Combo List
Content: Threat actor CODER is distributing educational institution credential lists through Telegram channels, offering both free combo lists and cracking programs to subscribers.
Date: 2026-03-31T10:38:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70554/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Akros Technologies
Category: Data Breach
Content: The threat actor claims to have leaked data from Akros Technologies. The compromised data reportedly contains approximately 12 GB of personal data.
Date: 2026-03-31T10:32:52Z
Network: tor
Published URL: http://gggdo3dngoyrud2ewjcmmkqhqw7a5aujcda7tsxiylvseoqhjmwkmcad.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: Costa Rica
Victim Industry: Software Development
Victim Organization: akros technologies
Victim Site: akros.tech
Alleged distribution of mixed credential data via D4rkNetHub
Category: Combo List
Content: Threat actor D4rkNetHub made available a collection of 18,201 mixed credential records on a cybercriminal forum. The post contains an image link requiring registration to view the full content.
Date: 2026-03-31T10:29:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70549/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 74,000 German email credentials, claiming they are fresh and valid as of March 31st.
Date: 2026-03-31T10:28:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70550/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential lists and targeted email compilations
Category: Combo List
Content: Threat actor distributed free downloads of Hotmail credential lists containing 459 premium hits, along with targeted inbox compilations sorted by keywords and countries.
Date: 2026-03-31T10:28:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70551/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of orientalische-christen.de by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Oriental Christians website, a German religious organizations site. The attack occurred on March 31, 2026, targeting a specific subdirectory rather than the main homepage.
Date: 2026-03-31T10:27:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822987
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Religious Organization
Victim Organization: Oriental Christians
Victim Site: orientalische-christen.de
Homeland Justice claims to target Prokuroria e përgjithshme
Category: Alert
Content: A recent post by the group indicates that they are targeting Prokuroria e përgjithshme
Date: 2026-03-31T10:15:13Z
Network: telegram
Published URL: https://t.me/JusticeHomeland1/653
Screenshots:
None
Threat Actors: Homeland Justice
Victim Country: Albania
Victim Industry: Government Administration
Victim Organization: prokuroria e përgjithshme
Victim Site: pp.gov.al
Alleged Data Breach of FRSR Digital
Category: Data Breach
Content: The threat actor claims to have leaked data from Degol. The compromised data reportedly contains approximately 5 GB of personal data.
Date: 2026-03-31T10:11:16Z
Network: tor
Published URL: http://fywbdubni6jhe4i7xrwde22xo3modvlzea3yw3jphtlbpp2pftdlsrid.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: frsr digital
Victim Site: frsrdigital.com
Website defacement of dagrozacare.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the dagrozacare.com healthcare website on March 31, 2026. The attack targeted a specific file (license.txt) rather than the main homepage.
Date: 2026-03-31T10:09:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822985
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Dagroza Care
Victim Site: dagrozacare.com
Alleged distribution of mixed domain credential combolist
Category: Combo List
Content: Threat actor ValidMail allegedly shared a combolist containing 501,000 mixed domain email and password combinations with a validity date of March 31, 2026 on the CrackingX forum.
Date: 2026-03-31T10:02:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70548/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of PreCon Industries
Category: Data Breach
Content: The threat actor claims to have leaked data from PreCon Industries. The compromised data reportedly contains approximately 3.5 GB of personal data. NB: The organisation was previously a victim of a ransomware attack.
Date: 2026-03-31T09:55:02Z
Network: tor
Published URL: http://z7jrji6zyx2v5epha6oa5hkpiqxhlgcfmjt7popggxlkasg7bz4pr5id.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: precon industries
Victim Site: preconindustries.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor claims to have leaked 56,000 Hotmail domain credentials with a validity date of March 25, 2026. The credentials are being shared on a cybercriminal forum specializing in combolists and credential dumps.
Date: 2026-03-31T09:53:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70547/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Mennonite Home Communities of Ohio
Category: Data Breach
Content: The threat actor claims to have leaked data from Mennonite Home Communities of Ohio. The compromised data reportedly contains approximately 1 GB of personal data.
Date: 2026-03-31T09:51:20Z
Network: tor
Published URL: http://faema4u5heoi5v4dwkzyvpcln24i3q7u6mhridvyr3fj6dna3fpiiaid.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: mennonite home communities of ohio
Victim Site: mhcoliving.org
Alleged data breach of Capsida Biotherapeutics
Category: Data Breach
Content: The threat actor claims to have leaked data from Capsida Biotherapeutics. The compromised data reportedly contains approximately 30 GB of personal data.
Date: 2026-03-31T09:46:11Z
Network: tor
Published URL: http://kxcicg75ugfhftzw3ffkide52fbh3c74vhkrpxwdmczwcl5332tosvqd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Biotechnology
Victim Organization: capsida biotherapeutics
Victim Site: capsida.com
Alleged data breach of Robertson Stromberg LLP
Category: Data Breach
Content: The threat actor claims to have leaked data from Robertson Stromberg LLP. The compromised data reportedly contains approximately 2.2 GB of personal data.
Date: 2026-03-31T09:44:10Z
Network: tor
Published URL: http://kz66y2cso56l7x4wwzxihgbli5yhz5faxc4zmdn6bne2m347p6ex4bqd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: Canada
Victim Industry: Law Practice & Law Firms
Victim Organization: robertson stromberg llp
Victim Site: rslaw.com
Alleged Data Breach Of Idemitsu Lubricants America
Category: Data Breach
Content: The threat actor claims to have leaked data from Degol. The compromised data reportedly contains approximately 55 GB of personal data.
Date: 2026-03-31T09:40:30Z
Network: tor
Published URL: http://vumfp6e7au47q7ipofkzmbuawsxq3mmpgjija2hf7rabv5fbao5gruid.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Oil & Gas
Victim Organization: idemitsu lubricants america
Victim Site: idemitsulubricants.com
Alleged data breach of Robert H. Lord Company
Category: Data Breach
Content: The threat actor claims to have leaked data from Robert H. Lord Company. The compromised data reportedly contains approximately 18 GB of personal data.
Date: 2026-03-31T09:38:53Z
Network: tor
Published URL: http://rjnymb64hqexjlh7j42xxv32jvtwjbpeuzedhpqqktnz6hzhvktezpid.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: robert h. lord company
Victim Site: rhlco.com
Alleged distribution of credential combinations targeting multiple services
Category: Combo List
Content: Threat actor CODER distributes an 11 million record credential combolist targeting Spotify, Amazon, and PayPal through Telegram channels. The combolist appears to be shared freely rather than sold.
Date: 2026-03-31T09:37:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70545/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Spotify, Amazon, PayPal)
Victim Site: Unknown
Alleged leak of Pegasus Cloud data
Category: Combo List
Content: A threat actor posted a 2.45 GB data collection allegedly related to Pegasus Cloud on a cybercriminal forum specializing in credential lists and data dumps.
Date: 2026-03-31T09:37:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70546/
Screenshots:
None
Threat Actors: blacksatan666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pegasus Cloud
Victim Site: Unknown
Alleged data breach of Ventana Property Services
Category: Data Breach
Content: The threat actor claims to have leaked data from Ventana Property Services. The compromised data reportedly contains approximately 2 GB of personal data.
Date: 2026-03-31T09:35:15Z
Network: tor
Published URL: http://hkhdzhwz2gpmb7myk3tiptgrx5vsu7w5sfyro7uvh6ccsikdn33kwdqd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: ventana property services
Victim Site: ventanaps.com
Alleged data breach of Teknotherm
Category: Data Breach
Content: The threat actor claims to have leaked data from Teknotherm. The compromised data reportedly contains approximately 1 GB of personal data.
Date: 2026-03-31T09:34:13Z
Network: tor
Published URL: http://fq3r4fr3mbhlkrgokeo4fnnofth6xexgmxkbfitihadxotqzbu77dhad.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: Norway
Victim Industry: Manufacturing & Industrial Products
Victim Organization: teknotherm
Victim Site: teknotherm.com
Alleged Data Breach of Service IT Direct
Category: Data Breach
Content: The threat actor claims to have leaked data from Service IT Direct. he compromised data reportedly contains approximately 3 GB of personal data.
Date: 2026-03-31T09:33:24Z
Network: tor
Published URL: http://66yqutmcfricavaofv5a2gknolhfod5lo76l6sdil5czr55qpp3cgxqd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: service it direct
Victim Site: serviceitdirect.com
Alleged leak of mixed email provider credential combolists
Category: Combo List
Content: Threat actor BoogyBlue distributed free credential combolists containing mixed email providers and Hotmail accounts via paste sites and Telegram channel. The actor claims to provide daily credential dumps at no cost.
Date: 2026-03-31T09:21:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70543/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of ULP credential list
Category: Combo List
Content: A threat actor shared a 6.4 GB credential list labeled ULP on a cybercriminal forum specializing in combolists and data dumps.
Date: 2026-03-31T09:21:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70544/
Screenshots:
None
Threat Actors: blacksatan666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Delphi
Category: Data Breach
Content: The threat actor claims to have leaked data from delphi. The compromised data reportedly contains approximately 2 GB of personal data.
Date: 2026-03-31T09:17:27Z
Network: tor
Published URL: http://pcfao4356qzqge6juehzg7xblm5ryhlu55tvxzkzu4fvbw2euhmwzcyd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: Canada
Victim Industry: Environmental Services
Victim Organization: delphi
Victim Site: delphi.ca
Alleged data breach of Degol
Category: Data Breach
Content: The threat actor claims to have leaked data from Degol. The compromised data reportedly contains approximately 1 GB of personal data.
Date: 2026-03-31T09:01:34Z
Network: tor
Published URL: http://fflm3zlvuio3iv2ozqtgwpxrjsbsxddaxuxl25csfk7osduom4v3zeqd.onion/
Screenshots:
None
Threat Actors: ATTACKER
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: degol
Victim Site: degol.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 1,582 Hotmail email and password combinations on a cybercriminal forum. The credentials are described as premium hits from a private cloud source with a mix of email addresses.
Date: 2026-03-31T08:45:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70540/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of PlayStation Network credentials
Category: Combo List
Content: Threat actor distributes PlayStation Network credential combolist containing 12 million entries through Telegram channels. The credentials are being shared for free rather than sold.
Date: 2026-03-31T08:45:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70541/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: PlayStation Network
Victim Site: Unknown
Handala Hack claims to target USA
Category: Alert
Content: A recent post by the group indicates that they are targeting USA
Date: 2026-03-31T08:41:18Z
Network: telegram
Published URL: https://t.me/HANDALA_INTEL/25
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credential pairs targeting German users. The data is being distributed for free via file hosting service.
Date: 2026-03-31T08:32:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70539/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 41,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing approximately 41,000 username and password combinations on a cybercriminal forum specializing in leaked credentials and stolen data.
Date: 2026-03-31T08:22:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70538/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of cryptomander.com
Category: Data Leak
Content: Threat Actor claims to have leaked the database of cryptomander.com
Date: 2026-03-31T08:17:11Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279545/
Screenshots:
None
Threat Actors: HighRisk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cryptomander.com
Alleged Data Leak of Italian Public Administration Email Contacts
Category: Data Leak
Content: The threat actor claims to have leaked Italian Public Administration Email Contacts; the dataset contains contact and institutional information across multiple public administration bodies.
Date: 2026-03-31T08:07:50Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-32K-Italian-public-administration-email-contacts
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Italy
Victim Industry: Government Administration
Victim Organization: italian public administration
Victim Site: Unknown
Website defacement of Mahatma Jayamulya by AlfanXploit/Cowok Tersakiti Team
Category: Defacement
Content: The website mahatmajayamulya.com was defaced by attacker AlfanXploit from the Cowok Tersakiti Team on March 31, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-31T07:33:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822981
Screenshots:
None
Threat Actors: ./AlfanXploit, Cowok Tersakiti Team
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Mahatma Jayamulya
Victim Site: mahatmajayamulya.com
Alleged leak of credential combolist containing 38.4 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing approximately 38.4 million lines of data totaling over 2GB in size on a cybercriminal forum.
Date: 2026-03-31T07:32:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70537/
Screenshots:
None
Threat Actors: VitVit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of chairul.net by AlfanXploit (Cowok Tersakiti Team)
Category: Defacement
Content: The website chairul.net was defaced by attacker AlfanXploit, associated with the Cowok Tersakiti Team. This was a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-03-31T07:15:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822979
Screenshots:
None
Threat Actors: ./AlfanXploit, Cowok Tersakiti Team
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: chairul.net
Alleged Cyberattack Threat Targeting Israeli AI Data Centers
Category: Cyber Attack
Content: Reports from Tasnim News Agency claim that, following an Israeli strike on Iran’s steel industry, Iran has allegedly updated its strategic target list to include AI-related data centers located in the Israeli-occupied territories. The report frames this as a shift in “rules of engagement,” emphasizing the strategic importance of Israel’s high-tech sector, which it states accounts for a substantial share of national GDP and exports.Several major technology and semiconductor firms operating in the region are mentioned as part of the sector potentially at risk, including Check Point, CyberArk, Mandiant, Wix, Tower Semiconductor, Nova, Camtek, Mobileye, Nvidia, Nebius, and Intel.
Date: 2026-03-31T07:05:07Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20811
Screenshots:
None
Threat Actors:
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 13,000 USA-based credential combinations on a cybercrime forum. The credentials appear to be made available for free download to registered forum users.
Date: 2026-03-31T07:03:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70535/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of adminberry.sk by aexdy from Leviathan Perfect Hunter team
Category: Defacement
Content: The website adminberry.sk was defaced by attacker aexdy affiliated with the Leviathan Perfect Hunter team on March 31, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-03-31T06:52:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822978
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: adminberry.sk
Website defacement of cguesthouse.com by aexdy (Leviathan Perfect Hunter team)
Category: Defacement
Content: The attacker aexdy, affiliated with the Leviathan Perfect Hunter team, successfully defaced the cguesthouse.com website on March 31, 2026. The defacement targeted a guesthouse business website, with evidence archived on zone-xsec.com.
Date: 2026-03-31T06:35:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822971
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: CG Guesthouse
Victim Site: cguesthouse.com
ismail Man54 targets the website of Telebiz
Category: Defacement
Content: The group claims to have defaced the website of Telebiz.
Date: 2026-03-31T06:34:25Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41656044
Screenshots:
None
Threat Actors: ismail Man54
Victim Country: Israel
Victim Industry: Network & Telecommunications
Victim Organization: telebiz
Victim Site: telebiz.co.il
CareCloud Suffers Data Breach
Category: Data Breach
Content: CareCloud, a U.S.-based healthcare IT provider confirmed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. The company reported that attackers gained unauthorized access to its systems on March 16, resulting in a temporary network disruption lasting approximately eight hours within its CareCloud Health division. The intrusion affected one of six electronic health record (EHR) environments, potentially exposing patient health data, although the full scope and number of affected individuals remain under investigation. CareCloud confirmed that other systems and platforms were not impacted, the attacker no longer has access, and all affected services have been fully restored. The company has engaged external cybersecurity experts to conduct a forensic investigation and strengthen its security posture.
Date: 2026-03-31T06:26:52Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/healthcare-tech-firm-carecloud-says-hackers-stole-patient-data/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: carecloud
Victim Site: carecloud.com
Alleged leak of German domain combolist credentials
Category: Combo List
Content: Threat actor HQcomboSpace leaked a combolist containing over 1 million credential pairs specifically targeting German domain users. The data is being distributed for free via file sharing service.
Date: 2026-03-31T06:25:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70534/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 41,000 records
Category: Combo List
Content: A threat actor posted a combolist containing 41,000 unique credential pairs on a cybercrime forum. The post appears to offer free access to registered forum members.
Date: 2026-03-31T06:13:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70532/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of bayfix.com.tr by aexdy (Leviathan Perfect Hunter team)
Category: Defacement
Content: The website bayfix.com.tr was defaced by attacker aexdy, who is associated with the Leviathan Perfect Hunter team. The incident occurred on March 31, 2026 and has been archived on zone-xsec.com mirror.
Date: 2026-03-31T05:55:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822958
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Bayfix
Victim Site: bayfix.com.tr
Website defacement of Uplast by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: The attacker aexdy from the Leviathan Perfect Hunter team defaced the Turkish manufacturing company Uplasts website on March 31, 2026. The defacement targeted a specific file (hx.txt) on the companys domain.
Date: 2026-03-31T05:55:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822969
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Turkey
Victim Industry: Manufacturing
Victim Organization: Uplast
Victim Site: uplast.com.tr
Website defacement of Nomad Prestige Tours by 4steroth (HonkSec team)
Category: Defacement
Content: The tourism website nomadprestigetours.com was defaced by attacker 4steroth, affiliated with the HonkSec team, on March 31, 2026. This was a targeted single-site defacement rather than a mass attack.
Date: 2026-03-31T05:54:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822970
Screenshots:
None
Threat Actors: 4steroth, HonkSec
Victim Country: Unknown
Victim Industry: Tourism
Victim Organization: Nomad Prestige Tours
Victim Site: nomadprestigetours.com
Website defacement of afeec.org by Leviathan Perfect Hunter team member aexdy
Category: Defacement
Content: The Leviathan Perfect Hunter team, specifically member aexdy, successfully defaced the afeec.org website on March 31, 2026. The attack targeted a specific file (hx.txt) on the victims domain.
Date: 2026-03-31T05:37:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822927
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: afeec.org
Website defacement of UN Brazil office by spl1nt3r
Category: Defacement
Content: The attacker spl1nt3r defaced a search page on the United Nations Brazil office website on March 31, 2026. This was an isolated defacement incident targeting the Brazilian UN offices Portuguese-language portal.
Date: 2026-03-31T05:31:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822926
Screenshots:
None
Threat Actors: spl1nt3r
Victim Country: Brazil
Victim Industry: International Organization
Victim Organization: United Nations Brazil
Victim Site: brasil.un.org
Website defacement of khatvongviet.net.vn by 4steroth (HonkSec)
Category: Defacement
Content: HonkSec team member 4steroth defaced a Vietnamese website on March 31, 2026. The attack targeted a specific directory on khatvongviet.net.vn rather than the main homepage.
Date: 2026-03-31T05:25:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822923
Screenshots:
None
Threat Actors: 4steroth, HonkSec
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: khatvongviet.net.vn
Website defacement of penjaga77.com by Leviathan Perfect Hunter team
Category: Defacement
Content: The website penjaga77.com was defaced by attacker aexdy from the Leviathan Perfect Hunter team on March 31, 2026. This appears to be a targeted single-site defacement attack.
Date: 2026-03-31T05:13:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822917
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: penjaga77.com
Website defacement of flatokapi.com by Leviathan Perfect Hunter team
Category: Defacement
Content: The Leviathan Perfect Hunter team, through attacker aexdy, successfully defaced the flatokapi.com website on March 31, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-31T05:13:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822918
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: flatokapi.com
Alleged data leak of the General Directorate of UNIVERSIDAD AUTONOMA DEL ESTADO DE MORELOS
Category: Data Leak
Content: The threat actor claims to have leaked a database allegedly belonging to the UNIVERSIDAD AUTONOMA DEL ESTADO DE MORELOS containing full name, fathers surname, mothers surname, telephone number, personal gmail, birth date, residence, age, etc…
Date: 2026-03-31T04:56:51Z
Network: telegram
Published URL: https://t.me/speakteamm/47
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Higher Education/Acadamia
Victim Organization: universidad autonoma del estado de morelos
Victim Site: uaem.mx
Alleged leak of WordPress credential lists
Category: Combo List
Content: Forum post allegedly shares WordPress credential lists containing username and password combinations. No post content is available to verify the scope or legitimacy of the claimed data.
Date: 2026-03-31T04:51:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70530/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: WordPress
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: Threat actor D4rkNetHub allegedly shared a combolist containing over 100,000 Gmail credentials on a cybercriminal forum. The actual content requires forum registration to view.
Date: 2026-03-31T04:51:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70531/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credentials on underground forum
Category: Combo List
Content: A threat actor claims to have leaked 42,000 Hotmail credentials in a combolist format on an underground forum. The post indicates these are valid credentials allegedly obtained from forum breaches.
Date: 2026-03-31T04:41:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70529/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
OpsShadowStrike targets the website of Innerspex Academy
Category: Defacement
Content: The group claims to have defaced the website of Innerspex Academy.
Date: 2026-03-31T04:35:18Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/211?single
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: innerspex academy
Victim Site: innerspexacademy.com
Alleged leak of European and US credential combolists
Category: Combo List
Content: Threat actor claims to have high quality, fully valid credential combolists targeting users from Europe and the United States. The post emphasizes the validity and quality of the credential lists being distributed.
Date: 2026-03-31T04:32:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70527/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sharing of phone number and password combinations
Category: Combo List
Content: A threat actor is sharing what appears to be a collection of phone numbers paired with passwords, described as high quality and private.
Date: 2026-03-31T04:31:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70528/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ukrainian Armed Forces
Category: Data Breach
Content: The group claims to have breached networks associated with Ukrainian Armed Forces, alleging exfiltration of sensitive documents, internal files, and system data.
Date: 2026-03-31T04:30:18Z
Network: telegram
Published URL: https://t.me/Inform_Zarya/838?single
Screenshots:
None
Threat Actors: Zarya
Victim Country: Ukraine
Victim Industry: Defense & Space
Victim Organization: ukrainian armed forces
Victim Site: zsu.gov.ua
Alleged breach of Al Baraka Bank Tunisia
Category: Data Breach
Content: The group claims to have breached 21 GB of data from Al Baraka Bank Tunisia.
Date: 2026-03-31T04:29:50Z
Network: telegram
Published URL: https://t.me/N3XUS_SH13LD/46
Screenshots:
None
Threat Actors: N3XUS SH13LD
Victim Country: Tunisia
Victim Industry: Banking & Mortgage
Victim Organization: al baraka bank tunisia
Victim Site: albarakabank.com.tn
Alleged data breach of UK Trade Base
Category: Data Leak
Content: A threat actor claims to have breached a UK-based trade website and is selling a dataset containing حوالي 3,500 business leads.
Date: 2026-03-31T04:24:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279540/
Screenshots:
None
Threat Actors: plank
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A threat actor shared a credential list containing 717,390 entries allegedly compromising users from various German domains. The data is being distributed for free via file sharing platform.
Date: 2026-03-31T04:13:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70525/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed USA and Europe credential combolist
Category: Combo List
Content: A threat actor shared an exclusive combolist containing mixed credential data from USA and Europe regions on a cybercriminal forum.
Date: 2026-03-31T04:13:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70526/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a credential combolist containing URL:LOGIN:PASS combinations on a cybercriminal forum. The post indicates high-quality private credentials but provides no specific details about the source or scope of the leaked data.
Date: 2026-03-31T04:03:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70524/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 16.55 million records
Category: Combo List
Content: A threat actor named Daxus shared a credential combolist containing 16.55 million URL:LOG:PASS records on a cybercrime forum. The data is being distributed through their website and Telegram channel.
Date: 2026-03-31T03:24:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70523/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Bitcoin Quant Company Database
Category: Data Leak
Content: The threat actor claims to be selling a database dump from a Bitcoin Quant company website, alleging it contains cryptocurrency-related corporate data, including company holdings, executive details, and social media information across multiple organizations.
Date: 2026-03-31T03:03:53Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279539/
Screenshots:
None
Threat Actors: plank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of KaleaMarket user database
Category: Data Breach
Content: A threat actor claims to be selling a data dump allegedly مرتبط with Kaleamarke, a Venezuelan-based online marketplace.
Date: 2026-03-31T02:49:51Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279537/
Screenshots:
None
Threat Actors: plank
Victim Country: Venezuela
Victim Industry: E-commerce & Online Stores
Victim Organization: kaleamarket
Victim Site: kaleamarket.com
Alleged Sale of Yacht Crew & Jobs Platform Database
Category: Data Leak
Content: Threat Actor claims to be selling a database allegedly belonging to a yacht job-seeker platform, containing approximately 3,000 records. The dataset includes structured user information such as email addresses, names, account creation and update timestamps, location details, and profile-related fields, indicating potential unauthorized access to user profiles.
Date: 2026-03-31T02:49:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279536/
Screenshots:
None
Threat Actors: plank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Lockheed Martin source code
Category: Data Leak
Content: The group claims to have leaked the source code of the Lockheed Martin.
Date: 2026-03-31T02:37:31Z
Network: telegram
Published URL: https://t.me/c/3575098403/66
Screenshots:
None
Threat Actors: APT IRAN
Victim Country: USA
Victim Industry: Defense & Space
Victim Organization: lockheed martin
Victim Site: lockheedmartin.com
Website defacement of dykidrah.com by HonkSec team member 4steroth
Category: Defacement
Content: HonkSec team member 4steroth successfully defaced dykidrah.com on March 31, 2026. The incident was a targeted single-site defacement with the defaced content hosted at honkz.txt.
Date: 2026-03-31T02:26:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822916
Screenshots:
None
Threat Actors: 4steroth, HonkSec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dykidrah.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 870,798 Hotmail credentials via file sharing service. The actor claims these are fresh leaks targeting the streaming platform user base.
Date: 2026-03-31T02:07:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70520/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
OpsShadowStrike targets the website of Innerspex Services Private Limited
Category: Defacement
Content: The group claims to have defaced the website of Innerspex Services Private Limited.
Date: 2026-03-31T01:41:40Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/210
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: innerspex services private limited
Victim Site: innerspex.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor claiming to have valid Hotmail credentials available through private cloud access. The actor is promoting the credential list as high quality and valid, directing interested parties to contact them via Telegram.
Date: 2026-03-31T01:40:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70518/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of IFEP PACA by HonkSec team member 4steroth
Category: Defacement
Content: The website www.ifeppaca.com was defaced by attacker 4steroth from the HonkSec team on March 31, 2026. The defacement targeted a specific page (honkz.html) rather than the main homepage.
Date: 2026-03-31T01:36:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822914
Screenshots:
None
Threat Actors: 4steroth, HonkSec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: IFEP PACA
Victim Site: www.ifeppaca.com
Alleged leak of education sector credentials
Category: Combo List
Content: Threat actor allegedly distributing a combolist containing 5.6 million email and password combinations from educational institutions across multiple countries through Telegram channels.
Date: 2026-03-31T01:28:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70514/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3.7K alleged valid Hotmail email credentials dated March 31, 2026. The credentials are being distributed for free download via MediaFire.
Date: 2026-03-31T01:02:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70509/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of cloned payment cards with financial data
Category: Combo List
Content: Threat actor claims to sell physical cloned JCOP payment cards with PINs, allegedly created from data collected through ATM, gas station, and POS terminal skimming operations. Cards are priced between $250-$1000 based on balance tiers ranging from $3000-$15000.
Date: 2026-03-31T00:51:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70505/
Screenshots:
None
Threat Actors: William Shawn
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
OpsShadowStrike targets the website of K S Hariharan & Associates
Category: Defacement
Content: The group claims to have defaced the website of K S Hariharan & Associates.
Date: 2026-03-31T00:28:14Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/209
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Legal Services
Victim Organization: k s hariharan & associates
Victim Site: gstlawyers.com