[April-6-2026] Daily Cybersecurity Threat Report

1. Executive Summary This comprehensive report provides an exhaustive, in-depth analysis of a vast array of global cybersecurity incidents, drawing exclusively from recent threat intelligence data. The analyzed dataset captures a highly volatile cyber threat landscape, documenting hundreds of discrete events that occurred over a condensed timeframe in early April 2026. These incidents encompass a wide spectrum of malicious activities, including catastrophic data breaches, rampant distribution of credential combo lists, widespread website defacements, sophisticated supply chain compromises, and targeted cyber-kinetic attacks against critical national infrastructure.

The intelligence reveals that threat actors are operating with unprecedented scale and audacity. For instance, financially motivated groups like ShinyHunters have claimed responsibility for exfiltrating hundreds of millions of highly sensitive records from government and corporate entities, including the National Credit Information Center of Vietnam and Cisco systems. Simultaneously, the proliferation of “Cybercrime-as-a-Service” is evident through the massive distribution of credential lists—some containing upwards of 133 million records—by actors such as “Leak Realm” and “CODER,” fueling global credential stuffing campaigns.

Furthermore, the report highlights a disturbing trend of geopolitically motivated cyber attacks. Hacktivist groups and state-aligned actors, such as Homeland Justice, Handala, and the Z-PENTEST Alliance, are increasingly targeting critical infrastructure, ranging from Albanian government networks to South Korean water treatment facilities and Middle Eastern satellite communications. Meanwhile, opportunistic actors like DimasHxR, maw3six, and Nicotine (Umbra Community) continue to exploit fundamental web vulnerabilities, executing mass defacement campaigns that disrupt business operations across Europe, Asia, and the Americas. This report synthesizes these complex events, categorizing them by threat vector, profiling the responsible adversaries, analyzing victimology, and providing a strategic conclusion on the current state of global cyber risk.

2. Introduction and Threat Landscape Overview In the contemporary digital era, the frequency, sophistication, and impact of cyber attacks have reached critical levels. The threat intelligence data analyzed herein serves as a stark testament to the relentless nature of modern cyber adversaries. The dataset, encompassing events primarily logged between April 5 and April 7, 2026, provides a granular view of the tactics, techniques, and procedures (TTPs) employed across the cybercriminal ecosystem.

The current threat landscape is multifaceted. At one end of the spectrum, highly organized cybercriminal syndicates operate as sophisticated enterprises, focusing on high-yield data extortion, initial access brokering, and intellectual property theft. At the other end, ideologically driven hacktivists and state-sponsored advanced persistent threats (APTs) utilize cyber operations to achieve geopolitical objectives, often targeting critical infrastructure where disruption can have physical and societal consequences. Bridging the gap are opportunists and script kiddies who leverage automated tools to exploit low-hanging fruit, such as unpatched content management systems (CMS), resulting in widespread website defacements.

This report aims to systematically dissect this intelligence. By categorizing the incidents into distinct taxonomies—Data Breaches, Combo Lists, Website Defacements, Critical Infrastructure Attacks, and Malware/Vulnerabilities—we can identify macro-level trends. A detailed examination of these categories will reveal the extent of the vulnerabilities plaguing global networks and the urgent necessity for proactive, intelligence-driven cybersecurity postures.

3. Categorized Analysis of Cybersecurity Events

3.1. High-Impact Data Breaches and Information Leaks Data breaches represent a profound threat to privacy, corporate security, and national stability. The dataset highlights several monumental breaches involving the theft and attempted sale of massive datasets.

National Credit Information Center of Vietnam (CIC): In a highly severe incident, the notorious threat actor ShinyHunters claimed to be selling the complete database of Vietnam’s National Credit Information Center (cic.gov.vn). The dataset allegedly contains over 160 million records in CSV format. The compromised data is exceptionally sensitive, encompassing full names, dates of birth, national ID numbers (CCCD/CMND), passport numbers, detailed loan data, account balances, debt information, tax IDs, and addresses for both individuals and corporate entities. The asking price for this massive trove of financial intelligence was set at $75,000 USD, distributed via BreachForums and dark web communication channels.
Cisco Systems: ShinyHunters also claimed responsibility for a significant breach of the multinational technology conglomerate Cisco. The actors alleged the exfiltration of over 3 million Salesforce records containing Personally Identifiable Information (PII), alongside internal corporate data, AWS storage contents, and GitHub repositories. Crucially, the threat actors claimed to possess proprietary Cisco source code for various Artificial Intelligence products, including AI Assistants, AI Defense, and AI Cisco Cloud Control. The group demanded $50,000 for the data and publicly taunted Cisco security executives, attempting to extort the company by threatening public release.
Vantage Media AI: A catastrophic breach impacted Vantage Media AI, resulting in the alleged theft of a 381 GB MongoDB database dump. The threat actor “Sorb” offered this dataset for $15,000, claiming it contained 628 million email addresses along with extensive personal information, including physical addresses, phone numbers, employment data, and LinkedIn profiles.
Lockheed Martin: In an incident with severe national security implications, a threat actor named “Brona Blanco” leaked highly sensitive data belonging to defense contractor Lockheed Martin. The leaked materials were described as “Proof of Concept” parts 2 and 3, comprising avionics subsystem firmware, calibration data, and telemetry systems. Specifically, the data related to Helmet-Mounted Displays (HMD), landing gear systems, and Block 4 configurations, indicating a deep compromise of military aerospace technology.
Edmunds Automotive Platform: Threat actor “Blastoize” advertised a full dump of the Edmunds automotive research platform, allegedly breached in early 2026. The database reportedly contains 30 million user records, including emails, passwords (some in plaintext, others base64 hashed), and vehicle reports spanning from 2018 to 2022.
Kbank Vietnam: A threat actor identified as “hackboy” claimed to sell a database containing over 10 million customer records from Kbank Vietnam. This highly sensitive financial dataset allegedly included national IDs, salary information, credit scores, and risk classifications.
AlumnForce: Targeting the French education sector, actor “HexDex” offered the personal data of 2.7 million individuals from AlumnForce, a platform managing alumni networks. The breach reportedly affected 49 French educational institutions, exposing contact details, education records, and employment histories.
Additional Notable Breaches: The intelligence details numerous other significant breaches, including ProCamps (623,000 records of sports marketing data), Success.com (267,000 user records including billing details), SongTrivia2.io (291,000 records including password hashes and API keys), Cuties.AI (153,000 records from an NSFW AI platform), Space Coast Area Transit (30,000 user records and 14,600 transit pass records with credit card data), the Huila Government in Colombia (extranet employee data), the Government of Liberia Ministry of Mines & Energy, and the Mexican tax administration (SAT) involving 13 million taxpayer records.

3.2. The Credential Stuffing Epidemic: Combo Lists and Stealer Logs The dataset reveals an industrial-scale operation centered on the aggregation and distribution of credential “combo lists” (username/email and password pairs) and malware stealer logs. These lists are the primary fuel for automated credential stuffing attacks, leading to widespread account takeovers.

Massive Aggregations: Several threat actors demonstrated the capability to distribute incomprehensibly large datasets. “Leak Realm” claimed to have leaked lists containing 133 million and 61 million credentials on cybercrime forums. Actor “CODER” was observed distributing multiple massive lists through Telegram, including compilations of 14 million, 12 million, 11 million, and 9 million records. These lists explicitly targeted high-value platforms such as Facebook, LinkedIn, Twitter, TikTok, Netflix, Instagram, and various cryptocurrency and Web3 platforms (Ethereum, Polygon, Mastodon).
Targeting Email Providers (Hotmail Focus): Microsoft’s Hotmail service appears to be disproportionately targeted or favored by credential brokers. The dataset contains dozens of discrete events involving the leak or sale of Hotmail credentials. Actors like “MailAccesss,” “NUllSHop0X,” “el_capitan,” and “Kotowka” distributed Hotmail-specific lists ranging in size from a few hundred “premium” verified hits to massive dumps containing 1 million, 664,000, 480,000, and 360,000 records. Furthermore, specialized “checking tools” designed to rapidly validate Hotmail credentials and search inboxes for keywords were distributed freely.
Geographically Targeted Credentials: Threat actors, notably “thejackal101” (often associated with “Elite Cloud” or “Elite_Cloud1” data), demonstrated a strategic approach by curating and releasing combo lists based on the victims’ country of origin. Observed leaks included specific targeting of Poland (600,000 records), Australia (350,000 records), Brazil (321,000 records), Austria (290,000 records), Spain (264,000 records), Mexico (250,000 records), Japan (160,000 records), as well as targeted lists for Taiwan, Sweden, Turkey, Switzerland, Thailand, Argentina, Bangladesh, and Belgium.
Stealer Logs: Beyond traditional database breaches, threat actors actively distributed “stealer logs” harvested by information-stealing malware (such as ULP). Actors like “UP_DAISYCLOUD,” “watercloud,” and “fatetraffic” shared thousands of fresh logs daily. One massive dump by “thejackal101” included 27.1 GB of compressed stealer logs, indicating a vast and ongoing malware infection campaign compromising individual end-users globally.

3.3. Cyber Vandalism and Hacktivism: Website Defacements Website defacement remains a prevalent tactic, serving variously as a form of digital graffiti, a proof of capability, or a method of ideological messaging. The intelligence indicates that a small number of prolific actors are responsible for the vast majority of these incidents, often utilizing automated exploitation of vulnerabilities in Content Management Systems (CMS) like WordPress.

The DimasHxR Campaigns: Operating as an independent threat actor, DimasHxR conducted a relentless campaign of website defacements across Europe, Australia, and Asia. Their targets were incredibly diverse, primarily focusing on retail, manufacturing, healthcare, and service businesses. Documented victims included Conforama (Italian retail), MW Dental (Austria), Lewis Leathers (UK fashion), Agri-Expert (French agriculture), Mobiliufficio (Italian office furniture), and numerous others across Sweden, Switzerland, Poland, Ireland, Taiwan, and Singapore. The sheer volume of DimasHxR’s activity suggests the use of automated scanning and exploitation tools targeting common web server misconfigurations.
The maw3six Mass Defacements: The actor known as “maw3six” specializes in “mass defacement” operations, where multiple websites sharing the same vulnerable infrastructure or hosting provider are compromised simultaneously. This actor heavily targeted Southeast Asian domains, with a specific focus on Vietnamese online gambling, sports streaming, and e-commerce platforms (e.g., lucky88.buzz, bongda.space, i9bet.today, 8kbet.click, alo789.shop). They also compromised Polish domains and Caribbean web hosting providers, indicating a wide net cast for vulnerable cloud infrastructure.
Nicotine and the Umbra Community: The threat actor “Nicotine,” operating under the banner of the “Umbra Community,” demonstrated a highly focused methodology targeting WordPress installations. Their defacements frequently manipulated the wp-content directories of victim sites. Nicotine’s targeting was heavily concentrated on South Asian (Pakistan, Bangladesh, India) and Canadian businesses. Notably, this actor frequently engaged in “redefacements,” returning to compromise sites that had previously been attacked, such as Farmaceutica FL and various Latin American domains. Other victims included Farooq Kitabghar (Pakistani publisher), Lamora Furnishings (Canada), and Progressive LCD (India).
Other Defacement Groups: * Zod: Conducted mass defacements against Mexican real estate sites (Properties Bay MX) and various international targets hosted on platforms like WP Engine.
- Alpha wolf team (XYZ): Focused mass defacement efforts primarily on Dutch organizations, including construction firms and design agencies (JCR Design, Golden Eagle Klusbedrijf).
- CYKOMNEPAL: Targeted specific pages within the websites of Argentine pharmaceutical companies (PuntoFarma), Indian tech firms (TerminalDev), and international travel agencies.

3.4. Cyber-Kinetic Threats and Attacks on Critical Infrastructure The most alarming data points in the intelligence report detail cyber attacks directed at critical national infrastructure, government entities, and high-level communications. These incidents highlight the intersection of cyber warfare and geopolitics.

South Korean Industrial Water Treatment Compromise: The threat group “Z-PENTEST Alliance” issued a chilling claim of having compromised a “Smart Pure Water System” (MSTEC PureWater 100) at an industrial ultrapure water treatment plant in South Korea. The attackers alleged they possessed full, real-time control over critical operational technology (OT) parameters, including conductivity, pH, chlorine levels, temperature, and flow rate. Furthermore, they claimed the ability to manipulate sensor calibrations and control physical solenoid and drain valves. The group explicitly noted that this infrastructure was vital for semiconductor chip manufacturing and pharmaceutical production, threatening to cause system failures and distort sensor readings. This represents a severe cyber-kinetic threat with the potential for physical and economic devastation.
Hacktivism Against the Albanian Government: The geopolitically motivated group “Homeland Justice” executed a series of cyber attacks against Albanian state infrastructure. They claimed to have compromised the Albanian Post (postashqiptare.al), the Prime Minister’s office (pp.gov.al), and the Albanian Parliament (parlament.al), extracting internal documents. The group issued severe, escalating threats against the Albanian leadership, citing the government’s alleged support for the MEK (Mujahideen-e-Khalq) opposition group as justification.
Attacks on Iranian Artificial Intelligence Infrastructure: According to regional news sources, the data center of Sharif University of Technology in Iran suffered a highly destructive attack. This facility houses the core infrastructure for Iran’s National AI Platform, a critical state project serving thousands of national services. The attack, described as a “missile strike” attributed to foreign adversaries, highlights the physical targeting of critical cyber infrastructure.
ArABSAT Satellite Network Disruption: The Arab Satellite Communications Organization (ArABSAT) was targeted by a hacker group named “Mabir,” resulting in service disruptions. The attackers explicitly stated their motivation was ArABSAT’s alleged cooperation with the United States and Israel, demonstrating how telecommunications infrastructure is targeted in regional proxy conflicts.
Israeli Intelligence Leaks and Coordinated Campaigns: The hacker group “Hanzala” leaked the unredacted private communications (WhatsApp and Twitter chats) of Raz Zimmt, the head of the Iran division at Israel’s National Security Institute. Concurrently, the “Handala” hacktivist group issued a global call to arms, actively recruiting hackers worldwide to conduct coordinated, strategic cyber attacks against Israeli and US critical infrastructure, providing secure communication channels for operational coordination. Furthermore, the “Cyber Islamic Resistance” announced the initiation of a massive cyber offensive against Israeli institutions.

3.5. Malware Operations, Vulnerability Exploitation, and Initial Access Brokers The dataset illustrates the sophisticated mechanisms by which threat actors gain footholds in networks and distribute malicious payloads.

Supply Chain Attack on Axios (npm): In a highly sophisticated software supply chain attack, threat actors compromised a developer account associated with the widely used “Axios” npm library. The attackers successfully published malicious versions (1.14.1 and 0.30.4) that contained a hidden dependency. Upon installation by developers, this dependency executed a Remote Access Trojan (RAT) and subsequently attempted to erase its traces to evade detection. This incident underscores the profound vulnerabilities within open-source ecosystems.
React2Shell Vulnerability Exploitation: Attackers conducted widespread, automated exploitation campaigns targeting the “React2Shell” vulnerability in Next.js applications. Utilizing a custom tool dubbed “NEXUS Listener,” the threat actors compromised hundreds of servers to exfiltrate highly sensitive cloud infrastructure credentials, including AWS keys, database passwords, and SSH keys, facilitating deep network intrusions and cloud account takeovers.
Targeting Node.js Developers (UNC1069): The North Korean state-sponsored hacking group UNC1069 engaged in targeted social engineering campaigns against high-profile Node.js developers. The attackers utilized fake software updates as a vector to deploy malware, attempting to compromise developers who maintain packages with billions of downloads, representing a massive supply chain threat.
Initial Access Brokers (IABs): The commercialization of network compromise is evident in the activities of Initial Access Brokers. Threat actor “KazeFreak” advertised active VPN and Active Directory access to corporate networks across diverse sectors (construction, telecommunications, mining) in Poland, Turkey, Italy, Canada, and Argentina. Similarly, “Nullsec Philippines” advertised access to government web shells, and actor “parsa” freely distributed compromised Linux and Windows server credentials (including administrator passwords) to promote their paid RDP access business.

3.6. The Cybercriminal Service Economy The intelligence highlights a robust underground economy supporting cyber attacks.

Threat actors like “Kenz” advertised fraudulent services to manipulate platform metrics, selling “Telegram Stars” and channel boosts.
Malware developers sold highly capable Distributed Denial of Service (DDoS) scripts, boasting Layer 4 and Layer 7 attack capabilities, including the ability to bypass modern Cloudflare protections and CAPTCHAs.
Other actors offered “DMCA abuse services,” weaponizing copyright law to manipulate search engine rankings and conduct SEO sabotage against competitors, specifically targeting the iGaming sector.

4. Threat Actor Profiling and Attribution Based on the intelligence, several distinct threat actor profiles emerge, each utilizing unique methodologies.

ShinyHunters: Operating as an apex-tier cybercriminal syndicate, ShinyHunters is characterized by its high technical proficiency and focus on massive data extortion. Their ability to compromise major entities like Cisco and national databases (CIC Vietnam), coupled with their aggressive public extortion tactics and demands for high-value cryptocurrency payouts, marks them as a primary global threat.
The “Mass Defacers” (DimasHxR & maw3six): These actors represent the automated, opportunistic tier of cybercrime. They do not appear to target specific data but rather seek to maximize the volume of compromised web properties. DimasHxR’s focus on European small businesses and maw3six’s focus on Asian gambling/e-commerce sites via cloud infrastructure suggest the use of specialized scanning arrays seeking out specific unpatched vulnerabilities in CMS platforms.
The “Combo List” Brokers (CODER, el_capitan, thejackal101): These actors function as the logistics arm of the cybercrime ecosystem. They possess vast infrastructure capable of aggregating, sorting (often by geography or platform), and validating millions of stolen credentials. Their activities directly enable the global epidemic of credential stuffing attacks.
Ideological Hacktivists (Homeland Justice, Handala, Z-PENTEST Alliance): These groups blur the line between cyber vandalism and cyber terrorism. They are highly motivated by geopolitical conflicts (e.g., Israel-Palestine, Albanian-Iranian tensions) and demonstrate a willingness to target critical infrastructure (water treatment, satellites, government communications) to inflict societal disruption and convey political messages.
State-Sponsored APTs (UNC1069): North Korean actors like UNC1069 demonstrate advanced, patient methodologies, utilizing highly targeted social engineering to compromise upstream developers in order to execute devastating software supply chain attacks.

5. Victimology Analysis The dataset reveals that no industry or geographic region is insulated from cyber threats.

Sectoral Impact:
- Technology & Software: Highly targeted for source code theft (Cisco, Lockheed Martin) and supply chain positioning (Axios npm, Node.js developers).
- Government & Public Sector: Frequently targeted for espionage, hacktivism, and data theft (Vietnam CIC, Albanian Government, Mexican SAT, Huila Government).
- Critical Infrastructure & OT: Targeted for kinetic disruption and geopolitical messaging (South Korean water systems, Iranian AI data centers, ArABSAT).
- Retail, E-commerce, & SMBs: The primary victims of automated defacement campaigns and point-of-sale data theft.
- Education: Educational institutions (AlumnForce, NUST Pakistan, Sinaloa University) are frequently compromised, exposing vast amounts of student and alumni PII.
Geographic Impact: The data shows a truly global distribution of targets. While Western nations (US, UK, Canada, France, Germany) are heavily targeted for financial data and credential harvesting, there is a pronounced concentration of activity directed at the Asia-Pacific region (Vietnam, South Korea, Japan, Indonesia, India) and the Middle East (Israel, Iran, Saudi Arabia). This geographic spread correlates heavily with areas of rapid digital adoption and zones of geopolitical friction.

6. Strategic Implications and Risk Assessment The intelligence synthesized in this report dictates several critical strategic conclusions.

Firstly, the sheer volume of distributed credential combo lists renders traditional password-based authentication obsolete. The availability of hundreds of millions of validated credentials means that credential stuffing is an ever-present threat. Organizations must mandate robust Multi-Factor Authentication (MFA) across all perimeters to mitigate this risk.

Secondly, the success of supply chain attacks, such as the Axios npm compromise and the targeting of Node.js developers, highlights a systemic vulnerability in modern software engineering. The trust placed in open-source repositories is being actively weaponized by advanced persistent threats.

Thirdly, the convergence of cyber operations with physical infrastructure—evidenced by the targeting of water treatment facilities and satellite networks—elevates cyber attacks from a data privacy issue to a matter of public safety and national security. The barrier to entry for disrupting Operational Technology (OT) appears to be lowering, necessitating urgent hardening of critical infrastructure interfaces.

Finally, the rampant success of basic website defacements against SMBs underscores a global failure in fundamental cybersecurity hygiene, specifically regarding the patch management of Content Management Systems and web application firewalls.

7. Conclusion The cybersecurity landscape captured in this April 2026 intelligence dataset is characterized by extreme volatility, high operational tempo, and profound impact. Threat actors are simultaneously executing massive data exfiltrations, orchestrating global credential stuffing campaigns, conducting widespread cyber vandalism, and launching targeted, disruptive attacks against critical national infrastructure.

The commoditization of malicious capabilities—from Initial Access Brokers selling network footholds to the distribution of advanced DDoS tools and stealer logs—has empowered a vast ecosystem of cybercriminals. Concurrently, the increasing willingness of ideologically driven groups to target operational technology and government networks indicates that cyber operations are now a primary vector for geopolitical conflict.

To defend against this multifaceted threat landscape, organizations and governments must abandon reactive security postures. A transition to intelligence-driven defense is imperative. This requires continuous monitoring of the deep and dark web, the implementation of zero-trust architectures to combat credential compromise, rigorous supply chain vetting, and the immediate hardening of critical infrastructure against cyber-kinetic threats. The data unequivocally demonstrates that in the current environment, robust cybersecurity is not merely a technical requirement, but a fundamental necessity for operational continuity and national security.

Detected Incidents Draft Data

Alleged data breach of National Credit Information Center of Vietnam (CIC) — 160M Records for Sale
Category: Data Breach
Content: Threat actor ShinyHunters claims to be selling the full database of Vietnams National Credit Information Center (cic.gov.vn). The alleged dataset contains 160,000,000+ records in CSV format, including full names, dates of birth, national ID numbers (CCCD/CMND), passport numbers, loan data, balances, debt information, tax IDs, company information, audit logs, and addresses. The data reportedly covers both individuals and companies. Asking price is $75,000 USD. The post links to BreachForums and provides Telegram, TOX, and Session contact details.
Date: 2026-04-06T23:53:06Z
Network: telegram
Published URL: https://t.me/c/3737716184/847
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Vietnam
Victim Industry: Financial Services / Government
Victim Organization: National Credit Information Center of Vietnam
Victim Site: cic.gov.vn
Alleged leak of multi-service credential combolist targeting Netflix, Minecraft, Steam and other platforms
Category: Combo List
Content: Forum user Ra-Zi shared a combolist containing 160,000 email and password combinations claimed to be valid for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The post also advertises selling additional credential lists through Telegram contact.
Date: 2026-04-06T23:51:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-160k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199580
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a collection of 200 Hotmail credential combinations on a cybercriminal forum, claiming them to be high-quality hits available for free download.
Date: 2026-04-06T23:49:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71353/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-06T23:15:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71351/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Identification of BreachForums Administrator N/A Linked to Bulgarian Cybersecurity Researcher Angel Tsvetkov
Category: Cyber Attack
Content: A BreachForums administrator operating under the alias N/A (later Caine) has allegedly been identified as Angel Tsvetkov, a Bulgarian penetration tester and bug bounty researcher. The individual is accused of conducting an exit scam on BreachForums around March 15, taking the forum dark before relaunching it on March 25 using a February backup under the alias Caine. The moderation team confirmed Caine = N/A and subsequently resigned en masse. N/A allegedly attempted to sell the forum again. The deanonymization reportedly stemmed from IP address reuse and password reuse across criminal and legitimate business accounts. Tsvetkov has legitimate security credentials including HackerOne recognition and responsible disclosure credits from Ford, Bosch, and the BBC. He has since been published on PwnForums Wall of Fame.
Date: 2026-04-06T23:06:46Z
Network: telegram
Published URL: https://t.me/IntCyberDigest/326
Screenshots:
None
Threat Actors: N/A
Victim Country: Bulgaria
Victim Industry: Cybercrime Forum
Victim Organization: BreachForums
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 520 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-06T22:55:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-520x-HQ-Valid-Hotmails
Screenshots:
None
Threat Actors: Sellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of UHQ Hotmail and multi-service combolists across multiple countries
Category: Combo List
Content: A threat actor is selling claimed fresh, valid, and private UHQ (Ultra High Quality) Hotmail and cloud credential combolists covering multiple countries (FR, IT, BR, UK, US, AU, JP, NL, PL, ES, MX, CA, SG, and others). The offer also includes service-specific combos for Amazon, eBay, Klei, Walmart, Poshmark, Marriott, and others. The seller claims exclusivity and keyword search capability.
Date: 2026-04-06T22:25:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/59705
Screenshots:
None
Threat Actors: Yìchén
Victim Country: United States, United Kingdom, France, Italy, Brazil, Australia, Japan, Netherlands, Poland, Spain, Mexico, Canada, Singapore
Victim Industry: E-commerce, Hospitality, Technology
Victim Organization: Hotmail, Amazon, eBay, Walmart, Poshmark, Marriott, Klei
Victim Site: Unknown
Alleged sale of mail access, combolists, and hacking tools targeting multiple countries
Category: Initial Access
Content: A threat actor operating via @Dataxlogs is advertising mail access for sale across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs, scripts, tools, hits, and combo lists, with custom requests available.
Date: 2026-04-06T21:51:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/59683
Screenshots:
None
Threat Actors: .py
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged threat actor seeking staff position on cybercriminal forum
Category: Alert
Content: Threat actor Angel_Batista applying for staff position on BreachForums, claiming experience in breaching systems to obtain databases for sale or distribution. Individual expresses interest in moderating database leak and seller sections of the forum.
Date: 2026-04-06T21:44:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Angel-Batista-s-Staff-Application–187891
Screenshots:
None
Threat Actors: Angel_Batista
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: Threat actor distributing free Japanese email credential lists through Telegram channel PandaCloud04, claiming fresh and valid email databases are added daily.
Date: 2026-04-06T21:34:55Z
Network: openweb
Published URL: https://crackingx.com/threads/71350/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Remote3.co crypto job platform database
Category: Data Leak
Content: A threat actor claims to have leaked a database from Remote3.co, a crypto job finder website, containing personal information of over 46,000 users including usernames, emails, social media profiles, and professional details. The alleged breach reportedly occurred in March 2026 and the data is being distributed for free download.
Date: 2026-04-06T21:32:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Remote3-co-Crypto-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Remote3.co
Victim Site: remote3.co
Alleged leak of Belgian credentials via Elite_Cloud1 combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 40,000 credentials allegedly targeting Belgian users. The credentials appear to be associated with Elite_Cloud1 and were posted on a cybercriminal forum.
Date: 2026-04-06T21:23:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-40-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Belgium-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Elite_Cloud1 credentials targeting Bangladesh users
Category: Combo List
Content: A threat actor shared a combolist containing over 10,000 email and password combinations allegedly from Elite_Cloud1, specifically targeting users in Bangladesh. The post was dated April 6, 2026.
Date: 2026-04-06T21:23:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-10-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Bangladesh-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Elite_Cloud1
Victim Site: Unknown
Alleged leak of British and Indian credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 11,000 email and password combinations allegedly targeting British and Indian users. The credentials are dated April 6, 2026 and appear to be distributed freely on cybercriminal forums.
Date: 2026-04-06T21:21:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-11-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-British-Indian-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of SongTrivia2.io database
Category: Data Leak
Content: A threat actor shared a database dump from SongTrivia2.io containing over 291,000 user records including personal information, authentication data, and platform content. The alleged breach occurred in April 2026 and includes user IDs, emails, password hashes, session data, and API keys.
Date: 2026-04-06T21:19:02Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-SongTrivia2-io-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: SongTrivia2.io
Victim Site: songtrivia2.io
Alleged data leak of Cuties.AI database
Category: Data Leak
Content: A threat actor claims to have leaked a database from Cuties.AI, an NSFW AI generation website, containing over 153,000 user records including emails, nicknames, subscription details, and user preferences. The alleged breach reportedly occurred in March 2026 and the data is being distributed for free download.
Date: 2026-04-06T21:18:39Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Cuties-AI-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Cuties.AI
Victim Site: Unknown
Alleged data leak of Success.Events database
Category: Data Leak
Content: A threat actor leaked a database from Success.Events containing over 53,000 user records including email addresses, IP addresses, user agents, and email campaign metadata. The breach allegedly occurred in April 2026 and affects a personal development and event newsletter platform.
Date: 2026-04-06T21:18:18Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Success-Events-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: Success.Events
Victim Site: success.events
Alleged data leak of Success.com database
Category: Data Leak
Content: A threat actor claims to have leaked a Success.com database containing over 267k user records including personal information, billing details, order data, and customer information. The post indicates this is the second breach of the platform, with 60k new email addresses added since the previous incident.
Date: 2026-04-06T21:17:57Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Success-com-V2-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: Success.com
Victim Site: success.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 5,200 entries on a cybercrime forum, describing it as quality data.
Date: 2026-04-06T21:09:23Z
Network: openweb
Published URL: https://crackingx.com/threads/71348/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SMTP corporate credential lists
Category: Combo List
Content: Threat actor distributes SMTP corporate credential combolists containing 7 million entries through Telegram channels. The actor offers free access to credential lists and associated programs through multiple Telegram groups.
Date: 2026-04-06T21:09:01Z
Network: openweb
Published URL: https://crackingx.com/threads/71349/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of US police tipline database containing anonymous crime tips
Category: Data Breach
Content: Threat actor claims to be selling a database containing 8.3 million records from US/Canada police tiplines, including anonymous crime tips, personal information, and contact details for $10,000 in cryptocurrency. The data allegedly originates from P3Global/CrimeStoppers and is being marketed as BlueLeaks 2.0 containing 93GB of confidential police data.
Date: 2026-04-06T21:07:31Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-Police-Tipline-Database-8mil–187882
Screenshots:
None
Threat Actors: iym
Victim Country: United States
Victim Industry: Law Enforcement
Victim Organization: P3Global / CrimeStoppers
Victim Site: Unknown
Alleged data breach of Welfare.org.ng with source code and database for sale
Category: Data Breach
Content: Threat actor NormalLeVrai is selling source code, email access, and database containing 12,825 records from welfare.org.ng for $300. The actor claims to have taken down associated subdomains and is offering the complete website infrastructure and backups.
Date: 2026-04-06T20:59:25Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Welfare-org-ng
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Nigeria
Victim Industry: Government/Social Services
Victim Organization: Welfare
Victim Site: welfare.org.ng
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 295 high-quality Hotmail credentials for free download on a cybercriminal forum.
Date: 2026-04-06T20:55:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71347/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Yahoo credentials database
Category: Data Leak
Content: Threat actor claims to have leaked a Yahoo credentials database containing approximately 64.9 million email addresses. The actor is distributing the data through Telegram channels and appears to be involved in selling various databases.
Date: 2026-04-06T20:54:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-Yahoo-Leads-Global-Database-Leaked-Download
Screenshots:
None
Threat Actors: injectioninferno2
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged sale of Cisco data or access by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling data or access related to Cisco for $10,000. Contact handle provided is @shinyc0rpsss. No further details on the nature of the offering (data breach, initial access, etc.) were specified.
Date: 2026-04-06T20:51:22Z
Network: telegram
Published URL: https://t.me/c/3737716184/840
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: cisco.com
Alleged leak of mixed access credentials
Category: Combo List
Content: Threat actor NUllSHop0X shared a free download of 5,000 mixed access credentials described as valid/hit and fresh. The credentials are being distributed through a cybercriminal forum specializing in combolists and data dumps.
Date: 2026-04-06T20:33:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71345/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Elite Cloud credential combolist targeting Brazil
Category: Combo List
Content: A threat actor shared a credential combolist containing 321,000 email and password combinations allegedly from Elite Cloud, targeting Brazilian users. The combolist was dated April 6, 2026 and distributed on an underground forum.
Date: 2026-04-06T20:20:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-321-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Brazil-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Elite Cloud
Victim Site: Unknown
Alleged leak of Australian credential combolist
Category: Combo List
Content: Threat actor distributed a combolist containing over 46,000 email and password combinations allegedly from Australian sources. The credentials are claimed to be fresh and high quality, and are being distributed through a Telegram channel.
Date: 2026-04-06T20:20:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-46-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Australia-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Austrian email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 54,000 email and password credentials allegedly from Austria. The data is described as fresh and high quality, and is being distributed through a Telegram channel.
Date: 2026-04-06T20:18:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-54-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Austria-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Argentine credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 43,000 email and password combinations allegedly targeting Argentine users. The credentials are being distributed through a Telegram channel and are described as fresh and high quality.
Date: 2026-04-06T20:17:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-43-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Argentina-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 337,000 Hotmail email and password combinations dated April 6th, 2024.
Date: 2026-04-06T20:16:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71343/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor NUllSHop0X shared a combolist containing 400,000 alleged valid Hotmail credentials for free download on a cybercriminal forum.
Date: 2026-04-06T20:15:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71344/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Lockheed Martin — Avionics Source Code and Firmware Exposed
Category: Data Breach
Content: A threat actor operating under the handle Brona Blanco is claiming to possess and distribute Lockheed Martin source code described as Proof of Concept (PoC) parts 2 and 3, including avionics subsystem firmware, calibration data, and telemetry data related to HMD (Helmet-Mounted Display), landing gear systems, and Block 4 configurations. The actor also teases an upcoming Part 4 involving Lockheed simulators, suggesting an ongoing series of leaks targeting the defense contractor.
Date: 2026-04-06T20:10:21Z
Network: telegram
Published URL: https://t.me/c/3575098403/100
Screenshots:
None
Threat Actors: Brona Blanco
Victim Country: United States
Victim Industry: Defense & Aerospace
Victim Organization: Lockheed Martin
Victim Site: lockheedmartin.com
Alleged leak of Lockheed Martin Avionics Source Code and Firmware
Category: Data Leak
Content: A threat actor is claiming to possess and sharing proof-of-concept material related to Lockheed Martin source code, specifically targeting avionics subsystem firmware, calibration data, and telemetry systems including Head-Mounted Display (HMD), landing gear systems, and Block 4 configurations. This represents a critical national security concern involving sensitive defense contractor intellectual property.
Date: 2026-04-06T20:08:46Z
Network: telegram
Published URL: https://t.me/c/3575098403/94
Screenshots:
None
Threat Actors: Brona Blanco
Victim Country: United States
Victim Industry: Defense & Aerospace
Victim Organization: Lockheed Martin
Victim Site: lockheedmartin.com
Alleged cyber attack on Czech Technical University by LunarisSec
Category: Cyber Attack
Content: Threat actor group LunarisSec, apparently affiliated with Algeria, claims to have attacked Czech Technical University. The post includes a photo (likely defacement or DDoS proof) and a link to their X (Twitter) account as evidence. The group uses signature messaging typical of hacktivist operations.
Date: 2026-04-06T20:04:31Z
Network: telegram
Published URL: https://t.me/c/3733257070/41
Screenshots:
None
Threat Actors: LunarisSec
Victim Country: Czech Republic
Victim Industry: Education
Victim Organization: Czech Technical University
Victim Site: Unknown
Alleged leak of Elite Cloud credentials
Category: Data Leak
Content: User thejackal101 shared a 1.1GB compressed file containing credential logs allegedly from Elite Cloud, dated April 6, 2026. The data is described as fresh and high quality, with additional content available through a Telegram channel.
Date: 2026-04-06T20:04:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%AA-1-1-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-6-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Elite Cloud
Victim Site: Unknown
Alleged distribution of multi-platform credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 14 million email:password combolist targeting multiple platforms including Clyx, Monnett, RedNote, Noplace, Threads, Lemon8, Jagat, Polygon, Ethereum, Audius, and Mastodon through Telegram channels. The credentials are being shared for free through dedicated Telegram groups for combos and programs.
Date: 2026-04-06T20:03:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71342/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of PuntoFarma by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the PuntoFarma pharmaceutical website on April 7, 2026. The attack targeted a specific product page rather than the homepage of the Argentine pharmacy/pharmaceutical company.
Date: 2026-04-06T19:48:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831182
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Argentina
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: PuntoFarma
Victim Site: www.puntofarma.com.ar
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 82,000 mixed valid forum credentials. The credentials are described as validated and appear to be sourced from various forum platforms.
Date: 2026-04-06T19:39:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71341/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of stealer logs containing credentials
Category: Logs
Content: Threat actor UP_DAISYCLOUD distributed 6,262 fresh stealer logs via file sharing platform, claiming to upload new credential data daily through Telegram channel.
Date: 2026-04-06T19:38:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-6262-LOGS-CLOUD-%E2%98%81-06-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ProCamps database for sale
Category: Data Breach
Content: Threat actor Sorb is allegedly selling a database containing 623,000 personal records from ProCamps, a sports marketing company. The data includes full names, addresses, dates of birth, phone numbers, emails, IP addresses, password hashes, and partial billing information for $600.
Date: 2026-04-06T19:26:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-procamps-com-623-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: United States
Victim Industry: Sports and Entertainment
Victim Organization: ProCamps
Victim Site: procamps.com
Alleged data breach of Vantage Media AI database for sale
Category: Data Breach
Content: Threat actor claims to be selling a 381 GB MongoDB database dump containing 628 million email addresses and extensive personal information including names, addresses, phone numbers, LinkedIn profiles, and employment data from Vantage Media AI for $15,000. The alleged breach occurred on March 27, 2026.
Date: 2026-04-06T19:25:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-Vantage-Media-AI-628kk
Screenshots:
None
Threat Actors: Sorb
Victim Country: United States
Victim Industry: Marketing Technology
Victim Organization: Vantage Media AI
Victim Site: vantagemediacorp.com
Website defacement of JCR Design by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the JCR Design website on April 7, 2026. The incident targeted a Netherlands-based design services company and was archived as a single site defacement.
Date: 2026-04-06T19:19:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248334
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Netherlands
Victim Industry: Design Services
Victim Organization: JCR Design
Victim Site: jcrdesign.nl
Mass defacement campaign by Alpha wolf team member XYZ targeting radioyaniv.com
Category: Defacement
Content: Alpha wolf team member XYZ conducted a mass defacement campaign targeting radioyaniv.com on April 7, 2026. The attack affected a radio broadcasting website as part of a broader mass defacement operation rather than an isolated incident.
Date: 2026-04-06T19:19:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248335
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Israel
Victim Industry: Media/Broadcasting
Victim Organization: Radio Yaniv
Victim Site: radioyaniv.com
Mass website defacement campaign by Alpha wolf team member XYZ
Category: Defacement
Content: Alpha wolf team member XYZ conducted a mass defacement campaign targeting multiple websites including unamuestradesugloria.com on April 7, 2026. The attack was part of a coordinated mass defacement operation rather than targeting a single site.
Date: 2026-04-06T19:19:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248336
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: unamuestradesugloria.com
Mass website defacement by Alpha wolf team targeting itamar.nl
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple websites including itamar.nl on April 7, 2026. The attack was executed by an attacker identified as XYZ against a Linux-based server.
Date: 2026-04-06T19:18:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248337
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: itamar.nl
Mass defacement of goldeneagle-klusbedrijf.com by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker working with Alpha wolf team conducted a mass defacement attack targeting goldeneagle-klusbedrijf.com on April 7, 2026. The victim appears to be a Dutch construction/maintenance services company running on a Linux server.
Date: 2026-04-06T19:18:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248338
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Netherlands
Victim Industry: Construction/Maintenance Services
Victim Organization: Golden Eagle Klusbedrijf
Victim Site: goldeneagle-klusbedrijf.com
Mass defacement campaign by Alpha wolf team member XYZ
Category: Defacement
Content: Alpha wolf team member XYZ conducted a mass defacement campaign targeting multiple websites including goddienen.nl on April 7, 2026. The attack targeted a Linux-based server as part of a broader defacement operation.
Date: 2026-04-06T19:18:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248339
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: goddienen.nl
Alleged cyber attack targeting DepEd Ilocos Norte and EFI Philippines domains
Category: Cyber Attack
Content: A threat actor associated with Nullsec Philippines posted a list of domains belonging to the Department of Education (DepEd) Ilocos Norte (depedilocosnorte.com and subdomains) and EFI Philippines (efi.net.ph and subdomains), including QMS, DTS, KPAP, VMS, IMS, cooperative, manpower, and purchasing portals. The post appears to indicate targeting or compromise of these Philippine educational and organizational web assets.
Date: 2026-04-06T19:16:01Z
Network: telegram
Published URL: https://t.me/c/2590737229/898
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Philippines
Victim Industry: Government / Education
Victim Organization: DepEd Ilocos Norte / EFI Philippines
Victim Site: depedilocosnorte.com, efi.net.ph
Alleged data breach of Alyna Kuwait cleaning service platform
Category: Data Breach
Content: Threat actor claims to be selling a database dump from Alyna, a Kuwait-based cleaning and laundry service platform, containing 18,000 user records including personal information, credentials, phone numbers, and location data for $300.
Date: 2026-04-06T19:12:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Kuwait-alyna-co-18-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: Kuwait
Victim Industry: Consumer Services
Victim Organization: Alyna
Victim Site: alyna.co
Website defacement of JCR Design by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the JCR Design website on April 7, 2026. This was a single-target home page defacement rather than a mass defacement campaign.
Date: 2026-04-06T19:12:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831176
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Netherlands
Victim Industry: Design/Creative Services
Victim Organization: JCR Design
Victim Site: jcrdesign.nl
Alleged data leak of Cisco by ShinyHunters
Category: Data Leak
Content: Threat actor ShinyHunters claims to have leaked all Cisco data, sharing what appears to be a photo as evidence of the breach. The post states We have provided all Cisco here, suggesting the data has been made available.
Date: 2026-04-06T19:10:38Z
Network: telegram
Published URL: https://t.me/c/3737716184/839
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: cisco.com
Alleged sale of webshells including government targets by Nullsec Philippines
Category: Initial Access
Content: A threat actor operating under the handle @Rici144 in the Nullsec Philippines channel is advertising webshells, including shells on government systems. This constitutes initial access offerings with potential for further compromise of government infrastructure.
Date: 2026-04-06T19:09:49Z
Network: telegram
Published URL: https://t.me/c/2590737229/897
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: Threat actor snowstormxd shared a fresh mix of email credentials via Pasteview and Telegram channel for free download. The post was made on CX forum in the Combolists & Dumps section.
Date: 2026-04-06T19:02:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71335/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credentials combolist
Category: Combo List
Content: A combolist containing 23,000 USA-based credentials was shared on a cybercriminal forum. The post appears to offer the credential list as hidden content for registered forum users.
Date: 2026-04-06T19:02:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71336/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 480,000 Hotmail email credentials with full mail access, dated April 6th.
Date: 2026-04-06T19:00:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71337/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of MyLovely.AI platform
Category: Data Leak
Content: Threat actor claims to have leaked a database from MyLovely.AI, an NSFW AI art platform, containing 254,580 total records including 106,362 user profiles with email addresses, user IDs, generated content, and report details from an alleged April 2026 breach.
Date: 2026-04-06T18:49:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-MyLovely-AI-Database-Leaked-Download
Screenshots:
None
Threat Actors: [Trial Mod]xtc
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: MyLovely.AI
Victim Site: mylovely.ai
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 144,000 Hotmail email and password combinations on a cybercrime forum. The credentials are being distributed for free to registered forum users.
Date: 2026-04-06T18:47:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71331/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor Ra-Zi shared a combolist containing 144,000 Hotmail email and password combinations on cybercriminal forum. The actor also advertises sales of additional credential lists for various email providers and countries.
Date: 2026-04-06T18:47:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-144K-HOTMAIL-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,925 email and password combinations from mixed sources, made available as a free download on a cybercrime forum.
Date: 2026-04-06T18:47:16Z
Network: openweb
Published URL: https://crackingx.com/threads/71332/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist targeting multiple platforms
Category: Combo List
Content: Threat actor distributes a 12 million credential combolist targeting multiple platforms including Tumblr, BeReal, OnlyFans, Yik Yak, Bluesky, RedNote, Noplace, Wedium, and Substack through Telegram channels.
Date: 2026-04-06T18:46:40Z
Network: openweb
Published URL: https://crackingx.com/threads/71334/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple
Victim Site: Multiple
Alleged Sale of Hotmail Email Account Access with Multi-Country Coverage
Category: Initial Access
Content: A threat actor is offering access to Hotmail email accounts across multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The seller claims to own a private cloud and offers inbox searching by keyword, targeting major platforms such as eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Valid webmails including ntlworld are also advertised. Requests are handled via direct message.
Date: 2026-04-06T18:36:31Z
Network: telegram
Published URL: https://t.me/c/2613583520/59655
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Email Services
Victim Organization: Hotmail
Victim Site: hotmail.com
Alleged leak of mixed email credential lists via PandaCloud service
Category: Combo List
Content: Threat actor promotes PandaCloud service offering free access to fresh email credential lists updated daily. Links provided to Telegram channel and file sharing platform for downloading mixed email combolists.
Date: 2026-04-06T18:35:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71329/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Hotmail credential checking tool
Category: Combo List
Content: Threat actor distributes a tool designed to check Hotmail credentials with high checking speed and inbox searching capabilities. The tool appears to be made available for free download.
Date: 2026-04-06T18:23:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71326/
Screenshots:
None
Threat Actors: strelok639
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,700 email credentials allegedly validated on April 6th. The credentials appear to be from mixed email providers and are being distributed on a cybercrime forum.
Date: 2026-04-06T18:22:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71327/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of TerminalDev by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the TerminalDev blog website on April 7, 2026. The attack targeted a specific blog page discussing AWS services on the Indian technology companys website.
Date: 2026-04-06T18:15:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831174
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Technology
Victim Organization: TerminalDev
Victim Site: terminaldev.in
Alleged sale of personal identification data including ID cards, SSN, and financial records
Category: Data Breach
Content: Threat actor jannat123 claims to have fresh private database containing ID cards, Social Security Numbers, drivers licenses, passports, and bank cards. No specific victim organization, data volume, or pricing information is provided in the available content.
Date: 2026-04-06T18:03:16Z
Network: openweb
Published URL: https://xforums.st/threads/fresh-private-base-data-id-cards-ssn-drivers-license-passports-bank-cards.605050/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of skydays.travel by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the admin section of skydays.travel, a travel industry website, on April 7, 2026. The attack targeted the blog administration panel of the travel companys website.
Date: 2026-04-06T17:58:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831173
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Skydays Travel
Victim Site: skydays.travel
Alleged leak of multi-platform credentials including Twitter, TikTok, Instagram and other social media platforms
Category: Combo List
Content: Threat actor CODER is distributing a 9 million record combolist containing email and password combinations allegedly from multiple social media platforms including Twitter, TikTok, Tinder, Twitch, Pinterest, Instagram, Discord and Reddit through Telegram channels.
Date: 2026-04-06T17:58:41Z
Network: openweb
Published URL: https://crackingx.com/threads/71323/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Multiple platforms
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a high-quality mixed credential combolist containing 4.9 million entries for free download on a cybercriminal forum.
Date: 2026-04-06T17:58:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71324/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential targets and keyword-based combolists
Category: Combo List
Content: Threat actor shared mixed credential combolists and keyword-targeted credential lists for free download on cybercrime forum. The post offers general credential compilation without specifying victims or data volume.
Date: 2026-04-06T17:57:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71325/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Space Coast Area Transit database
Category: Data Leak
Content: SQL database dump from 321transit.com containing 30,000 user records with usernames, emails, names and password hashes, plus 14,600 transit pass records with credit card information, phone numbers and addresses. The data was allegedly found on an unsecured open directory and is being distributed for free download.
Date: 2026-04-06T17:55:48Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-321transit-com-Leaked-Download
Screenshots:
None
Threat Actors: anonmoose
Victim Country: United States
Victim Industry: Transportation
Victim Organization: Space Coast Area Transit
Victim Site: 321transit.com
Website defacement of jazz-tech.net by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL group defaced the jazz-tech.net website, specifically targeting the admin panel at jazz-tech.net/aadmin on April 7, 2026. The incident was documented and archived on zone-xsec.com mirror service.
Date: 2026-04-06T17:52:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831172
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Jazz Tech
Victim Site: jazz-tech.net
Alleged distribution of Logo Generator cracking tool by Kidux
Category: Initial Access
Content: A forum post distributes a logo generation tool called Logo Generator by Kidux designed for creating custom tags, banners, and styled text for tools, packs, and releases. The tool is shared on a cracking forum with warnings about potential antivirus detection.
Date: 2026-04-06T17:46:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Logo-Generator-by-Kidux
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Valorant credential checking tool
Category: Initial Access
Content: A threat actor shared a console-based tool called Valorant Checker by HixerX designed for processing account credentials against Valorant gaming platform accounts. The tool features multiple execution modes for brute-force style processing of credential datasets.
Date: 2026-04-06T17:45:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Valorant-Checker-by-HixerX
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Riot Games
Victim Site: valorant.com
Website defacement of Luxuriate Casa by MR~TNT
Category: Defacement
Content: The website luxuriatecasa.com was defaced by attacker MR~TNT on April 7, 2026. The incident appears to be an individual defacement targeting a real estate or home furnishing business.
Date: 2026-04-06T17:40:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248332
Screenshots:
None
Threat Actors: MR~TNT, No team
Victim Country: Unknown
Victim Industry: Real Estate/Home Furnishing
Victim Organization: Luxuriate Casa
Victim Site: luxuriatecasa.com
Alleged distribution of Facebook, LinkedIn, and Etsy credential combolists
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record credential combolist allegedly containing Facebook, LinkedIn, Etsy and other platform credentials through Telegram channels. The combolist appears to be shared freely through dedicated Telegram groups.
Date: 2026-04-06T17:33:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71320/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Facebook, LinkedIn, Etsy)
Victim Site: facebook.com, linkedin.com, etsy.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor is distributing a free combolist containing 4,354 premium mixed email credentials, including Hotmail accounts, through Telegram contact.
Date: 2026-04-06T17:33:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71321/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Huila Government database
Category: Data Breach
Content: NyxarGroup and collaborators are allegedly selling government employee information from the Huila governments extranet system. The data includes names, positions, contact information, and organizational details of government contractors and employees.
Date: 2026-04-06T17:32:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-HUILA-GOV-CO
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Government
Victim Organization: Huila Government
Victim Site: extranet.huila.gov.co
Alleged sale of multiple personal data databases including SSN and identity documents
Category: Data Breach
Content: Threat actor offers various personal data databases for sale including SSNs, drivers licenses, passports, consumer information, email lists, and company databases through Telegram contact.
Date: 2026-04-06T17:21:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71318/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of MW Dental by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the MW Dental website, targeting a healthcare organization in Austria. The incident occurred on April 6, 2026, affecting a subdirectory of the dental practices website.
Date: 2026-04-06T17:01:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831136
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Austria
Victim Industry: Healthcare
Victim Organization: MW Dental
Victim Site: mwdental.at
Website defacement of loisircreatif.net by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the French creative leisure/crafts website loisircreatif.net on April 6, 2026. The attack targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-06T17:00:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831137
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Retail/E-commerce
Victim Organization: Loisir Creatif
Victim Site: loisircreatif.net
Website defacement of MelohStyle by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the MelohStyle website on April 6, 2026. The defacement targeted a specific media/customer section of the site rather than the homepage.
Date: 2026-04-06T17:00:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831138
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Fashion/Retail
Victim Organization: MelohStyle
Victim Site: www.melohstyle.com
Website defacement of Conforama by DimasHxR
Category: Defacement
Content: DimasHxR defaced a media subdirectory of Conforama Italys website on April 6, 2026. The attack targeted the Italian furniture and home goods retailers online presence.
Date: 2026-04-06T16:59:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831139
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Retail
Victim Organization: Conforama
Victim Site: www.conforama.it
Website defacement of RPTech Singapore by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the RPTech Singapore website on April 6, 2026. The attack targeted a specific subdirectory rather than the main homepage of the technology companys website.
Date: 2026-04-06T16:59:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831140
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Singapore
Victim Industry: Technology
Victim Organization: RPTech Singapore
Victim Site: rptechsg.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a link to what is claimed to be a high-quality Hotmail credential list (combolist) containing email and password combinations for free download on a cybercrime forum.
Date: 2026-04-06T16:59:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-HQ-HOTMAIL–199543
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Quincaillerie Angles hardware store by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of French hardware store Quincaillerie Angles on April 6, 2026. The defacement targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-06T16:58:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831142
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Retail/Hardware
Victim Organization: Quincaillerie Angles
Victim Site: www.quincaillerie-angles.fr
Website defacement of Lewis Leathers by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced a media subdirectory of Lewis Leathers website on April 6, 2026. The incident targeted the UK-based leather fashion retailers web presence.
Date: 2026-04-06T16:57:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831143
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Fashion/Retail
Victim Organization: Lewis Leathers
Victim Site: www.lewisleathers.com
Website defacement of Cort Party Rental by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the Cort Party Rental website on April 6, 2026. This appears to be an isolated defacement targeting a single party rental service company.
Date: 2026-04-06T16:57:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831144
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Event Services
Victim Organization: Cort Party Rental
Victim Site: www.cortpartyrental.com
Website defacement of FHR by DimasHxR
Category: Defacement
Content: DimasHxR defaced the FHR website on April 6, 2026, targeting a customer address media directory. This was an individual defacement incident rather than a mass or coordinated attack.
Date: 2026-04-06T16:56:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831145
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: FHR
Victim Site: fhr.se
Website defacement of Agri-Expert by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the French agricultural consulting website Agri-Expert on April 6, 2026. This was a single-target defacement affecting the organizations media content section.
Date: 2026-04-06T16:56:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831149
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Agriculture
Victim Organization: Agri-Expert
Victim Site: www.agri-expert.fr
Website defacement of Hogetex by DimasHxR
Category: Defacement
Content: Belgian website hogetex.be was defaced by attacker DimasHxR on April 6, 2026. The defacement targeted a customer address page on the site.
Date: 2026-04-06T16:55:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831150
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Hogetex
Victim Site: hogetex.be
Alleged Cyber Attacks on Albanian Government Infrastructure by Homeland Justice
Category: Cyber Attack
Content: The hacktivist group Homeland Justice claims to have attacked postashqiptare.al (Albanian Post), pp.gov.al (Prime Ministers office), and extracted corruption documents from dpbsh.gov.al. The group issues escalating threats against Albanian government entities, warning of harsher future operations and referencing prior data extraction as leverage. The post contains threatening language directed at Albanian leadership and signals intent for continued and intensified cyber operations.
Date: 2026-04-06T16:55:17Z
Network: telegram
Published URL: https://t.me/c/1569522807/687
Screenshots:
None
Threat Actors: Homeland Justice
Victim Country: Albania
Victim Industry: Government
Victim Organization: Albanian Government (postashqiptare.al, pp.gov.al, dpbsh.gov.al)
Victim Site: postashqiptare.al, pp.gov.al, dpbsh.gov.al
Website defacement of LCA Distribution by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the LCA Distribution website on April 6, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-06T16:55:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831155
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Distribution/Logistics
Victim Organization: LCA Distribution
Victim Site: lca-distribution.com
Website defacement of Japal by DimasHxR
Category: Defacement
Content: On April 6, 2026, threat actor DimasHxR successfully defaced the Japal website, compromising the media/customer section of the Italian organizations web presence.
Date: 2026-04-06T16:54:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831156
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Japal
Victim Site: www.japal.it
Website defacement of HESA by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdirectory of the HESA website on April 6, 2026. The attack targeted a specific media/customer page rather than the main homepage.
Date: 2026-04-06T16:54:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831160
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: HESA
Victim Site: www.hesa.com
Alleged cyber attack on Albanian Parliament (parlament.al) by Homeland Justice
Category: Cyber Attack
Content: The threat actor group Homeland Justice claims to have previously hacked the Albanian Parliament website (parlament.al) and is threatening escalated attacks. The group states the institution has not changed its behavior regarding alleged support of MEK (Mujahideen-e-Khalq) terrorists, and warns of harsher punishments to come. This appears to be a politically motivated cyber operation targeting Albanian government infrastructure.
Date: 2026-04-06T16:53:52Z
Network: telegram
Published URL: https://t.me/c/1569522807/686
Screenshots:
None
Threat Actors: Homeland Justice
Victim Country: Albania
Victim Industry: Government
Victim Organization: Albanian Parliament
Victim Site: parlament.al
Website defacement of sagapo.it by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of sagapo.it on April 6, 2026. The attack targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-06T16:53:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831161
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sagapo.it
Website defacement of The Plastic Man by DimasHxR
Category: Defacement
Content: Solo attacker DimasHxR defaced the UK-based plastic manufacturing company The Plastic Mans website on April 6, 2026. The defacement targeted a media subdirectory rather than the main homepage.
Date: 2026-04-06T16:53:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831162
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Manufacturing
Victim Organization: The Plastic Man
Victim Site: www.theplasticman.co.uk
Alleged Cyber Attack on South Korea Industrial Ultrapure Water Treatment System by Z-PENTEST Alliance
Category: Cyber Attack
Content: Threat group Z-PENTEST Alliance claims to have compromised a Smart Pure Water System (MSTEC PureWater 100) industrial ultrapure water treatment plant in South Korea. The group alleges full control including real-time monitoring of INLET/OUTLET parameters (conductivity, TDS, pH, turbidity, chlorine, temperature, flow rate), access to EC and pH sensors with ability to alter calibration and compensation factors, control over solenoid valves and drain valves (Drain 1 & 2), and bypass of the settings password. The group states they can distort sensor readings, manipulate calibration, or cause system failures. They identify the target as critical infrastructure serving chip manufacturing and pharmaceutical industries. Post includes video evidence of access and hashtags referencing #OpSouthKorea.
Date: 2026-04-06T16:52:32Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/925
Screenshots:
None
Threat Actors: Z-PENTEST Alliance
Victim Country: South Korea
Victim Industry: Critical Infrastructure / Water Treatment (Semiconductor & Pharmaceutical Supply)
Victim Organization: MSTEC PureWater 100 (Smart Pure Water System)
Victim Site: Unknown
Website defacement of Gillies by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Gillies website on April 6, 2026. This was an individual defacement targeting the UK-based organizations web presence.
Date: 2026-04-06T16:52:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831168
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Gillies
Victim Site: www.gillies.co.uk
Website defacement of GoFish by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of the GoFish website on April 6, 2026. The incident targeted the media/customer section of the UK-based organizations website.
Date: 2026-04-06T16:46:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831016
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: GoFish
Victim Site: gofish.co.uk
Website defacement of Grão Café by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a page on the Grão Café website on April 6, 2026. This was an isolated defacement targeting the Brazilian coffee companys customer media section.
Date: 2026-04-06T16:45:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831017
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Food and Beverage
Victim Organization: Grão Café
Victim Site: graocafe.com.br
Website defacement of Helikon-Tex by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against Helikon-Tex, a tactical equipment manufacturer, targeting their media/customer section on April 6, 2026.
Date: 2026-04-06T16:45:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831019
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Helikon-Tex
Victim Site: helikon-tex.com
Website defacement of hornval.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer management page on hornval.com on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T16:44:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831020
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Hornval
Victim Site: hornval.com
Alleged sale of personal identity data including SSNs and drivers licenses
Category: Data Breach
Content: Threat actor Target777 is selling comprehensive personal identity information including full names, addresses, Social Security Numbers, and drivers license numbers with pricing tiers based on credit scores ranging from $9 to $25 per record. The actor advertises through Telegram channels and claims the data is fresh.
Date: 2026-04-06T16:43:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71317/
Screenshots:
None
Threat Actors: Target777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of HyperBar USA by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the HyperBar USA website on April 6, 2026. The defacement targeted a specific media/customer page rather than the main homepage.
Date: 2026-04-06T16:43:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831021
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Food and Beverage
Victim Organization: HyperBar USA
Victim Site: hyperbarusa.com
Website defacement of Irwin Tiles by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Irwin Tiles website on April 6, 2026. The defacement targeted a specific page within the companys media directory rather than the homepage.
Date: 2026-04-06T16:42:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831024
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ireland
Victim Industry: Construction/Building Materials
Victim Organization: Irwin Tiles
Victim Site: irwintiles.ie
Website defacement of mein-atmos.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German website mein-atmos.de on April 6, 2026. The incident was not part of a mass defacement campaign or redefacement operation.
Date: 2026-04-06T16:42:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831058
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mein-atmos.de
Website defacement of NW Horseshoes by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the NW Horseshoes website on April 6, 2026. The incident targeted a UK-based horseshoe retailer and appears to be an isolated attack rather than part of a mass defacement campaign.
Date: 2026-04-06T16:41:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831064
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: NW Horseshoes
Victim Site: nwthorseshoes.co.uk
Website defacement of Packout by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Packout website on April 6, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-06T16:41:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831067
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Packout
Victim Site: packout.com.tw
Website defacement of Pacvac by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer data page on pacvac.com on April 6, 2026. This was an individual defacement targeting a specific subdirectory of the Pacvac website.
Date: 2026-04-06T16:40:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831068
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pacvac
Victim Site: pacvac.com
Website defacement of Rabenbunt-Stoffe by DimasHxR
Category: Defacement
Content: German textile retailer Rabenbunt-Stoffe suffered a website defacement attack by threat actor DimasHxR on April 6, 2026. The attacker targeted a specific media directory rather than the main homepage.
Date: 2026-04-06T16:39:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831073
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail/Textiles
Victim Organization: Rabenbunt-Stoffe
Victim Site: rabenbunt-stoffe.de
Website defacement of scorpena.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced scorpena.com on April 6, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-06T16:39:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831078
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Scorpena
Victim Site: scorpena.com
Website defacement of Sports Branding International by DimasHxR
Category: Defacement
Content: Website defacement incident targeting Sports Branding International conducted by threat actor DimasHxR on April 6, 2026. The attack was a single-site defacement rather than a mass defacement campaign.
Date: 2026-04-06T16:38:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831090
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Sports/Marketing
Victim Organization: Sports Branding International
Victim Site: sportsbrandinginternational.co
Website defacement of spreewald-gurke.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German food company Spreewald Gurkes website on April 6, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-06T16:38:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831091
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Food/Agriculture
Victim Organization: Spreewald Gurke
Victim Site: spreewald-gurke.de
Website defacement of storvatt.at by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against storvatt.at on April 6, 2026. The attack targeted a specific subdirectory on the Austrian website.
Date: 2026-04-06T16:37:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831112
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Storvatt
Victim Site: storvatt.at
Website defacement of thehoomanlife.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced thehoomanlife.com on April 6, 2026. The attack targeted a specific subdirectory rather than the main page and was not part of a mass defacement campaign.
Date: 2026-04-06T16:37:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831117
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Hooman Life
Victim Site: thehoomanlife.com
Website defacement of TipTop Shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Australian retail website tiptopshop.com.au on April 6, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-06T16:36:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831119
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Retail/E-commerce
Victim Organization: TipTop Shop
Victim Site: tiptopshop.com.au
Website defacement of usamake.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the usamake.com website on April 6, 2026. The attacker operated as a lone actor without team affiliation and targeted the sites media customer directory.
Date: 2026-04-06T16:35:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831123
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: USAMake
Victim Site: usamake.com
Website defacement of Vaudoise webshop by DimasHxR
Category: Defacement
Content: The threat actor DimasHxR successfully defaced the Vaudoise insurance companys webshop domain on April 6, 2026. This appears to be an isolated defacement incident targeting the Swiss insurance providers e-commerce platform.
Date: 2026-04-06T16:35:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831124
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Insurance
Victim Organization: Vaudoise
Victim Site: vaudoise-webshop.ch
Website defacement of Vuurwerk Oostvoorne by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the website of Vuurwerk Oostvoorne, a Dutch fireworks company, on April 6, 2026. This appears to be an isolated single-site defacement targeting the companys publication media directory.
Date: 2026-04-06T16:34:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831126
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Retail/Entertainment
Victim Organization: Vuurwerk Oostvoorne
Victim Site: vuurwerkoostvoorne.nl
Website defacement of World of Vape by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the World of Vape website, a Swiss e-commerce platform specializing in vaping products. The defacement targeted a specific media customer directory on the site on April 6, 2026.
Date: 2026-04-06T16:34:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831127
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Retail/E-commerce
Victim Organization: World of Vape
Victim Site: worldofvape.ch
Website defacement of Xpress Sportswear by DimasHxR
Category: Defacement
Content: On April 6, 2026, the Australian sportswear retailer Xpress Sportswears website was defaced by an individual attacker identified as DimasHxR. The defacement targeted a specific page rather than the main homepage.
Date: 2026-04-06T16:33:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831130
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Retail/Apparel
Victim Organization: Xpress Sportswear
Victim Site: xpresssportswear.com.au
Website defacement of zabawkaiwyprawka.pl by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the Polish retail website zabawkaiwyprawka.pl on April 6, 2026. The attack targeted a subdirectory of the domain rather than the main homepage.
Date: 2026-04-06T16:32:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831133
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Retail/E-commerce
Victim Organization: Unknown
Victim Site: zabawkaiwyprawka.pl
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a credential list containing 1,058 Hotmail email and password combinations through free download, claiming the credentials are valid and premium quality.
Date: 2026-04-06T16:32:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71316/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor klyne05 is distributing a free combolist containing mixed email credentials that are claimed to be private, fresh, and verified. The specific source and volume of credentials are not disclosed in the forum post.
Date: 2026-04-06T16:21:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71315/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Global Recruitment Call by Handala Hack for Coordinated Cyber Attacks Against Israeli and US Infrastructure
Category: Cyber Attack
Content: The Handala hacking group has issued a public call to recruit hackers worldwide to conduct cyber attacks against Israeli (Zionist), US, and allied state infrastructure. The group offers technical and strategic backing for offensive cyber operations and provides a Session (encrypted messenger) contact ID for coordination: 0540251cdd0d3f013456f186723cd47aaf2c8cf23c5df599661d68fd6fef7dc929. This represents an active threat actor recruitment and coordination effort targeting critical infrastructure of multiple nations.
Date: 2026-04-06T16:19:52Z
Network: telegram
Published URL: https://t.me/c/3548035165/88
Screenshots:
None
Threat Actors: Handala
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of avurefa.org by MR~TNT
Category: Defacement
Content: The website avurefa.org was defaced by attacker MR~TNT on April 6, 2026. The incident was a single-page defacement targeting a Linux-hosted website.
Date: 2026-04-06T16:04:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248331
Screenshots:
None
Threat Actors: MR~TNT, No team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: avurefa.org
Website defacement of 1line.ae by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer address page on the 1line.ae website on April 6, 2026. This was an isolated defacement incident targeting a specific page rather than a mass or home page attack.
Date: 2026-04-06T15:58:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830952
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: 1line
Victim Site: 1line.ae
Website defacement of Accuvoertuig by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Belgian automotive company Accuvoertuigs website on April 6, 2026. This was a single-target defacement incident with no identified team affiliation or stated motivation.
Date: 2026-04-06T15:57:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830962
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Belgium
Victim Industry: Automotive
Victim Organization: Accuvoertuig
Victim Site: www.accuvoertuig.be
Website defacement of ProShop by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the ProShop e-commerce website on April 6, 2026. The attack targeted a media/customer directory on the UAE-based retail platform.
Date: 2026-04-06T15:57:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830965
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Arab Emirates
Victim Industry: Retail/E-commerce
Victim Organization: ProShop
Victim Site: www.proshop.ae
Website defacement of Venum by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced a subdirectory of the Venum sports apparel companys Chinese website on April 6, 2026. The attack targeted a specific media/customer section rather than the main homepage.
Date: 2026-04-06T15:56:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830966
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: China
Victim Industry: Sports/Apparel
Victim Organization: Venum
Victim Site: venum.com.cn
Website defacement of WASM by DimasHxR
Category: Defacement
Content: DimasHxR defaced the WASM website on April 6, 2026. The attack targeted a specific page within the organizations media/customer section.
Date: 2026-04-06T15:56:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830967
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Qatar
Victim Industry: Unknown
Victim Organization: WASM
Victim Site: www.wasm.qa
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 260,000 Hotmail credentials on a cybercriminal forum. The credentials appear to be made available for free download to forum members.
Date: 2026-04-06T15:55:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71313/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed international credential lists
Category: Combo List
Content: Threat actor MegaCloudshop shared a combolist containing 6.7K email:password combinations from multiple regions including USA, EU, Asia, and Russia. The credentials are claimed to be fully valid and from mixed sources.
Date: 2026-04-06T15:45:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6-7K-USA-EU-ASIA-RU-Full-Valid-Mix-06-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of international credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6.7K credentials from users across USA, EU, Asia, and Russia regions dated April 6th. The credentials are described as a valid mix suggesting they may be tested or verified working accounts.
Date: 2026-04-06T15:44:41Z
Network: openweb
Published URL: https://crackingx.com/threads/71307/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Aline Cabinetry by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a page on the Aline Cabinetry website on April 6, 2026. This was a single-site defacement targeting a Canadian cabinetry manufacturers media directory.
Date: 2026-04-06T15:44:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830931
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Canada
Victim Industry: Manufacturing
Victim Organization: Aline Cabinetry
Victim Site: www.alinecabinetry.ca
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir is distributing a credential combolist containing alleged valid Hotmail accounts along with mixed credentials from other services via Telegram channel.
Date: 2026-04-06T15:44:22Z
Network: openweb
Published URL: https://crackingx.com/threads/71308/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed cloud credential combolist containing 12 million records
Category: Combo List
Content: Threat actor CODER is distributing a mixed cloud credential combolist containing 12 million records through Telegram channels. The actor operates multiple Telegram groups for sharing free combos and programs.
Date: 2026-04-06T15:44:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71309/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Scarban by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against scarban.co.uk on April 6, 2026. The attack targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-06T15:43:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830932
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Scarban
Victim Site: scarban.co.uk
Alleged leak of 61 million credentials
Category: Combo List
Content: Actor Leak Realm allegedly leaked 61 million username:login:password credentials on a cracking forum. The post content is hidden behind registration requirements, limiting visibility of additional details.
Date: 2026-04-06T15:43:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71310/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of stealer logs and credential lists
Category: Logs
Content: Threat actor watercloud is distributing stealer logs and credential lists (U.L.P) through file hosting service Pixeldrain. The actor promotes daily access to fresh logs through a Telegram channel for ongoing distribution.
Date: 2026-04-06T15:43:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-06-04-2026
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Kingfisher Direct by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Kingfisher Direct e-commerce website on April 6, 2026. This was a single-target defacement incident affecting the UK-based retail companys online presence.
Date: 2026-04-06T15:43:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830933
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: Kingfisher Direct
Victim Site: www.kingfisherdirect.co.uk
Website defacement of e-lte.com.mx by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against e-lte.com.mx on April 6, 2026. The attack targeted a specific page within the media/customer section of the website.
Date: 2026-04-06T15:42:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830936
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Mexico
Victim Industry: Technology
Victim Organization: E-LTE
Victim Site: e-lte.com.mx
Website defacement of Caterfair by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Caterfair catering company website on April 6, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-06T15:42:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830938
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Food Services
Victim Organization: Caterfair
Victim Site: caterfair.co.uk
Website defacement of Oasis Floral by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the UK-based Oasis Floral company website on April 6, 2026. The defacement targeted a specific page within the media directory rather than the homepage.
Date: 2026-04-06T15:41:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830940
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/Floral Services
Victim Organization: Oasis Floral
Victim Site: www.oasisfloral.co.uk
Website defacement of Howe Tools by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Howe Tools website on April 6, 2026. The attack targeted the companys media directory and was documented on zone-xsec mirror service.
Date: 2026-04-06T15:40:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830944
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/Tools
Victim Organization: Howe Tools
Victim Site: www.howetools.co.uk
Website defacement of Luxnote by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of the French website luxnote.fr on April 6, 2026. The attack targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-06T15:40:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830945
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Unknown
Victim Organization: Luxnote
Victim Site: www.luxnote.fr
Website defacement of Direct Water Tanks by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of Direct Water Tanks, a UK-based water storage tank company, on April 6, 2026.
Date: 2026-04-06T15:39:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830950
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Manufacturing
Victim Organization: Direct Water Tanks
Victim Site: www.directwatertanks.co.uk
Alleged leak of credential combolist containing 43 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 43 million URL:LOGIN:PASS combinations on a cybercrime forum. The post content is restricted and requires registration to view full details.
Date: 2026-04-06T15:32:06Z
Network: openweb
Published URL: https://crackingx.com/threads/71303/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: User D4rkNetHub shared a collection of 819 Hotmail credentials on a cracking forum. The data appears to be offered as a free download requiring forum registration to access.
Date: 2026-04-06T15:31:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71304/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 15,900 corporate email credentials with full mail access. The credentials appear to be from mixed corporate organizations and were made available for free download to registered forum users.
Date: 2026-04-06T15:20:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71302/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 664,000 alleged Hotmail email and password combinations via a file sharing service. The credentials are claimed to be fresh and were made available for free download.
Date: 2026-04-06T15:09:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-664X-FRESH-HOTMAIL-Vyrixcl-txt
Screenshots:
None
Threat Actors: Akari21
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a collection of 31,000 allegedly fresh and valid German email credentials on an underground forum.
Date: 2026-04-06T15:07:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71301/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Mass Defacement by Mr.PIMZZZXploit Targeting Multiple Websites
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit, affiliated with Babayo Eror System, claims to have defaced over 20 websites spanning multiple domains and countries including India, Nepal, Chile, Croatia, and others. Targeted domains include solar.deed.up.in, bhaktilyrics.xyz.lyricsagni.in, arbeittechnology.com subdomains, prodigygroupindia.com, agenciamesamarcial.cl, and others.
Date: 2026-04-06T15:05:18Z
Network: telegram
Published URL: https://t.me/c/3865526389/458
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: solar.deed.up.in, bhaktilyrics.xyz.lyricsagni.in, machin-test9.clientsdevsite.com, backup.nepal-vanjava.com, arbeittechnology.com, omcdemosite.com, fixxamarketing.com, prodigygroupindia.com, botiflay.art, agenciamesamarcial.cl, agenciasobremesa.cl, omcdemosites.com, knezovic-digital.hr
Website defacement of Luvmart by DimasHxR
Category: Defacement
Content: Indonesian e-commerce website Luvmart was defaced by threat actor DimasHxR on April 6, 2026. The attack targeted a specific page within the customer address section of the website.
Date: 2026-04-06T15:05:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830921
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Indonesia
Victim Industry: E-commerce
Victim Organization: Luvmart
Victim Site: luvmart.id
Alleged data leak of Center for Administrative Services in Ternopil, Ukraine
Category: Data Leak
Content: The threat actor Перун Сварога (Perun Svaroga), forwarded via the OverFlame channel, claims to have leaked data from the Center for Administrative Services (CNAP) in Ternopil, Ukraine (cnap.rada.te.ua). The post describes the leak as fresh/current as of April 2026 and appears motivated by pro-Russian sentiment, using derogatory language toward Ukrainians. The leak is shared freely with no price mentioned.
Date: 2026-04-06T14:53:45Z
Network: telegram
Published URL: https://t.me/perunswaroga/1328
Screenshots:
None
Threat Actors: Перун Сварога
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Center for Administrative Services in Ternopil (ЦНАП)
Victim Site: cnap.rada.te.ua
Alleged cybercriminal seeking staff position on BreachForums
Category: Alert
Content: Individual identifying as OSINT enthusiast applies for staff position on BreachForums cybercriminal marketplace, claiming experience with databases and previous moderation roles. The application indicates ongoing criminal forum operations following RF seizure.
Date: 2026-04-06T14:52:58Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Sythe-s-Staff-Application–187868
Screenshots:
None
Threat Actors: Sythe
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist titled X1334 HQ Mix on a cybercriminal forum. No additional details about the content or scope are available.
Date: 2026-04-06T14:44:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1334-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed-country email credential combolist
Category: Combo List
Content: Threat actor distributing a combolist containing 10 million email and password combinations from multiple countries through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-06T14:41:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71299/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,600 mixed email credentials described as fresh and high quality on a cybercrime forum.
Date: 2026-04-06T14:41:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71300/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of T1erOne malware forum account access
Category: Initial Access
Content: Threat actor Akiro is selling full access to a premium account on the T1erOne malware forum for $70. The account provides complete forum access and is described as well-established and active with no warnings.
Date: 2026-04-06T14:22:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Malware-Forum-Account-%E2%80%93-Instant-Access
Screenshots:
None
Threat Actors: Akiro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: T1erOne
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 718 Hotmail credentials as a free download on a cybercriminal forum. This appears to be a combolist containing email and password combinations.
Date: 2026-04-06T14:14:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71298/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 19,000 valid email and password combinations from USA users through a free download link on a paste site.
Date: 2026-04-06T14:06:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-19K-USA-VALID
Screenshots:
None
Threat Actors: WINGO
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 2,000 mixed email and password combinations on a cybercrime forum.
Date: 2026-04-06T14:05:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2K-MIXED-ACCESS–199531
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of IPTV service credentials
Category: Combo List
Content: Forum post claims to contain MAC addresses and Stalker portal credentials for IPTV services, with 21 records allegedly made available for download.
Date: 2026-04-06T13:54:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71297/
Screenshots:
None
Threat Actors: ouaaka_06
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged Exposure of Threat Actor Kurmaev Ramil Rinatovich Linked to ReHubcom Forum Hosting and DDoS Operations
Category: Cyber Attack
Content: A Telegram post by channel Tor Zireael alleges that Kurmaev Ramil Rinatovich, owner of vmwall.com and flare.su/flare-host.ru, is knowingly hosting the cybercrime forum ReHubcom. The post claims the forums public IP 198.251.89.127 belongs to vmwall.com, and the non-public IP 5.175.247.131 belongs to flare.su — both owned by Kurmaev. Additionally, Kurmaev is alleged to personally conduct DDoS attacks (including against Russian targets and the Pentagon), purchase spammed IP blocks for brute-force and scanning, and operate a dark Telegram channel Blog about IT where he shares DDoS activity. The author warns of potential US legal exposure if ReHubcom affiliates attack US hospitals.
Date: 2026-04-06T13:53:52Z
Network: telegram
Published URL: https://t.me/c/2138027628/934
Screenshots:
None
Threat Actors: Kurmaev Ramil Rinatovich
Victim Country: Russia
Victim Industry: Hosting / Cybercrime Forum
Victim Organization: ReHubcom Forum / vmwall.com / flare.su
Victim Site: rehub.com, vmwall.com, flare.su, flare-host.ru, sayto1k.ru
Alleged leak of Australian credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 350,000 Australian email and password combinations on a cybercrime forum. The actor also advertises additional services including cracking tools and lessons through Telegram channels.
Date: 2026-04-06T13:46:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-350K-AUSTRALIA-Good-Quality-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Austrian email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 290,000 email and password combinations allegedly from Austrian users on a cybercrime forum.
Date: 2026-04-06T13:44:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-290K-AUSTRIA-EmailPass-HQ-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 600,000 Polish email and password combinations, described as fresh and high quality credentials.
Date: 2026-04-06T13:43:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-600K-POLAND-FRESH-HQ-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 360,000 Hotmail email and password combinations on a cybercrime forum. The credentials are claimed to be fresh and high quality.
Date: 2026-04-06T13:42:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-360K-HOTMAIL-Good-Quality-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Mexican credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 250,000 email and password combinations targeting Mexican users. The credentials are described as high quality and semi-private, suggesting they may be from recent breaches or credential stuffing operations.
Date: 2026-04-06T13:41:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-250K-MEXICO-Semi-Private-HQ-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of German credential combolist
Category: Combo List
Content: A threat actor distributed a combolist containing 280,000 German email and password combinations through a cybercriminal forum. The actor promotes additional services including cracking tools and lessons via Telegram channels.
Date: 2026-04-06T13:40:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-280K-GERMANY-High-Quality-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 160,000 email and password combinations targeting Japanese users on a cybercriminal forum.
Date: 2026-04-06T13:39:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-160K-JAPAN-Semi-Private-Good-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed gaming and social media credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 1 million mixed credentials allegedly suitable for gaming and social media platforms. The actor also advertises various cybercriminal services and tools through Telegram channels.
Date: 2026-04-06T13:30:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1M-Mixed-Combolist-Good-For-Gaming-Social-Media
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Access to pipersofdistinction.com and genesislawpa.com
Category: Initial Access
Content: Threat actor from Pharaohs Team market channel posted two domains — pipersofdistinction.com and genesislawpa.com — marked as #sold, indicating these assets (likely initial access, credentials, or similar) were sold to a buyer.
Date: 2026-04-06T13:21:40Z
Network: telegram
Published URL: https://t.me/c/3205199875/461
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pipersofdistinction.com
Alleged sale of compromised premium streaming and software service accounts
Category: Data Breach
Content: Threat actor BV12 is selling compromised premium accounts for multiple streaming and software services including Netflix, Disney+, Spotify, YouTube Premium, Adobe Creative Cloud, ChatGPT, and HBO Max with 12-month warranties at significantly reduced prices.
Date: 2026-04-06T13:18:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71296/
Screenshots:
None
Threat Actors: BV12
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Netflix, Disney+, Spotify, YouTube, Adobe, ChatGPT, HBO Max)
Victim Site: Unknown
Alleged sale of mail access, combolists, and stealer logs across multiple countries
Category: Logs
Content: A threat actor operating via @Dataxlogs is advertising mail access for accounts across 10+ countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP), along with configs, scripts, tools, hits, and combo lists. Requests are accepted, indicating a made-to-order credential access service.
Date: 2026-04-06T12:45:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/59612
Screenshots:
None
Threat Actors: .py
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack on South Korea Industrial Ultrapure Water Treatment System by Z-Pentest Alliance
Category: Cyber Attack
Content: Threat group Z-Pentest Alliance claims to have compromised a Smart Pure Water System (MSTEC PureWater 100) industrial ultrapure water treatment plant in South Korea. The group alleges full real-time control over INLET/OUTLET monitoring parameters including conductivity, TDS, pH, turbidity, chlorine, temperature, and flow rate. They claim the ability to manipulate EC and pH sensor calibration, offsets, and compensation factors, control solenoid valves and drain valves (Drain 1 & 2), and bypass the settings password. The group states the system serves critical infrastructure for chip manufacturing and pharmaceutical production, and threatens to distort sensor readings, alter calibration, or cause system failure. Video evidence of access is claimed.
Date: 2026-04-06T12:33:43Z
Network: telegram
Published URL: https://t.me/c/2729466495/925
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: South Korea
Victim Industry: Critical Infrastructure / Water Treatment / Semiconductor / Pharmaceuticals
Victim Organization: MSTEC PureWater 100 (Smart Pure Water System)
Victim Site: Unknown
Alleged leak of mixed credential combolist on underground forum
Category: Combo List
Content: A threat actor shared an 82,000 record mixed credential combolist containing forum-related credentials on an underground forum. The post content is restricted to registered users only.
Date: 2026-04-06T12:28:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71294/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 Hotmail email credentials, allegedly validated as of April 6th. The credentials are being distributed for free to registered forum users.
Date: 2026-04-06T12:28:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71295/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Leak of Chinese Cybersecurity Firm Integrity Technology Group (永信至诚)
Category: Data Leak
Content: A threat actor operating under the alias Dedale Office claims to have leaked sensitive data belonging to Integrity Technology Group (永信至诚), a Chinese network security company. The leaked data allegedly includes a staff list (471 entries), customer information (7,250 entries), transaction revenue/expense records (2,797 entries), scan data (53 files), attack and defense target lists, VPS credentials, overseas proxy IPs, important customer lists, stolen data archives, and other contracts. A sample was shared. Contact provided via @DedaleSupport and @DedaleOfficials.
Date: 2026-04-06T12:27:13Z
Network: telegram
Published URL: https://t.me/DedaleOfficials/126
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: China
Victim Industry: Cybersecurity
Victim Organization: Integrity Technology Group (永信至诚)
Victim Site: Unknown
Alleged sale of domain list with DA/PA metrics for SEO or phishing infrastructure
Category: Initial Access
Content: A threat actor operating under Pharaohs Team market is offering a list of 22 domains with their Domain Authority (DA) and Page Authority (PA) scores. The domains span multiple countries and hosting providers including Hostinger, WPEngine, and myftpupload subdomains. Such lists are typically used for SEO spam injection, link farming, phishing infrastructure, or compromised site access. A contact handle (@phteam_s) is provided, indicating a commercial offering.
Date: 2026-04-06T12:23:51Z
Network: telegram
Published URL: https://t.me/c/3205199875/460
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Telegram channel boost services
Category: Services
Content: Threat actor Kenz is selling Telegram channel boost services with pricing ranging from $0.3 to $1.4 per boost depending on duration. The service claims instant delivery and legal guarantees, with payment accepted in cryptocurrency.
Date: 2026-04-06T12:18:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-1-UHQ-%E2%9A%A1-Telegram-Channel-Boosts-%E2%9A%A1-100-UHQ-Boosts-%E2%AD%90-Cheapest-Prices-%E2%AD%90–187860
Screenshots:
None
Threat Actors: Kenz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged fraudulent Telegram Stars service offering
Category: Services
Content: Threat actor Kenz advertises fraudulent Telegram Stars service with pricing from $1.99 to $28.99, claiming legal procurement while operating on cybercriminal forum. Service likely involves unauthorized manipulation of Telegrams virtual currency system.
Date: 2026-04-06T12:18:14Z
Network: openweb
Published URL: https://pwnforums.st/Thread-1-UHQ-%E2%9A%A1-Telegram-Stars-Gifts-%E2%9A%A1-100-Legal-Safe-%E2%AD%90-Cheapest-Prices-%E2%AD%90–187861
Screenshots:
None
Threat Actors: Kenz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Telegram
Victim Site: telegram.org
Alleged cryptocurrency exchange service with low fees
Category: Services
Content: User advertising a cryptocurrency exchange service offering crypto-to-crypto conversion with 2-3% fees and claiming fast processing times. Contact provided via Telegram handle @KenzX.
Date: 2026-04-06T12:17:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-%E2%9A%9C%EF%B8%8F-CRYPTO-TO-CRYPTO-%E2%9A%9C%EF%B8%8F-WITH-ONLY-2-3-FEE-FAST-EXCHANGE-%E2%9A%A1–187862
Screenshots:
None
Threat Actors: Kenz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Palmetto Hall Street by Zod
Category: Defacement
Content: The attacker known as Zod defaced the Palmetto Hall Street website hosted on WP Engine on April 6, 2026. The defacement targeted a specific page (zod.html) on the Linux-based server.
Date: 2026-04-06T12:17:22Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248330
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Palmetto Hall Street
Victim Site: palmettohallst.wpengine.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared 1,646 fresh Hotmail credential combinations on a cybercrime forum. The credentials are made available for registered users to download.
Date: 2026-04-06T12:09:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71293/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Kbank Vietnam customer database
Category: Data Breach
Content: Threat actor claims to be selling a database containing over 10 million customer records from Kbank Vietnam, including personal information, employment details, credit scores, and risk classifications. The data allegedly includes customer IDs, names, national IDs, addresses, phone numbers, salary information, and credit scores.
Date: 2026-04-06T12:08:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-VIETNAM-Kbank-credit-info-10-MM-registrations
Screenshots:
None
Threat Actors: hackboy
Victim Country: Vietnam
Victim Industry: Financial Services
Victim Organization: Kbank Vietnam
Victim Site: Unknown
Alleged data breach of AlumnForce affecting French educational institutions
Category: Data Breach
Content: Threat actor HexDex claims to be selling personal data of 2.7 million individuals from AlumnForce, a platform for managing alumni and professional communities. The data allegedly includes personal information, contact details, education records, and employment history from 49 French educational institutions dating back to 1987.
Date: 2026-04-06T12:08:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-2-6M-AlumnForce
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Education
Victim Organization: AlumnForce
Victim Site: Unknown
Alleged sale of BreachForums database and source code
Category: Data Breach
Content: Threat actor Knox claims to be selling a complete database backup and source code from BreachForums dating from March 28, 2026. The offering includes the full database and MyBB scripts/plugins, with contact available via forum PM and Telegram.
Date: 2026-04-06T12:07:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-BreachForums-Database-Source-code-is-up-for-sale
Screenshots:
None
Threat Actors: Knox
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BreachForums
Victim Site: BreachForums.as
Alleged Free Leak of Linux/RDP Server Credentials with Administrator Access
Category: Initial Access
Content: A threat actor sharing under the handle parsa has publicly distributed a list of approximately 20 Linux/Windows server credentials including IP addresses, ports, hostnames, and administrator passwords. The post is framed as free Linux servers and includes a contact for purchasing additional RDP access (@parsardp). Credentials appear to target systems across multiple IP ranges with common weak passwords.
Date: 2026-04-06T12:01:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/59627
Screenshots:
None
Threat Actors: parsa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Asian company credentials by threat actor zod
Category: Combo List
Content: Threat actor zod posted content related to an Asian company on a credential trading forum, with access details provided through a Telegram channel. The specific nature and scope of the data remains unclear due to restricted access to the full post content.
Date: 2026-04-06T11:50:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71291/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Due.com credentials
Category: Data Breach
Content: Threat actor fent888 is allegedly selling 1,723 Due.com accounts in bulk quantities for $0.30 each with a minimum purchase of 50 accounts.
Date: 2026-04-06T11:46:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Due-com-Accounts
Screenshots:
None
Threat Actors: fent888
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Due
Victim Site: due.com
Alleged distribution of stealer logs by FateTraffic
Category: Logs
Content: Threat actor fatetraffic distributed a collection of 2,094 mixed stealer logs through a file sharing service. The logs appear to contain stolen credentials and browser data harvested by information stealing malware.
Date: 2026-04-06T11:46:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%93%97-FATETRAFFIC-2094-MIX-06-04-2026-STEALER-LOGS
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Glovo account credentials
Category: Data Breach
Content: Threat actor fent888 is allegedly selling 862 Glovo account credentials for $0.40 each with a minimum purchase of 50 accounts. The actor is conducting sales through Telegram channels.
Date: 2026-04-06T11:46:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Glovo-Accounts
Screenshots:
None
Threat Actors: fent888
Victim Country: Unknown
Victim Industry: Food Delivery Services
Victim Organization: Glovo
Victim Site: glovo.com
Alleged imminent cyber attack announced by Cyber Islamic Resistance against Israeli targets
Category: Cyber Attack
Content: The group Cyber Islamic Resistance announced via the Fynix channel that today will witness the strongest cyber attack against Israeli occupation institutions and websites since the beginning of what they call the great epic battle (معركة الملحمة الكبرى), framed within their ongoing Promise of the Hereafter (وعد الاخرة) campaign. The post urges followers to watch for upcoming activity.
Date: 2026-04-06T11:40:36Z
Network: telegram
Published URL: https://t.me/CIR48/1852
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 5,200 mixed high-quality credentials for free download on a cybercriminal forum.
Date: 2026-04-06T11:37:53Z
Network: openweb
Published URL: https://crackingx.com/threads/71290/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of fenixlogin.dyndns.tv database
Category: Data Leak
Content: A threat actor claimed to have leaked a SQL database from fenixlogin.dyndns.tv containing 11,803 records dated March 24, 2026. The database appears to contain user account information including usernames, passwords, display names, phone numbers, IP addresses, and subscription details.
Date: 2026-04-06T11:36:35Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-fenixlogin-dyndns-tv
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fenixlogin.dyndns.tv
Alleged malware campaign by North Korean group UNC1069 targeting Node.js developers
Category: Malware
Content: The North Korean hacking group UNC1069 is reportedly targeting well-known Node.js developers through social engineering tactics. Attackers are deceiving victims into installing malware via fake software updates. Developers of widely-used NPM packages with billions of downloads are said to be at risk. Security experts are urging reporting of any suspicious activity.
Date: 2026-04-06T11:33:21Z
Network: telegram
Published URL: https://t.me/c/1283513914/21018
Screenshots:
None
Threat Actors: UNC1069
Victim Country: Unknown
Victim Industry: Technology / Software Development
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor claims to have private Hotmail valid credentials available on a cybercrime forum. The post content is restricted and requires registration to view details.
Date: 2026-04-06T11:09:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71288/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of fraudulent streaming service and software upgrades
Category: Initial Access
Content: Threat actor ChepStore is allegedly selling unauthorized upgrades to premium streaming services and software subscriptions at significantly reduced prices, likely through compromised accounts or fraudulent payment methods. Services include Netflix, Disney+, Spotify, Adobe Creative Cloud, and ChatGPT with contact via Discord and Telegram.
Date: 2026-04-06T11:08:28Z
Network: openweb
Published URL: https://crackingx.com/threads/71289/
Screenshots:
None
Threat Actors: ChepStore
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple streaming and software providers
Victim Site: Unknown
Website defacement of Digital Marketing Community by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec from the jatengblekhet team defaced the Digital Marketing Community website on April 6, 2026. This appears to be a single-target defacement attack against a marketing industry website.
Date: 2026-04-06T10:54:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830852
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Marketing/Advertising
Victim Organization: Digital Marketing Community
Victim Site: www.digitalmarketingcommunity….
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combolist containing 600 Hotmail email and password combinations through Telegram. The credentials are claimed to be valid and high quality.
Date: 2026-04-06T10:47:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71285/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Universidad Autonoma Intercultural de Sinaloa database
Category: Data Leak
Content: Database containing comprehensive personal information of university students including full names, contact details, addresses, birth dates, CURP numbers, academic programs, disability status, indigenous language information, household data, and financial information was made available for free download on a dark web forum.
Date: 2026-04-06T10:28:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-AUTONOMA-INTERCULTURAL-DE-SINALOA
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Autonoma Intercultural de Sinaloa
Victim Site: Unknown
Alleged sale of initial access to multiple organizations across various industries
Category: Initial Access
Content: Threat actor KazeFreak advertised multiple initial access offerings including VPN and Active Directory access to organizations across construction, telecommunications, mining, education, and food & beverage sectors in Poland, Turkey, Italy, Canada, and Argentina with varying privilege levels.
Date: 2026-04-06T10:28:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-IAB-Listings-SiberianShelves-listings
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Multiple
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Indonesian political party Gerindra candidate information
Category: Data Leak
Content: Actor XyphOrix leaked personal information of Indonesian political party Gerindra candidates including names, national ID numbers, birthdates, addresses, spouse names, education, and occupation details. The leaked data appears to contain candidate information from electoral districts in Jepara.
Date: 2026-04-06T10:28:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DATA-PARTAI-GERINDRA-GO-ID–72491
Screenshots:
None
Threat Actors: XyphOrix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Partai Gerindra
Victim Site: gerindra.go.id
Alleged data breach of TLN Trip travel agency database
Category: Data Breach
Content: A threat actor is allegedly selling a database from TLN Trip travel agency containing 690,000 records with personal information including passport numbers, expiry dates, names, addresses, phone numbers, and email addresses.
Date: 2026-04-06T10:28:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Travel-agency-website-database-tlntrip-com-690K-passport-no-passport-expiry
Screenshots:
None
Threat Actors: RainbowDF
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: TLN Trip
Victim Site: tlntrip.com
Alleged sports content post – not a cyber threat
Category: Alert
Content: This appears to be a legitimate sports discussion post about baseball player Jos Ureas 2025 season with multiple teams including the Los Angeles Dodgers, not a cyber threat or security incident.
Date: 2026-04-06T10:27:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-2025-Dodgers-year-evaluate-Jos-Urea
Screenshots:
None
Threat Actors: Witherspoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NUST Pakistan Defence
Category: Data Leak
Content: Threat actor ModernStealer claims to have leaked breach data from NUST Pakistan, a premier Pakistani university with strong military ties and defence connections. Sample data and contact information provided for additional details.
Date: 2026-04-06T10:27:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-DATA-LEAK-OF-NUST-PAKISTAN-DEFENCE
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: National University of Sciences and Technology
Victim Site: Unknown
Alleged data leak of Sistema para el Desarrollo Integral de la Familia del Estado de Chiapas
Category: Data Leak
Content: Threat actor leaked personal data of 490,000+ beneficiaries from a Mexican family development system in Chiapas state, including names, identification numbers, birth dates, and addresses.
Date: 2026-04-06T10:27:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-MX-SISTEMA-PARA-EL-DESARROLLO-INTEGRAL-DE-LA-FAMILIA-DEL-ESTADO-DE-CHIAPAS-MX
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Sistema para el Desarrollo Integral de la Familia del Estado de Chiapas
Victim Site: Unknown
Alleged widespread exploitation of React2Shell vulnerability in Next.js applications stealing AWS keys and SSH credentials
Category: Vulnerability
Content: Threat actors are actively exploiting the React2Shell vulnerability in Next.js applications in an automated campaign that has compromised hundreds of servers. The attackers are using a tool called NEXUS Listener to collect and exfiltrate sensitive data including database credentials, AWS keys, and SSH keys to attacker-controlled servers. This activity could lead to cloud account takeovers and broader network intrusions.
Date: 2026-04-06T10:23:37Z
Network: telegram
Published URL: https://t.me/c/1283513914/21015
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Phishing Campaign Targeting Bank Melli Iran Customers via Fake BAM App Installation SMS
Category: Phishing
Content: Bank Melli Iran (بانک ملی) has issued a warning about fraudulent SMS messages being sent to customers under the guise of an official announcement regarding installation of the BAM banking application. The messages contain malicious links infected with malware. Customers are advised to avoid clicking any links in such messages and to use only official bank channels for services.
Date: 2026-04-06T10:14:49Z
Network: telegram
Published URL: https://t.me/c/1283513914/21014
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Iran
Victim Industry: Banking & Finance
Victim Organization: Bank Melli Iran
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 405 Hotmail credentials on a cybercrime forum as a free download.
Date: 2026-04-06T10:09:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71283/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,545 mixed email credentials for free download on a cracking forum.
Date: 2026-04-06T10:08:40Z
Network: openweb
Published URL: https://crackingx.com/threads/71284/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combolist containing Hotmail email and password combinations on a cybercrime forum. The credentials are claimed to be private, fresh, and verified by the poster.
Date: 2026-04-06T09:58:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1HOTMAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–199516
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor klyne05 allegedly shared fresh checked Hotmail credential lists on a cybercriminal forum as a free download.
Date: 2026-04-06T09:58:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71282/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Coinbase
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a database containing 50,000 records of Coinbase user data for $600. The data includes personal information, account balances, cryptocurrency holdings, and account status details of US-based users.
Date: 2026-04-06T09:48:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71281/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Mass website defacement targeting thekarurtraders.com by maw3six
Category: Defacement
Content: The attacker maw3six conducted a mass defacement campaign targeting thekarurtraders.com, which appears to be a redefacement of a previously compromised site. The attack was part of a broader mass defacement operation rather than targeting this specific organization.
Date: 2026-04-06T09:47:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248329
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Trading/Commerce
Victim Organization: Karur Traders
Victim Site: thekarurtraders.com
Alleged data breach of Ledger via Global-e payment gateway
Category: Data Breach
Content: Threat actor claims to be selling a database containing over 105,000 Ledger customer records allegedly obtained through a breach of the Global-e payment gateway on January 5, 2026. The data includes customer names, addresses, phone numbers, email addresses, and order information from late 2025 to early 2026.
Date: 2026-04-06T09:39:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71279/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Financial Technology
Victim Organization: Ledger
Victim Site: Unknown
Alleged sale of Hotmail credential lists
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Hotmail email and password credential lists containing 1 million records for $300. The actor provides contact via Telegram and offers samples through a Telegram channel.
Date: 2026-04-06T09:38:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71280/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Supply Chain Attack on Axios npm Library via Malicious Versions 1.14.1 and 0.30.4
Category: Malware
Content: The popular Axios npm library was targeted in a supply chain attack. Threat actors compromised a developer account and published malicious versions (1.14.1 and 0.30.4) containing a hidden dependency that executed a Remote Access Trojan (RAT) upon installation. The malware also removed its traces to evade detection. The malicious versions were quickly identified and removed, but the incident highlights security weaknesses in the npm ecosystem.
Date: 2026-04-06T09:35:21Z
Network: telegram
Published URL: https://t.me/c/1283513914/21009
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software / Open Source
Victim Organization: Axios (npm)
Victim Site: npmjs.com
Website defacement of hoststlucia.com by maw3six
Category: Defacement
Content: Threat actor maw3six successfully defaced the Host St Lucia website on April 6, 2026. The defacement targeted a web hosting provider based in Saint Lucia, compromising their online presence.
Date: 2026-04-06T09:29:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248328
Screenshots:
None
Threat Actors: maw3six
Victim Country: Saint Lucia
Victim Industry: Web Hosting
Victim Organization: Host St Lucia
Victim Site: hoststlucia.com
Alleged sale of Coinbase customer data
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a dataset containing 50,000 Coinbase customer records including names, email addresses, phone numbers, bank information, and account balances for $8,000. The data includes various authentication methods and associated financial institutions.
Date: 2026-04-06T09:27:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71278/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Mass website defacement campaign by maw3six targeting multiple sites
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting multiple websites including lovang247.online. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-06T09:23:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248321
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lovang247.online
Mass website defacement by maw3six targeting lucky88.buzz
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the lucky88.buzz gambling website on April 6, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-06T09:23:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248322
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: Unknown
Victim Site: lucky88.buzz
Mass defacement campaign by maw3six targeting luongson.cfd
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting luongson.cfd on April 6, 2026. The incident involved defacing a subpage rather than the main homepage and was part of a broader mass defacement operation.
Date: 2026-04-06T09:23:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248323
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: luongson.cfd
Mass website defacement campaign by maw3six targeting moto88.today
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting moto88.today on April 6, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-06T09:22:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248324
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: moto88.today
Mass defacement campaign by maw3six targeting nuoilo247.store
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the e-commerce website nuoilo247.store on April 6, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-06T09:22:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248325
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: nuoilo247.store
Mass website defacement campaign by maw3six targeting nuoilokhung247.online
Category: Defacement
Content: Mass defacement attack conducted by attacker maw3six targeting the Vietnamese domain nuoilokhung247.online. The incident was part of a broader mass defacement campaign rather than a targeted attack on a single organization.
Date: 2026-04-06T09:21:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248326
Screenshots:
None
Threat Actors: maw3six
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nuoilokhung247.online
Website defacement of phuongtrinhhoahoc.store by maw3six
Category: Defacement
Content: The attacker maw3six defaced the website phuongtrinhhoahoc.store on April 6, 2026. The targeted site appears to be related to chemical equations or chemistry education based on the domain name.
Date: 2026-04-06T09:21:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248327
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: phuongtrinhhoahoc.store
Website defacement of gocmod.life by maw3six
Category: Defacement
Content: Threat actor maw3six defaced the website gocmod.life on April 6, 2026. The attack targeted a cloud-hosted server and was documented in the haxor.id mirror archive.
Date: 2026-04-06T09:15:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248315
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gocmod.life
Website defacement of hi88.lol by maw3six
Category: Defacement
Content: Website defacement attack targeting hi88.lol domain executed by threat actor maw3six on April 6, 2026. The attack targeted a cloud-hosted infrastructure and resulted in compromise of the /maw.html page.
Date: 2026-04-06T09:15:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248316
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hi88.lol
Mass website defacement by maw3six targeting gambling platform
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement attack against the I9bet gambling platform website. The attack targeted a specific page rather than the homepage and appears to be part of a broader mass defacement campaign.
Date: 2026-04-06T09:14:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248317
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Gambling/Gaming
Victim Organization: I9bet
Victim Site: i9bet.today
Website defacement of jun88.lol by maw3six
Category: Defacement
Content: The website jun88.lol was defaced by attacker maw3six on April 6, 2026. The incident involved a single page defacement hosted on cloud infrastructure.
Date: 2026-04-06T09:14:22Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248318
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jun88.lol
Website defacement of king888.website by maw3six
Category: Defacement
Content: Individual attacker maw3six defaced the king888.website domain on April 6, 2026. The incident involved a single page defacement targeting the /maw.html path on a cloud-hosted server.
Date: 2026-04-06T09:13:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248319
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: king888.website
Website defacement of linkneverdie.shop by maw3six
Category: Defacement
Content: Individual attacker maw3six defaced the e-commerce website linkneverdie.shop on April 6, 2026. The defaced page was hosted on cloud infrastructure and archived on haxor.id mirror.
Date: 2026-04-06T09:13:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248320
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: linkneverdie.shop
Mass defacement campaign by maw3six targeting anonyviet.shop
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six against anonyviet.shop on April 6, 2026. The incident was part of a broader mass defacement campaign rather than a targeted attack on the specific organization.
Date: 2026-04-06T09:07:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248306
Screenshots:
None
Threat Actors: maw3six
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: anonyviet.shop
Mass defacement targeting gambling sites by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting gambling website bong888.pro. The attack was part of a larger mass defacement campaign affecting multiple sites on April 6, 2026.
Date: 2026-04-06T09:07:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248307
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: bong888.pro
Mass defacement targeting bongda.space by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting the sports-related website bongda.space. The attack was executed on April 6, 2026, affecting multiple pages rather than just the homepage.
Date: 2026-04-06T09:06:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248308
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Sports/Entertainment
Victim Organization: Unknown
Victim Site: bongda.space
Mass website defacement campaign by maw3six targeting bongdaplus.online
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting bongdaplus.online, a sports-related website. The incident was part of a broader mass defacement operation affecting multiple sites.
Date: 2026-04-06T09:06:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248309
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Sports/Entertainment
Victim Organization: BongDaPlus
Victim Site: bongdaplus.online
Website defacement of caulodep247.site by maw3six
Category: Defacement
Content: Threat actor maw3six successfully defaced the website caulodep247.site on April 6, 2026. The defacement targeted a single page and was hosted on cloud infrastructure.
Date: 2026-04-06T09:06:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248310
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: caulodep247.site
Mass website defacement campaign by maw3six targeting chotlo3s.shop
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the e-commerce site chotlo3s.shop on April 6, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-06T09:05:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248311
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: chotlo3s.shop
Mass website defacement by maw3six targeting congthucvatly.xyz
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting congthucvatly.xyz, a Vietnamese physics education website. The incident occurred on April 6, 2026, affecting a cloud-hosted server.
Date: 2026-04-06T09:05:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248312
Screenshots:
None
Threat Actors: maw3six
Victim Country: Vietnam
Victim Industry: Education
Victim Organization: Unknown
Victim Site: congthucvatly.xyz
Website defacement of dudoan.store by maw3six
Category: Defacement
Content: Single website defacement incident targeting dudoan.store conducted by threat actor maw3six on April 6, 2026. The attack targeted a specific page rather than the homepage and appears to be an isolated incident rather than part of a mass defacement campaign.
Date: 2026-04-06T09:04:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248313
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dudoan.store
Mass website defacement by maw3six targeting fabett.live
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting fabett.live on April 6, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-06T09:04:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248314
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fabett.live
Website defacement of vpocket.online by Komodoxploit (BadakSec Team)
Category: Defacement
Content: BadakSec Team member Komodoxploit successfully defaced vpocket.online on April 6, 2026. The attack targeted a specific page on the domain, creating unauthorized content accessible via fuck.txt.
Date: 2026-04-06T08:58:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830849
Screenshots:
None
Threat Actors: Komodoxploit, BadakSec Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vpocket.online
Mass defacement campaign by maw3six targeting multiple websites
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting multiple websites including 66vn.xyz. The attack was executed on April 6, 2026, affecting cloud-hosted infrastructure as part of a broader mass defacement operation.
Date: 2026-04-06T08:57:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248300
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 66vn.xyz
Mass website defacement by maw3six targeting 77win.buzz
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six on April 6, 2026, targeting the 77win gambling platform. The attack was part of a broader mass defacement campaign affecting multiple targets hosted on cloud infrastructure.
Date: 2026-04-06T08:57:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248301
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: 77win
Victim Site: 77win.buzz
Mass defacement campaign by maw3six targeting multiple websites
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting multiple websites including 888b.lol. The attack was executed on April 6, 2026 against cloud-hosted infrastructure.
Date: 2026-04-06T08:56:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248302
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 888b.lol
Website defacement of 8kbet.click by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the 8kbet.click gambling website on April 6, 2026. The defacement targeted a specific page rather than the homepage and appears to be an isolated incident rather than part of a mass campaign.
Date: 2026-04-06T08:56:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248303
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Online Gambling
Victim Organization: 8kbet
Victim Site: 8kbet.click
Mass website defacement by maw3six targeting 99ok.cfd
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement attack targeting the website 99ok.cfd on April 6, 2026. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-04-06T08:55:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248304
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 99ok.cfd
Mass website defacement by maw3six targeting alo789.shop
Category: Defacement
Content: Attacker maw3six conducted a mass defacement operation targeting the e-commerce website alo789.shop. The incident occurred on April 6, 2026, affecting a cloud-hosted server as part of a broader mass defacement campaign.
Date: 2026-04-06T08:55:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248305
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: alo789.shop
Website defacement of uberebayshopdesign.com by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: Website defacement attack conducted by threat actor Aptisme from the Leviathan Perfect Hunter team against uberebayshopdesign.com on April 6, 2026. The attack targeted a specific page (art.htm) rather than the main homepage.
Date: 2026-04-06T08:49:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830848
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: E-commerce/Design Services
Victim Organization: Uber eBay Shop Design
Victim Site: uberebayshopdesign.com
Mass website defacement by maw3six targeting jun88.help
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement attack targeting jun88.help on April 6, 2026. The attack was part of a broader mass defacement campaign rather than targeting a specific organization.
Date: 2026-04-06T08:48:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248299
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jun88.help
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor named FlashCloud2 posted about private high-quality Hotmail credentials on a cybercrime forum specializing in credential lists and dumps. The actual content requires forum registration to view.
Date: 2026-04-06T08:19:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71276/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Missile Strike on Irans National AI Platform Data Center at Sharif University of Technology
Category: Cyber Attack
Content: According to Cyberban News, the data center of Sharif University of Technology (Sharif Industrial University) was targeted in a missile attack attributed to American and Zionist adversaries. The data center serves as the primary infrastructure for Irans National AI Platform, which was unveiled in late 2024 and hosts thousands of critical national services. Irans Deputy for Science had previously announced that all national AI projects were connected to this platform.
Date: 2026-04-06T08:08:57Z
Network: telegram
Published URL: https://t.me/c/1283513914/21008
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Iran
Victim Industry: Education / Critical National Infrastructure / Artificial Intelligence
Victim Organization: Sharif University of Technology / Iran National AI Platform
Victim Site: Unknown
Alleged leak of United Kingdom credential combolist
Category: Combo List
Content: Threat actor CobraEgy allegedly shared a credential combolist containing 356,000 email:password combinations targeting United Kingdom users. The data is described as fresh and dated 6-4-2026.
Date: 2026-04-06T08:01:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-356-K-%E2%9C%A6-United-Kingdom-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-6-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail.fr credentials
Category: Combo List
Content: Threat actor WINGO shared a combolist containing 1,000 Hotmail.fr email and password combinations on DemonForums. The credentials were made available as a free download via Pasteview.
Date: 2026-04-06T07:59:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-HOTMAIL-FR
Screenshots:
None
Threat Actors: WINGO
Victim Country: France
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.fr
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,874 allegedly valid Hotmail email and password combinations on cybercriminal forums. The credentials are described as premium hits from private cloud sources.
Date: 2026-04-06T07:58:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1874x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Acikogretim database
Category: Data Leak
Content: A database dump containing 213,000 records from Acikogretim, a Turkish educational institution, has been leaked and made available for free download on a cybercriminal forum.
Date: 2026-04-06T07:36:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Acikogretim-gen-tr
Screenshots:
None
Threat Actors: coinspot
Victim Country: Turkey
Victim Industry: Education
Victim Organization: Acikogretim
Victim Site: acikogretim.gen.tr
Alleged data breach of Edmunds automotive platform by ShinyHunters
Category: Data Breach
Content: ShinyHunters allegedly breached Edmunds automotive platform in January 2026, compromising 30 million user records including usernames, email addresses, passwords, and vehicle reports from 2018-2022. Some passwords were encrypted using base64 hashes while others were stored in plaintext.
Date: 2026-04-06T07:35:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-edmunds-com-Automotive-Research-Platform-FullDump-30-Million-2026
Screenshots:
None
Threat Actors: Blastoize
Victim Country: United States
Victim Industry: Automotive
Victim Organization: Edmunds
Victim Site: edmunds.com
Alleged data leak by Maxi_Leaks threat actor
Category: Data Leak
Content: A threat actor named CobraEgy posted about logs allegedly leaked by Maxi_Leaks, totaling 3.3 GB in size and dated June 4, 2026. No additional details about the content or victims are available from the post.
Date: 2026-04-06T07:25:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-6-4-2026-%E2%9C%A6%E2%9C%A6-3-3-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of private communications of Israeli National Security Institute Iran department head by Hanzala group
Category: Data Leak
Content: The hacker group Hanzala announced the full public release of all WhatsApp and X (Twitter) chats belonging to Raz Zimmt, head of the Iran division at Israels National Security Institute. The group claims the data includes private, confidential, and daily communications with no censorship. Hanzala stated this action was taken after prior warnings to Zimmt were ignored, framing it as a warning to anyone deemed hostile toward Iran. The group asserted: Nothing is hidden from us.
Date: 2026-04-06T07:00:00Z
Network: telegram
Published URL: https://t.me/c/1283513914/21004
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Government / Intelligence
Victim Organization: Israel National Security Institute
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing Hotmail email and password combinations on a cybercrime forum. The post indicates the credentials are described as high quality but the exact number of records is not specified.
Date: 2026-04-06T06:43:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X782-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor is sharing a credential list containing phone numbers and passwords, advertised as high quality and private content on a cybercriminal forum.
Date: 2026-04-06T06:41:53Z
Network: openweb
Published URL: https://crackingx.com/threads/71273/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged new operation or data release by Handala hack group
Category: Cyber Attack
Content: Handala, a pro-Palestinian hacktivist group, announced a new post on their official site via a shortened URL. The post likely contains details of a cyber attack, data breach, or leak targeting Israeli organizations, consistent with Handalas historical activity pattern.
Date: 2026-04-06T06:41:26Z
Network: telegram
Published URL: https://t.me/c/3548035165/78
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of updated DDoS attack script with Cloudflare bypass capabilities
Category: Malware
Content: A threat actor is selling a DDoS script updated to 2026, supporting both Layer 7 (L7) and Layer 4 (L4) attack vectors. L7 capabilities include Cloudflare bypass, UAM, CAPTCHA, and rate limit bypass. L4 capabilities include TCP, UDP, HOME, DNS, Discord, and Telegram flood attacks. Contact handle @kyless133 provided for purchase inquiries.
Date: 2026-04-06T06:38:38Z
Network: telegram
Published URL: https://t.me/cashnetworkc2/351
Screenshots:
None
Threat Actors: CASH NETWORK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor gsmfix is distributing credential combolists claimed to be high quality and fully valid, targeting users from Europe and the United States. The post advertises these credential lists but does not specify pricing or victim sources.
Date: 2026-04-06T06:21:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71271/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting multiple websites including astronomos.studio. This attack was part of a broader mass defacement operation rather than a targeted attack on a specific organization.
Date: 2026-04-06T06:12:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248294
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Astronomos Studio
Victim Site: astronomos.studio
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting multiple websites including cetlitulum.com. The attack was part of a broader coordinated defacement operation rather than targeting a specific organization.
Date: 2026-04-06T06:12:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248295
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cetlitulum.com
Alleged leak of credential combolist containing URL-login-password data
Category: Combo List
Content: A threat actor has made available a 227GB combolist containing URL-login-password credential combinations. The data is being freely distributed on underground forums as a private collection labeled for 2026.
Date: 2026-04-06T06:11:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71268/
Screenshots:
None
Threat Actors: strelok639
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of propertiesbaymx.com by Zod
Category: Defacement
Content: The attacker Zod successfully defaced the Properties Bay MX real estate website on April 6, 2026. The defacement targeted a specific page (zod.html) on the Linux-hosted server.
Date: 2026-04-06T06:11:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248296
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Mexico
Victim Industry: Real Estate
Victim Organization: Properties Bay MX
Victim Site: propertiesbaymx.com
Alleged leak of credential combolist in ULP format
Category: Combo List
Content: A threat actor shared a credential combolist in URL:LOGIN:PASS format, labeled as high quality and private. The post contains minimal information about the source or scope of the credentials.
Date: 2026-04-06T06:11:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71269/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The Zod threat actor conducted a mass defacement campaign targeting multiple websites including laciudadquenohadejadodejugar.mx on April 6, 2026. This attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-06T06:11:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248298
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: laciudadquenohadejadodejugar.mx
Alleged distribution of credential combolist targeting USA and Europe users
Category: Combo List
Content: Threat actor gsmfix allegedly distributed an exclusive credential combolist containing email:password combinations targeting users from USA and Europe regions on underground forum.
Date: 2026-04-06T06:11:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71270/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack and Extortion Threat Against Cisco by ShinyHunters
Category: Cyber Attack
Content: The ShinyHunters threat actor group is claiming prior access to Cisco systems and alleging that Cisco has been slow to resolve a breach. The group is publicly calling out Jason Lish (apparently a Cisco security executive) for allegedly misleading CISOs in a private Signal group about the incident. ShinyHunters is issuing an ultimatum to Cisco to engage in negotiations before the situation escalates, implying further data exposure or damage if Cisco does not respond. The hashtag #speedboat67 may reference a specific operation or dataset.
Date: 2026-04-06T05:46:21Z
Network: telegram
Published URL: https://t.me/c/3737716184/822
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Cybersecurity
Victim Organization: Cisco
Victim Site: cisco.com
Alleged Exposure of GitHub Personal Access Token Linked to Cisco IT Environment by ShinyHunters
Category: Initial Access
Content: ShinyHunters posted a GitHub Personal Access Token (ghp_798fnSquvZ4IrZUiTPoin61nsbDL0x2cxpJ1) along with its base64-hashed equivalent. The post includes a Cisco IT Splunk query targeting the ds-github index, filtering GitHub audit log events by hashed token, IP, action, repository, and user agent — specifically excluding US-based actor locations. This suggests the token may provide access to Ciscos GitHub repositories and that the threat actor is actively querying audit logs to enumerate activity. Tagged with #SH#speedboat67, indicating a ShinyHunters operation.
Date: 2026-04-06T05:44:46Z
Network: telegram
Published URL: https://t.me/c/3737716184/820
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: github.com
Alleged Data Breach of Cisco by ShinyHunters – 3M+ Salesforce Records and AI Source Code for Sale
Category: Data Breach
Content: The ShinyHunters threat group claims to have compromised Cisco, exfiltrating over 3 million Salesforce records containing PII, GitHub repositories, AWS storage, and internal corporate data. The group also claims possession of Cisco source code for multiple AI products including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The post taunts Cisco security staff, references an employee named Jinzhao Feng allegedly storing secrets in public repositories, and threatens to publicly release all data. The data is being offered for sale at $50,000. Contact is provided via Tox and Session IDs, with an onion DLS site listed.
Date: 2026-04-06T05:43:45Z
Network: telegram
Published URL: https://t.me/c/3737716184/819
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: cisco.com
Alleged leak of mixed forum credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 82,000 mixed credentials reportedly valid for various forums. The post is hosted on a credential trading forum and requires registration to view full details.
Date: 2026-04-06T05:13:49Z
Network: openweb
Published URL: https://crackingx.com/threads/71266/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by maw3six targeting pasjaogrody.pl
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the Polish website pasjaogrody.pl on April 6, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-06T05:10:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248292
Screenshots:
None
Threat Actors: maw3six
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pasjaogrody.pl
Mass website defacement by maw3six targeting deger.com.pl
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting deger.com.pl on April 6, 2026. This incident was identified as both a mass defacement and redefacement, indicating the site may have been previously compromised.
Date: 2026-04-06T05:10:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248293
Screenshots:
None
Threat Actors: maw3six
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Deger
Victim Site: deger.com.pl
Mass website defacement by maw3six targeting lazulitemarble.com
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting lazulitemarble.com on April 6, 2026. The attack was part of a broader mass defacement operation rather than a targeted attack on the marble company specifically.
Date: 2026-04-06T05:04:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248290
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Construction/Building Materials
Victim Organization: Lazulite Marble
Victim Site: lazulitemarble.com
Mass website defacement by maw3six targeting lazulitemarble.com
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting the Lazulite Marble company website on April 6, 2026. The attack affected a subdomain of the marble/construction materials companys web infrastructure.
Date: 2026-04-06T05:03:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248291
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Construction/Materials
Victim Organization: Lazulite Marble
Victim Site: xms.lazulitemarble.com
Mass defacement campaign by maw3six targeting reqiaindustries.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting reqiaindustries.com on April 6, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-06T04:51:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248289
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Reqia Industries
Victim Site: reqiaindustries.com
Website defacement of damienbonnefoux.com by maw3six
Category: Defacement
Content: The attacker maw3six defaced the website damienbonnefoux.com on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T04:29:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248288
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: damienbonnefoux.com
Alleged DMCA abuse service targeting competitor SEO rankings
Category: DDoS
Content: Threat actor offers DMCA abuse services to manipulate search engine rankings by filing false DMCA claims against competitor websites and providing protection against such attacks. Services start at $150 per targeted site with focus on iGaming sector.
Date: 2026-04-06T04:07:47Z
Network: openweb
Published URL: https://crackingx.com/threads/71265/
Screenshots:
None
Threat Actors: abuser_dmca
Victim Country: Unknown
Victim Industry: iGaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on ArABSAT satellite network by hacker group Mabir
Category: Cyber Attack
Content: The ArABSAT satellite network was reportedly targeted by a hacker group called Mabir (مبیر), causing service disruptions. The attackers cited ArABSATs alleged cooperation with Israel and the United States, and its provision of services to networks such as Iran International, as justification for the attack. Security experts are assessing the incident within the context of cyber attacks against media outlets aligned with Israel.
Date: 2026-04-06T04:02:33Z
Network: telegram
Published URL: https://t.me/c/1283513914/21000
Screenshots:
None
Threat Actors: مبیر
Victim Country: Saudi Arabia
Victim Industry: Telecommunications / Satellite
Victim Organization: ArABSAT
Victim Site: Unknown
Alleged Cyber Attack on ArABSAT Satellite Network by Mabir Group
Category: Cyber Attack
Content: The ArABSAT (Arab Satellite Communications Organization) satellite network has reportedly been targeted by a cyber attack carried out by a group calling itself Mabir. The attackers cited ArABSATs alleged cooperation with Israel and the United States, as well as its provision of services to media outlets such as Iran International, as justification. The attack reportedly caused service disruptions. Analysts assess this incident within the context of cyber attacks targeting media organizations aligned with Israel.
Date: 2026-04-06T03:58:33Z
Network: telegram
Published URL: https://t.me/c/1283513914/20999
Screenshots:
None
Threat Actors: مبیر
Victim Country: Saudi Arabia
Victim Industry: Telecommunications / Satellite Services
Victim Organization: ArABSAT (Arab Satellite Communications Organization)
Victim Site: Unknown
Website defacement of Mobiliufficio by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against the Italian office furniture company Mobiliufficios website on April 6, 2026. This represents a secondary compromise of the same target by the individual attacker.
Date: 2026-04-06T03:45:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830846
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Furniture/Office Equipment
Victim Organization: Mobiliufficio
Victim Site: www.mobiliufficio.com
Alleged Sale of Hotmail Credential Lists Across Multiple Countries
Category: Combo List
Content: A threat actor operating under the handle Admu is selling Hotmail credential lists covering multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The seller claims to own a private cloud and offers inbox searching by keyword, targeting major platforms such as eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Valid ntlworld webmails are also advertised.
Date: 2026-04-06T03:30:52Z
Network: telegram
Published URL: https://t.me/c/2613583520/59547
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: Hotmail
Victim Site: hotmail.com
Alleged data breach of Government of Liberia Ministry of Mines & Energy
Category: Data Breach
Content: Threat actor is selling a database dump allegedly containing user login data, forum messages, and personally identifiable information of staff from the Government of Liberias Ministry of Mines & Energy for $30.
Date: 2026-04-06T03:08:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-Liberia-Ministry-of-Mines-Energy-Liberia
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Liberia
Victim Industry: Government
Victim Organization: Government of Liberia Ministry of Mines & Energy
Victim Site: Unknown
Alleged sale of Mexican tax administration database
Category: Data Breach
Content: Threat actor claims to be selling a complete Mexican taxpayer database from SAT containing RFC numbers, names, addresses, and other fiscal information for $300 USD. The alleged database contains over 13 million records of companies and individuals with economic activity in Mexico.
Date: 2026-04-06T03:08:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SAT-Mexico-13-000-000-lines
Screenshots:
None
Threat Actors: gordo
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Servicio de Administración Tributaria
Victim Site: Unknown
Alleged data breach of BORSA ITALIANA securities database
Category: Data Breach
Content: Threat actor globalData1 is allegedly selling a database containing 1.2 million records of Italian securities traders from BORSA ITALIANA. The data includes names, mobile numbers, trading platform information, and stock price fluctuation data.
Date: 2026-04-06T03:07:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Italy-securities-and-stocks-1200000
Screenshots:
None
Threat Actors: globalData1
Victim Country: Italy
Victim Industry: Financial Services
Victim Organization: BORSA ITALIANA
Victim Site: Unknown
Alleged sale of American financial investment database containing 1.9 million records
Category: Data Breach
Content: Threat actor globalData1 is allegedly selling a database containing 1.9 million records of American financial investment clients. The data includes personal information, financial details, credit ratings, and net worth information.
Date: 2026-04-06T03:07:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-American-financial-investment-wealth-management-1900000
Screenshots:
None
Threat Actors: globalData1
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Secretaria de Salud
Category: Data Leak
Content: Threat actor grifo157 leaked data from Mexicos Ministry of Health containing RFC, CURP, work entities, full names, certificates, work centers, and federal/state plaza origins. The data is being distributed for free download.
Date: 2026-04-06T03:07:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATA-LEAK-OF-SECRETARIA-DE-SALUD
Screenshots:
None
Threat Actors: grifo157
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Secretaria de Salud
Victim Site: Unknown
Alleged data leak of Colsubsidio and EmergiaCC Colombia databases
Category: Data Leak
Content: Internal and confidential databases from Emergiacc (Colsubsidio in-house) containing operational data including personal information, GPS coordinates, transaction records, and financial details were leaked for free download. The database includes detailed customer records with names, addresses, transaction histories, and financial data from various business units including hotels, credit services, and travel agencies.
Date: 2026-04-06T03:07:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Colsubsidio-EmergiaCC-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Colsubsidio / EmergiaCC
Victim Site: emergiacc.com
Website defacement of Kaari Planters by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Kaari Planters, an agricultural/horticulture company, was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-06T03:00:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830820
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Agriculture/Horticulture
Victim Organization: Kaari Planters
Victim Site: kaariplanters.com
Website defacement of Verma Surgical by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team conducted a redefacement of vermasurgical.com on April 6, 2026. This appears to be a targeted attack against a surgical/medical equipment company.
Date: 2026-04-06T02:59:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830835
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Verma Surgical
Victim Site: vermasurgical.com
Website defacement of MDS Consultores by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community conducted a redefacement of the Brazilian law firm MDS Consultores website on April 6, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-06T02:53:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830719
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Legal Services
Victim Organization: MDS Consultores
Victim Site: mdsconsultores.adv.br
Website defacement of naoresponderemail.xyz by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team conducted a redefacement of the naoresponderemail.xyz website on April 6, 2026. This appears to be a repeat attack on the same target as indicated by the redefacement classification.
Date: 2026-04-06T02:53:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830720
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: naoresponderemail.xyz
Website defacement of Wild Trip Adventure by Nicotine (Umbra Community)
Category: Defacement
Content: The tourism website wildtripadventure.co.in was defaced on April 6, 2026 by an attacker named Nicotine affiliated with the Umbra Community team. This appears to be an isolated defacement targeting a single travel/adventure tourism company.
Date: 2026-04-06T02:52:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830721
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Tourism/Travel
Victim Organization: Wild Trip Adventure
Victim Site: wildtripadventure.co.in
Website defacement of yuvimall.com by Nicotine from Umbra Community
Category: Defacement
Content: The e-commerce website yuvimall.com was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The attack targeted the sites index page, compromising the main landing page of the online retail platform.
Date: 2026-04-06T02:51:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830722
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Yuvi Mall
Victim Site: yuvimall.com
Website defacement of learnez.net by Nicotine (Umbra Community)
Category: Defacement
Content: The educational website learnez.net was defaced by attacker Nicotine from the Umbra Community team on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T02:51:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830732
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: LearnEZ
Victim Site: learnez.net
Website defacement of piijabar.or.id by Nicotine (Umbra Community)
Category: Defacement
Content: Nicotine from Umbra Community conducted a redefacement attack against piijabar.or.id on April 6, 2026. This represents a repeat compromise of the Indonesian website.
Date: 2026-04-06T02:50:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830752
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: piijabar.or.id
Website defacement of bagyourseat.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website bagyourseat.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-06T02:50:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830760
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: E-commerce/Travel
Victim Organization: BagYourSeat
Victim Site: bagyourseat.com
Website defacement of cine7.app by Nicotine (Umbra Community)
Category: Defacement
Content: The entertainment website cine7.app was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-06T02:49:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830761
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Unknown
Victim Site: cine7.app
Website defacement of kangan.app by Nicotine (Umbra Community)
Category: Defacement
Content: The website kangan.app was defaced by the attacker Nicotine affiliated with Umbra Community on April 6, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-04-06T02:49:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830762
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kangan.app
Alleged leak of Hotmail credentials targeting Brazilian users
Category: Combo List
Content: A threat actor shared a combolist containing 270 Hotmail email and password combinations specifically targeting Brazilian users through a Telegram channel.
Date: 2026-04-06T02:49:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71264/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Skoolcart by Nicotine (Umbra Community)
Category: Defacement
Content: The educational platform Skoolcart was defaced by attacker Nicotine from the Umbra Community team on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-06T02:48:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830763
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Skoolcart
Victim Site: skoolcart.com
Website defacement of Agencia Mesa Marcial by Nicotine from Umbra Community
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the website of Agencia Mesa Marcial on April 6, 2026. The incident was recorded as a single site defacement rather than a mass or repeat attack.
Date: 2026-04-06T02:36:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830706
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Agencia Mesa Marcial
Victim Site: agenciamesamarcial.cl
Website defacement of Kiran Batteries by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team successfully defaced the Kiran Batteries company website on April 6, 2026. The defacement targeted the main index page of the battery manufacturing companys website.
Date: 2026-04-06T02:35:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830707
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Manufacturing/Battery Industry
Victim Organization: Kiran Batteries
Victim Site: kiranbatteries.com
Website defacement of biregitim.com.tr by Nicotine (Umbra Community)
Category: Defacement
Content: The Turkish educational website biregitim.com.tr was defaced by threat actor Nicotine from the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-06T02:34:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830711
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Education
Victim Organization: Unknown
Victim Site: biregitim.com.tr
Website defacement of estsol.pk by Nicotine (Umbra Community)
Category: Defacement
Content: The website estsol.pk was defaced by an attacker known as Nicotine, affiliated with the Umbra Community team. The defacement occurred on April 6, 2026, targeting the sites index page.
Date: 2026-04-06T02:33:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830713
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: estsol.pk
Alleged fraudulent service offering for hotel bookings and gift cards
Category: Services
Content: Threat actor Availor advertises fraudulent services for booking hotels, flights, car rentals and obtaining gift cards across multiple major brands including Fairmont Hotels, Marriott, Airbnb, and numerous retail chains. The actor provides contact via Telegram suggesting illicit credential or payment method abuse.
Date: 2026-04-06T02:28:44Z
Network: openweb
Published URL: https://pwnforums.st/Thread-CONVENIENT-LAYOUT-MARKET-SERVICE-FAIRMONT-HOTELS-RESORT-BOOKING
Screenshots:
None
Threat Actors: Availor
Victim Country: Unknown
Victim Industry: Hospitality and Retail
Victim Organization: Multiple (Fairmont Hotels, Marriott, Airbnb, various retailers)
Victim Site: Unknown
Website defacement of 24ayarhasaltin.com by Nicotine (Umbra Community)
Category: Defacement
Content: Turkish gold trading website 24ayarhasaltin.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This was identified as a redefacement incident, indicating the site had been previously compromised.
Date: 2026-04-06T02:27:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830678
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Precious Metals/Gold Trading
Victim Organization: 24 Ayar Has Altın
Victim Site: 24ayarhasaltin.com
Website defacement of ahiosgb.com.tr by Nicotine (Umbra Community)
Category: Defacement
Content: The website ahiosgb.com.tr was defaced by attacker Nicotine from the Umbra Community team on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T02:27:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830680
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ahiosgb.com.tr
Website defacement of akaroz.com.tr by Nicotine (Umbra Community)
Category: Defacement
Content: The website akaroz.com.tr was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-06T02:26:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830681
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: akaroz.com.tr
Website defacement of Boğaziçi Özel Eğitim by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team conducted a redefacement of the Boğaziçi Özel Eğitim educational institution website on April 6, 2026. This represents a repeat attack against the same target.
Date: 2026-04-06T02:26:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830682
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Education
Victim Organization: Boğaziçi Özel Eğitim
Victim Site: bogaziciozelegitim.com
Website defacement of Liva Blinds by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the Liva Blinds website on April 6, 2026. This appears to be a redefacement of a previously targeted site.
Date: 2026-04-06T02:25:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830688
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Manufacturing/Retail
Victim Organization: Liva Blinds
Victim Site: livablinds.com
Website defacement of mans.com.tr by Nicotine (Umbra Community)
Category: Defacement
Content: Turkish website mans.com.tr was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-06T02:24:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830689
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mans.com.tr
Website defacement of muratoto.com.tr by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team conducted a redefacement of muratoto.com.tr on April 6, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-06T02:24:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830691
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: muratoto.com.tr
Website defacement of turtlecaravan.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website turtlecaravan.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-06T02:23:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830692
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: turtlecaravan.com
Website defacement of waterrent.com.tr by Nicotine from Umbra Community
Category: Defacement
Content: The Turkish water rental service website waterrent.com.tr was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident is marked as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T02:23:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830694
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Water/Equipment Rental Services
Victim Organization: Water Rent
Victim Site: waterrent.com.tr
Website defacement of yhmofis.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website yhmofis.com was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-06T02:22:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830695
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: yhmofis.com
Website defacement of alokeng.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website alokeng.com was defaced by an attacker known as Nicotine, who is associated with the Umbra Community group. The incident occurred on April 6, 2026, targeting the sites index page.
Date: 2026-04-06T02:22:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830697
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: alokeng.com
Website defacement of Calyra Life Sciences by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Calyra Life Sciences was defaced by threat actor Nicotine associated with the Umbra Community group on April 6, 2026. This was a targeted single-site defacement of a life sciences companys web presence.
Date: 2026-04-06T02:21:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830699
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Life Sciences
Victim Organization: Calyra Life Sciences
Victim Site: calyralifesciences.com
Website defacement of getmydr.in by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the website getmydr.in on April 6, 2026. The incident targeted what appears to be a healthcare-related domain based in India.
Date: 2026-04-06T02:21:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830700
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: getmydr.in
Website defacement of Kail Associates by Nicotine (Umbra Community)
Category: Defacement
Content: The website kailassociety.in was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T02:20:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830701
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Kail Associates
Victim Site: kailassociety.in
Website defacement of mydigitcard.in by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group successfully defaced the MyDigitCard website on April 6, 2026. The incident targeted a digital card service provider based in India.
Date: 2026-04-06T02:19:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830704
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Technology
Victim Organization: MyDigitCard
Victim Site: mydigitcard.in
Website defacement of Omkay Enterprises by Nicotine (Umbra Community)
Category: Defacement
Content: Omkay Enterprises website was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted the main index page of the companys website.
Date: 2026-04-06T02:19:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830705
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Omkay Enterprises
Victim Site: omkayenterprises.com
Website defacement of inkosova.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website inkosova.com was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This appears to be a single-target defacement incident with no specified motivation or reason provided.
Date: 2026-04-06T02:13:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830577
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Kosovo
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: inkosova.com
Website defacement of lgc-ks.org by Nicotine from Umbra Community
Category: Defacement
Content: On April 6, 2026, the website lgc-ks.org was defaced by an attacker known as Nicotine affiliated with the Umbra Community team. The defacement targeted the index.txt file of the site.
Date: 2026-04-06T02:12:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830578
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lgc-ks.org
Website defacement of 35ahmetaydin.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website 35ahmetaydin.com was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group on April 6, 2026. This appears to be a single-target defacement incident rather than part of a mass campaign.
Date: 2026-04-06T02:12:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830579
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 35ahmetaydin.com
Website defacement of ozelfiyat.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website ozelfiyat.com was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted the index.txt file of the Turkish domain.
Date: 2026-04-06T02:11:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830581
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ozelfiyat.com
Website defacement of Torunoğlu Kerestecilik by Nicotine/Umbra Community
Category: Defacement
Content: The attacker Nicotine from Umbra Community successfully defaced the website of Turkish lumber company Torunoğlu Kerestecilik on April 6, 2026. This was a single-target defacement incident rather than a mass or repeated attack.
Date: 2026-04-06T02:11:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830584
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Lumber/Wood Products
Victim Organization: Torunoğlu Kerestecilik
Victim Site: torunoglukerestecilik.com
Website defacement of aabharna.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced aabharna.com on April 6, 2026. This was identified as a redefacement incident targeting a previously compromised website.
Date: 2026-04-06T02:10:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830586
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Aabharna
Victim Site: aabharna.com
Website defacement of ABM Trader by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against ABM Traders website on April 6, 2026. This appears to be a repeat attack against the same target rather than an initial compromise.
Date: 2026-04-06T02:10:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830587
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: ABM Trader
Victim Site: abmtrader.com
Website defacement of Air World Networks by Nicotine/Umbra Community
Category: Defacement
Content: The website airworldnetworks.in was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T02:09:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830588
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Aviation/Logistics
Victim Organization: Air World Networks
Victim Site: airworldnetworks.in
Alleged sale of KYC identity documents from India and 160+ countries
Category: Data Breach
Content: Threat actor claims to sell verified KYC data including passports, ID cards, drivers licenses, and personal information from over 160 countries with focus on Indian passports. The data allegedly includes identity documents with selfies and full personal information packages.
Date: 2026-04-06T02:09:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-passport-india
Screenshots:
None
Threat Actors: Arnoldsudney
Victim Country: India
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of French identity documents and KYC data from 160+ countries
Category: Data Breach
Content: Threat actor advertises verified KYC data packages including passports, ID cards, drivers licenses, and personal information from over 160 countries. The post specifically features a French ID card sample and promotes instant access to identity documents with selfies and full personal data packages.
Date: 2026-04-06T02:08:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-French-ID-card
Screenshots:
None
Threat Actors: Arnoldsudney
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Meditex Workwear by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the Meditex Workwear website was defaced by an attacker using the handle Nicotine associated with the Umbra Community group. The defacement targeted a specific page within the WordPress content directory of the medical workwear companys website.
Date: 2026-04-06T02:03:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830547
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Apparel/Textiles
Victim Organization: Meditex Workwear
Victim Site: meditexworkwear.com
Website defacement of Paramount Entertainments by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the paramountents.com website on April 6, 2026. This appears to be a single-target defacement incident affecting an entertainment industry website.
Date: 2026-04-06T02:02:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830548
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Paramount Entertainments
Victim Site: paramountents.com
Website defacement of Raza Brothers Trader by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group successfully defaced the Raza Brothers Trader website on April 6, 2026. The incident targeted what appears to be a trading or commercial business website.
Date: 2026-04-06T02:02:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830549
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Trading/Commerce
Victim Organization: Raza Brothers Trader
Victim Site: razabrotherstrader.com
Website defacement of Sri Lanka Connect by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the Sri Lanka Connect website on April 6, 2026. This appears to be a single-target defacement of a Sri Lankan community or cultural organization based in Canada.
Date: 2026-04-06T02:01:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830550
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Sri Lanka Connect
Victim Site: srilankaconnect.ca
Website defacement of Sunshine Media by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Sunshine Media website on April 6, 2026. The attack targeted a WordPress installation on the Canadian media companys domain.
Date: 2026-04-06T02:01:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830551
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Media/Communications
Victim Organization: Sunshine Media
Victim Site: sunshinemedia.ca
Website defacement of Teora Apparel by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group defaced the Teora Apparel website on April 6, 2026. The defacement targeted the index.txt file of the apparel companys website.
Date: 2026-04-06T02:00:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830552
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Apparel
Victim Organization: Teora Apparel
Victim Site: teoraapparel.com
Website defacement of worivos.com by Nicotine from Umbra Community
Category: Defacement
Content: The website worivos.com was defaced on April 6, 2026 by an attacker named Nicotine associated with the Umbra Community group. This appears to be an isolated defacement targeting a single website.
Date: 2026-04-06T02:00:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830554
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: worivos.com
Website defacement of worldtradedeve.ca by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community group, through attacker Nicotine, successfully defaced the worldtradedeve.ca website on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T01:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830555
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Trade/Commerce
Victim Organization: World Trade Development
Victim Site: worldtradedeve.ca
Website defacement of JPK Biotech by Nicotine/Umbra Community
Category: Defacement
Content: The biotechnology company JPK Biotechs website was defaced by attacker Nicotine associated with the Umbra Community team on April 6, 2026. The defacement targeted the sites index page, compromising the companys web presence.
Date: 2026-04-06T01:58:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830556
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Biotechnology
Victim Organization: JPK Biotech
Victim Site: jpkbiotech.in
Website defacement of currybox.in by Nicotine (Umbra Community)
Category: Defacement
Content: Nicotine from Umbra Community conducted a redefacement attack against currybox.in on April 6, 2026. This appears to be a targeted attack against an Indian food service website.
Date: 2026-04-06T01:58:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830558
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Food/Restaurant
Victim Organization: Curry Box
Victim Site: currybox.in
Website defacement of cvshare.ai by Nicotine (Umbra Community)
Category: Defacement
Content: The cvshare.ai website was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised site, indicating persistent unauthorized access to the victims web infrastructure.
Date: 2026-04-06T01:57:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830559
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: CVShare
Victim Site: cvshare.ai
Website defacement of Brilliant Elements USA by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The attacker spl1nt3r, affiliated with the m0z1ll4s team, defaced the brilliantelementsusa.com website on April 6, 2026. This was an isolated defacement targeting a single organization rather than a mass or repeat attack.
Date: 2026-04-06T01:56:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830562
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Brilliant Elements USA
Victim Site: brilliantelementsusa.com
Website defacement of kitup.co.uk by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: On April 6, 2026, attacker spl1nt3r from the m0z1ll4s team defaced the kitup.co.uk website, specifically targeting the customer addition functionality. The incident was documented and mirrored on zone-xsec.com.
Date: 2026-04-06T01:56:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830564
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kitup.co.uk
Website defacement of Instar by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The attacker spl1nt3r from the m0z1ll4s team successfully defaced a customer media page on the Instar website on April 6, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
Date: 2026-04-06T01:55:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830565
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instar
Victim Site: www.instar.com
Website defacement of indianstuffinusa.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website indianstuffinusa.com was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This represents a redefacement of a previously compromised retail website targeting an Indian goods retailer in the United States.
Date: 2026-04-06T01:55:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830567
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Retail/E-commerce
Victim Organization: Indian Stuff in USA
Victim Site: indianstuffinusa.com
Alleged CVV Carding Group Advertisement via Telegram
Category: Data Leak
Content: A forwarded message promotes a CVV benefits chat group, referencing carding-related activity. The post includes a Telegram handle (@nzccg001) associated with NeZha CVV Support, suggesting a carding or financial fraud operation offering stolen CVV data.
Date: 2026-04-06T01:55:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/59546
Screenshots:
None
Threat Actors: NeZha CVV Support
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Kamakshi Ambal Trust by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the Kamakshi Ambal Trust website on April 6, 2026. This was identified as a redefacement incident targeting the Indian religious organizations website.
Date: 2026-04-06T01:54:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830569
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Religious/Non-profit
Victim Organization: Kamakshi Ambal Trust
Victim Site: kamakshiambaltrust.org
Website defacement of Meenashi Group by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the Meenashi Group website on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T01:54:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830573
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Meenashi Group
Victim Site: meenashigroup.com
Website defacement of Riz Medical by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the healthcare website rizmedical.com was defaced by attacker Nicotine affiliated with the Umbra Community team. The defacement targeted a specific subdirectory of the medical organizations WordPress installation.
Date: 2026-04-06T01:47:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830448
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Riz Medical
Victim Site: rizmedical.com
Website defacement of 360degree.ngo by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community, through attacker Nicotine, successfully defaced the 360degree.ngo website on April 6, 2026. The attack targeted a non-governmental organizations WordPress installation.
Date: 2026-04-06T01:47:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830449
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Non-profit
Victim Organization: 360 Degree
Victim Site: 360degree.ngo
Website defacement of sheetal-s.com by Nicotine from Umbra Community
Category: Defacement
Content: On April 6, 2026, the website sheetal-s.com was defaced by an attacker known as Nicotine associated with the Umbra Community group. This was a targeted single-site defacement affecting the WordPress theme directory of the victim domain.
Date: 2026-04-06T01:46:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830453
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sheetal-s.com
Website defacement of NM Legal Service by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine defaced the NM Legal Service website on April 6, 2026. The attack targeted a legal services firms WordPress installation.
Date: 2026-04-06T01:46:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830459
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: NM Legal Service
Victim Site: nmlegalservice.com
Website defacement of oxygenconcentrator.online by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the oxygenconcentrator.online website on April 6, 2026. The target appears to be a healthcare-related site focused on oxygen concentrator equipment.
Date: 2026-04-06T01:45:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830460
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: oxygenconcentrator.online
Website defacement of allnextver.com.bd by Nicotine (Umbra Community)
Category: Defacement
Content: The website allnextver.com.bd was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This appears to be a single-target defacement incident affecting a Bangladeshi website.
Date: 2026-04-06T01:44:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830463
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: allnextver.com.bd
Website defacement of allnextver.expert by Nicotine (Umbra Community)
Category: Defacement
Content: The website allnextver.expert was defaced by threat actor Nicotine, associated with the Umbra Community group, on April 6, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-04-06T01:44:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830464
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: allnextver.expert
Website defacement of DraftAB Neuro Care by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the healthcare website draftabneurocare.com was defaced by threat actor Nicotine associated with the Umbra Community group. The attack targeted the WordPress content directory of the neurology care providers website.
Date: 2026-04-06T01:43:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830467
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: DraftAB Neuro Care
Victim Site: draftabneurocare.com
Website defacement of junaidbinjaman.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the website junaidbinjaman.com on April 6, 2026. The defacement targeted a WordPress installation as evidenced by the wp-content directory path.
Date: 2026-04-06T01:43:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830469
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: junaidbinjaman.com
Website defacement of sheikhmdrabiulislam.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the website sheikhmdrabiulislam.com on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T01:42:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830471
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sheikhmdrabiulislam.com
Website defacement of Uttam Associates by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the website of Uttam Associates, a Bangladeshi organization. The defacement occurred on April 6, 2026, targeting a WordPress installation on the victims domain.
Date: 2026-04-06T01:42:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830472
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Professional Services
Victim Organization: Uttam Associates
Victim Site: uttamassociates.com.bd
Website defacement of Jannat Fabrics by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine successfully defaced the Jannat Fabrics website on April 6, 2026. The attack targeted the companys WordPress content directory, compromising their web presence.
Date: 2026-04-06T01:41:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830473
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Textile/Manufacturing
Victim Organization: Jannat Fabrics
Victim Site: jannatfebrics.com
Website defacement of Jannat Fabrics by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Jannat Fabrics website on April 6, 2026. The defacement targeted a retail/textiles companys WordPress installation.
Date: 2026-04-06T01:41:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830474
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Textiles
Victim Organization: Jannat Fabrics
Victim Site: jannatfebrics.shop
Website defacement of Jannat Fabrics by Nicotine (Umbra Community)
Category: Defacement
Content: Nicotine from Umbra Community successfully defaced the Jannat Fabrics website on April 6, 2026. The attack targeted a WordPress installation on the textile companys website.
Date: 2026-04-06T01:40:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830475
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Textile/Manufacturing
Victim Organization: Jannat Fabrics
Victim Site: jannatfebrics2.com
Website defacement of progressivelcd.in by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the Progressive LCD website on April 6, 2026. The defacement targeted a specific directory within the WordPress content folder of the Indian technology companys website.
Date: 2026-04-06T01:39:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830476
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Technology
Victim Organization: Progressive LCD
Victim Site: progressivelcd.in
Website defacement of famiagency.com by Nicotine from Umbra Community
Category: Defacement
Content: The website famiagency.com was defaced on April 6, 2026 by an attacker known as Nicotine affiliated with the Umbra Community team. The defacement targeted a WordPress installation on the site.
Date: 2026-04-06T01:39:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830478
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Fami Agency
Victim Site: famiagency.com
Website defacement of Farooq Kitabghar by Nicotine (Umbra Community)
Category: Defacement
Content: Threat actor Nicotine from the Umbra Community group successfully defaced the website of Farooq Kitabghar, a Pakistani book publisher, on April 6, 2026. The defacement targeted the WordPress content directory of the organizations website.
Date: 2026-04-06T01:33:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830419
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Publishing/Books
Victim Organization: Farooq Kitabghar
Victim Site: farooqkitabghar.pk
Website defacement of asecret.shop by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the asecret.shop website on April 6, 2026. The defacement targeted what appears to be an e-commerce platform, with the attack affecting the WordPress theme directory structure.
Date: 2026-04-06T01:32:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830423
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: asecret.shop
Website defacement of Bornomala Academy by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the Bornomala Academy website on April 6, 2026. The educational institutions website was compromised and defaced as part of this cyber attack.
Date: 2026-04-06T01:32:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830424
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Bornomala Academy
Victim Site: bornomala.academy
Website defacement of pocketsandfriends.com by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the website pocketsandfriends.com was defaced by an attacker known as Nicotine affiliated with the Umbra Community team. The defacement targeted a specific WordPress content page rather than the homepage.
Date: 2026-04-06T01:31:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830426
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pockets and Friends
Victim Site: pocketsandfriends.com
Website defacement of keylicense.store by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the keylicense.store website on April 6, 2026. The attack targeted what appears to be a software licensing service provider.
Date: 2026-04-06T01:30:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830430
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Software Licensing
Victim Organization: KeyLicense
Victim Site: keylicense.store
Website defacement of apkwings.site by Nicotine (Umbra Community)
Category: Defacement
Content: The threat actor Nicotine from Umbra Community successfully defaced the APK Wings website on April 6, 2026. The attack targeted the WordPress theme directory of the mobile application download platform.
Date: 2026-04-06T01:30:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830431
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: APK Wings
Victim Site: apkwings.site
Website defacement of filmxstudio.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the filmxstudio.com website on April 6, 2026. The attack targeted what appears to be an entertainment industry website, with the defacement occurring on the main index page.
Date: 2026-04-06T01:29:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830437
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Film X Studio
Victim Site: filmxstudio.com
Website defacement of car accident attorney site by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced a car accident attorney website on April 6, 2026. This was a single site defacement targeting a legal services domain.
Date: 2026-04-06T01:28:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830439
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: caraccidentattorney.autos
Website defacement of lawthey.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine successfully defaced the lawthey.com website on April 6, 2026. The attack targeted what appears to be a legal services website through compromise of the WordPress themes directory.
Date: 2026-04-06T01:28:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830441
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: Law They
Victim Site: lawthey.com
Website defacement of Harikrishna Nutrition Center by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, through attacker Nicotine, successfully defaced the Harikrishna Nutrition Center website on April 6, 2026. This appears to be an isolated defacement targeting a healthcare/nutrition organization.
Date: 2026-04-06T01:27:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830445
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Nutrition
Victim Organization: Harikrishna Nutrition Center
Victim Site: harikrishnanutritioncenter.com
Alleged sale of credit card data with 2FA bypass capabilities
Category: Data Breach
Content: Threat actor advertising live credit cards for online purchases with 2FA bypass capabilities and high balance linkables. The actor is soliciting customers through multiple communication channels including Telegram and Signal for ongoing business relationships.
Date: 2026-04-06T01:23:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-LIVE-CC-CARDS-FOR-ONLINE-PURCHASE-2FA–199493
Screenshots:
None
Threat Actors: Checkky
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of eZhire car rental service
Category: Data Breach
Content: Threat actor claims to have compromised eZhire car rental service, allegedly obtaining 2 million customer records including government IDs, signatures, personal information, source code, API keys, and 1.3TB of data spanning from 2016 to 2026. The compromised data reportedly includes customers from multiple countries including UAE, Saudi Arabia, Bahrain, Qatar, Egypt, India, USA, Germany, Ukraine, and Russia.
Date: 2026-04-06T01:22:13Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-UAE-SA-Bahrain-Qatar-eZhire-Car-Rentals-IDS-SIGNATURES-PII-ORDERS
Screenshots:
None
Threat Actors: w1kkid
Victim Country: United Arab Emirates
Victim Industry: Transportation
Victim Organization: eZhire
Victim Site: Unknown
Website defacement of Become Marketing by Nicotine (Umbra Community)
Category: Defacement
Content: The marketing company Become Marketings website was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. The attack targeted a WordPress installation on the South African marketing firms domain.
Date: 2026-04-06T01:20:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830380
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: South Africa
Victim Industry: Marketing/Advertising
Victim Organization: Become Marketing
Victim Site: becomemarketing.co.za
Website defacement of jsscpmevents.com by Nicotine/Umbra Community
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced jsscpmevents.com on April 6, 2026. The attack targeted what appears to be an events or conference services website through a WordPress content directory.
Date: 2026-04-06T01:19:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830382
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Events/Conference Services
Victim Organization: JSSCP Events
Victim Site: jsscpmevents.com
Website defacement of businessdhundo.com by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the attacker Nicotine from the Umbra Community team defaced the businessdhundo.com website. The defacement targeted a specific directory path within the WordPress content folder rather than the main homepage.
Date: 2026-04-06T01:19:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830388
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Business/Commercial
Victim Organization: Business Dhundo
Victim Site: businessdhundo.com
Website defacement of Polimarket by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community member Nicotine successfully defaced the Polimarket website on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T01:18:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830391
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Polimarket
Victim Site: polimarket.in
Website defacement of ansbyameen.com by Nicotine (Umbra Community)
Category: Defacement
Content: Threat actor Nicotine affiliated with Umbra Community successfully defaced the ansbyameen.com website on April 6, 2026. The attack targeted a specific subdirectory within the WordPress content structure.
Date: 2026-04-06T01:17:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830392
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ansbyameen.com
Website defacement of Global Trendz by Nicotine (Umbra Community)
Category: Defacement
Content: The website globaltrendz.pk was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted a WordPress installation on the Pakistani domain.
Date: 2026-04-06T01:17:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830393
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Global Trendz
Victim Site: globaltrendz.pk
Website defacement of safa.pk by Nicotine (Umbra Community)
Category: Defacement
Content: The website safa.pk was defaced by the attacker Nicotine associated with the Umbra Community team on April 6, 2026. The attack targeted the WordPress theme directory of the site.
Date: 2026-04-06T01:16:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830395
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: safa.pk
Alleged leak of South Korean credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 252,000 email:password credentials allegedly from South Korea. The credentials are claimed to be fresh and high quality, sourced from April 5, 2026.
Date: 2026-04-06T01:14:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-25-2-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-South-Korea-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor claims to have valid Hotmail credentials available through private cloud storage and promotes contact via Telegram channel for access to the credential list.
Date: 2026-04-06T01:14:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71261/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor redcloud leaked a combolist containing 4,000 Hotmail email credentials through a MediaFire download link on CrackingX forum.
Date: 2026-04-06T01:13:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71262/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Swiss credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 41,000 email and password combinations allegedly from Swiss sources. The data is being distributed for free and promoted as fresh and high quality.
Date: 2026-04-06T01:05:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-41-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Switzerland-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Turkish credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing over 37,000 email:password combinations allegedly from Turkey. The data is being distributed for free and promoted as fresh and high quality.
Date: 2026-04-06T01:04:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-37-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Turkey-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Swedish email credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 29,000 email and password combinations allegedly originating from Sweden. The credentials are being distributed through a hidden forum post with additional content available via Telegram.
Date: 2026-04-06T01:03:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-29-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Sweden-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Taiwan credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 29,000 email and password combinations allegedly from Taiwan. The credentials are claimed to be fresh and high quality, distributed through a Telegram channel.
Date: 2026-04-06T01:03:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-29-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Taiwan-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email account access including Hotmail, Yahoo, and ATT across multiple countries
Category: Logs
Content: A threat actor is selling access to email accounts across multiple countries including US, UK, CA, DE, JP, NL, BR, PL, ES, IT, FR, BE, and AU. The offering includes Hotmail, Yahoo, ATT, and other email providers with inbox keyword searching features targeting services such as eBay, Amazon, Walmart, Uber, PSN, Booking, Poshmark, Alibaba, Mercari, Kleinanzeigen, and Neosurf. The seller claims to operate a private cloud and offers valid webmails including ntlworld. Requests are handled via direct message.
Date: 2026-04-06T01:02:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/59529
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spanish credentials combolist
Category: Combo List
Content: Threat actor shared a credential list containing over 264,000 email:password combinations allegedly from Spain, described as fresh and high quality. The combolist was distributed through a hidden content section requiring registration.
Date: 2026-04-06T00:53:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-264-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Spain-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Thai credentials
Category: Combo List
Content: Threat actor shared a combolist containing over 44,000 email:password combinations allegedly from Thailand. The credentials are claimed to be fresh and high quality, distributed through a cybercriminal forum.
Date: 2026-04-06T00:53:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-44-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Thailand-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 133 million credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 133 million URL:LOGIN:PASS credentials on a cybercrime forum. The post requires registration to access the full content and specific details about the data source.
Date: 2026-04-06T00:51:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71259/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs via ULP stealer malware
Category: Logs
Content: Threat actor thejackal101 shared 27.1 GB of compressed stealer logs containing credentials allegedly collected by ULP malware on April 5, 2026. The logs are being distributed for free through hidden content links and a Telegram channel.
Date: 2026-04-06T00:51:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-27-1-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-5-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of XP Solutions by Nicotine (Umbra Community)
Category: Defacement
Content: The website of XP Solutions, a Pakistani technology company, was defaced by an attacker named Nicotine affiliated with the Umbra Community group on April 6, 2026.
Date: 2026-04-06T00:42:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830375
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Technology
Victim Organization: XP Solutions
Victim Site: xpsolutions.pk
Website defacement of farmaceuticafl.com by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against pharmaceutical company Farmaceutica FLs website on April 6, 2026. This appears to be a repeat attack against the same target rather than an initial compromise.
Date: 2026-04-06T00:36:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830329
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Farmaceutica FL
Victim Site: farmaceuticafl.com
Website defacement of dendroicaerp.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website dendroicaerp.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-06T00:36:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830331
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dendroicaerp.com
Website defacement of dulceriaelaguila.site by Nicotine (Umbra Community)
Category: Defacement
Content: The website dulceriaelaguila.site was defaced by attacker Nicotine from the Umbra Community team on April 6, 2026. This appears to be a redefacement of a previously compromised site belonging to what appears to be a confectionery or sweet shop business.
Date: 2026-04-06T00:35:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830332
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Food Services
Victim Organization: Dulceria El Aguila
Victim Site: dulceriaelaguila.site
Website defacement of Edredones Ariel by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against Edredones Ariels website on April 6, 2026. The targeted site appears to be a bedding/textile retail business.
Date: 2026-04-06T00:34:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830333
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Commerce
Victim Organization: Edredones Ariel
Victim Site: edredonesariel.com
Website defacement of Multiservicios Balmon by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community hacker group member Nicotine conducted a redefacement attack against Multiservicios Balmons website on April 6, 2026. This appears to be a targeted attack rather than part of a mass defacement campaign.
Date: 2026-04-06T00:34:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830339
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Services
Victim Organization: Multiservicios Balmon
Victim Site: multiserviciosbalmon.com
Website defacement of mundomayavolando.com by Nicotine (Umbra Community)
Category: Defacement
Content: Website defacement targeting mundomayavolando.com conducted by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T00:33:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830341
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mundomayavolando.com
Website defacement of HT Kitchen Cabinets by Nicotine (Umbra Community)
Category: Defacement
Content: The website of HT Kitchen Cabinets was defaced by the attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted a Canadian kitchen cabinet companys website.
Date: 2026-04-06T00:27:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830294
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Home Improvement/Kitchen Design
Victim Organization: HT Kitchen Cabinets
Victim Site: htkitchencabinets.ca
Website defacement of labsatbitquark.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the BitQuark Labs website on April 6, 2026. The incident targeted a technology research organizations web presence.
Date: 2026-04-06T00:26:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830295
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Research
Victim Organization: BitQuark Labs
Victim Site: labsatbitquark.com
Website defacement of Lamora Furnishings by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine defaced the website of Canadian furniture retailer Lamora Furnishings on April 6, 2026. The attack targeted the companys index page and was archived on zone-xsec.com.
Date: 2026-04-06T00:26:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830296
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail/Furniture
Victim Organization: Lamora Furnishings
Victim Site: lamorafurnishings.ca
Website defacement of Marie Collection Store by Nicotine (Umbra Community)
Category: Defacement
Content: The retail website mariecollectionstore.ca was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. This appears to be a targeted single-site defacement of a Canadian e-commerce store.
Date: 2026-04-06T00:25:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830297
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail/E-commerce
Victim Organization: Marie Collection Store
Victim Site: mariecollectionstore.ca
Website defacement of Master Tech Mechanical by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Master Tech Mechanical was defaced by an attacker known as Nicotine affiliated with the Umbra Community group on April 6, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-06T00:25:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830298
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Mechanical Services
Victim Organization: Master Tech Mechanical
Victim Site: mastertechmechanical.com
Website defacement of Shan Blinds Ltd Calgary by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Shan Blinds Ltd Calgary was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This appears to be a targeted single-site defacement of a Canadian window blinds company.
Date: 2026-04-06T00:24:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830302
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Manufacturing/Retail
Victim Organization: Shan Blinds Ltd Calgary
Victim Site: shanblindsltdcalgary.ca
Website defacement of Shinwari Karahi YYC by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Shinwari Karahi YYC, a restaurant in Calgary, Canada, was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026.
Date: 2026-04-06T00:23:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830303
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Food Service
Victim Organization: Shinwari Karahi YYC
Victim Site: shinwarikarahiyyc.ca
Website defacement of Style Finishing Carpentry by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Style Finishing Carpentry, a Canadian carpentry services company, was defaced by the attacker Nicotine associated with the Umbra Community group on April 6, 2026. This appears to be an isolated defacement targeting a single commercial website.
Date: 2026-04-06T00:23:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830304
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Construction/Carpentry Services
Victim Organization: Style Finishing Carpentry
Victim Site: stylefinishingcarpentary.ca
Website defacement of Sura Market by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the Sura Market website on April 6, 2026. The defacement targeted the index.txt file of the Canadian retail website.
Date: 2026-04-06T00:22:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830305
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail/E-commerce
Victim Organization: Sura Market
Victim Site: suramarket.ca
Website defacement of surapayment.ca by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine, associated with Umbra Community, defaced the surapayment.ca website on April 6, 2026. The incident targeted what appears to be a Canadian payment services company.
Date: 2026-04-06T00:22:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830306
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Financial Services
Victim Organization: Sura Payment
Victim Site: surapayment.ca
Website defacement of The Luxe Homes by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the website theluxehomes.ca was defaced by an attacker known as Nicotine associated with the Umbra Community team. The defacement targeted a Canadian real estate companys website.
Date: 2026-04-06T00:21:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830307
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Real Estate
Victim Organization: The Luxe Homes
Victim Site: theluxehomes.ca
Website defacement of Kancelaria Ropinski law firm by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community member Nicotine conducted a redefacement attack against the Polish law firm Kancelaria Ropinskis website on April 6, 2026. This marks a repeat compromise of the same target, indicating persistent vulnerabilities in the victims web infrastructure.
Date: 2026-04-06T00:21:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830316
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Poland
Victim Industry: Legal Services
Victim Organization: Kancelaria Ropinski
Victim Site: kancelariaropinski.pl
Website defacement of opiekundlaseniora.pl by Nicotine from Umbra Community
Category: Defacement
Content: The website opiekundlaseniora.pl was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised senior care services website.
Date: 2026-04-06T00:20:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830317
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Poland
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: opiekundlaseniora.pl
Website defacement of webfarming.pl by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group conducted a redefacement of the Polish web services company WebFarmings website on April 6, 2026. This represents a repeated attack on the same target rather than an initial compromise.
Date: 2026-04-06T00:19:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830319
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Poland
Victim Industry: Technology
Victim Organization: WebFarming
Victim Site: webfarming.pl
Website defacement of themedekho.com by Nicotine from Umbra Community
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against themedekho.com on April 6, 2026. This appears to be a targeted single-site defacement rather than a mass attack campaign.
Date: 2026-04-06T00:19:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830320
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Web Development
Victim Organization: TheMeDekho
Victim Site: themedekho.com
Website defacement of Kerala Astrologers by Nicotine (Umbra Community)
Category: Defacement
Content: The Kerala Astrologers website was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised site rather than an initial attack.
Date: 2026-04-06T00:18:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830321
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Astrology Services
Victim Organization: Kerala Astrologers
Victim Site: keralaastrologers.org
Website defacement of viacaopedranegra.com.br by Nicotine/Umbra Community
Category: Defacement
Content: Brazilian website viacaopedranegra.com.br was defaced by attacker Nicotine from the Umbra Community team on April 6, 2026. This was identified as a redefacement incident, indicating the site had been previously compromised.
Date: 2026-04-06T00:18:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830326
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: viacaopedranegra.com.br
Website defacement of AG Digital Marketing by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community conducted a redefacement of AG Digital Marketings website on April 6, 2026. This represents a repeated compromise of the same target rather than an initial breach.
Date: 2026-04-06T00:12:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830251
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Digital Marketing
Victim Organization: AG Digital Marketing
Victim Site: agdigitalmarketing.in
Website defacement of The Bliss International Spa by Nicotine (Umbra Community)
Category: Defacement
Content: Threat actor Nicotine from the Umbra Community group conducted a redefacement attack against The Bliss International Spas website on April 6, 2026. This incident represents a repeat targeting of the victims web infrastructure.
Date: 2026-04-06T00:11:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830277
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Wellness
Victim Organization: The Bliss International Spa
Victim Site: theblissinternationalspa.com
Website defacement of 6-Eight convenience store by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the website of 6-Eight Convenience Store was defaced by an attacker named Nicotine, affiliated with the Umbra Community group. The defacement targeted a Canadian retail business website.
Date: 2026-04-06T00:10:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830279
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail
Victim Organization: 6-Eight Convenience Store
Victim Site: 6-eightconveniencestore.ca
Website defacement of BitQuark Technologies by Nicotine (Umbra Community)
Category: Defacement
Content: The website of BitQuark Technologies was defaced on April 6, 2026 by an attacker named Nicotine associated with the Umbra Community group. The defacement targeted the companys main index page.
Date: 2026-04-06T00:10:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830282
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BitQuark Technologies
Victim Site: bitquarktechnologies.com
Website defacement of bloomingsteps.ca by Nicotine (Umbra Community)
Category: Defacement
Content: The website bloomingsteps.ca was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted the index.txt file of the victims website.
Date: 2026-04-06T00:09:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830283
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Blooming Steps
Victim Site: bloomingsteps.ca
Website defacement of Dazzling Home Decor by Nicotine (Umbra Community)
Category: Defacement
Content: The website dazzlinghomedecor.ca was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted a Canadian home decor retail website.
Date: 2026-04-06T00:09:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830285
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail/Home Decor
Victim Organization: Dazzling Home Decor
Victim Site: dazzlinghomedecor.ca
Website defacement of Dhillon Medical Store by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the website of Dhillon Medical Store, an Indian healthcare/pharmaceutical business, on April 6, 2026.
Date: 2026-04-06T00:08:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830287
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Dhillon Medical Store
Victim Site: dhillonmedicalstore.in
Website defacement of Fresh Cutz Hair Studio by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Fresh Cutz Hair Studio, a Canadian hair salon, was defaced by an attacker using the handle Nicotine associated with the Umbra Community group on April 6, 2026.
Date: 2026-04-06T00:07:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830290
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Beauty and Personal Care
Victim Organization: Fresh Cutz Hair Studio
Victim Site: freshcutzhairstudio.ca
Website defacement of Green Pizza by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Green Pizza, a Canadian food service business, was defaced by an attacker known as Nicotine, affiliated with the Umbra Community group on April 6, 2026.
Date: 2026-04-06T00:07:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830292
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Food Service
Victim Organization: Green Pizza
Victim Site: greenpizza.ca
Website defacement of Titan Global Trading by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Titan Global Trading website on April 6, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-06T00:01:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830239
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Trading/Commerce
Victim Organization: Titan Global Trading
Victim Site: titanglobaltrading.com

Related Posts

[January-08-2026] Daily Cybersecurity Threat Report

[February-5-2026] Daily Cybersecurity Threat Report

[March-11-2026] Daily Cybersecurity Threat Report